Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Nur noch Desktop Hintergrund-Bild oder weißer Bildschirm zu sehen (https://www.trojaner-board.de/134464-nur-noch-desktop-hintergrund-bild-weisser-bildschirm-sehen.html)

romulus 04.05.2013 13:21
Nur noch Desktop Hintergrund-Bild oder weißer Bildschirm zu sehen
 
Hallo Trojaner-Board Team,

vielen Dank im Voraus für die Unterstützung.

Mein PC Problem ist verwandt mit dem Thema"weißer Desktop nach Anmeldung" v. User Schnitzel87 Link http://www.trojaner-board.de/132331-...anmeldung.html

Was bei mir anders ist:
Die Symptome sind gleich, nach dem Neustart und Login wir nur mein Bildschirm-Hintergrund-Bild gezeigt oder eben ein weißes Bildschirm. Task-Fenster bleibt unsichtbar. Während des Shut down sieht man was offen war.

Ein weiteres Problem: USB Stick wird am Arbeitsplatz nicht dargestellt, wenn ich versuche mit Notepad die Buchstabe des USB Laufwerks zu finden.
Problem umgangen: CD als USB Flash gebrannt und OTL und die übrigen im o.g. Thema benötigten Tools darauf gebrannt.

OTL Log mit Benutze SafeList und Scanne alle Benutzer ausgeführt. Logs anbei.

Ich habe die übrigen Schritte noch nicht befolgt, da ich vermute, dass ich ein individuelles Fix von Euch benötige damit mein infiziertes Rechner entsperrt ist und ich im Normal Modus starten kann.

So, ich hoffe, dass ich an alles gedacht habe ansonsten einfach per E-Mail oder PM melden.

Vielen Dank und beste Grüße
romulus


Code:
OTL Extras logfile created on: 04.05.2013 12:39:44 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = e:\
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
11,99 Gb Total Physical Memory | 11,01 Gb Available Physical Memory | 91,78% Memory free
29,61 Gb Paging File | 28,99 Gb Available in Paging File | 97,91% Paging File free
Paging file location(s): c:\pagefile.sys 18417 18417 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,51 Gb Total Space | 452,88 Gb Free Space | 48,62% Space Free | Partition Type: NTFS
Drive D: | 5,41 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive E: | 702,81 Mb Total Space | 654,42 Mb Free Space | 93,11% Space Free | Partition Type: UDF
Drive J: | 14,91 Gb Total Space | 0,97 Gb Free Space | 6,49% Space Free | Partition Type: FAT32
 
Computer Name: JUSTPC | User Name: Tkhoygan | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3381971859-1467835855-1895993161-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"AntiVirusDisableNotify" = 0
"AntiSpyWareDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = C2 FE 8D 6A DC 5B C8 01  [binary data]
"VistaSp2" = 9C B1 38 E5 1B 35 CA 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3381971859-1467835855-1895993161-1000]
"EnableNotificationsRef" = 2
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== Firewall Settings ==========
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{26A24AE4-039D-4CA4-87B4-2F86417011FF}" = Java 7 Update 11 (64-bit)
"{43D5D50E-DA81-4455-911E-B27F2B38B0FE}" = Foxit PDF IFilter
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software 8.00
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.23.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.58
"doPDF 7 printer_is1" = doPDF 7.1 printer
"DriverAgent.exe" = DriverAgent by eSupport.com
"GPL Ghostscript 8.64" = GPL Ghostscript 8.64
"maxdome - Online Videothek" = maxdome - Online Videothek
"Meine Dienste Software" = Meine Dienste Software
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"sp6" = Logitech SetPoint 6.32
"UltSounds" = Windows-Soundschemas
"UltSounds2" = Ultimate Extras sounds from Microsoft® Tinker™
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02F0B8AE-7501-4333-AFBE-6BAABFEC7637}" = WISO Steuer-Sparbuch 2011
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0CC1DAFB-40C8-4903-953D-471E541477C7}" = WISO Steuer-Sparbuch 2012
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}" = Sound Blaster X-Fi
"{19C64880-BBCA-11D4-9EEE-0004ACDDDB3B}" = CyberLink InstantBurn
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = LifeFrame2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Hi-Def Suite
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2BF9702B-52EE-4841-83C4-B5E640B6C97A}" = Media Go
"{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}" = BD/HD Advisor 1.0
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
"{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}" = Titan Quest
"{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{46B70DEB-97B3-4E38-B746-EC16905E6A8F}" = WISO Sparbuch 2010
"{46EDCFA5-7EDB-46A9-B093-1C6237470CEC}" = 3DMark 11
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A57592C-FF92-4083-97A9-92783BD5AFB4}" = ASUS USB2.0 Webcam
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}" = Batman: Arkham Asylum
"{532F6E8A-AF97-41C3-915F-39F718EC07D1}" = ASUS GPU Tweak
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE)
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG ODD Auto Firmware Update
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}" = AION Free-To-Play
"{6E36A172-06FB-4BC8-B7FC-D30D219E6776}" = Tom Clancy's H.A.W.X
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{745D37C2-26F4-4B65-BA13-F9840EBFA75B}" = Might & Magic Heroes VI
"{76F76BFC-B58E-41A6-B8A4-A861DA51C594}" = hpg2410QFolder
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7E5CDECB-726B-4581-BA8C-5B11148C3FA5}" = G Data TotalCare 2012
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8DA06234-6608-416E-A632-5EF43AE2DCF5}" = hpg2410
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}" = Assassin's Creed (R) III
"{A0AFB64E-79E1-45BF-BA6C-18C21E007D8E}" = Age of Wushu
"{A4F094CE-9B05-FB0C-DD73-A85DE5D8D283}" = Media Go Video Playback Engine 1.92.162.06140
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A7BC02AF-1128-4A31-BCF8-1A3EE803D3B3}" = SweetIM Toolbar for Internet Explorer 4.2
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{ADD5DB49-72CF-11D8-9D75-000129760D75}" = PowerBackup
"{B1AAE4BF-C98E-467E-94C7-4E1F51DD86E0}" = Darkspore™
"{B48E264C-C8CD-4617-B0BE-46E977BAD694}" = ANNO 2070
"{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}" = Titan Quest Immortal Throne
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B96DB037-DBEA-4186-9081-9CBD537F82E8}" = 3D-Viewer-innoplus
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C8BCC14C-2807-4C2D-A659-843427BF82E2}" = TopSecret Biometrics Components
"{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{D08A5DFE-F0C2-74FC-DD56-A3B371E9344D}" = EA Shared Game Component: Activation
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DC48E09D-4E5F-4039-B93A-FCED36EFBE55}" = Adobe Flash Player 11 ActiveX
"{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update
"{DFE02C0F-FB51-4259-949F-2FA842164CEF}" = PixRecovery 3.0.36996.1
"{E1845F1C-068C-F8F4-D31D-D3540D47C453}" = Adobe Download Assistant
"{E948B551-08DB-4163-8995-8C43B03D1B19}" = maxdome Download Manager 4.1.300.78
"{EB1B8449-CD8F-485B-ADB6-02FBCFE180D3}" = Razer DeathAdder(TM) Mouse
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EFC1B3CA-9B90-458D-AD7A-A0F2CD6F4A84}" = Realtek Card Reader
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.136
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.15
"ArtistScope Plugin FX4.2.0.3" = ArtistScope Plugin FX
"AudioCS" = Creative Audio-Systemsteuerung
"Bejeweled 3" = Bejeweled 3 (entfernen)
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"com.ea.Activation.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Shared Game Component: Activation
"Console Launcher" = Creative Konsole Starter
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"Creative Volume Panel" = Lautstärkefenster
"Desktop Media_is1" = Desktop Media 1.7
"Diablo III" = Diablo III
"DriverCleanerDotNET" = Driver Cleaner.NET
"EADM" = EA Download Manager
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.8
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 4.2.21.524
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.38.517
"Google Chrome" = Google Chrome
"Guild Wars 2" = Guild Wars 2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{532F6E8A-AF97-41C3-915F-39F718EC07D1}" = ASUS GPU Tweak
"InstallShield_{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}" = AION Free-To-Play
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.1.0 (Full)
"Kremlin" = Kremlin
"Marvell Miniport Driver" = Marvell Miniport Driver
"Mozilla Firefox 20.0.1 (x86 en-US)" = Mozilla Firefox 20.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NCLauncher_GameForge" = NC Launcher (GameForge)
"NFR" = Nasty File Remover v0.72 (remove only)
"OpenAL" = OpenAL
"PDF Reader 3" = PDF Reader 3
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PunkBusterSvc" = PunkBuster Services
"Smart Recorder" = Creative Smart Recorder
"StarCraft II" = StarCraft II
"Steam App 200510" = XCOM: Enemy Unknown
"Steam App 570" = Dota 2
"Steam App 72850" = The Elder Scrolls V: Skyrim
"SystemRequirementsLab" = System Requirements Lab
"TomTom HOME" = TomTom HOME 2.7.6.2056
"Trine_is1" = Trine 1.08
"Trusted Software Assistant_is1" = File Type Assistant
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 2.0.6
"WaveStudio 7" = Creative WaveStudio 7
"WebMoney Agent" = WebMoney Agent
"WheelMouse" = iOfficeWorks 7.64
"WinLiveSuite_Wave3" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
"Xfire" = Xfire (remove only)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3381971859-1467835855-1895993161-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Play65" = Play65
"soe-DC Universe Online PSG" = DC Universe Online PSG
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 19.07.2011 12:59:34 | Computer Name = JustPC | Source = WinMgmt | ID = 10
Description =
 
Error - 20.07.2011 13:50:09 | Computer Name = JustPC | Source = WinMgmt | ID = 10
Description =
 
Error - 21.07.2011 11:13:07 | Computer Name = JustPC | Source = WinMgmt | ID = 10
Description =
 
Error - 22.07.2011 14:18:13 | Computer Name = JustPC | Source = WinMgmt | ID = 10
Description =
 
Error - 23.07.2011 03:57:21 | Computer Name = JustPC | Source = WinMgmt | ID = 10
Description =
 
Error - 24.07.2011 04:01:35 | Computer Name = JustPC | Source = WinMgmt | ID = 10
Description =
 
Error - 25.07.2011 14:27:57 | Computer Name = JustPC | Source = WinMgmt | ID = 10
Description =
 
Error - 26.07.2011 14:44:05 | Computer Name = JustPC | Source = WinMgmt | ID = 10
Description =
 
Error - 27.07.2011 12:41:16 | Computer Name = JustPC | Source = WinMgmt | ID = 10
Description =
 
Error - 28.07.2011 12:32:29 | Computer Name = JustPC | Source = WinMgmt | ID = 10
Description =
 
[ OSession Events ]
Error - 19.02.2011 05:50:57 | Computer Name = JustPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 17
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 30.11.2011 16:29:52 | Computer Name = JustPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6611.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 7
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 04.05.2013 04:46:12 | Computer Name = JustPC | Source = Service Control Manager | ID = 7001
Description =
 
Error - 04.05.2013 04:46:12 | Computer Name = JustPC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 04.05.2013 04:51:59 | Computer Name = JustPC | Source = DCOM | ID = 10005
Description =
 
Error - 04.05.2013 04:51:59 | Computer Name = JustPC | Source = Service Control Manager | ID = 7001
Description =
 
Error - 04.05.2013 04:51:59 | Computer Name = JustPC | Source = DCOM | ID = 10005
Description =
 
Error - 04.05.2013 04:51:59 | Computer Name = JustPC | Source = DCOM | ID = 10005
Description =
 
Error - 04.05.2013 04:51:59 | Computer Name = JustPC | Source = DCOM | ID = 10005
Description =
 
Error - 04.05.2013 04:53:08 | Computer Name = JustPC | Source = Service Control Manager | ID = 7001
Description =
 
Error - 04.05.2013 05:27:36 | Computer Name = JustPC | Source = DCOM | ID = 10005
Description =
 
Error - 04.05.2013 05:27:37 | Computer Name = JustPC | Source = DCOM | ID = 10005
Description =
 
[ TuneUp Events ]
Error - 11.12.2010 14:08:31 | Computer Name = JustPC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
 
Error - 12.12.2010 05:00:07 | Computer Name = JustPC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
 
Error - 13.12.2010 15:55:29 | Computer Name = JustPC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
 
Error - 14.12.2010 15:42:31 | Computer Name = JustPC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
 
Error - 15.12.2010 14:47:03 | Computer Name = JustPC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
 
Error - 15.12.2010 15:34:08 | Computer Name = JustPC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
 
Error - 16.12.2010 15:04:46 | Computer Name = JustPC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
 
Error - 17.12.2010 18:26:16 | Computer Name = JustPC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
 
Error - 18.12.2010 06:49:14 | Computer Name = JustPC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
 
Error - 19.12.2010 06:01:48 | Computer Name = JustPC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
 
 
< End of report >

romulus 04.05.2013 13:25
Anbei Teil 2 des OTL Reports

OTL Logfile:
Code:
OTL logfile created on: 04.05.2013 12:39:44 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = e:\
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
11,99 Gb Total Physical Memory | 11,01 Gb Available Physical Memory | 91,78% Memory free
29,61 Gb Paging File | 28,99 Gb Available in Paging File | 97,91% Paging File free
Paging file location(s): c:\pagefile.sys 18417 18417 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,51 Gb Total Space | 452,88 Gb Free Space | 48,62% Space Free | Partition Type: NTFS
Drive D: | 5,41 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive E: | 702,81 Mb Total Space | 654,42 Mb Free Space | 93,11% Space Free | Partition Type: UDF
Drive J: | 14,91 Gb Total Space | 0,97 Gb Free Space | 6,49% Space Free | Partition Type: FAT32
 
