| |
| |||||||
Log-Analyse und Auswertung: Start Windows 7 white Screen dann leerer Desktop abgesichterer Modus geht normalWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
05.08.2012, 14:05
| #1 |
| |  Start Windows 7 white Screen dann leerer Desktop abgesichterer Modus geht normal Hallo ich bin neu hier und hab halt ein Problem und wollte hier um Hilfe bitten, Ich hab Windows 7 und als ich gestern im Netz war kam ein White Screen danach schaltete er sich automatisch ab. Beim neustarten konnte ich mich ganz normal einloggen doch dann kam der Whitescreen und eine Meldung danach kommt aber immer der Leerer Desktop, Task Manager geht Abgesichter Modus geht so ein Thred gibt es scho hier zb . http://www.trojaner-board.de/120788-...-anzeigen.html doch ich hab alles nachgemacht komm aber nicht bei der Box weiter was ich da halt fixen muss . Ich hab jetzt alles mal gescant und hab 2 Sachen erhalten : Einmal OTL.txt : OTL Logfile: Code:
ATTFilter OTL logfile created on: 8/5/2012 2:38:51 PM - Run 1 OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Hasan\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 3.98 Gb Total Physical Memory | 2.92 Gb Available Physical Memory | 73.46% Memory free 7.96 Gb Paging File | 6.93 Gb Available in Paging File | 87.04% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 919.26 Gb Total Space | 829.24 Gb Free Space | 90.21% Space Free | Partition Type: NTFS Drive D: | 12.16 Gb Total Space | 1.49 Gb Free Space | 12.28% Space Free | Partition Type: NTFS Drive E: | 4.38 Gb Total Space | 4.24 Gb Free Space | 96.96% Space Free | Partition Type: UDF Drive J: | 1.58 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: HASAN-HP | User Name: Hasan | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Hasan\Desktop\OTL.exe (OldTimer Tools) ========== Modules (No Company Name) ========== MOD - C:\Users\Hasan\AppData\Local\Google\Chrome\USERDA~1\Default\EXTENS~1\DHKPLH~1\1.7_0\BABYLO~1.DLL () MOD - C:\Users\Hasan\AppData\Roaming\BabylonToolbar\CR\BUSolution.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\STacSV64.exe (IDT, Inc.) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (HPAuto) -- C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe (Hewlett-Packard) SRV:64bit: - (HPClientSvc) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV:64bit: - (AESTFilters) -- C:\Program Files\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation) SRV - (syshost32) -- C:\Windows\Installer\{8A1CE765-70F9-308B-172E-191DF63D1250}\syshost.exe (Samsung) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (Hewlett-Packard Company) SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (VCam_WDM) -- C:\Windows\SysNative\drivers\VCam_WDM.sys (e2eSoft) DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (mcaudrv_simple) -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys (ManyCam LLC) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (ManyCam) -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys (ManyCam LLC) DRV:64bit: - (pmxdrv) -- C:\Windows\SysNative\drivers\pmxdrv.sys () DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation) DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation) DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation) DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation) DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.) DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (tixhci) -- C:\Windows\SysNative\drivers\tixhci.sys (Texas Instruments Incorporated) DRV:64bit: - (tihub3) -- C:\Windows\SysNative\drivers\tihub3.sys (Texas Instruments Incorporated) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (OxSer) -- C:\Windows\SysNative\drivers\OxSer.sys (OEM) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (V0330VID) -- C:\Windows\SysNative\drivers\V0330Vid.sys (Creative Technology Ltd.) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (PCWinSoft) -- C:\Windows\SysNative\drivers\scrcamlrdrv_x64.sys (Windows (R) Server 2003 DDK provider) DRV:64bit: - (mcdbus) -- C:\Windows\SysNative\drivers\mcdbus.sys (MagicISO, Inc.) DRV:64bit: - (OxPPort) -- C:\Windows\SysNative\drivers\OxPPort.sys (OEM) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (mcdbus) -- C:\Windows\SysWOW64\drivers\mcdbus.sys (MagicISO, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/28 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/28 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CMDTDF IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMDTDF IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-5/4?satitle={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{F625FDB0-9AA1-4969-B902-A345E6A8D8CE}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/28 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/28 IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CMDTDF IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMDTDF IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-5/4?satitle={searchTerms} IE - HKLM\..\SearchScopes\{F625FDB0-9AA1-4969-B902-A345E6A8D8CE}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/28 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=112542&tt=010812_hplgoff_3112_1&babsrc=HP_ss&mntrId=96ad0afd000000000000386077b87e7b IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=112542&tt=010812_hplgoff_3112_1&babsrc=SP_ss&mntrId=96ad0afd000000000000386077b87e7b IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMDTDF IE - HKCU\..\SearchScopes\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD}: "URL" = hxxp://eu.ask.com/web?l=dis&o=APN10630&gct=sb&qsrc=2869&apn_dtid=^YYYYYY^YY^AT&apn_ptnrs=^AE2&apn_uid=0325063925894589&p2=^AE2^YYYYYY^YY^AT&q={searchTerms} IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-5/4?satitle={searchTerms} IE - HKCU\..\SearchScopes\{F625FDB0-9AA1-4969-B902-A345E6A8D8CE}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)" FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/?affID=112542&tt=010812_hplgoff_3112_1&babsrc=HP_ss&mntrId=96ad0afd000000000000386077b87e7b" FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?affID=112542&tt=010812_hplgoff_3112_1&babsrc=KW_ss&mntrId=96ad0afd000000000000386077b87e7b&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Hasan\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/21 23:47:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/05/15 18:41:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hasan\AppData\Roaming\mozilla\Extensions [2012/08/02 01:15:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hasan\AppData\Roaming\mozilla\Firefox\Profiles\b0ehi8gq.default\extensions [2012/07/16 21:24:01 | 000,000,000 | ---D | M] (Search Results Toolbar) -- C:\Users\Hasan\AppData\Roaming\mozilla\Firefox\Profiles\b0ehi8gq.default\extensions\{6f895323-a0d1-4844-b5d1-89e3962fa2b2} [2012/06/23 15:09:45 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Hasan\AppData\Roaming\mozilla\Firefox\Profiles\b0ehi8gq.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012/07/07 13:19:26 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Hasan\AppData\Roaming\mozilla\Firefox\Profiles\b0ehi8gq.default\extensions\toolbar@ask.com [2012/05/15 18:41:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012/07/24 19:03:42 | 000,413,408 | ---- | M] () (No name found) -- C:\USERS\HASAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\B0EHI8GQ.DEFAULT\EXTENSIONS\{C45C406E-AB73-11D8-BE73-000A95BE3B12}.XPI [2012/07/21 23:47:53 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/07/21 23:47:48 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012/07/16 21:24:02 | 000,002,274 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\ask.xml [2012/08/02 01:15:22 | 000,002,364 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2012/07/21 23:47:48 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/07/21 23:47:48 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012/07/21 23:47:48 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012/07/21 23:47:48 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012/07/21 23:47:48 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://search.babylon.com/?affID=112542&tt=010812_hplgoff_3112_1&babsrc=HP_ss&mntrId=96ad0afd000000000000386077b87e7b CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Hasan\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Hasan\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Hasan\AppData\Local\Google\Chrome\Application\18.0.1025.168\gcswf32.dll CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll CHR - Extension: Ask Toolbar = C:\Users\Hasan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaodnbkkemkkaekocofmphoadofkdh\7.15.4.24117_0\ CHR - Extension: Web Developer = C:\Users\Hasan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm\0.4.1_0\ CHR - Extension: YouTube = C:\Users\Hasan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\Hasan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Babylon Toolbar = C:\Users\Hasan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.7_0\ CHR - Extension: Facebook Autolike = C:\Users\Hasan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnmoffkbpmaikkcdaponiiakfojdjacp\1.0_0\ CHR - Extension: Google Mail = C:\Users\Hasan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012/05/25 23:28:32 | 000,000,718 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (Search Results Toolbar) - {6f895323-a0d1-4844-b5d1-89e3962fa2b2} - C:\Program Files (x86)\searchresults7\searchresultsDx.dll (Ask.com) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Search Results Toolbar) - {6f895323-a0d1-4844-b5d1-89e3962fa2b2} - C:\Program Files (x86)\searchresults7\searchresultsDx.dll (Ask.com) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4:64bit: - HKLM..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe (Hewlett-Packard) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [4StoryPrePatch] C:\Program Files (x86)\Gameforge4D\4Story_DE\PrePatch.exe (Zemi Interactive Inc.) O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe (Hewlett-Packard) O4 - HKLM..\Run: [File Sanitizer] c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe File not found O4 - HKLM..\Run: [HP KEYBOARDx] C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE (Hewlett-Packard) O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard) O4 - HKLM..\Run: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe (Hewlett-Packard) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [V0330Mon.exe] C:\Windows\V0330Mon.exe (Creative Technology Ltd.) O4 - HKCU..\Run: [] C:\Users\Hasan\AppData\Local\Temp\ezeyekhbko.exe (XEROX) O4 - HKCU..\Run: [AdobeBridge] File not found O4 - HKCU..\Run: [Facebook Update] C:\Users\Hasan\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKCU..\Run: [ManyCam] C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe (ManyCam LLC) O4 - HKCU..\Run: [msnmsgr] "C:\Program Files (x86)\MSN Messenger\MsnMsgr.Exe" /background File not found O4 - Startup: C:\Users\Hasan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Hasan\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube Download - C:\Users\Hasan\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105 File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{01E32558-04E0-47CB-9B2E-2427C0BF0AF6}: DhcpNameServer = 194.48.124.202 194.48.124.200 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4FEC8B8A-844A-4648-BBA6-77D1D4CFCE20}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\ms-help - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/02/10 08:27:47 | 000,000,063 | R--- | M] () - J:\autorun.inf -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/08/05 14:38:07 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Hasan\Desktop\OTL.exe [2012/08/05 00:48:14 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{5ADD9703-0938-4983-BE15-21426345892A} [2012/08/05 00:47:53 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{57F68B9E-B5FF-4E8A-8ABE-FA5B56731A34} [2012/08/03 01:10:21 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{7CC89465-27CC-43AD-BBA7-8D5E0AF05412} [2012/08/03 01:10:00 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{709EE5F8-6F4C-4F79-A830-BB563039B320} [2012/08/02 19:42:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ManyCam [2012/08/02 13:09:49 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{25A14C24-115B-4743-A4B9-360970F10CE8} [2012/08/02 13:09:39 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{68825BD3-17BF-4AC0-A390-1ED1815C70F2} [2012/08/02 01:15:45 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HyperCam 2 [2012/08/02 01:15:45 | 000,000,000 | ---D | C] -- C:\Program Files\HyperCam 2 [2012/08/02 01:15:39 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Roaming\BabylonToolbar [2012/08/02 01:15:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BabylonToolbar [2012/08/02 01:15:16 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Roaming\Babylon [2012/08/02 01:15:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2012/08/01 22:56:45 | 000,000,000 | ---D | C] -- C:\Users\Hasan\Desktop\Multi-Connector1.1 [2012/08/01 15:53:27 