| |
| |||||||
Log-Analyse und Auswertung: Start Windows 7 white Screen dann leerer Desktop abgesichterer Modus geht normalWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
05.08.2012, 14:05
| #1 |
| |  Start Windows 7 white Screen dann leerer Desktop abgesichterer Modus geht normal Hallo ich bin neu hier und hab halt ein Problem und wollte hier um Hilfe bitten, Ich hab Windows 7 und als ich gestern im Netz war kam ein White Screen danach schaltete er sich automatisch ab. Beim neustarten konnte ich mich ganz normal einloggen doch dann kam der Whitescreen und eine Meldung danach kommt aber immer der Leerer Desktop, Task Manager geht Abgesichter Modus geht so ein Thred gibt es scho hier zb . http://www.trojaner-board.de/120788-...-anzeigen.html doch ich hab alles nachgemacht komm aber nicht bei der Box weiter was ich da halt fixen muss . Ich hab jetzt alles mal gescant und hab 2 Sachen erhalten : Einmal OTL.txt : OTL Logfile: Code:
ATTFilter OTL logfile created on: 8/5/2012 2:38:51 PM - Run 1 OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Hasan\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 3.98 Gb Total Physical Memory | 2.92 Gb Available Physical Memory | 73.46% Memory free 7.96 Gb Paging File | 6.93 Gb Available in Paging File | 87.04% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 919.26 Gb Total Space | 829.24 Gb Free Space | 90.21% Space Free | Partition Type: NTFS Drive D: | 12.16 Gb Total Space | 1.49 Gb Free Space | 12.28% Space Free | Partition Type: NTFS Drive E: | 4.38 Gb Total Space | 4.24 Gb Free Space | 96.96% Space Free | Partition Type: UDF Drive J: | 1.58 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: HASAN-HP | User Name: Hasan | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Hasan\Desktop\OTL.exe (OldTimer Tools) ========== Modules (No Company Name) ========== MOD - C:\Users\Hasan\AppData\Local\Google\Chrome\USERDA~1\Default\EXTENS~1\DHKPLH~1\1.7_0\BABYLO~1.DLL () MOD - C:\Users\Hasan\AppData\Roaming\BabylonToolbar\CR\BUSolution.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\STacSV64.exe (IDT, Inc.) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (HPAuto) -- C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe (Hewlett-Packard) SRV:64bit: - (HPClientSvc) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV:64bit: - (AESTFilters) -- C:\Program Files\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation) SRV - (syshost32) -- C:\Windows\Installer\{8A1CE765-70F9-308B-172E-191DF63D1250}\syshost.exe (Samsung) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (Hewlett-Packard Company) SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (VCam_WDM) -- C:\Windows\SysNative\drivers\VCam_WDM.sys (e2eSoft) DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (mcaudrv_simple) -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys (ManyCam LLC) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (ManyCam) -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys (ManyCam LLC) DRV:64bit: - (pmxdrv) -- C:\Windows\SysNative\drivers\pmxdrv.sys () DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation) DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation) DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation) DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation) DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.) DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (tixhci) -- C:\Windows\SysNative\drivers\tixhci.sys (Texas Instruments Incorporated) DRV:64bit: - (tihub3) -- C:\Windows\SysNative\drivers\tihub3.sys (Texas Instruments Incorporated) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (OxSer) -- C:\Windows\SysNative\drivers\OxSer.sys (OEM) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (V0330VID) -- C:\Windows\SysNative\drivers\V0330Vid.sys (Creative Technology Ltd.) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (PCWinSoft) -- C:\Windows\SysNative\drivers\scrcamlrdrv_x64.sys (Windows (R) Server 2003 DDK provider) DRV:64bit: - (mcdbus) -- C:\Windows\SysNative\drivers\mcdbus.sys (MagicISO, Inc.) DRV:64bit: - (OxPPort) -- C:\Windows\SysNative\drivers\OxPPort.sys (OEM) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (mcdbus) -- C:\Windows\SysWOW64\drivers\mcdbus.sys (MagicISO, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/28 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/28 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CMDTDF IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMDTDF IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-5/4?satitle={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{F625FDB0-9AA1-4969-B902-A345E6A8D8CE}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/28 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/28 IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CMDTDF IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMDTDF IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-5/4?satitle={searchTerms} IE - HKLM\..\SearchScopes\{F625FDB0-9AA1-4969-B902-A345E6A8D8CE}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/28 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=112542&tt=010812_hplgoff_3112_1&babsrc=HP_ss&mntrId=96ad0afd000000000000386077b87e7b IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=112542&tt=010812_hplgoff_3112_1&babsrc=SP_ss&mntrId=96ad0afd000000000000386077b87e7b IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMDTDF IE - HKCU\..\SearchScopes\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD}: "URL" = hxxp://eu.ask.com/web?l=dis&o=APN10630&gct=sb&qsrc=2869&apn_dtid=^YYYYYY^YY^AT&apn_ptnrs=^AE2&apn_uid=0325063925894589&p2=^AE2^YYYYYY^YY^AT&q={searchTerms} IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-5/4?satitle={searchTerms} IE - HKCU\..\SearchScopes\{F625FDB0-9AA1-4969-B902-A345E6A8D8CE}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)" FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/?affID=112542&tt=010812_hplgoff_3112_1&babsrc=HP_ss&mntrId=96ad0afd000000000000386077b87e7b" FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?affID=112542&tt=010812_hplgoff_3112_1&babsrc=KW_ss&mntrId=96ad0afd000000000000386077b87e7b&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Hasan\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/21 23:47:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/05/15 18:41:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hasan\AppData\Roaming\mozilla\Extensions [2012/08/02 01:15:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hasan\AppData\Roaming\mozilla\Firefox\Profiles\b0ehi8gq.default\extensions [2012/07/16 21:24:01 | 000,000,000 | ---D | M] (Search Results Toolbar) -- C:\Users\Hasan\AppData\Roaming\mozilla\Firefox\Profiles\b0ehi8gq.default\extensions\{6f895323-a0d1-4844-b5d1-89e3962fa2b2} [2012/06/23 15:09:45 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Hasan\AppData\Roaming\mozilla\Firefox\Profiles\b0ehi8gq.