Computer Name: JUSTPC | User Name: Tkhoygan | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.05.04 10:37:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- e:\OTL.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.05.29 13:09:50 | 000,035,680 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2008.01.21 04:50:23 | 000,195,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.04.19 23:10:50 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.04.12 01:50:34 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.03.15 07:53:06 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013.03.09 11:19:53 | 000,075,136 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013.02.28 19:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.12.17 16:46:50 | 000,137,488 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2012.05.29 13:09:52 | 002,143,072 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012.05.29 13:09:50 | 000,029,024 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2012.01.18 14:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2012.01.17 12:24:10 | 000,055,296 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\ASGT.exe -- (ASGT)
SRV - [2011.11.16 18:23:44 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2011.10.28 15:43:51 | 001,498,616 | ---- | M] (G Data Software AG) [On_Demand | Stopped] -- C:\Program Files (x86)\G Data\TotalCare\AVKBackup\AVKBackupService.exe -- (GDBackupSvc)
SRV - [2011.10.28 15:36:53 | 001,506,824 | ---- | M] (G Data Software AG) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe -- (AVKProxy)
SRV - [2011.10.28 15:36:11 | 000,457,536 | ---- | M] (G Data Software AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe -- (GDScan)
SRV - [2011.10.28 03:41:08 | 002,191,808 | ---- | M] (G Data Software AG) [Auto | Stopped] -- C:\Program Files (x86)\G Data\TotalCare\AVK\AVKWCtlx64.exe -- (AVKWCtl)
SRV - [2011.09.27 21:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2011.08.17 15:00:02 | 000,464,392 | ---- | M] (G Data Software AG) [Auto | Stopped] -- C:\Program Files (x86)\G Data\TotalCare\AVK\AVKService.exe -- (AVKService)
SRV - [2011.08.10 14:21:12 | 001,556,816 | ---- | M] (G Data Software AG) [On_Demand | Stopped] -- C:\Program Files (x86)\G Data\TotalCare\Firewall\GDFwSvcx64.exe -- (GDFwSvc)
SRV - [2011.07.28 03:43:48 | 001,070,072 | ---- | M] (G Data Software AG) [On_Demand | Stopped] -- C:\Program Files (x86)\G Data\TotalCare\AVKTuner\AVKTunerService.exe -- (GDTunerSvc)
SRV - [2010.08.24 11:38:18 | 000,092,008 | ---- | M] (TomTom) [On_Demand | Stopped] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.12.31 13:19:45 | 000,266,240 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\CSHelper.exe -- (CSHelper)
SRV - [2009.09.06 12:21:15 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009.08.19 20:56:38 | 000,090,112 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Stopped] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.05.01 17:57:50 | 000,077,032 | ---- | M] (Entriq, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\maxdome\DCBin\DCService.exe -- (Prosieben)
SRV - [2009.03.30 06:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.02.23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Stopped] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2008.04.07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [Disabled | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.12.19 07:41:52 | 000,194,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012.02.29 15:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.11.03 23:01:09 | 000,053,112 | ---- | M] (G Data Software AG) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\HookCentre.sys -- (HookCentre)
DRV:64bit: - [2011.11.03 23:00:57 | 000,111,992 | ---- | M] (G Data Software AG) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\MiniIcpt.sys -- (GDMnIcpt)
DRV:64bit: - [2011.11.03 23:00:57 | 000,065,912 | ---- | M] (G Data Software AG) [Kernel | System | Stopped] -- C:\Windows\SysNative\DRIVERS\gdwfpcd64.sys -- (gdwfpcd)
DRV:64bit: - [2011.11.03 23:00:57 | 000,050,552 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\GDBehave.sys -- (GDBehave)
DRV:64bit: - [2011.09.17 18:24:10 | 000,106,648 | ---- | M] (G Data Software) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\GRD.sys -- (GRD)
DRV:64bit: - [2011.09.11 20:38:38 | 000,059,256 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PktIcpt.sys -- (GDPkIcpt)
DRV:64bit: - [2011.09.02 08:30:46 | 000,042,776 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\LUsbFilt.Sys -- (LUsbFilt)
DRV:64bit: - [2011.09.02 08:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011.09.02 08:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011.08.05 11:00:07 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2011.08.05 11:00:07 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2011.02.17 11:41:00 | 000,388,896 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV:64bit: - [2010.11.09 16:35:24 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2010.10.01 00:16:34 | 000,013,312 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VKbms.sys -- (VKbms)
DRV:64bit: - [2010.09.29 20:45:22 | 000,006,656 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\hidkmdf.sys -- (hidkmdf)
DRV:64bit: - [2010.05.05 21:30:52 | 001,561,688 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
DRV:64bit: - [2010.05.05 21:30:42 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2010.05.05 21:30:34 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2010.05.05 21:30:26 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2010.05.05 21:30:18 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2010.05.05 21:30:10 | 000,684,376 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k)
DRV:64bit: - [2010.05.05 21:30:02 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2010.05.05 21:29:52 | 001,417,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.SYS -- (CTEXFIFX.SYS)
DRV:64bit: - [2010.05.05 21:29:52 | 001,417,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.SYS -- (CTEXFIFX)
DRV:64bit: - [2010.05.05 21:29:42 | 000,094,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.SYS -- (CTHWIUT.SYS)
DRV:64bit: - [2010.05.05 21:29:42 | 000,094,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.SYS -- (CTHWIUT)
DRV:64bit: - [2010.05.05 21:29:34 | 000,202,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.SYS -- (CT20XUT.SYS)
DRV:64bit: - [2010.05.05 21:29:34 | 000,202,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.SYS -- (CT20XUT)
DRV:64bit: - [2010.04.27 04:25:16 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ss_bmdm.sys -- (ss_bmdm)
DRV:64bit: - [2010.04.27 04:25:16 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ss_bmdfl.sys -- (ss_bmdfl)
DRV:64bit: - [2010.04.25 18:39:40 | 000,310,728 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt)
DRV:64bit: - [2010.04.25 18:39:40 | 000,042,696 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010.02.24 12:20:40 | 000,191,616 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11)
DRV:64bit: - [2010.02.23 08:46:36 | 000,023,680 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IOMap64.sys -- (IOMap)
DRV:64bit: - [2009.03.20 11:01:30 | 000,116,224 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ss_bbus.sys -- (ss_bbus)
DRV:64bit: - [2008.05.19 13:44:00 | 001,137,152 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\athrx.sys -- (athr)
DRV:64bit: - [2008.02.22 18:54:00 | 000,019,496 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GearAspiWDM)
DRV:64bit: - [2008.01.21 04:46:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\serscan.sys -- (StillCam)
DRV:64bit: - [2007.09.17 15:53:34 | 000,029,184 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2007.07.26 04:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2007.06.04 18:11:16 | 000,024,824 | ---- | M] (Cyberlink Co.,Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\CLBStor.sys -- (CLBStor)
DRV:64bit: - [2007.06.04 18:11:10 | 000,369,912 | ---- | M] (CyberLink Corporation.) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\CLBUDF.sys -- (CLBUDF)
DRV:64bit: - [2007.04.23 20:12:44 | 000,739,760 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BisonCam.sys -- (Cam5603D)
DRV:64bit: - [2007.03.05 11:58:37 | 000,363,320 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEDSPSY.DLL -- (CTEDSPSY.DLL)
DRV:64bit: - [2007.03.05 11:58:29 | 000,190,264 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEDSPIO.DLL -- (CTEDSPIO.DLL)
DRV:64bit: - [2007.03.05 11:58:24 | 000,142,136 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTERFXFX.DLL -- (CTERFXFX.DLL)
DRV:64bit: - [2007.03.05 11:58:18 | 000,321,848 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEDSPFX.DLL -- (CTEDSPFX.DLL)
DRV:64bit: - [2007.03.05 11:58:12 | 000,219,448 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEAPSFX.DLL -- (CTEAPSFX.DLL)
DRV:64bit: - [2007.03.05 11:58:07 | 000,681,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTSBLFX.DLL -- (CTSBLFX.DLL)
DRV:64bit: - [2007.03.05 11:58:01 | 000,700,216 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTAUDFX.DLL -- (CTAUDFX.DLL)
DRV:64bit: - [2007.03.05 11:57:52 | 000,157,496 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\COMMONFX.DLL -- (COMMONFX.DLL)
DRV:64bit: - [2006.11.01 00:23:42 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor)
DRV - [2012.02.09 12:48:24 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2011.05.20 17:05:10 | 000,021,712 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\DrvAgent64.SYS -- (DrvAgent64)
DRV - [2011.03.01 18:43:34 | 000,146,928 | ---- | M] (CyberLink Corp.) [2011/01/02 14:30:24] [Kernel | Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\000.fcl -- ({B154377D-700F-42cc-9474-23858FBDF4BD})
DRV - [2009.03.31 10:39:36 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2005.01.07 17:34:54 | 000,486,766 | ---- | M] () [File_System | Auto | Stopped] -- C:\Windows\CLBUDF.tbl -- (CLBUDF)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3381971859-1467835855-1895993161-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.maxdome.de/#
IE - HKU\S-1-5-21-3381971859-1467835855-1895993161-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3381971859-1467835855-1895993161-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-3381971859-1467835855-1895993161-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 79 77 6A E6 FF AF CA 01  [binary data]
IE - HKU\S-1-5-21-3381971859-1467835855-1895993161-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3381971859-1467835855-1895993161-1000\..\SearchScopes,DefaultScope = {7F0AE4D7-BE8F-4736-9A67-80A1F638A96F}
IE - HKU\S-1-5-21-3381971859-1467835855-1895993161-1000\..\SearchScopes\{7F0AE4D7-BE8F-4736-9A67-80A1F638A96F}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-3381971859-1467835855-1895993161-1000\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}
IE - HKU\S-1-5-21-3381971859-1467835855-1895993161-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "SweetIM Search"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: extension%40hidemyass.com:1.2.7
FF - prefs.js..extensions.enabledAddons: youtube2mp3%40mondayx.de:1.2.3
FF - prefs.js..extensions.enabledAddons: %7Bd91a2be6-3b56-4dfb-97f5-5e48fe3ed473%7D:1.0
FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170633FE}:21.1.10084.997
FF - prefs.js..extensions.enabledItems: sammelfreund@webmiles.de:1.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7
FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.6
FF - prefs.js..keyword.URL: "hxxp://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..network.proxy.http: "93.174.93.98"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "Bing"
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "hxxp://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://google.de"
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@artistscope.com/ArtistScope DRM plugin 1,version=1.1.0.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npArtistScopeDRM11.dll (ArtistScope)
FF - HKLM\Software\MozillaPlugins\@artistscope.com/ArtistScope plugin 42,version=4.2.0.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npArtistScope42.dll (ArtistScope)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@innoplus.de/ino3DViewer: C:\Program Files (x86)\innoplus\3D-Viewer-innoPlus\npIno3DViewer.dll (INNOVA-engineering GmbH Dresden)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@artistscope.com/ArtistScope DRM plugin 1,version=1.1.0.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npArtistScopeDRM11.dll (ArtistScope)
FF - HKCU\Software\MozillaPlugins\@artistscope.com/ArtistScope plugin 42,version=4.2.0.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npArtistScope42.dll (ArtistScope)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Tkhoygan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.12 01:50:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.12 01:50:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.12 01:50:34 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.12 01:50:30 | 000,000,000 | ---D | M]
 