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{28BFCE1E-D883-4416-8C9C-891A79D3D3A4} [2012/08/01 15:53:12 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{3A6EBDDD-A536-4508-84AB-1C7AB7B4227E} [2012/08/01 01:02:00 | 000,000,000 | ---D | C] -- C:\Users\Hasan\Desktop\Originals [2012/07/31 21:05:08 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{159B3B5D-A9C6-4D54-90AB-A27F571892EC} [2012/07/31 21:04:47 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{FF1B64E1-599B-47EF-BCAC-A1F6625D08D4} [2012/07/30 17:09:42 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{8A2A63B4-4D80-4DDE-BE6E-FB4EA9A96D57} [2012/07/30 17:09:21 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{7E5CE4C6-5036-4490-9BAE-E50BA4C11417} [2012/07/30 02:13:40 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{3E10D924-3BDC-4355-971A-B740D0FCE0E2} [2012/07/30 02:13:19 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{1A89631F-5958-4CBD-A308-256703E7611D} [2012/07/30 01:39:18 | 000,000,000 | R--D | C] -- C:\Users\Hasan\Desktop\Videos [2012/07/29 23:31:27 | 000,000,000 | ---D | C] -- C:\Users\Hasan\Desktop\Programme [2012/07/29 23:31:17 | 000,000,000 | ---D | C] -- C:\Users\Hasan\Desktop\Sachen [2012/07/29 22:02:34 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Roaming\TS3Client [2012/07/29 22:02:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client [2012/07/29 22:02:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamSpeak 3 Client [2012/07/29 14:12:40 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{4113691A-3B75-4EDE-90DA-290FF82ADA47} [2012/07/29 14:12:18 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{C4773A9E-32D7-4C53-BC99-57C1E190B471} [2012/07/29 02:12:06 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{6F7D28C4-4998-4FCA-B5AB-580B76D71599} [2012/07/29 02:11:44 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{1AB74AAC-EB01-46E0-AA5D-24F26A670F73} [2012/07/28 14:11:22 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{8456CACF-BDE2-4C4E-A4DE-55E1F28B6B2F} [2012/07/28 14:11:00 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{00F0E8B7-6F72-4A1C-907A-85FE1AECB568} [2012/07/28 02:10:48 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{B1CDDB69-B683-4068-AA0E-41095B0B6DD9} [2012/07/28 02:10:27 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{72B4D5F5-480A-4C20-9689-F4C11120BCA9} [2012/07/28 01:40:34 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\Microsoft Games [2012/07/26 02:08:17 | 000,000,000 | ---D | C] -- C:\Users\Hasan\Documents\Unbenannte Site 2 [2012/07/26 01:56:35 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Roaming\PDAppFlex [2012/07/26 01:45:34 | 000,000,000 | ---D | C] -- C:\Users\Hasan\Adobe Dreamweaver CS6 [2012/07/26 01:44:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Download Assistant [2012/07/26 01:25:53 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2012/07/25 21:20:38 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Roaming\FileZilla [2012/07/25 21:20:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client [2012/07/25 21:20:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client [2012/07/25 00:45:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3 [2012/07/25 00:45:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2012/07/24 23:56:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CamStudio [2012/07/24 23:56:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CamStudio [2012/07/24 11:31:52 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{4D8D930D-F207-4E3F-9E69-11B4E6EEC7E7} [2012/07/24 11:31:40 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{36B0E413-3D08-43A3-A6A7-BD69E81ABE9A} [2012/07/23 15:28:49 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{1898ADF7-F218-4D8B-AE96-1B7C4392FBD4} [2012/07/23 15:28:28 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{0D47F3FB-B1D1-446E-B815-032FE959D3BD} [2012/07/23 03:28:15 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{5916EFA4-C072-49B4-A3EB-3E587C054DA4} [2012/07/23 03:27:51 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{37C8340E-A5A5-4056-A03B-153E9D315E1B} [2012/07/22 15:27:39 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{31BFB867-5022-4FB9-BA6C-81F5D53534C4} [2012/07/22 15:27:29 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{DD916C18-EBB4-4DB0-A7FA-008DC5583B2A} [2012/07/21 22:50:48 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{8C10D91D-2B5B-4B38-B1C4-97301E9A8697} [2012/07/21 22:50:38 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{8405A8A4-0F97-42CB-AB21-C8E759D636A8} [2012/07/21 22:49:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live [2012/07/21 17:48:20 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{47385DC7-0AB8-4901-9E04-E3B14BAB1013} [2012/07/21 17:47:59 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{5A0E4F8C-F4AF-45BB-9E15-3CA017798A7D} [2012/07/20 15:51:38 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{A9FD05A7-BCF4-4201-AED4-5DB918256C71} [2012/07/20 15:51:26 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{79322B56-BE36-4D41-B66F-06770DAAD19A} [2012/07/20 03:19:04 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{B187B9EF-200B-4666-9672-D93CD4B5AB06} [2012/07/20 03:18:54 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{4E1F4D8B-496F-48B0-8318-B09A586B1A00} [2012/07/19 18:26:12 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\fontconfig [2012/07/19 18:26:11 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\gegl-0.2 [2012/07/19 18:26:11 | 000,000,000 | ---D | C] -- C:\Users\Hasan\.gimp-2.8 [2012/07/19 18:25:29 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2 [2012/07/19 15:09:59 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{2D343FC7-5462-4F5C-A971-F7015DFED365} [2012/07/19 15:09:36 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{B1F8A5FC-AF8A-4298-8C6B-C74AEC933273} [2012/07/19 02:35:22 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{E4285FAF-A47F-4C5F-BDAC-A11291FA2DD3} [2012/07/19 02:35:01 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{1AB7B756-E749-4F1C-9026-7CBB6FE024CB} [2012/07/18 14:34:50 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{0E629838-A0AC-4DC2-90FF-38C206B177E7} [2012/07/18 14:34:40 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{63435A9F-FDB7-4567-9D9B-F4979AB435CA} [2012/07/18 02:15:57 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{1CA24466-3668-4247-A926-8452B1B57AD4} [2012/07/18 02:15:36 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{1ECB46B2-34B2-479F-AF43-E4234C9D9173} [2012/07/17 14:15:13 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{B61A7FFA-D63A-4B94-90EA-20A6E60F32A7} [2012/07/17 02:14:40 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{1C834213-0DCA-4D5A-9639-801764BABEB6} [2012/07/17 02:14:30 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{329BB924-8C3B-4541-8E3A-6C3F10972398} [2012/07/16 21:27:37 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Roaming\Tinychat [2012/07/16 21:24:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tinychat [2012/07/16 21:24:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tinychat [2012/07/16 21:23:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\searchresults7 [2012/07/16 14:14:07 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{1CE463C0-D0D0-4E19-BAB8-62BC9A251D25} [2012/07/15 20:13:25 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{31B85B1D-A190-46D5-97E7-46CF5ADE1DD5} [2012/07/15 20:13:15 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{9A975B2F-DFF3-4127-80B1-42FF96905B43} [2012/07/13 15:01:17 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{782B7C2C-DAFC-4E3F-B9CD-5F233D49F7FA} [2012/07/13 01:46:31 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{66660F43-5618-493E-9F43-AD1F1386E375} [2012/07/12 12:59:48 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{05EECE62-9759-48CA-867E-E7B3D302A6AA} [2012/07/12 12:59:37 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{3844BF78-B4C2-4467-9FB3-5FAA87656AC6} [2012/07/12 02:26:25 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012/07/12 02:26:25 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012/07/12 02:26:25 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012/07/12 02:26:25 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012/07/12 02:26:24 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012/07/12 02:26:24 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012/07/12 02:26:24 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012/07/12 02:26:24 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012/07/12 02:26:23 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012/07/12 02:26:22 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012/07/12 02:26:22 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012/07/12 02:26:22 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012/07/12 02:26:22 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012/07/11 22:48:41 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{CA84F0AE-D45F-4F56-90EA-DB90756C7788} [2012/07/11 10:48:09 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{A22F3D48-4488-4037-BFF8-96FE929B906A} [2012/07/11 07:31:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll [2012/07/11 07:31:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll [2012/07/11 07:31:15 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2012/07/11 07:31:12 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2012/07/11 07:31:12 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2012/07/11 07:31:10 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll [2012/07/11 07:31:09 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll [2012/07/11 03:00:41 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe [2012/07/10 22:47:36 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{E6276D7C-555D-40A5-9762-30F26344B02F} [2012/07/10 20:02:25 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe [2012/07/10 19:54:22 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe [2012/07/10 19:53:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2012/07/10 19:52:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Media Player [2012/07/10 19:52:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe [2012/07/10 10:47:02 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{812E6B8C-2027-442A-A986-848C7D084781} [2012/07/10 10:46:52 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{EF48C423-FB01-4809-9322-09319CF26E93} [2012/07/09 23:27:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SubscribeWinManual [2012/07/09 23:27:23 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SubscribeWin [2012/07/09 13:21:33 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{84FE4ED8-B384-4FF1-B81D-B2EF8EF8885D} [2012/07/09 13:21:23 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{8B572D86-6D41-4096-B021-B96EC02DD0F2} [2012/07/09 00:07:53 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{921B9F9A-E79C-4036-A1B7-06DD03A4267B} [2012/07/09 00:07:31 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{BAE7F533-C021-4FC6-A870-7C73BC8A702B} [2012/07/08 01:11:08 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{D32ACB7E-8123-415F-80AD-FE042B6AD2A4} [2012/07/08 01:10:52 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{9D7B3FDC-9E10-4463-B97E-9C9BB348944B} [2012/07/07 13:20:00 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\ManyCam [2012/07/07 13:20:00 | 000,000,000 | ---D | C] -- C:\ProgramData\ManyCam [2012/07/07 13:19:59 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Roaming\ManyCam [2012/07/07 13:19:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com [2012/07/07 13:10:29 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{32147400-E5C5-4A9C-AE69-C1CCDDC4DEE3} [2012/07/06 22:12:30 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{0F510498-6011-4AAB-9008-C8F95FED5F13} ========== Files - Modified Within 30 Days ========== [2012/08/05 14:37:31 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Hasan\Desktop\OTL.exe [2012/08/05 14:36:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/08/05 14:36:29 | 3205,750,784 | -HS- | M] () -- C:\hiberfil.sys [2012/08/05 14:34:00 | 000,001,138 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3434772256-3054764370-1773770708-1002UA.job [2012/08/05 04:29:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/08/05 03:19:32 | 000,110,537 | ---- | M] () -- C:\Users\Hasan\Desktop\hasaaan.jpg [2012/08/05 01:41:49 | 000,027,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/08/05 01:41:49 | 000,027,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/08/05 00:59:32 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3434772256-3054764370-1773770708-1002Core.job [2012/08/04 18:20:18 | 000,088,007 | ---- | M] () -- C:\Users\Hasan\Desktop\SD.png [2012/08/04 18:19:27 | 000,058,368 | -H-- | M] () -- C:\Users\Hasan\Desktop\photothumb.db [2012/08/04 17:18:22 | 000,071,059 | ---- | M] () -- C:\Users\Hasan\Desktop\562807_370809989656901_1234293370_n.jpg [2012/08/04 15:09:07 | 064,144,603 | ---- | M] () -- C:\Users\Hasan\Desktop\Bushido Chakuza Eko Fresh - Vendetta HD.mp4 [2012/08/04 14:30:48 | 073,956,886 | ---- | M] () -- C:\Users\Hasan\Desktop\Farid Bang - KEINE TRÄNE [ OFFICIAL HQ VIDEO ].mp4 [2012/08/04 01:12:17 | 001,217,607 | ---- | M] () -- C:\Users\Hasan\Desktop\YouTubeDesign (1).psd [2012/08/04 01:09:34 | 000,000,132 | ---- | M] () -- C:\Users\Hasan\AppData\Roaming\Adobe PNG Format CS5 Prefs [2012/08/04 00:43:52 | 000,315,727 | ---- | M] () -- C:\Users\Hasan\Desktop\YouTubeDesign (1).jpg [2012/08/04 00:17:35 | 067,016,797 | ---- | M] () -- C:\Users\Hasan\Desktop\Eko Fresh feat Bushido - Diese Zwei.mp4 [2012/08/04 00:17:03 | 000,048,094 | ---- | M] () -- C:\Users\Hasan\Desktop\302411_396647383730381_1472445167_n.jpg [2012/08/03 20:18:00 | 000,033,394 | ---- | M] () -- C:\Users\Hasan\Desktop\376244_400094576704528_98968371_n.jpg [2012/08/03 16:39:28 | 000,049,143 | ---- | M] () -- C:\Users\Hasan\Desktop\Unbe2nannt.jpg [2012/08/03 16:29:26 | 000,177,770 | ---- | M] () -- C:\Users\Hasan\Desktop\Unbe2nannt.png [2012/08/03 16:01:02 | 000,499,943 | ---- | M] () -- C:\Users\Hasan\Desktop\Unbenannt.png [2012/08/03 01:40:29 | 000,105,824 | ---- | M] () -- C:\Users\Hasan\Desktop\298932_283558561660464_3026746_n.jpg [2012/08/03 01:39:39 | 000,087,083 | ---- | M] () -- C:\Users\Hasan\Desktop\303178_283559654993688_3472297_n.jpg [2012/08/02 23:29:18 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012/08/02 23:29:18 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012/08/02 19:42:19 | 000,001,083 | ---- | M] () -- C:\Users\Public\Desktop\ManyCam.lnk [2012/08/02 19:36:59 | 030,588,416 | ---- | M] () -- C:\Users\Hasan\Desktop\as.avi [2012/08/02 02:28:28 | 000,017,814 | ---- | M] () -- C:\Users\Hasan\Desktop\598467_445013055516595_304178624_n.jpg [2012/08/02 02:23:43 | 000,082,978 | ---- | M] () -- C:\Users\Hasan\Desktop\284733_227562447288329_8062195_n.jpg [2012/08/02 01:30:40 | 000,004,096 | ---- | M] () -- C:\graph.grf [2012/08/02 01:25:44 | 003,165,951 | ---- | M] () -- C:\Users\Hasan\Desktop\Sexy Girl On Web Cam ( Y ).wmv [2012/08/02 01:15:45 | 000,000,937 | ---- | M] () -- C:\Users\Hasan\Desktop\HyperCam 2.lnk [2012/08/02 01:15:37 | 000,000,319 | ---- | M] () -- C:\user.js [2012/08/01 16:57:15 | 000,070,214 | ---- | M] () -- C:\Users\Hasan\Desktop\306336_457323334299711_1458944365_n.jpg [2012/08/01 01:02:00 | 000,177,305 | ---- | M] () -- C:\Users\Hasan\Desktop\40930_153596414656680_1407373_n.jpg [2012/08/01 00:27:58 | 000,030,107 | ---- | M] () -- C:\Users\Hasan\Desktop\561120_348432891893517_1205270673_n.jpg [2012/07/25 00:42:28 | 000,004,634 | ---- | M] () -- C:\Users\Hasan\AppData\Local\recently-used.xbel [2012/07/12 12:43:45 | 004,970,672 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/07/10 23:23:13 | 000,138,460 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat ========== Files Created - No Company Name ========== [2012/08/05 03:19:17 | 000,110,537 | ---- | C] () -- C:\Users\Hasan\Desktop\hasaaan.jpg [2012/08/04 18:19:17 | 000,088,007 | ---- | C] () -- C:\Users\Hasan\Desktop\SD.png [2012/08/04 17:18:24 | 000,071,059 | ---- | C] () -- C:\Users\Hasan\Desktop\562807_370809989656901_1234293370_n.jpg [2012/08/04 16:02:42 | 064,144,603 | ---- | C] () -- C:\Users\Hasan\Desktop\Bushido Chakuza Eko Fresh - Vendetta HD.mp4 [2012/08/04 14:23:46 | 073,956,886 | ---- | C] () -- C:\Users\Hasan\Desktop\Farid Bang - KEINE TRÄNE [ OFFICIAL HQ VIDEO ].mp4 [2012/08/04 00:53:26 | 001,217,607 | ---- | C] () -- C:\Users\Hasan\Desktop\YouTubeDesign (1).psd [2012/08/04 00:43:54 | 000,315,727 | ---- | C] () -- C:\Users\Hasan\Desktop\YouTubeDesign (1).jpg [2012/08/04 00:17:06 | 000,048,094 | ---- | C] () -- C:\Users\Hasan\Desktop\302411_396647383730381_1472445167_n.jpg [2012/08/04 00:12:52 | 067,016,797 | ---- | C] () -- C:\Users\Hasan\Desktop\Eko Fresh feat Bushido - Diese Zwei.mp4 [2012/08/03 20:18:04 | 000,033,394 | ---- | C] () -- C:\Users\Hasan\Desktop\376244_400094576704528_98968371_n.jpg [2012/08/03 16:38:58 | 000,049,143 | ---- | C] () -- C:\Users\Hasan\Desktop\Unbe2nannt.jpg [2012/08/03 16:27:37 | 000,177,770 | ---- | C] () -- C:\Users\Hasan\Desktop\Unbe2nannt.png [2012/08/03 16:01:02 | 000,499,943 | ---- | C] () -- C:\Users\Hasan\Desktop\Unbenannt.png [2012/08/03 01:39:57 | 000,105,824 | ---- | C] () -- C:\Users\Hasan\Desktop\298932_283558561660464_3026746_n.jpg [2012/08/03 01:39:39 | 000,087,083 | ---- | C] () -- C:\Users\Hasan\Desktop\303178_283559654993688_3472297_n.jpg [2012/08/02 19:42:19 | 000,001,083 | ---- | C] () -- C:\Users\Public\Desktop\ManyCam.lnk [2012/08/02 19:37:02 | 030,588,416 | ---- | C] () -- C:\Users\Hasan\Desktop\as.avi [2012/08/02 02:28:31 | 000,017,814 | ---- | C] () -- C:\Users\Hasan\Desktop\598467_445013055516595_304178624_n.jpg [2012/08/02 02:23:42 | 000,082,978 | ---- | C] () -- C:\Users\Hasan\Desktop\284733_227562447288329_8062195_n.jpg [2012/08/02 01:26:11 | 003,165,951 | ---- | C] () -- C:\Users\Hasan\Desktop\Sexy Girl On Web Cam ( Y ).wmv [2012/08/02 01:21:25 | 000,004,096 | ---- | C] () -- C:\graph.grf [2012/08/02 01:15:45 | 000,000,937 | ---- | C] () -- C:\Users\Hasan\Desktop\HyperCam 2.lnk [2012/08/02 01:15:37 | 000,000,319 | ---- | C] () -- C:\user.js [2012/08/01 16:57:21 | 000,070,214 | ---- | C] () -- C:\Users\Hasan\Desktop\306336_457323334299711_1458944365_n.jpg [2012/08/01 01:01:09 | 000,058,368 | -H-- | C] () -- C:\Users\Hasan\Desktop\photothumb.db [2012/08/01 01:00:39 | 000,177,305 | ---- | C] () -- C:\Users\Hasan\Desktop\40930_153596414656680_1407373_n.jpg [2012/08/01 00:28:02 | 000,030,107 | ---- | C] () -- C:\Users\Hasan\Desktop\561120_348432891893517_1205270673_n.jpg [2012/07/27 02:42:03 | 000,000,132 | ---- | C] () -- C:\Users\Hasan\AppData\Roaming\Adobe PNG Format CS5 Prefs [2012/07/26 01:55:55 | 000,001,237 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Dreamweaver CS6.lnk [2012/07/26 01:55:07 | 000,001,359 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk [2012/07/26 01:55:06 | 000,001,525 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk [2012/07/26 01:54:47 | 000,001,099 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Widget Browser.lnk [2012/07/26 01:25:52 | 000,001,045 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk [2012/07/25 00:42:28 | 000,004,634 | ---- | C] () -- C:\Users\Hasan\AppData\Local\recently-used.xbel [2012/07/21 22:49:57 | 000,002,488 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk [2012/07/19 18:26:04 | 000,001,120 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk [2012/07/10 23:23:13 | 000,138,460 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat [2012/07/10 19:54:27 | 000,001,234 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5 (64 Bit).lnk [2012/07/10 19:53:25 | 000,001,175 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.lnk [2012/07/10 19:53:13 | 000,001,268 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.lnk [2012/07/10 19:52:22 | 000,001,359 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.lnk [2012/07/10 19:52:17 | 000,001,525 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.lnk [2012/07/10 19:51:55 | 000,000,999 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk [2012/06/28 21:06:50 | 000,000,004 | ---- | C] () -- C:\Windows\info147.sys [2012/06/24 22:49:35 | 000,003,584 | ---- | C] () -- C:\Users\Hasan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/06/20 17:08:20 | 000,000,184 | ---- | C] () -- C:\Windows\AutoKMS.ini [2012/06/20 17:07:26 | 000,078,848 | ---- | C] () -- C:\Windows\KMSEmulator.exe [2012/05/24 16:38:56 | 000,000,600 | ---- | C] () -- C:\Users\Hasan\AppData\Roaming\winscp.rnd [2012/01/08 07:17:07 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012/01/08 07:12:57 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011/06/21 10:07:00 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL [2011/06/08 08:03:12 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2011/02/11 22:29:00 | 001,598,486 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI < End of report > und einmal Extras.txt :OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 8/5/2012 2:38:51 PM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Hasan\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
3.98 Gb Total Physical Memory | 2.92 Gb Available Physical Memory | 73.46% Memory free
7.96 Gb Paging File | 6.93 Gb Available in Paging File | 87.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919.26 Gb Total Space | 829.24 Gb Free Space | 90.21% Space Free | Partition Type: NTFS
Drive D: | 12.16 Gb Total Space | 1.49 Gb Free Space | 12.28% Space Free | Partition Type: NTFS
Drive E: | 4.38 Gb Total Space | 4.24 Gb Free Space | 96.96% Space Free | Partition Type: UDF
Drive J: | 1.58 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: HASAN-HP | User Name: Hasan | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E19619F-77BC-4270-940A-B53F7817FBCF}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{10C4A4DC-DC10-4D70-8DEE-4B5D2B3B2248}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{1383E9C6-BB05-4694-808B-A87FD35757E0}" = lport=445 | protocol=6 | dir=in | app=system |
"{193A6342-5E8A-49E2-BA44-DF31F23C62AF}" = rport=445 | protocol=6 | dir=out | app=system |
"{1F13BED9-63AD-4468-B176-5342B9978204}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1F4209F4-7637-4AA4-A41F-743470E0CD5F}" = rport=137 | protocol=17 | dir=out | app=system |
"{27CE8CE8-4634-4EB0-89B3-EDC5C68C8B10}" = rport=139 | protocol=6 | dir=out | app=system |
"{2D5C4AF5-8702-4809-AA22-E20657D3445D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4D77C586-F3F8-4406-BEE0-633E0482BFFB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6E8C3149-FE99-4685-BC36-4CD57E237573}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6E99A594-C591-4C67-8A3A-2D106535BB68}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{74A1CA5A-2968-4839-884C-81033EEBBA6E}" = lport=10243 | protocol=6 | dir=in | app=system |
"{7736531C-D2F3-4F8E-8E15-5507724B23D7}" = rport=10243 | protocol=6 | dir=out | app=system |
"{86013738-958C-454D-BB49-B41543764520}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{8D46DDFB-B687-4D46-95B2-1E2D589B749F}" = lport=137 | protocol=17 | dir=in | app=system |
"{8E091E77-1BED-47C1-AE40-F6114BA7B8AD}" = lport=2869 | protocol=6 | dir=in | app=system |
"{93FA86F5-E6A5-46C8-823F-23D775F2E6B0}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{99E554B1-59C0-4815-9257-325A29E2249E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A5D6FF02-2759-4CE7-9F73-ECC129820392}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A7ADC0D2-19DD-4701-9B3C-A92234C6A5CF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A847D995-E8D2-488A-81CB-65C2C9BAE355}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{A9694B50-D2FC-436F-B595-4D24AB86801A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{B4FD4BF8-3E3A-4BA4-87F5-B134D6D189DD}" = lport=139 | protocol=6 | dir=in | app=system |
"{CAD9F7BF-F8AF-40CE-80F0-9BA803F1C38D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CBD32ADD-423A-43D5-99B6-B3C1F69D653A}" = lport=138 | protocol=17 | dir=in | app=system |
"{D7EE0B2F-D4C6-44B5-A625-273C46C7D3B2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E15E52BC-5FB9-4013-A2E5-C5298918D767}" = rport=138 | protocol=17 | dir=out | app=system |
"{EA817059-DC48-4C6D-A43F-7A26B416368B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FB054029-3CB4-4A34-A2C8-F8A2008D17B1}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06F64AB2-C3D0-4023-8F07-CDEFBFDD482A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0BDC4360-D54C-4D8A-9849-9E458E48623F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{24E8DB53-B7E3-43B6-9F00-96712C0E4208}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{270B4589-1370-4528-8822-23B70B363334}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2BACA463-73AE-437D-82A6-AEA752EF847E}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{2FE40683-510C-473D-BE0D-541A9216A0B3}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{34D2306D-2838-4F5B-A703-85A00B41156C}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{3ECE5F0F-9600-4415-AF5A-9A7D47B504D6}" = protocol=17 | dir=in | app=c:\program files (x86)\searchresults7\dtuser.exe |
"{46144965-349B-4166-ADBB-00A1AF20F8B8}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{48A0AB34-A453-46E0-B615-7462749434B2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5B7D06A2-FE98-4EF0-AF20-313D3822789D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{5F0A4050-1C9D-4C14-9E5E-B8B1A4E74A06}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{606E9F03-EFAD-4496-A259-7681E883828B}" = protocol=17 | dir=in | app=c:\users\hasan\appdata\local\vghd\bin\virtuagirl_downloader.exe |
"{62D462D7-FFD8-46B8-B174-93ABB0F082EA}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{696C45FA-2E11-4591-82A3-87A6A9B1BB5B}" = protocol=6 | dir=in | app=c:\program files (x86)\msn messenger\msnmsgr.exe |
"{6D57F4B8-AA60-468D-8526-8408FF33141B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{73E65777-1300-43F9-BA48-5D6A12B48A5B}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{83C24CD0-9CF2-461A-BAE4-C022BFCD4A12}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8432E6AB-DDCF-4AB1-A99D-D1BE3F5C4102}" = protocol=17 | dir=in | app=c:\program files (x86)\msn messenger\msnmsgr.exe |