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012/07/07 13:19:26 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Hasan\AppData\Roaming\mozilla\Firefox\Profiles\b0ehi8gq.default\extensions\toolbar@ask.com [2012/05/15 18:41:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012/07/24 19:03:42 | 000,413,408 | ---- | M] () (No name found) -- C:\USERS\HASAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\B0EHI8GQ.DEFAULT\EXTENSIONS\{C45C406E-AB73-11D8-BE73-000A95BE3B12}.XPI [2012/07/21 23:47:53 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/07/21 23:47:48 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012/07/16 21:24:02 | 000,002,274 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\ask.xml [2012/08/02 01:15:22 | 000,002,364 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2012/07/21 23:47:48 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/07/21 23:47:48 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012/07/21 23:47:48 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012/07/21 23:47:48 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012/07/21 23:47:48 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://search.babylon.com/?affID=112542&tt=010812_hplgoff_3112_1&babsrc=HP_ss&mntrId=96ad0afd000000000000386077b87e7b CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Hasan\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Hasan\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Hasan\AppData\Local\Google\Chrome\Application\18.0.1025.168\gcswf32.dll CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll CHR - Extension: Ask Toolbar = C:\Users\Hasan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaodnbkkemkkaekocofmphoadofkdh\7.15.4.24117_0\ CHR - Extension: Web Developer = C:\Users\Hasan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm\0.4.1_0\ CHR - Extension: YouTube = C:\Users\Hasan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\Hasan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Babylon Toolbar = C:\Users\Hasan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.7_0\ CHR - Extension: Facebook Autolike = C:\Users\Hasan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnmoffkbpmaikkcdaponiiakfojdjacp\1.0_0\ CHR - Extension: Google Mail = C:\Users\Hasan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012/05/25 23:28:32 | 000,000,718 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (Search Results Toolbar) - {6f895323-a0d1-4844-b5d1-89e3962fa2b2} - C:\Program Files (x86)\searchresults7\searchresultsDx.dll (Ask.com) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Search Results Toolbar) - {6f895323-a0d1-4844-b5d1-89e3962fa2b2} - C:\Program Files (x86)\searchresults7\searchresultsDx.dll (Ask.com) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4:64bit: - HKLM..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe (Hewlett-Packard) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [4StoryPrePatch] C:\Program Files (x86)\Gameforge4D\4Story_DE\PrePatch.exe (Zemi Interactive Inc.) O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe (Hewlett-Packard) O4 - HKLM..\Run: [File Sanitizer] c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe File not found O4 - HKLM..\Run: [HP KEYBOARDx] C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE (Hewlett-Packard) O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard) O4 - HKLM..\Run: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe (Hewlett-Packard) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [V0330Mon.exe] C:\Windows\V0330Mon.exe (Creative Technology Ltd.) O4 - HKCU..\Run: [] C:\Users\Hasan\AppData\Local\Temp\ezeyekhbko.exe (XEROX) O4 - HKCU..\Run: [AdobeBridge] File not found O4 - HKCU..\Run: [Facebook Update] C:\Users\Hasan\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKCU..\Run: [ManyCam] C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe (ManyCam LLC) O4 - HKCU..\Run: [msnmsgr] "C:\Program Files (x86)\MSN Messenger\MsnMsgr.Exe" /background File not found O4 - Startup: C:\Users\Hasan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Hasan\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube Download - C:\Users\Hasan\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105 File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{01E32558-04E0-47CB-9B2E-2427C0BF0AF6}: DhcpNameServer = 194.48.124.202 194.48.124.200 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4FEC8B8A-844A-4648-BBA6-77D1D4CFCE20}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\ms-help - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/02/10 08:27:47 | 000,000,063 | R--- | M] () - J:\autorun.inf -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/08/05 14:38:07 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Hasan\Desktop\OTL.exe [2012/08/05 00:48:14 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{5ADD9703-0938-4983-BE15-21426345892A} [2012/08/05 00:47:53 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{57F68B9E-B5FF-4E8A-8ABE-FA5B56731A34} [2012/08/03 01:10:21 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{7CC89465-27CC-43AD-BBA7-8D5E0AF05412} [2012/08/03 01:10:00 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{709EE5F8-6F4C-4F79-A830-BB563039B320} [2012/08/02 19:42:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ManyCam [2012/08/02 13:09:49 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{25A14C24-115B-4743-A4B9-360970F10CE8} [2012/08/02 13:09:39 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{68825BD3-17BF-4AC0-A390-1ED1815C70F2} [2012/08/02 01:15:45 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HyperCam 2 [2012/08/02 01:15:45 | 000,000,000 | ---D | C] -- C:\Program Files\HyperCam 2 [2012/08/02 01:15:39 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Roaming\BabylonToolbar [2012/08/02 01:15:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BabylonToolbar [2012/08/02 01:15:16 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Roaming\Babylon [2012/08/02 01:15:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2012/08/01 22:56:45 | 000,000,000 | ---D | C] -- C:\Users\Hasan\Desktop\Multi-Connector1.1 [2012/08/01 15:53:27 