[2010.04.02 14:31:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tkhoygan\AppData\Roaming\mozilla\Extensions
[2010.04.02 14:31:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tkhoygan\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2013.02.25 00:18:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tkhoygan\AppData\Roaming\mozilla\Firefox\Profiles\0l2dx2ys.default\extensions
[2013.02.25 00:18:35 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Tkhoygan\AppData\Roaming\mozilla\Firefox\Profiles\0l2dx2ys.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.09.08 19:39:21 | 000,000,000 | ---D | M] (CSHelper) -- C:\Users\Tkhoygan\AppData\Roaming\mozilla\Firefox\Profiles\0l2dx2ys.default\extensions\{d91a2be6-3b56-4dfb-97f5-5e48fe3ed473}
[2012.12.03 00:52:20 | 000,000,000 | ---D | M] ([verify-U]-Add-on) -- C:\Users\Tkhoygan\AppData\Roaming\mozilla\Firefox\Profiles\0l2dx2ys.default\extensions\verify-u_2@cybits.de
[2012.05.23 20:45:37 | 000,053,803 | ---- | M] () (No name found) -- C:\Users\Tkhoygan\AppData\Roaming\mozilla\firefox\profiles\0l2dx2ys.default\extensions\extension@hidemyass.com.xpi
[2013.01.20 23:53:59 | 000,026,621 | ---- | M] () (No name found) -- C:\Users\Tkhoygan\AppData\Roaming\mozilla\firefox\profiles\0l2dx2ys.default\extensions\verify-u@cybits.de.xpi
[2011.09.09 23:03:39 | 000,011,510 | ---- | M] () (No name found) -- C:\Users\Tkhoygan\AppData\Roaming\mozilla\firefox\profiles\0l2dx2ys.default\extensions\youtube2mp3@mondayx.de.xpi
[2013.01.07 01:23:42 | 000,190,000 | ---- | M] () (No name found) -- C:\Users\Tkhoygan\AppData\Roaming\mozilla\firefox\profiles\0l2dx2ys.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
[2009.09.30 21:31:59 | 000,002,171 | ---- | M] () -- C:\Users\Tkhoygan\AppData\Roaming\mozilla\firefox\profiles\0l2dx2ys.default\searchplugins\bing.xml
[2011.03.26 17:41:26 | 000,000,941 | ---- | M] () -- C:\Users\Tkhoygan\AppData\Roaming\mozilla\firefox\profiles\0l2dx2ys.default\searchplugins\filestubecom-software.xml
[2011.03.26 17:38:17 | 000,000,930 | ---- | M] () -- C:\Users\Tkhoygan\AppData\Roaming\mozilla\firefox\profiles\0l2dx2ys.default\searchplugins\filestubecom.xml
[2012.01.28 13:26:01 | 000,003,915 | ---- | M] () -- C:\Users\Tkhoygan\AppData\Roaming\mozilla\firefox\profiles\0l2dx2ys.default\searchplugins\sweetim.xml
[2013.04.12 01:50:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013.04.12 01:50:29 | 000,000,000 | ---D | M] (G Data BankGuard) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad}
[2013.04.12 01:50:29 | 000,000,000 | ---D | M] (G Data WebFilter) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}
[2009.09.07 12:29:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2013.04.12 01:50:34 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2009.01.15 20:53:03 | 000,616,448 | ---- | M] (ArtistScope) -- C:\Program Files (x86)\mozilla firefox\plugins\npArtistScope42.dll
[2009.02.02 08:06:56 | 000,211,456 | ---- | M] (ArtistScope) -- C:\Program Files (x86)\mozilla firefox\plugins\npArtistScopeDRM11.dll
[2012.06.11 19:23:19 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.03.07 01:54:02 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.de/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Orbit Downloader (Disabled) = C:\Program Files (x86)\Google\Chrome\Application\plugins\nporbit.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: ArtistScope plugin 42 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npArtistScope42.dll
CHR - plugin: ArtistScope DRM plugin 1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npArtistScopeDRM11.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: AmazonMP3DownloaderPlugin (Enabled) = C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Media Go Detector (Enabled) = C:\Program Files (x86)\Sony\Media Go\npmediago.dll
CHR - plugin: PlayStation(R)Network Downloader Check Plug-in (Enabled) = C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll
CHR - plugin: Uplay PC (Enabled) = C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: InoViewer Plugin (Enabled) = C:\Program Files (x86)\innoplus\3D-Viewer-innoPlus\npIno3DViewer.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\Tkhoygan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\Tkhoygan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: AT_RatchetClank_v2 = C:\Users\Tkhoygan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejhfomhehcinmhgnlhdpghklkjgppdmn\3_0\
CHR - Extension: Update Notification lite = C:\Users\Tkhoygan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhaidioehlnoiodhaabomodfmkcilijk\1.0\
CHR - Extension: Hitman: Blood Money = C:\Users\Tkhoygan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbpoljfhfcoebbnkknmcaggjgejiole\1.0.0.16_0\
CHR - Extension: Tank-Blitz = C:\Users\Tkhoygan\AppData\Local\Google\Chrome\User Data\Default\Extensions\omekciedmaoalgjfodfbfdibicgbgglj\1.0_0\
CHR - Extension: Google Mail = C:\Users\Tkhoygan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
Hosts file not found
O2:64bit: - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\TotalCare\WebFilter\AvkWebIEx64.dll (G Data Software AG)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\TotalCare\WebFilter\AvkWebIE.dll (G Data Software AG)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\BanksafeBHO.dll (G Data Software AG)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3:64bit: - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\TotalCare\WebFilter\AvkWebIEx64.dll (G Data Software AG)
O3 - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\TotalCare\WebFilter\AvkWebIE.dll (G Data Software AG)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKU\S-1-5-21-3381971859-1467835855-1895993161-1000\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O3 - HKU\S-1-5-21-3381971859-1467835855-1895993161-1000\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [AsioThk32Reg] CTASIO.DLL (Creative Technology Ltd)
O4 - HKLM..\Run: [AudioDrvEmulator] C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [CTHelper] CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe ()
O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\TotalCare\AVKTray\AVKTray.exe (G Data Software AG)
O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\TotalCare\Firewall\GDFirewallTray.exe (G Data Software AG)
O4 - HKLM..\Run: [RCSystem] C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [WheelMouse] C:\Program Files (x86)\A4Tech\Mouse\Amoumain.exe (A4Tech Co., Ltd.)
O4 - HKU\.DEFAULT..\Run: [CtxfiReg] C:\Windows\SysWow64\CTxfiReg.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-18..\Run: [CtxfiReg] C:\Windows\SysWow64\CTxfiReg.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3381971859-1467835855-1895993161-1000..\Run: [Creative MediaSource Go] C:\Program Files (x86)\Creative\MediaSource5\Go\CTCMSGoU.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-3381971859-1467835855-1895993161-1000..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4:64bit: - HKLM..\RunOnce: [*WerKernelReporting] C:\Windows\SysNative\WerFault.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3381971859-1467835855-1895993161-1000..\RunOnce: [Shockwave Updater] C:\Windows\SysWOW64\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/5.0_(Windows;_U;_Windows_NT_6.0;_de;_rv:1.9.2.2)_Gecko/20100316_Firefox/3.6.2" -"hxxp://cc.porsche.com/icc_euro/ui/pva/application/bpModules/interior_3D.jsp?pluginsInstalled=true&RT=1270158517788" File not found
O4 - Startup: C:\Users\AppData\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Meine Dienste.lnk =  File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Meine Dienste.lnk =  File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Meine Dienste.lnk =  File not found
O4 - Startup: C:\Users\Tkhoygan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Meine Dienste.lnk = C:\Programme\Telekom\Meine Dienste\StartMeineDienste.exe (Deutsche Telekom AG)
O4 - Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Meine Dienste.lnk =  File not found
O4 - Startup: C:\Users\UpdatusUser.JustPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Meine Dienste.lnk =  File not found
O7 - HKU\S-1-5-21-3381971859-1467835855-1895993161-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 02 FE FF 03  [binary data]
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Tkhoygan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Web-Suche - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Tkhoygan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Web-Suche - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-3381971859-1467835855-1895993161-1000\..Trusted Domains: clonewarsadventures.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3381971859-1467835855-1895993161-1000\..Trusted Domains: freerealms.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3381971859-1467835855-1895993161-1000\..Trusted Domains: soe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3381971859-1467835855-1895993161-1000\..Trusted Domains: sony.com ([]* in Vertrauenswürdige Sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.17.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15118/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{045CB0D8-80F8-4BE5-97D3-A7AEA1906044}: DhcpNameServer = 192.168.135.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A6F6B1B4-2916-4A25-8C02-DC555670F665}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-3381971859-1467835855-1895993161-1000 Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-3381971859-1467835855-1895993161-1000 Winlogon: Shell - (C:\Users\Tkhoygan\AppData\Roaming\skype.dat) - C:\Users\Tkhoygan\AppData\Roaming\skype.dat ()
O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Tkhoygan\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Tkhoygan\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O27:64bit: - HKLM IFEO\hpwucli.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe" File not found
O27:64bit: - HKLM IFEO\npsguide.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe" File not found
O27:64bit: - HKLM IFEO\presentationhost.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe" File not found
O27 - HKLM IFEO\hpwucli.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\npsguide.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\presentationhost.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O31 - SafeBoot: UseAlternatShell - 1
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0a4cc68c-3776-11df-ba00-00248c947495}\Shell - "" = AutoRun
O33 - MountPoints2\{0a4cc68c-3776-11df-ba00-00248c947495}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O33 - MountPoints2\{0a4cc6af-3776-11df-ba00-00248c947495}\Shell - "" = AutoRun
O33 - MountPoints2\{0a4cc6af-3776-11df-ba00-00248c947495}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O33 - MountPoints2\{6d54971f-9a75-11de-ab90-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6d54971f-9a75-11de-ab90-806e6f6e6963}\Shell\AutoRun\command - "" = E:\menue.exe
O33 - MountPoints2\{f453e214-3846-11df-a70c-00248c947495}\Shell - "" = AutoRun
O33 - MountPoints2\{f453e214-3846-11df-a70c-00248c947495}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O33 - MountPoints2\{f453e22f-3846-11df-a70c-00248c947495}\Shell - "" = AutoRun
O33 - MountPoints2\{f453e22f-3846-11df-a70c-00248c947495}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.22 01:46:27 | 000,000,000 | ---D | C] -- C:\Users\Tkhoygan\AppData\Roaming\vlc
[2013.04.22 01:45:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013.04.18 22:09:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Snail Games USA