"{9975D3BB-3B71-44DE-9410-A43CDB7A4C8A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{9A3447CE-0E22-4110-8BCF-634DDC89BED2}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{9E45F22A-7DAC-4392-986A-35B88212746C}" = protocol=6 | dir=out | app=system |
"{9FEB17D0-5AD1-4F09-921E-B60AF32DCD01}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{A6E4B216-2967-4B64-B1A0-4040E722C1F7}" = protocol=6 | dir=in | app=c:\users\hasan\appdata\local\vghd\bin\virtuagirl_downloader.exe |
"{AC8CE6ED-FFF8-48A9-B554-C13C26FA59F0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B63573AA-7FD3-4DE3-A712-46DB25168B4A}" = protocol=6 | dir=in | app=c:\program files (x86)\searchresults7\dtuser.exe |
"{B83013B1-D385-40AC-BB15-4888FD877BA6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BF19CCD8-59DC-42C4-B72B-A46450743342}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{C8C5C722-11E7-4B4D-BB1A-B3490B04DF4F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C9D25748-3EC0-47B8-B518-B6D4865755E3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CC0AECD3-6ECA-473F-9390-121D813BE4B9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CCCD8166-AD01-47EF-84E2-36AD41BB02B6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CFF9F14B-9CC9-4982-8A99-0C578389BB0B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D700BF8D-A07F-440F-9F0A-866184074415}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{D9C6251D-7A05-4353-8119-269889442DA9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E12D6191-DADB-4F0C-82F6-BDA139EB9B37}" = protocol=6 | dir=in | app=c:\program files (x86)\msn messenger\msnmsgr.exe |
"{E266EC61-BE0D-4D50-870C-0577B11F91F7}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{E429ACF5-D09D-453D-9504-383DF3F71759}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{E47CB9B2-D31F-4F6A-8829-79D10026D0FF}" = protocol=17 | dir=in | app=c:\program files (x86)\msn messenger\msnmsgr.exe |
"{E6BAD4B7-A4E1-42AF-BFD8-F34BE5D45310}" = dir=in | app=c:\users\hasan\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{F481BD07-F843-4F30-A3DB-1AA457F1FC99}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{F802DAF4-8CF4-4EB0-B847-9E359A91FE1A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FE67EFB8-F505-4EBE-A9DD-C5ED37AD8402}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{582ECB7A-E751-4E74-A4A9-B344912998D9}C:\program files (x86)\jdownloader\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\javaw.exe |
"TCP Query User{81C1E9B3-251A-4BD8-A021-4B3AEC3EB0B3}C:\users\hasan\appdata\local\mediaget2\mediaget.exe" = protocol=6 | dir=in | app=c:\users\hasan\appdata\local\mediaget2\mediaget.exe |
"TCP Query User{89075516-A709-4707-AEA9-705E3214DC2D}C:\program files (x86)\counter-strike 1.6\hl.exe" = protocol=6 | dir=in | app=c:\program files (x86)\counter-strike 1.6\hl.exe |
"TCP Query User{9235E029-E040-4691-B0EC-A7A6F6991F13}C:\windows\kmsemulator.exe" = protocol=6 | dir=in | app=c:\windows\kmsemulator.exe |
"TCP Query User{F095EC05-7D86-406D-A6C3-4DC45345745B}C:\users\hasan\desktop\tinyumbrella-5.11.00b.exe" = protocol=6 | dir=in | app=c:\users\hasan\desktop\tinyumbrella-5.11.00b.exe |
"UDP Query User{16C4A4C3-4221-474A-9A96-A97CAD3B3752}C:\users\hasan\desktop\tinyumbrella-5.11.00b.exe" = protocol=17 | dir=in | app=c:\users\hasan\desktop\tinyumbrella-5.11.00b.exe |
"UDP Query User{3C16B6F7-407D-4ABC-AEA8-54CA1388456E}C:\program files (x86)\jdownloader\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\javaw.exe |
"UDP Query User{54F853BA-774C-4563-B235-72D00DC02909}C:\program files (x86)\counter-strike 1.6\hl.exe" = protocol=17 | dir=in | app=c:\program files (x86)\counter-strike 1.6\hl.exe |
"UDP Query User{A0E04234-E5AB-4685-A836-63560F87E51B}C:\users\hasan\appdata\local\mediaget2\mediaget.exe" = protocol=17 | dir=in | app=c:\users\hasan\appdata\local\mediaget2\mediaget.exe |
"UDP Query User{BDEC1C1B-B20C-48AF-89FA-3B185DD3CCED}C:\windows\kmsemulator.exe" = protocol=17 | dir=in | app=c:\windows\kmsemulator.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160" = Canon MP160
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-1000-0000000FF1CE}_Office14.SingleImage_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-1000-0000000FF1CE}_Office14.SingleImage_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-1000-0000000FF1CE}_Office14.SingleImage_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-1000-0000000FF1CE}_Office14.SingleImage_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-1000-0000000FF1CE}_Office14.SingleImage_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-1000-0000000FF1CE}_Office14.SingleImage_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.SingleImage_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.SingleImage_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.SingleImage_{1779650B-2E44-4A19-8DF6-3866D645764A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-1000-0000000FF1CE}_Office14.SingleImage_{270CA0B9-9881-44DB-BC3B-37C7E66A044A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-1000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-0043-0409-1000-0000000FF1CE}_Office14.SingleImage_{FCD1C311-8B02-4DBD-BA46-1079C629577E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}_Office14.SingleImage_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-1000-0000000FF1CE}_Office14.SingleImage_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}_Office14.SingleImage_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-1000-0000000FF1CE}_Office14.SingleImage_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96F38867-9D41-683C-DF60-034A731C37FE}" = ATI Catalyst Install Manager
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{E03EE2F0-5B77-5288-BB47-BF31F8411E9F}" = ccc-utility64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CANONIJINBOXADDON200" = Canon Inkjet Printer Driver Add-On Module V2.00
"Creative VF0330" = Creative WebCam Vista/Live! Cam Chat (VF0330) Driver (1.12.01.00)
"GIMP-2_is1" = GIMP 2.8.0
"HyperCam 2" = HyperCam 2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"Office14.SingleImage" = Microsoft Office Professional 2010
"Recuva" = Recuva
"WinRAR archiver" = WinRAR 4.11 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{02F7A7B2-913A-4032-F7D7-3F2C14F812B6}" = CCC Help Chinese Standard
"{03046EBB-CB7C-4B98-BEFB-690EB955DA22}" = HP Setup
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{06D0056A-DC6A-B1E1-8D13-D440F2AD3E63}" = Catalyst Control Center
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0FD57355-9934-E3B7-8ABA-4AE4AC72507F}" = Catalyst Control Center InstallProxy
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{149D4F00-AD01-3AA1-816F-A067A68A4F9E}" = HydraVision
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2242081E-F673-ED92-6CCB-1244A751346C}" = CCC Help Spanish
"{22758D8F-E023-44ED-8647-3C6985ABF663}" = Nero Kwik Media
"{23E558E2-D070-3BDA-B1B8-72FA0A82841D}" = Catalyst Control Center Localization All
"{2432E589-6256-4513-B0BF-EFA8E325D5F0}" = Nero SharedVideoCodecs
"{24C36B60-9443-4E4B-A620-C936992E96F1}" = SubscribeWinManual
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4
"{273F0620-4324-4A86-891D-07E99D5C5D8A}" = Catalyst Control Center - Branding
"{28F27BB2-08FA-D2E7-FFCE-9434146975C7}" = CCC Help Dutch
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3282009E-EE34-CCE0-8246-022DC6DE9691}" = CCC Help Korean
"{33D36680-4219-B641-587F-CCAB6953133E}" = CCC Help Portuguese
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53DA6CFE-7CDE-4F72-9E23-39AAC686DE17}" = iPhone Folders
"{550ABD27-7F34-8904-E77F-0039DD33D271}" = CCC Help Finnish
"{5928359F-BF46-4646-BF19-B64E55171EB5}" = FILSHtray
"{5A212B2D-140D-46F4-B625-2D1CA5A00594}" = Nero 11 Kwik Themes Basic
"{5CA6A108-BBC3-D7FC-F1C5-8F2AD0C5D6DD}" = CCC Help German
"{5DA7CED3-4C7A-0ECF-8B48-B575637A7445}" = CCC Help Swedish
"{5DCAAED5-F17D-91DD-2FE7-7EB5A73C5AFB}" = CCC Help English
"{5F40A933-8DF6-365A-9E98-C7696991D007}" = CCC Help Japanese
"{61B7B98F-D217-4299-AC8C-42BA90B4CDF5}" = Tinychat Updater
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.1.0
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7849D2B4-1F45-38C2-E0BA-A0B194D17DF9}" = CCC Help Hungarian
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B9DD7CB-22A1-5CB3-8F3A-0D8FD8FE700B}" = CCC Help Czech
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}" = HP Support Information
"{7FB00B6B-6843-97EC-EED6-78BD6D35370A}" = Zinio Reader 4
"{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1" = iExplorer 2.2.1.3
"{822AD542-7F2D-156D-706B-357D2ABA9A05}" = CCC Help Italian
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83AA2913-C123-4146-85BD-AD8F93971D39}" = BabylonObjectInstaller
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8DC069E7-893C-41E1-9442-DE89FEC33371}" = Xobni Core
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E18934B-DAB7-3C80-D423-8A7661F03D4D}" = CCC Help French
"{A15D03FE-44F7-CE8E-4BF0-EB7224792537}" = Catalyst Control Center Profiles Desktop
"{A4ED5E53-7AA0-11E1-BF04-B2D4D4A5360E}" = Adobe Dreamweaver CS6
"{A4FA7AA2-BF23-A1D6-1893-B5045CF100AE}" = CCC Help Norwegian
"{A6A93CA6-7564-A30A-A7F8-6C85B0E533B2}" = CCC Help Thai
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{B40D7926-AE5F-41EA-8AC6-56C0E2F00E9D}" = HP MAINSTREAM KEYBOARD
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM)
"{BE1674EC-4B9B-1C56-3EF1-6B35B5C2AA74}" = CCC Help Chinese Traditional
"{BE1C9464-DEBB-4DA6-B19A-8EC634F22D73}" = HP Connect Solutions
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{BFDCAFC1-E6CD-70C8-53E5-1B3339A28E4D}" = CCC Help Danish
"{C01A86F5-56E7-101F-9BC9-E3F1025EB779}" = Intel(R) Identity Protection Technology 1.1.2.0
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C611CF88-969D-43E6-A877-D6D6439DD081}" = HP Remote Solution
"{C920EFB6-59DB-472D-B445-21821477AD17}" = True Crime® New York City
"{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}" = HP Support Assistant
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CED55396-8C6B-2BE0-4113-731C6201498B}" = CCC Help Polish
"{CF7B4D8C-BF93-11FD-04A7-DD57BBF1078C}" = Tinychat
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DF2035BE-5820-4965-BD97-7FAF8D4A7879}" = Microsoft_VC90_CRT_x86
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2A1A51F-5018-23DA-FCDA-BEA21C7EA48D}" = CCC Help Russian
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E4C92944-F31A-3FB0-C3B0-D7C5950B1D82}" = Adobe Download Assistant
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ED7B3025-3CA1-7985-DB04-2B0299BBF846}" = CCC Help Turkish
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{EFBE6DD5-B224-96E5-72B9-68D328CB12A6}" = Adobe Widget Browser
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F393ED40-AD54-6F34-3534-4B51C167B5EB}" = Catalyst Control Center Graphics Previews Common
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FAF448F1-4460-440C-9280-07F66A63D6F5}" = Nero Kwik Media
"{FDE8AA35-A16F-CFE6-6EEF-C6A28DAED127}" = CCC Help Greek
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"4Story_DE_is1" = 4Story DE 3.9.154
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"BabylonToolbar" = Babylon toolbar on IE
"CamStudio" = CamStudio
"Canon MP160 Benutzerregistrierung" = Canon MP160 Benutzerregistrierung
"CanonMyPrinter" = Canon My Printer
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"com.adobe.WidgetBrowser" = Adobe Widget Browser
"Counter-Strike 1.6" = Counter-Strike 1.6
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"FileZilla Client" = FileZilla Client 3.2.7.1
"Free YouTube Download_is1" = Free YouTube Download version 3.1.29.608
"HP Keyboard_is1" = HP Desktop Keyboard
"HP Remote Solution" = HP Remote Solution
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"IrfanView" = IrfanView (remove only)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"ManyCam" = ManyCam 3.0.79 (remove only)
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator 3.0" = Canon MP Navigator 3.0
"PhotoScape" = PhotoScape
"Picasa 3" = Picasa 3
"searchresults7" = Search Results Toolbar
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 7" = TeamViewer 7
"Tinychat" = Tinychat
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"winscp3_is1" = WinSCP 4.3.7
"WTA-0791aad2-c16c-4413-9600-52e03b1a3fae" = Jewel Quest Solitaire
"WTA-11c881f2-cfc3-48c7-80d6-7d0fe8371f94" = Zuma Deluxe
"WTA-1f3bdd62-1b0f-4774-bc4d-00546b62f60a" = Governor of Poker 2 Premium Edition
"WTA-26425b32-832e-4c6c-8ed8-d5cbb3b000bb" = Vacation Quest - The Hawaiian Islands
"WTA-284f9aa6-055d-435d-a19e-ac55f0736285" = Mah Jong Medley
"WTA-2f66db47-4890-4302-a43a-352d66658994" = Jewel Quest: The Sleepless Star - Collector's Edition
"WTA-37100e2b-f138-4c73-8091-92d8a12213fb" = Bounce Symphony
"WTA-43686210-ff74-42ce-b457-9a2f7ebaae58" = Virtual Villagers - The Secret City
"WTA-45fec9c0-564b-4267-bc11-a7feae81381c" = Namco All-Stars: PAC-MAN
"WTA-5fb6a6fe-5d48-4ddc-9efd-4099ae337ccf" = Chronicles of Albian
"WTA-6404e09b-d8d7-4de6-8f39-f27c713275c4" = Penguins!