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{28BFCE1E-D883-4416-8C9C-891A79D3D3A4} [2012/08/01 15:53:12 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{3A6EBDDD-A536-4508-84AB-1C7AB7B4227E} [2012/08/01 01:02:00 | 000,000,000 | ---D | C] -- C:\Users\Hasan\Desktop\Originals [2012/07/31 21:05:08 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{159B3B5D-A9C6-4D54-90AB-A27F571892EC} [2012/07/31 21:04:47 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{FF1B64E1-599B-47EF-BCAC-A1F6625D08D4} [2012/07/30 17:09:42 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{8A2A63B4-4D80-4DDE-BE6E-FB4EA9A96D57} [2012/07/30 17:09:21 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{7E5CE4C6-5036-4490-9BAE-E50BA4C11417} [2012/07/30 02:13:40 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{3E10D924-3BDC-4355-971A-B740D0FCE0E2} [2012/07/30 02:13:19 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{1A89631F-5958-4CBD-A308-256703E7611D} [2012/07/30 01:39:18 | 000,000,000 | R--D | C] -- C:\Users\Hasan\Desktop\Videos [2012/07/29 23:31:27 | 000,000,000 | ---D | C] -- C:\Users\Hasan\Desktop\Programme [2012/07/29 23:31:17 | 000,000,000 | ---D | C] -- C:\Users\Hasan\Desktop\Sachen [2012/07/29 22:02:34 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Roaming\TS3Client [2012/07/29 22:02:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client [2012/07/29 22:02:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamSpeak 3 Client [2012/07/29 14:12:40 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{4113691A-3B75-4EDE-90DA-290FF82ADA47} [2012/07/29 14:12:18 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{C4773A9E-32D7-4C53-BC99-57C1E190B471} [2012/07/29 02:12:06 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{6F7D28C4-4998-4FCA-B5AB-580B76D71599} [2012/07/29 02:11:44 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{1AB74AAC-EB01-46E0-AA5D-24F26A670F73} [2012/07/28 14:11:22 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{8456CACF-BDE2-4C4E-A4DE-55E1F28B6B2F} [2012/07/28 14:11:00 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{00F0E8B7-6F72-4A1C-907A-85FE1AECB568} [2012/07/28 02:10:48 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{B1CDDB69-B683-4068-AA0E-41095B0B6DD9} [2012/07/28 02:10:27 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{72B4D5F5-480A-4C20-9689-F4C11120BCA9} [2012/07/28 01:40:34 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\Microsoft Games [2012/07/26 02:08:17 | 000,000,000 | ---D | C] -- C:\Users\Hasan\Documents\Unbenannte Site 2 [2012/07/26 01:56:35 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Roaming\PDAppFlex [2012/07/26 01:45:34 | 000,000,000 | ---D | C] -- C:\Users\Hasan\Adobe Dreamweaver CS6 [2012/07/26 01:44:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Download Assistant [2012/07/26 01:25:53 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2012/07/25 21:20:38 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Roaming\FileZilla [2012/07/25 21:20:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client [2012/07/25 21:20:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client [2012/07/25 00:45:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3 [2012/07/25 00:45:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2012/07/24 23:56:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CamStudio [2012/07/24 23:56:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CamStudio [2012/07/24 11:31:52 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{4D8D930D-F207-4E3F-9E69-11B4E6EEC7E7} [2012/07/24 11:31:40 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{36B0E413-3D08-43A3-A6A7-BD69E81ABE9A} [2012/07/23 15:28:49 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{1898ADF7-F218-4D8B-AE96-1B7C4392FBD4} [2012/07/23 15:28:28 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{0D47F3FB-B1D1-446E-B815-032FE959D3BD} [2012/07/23 03:28:15 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{5916EFA4-C072-49B4-A3EB-3E587C054DA4} [2012/07/23 03:27:51 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{37C8340E-A5A5-4056-A03B-153E9D315E1B} [2012/07/22 15:27:39 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{31BFB867-5022-4FB9-BA6C-81F5D53534C4} [2012/07/22 15:27:29 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{DD916C18-EBB4-4DB0-A7FA-008DC5583B2A} [2012/07/21 22:50:48 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{8C10D91D-2B5B-4B38-B1C4-97301E9A8697} [2012/07/21 22:50:38 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{8405A8A4-0F97-42CB-AB21-C8E759D636A8} [2012/07/21 22:49:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live [2012/07/21 17:48:20 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{47385DC7-0AB8-4901-9E04-E3B14BAB1013} [2012/07/21 17:47:59 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{5A0E4F8C-F4AF-45BB-9E15-3CA017798A7D} [2012/07/20 15:51:38 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{A9FD05A7-BCF4-4201-AED4-5DB918256C71} [2012/07/20 15:51:26 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{79322B56-BE36-4D41-B66F-06770DAAD19A} [2012/07/20 03:19:04 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{B187B9EF-200B-4666-9672-D93CD4B5AB06} [2012/07/20 03:18:54 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{4E1F4D8B-496F-48B0-8318-B09A586B1A00} [2012/07/19 18:26:12 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\fontconfig [2012/07/19 18:26:11 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\gegl-0.2 [2012/07/19 18:26:11 | 000,000,000 | ---D | C] -- C:\Users\Hasan\.gimp-2.8 [2012/07/19 18:25:29 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2 [2012/07/19 15:09:59 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{2D343FC7-5462-4F5C-A971-F7015DFED365} [2012/07/19 15:09:36 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{B1F8A5FC-AF8A-4298-8C6B-C74AEC933273} [2012/07/19 02:35:22 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{E4285FAF-A47F-4C5F-BDAC-A11291FA2DD3} [2012/07/19 02:35:01 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{1AB7B756-E749-4F1C-9026-7CBB6FE024CB} [2012/07/18 14:34:50 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{0E629838-A0AC-4DC2-90FF-38C206B177E7} [2012/07/18 14:34:40 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{63435A9F-FDB7-4567-9D9B-F4979AB435CA} [2012/07/18 02:15:57 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{1CA24466-3668-4247-A926-8452B1B57AD4} [2012/07/18 02:15:36 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{1ECB46B2-34B2-479F-AF43-E4234C9D9173} [2012/07/17 