[2013.04.18 22:09:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Snail Games USA
[2013.04.18 21:05:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\WuShu_0.0.1.029
[2013.04.18 21:05:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AgeofWushu_download
[2013.04.17 23:55:49 | 000,000,000 | ---D | C] -- C:\Users\Tkhoygan\AppData\Local\SCE
[2013.04.13 19:37:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\maxdome
[2013.04.13 19:37:40 | 000,000,000 | ---D | C] -- C:\ProgramData\maxdome
[2013.04.13 19:37:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\maxdome
[2013.04.12 01:50:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.04.10 23:01:18 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.04.10 23:01:18 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.04.10 23:01:17 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.04.10 23:01:17 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.04.10 23:01:17 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.04.10 23:01:17 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.04.10 23:01:16 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.04.10 23:01:16 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.04.10 23:01:15 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.04.10 23:01:15 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.04.10 23:01:14 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.04.10 23:01:14 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.04.10 23:01:13 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.04.10 23:01:13 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.04.10 23:01:13 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.04.10 19:47:50 | 004,691,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.04.10 19:47:50 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013.04.10 19:47:50 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013.04.10 19:42:05 | 000,451,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013.04.10 19:42:04 | 002,425,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013.04.10 19:42:04 | 002,067,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2010.06.02 06:22:02 | 000,089,944 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\DSETUP.dll
[8 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[6 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.04 11:27:13 | 001,445,546 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.04 11:27:13 | 000,627,978 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.04 11:27:13 | 000,595,608 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.04 11:27:13 | 000,126,092 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.04 11:27:13 | 000,103,682 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.04 10:45:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.03 23:50:41 | 000,060,992 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000008-00000000-00000001-00001102-00000005-00291102}.rfx
[2013.05.03 23:50:41 | 000,060,992 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000008-00000000-00000001-00001102-00000005-00291102}.rfx
[2013.05.03 23:50:41 | 000,000,788 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000008-00000000-00000001-00001102-00000005-00291102}.rfx
[2013.05.03 23:50:37 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.03 23:50:36 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.03 23:46:23 | 000,002,032 | ---- | M] () -- C:\Users\Tkhoygan\AppData\Local\d3d9caps.dat
[2013.05.03 23:44:14 | 000,000,004 | ---- | M] () -- C:\Users\Tkhoygan\AppData\Roaming\skype.ini
[2013.05.03 23:43:02 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.03 23:39:00 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.02 00:22:57 | 001,059,173 | ---- | M] () -- C:\Windows\SysWow64\sig.bin
[2013.05.02 00:22:57 | 000,054,567 | ---- | M] () -- C:\Windows\SysWow64\nmp.map
[2013.04.29 06:52:33 | 000,038,400 | ---- | M] () -- C:\Users\Tkhoygan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.04.22 01:45:58 | 000,000,861 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.04.21 15:16:09 | 000,001,460 | ---- | M] () -- C:\Users\Tkhoygan\AppData\Local\d3d9caps64.dat
[2013.04.21 04:26:16 | 000,000,236 | ---- | M] () -- C:\mapui.ini
[2013.04.21 04:26:16 | 000,000,154 | ---- | M] () -- C:\general_info_filter.ini
[2013.04.21 04:19:53 | 000,000,005 | ---- | M] () -- C:\mail.ini
[2013.04.21 04:19:43 | 000,000,307 | ---- | M] () -- C:\attach.ini
[2013.04.18 22:09:24 | 000,000,825 | ---- | M] () -- C:\Users\Public\Desktop\Age of Wushu.lnk
[2013.04.18 21:05:17 | 000,001,092 | ---- | M] () -- C:\Users\Tkhoygan\Desktop\AgeofWushu_downloader.lnk
[2013.04.17 23:54:53 | 000,002,147 | ---- | M] () -- C:\Users\Tkhoygan\Desktop\DC Universe Online PSG.lnk
[2013.04.13 19:37:45 | 000,001,880 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\maxdome Download Manager.lnk
[2013.04.12 21:51:01 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.04.12 21:51:01 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.04.11 01:20:10 | 004,825,352 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[8 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[6 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.05.03 22:43:17 | 000,000,004 | ---- | C] () -- C:\Users\Tkhoygan\AppData\Roaming\skype.ini
[2013.04.23 20:52:57 | 000,501,760 | ---- | C] () -- C:\Windows\SysNative\ZSHP1020.EXE
[2013.04.23 20:52:57 | 000,192,512 | ---- | C] () -- C:\Windows\SysNative\ZLhp1020.DLL
[2013.04.22 01:45:58 | 000,000,861 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.04.21 04:26:16 | 000,000,154 | ---- | C] () -- C:\general_info_filter.ini
[2013.04.21 01:31:49 | 000,000,005 | ---- | C] () -- C:\mail.ini
[2013.04.21 01:19:44 | 000,000,307 | ---- | C] () -- C:\attach.ini
[2013.04.21 01:15:28 | 000,000,236 | ---- | C] () -- C:\mapui.ini
[2013.04.18 22:09:24 | 000,000,825 | ---- | C] () -- C:\Users\Public\Desktop\Age of Wushu.lnk
[2013.04.18 21:05:17 | 000,001,092 | ---- | C] () -- C:\Users\Tkhoygan\Desktop\AgeofWushu_downloader.lnk
[2013.04.17 23:54:54 | 000,002,177 | ---- | C] () -- C:\Users\Tkhoygan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DC Universe Online PSG.lnk
[2013.04.17 23:54:53 | 000,002,147 | ---- | C] () -- C:\Users\Tkhoygan\Desktop\DC Universe Online PSG.lnk
[2013.04.13 19:37:45 | 000,001,880 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\maxdome Download Manager.lnk
[2013.03.09 11:19:53 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013.03.09 11:19:52 | 003,123,272 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2013.03.06 23:53:30 | 000,000,022 | ---- | C] () -- C:\Windows\GPU-Z.INI
[2012.12.30 22:41:13 | 000,015,190 | ---- | C] () -- C:\Windows\M2000Twn.ini
[2012.11.08 00:00:40 | 000,010,231 | ---- | C] () -- C:\Users\Tkhoygan\TomasKhoygani_Tkhoygan_elster_2048 - Kopie.pfx
[2012.09.04 02:25:47 | 000,040,960 | R--- | C] () -- C:\Windows\SysWow64\psfind.dll
[2012.08.30 11:40:14 | 000,429,416 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012.07.02 18:49:37 | 004,503,728 | ---- | C] () -- C:\ProgramData\l_u0_0.pad
[2012.01.17 12:24:10 | 000,055,296 | ---- | C] () -- C:\Windows\SysWow64\ASGT.exe
[2012.01.12 20:53:13 | 000,098,304 | ---- | C] () -- C:\Users\Tkhoygan\AppData\Roaming\skype.dat
[2011.12.03 18:15:00 | 000,000,000 | ---- | C] () -- C:\Users\Tkhoygan\AppData\Local\{4DDBAB34-8E35-4627-8071-1F78DE82B6BC}
[2011.10.13 20:10:59 | 000,000,000 | ---- | C] () -- C:\Users\Tkhoygan\AppData\Local\{AEE60C42-E89C-4151-94DE-6FC24E9DF279}
[2011.10.09 21:39:07 | 000,000,466 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.09.11 21:10:53 | 001,059,173 | ---- | C] () -- C:\Windows\SysWow64\sig.bin
[2011.08.28 02:16:59 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011.06.28 00:34:54 | 000,004,416 | ---- | C] () -- C:\Users\Tkhoygan\AppData\Roaming\CamStudio.cfg
[2011.06.28 00:34:54 | 000,000,408 | ---- | C] () -- C:\Users\Tkhoygan\AppData\Roaming\CamShapes.ini
[2011.06.28 00:34:54 | 000,000,408 | ---- | C] () -- C:\Users\Tkhoygan\AppData\Roaming\CamLayout.ini
[2011.06.28 00:34:54 | 000,000,121 | ---- | C] () -- C:\Users\Tkhoygan\AppData\Roaming\Camdata.ini
[2010.06.02 06:22:54 | 001,412,902 | ---- | C] () -- C:\ProgramData\OCT2006_d3dx9_31_x64.cab
[2010.06.02 06:22:54 | 001,127,217 | ---- | C] () -- C:\ProgramData\OCT2006_d3dx9_31_x86.cab
[2010.06.02 06:22:54 | 000,273,960 | ---- | C] () -- C:\ProgramData\Nov2008_XAudio_x64.cab
[2010.06.02 06:22:54 | 000,272,611 | ---- | C] () -- C:\ProgramData\Nov2008_XAudio_x86.cab
[2010.06.02 06:22:54 | 000,182,361 | ---- | C] () -- C:\ProgramData\OCT2006_XACT_x64.cab
[2010.06.02 06:22:54 | 000,138,017 | ---- | C] () -- C:\ProgramData\OCT2006_XACT_x86.cab
[2010.06.02 06:22:54 | 000,086,037 | ---- | C] () -- C:\ProgramData\Oct2005_xinput_x64.cab
[2010.06.02 06:22:54 | 000,045,359 | ---- | C] () -- C:\ProgramData\Oct2005_xinput_x86.cab
[2010.06.02 06:22:52 | 001,906,878 | ---- | C] () -- C:\ProgramData\Nov2008_d3dx9_40_x64.cab
[2010.06.02 06:22:52 | 001,550,796 | ---- | C] () -- C:\ProgramData\Nov2008_d3dx9_40_x86.cab
[2010.06.02 06:22:52 | 000,965,421 | ---- | C] () -- C:\ProgramData\Nov2008_d3dx10_40_x86.cab
[2010.06.02 06:22:52 | 000,121,794 | ---- | C] () -- C:\ProgramData\Nov2008_XACT_x64.cab
[2010.06.02 06:22:52 | 000,092,684 | ---- | C] () -- C:\ProgramData\Nov2008_XACT_x86.cab
[2010.06.02 06:22:52 | 000,054,522 | ---- | C] () -- C:\ProgramData\Nov2008_X3DAudio_x64.cab
[2010.06.02 06:22:52 | 000,021,851 | ---- | C] () -- C:\ProgramData\Nov2008_X3DAudio_x86.cab
[2010.06.02 06:22:50 | 000,994,154 | ---- | C] () -- C:\ProgramData\Nov2008_d3dx10_40_x64.cab
[2010.06.02 06:22:50 | 000,196,762 | ---- | C] () -- C:\ProgramData\NOV2007_XACT_x64.cab
[2010.06.02 06:22:50 | 000,148,264 | ---- | C] () -- C:\ProgramData\NOV2007_XACT_x86.cab
[2010.06.02 06:22:50 | 000,046,144 | ---- | C] () -- C:\ProgramData\NOV2007_X3DAudio_x64.cab
[2010.06.02 06:22:50 | 000,018,496 | ---- | C] () -- C:\ProgramData\NOV2007_X3DAudio_x86.cab
[2010.06.02 06:22:48 | 001,802,058 | ---- | C] () -- C:\ProgramData\Nov2007_d3dx9_36_x64.cab
[2010.06.02 06:22:48 | 001,709,360 | ---- | C] () -- C:\ProgramData\Nov2007_d3dx9_36_x86.cab
[2010.06.02 06:22:48 | 000,864,600 | ---- | C] () -- C:\ProgramData\Nov2007_d3dx10_36_x64.cab
[2010.06.02 06:22:48 | 000,803,884 | ---- | C] () -- C:\ProgramData\Nov2007_d3dx10_36_x86.cab
[2010.06.02 06:22:48 | 000,273,018 | ---- | C] () -- C:\ProgramData\Mar2009_XAudio_x86.cab
[2010.06.02 06:22:46 | 000,275,044 | ---- | C] () -- C:\ProgramData\Mar2009_XAudio_x64.cab
[2010.06.02 06:22:46 | 000,121,506 | ---- | C] () -- C:\ProgramData\Mar2009_XACT_x64.cab
[2010.06.02 06:22:46 | 000,092,740 | ---- | C] () -- C:\ProgramData\Mar2009_XACT_x86.cab
[2010.06.02 06:22:38 | 000,054,600 | ---- | C] () -- C:\ProgramData\Mar2009_X3DAudio_x64.cab
[2010.06.02 06:22:38 | 000,021,298 | ---- | C] () -- C:\ProgramData\Mar2009_X3DAudio_x86.cab
[2010.06.02 06:22:36 | 001,973,702 | ---- | C] () -- C:\ProgramData\Mar2009_d3dx9_41_x64.cab
[2010.06.02 06:22:36 | 001,612,446 | ---- | C] () -- C:\ProgramData\Mar2009_d3dx9_41_x86.cab
[2010.06.02 06:22:36 | 001,067,160 | ---- | C] () -- C:\ProgramData\Mar2009_d3dx10_41_x64.cab
[2010.06.02 06:22:36 | 001,040,745 | ---- | C] () -- C:\ProgramData\Mar2009_d3dx10_41_x86.cab
[2010.06.02 06:22:36 | 000,251,194 | ---- | C] () -- C:\ProgramData\Mar2008_XAudio_x64.cab
[2010.06.02 06:22:36 | 000,226,250 | ---- | C] () -- C:\ProgramData\Mar2008_XAudio_x86.cab
[2010.06.02 06:22:36 | 000,122,336 | ---- | C] () -- C:\ProgramData\Mar2008_XACT_x64.cab
[2010.06.02 06:22:36 | 000,093,734 | ---- | C] () -- C:\ProgramData\Mar2008_XACT_x86.cab