"WTA-681a3586-040d-4e6f-8acd-26b5e898c677" = Mystery of Mortlake Mansion
"WTA-7c9fe226-856b-48e7-b9a4-f05af971107f" = Cake Mania
"WTA-9b4b9c43-42d6-4d28-942d-e43ffd1a35b4" = Farm Frenzy
"WTA-a39cb1db-6a2c-469c-b935-3fe86a3ee08e" = Chuzzle Deluxe
"WTA-a48da115-f42a-486b-afe4-bcada26401e9" = Blasterball 3
"WTA-a79d8e80-1e52-45f3-aec2-6a86a5719cda" = Cradle of Rome 2
"WTA-af41b837-3235-4515-96e0-0a7ab7478c93" = FATE
"WTA-b586f4c4-522b-4913-abce-c24bb1bd00e3" = Slingo Deluxe
"WTA-e590ef0c-023e-4571-aad5-67bd5ed3de28" = Polar Bowler
"WTA-e7bb3e9b-6514-4954-8f84-04416238b57a" = Bejeweled 3
"WTA-e92c4454-f57f-49c7-a227-7a41f58c4448" = Agatha Christie - Peril at End House
"WTA-ed79fc9c-35f1-473b-819c-390b46548c89" = Plants vs. Zombies - Game of the Year
"ZinioReader4" = Zinio Reader 4
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"CopyTrans Suite" = Nur Entfernen der CopyTrans Suite möglich
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 7/21/2012 1:23:01 PM | Computer Name = Hasan-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5008
Error - 7/21/2012 1:23:02 PM | Computer Name = Hasan-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 7/21/2012 1:23:02 PM | Computer Name = Hasan-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6006
Error - 7/21/2012 1:23:02 PM | Computer Name = Hasan-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6006
Error - 7/21/2012 1:23:03 PM | Computer Name = Hasan-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 7/21/2012 1:23:03 PM | Computer Name = Hasan-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7004
Error - 7/21/2012 1:23:03 PM | Computer Name = Hasan-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7004
Error - 7/21/2012 1:23:04 PM | Computer Name = Hasan-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 7/21/2012 1:23:04 PM | Computer Name = Hasan-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8003
Error - 7/21/2012 1:23:04 PM | Computer Name = Hasan-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8003
[ Hewlett-Packard Events ]
Error - 8/4/2012 7:25:33 PM | Computer Name = Hasan-HP | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164 bei System.RuntimeTypeHandle.CreateInstance(RuntimeType
type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
ctor, Boolean& bNeedSecurityCheck) bei System.RuntimeType.CreateInstanceSlow(Boolean
publicOnly, Boolean fillCache) bei System.RuntimeType.CreateInstanceImpl(Boolean
publicOnly, Boolean skipVisibilityChecks, Boolean fillCache) bei System.Activator.CreateInstance(Type
type, Boolean nonPublic) bei HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed()
StackTrace:
bei System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)
bei System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)
bei System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
Boolean fillCache) bei System.Activator.CreateInstance(Type type, Boolean nonPublic)
bei HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed() Source: mscorlib
Name:
HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: de-DE RAM: 4076 Ram
Utilization: 30 TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean,
Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)
Error - 8/4/2012 7:36:31 PM | Computer Name = Hasan-HP | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164 bei System.RuntimeTypeHandle.CreateInstance(RuntimeType
type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
ctor, Boolean& bNeedSecurityCheck) bei System.RuntimeType.CreateInstanceSlow(Boolean
publicOnly, Boolean fillCache) bei System.RuntimeType.CreateInstanceImpl(Boolean
publicOnly, Boolean skipVisibilityChecks, Boolean fillCache) bei System.Activator.CreateInstance(Type
type, Boolean nonPublic) bei HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed()
StackTrace:
bei System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)
bei System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)
bei System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
Boolean fillCache) bei System.Activator.CreateInstance(Type type, Boolean nonPublic)
bei HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed() Source: mscorlib
Name:
HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: de-DE RAM: 4076 Ram
Utilization: 30 TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean,
Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)
[ Media Center Events ]
Error - 7/3/2012 9:35:03 AM | Computer Name = Hasan-HP | Source = MCUpdate | ID = 0
Description = 15:35:03 - Fehler beim Herstellen der Internetverbindung. 15:35:03
- Serververbindung konnte nicht hergestellt werden..
Error - 7/3/2012 9:35:16 AM | Computer Name = Hasan-HP | Source = MCUpdate | ID = 0
Description = 15:35:09 - Fehler beim Herstellen der Internetverbindung. 15:35:09
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 8/5/2012 8:36:53 AM | Computer Name = Hasan-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 8/5/2012 8:36:53 AM | Computer Name = Hasan-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 8/5/2012 8:36:53 AM | Computer Name = Hasan-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 8/5/2012 8:36:53 AM | Computer Name = Hasan-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 8/5/2012 8:37:04 AM | Computer Name = Hasan-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 8/5/2012 8:37:04 AM | Computer Name = Hasan-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 8/5/2012 8:37:04 AM | Computer Name = Hasan-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 8/5/2012 8:38:50 AM | Computer Name = Hasan-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 8/5/2012 8:38:50 AM | Computer Name = Hasan-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 8/5/2012 8:38:50 AM | Computer Name = Hasan-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
< End of report >
Das wars ich hoffe jemand kann mir helfen Ich bedanke mich im Vorraus MFG Itszhsn |
|
05.08.2012, 19:27
| #2 |
  | Start Windows 7 white Screen dann leerer Desktop abgesichterer Modus geht normal Hi,
__________________Bitte folgende Files prüfen: Dateien Online überprüfen lassen:
Code:
ATTFilter C:\Windows\Installer\{8A1CE765-70F9-308B-172E-191DF63D1250}\syshost.exe
Das Teil ist von Samsung, gleichzeitig fährt auch nochwas von HP rum, was für eine Kiste ist das? Falls die Syshost erkannt wurde, muss ich das script nochmal anpassen. in den abgesicherten Modus (f8 beim Booten) booten... OTL:
 Code:
ATTFilter :OTL
O4 - HKLM..\Run: [] File not found
O4 - HKCU..\Run: [] C:\Users\Hasan\AppData\Local\Temp\ezeyekhbko.exe (XEROX)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
:REG
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = dword:0x01
:Commands
[purity]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
Der Rechner sollte normal booten können, dann weiter mit MAM... Malwarebytes Antimalware (MAM) Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen: http://filepony.de/download-chameleon/ Danach bitte update der Signaturdateien (Reiter "Aktualisierungen" -> Suche nach Aktualisierungen") Fullscan und alles bereinigen lassen! Log posten. chris
__________________ |
|
05.08.2012, 23:25
| #3 |
| | Start Windows 7 white Screen dann leerer Desktop abgesichterer Modus geht normal Hi danke für deine Antwort doch als ich C:\Windows\Installer\{8A1CE765-70F9-308B-172E-191DF63D1250}\syshost.exe suchen wollte hab ich unabsichtlich drauf geklickt und mein Pc hatte nen Neustart und als ich diese Datei wieder suchen wollte fand ich sie nicht mehr.
__________________Ich besitzt einen hp elite 7300 series mt Rechner. Ok alles hat wunderbar geklappt. Alles geht wieder und das Ergebnis vom Malware Scan : Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.05.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Hasan :: HASAN-HP [Administrator] Schutz: Aktiviert 06.08.2012 01:20:47 mbam-log-2012-08-06 (01-20-47).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 373880 Laufzeit: 44 Minute(n), 37 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 11 C:\Users\Hasan\AppData\Local\Temp\gxzcnownvrku.exe (Trojan.Phex.THAGen6) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Hasan\AppData\Local\Temp\mmyiqrdyjnnxdgqv.exe (Trojan.Phex.THAGen6) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Hasan\AppData\Local\Temp\pkvdnoljqd.exe (Trojan.Phex.THAGen6) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Hasan\Desktop\Multi-Connector1.1\eip\nc.exe (PUP.Netcat) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Hasan\Desktop\Multi-Connector1.1\fb\nc.exe (PUP.Netcat) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Hasan\Desktop\Sachen\Call of Duty - Modern Warfare 3\iw5sp.exe (Trojan.Agent.H) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Hasan\Downloads\scrcaminstfree (1).exe (PUP.BundleInstaller.BI) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Hasan\Downloads\scrcaminstfree.exe (PUP.BundleInstaller.BI) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Hasan\Downloads\SoftonicDownloader_fuer_fast-ip-changer.exe (PUP.ToolbarDownloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\KMSEmulator.exe (RiskWare.Tool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\_OTL\MovedFiles\08062012_002941\C_Users\Hasan\AppData\Local\Temp\ezeyekhbko.exe (Trojan.Phex.THAGen6) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Danke für deine Hilfe  ! |
|
06.08.2012, 06:59
| #4 |
| | Start Windows 7 white Screen dann leerer Desktop abgesichterer Modus geht normal Hi, poste noch ein neues OTL-Log... chris
__________________  Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden  ) |
|
06.08.2012, 13:08
| #5 |
| | Start Windows 7 white Screen dann leerer Desktop abgesichterer Modus geht normal Hallo ahm hier Code:
ATTFilter OTL logfile created on: 8/6/2012 2:03:06 PM - Run 2 OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Hasan\Desktop\Programme 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 3.98 Gb Total Physical Memory | 1.28 Gb Available Physical Memory | 32.08% Memory free 7.96 Gb Paging File | 4.30 Gb Available in Paging File | 54.04% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 919.26 Gb Total Space | 827.91 Gb Free Space | 90.06% Space Free | Partition Type: NTFS Drive D: | 12.16 Gb Total Space | 1.49 Gb Free Space | 12.28% Space Free | Partition Type: NTFS Drive E: | 4.38 Gb Total Space | 4.24 Gb Free Space | 96.96% Space Free | Partition Type: UDF Drive J: | 1.58 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: HASAN-HP | User Name: Hasan | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Hasan\Desktop\Programme\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Users\Hasan\AppData\Roaming\WindSolutions\CopyTransControlCenter\Applications\CopyTransManager.exe (WindSolutions) PRC - C:\Program Files (x86)\DVDVideoSoft\Free YouTube Download\FreeYTVDownloader.exe (DVDVideoSoft Ltd.) PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) PRC - C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe (ManyCam LLC) PRC - C:\Program Files (x86)\Gameforge4D\4Story_DE\PrePatch.exe (Zemi Interactive Inc.) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\ATH.exe (Apple Inc.) PRC - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe (Apple Inc.) PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) PRC - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE (Hewlett-Packard) PRC - C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard) PRC - C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe () PRC - C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe (Hewlett-Packard) PRC - C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe (Hewlett-Packard) PRC - C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe () PRC - C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.) PRC - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard) PRC - C:\Windows\V0330Mon.exe (Creative Technology Ltd.) ========== Modules (No Company Name) ========== MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB9ED.tmp () MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB96E.tmp () MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMBB5D.tmp () MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMBB1C.tmp () MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMBACC.tmp () MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMBA4D.tmp () MOD - C:\Users\Hasan\AppData\Local\Temp\YTMP7MC8AA\TAABD0E.tmp () MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB8EF.tmp () MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB832.tmp () MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB7B3.tmp () MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB754.tmp () MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB713.tmp () MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB6D3.tmp () MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB6A2.tmp () MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB652.tmp () MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB621.tmp () MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB5E1.tmp () MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB5A0.tmp () MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB560.tmp () MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB52F.tmp () MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB4EF.tmp () MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB49F.tmp () MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB45E.tmp () MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB40E.tmp () MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB3CE.tmp () MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB37D.tmp () MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB32D.tmp () MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB24B.tmp () MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB1CA.tmp () MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB27B.tmp () MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB2ED.tmp () MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB2AC.tmp () MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB20A.tmp () MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB16A.tmp () MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB057.tmp () MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMAF88.tmp () MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB0A7.tmp () MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMAFF7.tmp () MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMAF17.tmp () MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMAEE6.tmp () MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMAEB5.tmp () MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMAE54.tmp () MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMAE23.tmp () MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMADF2.tmp () MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMADC1.tmp () MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB109.tmp () MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMAE85.tmp () MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMAF48.tmp () MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMAD41.tmp () MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMAD71.tmp () MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB139.tmp () MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB0D8.tmp () MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMAC83.tmp () MOD - C:\Users\Hasan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.7_0\BabylonChromeToolBar.dll () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Users\Hasan\AppData\Roaming\BabylonToolbar\CR\BUSolution.dll () MOD - C:\Windows\assembly\GAC_MSIL\Microsoft.WindowsAPICodePack.Shell\1.1.0.0__31bf3856ad364e35\Microsoft.WindowsAPICodePack.Shell.dll () MOD - C:\Windows\assembly\GAC_MSIL\Microsoft.WindowsAPICodePack\1.1.0.0__31bf3856ad364e35\Microsoft.WindowsAPICodePack.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6c59a14a23f734093e80d6093e25302a\Microsoft.VisualBasic.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll () MOD - C:\Program Files (x86)\DVDVideoSoft\Free YouTube Download\DVDVideoSoft.Resources.dll () MOD - C:\Program Files (x86)\DVDVideoSoft\Free YouTube Download\de-DE\DVDVideoSoft.Resources.resources.dll () MOD - C:\Program Files (x86)\Common Files\DVDVideoSoft\Dll\avcodec-54.dll () MOD - C:\Program Files (x86)\Common Files\DVDVideoSoft\Dll\avformat-54.dll () MOD - C:\Program Files (x86)\Common Files\DVDVideoSoft\Dll\swscale-2.dll () MOD - C:\Program Files (x86)\Common Files\DVDVideoSoft\Dll\avutil-51.dll () MOD - C:\Program Files (x86)\ManyCam\Bin\CrashRpt.