14:15:13 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{B61A7FFA-D63A-4B94-90EA-20A6E60F32A7} [2012/07/17 02:14:40 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{1C834213-0DCA-4D5A-9639-801764BABEB6} [2012/07/17 02:14:30 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{329BB924-8C3B-4541-8E3A-6C3F10972398} [2012/07/16 21:27:37 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Roaming\Tinychat [2012/07/16 21:24:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tinychat [2012/07/16 21:24:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tinychat [2012/07/16 21:23:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\searchresults7 [2012/07/16 14:14:07 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{1CE463C0-D0D0-4E19-BAB8-62BC9A251D25} [2012/07/15 20:13:25 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{31B85B1D-A190-46D5-97E7-46CF5ADE1DD5} [2012/07/15 20:13:15 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{9A975B2F-DFF3-4127-80B1-42FF96905B43} [2012/07/13 15:01:17 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{782B7C2C-DAFC-4E3F-B9CD-5F233D49F7FA} [2012/07/13 01:46:31 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{66660F43-5618-493E-9F43-AD1F1386E375} [2012/07/12 12:59:48 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{05EECE62-9759-48CA-867E-E7B3D302A6AA} [2012/07/12 12:59:37 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{3844BF78-B4C2-4467-9FB3-5FAA87656AC6} [2012/07/12 02:26:25 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012/07/12 02:26:25 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012/07/12 02:26:25 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012/07/12 02:26:25 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012/07/12 02:26:24 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012/07/12 02:26:24 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012/07/12 02:26:24 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012/07/12 02:26:24 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012/07/12 02:26:23 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012/07/12 02:26:22 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012/07/12 02:26:22 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012/07/12 02:26:22 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012/07/12 02:26:22 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012/07/11 22:48:41 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{CA84F0AE-D45F-4F56-90EA-DB90756C7788} [2012/07/11 10:48:09 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{A22F3D48-4488-4037-BFF8-96FE929B906A} [2012/07/11 07:31:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll [2012/07/11 07:31:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll [2012/07/11 07:31:15 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2012/07/11 07:31:12 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2012/07/11 07:31:12 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2012/07/11 07:31:10 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll [2012/07/11 07:31:09 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll [2012/07/11 03:00:41 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe [2012/07/10 22:47:36 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{E6276D7C-555D-40A5-9762-30F26344B02F} [2012/07/10 20:02:25 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe [2012/07/10 19:54:22 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe [2012/07/10 19:53:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2012/07/10 19:52:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Media Player [2012/07/10 19:52:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe [2012/07/10 10:47:02 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{812E6B8C-2027-442A-A986-848C7D084781} [2012/07/10 10:46:52 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{EF48C423-FB01-4809-9322-09319CF26E93} [2012/07/09 23:27:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SubscribeWinManual [2012/07/09 23:27:23 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SubscribeWin [2012/07/09 13:21:33 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{84FE4ED8-B384-4FF1-B81D-B2EF8EF8885D} [2012/07/09 13:21:23 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{8B572D86-6D41-4096-B021-B96EC02DD0F2} [2012/07/09 00:07:53 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{921B9F9A-E79C-4036-A1B7-06DD03A4267B} [2012/07/09 00:07:31 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{BAE7F533-C021-4FC6-A870-7C73BC8A702B} [2012/07/08 01:11:08 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{D32ACB7E-8123-415F-80AD-FE042B6AD2A4} [2012/07/08 01:10:52 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{9D7B3FDC-9E10-4463-B97E-9C9BB348944B} [2012/07/07 13:20:00 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\ManyCam [2012/07/07 13:20:00 | 000,000,000 | ---D | C] -- C:\ProgramData\ManyCam [2012/07/07 13:19:59 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Roaming\ManyCam [2012/07/07 13:19:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com [2012/07/07 13:10:29 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{32147400-E5C5-4A9C-AE69-C1CCDDC4DEE3} [2012/07/06 22:12:30 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{0F510498-6011-4AAB-9008-C8F95FED5F13} ========== Files - Modified Within 30 Days ========== [2012/08/05 14:37:31 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Hasan\Desktop\OTL.exe [2012/08/05 14:36:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/08/05 14:36:29 | 3205,750,784 | -HS- | M] () -- C:\hiberfil.sys [2012/08/05 14:34:00 | 000,001,138 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3434772256-3054764370-1773770708-1002UA.job [2012/08/05 04:29:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/08/05 03:19:32 | 000,110,537 | ---- | M] () -- C:\Users\Hasan\Desktop\hasaaan.jpg [2012/08/05 01:41:49 | 000,027,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/08/05 01:41:49 | 000,027,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/08/05 00:59:32 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3434772256-3054764370-1773770708-1002Core.job [2012/08/04 18:20:18 | 000,088,007 | ---- | M] () -- C:\Users\Hasan\Desktop\SD.png [2012/08/04 18:19:27 | 000,058,368 | -H-- | M] () -- C:\Users\Hasan\Desktop\photothumb.db [2012/08/04 17:18:22 | 000,071,059 | ---- | M] () -- C:\Users\Hasan\Desktop\562807_370809989656901_1234293370_n.jpg [2012/08/04 15:09:07 | 064,144,603 | ---- | M] () -- C:\Users\Hasan\Desktop\Bushido