[2010.06.02 06:22:34 | 001,769,862 | ---- | C] () -- C:\ProgramData\Mar2008_d3dx9_37_x64.cab
[2010.06.02 06:22:34 | 001,443,282 | ---- | C] () -- C:\ProgramData\Mar2008_d3dx9_37_x86.cab
[2010.06.02 06:22:34 | 000,818,260 | ---- | C] () -- C:\ProgramData\Mar2008_d3dx10_37_x86.cab
[2010.06.02 06:22:34 | 000,055,058 | ---- | C] () -- C:\ProgramData\Mar2008_X3DAudio_x64.cab
[2010.06.02 06:22:34 | 000,021,867 | ---- | C] () -- C:\ProgramData\Mar2008_X3DAudio_x86.cab
[2010.06.02 06:22:32 | 000,937,246 | ---- | C] () -- C:\ProgramData\Jun2010_d3dx9_43_x64.cab
[2010.06.02 06:22:32 | 000,844,884 | ---- | C] () -- C:\ProgramData\Mar2008_d3dx10_37_x64.cab
[2010.06.02 06:22:32 | 000,768,036 | ---- | C] () -- C:\ProgramData\Jun2010_d3dx9_43_x86.cab
[2010.06.02 06:22:32 | 000,278,060 | ---- | C] () -- C:\ProgramData\Jun2010_XAudio_x86.cab
[2010.06.02 06:22:32 | 000,277,338 | ---- | C] () -- C:\ProgramData\Jun2010_XAudio_x64.cab
[2010.06.02 06:22:32 | 000,124,596 | ---- | C] () -- C:\ProgramData\Jun2010_XACT_x64.cab
[2010.06.02 06:22:32 | 000,093,686 | ---- | C] () -- C:\ProgramData\Jun2010_XACT_x86.cab
[2010.06.02 06:22:30 | 000,762,188 | ---- | C] () -- C:\ProgramData\Jun2010_d3dcsx_43_x86.cab
[2010.06.02 06:22:30 | 000,235,955 | ---- | C] () -- C:\ProgramData\Jun2010_d3dx10_43_x64.cab
[2010.06.02 06:22:30 | 000,197,283 | ---- | C] () -- C:\ProgramData\Jun2010_d3dx10_43_x86.cab
[2010.06.02 06:22:30 | 000,138,205 | ---- | C] () -- C:\ProgramData\Jun2010_d3dx11_43_x64.cab
[2010.06.02 06:22:30 | 000,109,445 | ---- | C] () -- C:\ProgramData\Jun2010_d3dx11_43_x86.cab
[2010.06.02 06:22:28 | 000,944,460 | ---- | C] () -- C:\ProgramData\Jun2010_D3DCompiler_43_x64.cab
[2010.06.02 06:22:28 | 000,931,471 | ---- | C] () -- C:\ProgramData\Jun2010_D3DCompiler_43_x86.cab
[2010.06.02 06:22:28 | 000,752,783 | ---- | C] () -- C:\ProgramData\Jun2010_d3dcsx_43_x64.cab
[2010.06.02 06:22:20 | 000,269,024 | ---- | C] () -- C:\ProgramData\JUN2008_XAudio_x86.cab
[2010.06.02 06:22:18 | 001,792,608 | ---- | C] () -- C:\ProgramData\JUN2008_d3dx9_38_x64.cab
[2010.06.02 06:22:18 | 001,463,878 | ---- | C] () -- C:\ProgramData\JUN2008_d3dx9_38_x86.cab
[2010.06.02 06:22:18 | 000,867,828 | ---- | C] () -- C:\ProgramData\JUN2008_d3dx10_38_x64.cab
[2010.06.02 06:22:18 | 000,849,919 | ---- | C] () -- C:\ProgramData\JUN2008_d3dx10_38_x86.cab
[2010.06.02 06:22:18 | 000,269,628 | ---- | C] () -- C:\ProgramData\JUN2008_XAudio_x64.cab
[2010.06.02 06:22:18 | 000,152,909 | ---- | C] () -- C:\ProgramData\JUN2007_XACT_x86.cab
[2010.06.02 06:22:18 | 000,121,054 | ---- | C] () -- C:\ProgramData\JUN2008_XACT_x64.cab
[2010.06.02 06:22:18 | 000,093,128 | ---- | C] () -- C:\ProgramData\JUN2008_XACT_x86.cab
[2010.06.02 06:22:18 | 000,055,154 | ---- | C] () -- C:\ProgramData\JUN2008_X3DAudio_x64.cab
[2010.06.02 06:22:18 | 000,021,905 | ---- | C] () -- C:\ProgramData\JUN2008_X3DAudio_x86.cab
[2010.06.02 06:22:16 | 001,607,774 | ---- | C] () -- C:\ProgramData\JUN2007_d3dx9_34_x64.cab
[2010.06.02 06:22:16 | 001,607,286 | ---- | C] () -- C:\ProgramData\JUN2007_d3dx9_34_x86.cab
[2010.06.02 06:22:16 | 001,064,925 | ---- | C] () -- C:\ProgramData\Jun2005_d3dx9_26_x86.cab
[2010.06.02 06:22:16 | 000,699,044 | ---- | C] () -- C:\ProgramData\JUN2007_d3dx10_34_x64.cab
[2010.06.02 06:22:16 | 000,698,472 | ---- | C] () -- C:\ProgramData\JUN2007_d3dx10_34_x86.cab
[2010.06.02 06:22:16 | 000,197,122 | ---- | C] () -- C:\ProgramData\JUN2007_XACT_x64.cab
[2010.06.02 06:22:16 | 000,180,785 | ---- | C] () -- C:\ProgramData\JUN2006_XACT_x64.cab
[2010.06.02 06:22:16 | 000,133,671 | ---- | C] () -- C:\ProgramData\JUN2006_XACT_x86.cab
[2010.06.02 06:22:14 | 001,336,002 | ---- | C] () -- C:\ProgramData\Jun2005_d3dx9_26_x64.cab
[2010.06.02 06:22:14 | 000,277,191 | ---- | C] () -- C:\ProgramData\Feb2010_XAudio_x86.cab
[2010.06.02 06:22:14 | 000,276,960 | ---- | C] () -- C:\ProgramData\Feb2010_XAudio_x64.cab
[2010.06.02 06:22:14 | 000,122,446 | ---- | C] () -- C:\ProgramData\Feb2010_XACT_x64.cab
[2010.06.02 06:22:14 | 000,093,180 | ---- | C] () -- C:\ProgramData\Feb2010_XACT_x86.cab
[2010.06.02 06:22:12 | 000,194,675 | ---- | C] () -- C:\ProgramData\FEB2007_XACT_x64.cab
[2010.06.02 06:22:12 | 000,147,983 | ---- | C] () -- C:\ProgramData\FEB2007_XACT_x86.cab
[2010.06.02 06:22:12 | 000,054,678 | ---- | C] () -- C:\ProgramData\Feb2010_X3DAudio_x64.cab
[2010.06.02 06:22:12 | 000,020,713 | ---- | C] () -- C:\ProgramData\Feb2010_X3DAudio_x86.cab
[2010.06.02 06:22:10 | 000,178,359 | ---- | C] () -- C:\ProgramData\Feb2006_XACT_x64.cab
[2010.06.02 06:22:10 | 000,132,409 | ---- | C] () -- C:\ProgramData\Feb2006_XACT_x86.cab
[2010.06.02 06:22:04 | 001,084,720 | ---- | C] () -- C:\ProgramData\Feb2006_d3dx9_29_x86.cab
[2010.06.02 06:22:02 | 001,801,048 | ---- | C] () -- C:\ProgramData\dsetup32.dll
[2010.06.02 06:22:02 | 001,574,376 | ---- | C] () -- C:\ProgramData\DEC2006_d3dx9_32_x86.cab
[2010.06.02 06:22:02 | 001,362,796 | ---- | C] () -- C:\ProgramData\Feb2006_d3dx9_29_x64.cab
[2010.06.02 06:22:02 | 001,247,499 | ---- | C] () -- C:\ProgramData\Feb2005_d3dx9_24_x64.cab
[2010.06.02 06:22:02 | 001,013,225 | ---- | C] () -- C:\ProgramData\Feb2005_d3dx9_24_x86.cab
[2010.06.02 06:22:02 | 000,537,432 | ---- | C] () -- C:\ProgramData\DXSETUP.exe
[2010.06.02 06:22:02 | 000,192,475 | ---- | C] () -- C:\ProgramData\DEC2006_XACT_x64.cab
[2010.06.02 06:22:02 | 000,145,599 | ---- | C] () -- C:\ProgramData\DEC2006_XACT_x86.cab
[2010.06.02 06:22:02 | 000,094,011 | ---- | C] () -- C:\ProgramData\dxupdate.cab
[2010.06.02 06:22:02 | 000,042,410 | ---- | C] () -- C:\ProgramData\dxdllreg_x86.cab
[2010.06.02 06:22:00 | 001,571,154 | ---- | C] () -- C:\ProgramData\DEC2006_d3dx9_32_x64.cab
[2010.06.02 06:22:00 | 001,357,976 | ---- | C] () -- C:\ProgramData\Dec2005_d3dx9_28_x64.cab
[2010.06.02 06:22:00 | 001,079,456 | ---- | C] () -- C:\ProgramData\Dec2005_d3dx9_28_x86.cab
[2010.06.02 06:22:00 | 000,273,264 | ---- | C] () -- C:\ProgramData\Aug2009_XAudio_x64.cab
[2010.06.02 06:22:00 | 000,272,642 | ---- | C] () -- C:\ProgramData\Aug2009_XAudio_x86.cab
[2010.06.02 06:22:00 | 000,212,807 | ---- | C] () -- C:\ProgramData\DEC2006_d3dx10_00_x64.cab
[2010.06.02 06:22:00 | 000,191,720 | ---- | C] () -- C:\ProgramData\DEC2006_d3dx10_00_x86.cab
[2010.06.02 06:22:00 | 000,122,408 | ---- | C] () -- C:\ProgramData\Aug2009_XACT_x64.cab
[2010.06.02 06:22:00 | 000,093,106 | ---- | C] () -- C:\ProgramData\Aug2009_XACT_x86.cab
[2010.06.02 06:21:58 | 000,930,116 | ---- | C] () -- C:\ProgramData\Aug2009_d3dx9_42_x64.cab
[2010.06.02 06:21:58 | 000,728,456 | ---- | C] () -- C:\ProgramData\Aug2009_d3dx9_42_x86.cab
[2010.06.02 06:21:58 | 000,232,635 | ---- | C] () -- C:\ProgramData\Aug2009_d3dx10_42_x64.cab
[2010.06.02 06:21:58 | 000,192,131 | ---- | C] () -- C:\ProgramData\Aug2009_d3dx10_42_x86.cab
[2010.06.02 06:21:58 | 000,136,301 | ---- | C] () -- C:\ProgramData\Aug2009_d3dx11_42_x64.cab
[2010.06.02 06:21:58 | 000,105,044 | ---- | C] () -- C:\ProgramData\Aug2009_d3dx11_42_x86.cab
[2010.06.02 06:21:56 | 003,319,740 | ---- | C] () -- C:\ProgramData\Aug2009_d3dcsx_42_x86.cab
[2010.06.02 06:21:56 | 003,112,111 | ---- | C] () -- C:\ProgramData\Aug2009_d3dcsx_42_x64.cab
[2010.06.02 06:21:56 | 000,900,598 | ---- | C] () -- C:\ProgramData\Aug2009_D3DCompiler_42_x86.cab
[2010.06.02 06:21:46 | 000,919,044 | ---- | C] () -- C:\ProgramData\Aug2009_D3DCompiler_42_x64.cab
[2010.06.02 06:21:46 | 000,271,412 | ---- | C] () -- C:\ProgramData\Aug2008_XAudio_x64.cab
[2010.06.02 06:21:46 | 000,271,038 | ---- | C] () -- C:\ProgramData\Aug2008_XAudio_x86.cab
[2010.06.02 06:21:44 | 001,794,084 | ---- | C] () -- C:\ProgramData\Aug2008_d3dx9_39_x64.cab
[2010.06.02 06:21:44 | 001,464,672 | ---- | C] () -- C:\ProgramData\Aug2008_d3dx9_39_x86.cab
[2010.06.02 06:21:44 | 000,849,167 | ---- | C] () -- C:\ProgramData\Aug2008_d3dx10_39_x86.cab
[2010.06.02 06:21:44 | 000,198,096 | ---- | C] () -- C:\ProgramData\AUG2007_XACT_x64.cab
[2010.06.02 06:21:44 | 000,153,012 | ---- | C] () -- C:\ProgramData\AUG2007_XACT_x86.cab
[2010.06.02 06:21:44 | 000,121,772 | ---- | C] () -- C:\ProgramData\Aug2008_XACT_x64.cab
[2010.06.02 06:21:44 | 000,092,996 | ---- | C] () -- C:\ProgramData\Aug2008_XACT_x86.cab
[2010.06.02 06:21:42 | 001,800,160 | ---- | C] () -- C:\ProgramData\AUG2007_d3dx9_35_x64.cab
[2010.06.02 06:21:42 | 001,708,152 | ---- | C] () -- C:\ProgramData\AUG2007_d3dx9_35_x86.cab
[2010.06.02 06:21:42 | 000,867,612 | ---- | C] () -- C:\ProgramData\Aug2008_d3dx10_39_x64.cab
[2010.06.02 06:21:42 | 000,852,286 | ---- | C] () -- C:\ProgramData\AUG2007_d3dx10_35_x64.cab
[2010.06.02 06:21:42 | 000,796,867 | ---- | C] () -- C:\ProgramData\AUG2007_d3dx10_35_x86.cab
[2010.06.02 06:21:40 | 001,350,542 | ---- | C] () -- C:\ProgramData\Aug2005_d3dx9_27_x64.cab
[2010.06.02 06:21:40 | 001,077,644 | ---- | C] () -- C:\ProgramData\Aug2005_d3dx9_27_x86.cab
[2010.06.02 06:21:40 | 000,182,903 | ---- | C] () -- C:\ProgramData\AUG2006_XACT_x64.cab
[2010.06.02 06:21:40 | 000,137,235 | ---- | C] () -- C:\ProgramData\AUG2006_XACT_x86.cab
[2010.06.02 06:21:40 | 000,087,142 | ---- | C] () -- C:\ProgramData\AUG2006_xinput_x64.cab
[2010.06.02 06:21:40 | 000,053,302 | ---- | C] () -- C:\ProgramData\APR2007_xinput_x86.cab
[2010.06.02 06:21:40 | 000,046,058 | ---- | C] () -- C:\ProgramData\AUG2006_xinput_x86.cab
[2010.06.02 06:21:38 | 001,606,039 | ---- | C] () -- C:\ProgramData\APR2007_d3dx9_33_x86.cab
[2010.06.02 06:21:38 | 000,195,766 | ---- | C] () -- C:\ProgramData\APR2007_XACT_x64.cab
[2010.06.02 06:21:38 | 000,151,225 | ---- | C] () -- C:\ProgramData\APR2007_XACT_x86.cab
[2010.06.02 06:21:38 | 000,096,817 | ---- | C] () -- C:\ProgramData\APR2007_xinput_x64.cab
[2010.06.02 06:21:36 | 001,607,358 | ---- | C] () -- C:\ProgramData\APR2007_d3dx9_33_x64.cab
[2010.06.02 06:21:36 | 000,698,612 | ---- | C] () -- C:\ProgramData\APR2007_d3dx10_33_x64.cab
[2010.06.02 06:21:36 | 000,695,865 | ---- | C] () -- C:\ProgramData\APR2007_d3dx10_33_x86.cab
[2010.06.02 06:21:34 | 000,046,010 | ---- | C] () -- C:\ProgramData\Apr2006_xinput_x86.cab
[2010.06.02 06:21:20 | 000,087,101 | ---- | C] () -- C:\ProgramData\Apr2006_xinput_x64.cab
[2010.06.02 06:21:18 | 004,162,630 | ---- | C] () -- C:\ProgramData\Apr2006_MDX1_x86_Archive.cab
[2010.06.02 06:21:18 | 000,916,430 | ---- | C] () -- C:\ProgramData\Apr2006_MDX1_x86.cab
[2010.06.02 06:21:18 | 000,179,133 | ---- | C] () -- C:\ProgramData\Apr2006_XACT_x64.cab
[2010.06.02 06:21:18 | 000,133,103 | ---- | C] () -- C:\ProgramData\Apr2006_XACT_x86.cab
[2010.06.02 06:21:16 | 001,397,830 | ---- | C] () -- C:\ProgramData\Apr2006_d3dx9_30_x64.cab
[2010.06.02 06:21:16 | 001,347,354 | ---- | C] () -- C:\ProgramData\Apr2005_d3dx9_25_x64.cab
[2010.06.02 06:21:16 | 001,115,221 | ---- | C] () -- C:\ProgramData\Apr2006_d3dx9_30_x86.cab
[2010.06.02 06:21:16 | 001,078,962 | ---- | C] () -- C:\ProgramData\Apr2005_d3dx9_25_x86.cab
[2010.05.05 09:31:12 | 000,024,226 | ---- | C] () -- C:\Users\Tkhoygan\AppData\Roaming\UserTile.png
[2010.04.21 23:07:24 | 000,027,926 | ---- | C] () -- C:\Users\Tkhoygan\St Head.pdf.erv
[2010.01.15 20:57:53 | 000,112,754 | ---- | C] () -- C:\Users\Tkhoygan\Bestellung bestätigen 15.01.10.pdf.erv
[2009.11.18 23:16:23 | 000,010,455 | ---- | C] () -- C:\Users\Tkhoygan\TomasKhoygani_Tkhoygan_elster_2048.pfx
[2009.11.01 11:26:19 | 000,002,032 | ---- | C] () -- C:\Users\Tkhoygan\AppData\Local\d3d9caps.dat
[2009.09.08 02:47:42 | 000,038,400 | ---- | C] () -- C:\Users\Tkhoygan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.09.06 01:51:12 | 000,001,460 | ---- | C] () -- C:\Users\Tkhoygan\AppData\Local\d3d9caps64.dat
 