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll () MOD - C:\Users\Hasan\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll () MOD - C:\Users\Hasan\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll () MOD - C:\Users\Hasan\AppData\Local\Google\Chrome\Application\18.0.1025.168\libglesv2.dll () MOD - C:\Users\Hasan\AppData\Local\Google\Chrome\Application\18.0.1025.168\libegl.dll () MOD - C:\Users\Hasan\AppData\Local\Google\Chrome\Application\18.0.1025.168\avutil-51.dll () MOD - C:\Users\Hasan\AppData\Local\Google\Chrome\Application\18.0.1025.168\avformat-53.dll () MOD - C:\Users\Hasan\AppData\Local\Google\Chrome\Application\18.0.1025.168\avcodec-53.dll () MOD - C:\Users\Hasan\AppData\Local\Google\Chrome\Application\18.0.1025.168\gcswf32.dll () MOD - C:\Users\Hasan\AppData\Local\Google\Chrome\APPLIC~1\180102~1.168\gcswf32.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll () MOD - C:\Program Files (x86)\ManyCam\Bin\opencv_objdetect220.dll () MOD - C:\Program Files (x86)\ManyCam\Bin\opencv_highgui220.dll () MOD - C:\Program Files (x86)\ManyCam\Bin\opencv_video220.dll () MOD - C:\Program Files (x86)\ManyCam\Bin\opencv_imgproc220.dll () MOD - C:\Program Files (x86)\ManyCam\Bin\opencv_core220.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll () MOD - C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe () MOD - C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe () MOD - C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\WMINPUT.DLL () ========== Win32 Services (SafeList) ========== SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\STacSV64.exe (IDT, Inc.) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (HPAuto) -- C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe (Hewlett-Packard) SRV:64bit: - (HPClientSvc) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV:64bit: - (AESTFilters) -- C:\Program Files\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (Hewlett-Packard Company) SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (VCam_WDM) -- C:\Windows\SysNative\drivers\VCam_WDM.sys (e2eSoft) DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (mcaudrv_simple) -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys (ManyCam LLC) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (ManyCam) -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys (ManyCam LLC) DRV:64bit: - (pmxdrv) -- C:\Windows\SysNative\drivers\pmxdrv.sys () DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation) DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation) DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation) DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation) DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.) DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (tixhci) -- C:\Windows\SysNative\drivers\tixhci.sys (Texas Instruments Incorporated) DRV:64bit: - (tihub3) -- C:\Windows\SysNative\drivers\tihub3.sys (Texas Instruments Incorporated) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (OxSer) -- C:\Windows\SysNative\drivers\OxSer.sys (OEM) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (V0330VID) -- C:\Windows\SysNative\drivers\V0330Vid.sys (Creative Technology Ltd.) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (PCWinSoft) -- C:\Windows\SysNative\drivers\scrcamlrdrv_x64.sys (Windows (R) Server 2003 DDK provider) DRV:64bit: - (mcdbus) -- C:\Windows\SysNative\drivers\mcdbus.sys (MagicISO, Inc.) DRV:64bit: - (OxPPort) -- C:\Windows\SysNative\drivers\OxPPort.sys (OEM) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (mcdbus) -- C:\Windows\SysWOW64\drivers\mcdbus.sys (MagicISO, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/28 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/28 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CMDTDF IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMDTDF IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-5/4?satitle={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{F625FDB0-9AA1-4969-B902-A345E6A8D8CE}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/28 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/28 IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CMDTDF IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMDTDF IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-5/4?satitle={searchTerms} IE - HKLM\..\SearchScopes\{F625FDB0-9AA1-4969-B902-A345E6A8D8CE}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/28 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=112542&tt=010812_hplgoff_3112_1&babsrc=HP_ss&mntrId=96ad0afd000000000000386077b87e7b IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=112542&tt=010812_hplgoff_3112_1&babsrc=SP_ss&mntrId=96ad0afd000000000000386077b87e7b IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMDTDF IE - HKCU\..\SearchScopes\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD}: "URL" = hxxp://eu.ask.com/web?l=dis&o=APN10630&gct=sb&qsrc=2869&apn_dtid=^YYYYYY^YY^AT&apn_ptnrs=^AE2&apn_uid=0325063925894589&p2=^AE2^YYYYYY^YY^AT&q={searchTerms} IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-5/4?satitle={searchTerms} IE - HKCU\..\SearchScopes\{F625FDB0-9AA1-4969-B902-A345E6A8D8CE}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)" FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/?affID=112542&tt=010812_hplgoff_3112_1&babsrc=HP_ss&mntrId=96ad0afd000000000000386077b87e7b" FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?affID=112542&tt=010812_hplgoff_3112_1&babsrc=KW_ss&mntrId=96ad0afd000000000000386077b87e7b&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Hasan\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/21 23:47:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/05/15 18:41:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hasan\AppData\Roaming\mozilla\Extensions [2012/08/02 01:15:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hasan\AppData\Roaming\mozilla\Firefox\Profiles\b0ehi8gq.default\extensions [2012/07/16 21:24:01 | 000,000,000 | ---D | M] (Search Results Toolbar) -- C:\Users\Hasan\AppData\Roaming\mozilla\Firefox\Profiles\b0ehi8gq.default\extensions\{6f895323-a0d1-4844-b5d1-89e3962fa2b2} [2012/06/23 15:09:45 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Hasan\AppData\Roaming\mozilla\Firefox\Profiles\b0ehi8gq.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012/07/07 13:19:26 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Hasan\AppData\Roaming\mozilla\Firefox\Profiles\b0ehi8gq.default\extensions\toolbar@ask.com [2012/05/15 18:41:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012/07/24 19:03:42 | 000,413,408 | ---- | M] () (No name found) -- C:\USERS\HASAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\B0EHI8GQ.DEFAULT\EXTENSIONS\{C45C406E-AB73-11D8-BE73-000A95BE3B12}.XPI [2012/07/21 23:47:53 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/07/21 23:47:48 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012/07/16 21:24:02 | 000,002,274 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\ask.xml [2012/08/02 01:15:22 | 000,002,364 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2012/07/21 23:47:48 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/07/21 23:47:48 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012/07/21 23:47:48 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012/07/21 23:47:48 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012/07/21 23:47:48 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://search.babylon.com/?affID=112542&tt=010812_hplgoff_3112_1&babsrc=HP_ss&mntrId=96ad0afd000000000000386077b87e7b CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Hasan\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Hasan\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Hasan\AppData\Local\Google\Chrome\Application\18.0.1025.168\gcswf32.dll CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll CHR - Extension: Ask Toolbar = C:\Users\Hasan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaodnbkkemkkaekocofmphoadofkdh\7.15.4.24117_0\ CHR - Extension: Web Developer = C:\Users\Hasan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm\0.4.1_0\ CHR - Extension: YouTube = C:\Users\Hasan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\Hasan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Babylon Toolbar = C:\Users\Hasan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.7_0\ CHR - Extension: Facebook Autolike = C:\Users\Hasan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnmoffkbpmaikkcdaponiiakfojdjacp\1.0_0\ CHR - Extension: Google Mail = C:\Users\Hasan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012/05/25 23:28:32 | 000,000,718 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (Search Results Toolbar) - {6f895323-a0d1-4844-b5d1-89e3962fa2b2} - C:\Program Files (x86)\searchresults7\searchresultsDx.dll (Ask.com) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Search Results Toolbar) - {6f895323-a0d1-4844-b5d1-89e3962fa2b2} - C:\Program Files (x86)\searchresults7\searchresultsDx.dll (Ask.com) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4:64bit: - HKLM..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe (Hewlett-Packard) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [4StoryPrePatch] C:\Program Files (x86)\Gameforge4D\4Story_DE\PrePatch.exe (Zemi Interactive Inc.) O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe (Hewlett-Packard) O4 - HKLM..\Run: [File Sanitizer] c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe File not found O4 - HKLM..\Run: [HP KEYBOARDx] C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE (Hewlett-Packard) O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard) O4 - HKLM..\Run: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe (Hewlett-Packard) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [V0330Mon.exe] C:\Windows\V0330Mon.exe (Creative Technology Ltd.) O4 - HKCU..\Run: [AdobeBridge] File not found O4 - HKCU..\Run: [Facebook Update] C:\Users\Hasan\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKCU..\Run: [ManyCam] C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe (ManyCam LLC) O4 - HKCU..\Run: [msnmsgr] "C:\Program Files (x86)\MSN Messenger\MsnMsgr.Exe" /background File not found O4 - Startup: C:\Users\Hasan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Hasan\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube Download - C:\Users\Hasan\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105 File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{01E32558-04E0-47CB-9B2E-2427C0BF0AF6}: DhcpNameServer = 194.48.124.202 194.48.124.200 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4FEC8B8A-844A-4648-BBA6-77D1D4CFCE20}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\ms-help - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/02/10 08:27:47 | 000,000,063 | R--- | M] () - J:\autorun.inf -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/08/06 13:54:10 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{2B0399E8-A7DF-423A-9B2A-F268C7A34BAC} [2012/08/06 13:53:48 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{EF93F329-F4B3-43D9-B5C7-FCBDABEC5C5C} [2012/08/06 12:01:30 | 000,000,000 | ---D | C] -- C:\Users\Hasan\Desktop\Neuer Ordner [2012/08/06 12:00:09 | 000,000,000 | ---D | C] -- C:\Users\Hasan\Videos [2012/08/06 11:19:49 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Roaming\vlc [2012/08/06 11:19:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2012/08/06 11:19:32 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN [2012/08/06 02:11:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012/08/06 02:11:35 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012/08/06 01:48:18 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{BCBA8AD9-ECB8-4230-A87B-3B6C7D48448F} [2012/08/06 01:47:56 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{B38D7C8B-94E2-4A04-AFD7-8BA94E6C13A3} [2012/08/06 01:46:18 | 000,000,000 | ---D | C] -- C:\Live!Cam [2012/08/06 01:14:47 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Roaming\Malwarebytes [2012/08/06 01:14:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/08/06 01:14:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/08/06 01:14:20 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/08/06 01:14:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012/08/06 00:29:41 | 000,000,000 | ---D | C] -- C:\_OTL [2012/08/05 00:48:14 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{5ADD9703-0938-4983-BE15-21426345892A} [2012/08/05 00:47:53 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{57F68B9E-B5FF-4E8A-8ABE-FA5B56731A34} [2012/08/03 01:10:21 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{7CC89465-27CC-43AD-BBA7-8D5E0AF05412} [2012/08/03 01:10:00 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{709EE5F8-6F4C-4F79-A830-BB563039B320} [2012/08/02 19:42:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ManyCam [2012/08/02 13:09:49 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{25A14C24-115B-4743-A4B9-360970F10CE8} [2012/08/02 13:09:39 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{68825BD3-17BF-4AC0-A390-1ED1815C70F2} [2012/08/02 01:15:45 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HyperCam 2 [2012/08/02 01:15:45 | 000,000,000 | ---D | C] -- C:\Program Files\HyperCam 2 [2012/08/02 01:15:39 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Roaming\BabylonToolbar [2012/08/02 01:15:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BabylonToolbar [2012/08/02 01:15:16 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Roaming\Babylon [2012/08/02 01:15:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2012/08/01 15:53:27 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{28BFCE1E-D883-4416-8C9C-891A79D3D3A4} [2012/08/01 15:53:12 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{3A6EBDDD-A536-4508-84AB-1C7AB7B4227E} [2012/08/01 01:02:00 | 000,000,000 | ---D | C] -- C:\Users\Hasan\Desktop\Originals [2012/07/31 21:05:08 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{159B3B5D-A9C6-4D54-90AB-A27F571892EC} [2012/07/31 21:04:47 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{FF1B64E1-599B-47EF-BCAC-A1F6625D08D4} [2012/07/30 17:09:42 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{8A2A63B4-4D80-4DDE-BE6E-FB4EA9A96D57} [2012/07/30 17:09:21 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{7E5CE4C6-5036-4490-9BAE-E50BA4C11417} [2012/07/30 02:13:40 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{3E10D924-3BDC-4355-971A-B740D0FCE0E2} [2012/07/30 02:13:19 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{1A89631F-5958-4CBD-A308-256703E7611D} [2012/07/30 01:39:18 | 000,000,000 | R--D | C] -- C:\Users\Hasan\Desktop\Videos [2012/07/29 23:31:27 | 000,000,000 | ---D | C] -- C:\Users\Hasan\Desktop\Programme [2012/07/29 23:31:17 | 000,000,000 | ---D | C] -- C:\Users\Hasan\Desktop\Sachen [2012/07/29 22:02:34 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Roaming\TS3Client [2012/07/29 22:02:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client [2012/07/29 22:02:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamSpeak 3 Client [2012/07/29 14:12:40 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{4113691A-3B75-4EDE-90DA-290FF82ADA47} [2012/07/29 14:12:18 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{C4773A9E-32D7-4C53-BC99-57C1E190B471} [2012/07/29 02:12:06 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{6F7D28C4-4998-4FCA-B5AB-580B76D71599} [2012/07/29 02:11:44 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{1AB74AAC-EB01-46E0-AA5D-24F26A670F73} [2012/07/28 14:11:22 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{8456CACF-BDE2-4C4E-A4DE-55E1F28B6B2F} [2012/07/28 14:11:00 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{00F0E8B7-6F72-4A1C-907A-85FE1AECB568} [2012/07/28 02:10:48 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{B1CDDB69-B683-4068-AA0E-41095B0B6DD9} [2012/07/28 02:10:27 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{72B4D5F5-480A-4C20-9689-F4C11120BCA9} [2012/07/28 01:40:34 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\Microsoft Games [2012/07/26 02:08:17 | 000,000,000 | ---D | C] -- C:\Users\Hasan\Documents\Unbenannte Site 2 [2012/07/26 01:56:35 