Chakuza Eko Fresh - Vendetta HD.mp4 [2012/08/04 14:30:48 | 073,956,886 | ---- | M] () -- C:\Users\Hasan\Desktop\Farid Bang - KEINE TRÄNE [ OFFICIAL HQ VIDEO ].mp4 [2012/08/04 01:12:17 | 001,217,607 | ---- | M] () -- C:\Users\Hasan\Desktop\YouTubeDesign (1).psd [2012/08/04 01:09:34 | 000,000,132 | ---- | M] () -- C:\Users\Hasan\AppData\Roaming\Adobe PNG Format CS5 Prefs [2012/08/04 00:43:52 | 000,315,727 | ---- | M] () -- C:\Users\Hasan\Desktop\YouTubeDesign (1).jpg [2012/08/04 00:17:35 | 067,016,797 | ---- | M] () -- C:\Users\Hasan\Desktop\Eko Fresh feat Bushido - Diese Zwei.mp4 [2012/08/04 00:17:03 | 000,048,094 | ---- | M] () -- C:\Users\Hasan\Desktop\302411_396647383730381_1472445167_n.jpg [2012/08/03 20:18:00 | 000,033,394 | ---- | M] () -- C:\Users\Hasan\Desktop\376244_400094576704528_98968371_n.jpg [2012/08/03 16:39:28 | 000,049,143 | ---- | M] () -- C:\Users\Hasan\Desktop\Unbe2nannt.jpg [2012/08/03 16:29:26 | 000,177,770 | ---- | M] () -- C:\Users\Hasan\Desktop\Unbe2nannt.png [2012/08/03 16:01:02 | 000,499,943 | ---- | M] () -- C:\Users\Hasan\Desktop\Unbenannt.png [2012/08/03 01:40:29 | 000,105,824 | ---- | M] () -- C:\Users\Hasan\Desktop\298932_283558561660464_3026746_n.jpg [2012/08/03 01:39:39 | 000,087,083 | ---- | M] () -- C:\Users\Hasan\Desktop\303178_283559654993688_3472297_n.jpg [2012/08/02 23:29:18 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012/08/02 23:29:18 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012/08/02 19:42:19 | 000,001,083 | ---- | M] () -- C:\Users\Public\Desktop\ManyCam.lnk [2012/08/02 19:36:59 | 030,588,416 | ---- | M] () -- C:\Users\Hasan\Desktop\as.avi [2012/08/02 02:28:28 | 000,017,814 | ---- | M] () -- C:\Users\Hasan\Desktop\598467_445013055516595_304178624_n.jpg [2012/08/02 02:23:43 | 000,082,978 | ---- | M] () -- C:\Users\Hasan\Desktop\284733_227562447288329_8062195_n.jpg [2012/08/02 01:30:40 | 000,004,096 | ---- | M] () -- C:\graph.grf [2012/08/02 01:25:44 | 003,165,951 | ---- | M] () -- C:\Users\Hasan\Desktop\Sexy Girl On Web Cam ( Y ).wmv [2012/08/02 01:15:45 | 000,000,937 | ---- | M] () -- C:\Users\Hasan\Desktop\HyperCam 2.lnk [2012/08/02 01:15:37 | 000,000,319 | ---- | M] () -- C:\user.js [2012/08/01 16:57:15 | 000,070,214 | ---- | M] () -- C:\Users\Hasan\Desktop\306336_457323334299711_1458944365_n.jpg [2012/08/01 01:02:00 | 000,177,305 | ---- | M] () -- C:\Users\Hasan\Desktop\40930_153596414656680_1407373_n.jpg [2012/08/01 00:27:58 | 000,030,107 | ---- | M] () -- C:\Users\Hasan\Desktop\561120_348432891893517_1205270673_n.jpg [2012/07/25 00:42:28 | 000,004,634 | ---- | M] () -- C:\Users\Hasan\AppData\Local\recently-used.xbel [2012/07/12 12:43:45 | 004,970,672 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/07/10 23:23:13 | 000,138,460 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat ========== Files Created - No Company Name ========== [2012/08/05 03:19:17 | 000,110,537 | ---- | C] () -- C:\Users\Hasan\Desktop\hasaaan.jpg [2012/08/04 18:19:17 | 000,088,007 | ---- | C] () -- C:\Users\Hasan\Desktop\SD.png [2012/08/04 17:18:24 | 000,071,059 | ---- | C] () -- C:\Users\Hasan\Desktop\562807_370809989656901_1234293370_n.jpg [2012/08/04 16:02:42 | 064,144,603 | ---- | C] () -- C:\Users\Hasan\Desktop\Bushido Chakuza Eko Fresh - Vendetta HD.mp4 [2012/08/04 14:23:46 | 073,956,886 | ---- | C] () -- C:\Users\Hasan\Desktop\Farid Bang - KEINE TRÄNE [ OFFICIAL HQ VIDEO ].mp4 [2012/08/04 00:53:26 | 001,217,607 | ---- | C] () -- C:\Users\Hasan\Desktop\YouTubeDesign (1).psd [2012/08/04 00:43:54 | 000,315,727 | ---- | C] () -- C:\Users\Hasan\Desktop\YouTubeDesign (1).jpg [2012/08/04 00:17:06 | 000,048,094 | ---- | C] () -- C:\Users\Hasan\Desktop\302411_396647383730381_1472445167_n.jpg [2012/08/04 00:12:52 | 067,016,797 | ---- | C] () -- C:\Users\Hasan\Desktop\Eko Fresh feat Bushido - Diese Zwei.mp4 [2012/08/03 20:18:04 | 000,033,394 | ---- | C] () -- C:\Users\Hasan\Desktop\376244_400094576704528_98968371_n.jpg [2012/08/03 16:38:58 | 000,049,143 | ---- | C] () -- C:\Users\Hasan\Desktop\Unbe2nannt.jpg [2012/08/03 16:27:37 | 000,177,770 | ---- | C] () -- C:\Users\Hasan\Desktop\Unbe2nannt.png [2012/08/03 16:01:02 | 000,499,943 | ---- | C] () -- C:\Users\Hasan\Desktop\Unbenannt.png [2012/08/03 01:39:57 | 000,105,824 | ---- | C] () -- C:\Users\Hasan\Desktop\298932_283558561660464_3026746_n.jpg [2012/08/03 01:39:39 | 000,087,083 | ---- | C] () -- C:\Users\Hasan\Desktop\303178_283559654993688_3472297_n.jpg [2012/08/02 19:42:19 | 000,001,083 | ---- | C] () -- C:\Users\Public\Desktop\ManyCam.lnk [2012/08/02 19:37:02 | 030,588,416 | ---- | C] () -- C:\Users\Hasan\Desktop\as.avi [2012/08/02 02:28:31 | 000,017,814 | ---- | C] () -- C:\Users\Hasan\Desktop\598467_445013055516595_304178624_n.jpg [2012/08/02 02:23:42 | 000,082,978 | ---- | C] () -- C:\Users\Hasan\Desktop\284733_227562447288329_8062195_n.jpg [2012/08/02 01:26:11 | 003,165,951 | ---- | C] () -- C:\Users\Hasan\Desktop\Sexy Girl On Web Cam ( Y ).wmv [2012/08/02 01:21:25 | 000,004,096 | ---- | C] () -- C:\graph.grf [2012/08/02 01:15:45 | 000,000,937 | ---- | C] () -- C:\Users\Hasan\Desktop\HyperCam 2.lnk [2012/08/02 01:15:37 | 000,000,319 | ---- | C] () -- C:\user.js [2012/08/01 16:57:21 | 000,070,214 | ---- | C] () -- C:\Users\Hasan\Desktop\306336_457323334299711_1458944365_n.jpg [2012/08/01 01:01:09 | 000,058,368 | -H-- | C] () -- C:\Users\Hasan\Desktop\photothumb.db [2012/08/01 01:00:39 | 000,177,305 | ---- | C] () -- C:\Users\Hasan\Desktop\40930_153596414656680_1407373_n.jpg [2012/08/01 00:28:02 | 000,030,107 | ---- | C] () -- C:\Users\Hasan\Desktop\561120_348432891893517_1205270673_n.jpg [2012/07/27 02:42:03 | 000,000,132 | ---- | C] () -- C:\Users\Hasan\AppData\Roaming\Adobe PNG Format CS5 Prefs [2012/07/26 01:55:55 | 000,001,237 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Dreamweaver CS6.lnk [2012/07/26 01:55:07 | 000,001,359 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk [2012/07/26 01:55:06 | 000,001,525 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk [2012/07/26 01:54:47 | 000,001,099 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Widget Browser.lnk [2012/07/26 01:25:52 | 000,001,045 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk [2012/07/25 00:42:28 | 000,004,634 | ---- | C] () -- C:\Users\Hasan\AppData\Local\recently-used.xbel [2012/07/21 22:49:57 | 000,002,488 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk [2012/07/19 18:26:04 | 000,001,120 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk [2012/07/10 23:23:13 | 000,138,460 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat [2012/07/10 19:54:27 | 000,001,234 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5 (64 Bit).lnk [2012/07/10 19:53:25 | 000,001,175 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.lnk [2012/07/10 19:53:13 | 000,001,268 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.lnk [2012/07/10 19:52:22 | 000,001,359 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.lnk [2012/07/10 19:52:17 | 000,001,525 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.lnk [2012/07/10 19:51:55 | 000,000,999 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk [2012/06/28 21:06:50 | 000,000,004 | ---- | C] () -- C:\Windows\info147.sys [2012/06/24 22:49:35 | 000,003,584 | ---- | C] () -- C:\Users\Hasan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/06/20 17:08:20 | 000,000,184 | ---- | C] () -- C:\Windows\AutoKMS.ini [2012/06/20 17:07:26 | 000,078,848 | ---- | C] () -- C:\Windows\KMSEmulator.exe [2012/05/24 16:38:56 | 000,000,600 | ---- | C] () -- C:\Users\Hasan\AppData\Roaming\winscp.rnd [2012/01/08 07:17:07 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012/01/08 07:12:57 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011/06/21 10:07:00 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL [2011/06/08 08:03:12 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2011/02/11 22:29:00 | 001,598,486 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI < End of report > und einmal Extras.txt :OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 8/5/2012 2:38:51 PM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Hasan\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
3.98 Gb Total Physical Memory | 2.92 Gb Available Physical Memory | 73.46% Memory free
7.96 Gb Paging File | 6.93 Gb Available in Paging File | 87.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919.26 Gb Total Space | 829.24 Gb Free Space | 90.21% Space Free | Partition Type: NTFS
Drive D: | 12.16 Gb Total Space | 1.49 Gb Free Space | 12.28% Space Free | Partition Type: NTFS
Drive E: | 4.38 Gb Total Space | 4.24 Gb Free Space | 96.96% Space Free | Partition Type: UDF
Drive J: | 1.58 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: HASAN-HP | User Name: Hasan | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E19619F-77BC-4270-940A-B53F7817FBCF}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{10C4A4DC-DC10-4D70-8DEE-4B5D2B3B2248}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{1383E9C6-BB05-4694-808B-A87FD35757E0}" = lport=445 | protocol=6 | dir=in | app=system |
"{193A6342-5E8A-49E2-BA44-DF31F23C62AF}" = rport=445 | protocol=6 | dir=out | app=system |
"{1F13BED9-63AD-4468-B176-5342B9978204}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1F4209F4-7637-4AA4-A41F-743470E0CD5F}" = rport=137 | protocol=17 | dir=out | app=system |
"{27CE8CE8-4634-4EB0-89B3-EDC5C68C8B10}" = rport=139 | protocol=6 | dir=out | app=system |
"{2D5C4AF5-8702-4809-AA22-E20657D3445D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4D77C586-F3F8-4406-BEE0-633E0482BFFB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6E8C3149-FE99-4685-BC36-4CD57E237573}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6E99A594-C591-4C67-8A3A-2D106535BB68}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{74A1CA5A-2968-4839-884C-81033EEBBA6E}" = lport=10243 | protocol=6 | dir=in | app=system |
"{7736531C-D2F3-4F8E-8E15-5507724B23D7}" = rport=10243 | protocol=6 | dir=out | app=system |
"{86013738-958C-454D-BB49-B41543764520}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{8D46DDFB-B687-4D46-95B2-1E2D589B749F}" = lport=137 | protocol=17 | dir=in | app=system |
"{8E091E77-1BED-47C1-AE40-F6114BA7B8AD}" = lport=2869 | protocol=6 | dir=in | app=system |
"{93FA86F5-E6A5-46C8-823F-23D775F2E6B0}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{99E554B1-59C0-4815-9257-325A29E2249E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A5D6FF02-2759-4CE7-9F73-ECC129820392}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A7ADC0D2-19DD-4701-9B3C-A92234C6A5CF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A847D995-E8D2-488A-81CB-65C2C9BAE355}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{A9694B50-D2FC-436F-B595-4D24AB86801A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{B4FD4BF8-3E3A-4BA4-87F5-B134D6D189DD}" = lport=139 | protocol=6 | dir=in | app=system |
"{CAD9F7BF-F8AF-40CE-80F0-9BA803F1C38D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CBD32ADD-423A-43D5-99B6-B3C1F69D653A}" = lport=138 | protocol=17 | dir=in | app=system |
"{D7EE0B2F-D4C6-44B5-A625-273C46C7D3B2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E15E52BC-5FB9-4013-A2E5-C5298918D767}" = rport=138 | protocol=17 | dir=out | app=system |
"{EA817059-DC48-4C6D-A43F-7A26B416368B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FB054029-3CB4-4A34-A2C8-F8A2008D17B1}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06F64AB2-C3D0-4023-8F07-CDEFBFDD482A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0BDC4360-D54C-4D8A-9849-9E458E48623F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{24E8DB53-B7E3-43B6-9F00-96712C0E4208}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{270B4589-1370-4528-8822-23B70B363334}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2BACA463-73AE-437D-82A6-AEA752EF847E}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{2FE40683-510C-473D-BE0D-541A9216A0B3}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{34D2306D-2838-4F5B-A703-85A00B41156C}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{3ECE5F0F-9600-4415-AF5A-9A7D47B504D6}" = protocol=17 | dir=in | app=c:\program files (x86)\searchresults7\dtuser.exe |
"{46144965-349B-4166-ADBB-00A1AF20F8B8}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{48A0AB34-A453-46E0-B615-7462749434B2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5B7D06A2-FE98-4EF0-AF20-313D3822789D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{5F0A4050-1C9D-4C14-9E5E-B8B1A4E74A06}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{606E9F03-EFAD-4496-A259-7681E883828B}" = protocol=17 | dir=in | app=c:\users\hasan\appdata\local\vghd\bin\virtuagirl_downloader.exe |
"{62D462D7-FFD8-46B8-B174-93ABB0F082EA}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{696C45FA-2E11-4591-82A3-87A6A9B1BB5B}" = protocol=6 | dir=in | app=c:\program files (x86)\msn messenger\msnmsgr.exe |