========== ZeroAccess Check ==========
 
[2011.11.18 22:55:05 | 000,002,048 | -HS- | M] () -- C:\Users\Tkhoygan\AppData\Local\{f2480897-07a5-5235-fec4-f4d3c6b3659c}\@
[2011.11.18 22:55:05 | 000,000,000 | -HSD | M] -- C:\Users\Tkhoygan\AppData\Local\{f2480897-07a5-5235-fec4-f4d3c6b3659c}\L
[2011.11.18 22:55:05 | 000,000,000 | -HSD | M] -- C:\Users\Tkhoygan\AppData\Local\{f2480897-07a5-5235-fec4-f4d3c6b3659c}\U
[2006.11.02 17:29:43 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\Users\Tkhoygan\AppData\Local\{f2480897-07a5-5235-fec4-f4d3c6b3659c}\n.
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.08 19:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.04.11 09:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 04:50:01 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Files - Unicode (All) ==========
[2013.04.28 20:04:04 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\???i{52ebfe38-afec-11e2-832f-00248c947495}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\۸䅌i{52ebfe38-afec-11e2-832f-00248c947495}.TMContainer00000000000000000002.regtrans-ms
[2013.04.28 20:04:04 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\???i{52ebfe38-afec-11e2-832f-00248c947495}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\۸䅌i{52ebfe38-afec-11e2-832f-00248c947495}.TMContainer00000000000000000001.regtrans-ms
[2013.04.28 20:04:04 | 000,262,144 | ---- | M] ()(C:\Windows\SysWow64\???i) -- C:\Windows\SysWow64\۸䅌i
[2013.04.28 20:04:04 | 000,065,536 | -HS- | M] ()(C:\Windows\SysWow64\???i{52ebfe38-afec-11e2-832f-00248c947495}.TM.blf) -- C:\Windows\SysWow64\۸䅌i{52ebfe38-afec-11e2-832f-00248c947495}.TM.blf
[2013.04.28 20:04:04 | 000,021,504 | -H-- | M] ()(C:\Windows\SysWow64\???i.LOG1) -- C:\Windows\SysWow64\۸䅌i.LOG1
[2013.04.28 20:00:01 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\???i{52ebfe38-afec-11e2-832f-00248c947495}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\۸䅌i{52ebfe38-afec-11e2-832f-00248c947495}.TMContainer00000000000000000002.regtrans-ms
[2013.04.28 20:00:01 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\???i{52ebfe38-afec-11e2-832f-00248c947495}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\۸䅌i{52ebfe38-afec-11e2-832f-00248c947495}.TMContainer00000000000000000001.regtrans-ms
[2013.04.28 20:00:01 | 000,262,144 | ---- | C] ()(C:\Windows\SysWow64\???i) -- C:\Windows\SysWow64\۸䅌i
[2013.04.28 20:00:01 | 000,065,536 | -HS- | C] ()(C:\Windows\SysWow64\???i{52ebfe38-afec-11e2-832f-00248c947495}.TM.blf) -- C:\Windows\SysWow64\۸䅌i{52ebfe38-afec-11e2-832f-00248c947495}.TM.blf
[2013.04.28 20:00:01 | 000,021,504 | -H-- | C] ()(C:\Windows\SysWow64\???i.LOG1) -- C:\Windows\SysWow64\۸䅌i.LOG1
[2013.04.28 20:00:01 | 000,000,000 | -H-- | M] ()(C:\Windows\SysWow64\???i.LOG2) -- C:\Windows\SysWow64\۸䅌i.LOG2
[2013.04.28 20:00:01 | 000,000,000 | -H-- | C] ()(C:\Windows\SysWow64\???i.LOG2) -- C:\Windows\SysWow64\۸䅌i.LOG2
[2013.03.28 21:05:31 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\???j{477a15ac-97d4-11e2-9615-00248c947495}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\ۯ气j{477a15ac-97d4-11e2-9615-00248c947495}.TMContainer00000000000000000002.regtrans-ms
[2013.03.28 21:05:31 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\???j{477a15ac-97d4-11e2-9615-00248c947495}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\ۯ气j{477a15ac-97d4-11e2-9615-00248c947495}.TMContainer00000000000000000001.regtrans-ms
[2013.03.28 21:05:31 | 000,065,536 | -HS- | M] ()(C:\Windows\SysWow64\???j{477a15ac-97d4-11e2-9615-00248c947495}.TM.blf) -- C:\Windows\SysWow64\ۯ气j{477a15ac-97d4-11e2-9615-00248c947495}.TM.blf
[2013.03.28 21:00:01 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\???j{477a15ac-97d4-11e2-9615-00248c947495}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\ۯ气j{477a15ac-97d4-11e2-9615-00248c947495}.TMContainer00000000000000000002.regtrans-ms
[2013.03.28 21:00:01 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\???j{477a15ac-97d4-11e2-9615-00248c947495}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\ۯ气j{477a15ac-97d4-11e2-9615-00248c947495}.TMContainer00000000000000000001.regtrans-ms
[2013.03.28 21:00:01 | 000,262,144 | ---- | M] ()(C:\Windows\SysWow64\???j) -- C:\Windows\SysWow64\ۯ气j
[2013.03.28 21:00:01 | 000,262,144 | ---- | C] ()(C:\Windows\SysWow64\???j) -- C:\Windows\SysWow64\ۯ气j
[2013.03.28 21:00:01 | 000,065,536 | -HS- | C] ()(C:\Windows\SysWow64\???j{477a15ac-97d4-11e2-9615-00248c947495}.TM.blf) -- C:\Windows\SysWow64\ۯ气j{477a15ac-97d4-11e2-9615-00248c947495}.TM.blf
[2013.03.28 21:00:01 | 000,005,120 | -H-- | M] ()(C:\Windows\SysWow64\???j.LOG1) -- C:\Windows\SysWow64\ۯ气j.LOG1
[2013.03.28 21:00:01 | 000,005,120 | -H-- | C] ()(C:\Windows\SysWow64\???j.LOG1) -- C:\Windows\SysWow64\ۯ气j.LOG1
[2013.03.28 21:00:01 | 000,000,000 | -H-- | M] ()(C:\Windows\SysWow64\???j.LOG2) -- C:\Windows\SysWow64\ۯ气j.LOG2
[2013.03.28 21:00:01 | 000,000,000 | -H-- | C] ()(C:\Windows\SysWow64\???j.LOG2) -- C:\Windows\SysWow64\ۯ气j.LOG2
[2013.03.04 14:44:03 | 000,262,144 | ---- | M] ()(C:\Windows\SysWow64\???s) -- C:\Windows\SysWow64\۸䶌s
[2013.03.04 14:44:02 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\???s{15c38fe8-84c7-11e2-bb4f-00248c947495}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\۸䶌s{15c38fe8-84c7-11e2-bb4f-00248c947495}.TMContainer00000000000000000002.regtrans-ms
[2013.03.04 14:44:02 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\???s{15c38fe8-84c7-11e2-bb4f-00248c947495}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\۸䶌s{15c38fe8-84c7-11e2-bb4f-00248c947495}.TMContainer00000000000000000001.regtrans-ms
[2013.03.04 14:44:02 | 000,065,536 | -HS- | M] ()(C:\Windows\SysWow64\???s{15c38fe8-84c7-11e2-bb4f-00248c947495}.TM.blf) -- C:\Windows\SysWow64\۸䶌s{15c38fe8-84c7-11e2-bb4f-00248c947495}.TM.blf
[2013.03.04 14:44:02 | 000,021,504 | -H-- | M] ()(C:\Windows\SysWow64\???s.LOG1) -- C:\Windows\SysWow64\۸䶌s.LOG1
[2013.03.04 14:37:04 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\???s{15c38fe8-84c7-11e2-bb4f-00248c947495}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\۸䶌s{15c38fe8-84c7-11e2-bb4f-00248c947495}.TMContainer00000000000000000002.regtrans-ms
[2013.03.04 14:37:03 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\???s{15c38fe8-84c7-11e2-bb4f-00248c947495}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\۸䶌s{15c38fe8-84c7-11e2-bb4f-00248c947495}.TMContainer00000000000000000001.regtrans-ms
[2013.03.04 14:37:02 | 000,065,536 | -HS- | C] ()(C:\Windows\SysWow64\???s{15c38fe8-84c7-11e2-bb4f-00248c947495}.TM.blf) -- C:\Windows\SysWow64\۸䶌s{15c38fe8-84c7-11e2-bb4f-00248c947495}.TM.blf
[2013.03.04 14:37:01 | 000,262,144 | ---- | C] ()(C:\Windows\SysWow64\???s) -- C:\Windows\SysWow64\۸䶌s
[2013.03.04 14:37:01 | 000,021,504 | -H-- | C] ()(C:\Windows\SysWow64\???s.LOG1) -- C:\Windows\SysWow64\۸䶌s.LOG1
[2013.03.04 14:37:01 | 000,000,000 | -H-- | M] ()(C:\Windows\SysWow64\???s.LOG2) -- C:\Windows\SysWow64\۸䶌s.LOG2
[2013.03.04 14:37:01 | 000,000,000 | -H-- | C] ()(C:\Windows\SysWow64\???s.LOG2) -- C:\Windows\SysWow64\۸䶌s.LOG2
[2013.01.28 21:04:59 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\???o{30ac5cfe-697b-11e2-becd-00248c947495}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\ۯ䩤o{30ac5cfe-697b-11e2-becd-00248c947495}.TMContainer00000000000000000002.regtrans-ms
[2013.01.28 21:04:59 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\???o{30ac5cfe-697b-11e2-becd-00248c947495}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\ۯ䩤o{30ac5cfe-697b-11e2-becd-00248c947495}.TMContainer00000000000000000001.regtrans-ms
[2013.01.28 21:04:59 | 000,065,536 | -HS- | M] ()(C:\Windows\SysWow64\???o{30ac5cfe-697b-11e2-becd-00248c947495}.TM.blf) -- C:\Windows\SysWow64\ۯ䩤o{30ac5cfe-697b-11e2-becd-00248c947495}.TM.blf
[2013.01.28 21:00:01 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\???o{30ac5cfe-697b-11e2-becd-00248c947495}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\ۯ䩤o{30ac5cfe-697b-11e2-becd-00248c947495}.TMContainer00000000000000000002.regtrans-ms
[2013.01.28 21:00:01 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\???o{30ac5cfe-697b-11e2-becd-00248c947495}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\ۯ䩤o{30ac5cfe-697b-11e2-becd-00248c947495}.TMContainer00000000000000000001.regtrans-ms
[2013.01.28 21:00:01 | 000,262,144 | ---- | M] ()(C:\Windows\SysWow64\???o) -- C:\Windows\SysWow64\ۯ䩤o
[2013.01.28 21:00:01 | 000,262,144 | ---- | C] ()(C:\Windows\SysWow64\???o) -- C:\Windows\SysWow64\ۯ䩤o
[2013.01.28 21:00:01 | 000,065,536 | -HS- | C] ()(C:\Windows\SysWow64\???o{30ac5cfe-697b-11e2-becd-00248c947495}.TM.blf) -- C:\Windows\SysWow64\ۯ䩤o{30ac5cfe-697b-11e2-becd-00248c947495}.TM.blf
[2013.01.28 21:00:01 | 000,005,120 | -H-- | M] ()(C:\Windows\SysWow64\???o.LOG1) -- C:\Windows\SysWow64\ۯ䩤o.LOG1
[2013.01.28 21:00:01 | 000,005,120 | -H-- | C] ()(C:\Windows\SysWow64\???o.LOG1) -- C:\Windows\SysWow64\ۯ䩤o.LOG1
[2013.01.28 21:00:01 | 000,000,000 | -H-- | M] ()(C:\Windows\SysWow64\???o.LOG2) -- C:\Windows\SysWow64\ۯ䩤o.LOG2
[2013.01.28 21:00:01 | 000,000,000 | -H-- | C] ()(C:\Windows\SysWow64\???o.LOG2) -- C:\Windows\SysWow64\ۯ䩤o.LOG2
[2012.12.28 21:03:14 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\???k{4aa0b641-5111-11e2-ab3a-00248c947495}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\ۧᫌk{4aa0b641-5111-11e2-ab3a-00248c947495}.TMContainer00000000000000000002.regtrans-ms
[2012.12.28 21:03:14 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\???k{4aa0b641-5111-11e2-ab3a-00248c947495}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\ۧᫌk{4aa0b641-5111-11e2-ab3a-00248c947495}.TMContainer00000000000000000001.regtrans-ms
[2012.12.28 21:03:14 | 000,262,144 | ---- | M] ()(C:\Windows\SysWow64\???k) -- C:\Windows\SysWow64\ۧᫌk
[2012.12.28 21:03:14 | 000,065,536 | -HS- | M] ()(C:\Windows\SysWow64\???k{4aa0b641-5111-11e2-ab3a-00248c947495}.TM.blf) -- C:\Windows\SysWow64\ۧᫌk{4aa0b641-5111-11e2-ab3a-00248c947495}.TM.blf
[2012.12.28 21:03:14 | 000,021,504 | -H-- | M] ()(C:\Windows\SysWow64\???k.LOG1) -- C:\Windows\SysWow64\ۧᫌk.LOG1
[2012.12.28 21:00:01 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\???k{4aa0b641-5111-11e2-ab3a-00248c947495}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\ۧᫌk{4aa0b641-5111-11e2-ab3a-00248c947495}.TMContainer00000000000000000002.regtrans-ms
[2012.12.28 21:00:01 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\???k{4aa0b641-5111-11e2-ab3a-00248c947495}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\ۧᫌk{4aa0b641-5111-11e2-ab3a-00248c947495}.TMContainer00000000000000000001.regtrans-ms
[2012.12.28 21:00:01 | 000,262,144 | ---- | C] ()(C:\Windows\SysWow64\???k) -- C:\Windows\SysWow64\ۧᫌk
[2012.12.28 21:00:01 | 000,065,536 | -HS- | C] ()(C:\Windows\SysWow64\???k{4aa0b641-5111-11e2-ab3a-00248c947495}.TM.blf) -- C:\Windows\SysWow64\ۧᫌk{4aa0b641-5111-11e2-ab3a-00248c947495}.TM.blf
[2012.12.28 21:00:01 | 000,021,504 | -H-- | C] ()(C:\Windows\SysWow64\???k.LOG1) -- C:\Windows\SysWow64\ۧᫌk.LOG1
[2012.12.28 21:00:01 | 000,000,000 | -H-- | M] ()(C:\Windows\SysWow64\???k.LOG2) -- C:\Windows\SysWow64\ۧᫌk.LOG2
[2012.12.28 21:00:01 | 000,000,000 | -H-- | C] ()(C:\Windows\SysWow64\???k.LOG2) -- C:\Windows\SysWow64\ۧᫌk.LOG2
[2012.11.28 21:06:01 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\???1{3475cd99-398c-11e2-914f-00248c947495}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\ۨ䟬1{3475cd99-398c-11e2-914f-00248c947495}.TMContainer00000000000000000002.regtrans-ms
[2012.11.28 21:06:01 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\???1{3475cd99-398c-11e2-914f-00248c947495}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\ۨ䟬1{3475cd99-398c-11e2-914f-00248c947495}.TMContainer00000000000000000001.regtrans-ms
[2012.11.28 21:06:01 | 000,262,144 | ---- | M] ()(C:\Windows\SysWow64\???1) -- C:\Windows\SysWow64\ۨ䟬1
[2012.11.28 21:06:01 | 000,065,536 | -HS- | M] ()(C:\Windows\SysWow64\???1{3475cd99-398c-11e2-914f-00248c947495}.TM.blf) -- C:\Windows\SysWow64\ۨ䟬1{3475cd99-398c-11e2-914f-00248c947495}.TM.blf
[2012.11.28 21:06:01 | 000,021,504 | -H-- | M] ()(C:\Windows\SysWow64\???1.LOG1) -- C:\Windows\SysWow64\ۨ䟬1.LOG1
[2012.11.28 21:00:01 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\???1{3475cd99-398c-11e2-914f-00248c947495}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\ۨ䟬1{3475cd99-398c-11e2-914f-00248c947495}.TMContainer00000000000000000002.regtrans-ms
[2012.11.28 21:00:01 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\???1{3475cd99-398c-11e2-914f-00248c947495}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\ۨ䟬1{3475cd99-398c-11e2-914f-00248c947495}.TMContainer00000000000000000001.regtrans-ms
[2012.11.28 21:00:01 | 000,262,144 | ---- | C] ()(C:\Windows\SysWow64\???1) -- C:\Windows\SysWow64\ۨ䟬1
[2012.11.28 21:00:01 | 000,065,536 | -HS- | C] ()(C:\Windows\SysWow64\???1{3475cd99-398c-11e2-914f-00248c947495}.TM.blf) -- C:\Windows\SysWow64\ۨ䟬1{3475cd99-398c-11e2-914f-00248c947495}.TM.blf
[2012.11.28 21:00:01 | 000,021,504 | -H-- | C] ()(C:\Windows\SysWow64\???1.LOG1) -- C:\Windows\SysWow64\ۨ䟬1.LOG1
[2012.11.28 21:00:01 | 000,000,000 | -H-- | M] ()(C:\Windows\SysWow64\???1.LOG2) -- C:\Windows\SysWow64\ۨ䟬1.LOG2
[2012.11.28 21:00:01 | 000,000,000 | -H-- | C] ()(C:\Windows\SysWow64\???1.LOG2) -- C:\Windows\SysWow64\ۨ䟬1.LOG2
[2012.10.28 21:03:16 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\???x{873a9f27-20e1-11e2-8514-00248c947495}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\ۧ堬x{873a9f27-20e1-11e2-8514-00248c947495}.TMContainer00000000000000000002.regtrans-ms
[2012.10.28 21:03:16 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\???x{873a9f27-20e1-11e2-8514-00248c947495}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\ۧ堬x{873a9f27-20e1-11e2-8514-00248c947495}.TMContainer00000000000000000001.regtrans-ms
[2012.10.28 21:03:16 | 000,262,144 | ---- | M] ()(C:\Windows\SysWow64\???x) -- C:\Windows\SysWow64\ۧ堬x
[2012.10.28 21:03:16 | 000,065,536 | -HS- | M] ()(C:\Windows\SysWow64\???x{873a9f27-20e1-11e2-8514-00248c947495}.TM.blf) -- C:\Windows\SysWow64\ۧ堬x{873a9f27-20e1-11e2-8514-00248c947495}.TM.blf
[2012.10.28 21:03:16 | 000,021,504 | -H-- | M] ()(C:\Windows\SysWow64\???x.LOG1) -- C:\Windows\SysWow64\ۧ堬x.LOG1
[2012.10.28 21:00:01 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\???x{873a9f27-20e1-11e2-8514-00248c947495}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\ۧ堬x{873a9f27-20e1-11e2-8514-00248c947495}.TMContainer00000000000000000002.regtrans-ms
[2012.10.28 21:00:01 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\???x{873a9f27-20e1-11e2-8514-00248c947495}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\ۧ堬x{873a9f27-20e1-11e2-8514-00248c947495}.TMContainer00000000000000000001.regtrans-ms
[2012.10.28 21:00:01 | 000,262,144 | ---- | C] ()(C:\Windows\SysWow64\???x) -- C:\Windows\SysWow64\ۧ堬x
[2012.10.28 21:00:01 | 000,065,536 | -HS- | C] ()(C:\Windows\SysWow64\???x{873a9f27-20e1-11e2-8514-00248c947495}.TM.blf) -- C:\Windows\SysWow64\ۧ堬x{873a9f27-20e1-11e2-8514-00248c947495}.TM.blf