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Roaming\PDAppFlex [2012/07/26 01:45:34 | 000,000,000 | ---D | C] -- C:\Users\Hasan\Adobe Dreamweaver CS6 [2012/07/26 01:44:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Download Assistant [2012/07/26 01:25:53 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2012/07/25 21:20:38 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Roaming\FileZilla [2012/07/25 21:20:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client [2012/07/25 21:20:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client [2012/07/25 00:45:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3 [2012/07/25 00:45:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2012/07/24 23:56:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CamStudio [2012/07/24 23:56:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CamStudio [2012/07/24 11:31:52 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{4D8D930D-F207-4E3F-9E69-11B4E6EEC7E7} [2012/07/24 11:31:40 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{36B0E413-3D08-43A3-A6A7-BD69E81ABE9A} [2012/07/23 15:28:49 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{1898ADF7-F218-4D8B-AE96-1B7C4392FBD4} [2012/07/23 15:28:28 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{0D47F3FB-B1D1-446E-B815-032FE959D3BD} [2012/07/23 03:28:15 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{5916EFA4-C072-49B4-A3EB-3E587C054DA4} [2012/07/23 03:27:51 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{37C8340E-A5A5-4056-A03B-153E9D315E1B} [2012/07/22 15:27:39 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{31BFB867-5022-4FB9-BA6C-81F5D53534C4} [2012/07/22 15:27:29 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{DD916C18-EBB4-4DB0-A7FA-008DC5583B2A} [2012/07/21 22:50:48 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{8C10D91D-2B5B-4B38-B1C4-97301E9A8697} [2012/07/21 22:50:38 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{8405A8A4-0F97-42CB-AB21-C8E759D636A8} [2012/07/21 22:49:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live [2012/07/21 17:48:20 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{47385DC7-0AB8-4901-9E04-E3B14BAB1013} [2012/07/21 17:47:59 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{5A0E4F8C-F4AF-45BB-9E15-3CA017798A7D} [2012/07/20 15:51:38 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{A9FD05A7-BCF4-4201-AED4-5DB918256C71} [2012/07/20 15:51:26 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{79322B56-BE36-4D41-B66F-06770DAAD19A} [2012/07/20 03:19:04 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{B187B9EF-200B-4666-9672-D93CD4B5AB06} [2012/07/20 03:18:54 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{4E1F4D8B-496F-48B0-8318-B09A586B1A00} [2012/07/19 18:26:12 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\fontconfig [2012/07/19 18:26:11 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\gegl-0.2 [2012/07/19 18:26:11 | 000,000,000 | ---D | C] -- C:\Users\Hasan\.gimp-2.8 [2012/07/19 18:25:29 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2 [2012/07/19 15:09:59 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{2D343FC7-5462-4F5C-A971-F7015DFED365} [2012/07/19 15:09:36 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{B1F8A5FC-AF8A-4298-8C6B-C74AEC933273} [2012/07/19 02:35:22 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{E4285FAF-A47F-4C5F-BDAC-A11291FA2DD3} [2012/07/19 02:35:01 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{1AB7B756-E749-4F1C-9026-7CBB6FE024CB} [2012/07/18 14:34:50 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{0E629838-A0AC-4DC2-90FF-38C206B177E7} [2012/07/18 14:34:40 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{63435A9F-FDB7-4567-9D9B-F4979AB435CA} [2012/07/18 02:15:57 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{1CA24466-3668-4247-A926-8452B1B57AD4} [2012/07/18 02:15:36 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{1ECB46B2-34B2-479F-AF43-E4234C9D9173} [2012/07/17 14:15:13 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{B61A7FFA-D63A-4B94-90EA-20A6E60F32A7} [2012/07/17 02:14:40 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{1C834213-0DCA-4D5A-9639-801764BABEB6} [2012/07/17 02:14:30 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{329BB924-8C3B-4541-8E3A-6C3F10972398} [2012/07/16 21:27:37 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Roaming\Tinychat [2012/07/16 21:24:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tinychat [2012/07/16 21:24:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tinychat [2012/07/16 21:23:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\searchresults7 [2012/07/16 14:14:07 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{1CE463C0-D0D0-4E19-BAB8-62BC9A251D25} [2012/07/15 20:13:25 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{31B85B1D-A190-46D5-97E7-46CF5ADE1DD5} [2012/07/15 20:13:15 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{9A975B2F-DFF3-4127-80B1-42FF96905B43} [2012/07/13 15:01:17 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{782B7C2C-DAFC-4E3F-B9CD-5F233D49F7FA} [2012/07/13 01:46:31 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{66660F43-5618-493E-9F43-AD1F1386E375} [2012/07/12 12:59:48 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{05EECE62-9759-48CA-867E-E7B3D302A6AA} [2012/07/12 12:59:37 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{3844BF78-B4C2-4467-9FB3-5FAA87656AC6} [2012/07/12 02:26:25 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012/07/12 02:26:25 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012/07/12 02:26:25 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012/07/12 02:26:25 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012/07/12 02:26:24 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012/07/12 02:26:24 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012/07/12 02:26:24 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012/07/12 02:26:24 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012/07/12 02:26:23 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012/07/12 02:26:22 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012/07/12 02:26:22 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012/07/12 02:26:22 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012/07/12 02:26:22 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012/07/11 22:48:41 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{CA84F0AE-D45F-4F56-90EA-DB90756C7788} [2012/07/11 10:48:09 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{A22F3D48-4488-4037-BFF8-96FE929B906A} [2012/07/11 07:31:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll [2012/07/11 07:31:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll [2012/07/11 07:31:15 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2012/07/11 07:31:12 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2012/07/11 07:31:12 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2012/07/11 07:31:10 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll [2012/07/11 07:31:09 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll [2012/07/11 03:00:41 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe [2012/07/10 22:47:36 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{E6276D7C-555D-40A5-9762-30F26344B02F} [2012/07/10 20:02:25 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe [2012/07/10 19:54:22 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe [2012/07/10 19:53:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2012/07/10 19:52:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Media Player [2012/07/10 19:52:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe [2012/07/10 10:47:02 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{812E6B8C-2027-442A-A986-848C7D084781} [2012/07/10 10:46:52 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{EF48C423-FB01-4809-9322-09319CF26E93} [2012/07/09 23:27:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SubscribeWinManual [2012/07/09 23:27:23 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SubscribeWin [2012/07/09 13:21:33 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{84FE4ED8-B384-4FF1-B81D-B2EF8EF8885D} [2012/07/09 13:21:23 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{8B572D86-6D41-4096-B021-B96EC02DD0F2} [2012/07/09 00:07:53 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{921B9F9A-E79C-4036-A1B7-06DD03A4267B} [2012/07/09 00:07:31 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{BAE7F533-C021-4FC6-A870-7C73BC8A702B} [2012/07/08 01:11:08 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{D32ACB7E-8123-415F-80AD-FE042B6AD2A4} [2012/07/08 01:10:52 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{9D7B3FDC-9E10-4463-B97E-9C9BB348944B} ========== Files - Modified Within 30 Days ========== [2012/08/06 13:29:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/08/06 13:08:32 | 000,050,701 | ---- | M] () -- C:\Users\Hasan\Desktop\527239_458266014203741_1415742370_n.jpg [2012/08/06 12:50:50 | 000,058,590 | ---- | M] () -- C:\Users\Hasan\Desktop\599748_458542030842806_1298556685_n.jpg [2012/08/06 11:34:00 | 000,001,138 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3434772256-3054764370-1773770708-1002UA.job [2012/08/06 11:26:03 | 000,032,036 | ---- | M] () -- C:\Users\Hasan\Desktop\422249_399836330063686_1661092028_n.jpg [2012/08/06 11:19:45 | 000,000,873 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2012/08/06 11:16:07 | 000,027,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/08/06 11:16:07 | 000,027,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/08/06 11:15:13 | 001,617,924 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/08/06 11:15:13 | 000,700,348 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012/08/06 11:15:13 | 000,654,330 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/08/06 11:15:13 | 000,149,304 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012/08/06 11:15:13 | 000,122,162 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/08/06 11:08:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/08/06 11:08:41 | 3205,750,784 | -HS- | M] () -- C:\hiberfil.sys [2012/08/06 03:58:54 | 000,903,970 | ---- | M] () -- C:\Users\Hasan\Desktop\ASDAS.png [2012/08/06 03:58:31 | 000,006,144 | -H-- | M] () -- C:\Users\Hasan\Desktop\photothumb.db [2012/08/06 03:35:59 | 898,983,936 | ---- | M] () -- C:\Users\Hasan\Desktop\SEX.avi [2012/08/06 03:33:41 | 001,277,080 | ---- | M] () -- C:\Users\Hasan\Desktop\CAMSEX.png [2012/08/06 03:06:53 | 000,048,534 | ---- | M] () -- C:\Users\Hasan\Desktop\560959_405156242874566_1258274355_n.jpg [2012/08/06 02:49:23 | 001,259,799 | ---- | M] () -- C:\Users\Hasan\Desktop\Unbenannt.png [2012/08/05 00:59:32 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3434772256-3054764370-1773770708-1002Core.job [2012/08/04 01:09:34 | 000,000,132 | ---- | M] () -- C:\Users\Hasan\AppData\Roaming\Adobe PNG Format CS5 Prefs [2012/08/02 23:29:18 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012/08/02 23:29:18 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012/08/02 01:30:40 | 000,004,096 | ---- | M] () -- C:\graph.grf [2012/08/02 01:15:37 | 000,000,319 | ---- | M] () -- C:\user.js [2012/07/25 00:42:28 | 000,004,634 | ---- | M] () -- C:\Users\Hasan\AppData\Local\recently-used.xbel [2012/07/12 12:43:45 | 004,970,672 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/07/10 23:23:13 | 000,138,460 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat ========== Files Created - No Company Name ========== [2012/08/06 13:31:38 | 220,780,554 | ---- | C] () -- C:\Users\Hasan\Desktop\Deutsches 18j junges Teen im Urlaub gefickt.avi [2012/08/06 13:08:36 | 000,050,701 | ---- | C] () -- C:\Users\Hasan\Desktop\527239_458266014203741_1415742370_n.jpg [2012/08/06 12:50:53 | 000,058,590 | ---- | C] () -- C:\Users\Hasan\Desktop\599748_458542030842806_1298556685_n.jpg [2012/08/06 11:26:07 | 000,032,036 | ---- | C] () -- C:\Users\Hasan\Desktop\422249_399836330063686_1661092028_n.jpg [2012/08/06 11:19:45 | 000,000,873 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2012/08/06 03:58:31 | 000,006,144 | -H-- | C] () -- C:\Users\Hasan\Desktop\photothumb.db [2012/08/06 03:58:23 | 000,903,970 | ---- | C] () -- C:\Users\Hasan\Desktop\ASDAS.png [2012/08/06 03:36:03 | 898,983,936 | ---- | C] () -- C:\Users\Hasan\Desktop\SEX.avi [2012/08/06 03:33:41 | 001,277,080 | ---- | C] () -- C:\Users\Hasan\Desktop\CAMSEX.png [2012/08/06 03:06:57 | 000,048,534 | ---- | C] () -- C:\Users\Hasan\Desktop\560959_405156242874566_1258274355_n.jpg [2012/08/06 02:49:23 | 001,259,799 | ---- | C] () -- C:\Users\Hasan\Desktop\Unbenannt.png [2012/08/06 00:06:26 | 000,084,424 | ---- | C] () -- C:\Windows\SysNative\drivers\c0a601981b06d85c.sys [2012/08/02 01:21:25 | 000,004,096 | ---- | C] () -- C:\graph.grf [2012/08/02 01:15:37 | 000,000,319 | ---- | C] () -- C:\user.js [2012/07/27 02:42:03 | 000,000,132 | ---- | C] () -- C:\Users\Hasan\AppData\Roaming\Adobe PNG Format CS5 Prefs [2012/07/26 01:55:55 | 000,001,237 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Dreamweaver CS6.lnk [2012/07/26 01:55:07 | 000,001,359 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk [2012/07/26 01:55:06 | 000,001,525 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk [2012/07/26 01:54:47 | 000,001,099 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Widget Browser.lnk [2012/07/26 01:25:52 | 000,001,045 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk [2012/07/25 00:42:28 | 000,004,634 | ---- | C] () -- C:\Users\Hasan\AppData\Local\recently-used.xbel [2012/07/21 22:49:57 | 000,002,488 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk [2012/07/19 18:26:04 | 000,001,120 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk [2012/07/10 23:23:13 | 000,138,460 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat [2012/07/10 19:54:27 | 000,001,234 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5 (64 Bit).lnk [2012/07/10 19:53:25 | 000,001,175 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.lnk [2012/07/10 19:53:13 | 000,001,268 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.lnk [2012/07/10 19:52:22 | 000,001,359 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.lnk [2012/07/10 19:52:17 | 000,001,525 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.lnk [2012/07/10 19:51:55 | 000,000,999 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk [2012/06/28 21:06:50 | 000,000,004 | ---- | C] () -- C:\Windows\info147.sys [2012/06/24 22:49:35 | 000,003,584 | ---- | C] () -- C:\Users\Hasan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/06/20 17:08:20 | 000,000,184 | ---- | C] () -- C:\Windows\AutoKMS.ini [2012/05/24 16:38:56 | 000,000,600 | ---- | C] () -- C:\Users\Hasan\AppData\Roaming\winscp.rnd [2012/01/08 07:17:07 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012/01/08 07:12:57 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011/06/21 10:07:00 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL [2011/06/08 08:03:12 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2011/02/11 22:29:00 | 001,598,486 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI < End of report > |
|
06.08.2012, 13:53
| #6 |
| | Start Windows 7 white Screen dann leerer Desktop abgesichterer Modus geht normal Hi, durch den Doppelklick auf die Datei syshost.exe, hast Du Dir gleich den nächsten eingefangen... Fix für OTL:
Code:
ATTFilter
:OTL