"{6D57F4B8-AA60-468D-8526-8408FF33141B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{73E65777-1300-43F9-BA48-5D6A12B48A5B}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{83C24CD0-9CF2-461A-BAE4-C022BFCD4A12}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8432E6AB-DDCF-4AB1-A99D-D1BE3F5C4102}" = protocol=17 | dir=in | app=c:\program files (x86)\msn messenger\msnmsgr.exe |
"{9975D3BB-3B71-44DE-9410-A43CDB7A4C8A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{9A3447CE-0E22-4110-8BCF-634DDC89BED2}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{9E45F22A-7DAC-4392-986A-35B88212746C}" = protocol=6 | dir=out | app=system |
"{9FEB17D0-5AD1-4F09-921E-B60AF32DCD01}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{A6E4B216-2967-4B64-B1A0-4040E722C1F7}" = protocol=6 | dir=in | app=c:\users\hasan\appdata\local\vghd\bin\virtuagirl_downloader.exe |
"{AC8CE6ED-FFF8-48A9-B554-C13C26FA59F0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B63573AA-7FD3-4DE3-A712-46DB25168B4A}" = protocol=6 | dir=in | app=c:\program files (x86)\searchresults7\dtuser.exe |
"{B83013B1-D385-40AC-BB15-4888FD877BA6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BF19CCD8-59DC-42C4-B72B-A46450743342}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{C8C5C722-11E7-4B4D-BB1A-B3490B04DF4F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C9D25748-3EC0-47B8-B518-B6D4865755E3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CC0AECD3-6ECA-473F-9390-121D813BE4B9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CCCD8166-AD01-47EF-84E2-36AD41BB02B6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CFF9F14B-9CC9-4982-8A99-0C578389BB0B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D700BF8D-A07F-440F-9F0A-866184074415}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{D9C6251D-7A05-4353-8119-269889442DA9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E12D6191-DADB-4F0C-82F6-BDA139EB9B37}" = protocol=6 | dir=in | app=c:\program files (x86)\msn messenger\msnmsgr.exe |
"{E266EC61-BE0D-4D50-870C-0577B11F91F7}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{E429ACF5-D09D-453D-9504-383DF3F71759}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{E47CB9B2-D31F-4F6A-8829-79D10026D0FF}" = protocol=17 | dir=in | app=c:\program files (x86)\msn messenger\msnmsgr.exe |
"{E6BAD4B7-A4E1-42AF-BFD8-F34BE5D45310}" = dir=in | app=c:\users\hasan\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{F481BD07-F843-4F30-A3DB-1AA457F1FC99}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{F802DAF4-8CF4-4EB0-B847-9E359A91FE1A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FE67EFB8-F505-4EBE-A9DD-C5ED37AD8402}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{582ECB7A-E751-4E74-A4A9-B344912998D9}C:\program files (x86)\jdownloader\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\javaw.exe |
"TCP Query User{81C1E9B3-251A-4BD8-A021-4B3AEC3EB0B3}C:\users\hasan\appdata\local\mediaget2\mediaget.exe" = protocol=6 | dir=in | app=c:\users\hasan\appdata\local\mediaget2\mediaget.exe |
"TCP Query User{89075516-A709-4707-AEA9-705E3214DC2D}C:\program files (x86)\counter-strike 1.6\hl.exe" = protocol=6 | dir=in | app=c:\program files (x86)\counter-strike 1.6\hl.exe |
"TCP Query User{9235E029-E040-4691-B0EC-A7A6F6991F13}C:\windows\kmsemulator.exe" = protocol=6 | dir=in | app=c:\windows\kmsemulator.exe |
"TCP Query User{F095EC05-7D86-406D-A6C3-4DC45345745B}C:\users\hasan\desktop\tinyumbrella-5.11.00b.exe" = protocol=6 | dir=in | app=c:\users\hasan\desktop\tinyumbrella-5.11.00b.exe |
"UDP Query User{16C4A4C3-4221-474A-9A96-A97CAD3B3752}C:\users\hasan\desktop\tinyumbrella-5.11.00b.exe" = protocol=17 | dir=in | app=c:\users\hasan\desktop\tinyumbrella-5.11.00b.exe |
"UDP Query User{3C16B6F7-407D-4ABC-AEA8-54CA1388456E}C:\program files (x86)\jdownloader\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\javaw.exe |
"UDP Query User{54F853BA-774C-4563-B235-72D00DC02909}C:\program files (x86)\counter-strike 1.6\hl.exe" = protocol=17 | dir=in | app=c:\program files (x86)\counter-strike 1.6\hl.exe |
"UDP Query User{A0E04234-E5AB-4685-A836-63560F87E51B}C:\users\hasan\appdata\local\mediaget2\mediaget.exe" = protocol=17 | dir=in | app=c:\users\hasan\appdata\local\mediaget2\mediaget.exe |
"UDP Query User{BDEC1C1B-B20C-48AF-89FA-3B185DD3CCED}C:\windows\kmsemulator.exe" = protocol=17 | dir=in | app=c:\windows\kmsemulator.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160" = Canon MP160
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-1000-0000000FF1CE}_Office14.SingleImage_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-1000-0000000FF1CE}_Office14.SingleImage_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-1000-0000000FF1CE}_Office14.SingleImage_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-1000-0000000FF1CE}_Office14.SingleImage_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-1000-0000000FF1CE}_Office14.SingleImage_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-1000-0000000FF1CE}_Office14.SingleImage_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.SingleImage_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.SingleImage_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.SingleImage_{1779650B-2E44-4A19-8DF6-3866D645764A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-1000-0000000FF1CE}_Office14.SingleImage_{270CA0B9-9881-44DB-BC3B-37C7E66A044A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-1000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-0043-0409-1000-0000000FF1CE}_Office14.SingleImage_{FCD1C311-8B02-4DBD-BA46-1079C629577E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}_Office14.SingleImage_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-1000-0000000FF1CE}_Office14.SingleImage_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}_Office14.SingleImage_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-1000-0000000FF1CE}_Office14.SingleImage_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96F38867-9D41-683C-DF60-034A731C37FE}" = ATI Catalyst Install Manager
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{E03EE2F0-5B77-5288-BB47-BF31F8411E9F}" = ccc-utility64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CANONIJINBOXADDON200" = Canon Inkjet Printer Driver Add-On Module V2.00
"Creative VF0330" = Creative WebCam Vista/Live! Cam Chat (VF0330) Driver (1.12.01.00)
"GIMP-2_is1" = GIMP 2.8.0
"HyperCam 2" = HyperCam 2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"Office14.SingleImage" = Microsoft Office Professional 2010
"Recuva" = Recuva
"WinRAR archiver" = WinRAR 4.11 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{02F7A7B2-913A-4032-F7D7-3F2C14F812B6}" = CCC Help Chinese Standard
"{03046EBB-CB7C-4B98-BEFB-690EB955DA22}" = HP Setup