[2012.10.28 21:00:01 | 000,021,504 | -H-- | C] ()(C:\Windows\SysWow64\???x.LOG1) -- C:\Windows\SysWow64\ۧ堬x.LOG1
[2012.10.28 21:00:01 | 000,000,000 | -H-- | M] ()(C:\Windows\SysWow64\???x.LOG2) -- C:\Windows\SysWow64\ۧ堬x.LOG2
[2012.10.28 21:00:01 | 000,000,000 | -H-- | C] ()(C:\Windows\SysWow64\???x.LOG2) -- C:\Windows\SysWow64\ۧ堬x.LOG2
[2012.10.09 19:56:34 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\???o{b544c7ce-1238-11e2-9ae1-00248c947495}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\وⵄo{b544c7ce-1238-11e2-9ae1-00248c947495}.TMContainer00000000000000000002.regtrans-ms
[2012.10.09 19:56:34 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\???o{b544c7ce-1238-11e2-9ae1-00248c947495}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\وⵄo{b544c7ce-1238-11e2-9ae1-00248c947495}.TMContainer00000000000000000001.regtrans-ms
[2012.10.09 19:56:34 | 000,262,144 | ---- | M] ()(C:\Windows\SysWow64\???o) -- C:\Windows\SysWow64\وⵄo
[2012.10.09 19:56:34 | 000,065,536 | -HS- | M] ()(C:\Windows\SysWow64\???o{b544c7ce-1238-11e2-9ae1-00248c947495}.TM.blf) -- C:\Windows\SysWow64\وⵄo{b544c7ce-1238-11e2-9ae1-00248c947495}.TM.blf
[2012.10.09 19:56:34 | 000,021,504 | -H-- | M] ()(C:\Windows\SysWow64\???o.LOG1) -- C:\Windows\SysWow64\وⵄo.LOG1
[2012.10.09 19:50:31 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\???o{b544c7ce-1238-11e2-9ae1-00248c947495}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\وⵄo{b544c7ce-1238-11e2-9ae1-00248c947495}.TMContainer00000000000000000002.regtrans-ms
[2012.10.09 19:50:31 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\???o{b544c7ce-1238-11e2-9ae1-00248c947495}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\وⵄo{b544c7ce-1238-11e2-9ae1-00248c947495}.TMContainer00000000000000000001.regtrans-ms
[2012.10.09 19:50:31 | 000,065,536 | -HS- | C] ()(C:\Windows\SysWow64\???o{b544c7ce-1238-11e2-9ae1-00248c947495}.TM.blf) -- C:\Windows\SysWow64\وⵄo{b544c7ce-1238-11e2-9ae1-00248c947495}.TM.blf
[2012.10.09 19:50:30 | 000,262,144 | ---- | C] ()(C:\Windows\SysWow64\???o) -- C:\Windows\SysWow64\وⵄo
[2012.10.09 19:50:30 | 000,021,504 | -H-- | C] ()(C:\Windows\SysWow64\???o.LOG1) -- C:\Windows\SysWow64\وⵄo.LOG1
[2012.10.09 19:50:30 | 000,000,000 | -H-- | M] ()(C:\Windows\SysWow64\???o.LOG2) -- C:\Windows\SysWow64\وⵄo.LOG2
[2012.10.09 19:50:30 | 000,000,000 | -H-- | C] ()(C:\Windows\SysWow64\???o.LOG2) -- C:\Windows\SysWow64\وⵄo.LOG2
[2012.08.28 22:59:35 | 000,262,144 | ---- | M] ()(C:\Windows\SysWow64\???-) -- C:\Windows\SysWow64\ي釔-
[2012.08.28 22:59:34 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\???-{a6ed2eed-f151-11e1-9a58-00248c947495}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\ي釔-{a6ed2eed-f151-11e1-9a58-00248c947495}.TMContainer00000000000000000002.regtrans-ms
[2012.08.28 22:59:34 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\???-{a6ed2eed-f151-11e1-9a58-00248c947495}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\ي釔-{a6ed2eed-f151-11e1-9a58-00248c947495}.TMContainer00000000000000000001.regtrans-ms
[2012.08.28 22:59:34 | 000,065,536 | -HS- | M] ()(C:\Windows\SysWow64\???-{a6ed2eed-f151-11e1-9a58-00248c947495}.TM.blf) -- C:\Windows\SysWow64\ي釔-{a6ed2eed-f151-11e1-9a58-00248c947495}.TM.blf
[2012.08.28 22:59:34 | 000,021,504 | -H-- | M] ()(C:\Windows\SysWow64\???-.LOG1) -- C:\Windows\SysWow64\ي釔-.LOG1
[2012.08.28 22:55:54 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\???-{a6ed2eed-f151-11e1-9a58-00248c947495}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\ي釔-{a6ed2eed-f151-11e1-9a58-00248c947495}.TMContainer00000000000000000002.regtrans-ms
[2012.08.28 22:55:54 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\???-{a6ed2eed-f151-11e1-9a58-00248c947495}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\ي釔-{a6ed2eed-f151-11e1-9a58-00248c947495}.TMContainer00000000000000000001.regtrans-ms
[2012.08.28 22:55:54 | 000,262,144 | ---- | C] ()(C:\Windows\SysWow64\???-) -- C:\Windows\SysWow64\ي釔-
[2012.08.28 22:55:54 | 000,065,536 | -HS- | C] ()(C:\Windows\SysWow64\???-{a6ed2eed-f151-11e1-9a58-00248c947495}.TM.blf) -- C:\Windows\SysWow64\ي釔-{a6ed2eed-f151-11e1-9a58-00248c947495}.TM.blf
[2012.08.28 22:55:54 | 000,021,504 | -H-- | C] ()(C:\Windows\SysWow64\???-.LOG1) -- C:\Windows\SysWow64\ي釔-.LOG1
[2012.08.28 22:55:54 | 000,000,000 | -H-- | M] ()(C:\Windows\SysWow64\???-.LOG2) -- C:\Windows\SysWow64\ي釔-.LOG2
[2012.08.28 22:55:54 | 000,000,000 | -H-- | C] ()(C:\Windows\SysWow64\???-.LOG2) -- C:\Windows\SysWow64\ي釔-.LOG2
[2012.07.28 22:55:17 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\???h{6876e6df-d749-11e1-a632-00248c947495}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\ى㟬h{6876e6df-d749-11e1-a632-00248c947495}.TMContainer00000000000000000002.regtrans-ms
[2012.07.28 22:55:17 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\???h{6876e6df-d749-11e1-a632-00248c947495}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\ى㟬h{6876e6df-d749-11e1-a632-00248c947495}.TMContainer00000000000000000001.regtrans-ms
[2012.07.28 22:55:17 | 000,262,144 | ---- | M] ()(C:\Windows\SysWow64\???h) -- C:\Windows\SysWow64\ى㟬h
[2012.07.28 22:55:17 | 000,065,536 | -HS- | M] ()(C:\Windows\SysWow64\???h{6876e6df-d749-11e1-a632-00248c947495}.TM.blf) -- C:\Windows\SysWow64\ى㟬h{6876e6df-d749-11e1-a632-00248c947495}.TM.blf
[2012.07.28 22:55:17 | 000,021,504 | -H-- | M] ()(C:\Windows\SysWow64\???h.LOG1) -- C:\Windows\SysWow64\ى㟬h.LOG1
[2012.07.28 22:52:52 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\???h{6876e6df-d749-11e1-a632-00248c947495}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\ى㟬h{6876e6df-d749-11e1-a632-00248c947495}.TMContainer00000000000000000002.regtrans-ms
[2012.07.28 22:52:52 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\???h{6876e6df-d749-11e1-a632-00248c947495}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\ى㟬h{6876e6df-d749-11e1-a632-00248c947495}.TMContainer00000000000000000001.regtrans-ms
[2012.07.28 22:52:52 | 000,262,144 | ---- | C] ()(C:\Windows\SysWow64\???h) -- C:\Windows\SysWow64\ى㟬h
[2012.07.28 22:52:52 | 000,065,536 | -HS- | C] ()(C:\Windows\SysWow64\???h{6876e6df-d749-11e1-a632-00248c947495}.TM.blf) -- C:\Windows\SysWow64\ى㟬h{6876e6df-d749-11e1-a632-00248c947495}.TM.blf
[2012.07.28 22:52:52 | 000,021,504 | -H-- | C] ()(C:\Windows\SysWow64\???h.LOG1) -- C:\Windows\SysWow64\ى㟬h.LOG1
[2012.07.28 22:52:52 | 000,000,000 | -H-- | M] ()(C:\Windows\SysWow64\???h.LOG2) -- C:\Windows\SysWow64\ى㟬h.LOG2
[2012.07.28 22:52:52 | 000,000,000 | -H-- | C] ()(C:\Windows\SysWow64\???h.LOG2) -- C:\Windows\SysWow64\ى㟬h.LOG2
[2012.06.28 20:03:09 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\??¬d{101a5f47-bb85-11e1-9ef8-00248c947495}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\ڝ¬d{101a5f47-bb85-11e1-9ef8-00248c947495}.TMContainer00000000000000000002.regtrans-ms
[2012.06.28 20:03:09 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\??¬d{101a5f47-bb85-11e1-9ef8-00248c947495}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\ڝ¬d{101a5f47-bb85-11e1-9ef8-00248c947495}.TMContainer00000000000000000001.regtrans-ms
[2012.06.28 20:03:09 | 000,065,536 | -HS- | M] ()(C:\Windows\SysWow64\??¬d{101a5f47-bb85-11e1-9ef8-00248c947495}.TM.blf) -- C:\Windows\SysWow64\ڝ¬d{101a5f47-bb85-11e1-9ef8-00248c947495}.TM.blf
[2012.06.28 20:00:01 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\??¬d{101a5f47-bb85-11e1-9ef8-00248c947495}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\ڝ¬d{101a5f47-bb85-11e1-9ef8-00248c947495}.TMContainer00000000000000000002.regtrans-ms
[2012.06.28 20:00:01 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\??¬d{101a5f47-bb85-11e1-9ef8-00248c947495}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\ڝ¬d{101a5f47-bb85-11e1-9ef8-00248c947495}.TMContainer00000000000000000001.regtrans-ms
[2012.06.28 20:00:01 | 000,262,144 | ---- | M] ()(C:\Windows\SysWow64\??¬d) -- C:\Windows\SysWow64\ڝ¬d
[2012.06.28 20:00:01 | 000,262,144 | ---- | C] ()(C:\Windows\SysWow64\??¬d) -- C:\Windows\SysWow64\ڝ¬d
[2012.06.28 20:00:01 | 000,065,536 | -HS- | C] ()(C:\Windows\SysWow64\??¬d{101a5f47-bb85-11e1-9ef8-00248c947495}.TM.blf) -- C:\Windows\SysWow64\ڝ¬d{101a5f47-bb85-11e1-9ef8-00248c947495}.TM.blf
[2012.06.28 20:00:01 | 000,005,120 | -H-- | M] ()(C:\Windows\SysWow64\??¬d.LOG1) -- C:\Windows\SysWow64\ڝ¬d.LOG1
[2012.06.28 20:00:01 | 000,005,120 | -H-- | C] ()(C:\Windows\SysWow64\??¬d.LOG1) -- C:\Windows\SysWow64\ڝ¬d.LOG1
[2012.06.28 20:00:01 | 000,000,000 | -H-- | M] ()(C:\Windows\SysWow64\??¬d.LOG2) -- C:\Windows\SysWow64\ڝ¬d.LOG2
[2012.06.28 20:00:01 | 000,000,000 | -H-- | C] ()(C:\Windows\SysWow64\??¬d.LOG2) -- C:\Windows\SysWow64\ڝ¬d.LOG2
[2012.05.28 20:03:46 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\???9{1fe6f2b5-a7cd-11e1-84fa-00248c947495}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\ؽ䠌9{1fe6f2b5-a7cd-11e1-84fa-00248c947495}.TMContainer00000000000000000002.regtrans-ms
[2012.05.28 20:03:46 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\???9{1fe6f2b5-a7cd-11e1-84fa-00248c947495}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\ؽ䠌9{1fe6f2b5-a7cd-11e1-84fa-00248c947495}.TMContainer00000000000000000001.regtrans-ms
[2012.05.28 20:03:46 | 000,262,144 | ---- | M] ()(C:\Windows\SysWow64\???9) -- C:\Windows\SysWow64\ؽ䠌9
[2012.05.28 20:03:46 | 000,065,536 | -HS- | M] ()(C:\Windows\SysWow64\???9{1fe6f2b5-a7cd-11e1-84fa-00248c947495}.TM.blf) -- C:\Windows\SysWow64\ؽ䠌9{1fe6f2b5-a7cd-11e1-84fa-00248c947495}.TM.blf
[2012.05.28 20:03:46 | 000,021,504 | -H-- | M] ()(C:\Windows\SysWow64\???9.LOG1) -- C:\Windows\SysWow64\ؽ䠌9.LOG1
[2012.05.28 20:00:02 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\???9{1fe6f2b5-a7cd-11e1-84fa-00248c947495}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\ؽ䠌9{1fe6f2b5-a7cd-11e1-84fa-00248c947495}.TMContainer00000000000000000002.regtrans-ms
[2012.05.28 20:00:02 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\???9{1fe6f2b5-a7cd-11e1-84fa-00248c947495}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\ؽ䠌9{1fe6f2b5-a7cd-11e1-84fa-00248c947495}.TMContainer00000000000000000001.regtrans-ms
[2012.05.28 20:00:02 | 000,262,144 | ---- | C] ()(C:\Windows\SysWow64\???9) -- C:\Windows\SysWow64\ؽ䠌9
[2012.05.28 20:00:02 | 000,065,536 | -HS- | C] ()(C:\Windows\SysWow64\???9{1fe6f2b5-a7cd-11e1-84fa-00248c947495}.TM.blf) -- C:\Windows\SysWow64\ؽ䠌9{1fe6f2b5-a7cd-11e1-84fa-00248c947495}.TM.blf
[2012.05.28 20:00:02 | 000,021,504 | -H-- | C] ()(C:\Windows\SysWow64\???9.LOG1) -- C:\Windows\SysWow64\ؽ䠌9.LOG1
[2012.05.28 20:00:02 | 000,000,000 | -H-- | M] ()(C:\Windows\SysWow64\???9.LOG2) -- C:\Windows\SysWow64\ؽ䠌9.LOG2
[2012.05.28 20:00:02 | 000,000,000 | -H-- | C] ()(C:\Windows\SysWow64\???9.LOG2) -- C:\Windows\SysWow64\ؽ䠌9.LOG2
[2012.04.28 20:03:31 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\???e{7d71b8d9-910d-11e1-b11f-00248c947495}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\ۼ䭴e{7d71b8d9-910d-11e1-b11f-00248c947495}.TMContainer00000000000000000002.regtrans-ms
[2012.04.28 20:03:31 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\???e{7d71b8d9-910d-11e1-b11f-00248c947495}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\ۼ䭴e{7d71b8d9-910d-11e1-b11f-00248c947495}.TMContainer00000000000000000001.regtrans-ms
[2012.04.28 20:03:31 | 000,262,144 | ---- | M] ()(C:\Windows\SysWow64\???e) -- C:\Windows\SysWow64\ۼ䭴e
[2012.04.28 20:03:31 | 000,065,536 | -HS- | M] ()(C:\Windows\SysWow64\???e{7d71b8d9-910d-11e1-b11f-00248c947495}.TM.blf) -- C:\Windows\SysWow64\ۼ䭴e{7d71b8d9-910d-11e1-b11f-00248c947495}.TM.blf
[2012.04.28 20:03:31 | 000,021,504 | -H-- | M] ()(C:\Windows\SysWow64\???e.LOG1) -- C:\Windows\SysWow64\ۼ䭴e.LOG1
[2012.04.28 20:00:01 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\???e{7d71b8d9-910d-11e1-b11f-00248c947495}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\ۼ䭴e{7d71b8d9-910d-11e1-b11f-00248c947495}.TMContainer00000000000000000002.regtrans-ms
[2012.04.28 20:00:01 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\???e{7d71b8d9-910d-11e1-b11f-00248c947495}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\ۼ䭴e{7d71b8d9-910d-11e1-b11f-00248c947495}.TMContainer00000000000000000001.regtrans-ms
[2012.04.28 20:00:01 | 000,262,144 | ---- | C] ()(C:\Windows\SysWow64\???e) -- C:\Windows\SysWow64\ۼ䭴e
[2012.04.28 20:00:01 | 000,065,536 | -HS- | C] ()(C:\Windows\SysWow64\???e{7d71b8d9-910d-11e1-b11f-00248c947495}.TM.blf) -- C:\Windows\SysWow64\ۼ䭴e{7d71b8d9-910d-11e1-b11f-00248c947495}.TM.blf
[2012.04.28 20:00:01 | 000,021,504 | -H-- | C] ()(C:\Windows\SysWow64\???e.LOG1) -- C:\Windows\SysWow64\ۼ䭴e.LOG1
[2012.04.28 20:00:01 | 000,000,000 | -H-- | M] ()(C:\Windows\SysWow64\???e.LOG2) -- C:\Windows\SysWow64\ۼ䭴e.LOG2
[2012.04.28 20:00:01 | 000,000,000 | -H-- | C] ()(C:\Windows\SysWow64\???e.LOG2) -- C:\Windows\SysWow64\ۼ䭴e.LOG2
[2010.09.03 22:06:26 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\???a{4d77bb25-b787-11df-aa64-00248c947495}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\٥㏤a{4d77bb25-b787-11df-aa64-00248c947495}.TMContainer00000000000000000002.regtrans-ms
[2010.09.03 22:06:26 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\???a{4d77bb25-b787-11df-aa64-00248c947495}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\٥㏤a{4d77bb25-b787-11df-aa64-00248c947495}.TMContainer00000000000000000001.regtrans-ms
[2010.09.03 22:06:26 | 000,065,536 | -HS- | M] ()(C:\Windows\SysWow64\???a{4d77bb25-b787-11df-aa64-00248c947495}.TM.blf) -- C:\Windows\SysWow64\٥㏤a{4d77bb25-b787-11df-aa64-00248c947495}.TM.blf
[2010.09.03 22:02:22 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\???a{4d77bb25-b787-11df-aa64-00248c947495}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\٥㏤a{4d77bb25-b787-11df-aa64-00248c947495}.TMContainer00000000000000000002.regtrans-ms
[2010.09.03 22:02:22 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\???a{4d77bb25-b787-11df-aa64-00248c947495}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\٥㏤a{4d77bb25-b787-11df-aa64-00248c947495}.TMContainer00000000000000000001.regtrans-ms
[2010.09.03 22:02:22 | 000,262,144 | ---- | M] ()(C:\Windows\SysWow64\???a) -- C:\Windows\SysWow64\٥㏤a
[2010.09.03 22:02:22 | 000,262,144 | ---- | C] ()(C:\Windows\SysWow64\???a) -- C:\Windows\SysWow64\٥㏤a
[2010.09.03 22:02:22 | 000,065,536 | -HS- | C] ()(C:\Windows\SysWow64\???a{4d77bb25-b787-11df-aa64-00248c947495}.TM.blf) -- C:\Windows\SysWow64\٥㏤a{4d77bb25-b787-11df-aa64-00248c947495}.TM.blf
[2010.09.03 22:02:22 | 000,005,120 | -H-- | M] ()(C:\Windows\SysWow64\???a.LOG1) -- C:\Windows\SysWow64\٥㏤a.LOG1
[2010.09.03 22:02:22 | 000,005,120 | -H-- | C] ()(C:\Windows\SysWow64\???a.LOG1) -- C:\Windows\SysWow64\٥㏤a.LOG1
[2010.09.03 22:02:22 | 000,000,000 | -H-- | M] ()(C:\Windows\SysWow64\???a.LOG2) -- C:\Windows\SysWow64\٥㏤a.LOG2
[2010.09.03 22:02:22 | 000,000,000 | -H-- | C] ()(C:\Windows\SysWow64\???a.LOG2) -- C:\Windows\SysWow64\٥㏤a.LOG2
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:A064CECC
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:41ADDB8A