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB9ED.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB96E.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMBB5D.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMBB1C.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMBACC.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMBA4D.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\YTMP7MC8AA\TAABD0E.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB8EF.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB832.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB7B3.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB754.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB713.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB6D3.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB6A2.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB652.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB621.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB5E1.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB5A0.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB560.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB52F.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB4EF.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB49F.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB45E.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB40E.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB3CE.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB37D.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB32D.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB24B.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB1CA.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB27B.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB2ED.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB2AC.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB20A.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB16A.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB057.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMAF88.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB0A7.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMAFF7.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMAF17.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMAEE6.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMAEB5.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMAE54.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMAE23.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMADF2.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMADC1.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB109.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMAE85.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMAF48.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMAD41.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMAD71.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB139.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB0D8.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMAC83.tmp ()
[2012/08/06 00:06:26 | 000,084,424 | ---- | C] () -- C:\Windows\SysNative\drivers\c0a601981b06d85c.sys
:Commands
[emptytemp]
[Reboot]
AdwareCleaner (AdwCleaner) Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen! Poste die Logfiles in Code-Tags Download über AdwCleaner by Xplode zum Desktop.  Starte AdwCleaner und klicke Search Nach einiger zeit öffnet ein Logfile (C:\AdwCleaner[xx].txt) poste dessen Inhalt hier ins Forum. MAM updaten und Fullscan, Log posten... chris
__________________ --> Start Windows 7 white Screen dann leerer Desktop abgesichterer Modus geht normal |
|
06.08.2012, 14:50
| #7 |
| | Start Windows 7 white Screen dann leerer Desktop abgesichterer Modus geht normal hej ok habs gemacht neugestartet und ja adware Ergebniss : Code:
ATTFilter # AdwCleaner v1.800 - Logfile created 08/06/2012 at 15:02:05
# Updated 01/08/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Hasan - HASAN-HP
# Running from : C:\Users\Hasan\Downloads\adwcleaner.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
Folder Found : C:\Users\Hasan\AppData\Local\APN
Folder Found : C:\Users\Hasan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Folder Found : C:\Users\Hasan\AppData\Local\vghd
Folder Found : C:\Users\Hasan\AppData\LocalLow\AskToolbar
Folder Found : C:\Users\Hasan\AppData\Roaming\Babylon
Folder Found : C:\Users\Hasan\AppData\Roaming\BabylonToolbar
Folder Found : C:\Users\Hasan\AppData\Roaming\Mozilla\Firefox\Profiles\b0ehi8gq.default\extensions\toolbar@ask.com
Folder Found : C:\ProgramData\Ask
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\Program Files (x86)\Ask.com
Folder Found : C:\Program Files (x86)\BabylonToolbar
Folder Found : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\ask.xml
File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
***** [Registry] *****
Key Found : HKCU\Software\APN
Key Found : HKCU\Software\APN DTX
Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
Key Found : HKCU\Software\Ask.com
Key Found : HKCU\Software\BabylonToolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\APN
Key Found : HKLM\SOFTWARE\AskToolbar
Key Found : HKLM\SOFTWARE\Babylon
Key Found : HKLM\SOFTWARE\BabylonToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\b
Key Found : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Key Found : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Key Found : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Key Found : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Found : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Key Found : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{83AA2913-C123-4146-85BD-AD8F93971D39}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
[x64] Key Found : HKCU\Software\APN
[x64] Key Found : HKCU\Software\APN DTX
[x64] Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
[x64] Key Found : HKCU\Software\Ask.com
[x64] Key Found : HKCU\Software\BabylonToolbar
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
[x64] Key Found : HKCU\Software\Softonic
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\b
[x64] Key Found : HKLM\SOFTWARE\Classes\Babylon.dskBnd
[x64] Key Found : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
[x64] Key Found : HKLM\SOFTWARE\Classes\bbylnApp.appCore
[x64] Key Found : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
[x64] Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane
[x64] Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
[x64] Key Found : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
[x64] Key Found : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
[x64] Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
[x64] Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
[x64] Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
[x64] Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
[x64] Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar
[x64] Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
***** [Registre - GUID] *****
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Key Found : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
[x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
[x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
[x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD}
[x64] Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?affID=112542&tt=010812_hplgoff_3112_1&babsrc=HP_ss&mntrId=96ad0afd000000000000386077b87e7b
-\\ Mozilla Firefox v14.0.1 (de)
Profile name : default
File : C:\Users\Hasan\AppData\Roaming\Mozilla\Firefox\Profiles\b0ehi8gq.default\prefs.js
Found : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=112542&tt=010812_hplgoff_3112_1&ba[...]
Found : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Found : user_pref("browser.search.order.1", "Search the web (Babylon)");
Found : user_pref("browser.search.selectedEngine", "Search the web (Babylon)");
Found : user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?affID=112542&tt=010812_hplgoff_311[...]
Found : user_pref("extensions.BabylonToolbar.admin", false);
Found : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Found : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Found : user_pref("extensions.BabylonToolbar.excTlbr", false);
Found : user_pref("extensions.BabylonToolbar.id", "96ad0afd000000000000386077b87e7b");
Found : user_pref("extensions.BabylonToolbar.instlDay", "15553");
Found : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Found : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Found : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Found : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Found : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://www.google.com/search?babsrc=TB_ggl&q=");
Found : user_pref("extensions.BabylonToolbar.vrsn", "1.5.29.1");
Found : user_pref("extensions.BabylonToolbar.vrsni", "1.5.29.1");
Found : user_pref("extensions.BabylonToolbar_i.babExt", "");
Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=112542&tt=010812_hplgoff_3112_1");
Found : user_pref("extensions.BabylonToolbar_i.newTab", true);
Found : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=112542&tt=01081[...]
Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.29.11:15:34");
Found : user_pref("keyword.URL", "hxxp://search.babylon.com/?affID=112542&tt=010812_hplgoff_3112_1&babsrc=KW[...]
-\\ Google Chrome v18.0.1025.168
File : C:\Users\Hasan\AppData\Local\Google\Chrome\User Data\Default\Preferences
Found : "scriptable_host": [ "*://*.ask.com/", "*://*.bagsbuy.com/*", "*://*.childrenschorus.[...]
Found : "matches": [ "*://*.google.com/*", "*://*.ask.com/", "*://*.bagsbuy.com/*", "*://*[...]
Found : "update_url": "hxxp://apnmedia.ask.com/media/toolbar/supertoolbar/chrome/manifest.php[...]
Found : "default_icon": "browser_icon_babylon48.png",
Found : "default_title": "Babylon Toolbar"
Found : "description": "Babylon ToolBar",
Found : "128": "babylon48.png",
Found : "48": "babylon48.png"
Found : "name": "Babylon Toolbar",
Found : "path": "BabylonChromeToolBar.dll",
Found : "update_url": "hxxp://img.babylon.com/ext/chrome/update/update1.xml",
Found : "homepage": "hxxp://search.babylon.com/?affID=112542&tt=010812_hplgoff_3112_1&babsrc=HP_ss&mntrId[...]
*************************
AdwCleaner[R1].txt - [16676 octets] - [06/08/2012 15:02:05]
########## EOF - C:\AdwCleaner[R1].txt - [16805 octets] ##########
Malware : Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.06.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Hasan :: HASAN-HP [Administrator] Schutz: Aktiviert 06.08.2012 15:04:53 mbam-log-2012-08-06 (15-04-53).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 368260 Laufzeit: 38 Minute(n), 32 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
06.08.2012, 15:59
| #8 |
| | Start Windows 7 white Screen dann leerer Desktop abgesichterer Modus geht normal Hi, AdwareCleaner Schliesse alle offenstehende Fenster und starte AdwCleaner (Win7/Vista: Als Administrator ausführen)
Dein Rechner wird neu gestartet und es öffnet sich ein Logfile (C:\AdwCleaner[xx].txt), poste dessen Inhalt hier ins Forum. MAM hat nichts erkannt, da bin ich mal gespannt... Das Verzeichnis C:\_OTL\MovedFiles packen und wie folgt hier hochladen: Datei hochladen: http://www.trojaner-board.de/54791-a...ner-board.html Folge den Anweisungen dort... Wie verhält sich der Rechner? chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
06.08.2012, 16:28
| #9 |
| | Start Windows 7 white Screen dann leerer Desktop abgesichterer Modus geht normal Hallo Ok habs abgeschickt ahm der Rechner ist eigentlich ganz Normal also ich merke nichts nur etwas merke ich rechts unten aufm Desktop steht " Testmodus Windows 7 build 7601 " sonst eigentlich garnichts . Code:
ATTFilter # AdwCleaner v1.800 - Logfile created 08/06/2012 at 17:21:33
# Updated 01/08/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Hasan - HASAN-HP
# Running from : C:\Users\Hasan\Desktop\adwcleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
Folder Deleted : C:\Users\Hasan\AppData\Local\APN
Folder Deleted : C:\Users\Hasan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Folder Deleted : C:\Users\Hasan\AppData\Local\vghd
Folder Deleted : C:\Users\Hasan\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Hasan\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Hasan\AppData\Roaming\BabylonToolbar
Folder Deleted : C:\Users\Hasan\AppData\Roaming\Mozilla\Firefox\Profiles\b0ehi8gq.default\extensions\toolbar@ask.com
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\Program Files (x86)\Ask.com
Folder Deleted : C:\Program Files (x86)\BabylonToolbar
Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\ask.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
***** [Registry] *****
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\APN DTX
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\Ask.com.tmp
Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\APN
Key Deleted : HKLM\SOFTWARE\AskToolbar
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\BabylonToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\b
Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{83AA2913-C123-4146-85BD-AD8F93971D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
[x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
***** [Registre - GUID] *****
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
[x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?affID=112542&tt=010812_hplgoff_3112_1&babsrc=HP_ss&mntrId=96ad0afd000000000000386077b87e7b --> hxxp://www.google.com
-\\ Mozilla Firefox v14.0.1 (de)
Profile name : default
File : C:\Users\Hasan\AppData\Roaming\Mozilla\Firefox\Profiles\b0ehi8gq.default\prefs.js
C:\Users\Hasan\AppData\Roaming\Mozilla\Firefox\Profiles\b0ehi8gq.default\user.js ... Deleted !
Deleted : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=112542&tt=010812_hplgoff_3112_1&ba[...]
Deleted : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");
Deleted : user_pref("browser.search.selectedEngine", "Search the web (Babylon)");
Deleted : user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?affID=112542&tt=010812_hplgoff_311[...]
Deleted : user_pref("extensions.BabylonToolbar.admin", false);
Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);
Deleted : user_pref("extensions.BabylonToolbar.id", "96ad0afd000000000000386077b87e7b");
Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15553");
Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Deleted : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://www.google.com/search?babsrc=TB_ggl&q=");
Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.5.29.1");
Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.5.29.1");
Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=112542&tt=010812_hplgoff_3112_1");
Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=112542&tt=01081[...]
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.29.11:15:34");
Deleted : user_pref("keyword.URL", "hxxp://search.babylon.com/?affID=112542&tt=010812_hplgoff_3112_1&babsrc=KW[...]
-\\ Google Chrome v18.0.1025.168
File : C:\Users\Hasan\AppData\Local\Google\Chrome\User Data\Default\Preferences
Deleted : "scriptable_host": [ "*://*.ask.com/", "*://*.bagsbuy.com/*", "*://*.childrenschorus.[...]
Deleted : "matches": [ "*://*.google.com/*", "*://*.ask.com/", "*://*.bagsbuy.com/*", "*://*[...]
Deleted : "update_url": "hxxp://apnmedia.ask.com/media/toolbar/supertoolbar/chrome/manifest.php[...]
Deleted : "default_icon": "browser_icon_babylon48.png",
Deleted : "default_title": "Babylon Toolbar"
Deleted : "description": "Babylon ToolBar",
Deleted : "128": "babylon48.png",
Deleted : "48": "babylon48.png"
Deleted : "name": "Babylon Toolbar",
Deleted : "path": "BabylonChromeToolBar.dll",
Deleted : "update_url": "hxxp://img.babylon.com/ext/chrome/update/update1.xml",
Deleted : "homepage": "hxxp://search.babylon.com/?affID=112542&tt=010812_hplgoff_3112_1&babsrc=HP_ss&mntrId[...]
*************************
AdwCleaner[R1].txt - [16681 octets] - [06/08/2012 15:02:05]
AdwCleaner[S1].txt - [13662 octets] - [06/08/2012 17:21:33]
########## EOF - C:\AdwCleaner[S1].txt - [13791 octets] ##########
|
|
08.08.2012, 06:42
| #10 |
| | Start Windows 7 white Screen dann leerer Desktop abgesichterer Modus geht normal Hi, das liegt an unsignierten Treibern die Installiert wurden... Eine Möglichkeit wäre in einer mit Adminrechten ausgestatteten CommandShell (testhalber) folgendes einzugeben: Code:
ATTFilter 1) Bcdedit.exe -set Loadoptions ENABLE_INTEGRITY_CHECKS
2) Bcdedit.exe -set TESTSIGNING OFF
OSAM Prüft Programme/Treiber die gestartet werden online. Folge den Anweisungen hier http://www.trojaner-board.de/84180-a...n-manager.html zur Erstellung eines Logs und poste das hier in Deinem Thread. chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
| Themen zu Start Windows 7 white Screen dann leerer Desktop abgesichterer Modus geht normal |
| babylon toolbar, babylontoolbar, bho, bonjour, desktop, document, entfernen, error, excel, fehler, firefox, flash player, format, ftp, google, helper, index, install.exe, jdownloader, limited.com/facebook, logfile, plug-in, problem, realtek, recuva, registry, rundll, search results toolbar, search the web, security, server, sich automatisch, software, start windows 7, syshost.exe, syshost32, teamspeak, udp, white, wildtangent games, windows |
Linear-Darstellung