< End of report >
--- --- ---

[/CODE]

Hallo an Team,

habe ich etwas vergessen? Befindet sich mein Post in der Bearbeitung? Ich fragen nur deshalb

Schritt 1 mit Run defogger war für mich Problem bedingt nicht möglich.

Das eine Antwort war von mir selbst, da ich mein Post aufgrund zu viele Text Zeichen eben splitten müsste.

Es genügt mir ja, wenn ich weiß, dass jemand von euch dran ist.

Vielen Dank im Voraus.

Gruß
romulus

t'john 06.05.2013 11:44
:hallo:

Erstelle zuerst auf einem Zweitrechner das Fixskript:
  • Drücke dazu bitte die http://larusso.trojaner-board.de/Images/windows.jpg + R Taste, schreibe "notepad" in das Ausführen Fenster und drücke OK.
  • Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument:
    (Wichtig: Falls du deinen Benutzernamen im Log unkenntlich gemacht hast (z.B. durch ***), dann mach das hier wieder rückgängig.)
    Code:
    :OTL

    FF - prefs.js..network.proxy.http: "93.174.93.98"
    FF - prefs.js..network.proxy.http_port: 80
    O20 - HKU\S-1-5-21-3381971859-1467835855-1895993161-1000 Winlogon: Shell - (C:\Users\Tkhoygan\AppData\Roaming\skype.dat) - C:\Users\Tkhoygan\AppData\Roaming\skype.dat ()
    @Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:A064CECC
    @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:41ADDB8A
    [2013.05.03 23:44:14 | 000,000,004 | ---- | M] () -- C:\Users\Tkhoygan\AppData\Roaming\skype.ini
    [2012.07.02 18:49:37 | 004,503,728 | ---- | C] () -- C:\ProgramData\l_u0_0.pad
    [2012.01.12 20:53:13 | 000,098,304 | ---- | C] () -- C:\Users\Tkhoygan\AppData\Roaming\skype.dat
    [2011.11.18 22:55:05 | 000,002,048 | -HS- | M] () -- C:\Users\Tkhoygan\AppData\Local\{f2480897-07a5-5235-fec4-f4d3c6b3659c}\@
    [2011.11.18 22:55:05 | 000,000,000 | -HSD | M] -- C:\Users\Tkhoygan\AppData\Local\{f2480897-07a5-5235-fec4-f4d3c6b3659c}\L
    [2011.11.18 22:55:05 | 000,000,000 | -HSD | M] -- C:\Users\Tkhoygan\AppData\Local\{f2480897-07a5-5235-fec4-f4d3c6b3659c}\U

    :Files
    C:\ProgramData\*.exe
    C:\ProgramData\*.dll
    C:\ProgramData\*.tmp
    C:\ProgramData\TEMP
    C:\Users\Tkhoygan\*.tmp
    C:\Users\Tkhoygan\AppData\*.dll
    C:\Users\Tkhoygan\AppData\*.exe
    C:\Users\Tkhoygan\AppData\Local\Temp\*.exe
    C:\Users\Tkhoygan\AppData\LocalLow\Sun\Java\Deployment\cache
    ipconfig /flushdns /c
    :Commands
    [emptytemp]
  • Speichere dann die Datei als fix.txt auf den USB-Stick, wo die OTL.exe liegt.

Danach führe folgendermassen den Fix aus:
  • Schliesse den USB-Stick wieder an den infizierten Rechner an und starte diesen in den abgesicherten Modus mit Eingabeaufforderung.
  • Gib nun bitte folgenden Befehl in die Kommandozeile ein und drücke Enter:
    e:\OTL.exe
    Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks. Wenn es bei dir ein anderer Buchstabe ist, dann passe den Befehl entsprechend an.
    Es sollte sich nun das Fenster von OTL öffnen.
  • Klicke auf den Fix Button.
  • Drücke dann OK, um den Fix von einem File zu laden.
  • Wähle die erstellte fix.txt auf dem USB-Stick aus. Ihr Inhalt wird in die Textbox eingefügt.
  • Klicke nun erneut auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Diesen bitte zulassen.
  • Nach einem Neustart versuche wieder in den normalen Modus zu booten.
  • Auf deinem USB-Stick sollte im Ordner _OTL ein Log-File (\_OTL\MovedFiles\<time_date>.txt) erstellt worden sein.
  • Kopiere nun dessen Inhalt hier in deinen Thread.



dann:

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers



dann:

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

romulus 06.05.2013 19:48
Die logs anbei
 
Hallo T'John,

vielen lieben dank, dass Du Dir die Sache angenommen hast.
Die Log-Dateien habe ich Dir als *.txt beigefügt.

Ich gebe zu, dass ich gegen eines der Regeln verstoßen habe und entschuldige mich sehr für dieses notgedrungene Verhalten. Mein PC verwende ich ebenso Beruflich und müsste mit den Zugang zu eine nicht abgeschlossene Präsentation verschaffen.

Was genau ich getan habe?
Ich habe mir den Zugang zu meinem Rechnen dank viele nützliche Beiträge hier im Forum verschaffen können. Den Defogger aktiviert und danach mit Malwarebytes Anti-Malware und den Malwarebytes Anti-Rootkits die Bocker-Schädlinge entfernt. Ich mich nun wieder normal anmelden. Die Ergebnisse liegen bei.
Adwarecleaner ist ohne Abstürze gelaufen (siehe Log-Dateien) Ein System neu start war nicht notwendig. Dann mit dem CC-Cleaner mal überschüssiges entsorgt 2x Ausgeführt beim zweiten Durchlauf gab es keine Überreste mehr.

Finale Untersuchung war Eset Online Checkup gemäß Euere Anweisungen mit ausgeschaltetem Firewall und VS. Log-File ist beigefügt.

Iframe.B.Gen virus + ScrInject.B.Gen virus (in der G-Data Trash-Store)
C:\Users\Tkhoygan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\16e77edf-4056b2f1 a variant of Java/Exploit.CVE-2013-2423.Q trojan
C:\Users\Tkhoygan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\7f98637e-56cc94ff multiple threats

Ich habe alle Java Programme deinstalliert. Ich frage mich, weshalb G-Data versagt hat, der Scanner ist eigentlich nicht schlecht.

Ich kann nicht abschätzen, ob Du gewollt bis mir dennoch Deine Unterstützung zu geben um mein PC wieder sauber und nachhaltig gut abgesichert zu bekommen. Ich für meinen Teil werde Euch mit eine wohlverdiente Spende unterstützen. Entgegen viele inkompetente Tipps die im Web kursieren ist dieses Forum die ADAC für PC's.

Ich bin so schwer glücklich, dass mir eine komplette Neuinstallation erspart geblieben ist.

:dankeschoen: und :party:

t'john 06.05.2013 19:52
OK

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



dann:

Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

romulus 10.05.2013 21:58
Hi,

vielen Dank für Deine Hilfe und die entgegengebrachte Geduld. Endlich habe ich heute Abend etwas Zeit für das Wesentliche finden können.

Anbei die Scan Ergebnisse:

aswMBR - Siehe Anlage aswMBR.txt

security Check
Code:
Results of screen317's Security Check version 0.99.63 
 Windows Vista Service Pack 2 x64 (UAC is enabled) 
 Internet Explorer 9 
``````````````Antivirus/Firewall Check:``````````````
G Data TotalCare 2012 
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 TuneUp Utilities 2012 
 TuneUp Utilities Language Pack (de-DE)
 Driver Cleaner.NET   
 Adobe Flash Player        11.7.700.169 
 Adobe Reader 10.1.6 Adobe Reader out of Date! 
 Mozilla Firefox (20.0.1)
 Google Chrome 26.0.1410.43 
 Google Chrome 26.0.1410.64 
 Google Chrome Plugins... 
````````Process Check: objlist.exe by Laurent```````` 
 G Data TotalCare Firewall GDFwSvcx64.exe
 G Data TotalCare Firewall GDFirewallTray.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````
Den Adobe Reader werde ich wohl auffrischen müssen.

Vielen Dank im Voraus für die Analyse und Deine Rückmeldung.

Beste Grüße
romulus

t'john 10.05.2013 23:17
Aktualisiere:

Adobe Reader: Adobe Reader - Download - Filepony (Alternativen: PDF Tools)
Hinweis: Registry Cleaner

Ich sehe, dass du sogenannte Registry Cleaner installiert hast.
In deinem Fall TuneUp Utilities 2012.

Wir raten von der Verwendung jeglicher Art von Registry Cleaner ab.

Der Grund ist ganz einfach:
Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich.
Man sollte nicht unnötigerweise an der Registry rumbasteln. Schon ein kleiner Fehler kann gravierende Folgen haben und auch Programme machen manchmal Fehler.
Zerstörst du die Registry, zerstörst du Windows.

Zudem ist der Nutzen zur Performancesteigerung umstritten und meist kaum im wahrnehmbaren Bereich.

Ich würde dir empfehlen, Registry Cleaner nicht weiterhin zu verwenden und über
Start --> Systemsteuerung --> Software (bei Windows XP)
Start --> Systemsteuerung --> Programme und Funktionen (bei Vista / Win 7)
zu deinstallieren.




Java aktualisieren

Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
  • Downloade dir bitte die neueste Java-Version von hier
  • Speichere die .exe-Datei
  • Schließe alle laufenden Programme. Speziell deinen Browser.
  • Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 21 ) herunter laden.
  • Wenn die Installation beendet wurde
    Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
  • Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.
Nach dem Neustart
  • Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
  • Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
  • Klicke auf Dateien löschen....
  • Gehe sicher das überall ein Hacken gesetzt ist und klicke OK.
  • Klicke erneut OK.


Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html

Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: PluginCheck



Java deaktivieren

Aufgrund derezeitigen Sicherheitsluecke:

http://www.trojaner-board.de/122961-...ktivieren.html

Danach poste mir (kopieren und einfuegen), was du hier angezeigt bekommst: PluginCheck

romulus 13.05.2013 19:21
Hallo t'John,

ich habe deine Anweisungen befolgt und Java (64 bit) installiert und System neu gestartet - die älteren Versionen waren bereits zuvor deinstalliert.

Nach dem Neustart im Systemsteuerung den Java Symbol geklickt und folgende Fehlermeldung erhalten:

Java(TM) Platform SE binary funktioniert nicht mehr

Das Programm wird aufgrund eines Problems nicht richtig ausgeführt. Das Programm wird geschlossen und Sie werden benachrichtigt, wenn eine Lösung verfügbar ist.

Seltsame Meldung, wer möchte mich auf welchem Wege benachrichtigen? Wie auch immer. Normale weise würde ich das Programm wieder Deinstallieren und erneut Installieren. Vorschläge?

Vielen Dank im Voraus.

Gruß,
romulus

t'john 13.05.2013 20:43
Zitat:
Seltsame Meldung, wer möchte mich auf welchem Wege benachrichtigen? Wie auch immer. Normale weise würde ich das Programm wieder Deinstallieren und erneut Installieren. Vorschläge?
Diese Meldung kannst du ignorieren, die ist standard.

Deine Vorgehensweise ist gut.
Probiers aus.


Sehr gut! :daumenhoc

damit bist Du sauber und entlassen! :)

adwCleaner entfernen

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Uninstall.
  • Bestätige mit Ja.




Tool-Bereinigung
Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.




Zurücksetzen der Sicherheitszonen

Lasse die Sicherheitszonen wieder zurücksetzen, da diese manipuliert wurden um den Browser für weitere Angriffe zu öffnen.
Gehe dabei so vor: http://www.trojaner-board.de/111805-...ecksetzen.html


Systemwiederherstellungen leeren

Damit der Rechner nicht mit einer infizierten Systemwiederherstellung erneut infiziert werden kann, muessen wir diese leeren. Dazu schalten wir sie einmal aus und dann wieder ein:
Systemwiederherstellung deaktivieren Tutorial fuer Windows XP, Windows Vista, Windows 7
Danach wieder aktivieren.



Lektuere zum abarbeiten:
http://www.trojaner-board.de/90880-d...tallation.html
http://www.trojaner-board.de/105213-...tellungen.html
PluginCheck
http://www.trojaner-board.de/96344-a...-rechners.html
Secunia Online Software Inspector
http://www.trojaner-board.de/71715-k...iendungen.html
http://www.trojaner-board.de/83238-a...sschalten.html
http://www.trojaner-board.de/109844-...ren-seite.html
PC wird immer langsamer - was tun?

t'john 07.07.2013 11:06
Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html


Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.


Alle Zeitangaben in WEZ +1. Es ist jetzt 10:13 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131