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{06D0056A-DC6A-B1E1-8D13-D440F2AD3E63}" = Catalyst Control Center
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0FD57355-9934-E3B7-8ABA-4AE4AC72507F}" = Catalyst Control Center InstallProxy
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{149D4F00-AD01-3AA1-816F-A067A68A4F9E}" = HydraVision
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2242081E-F673-ED92-6CCB-1244A751346C}" = CCC Help Spanish
"{22758D8F-E023-44ED-8647-3C6985ABF663}" = Nero Kwik Media
"{23E558E2-D070-3BDA-B1B8-72FA0A82841D}" = Catalyst Control Center Localization All
"{2432E589-6256-4513-B0BF-EFA8E325D5F0}" = Nero SharedVideoCodecs
"{24C36B60-9443-4E4B-A620-C936992E96F1}" = SubscribeWinManual
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4
"{273F0620-4324-4A86-891D-07E99D5C5D8A}" = Catalyst Control Center - Branding
"{28F27BB2-08FA-D2E7-FFCE-9434146975C7}" = CCC Help Dutch
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3282009E-EE34-CCE0-8246-022DC6DE9691}" = CCC Help Korean
"{33D36680-4219-B641-587F-CCAB6953133E}" = CCC Help Portuguese
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53DA6CFE-7CDE-4F72-9E23-39AAC686DE17}" = iPhone Folders
"{550ABD27-7F34-8904-E77F-0039DD33D271}" = CCC Help Finnish
"{5928359F-BF46-4646-BF19-B64E55171EB5}" = FILSHtray
"{5A212B2D-140D-46F4-B625-2D1CA5A00594}" = Nero 11 Kwik Themes Basic
"{5CA6A108-BBC3-D7FC-F1C5-8F2AD0C5D6DD}" = CCC Help German
"{5DA7CED3-4C7A-0ECF-8B48-B575637A7445}" = CCC Help Swedish
"{5DCAAED5-F17D-91DD-2FE7-7EB5A73C5AFB}" = CCC Help English
"{5F40A933-8DF6-365A-9E98-C7696991D007}" = CCC Help Japanese
"{61B7B98F-D217-4299-AC8C-42BA90B4CDF5}" = Tinychat Updater
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.1.0
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7849D2B4-1F45-38C2-E0BA-A0B194D17DF9}" = CCC Help Hungarian
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B9DD7CB-22A1-5CB3-8F3A-0D8FD8FE700B}" = CCC Help Czech
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}" = HP Support Information
"{7FB00B6B-6843-97EC-EED6-78BD6D35370A}" = Zinio Reader 4
"{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1" = iExplorer 2.2.1.3
"{822AD542-7F2D-156D-706B-357D2ABA9A05}" = CCC Help Italian
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83AA2913-C123-4146-85BD-AD8F93971D39}" = BabylonObjectInstaller
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8DC069E7-893C-41E1-9442-DE89FEC33371}" = Xobni Core
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E18934B-DAB7-3C80-D423-8A7661F03D4D}" = CCC Help French
"{A15D03FE-44F7-CE8E-4BF0-EB7224792537}" = Catalyst Control Center Profiles Desktop
"{A4ED5E53-7AA0-11E1-BF04-B2D4D4A5360E}" = Adobe Dreamweaver CS6
"{A4FA7AA2-BF23-A1D6-1893-B5045CF100AE}" = CCC Help Norwegian
"{A6A93CA6-7564-A30A-A7F8-6C85B0E533B2}" = CCC Help Thai
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{B40D7926-AE5F-41EA-8AC6-56C0E2F00E9D}" = HP MAINSTREAM KEYBOARD
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM)
"{BE1674EC-4B9B-1C56-3EF1-6B35B5C2AA74}" = CCC Help Chinese Traditional
"{BE1C9464-DEBB-4DA6-B19A-8EC634F22D73}" = HP Connect Solutions
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{BFDCAFC1-E6CD-70C8-53E5-1B3339A28E4D}" = CCC Help Danish
"{C01A86F5-56E7-101F-9BC9-E3F1025EB779}" = Intel(R) Identity Protection Technology 1.1.2.0
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C611CF88-969D-43E6-A877-D6D6439DD081}" = HP Remote Solution
"{C920EFB6-59DB-472D-B445-21821477AD17}" = True Crime® New York City
"{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}" = HP Support Assistant
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CED55396-8C6B-2BE0-4113-731C6201498B}" = CCC Help Polish
"{CF7B4D8C-BF93-11FD-04A7-DD57BBF1078C}" = Tinychat
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DF2035BE-5820-4965-BD97-7FAF8D4A7879}" = Microsoft_VC90_CRT_x86
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2A1A51F-5018-23DA-FCDA-BEA21C7EA48D}" = CCC Help Russian
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E4C92944-F31A-3FB0-C3B0-D7C5950B1D82}" = Adobe Download Assistant
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ED7B3025-3CA1-7985-DB04-2B0299BBF846}" = CCC Help Turkish
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{EFBE6DD5-B224-96E5-72B9-68D328CB12A6}" = Adobe Widget Browser
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F393ED40-AD54-6F34-3534-4B51C167B5EB}" = Catalyst Control Center Graphics Previews Common
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FAF448F1-4460-440C-9280-07F66A63D6F5}" = Nero Kwik Media
"{FDE8AA35-A16F-CFE6-6EEF-C6A28DAED127}" = CCC Help Greek
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"4Story_DE_is1" = 4Story DE 3.9.154
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"BabylonToolbar" = Babylon toolbar on IE
"CamStudio" = CamStudio
"Canon MP160 Benutzerregistrierung" = Canon MP160 Benutzerregistrierung
"CanonMyPrinter" = Canon My Printer
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"com.adobe.WidgetBrowser" = Adobe Widget Browser
"Counter-Strike 1.6" = Counter-Strike 1.6
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"FileZilla Client" = FileZilla Client 3.2.7.1
"Free YouTube Download_is1" = Free YouTube Download version 3.1.29.608
"HP Keyboard_is1" = HP Desktop Keyboard
"HP Remote Solution" = HP Remote Solution
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"IrfanView" = IrfanView (remove only)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"ManyCam" = ManyCam 3.0.79 (remove only)
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator 3.0" = Canon MP Navigator 3.0
"PhotoScape" = PhotoScape
"Picasa 3" = Picasa 3
"searchresults7" = Search Results Toolbar
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 7" = TeamViewer 7
"Tinychat" = Tinychat
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"winscp3_is1" = WinSCP 4.3.7
"WTA-0791aad2-c16c-4413-9600-52e03b1a3fae" = Jewel Quest Solitaire
"WTA-11c881f2-cfc3-48c7-80d6-7d0fe8371f94" = Zuma Deluxe
"WTA-1f3bdd62-1b0f-4774-bc4d-00546b62f60a" = Governor of Poker 2 Premium Edition
"WTA-26425b32-832e-4c6c-8ed8-d5cbb3b000bb" = Vacation Quest - The Hawaiian Islands
"WTA-284f9aa6-055d-435d-a19e-ac55f0736285" = Mah Jong Medley
"WTA-2f66db47-4890-4302-a43a-352d66658994" = Jewel Quest: The Sleepless Star - Collector's Edition
"WTA-37100e2b-f138-4c73-8091-92d8a12213fb" = Bounce Symphony
"WTA-43686210-ff74-42ce-b457-9a2f7ebaae58" = Virtual Villagers - The Secret City
"WTA-45fec9c0-564b-4267-bc11-a7feae81381c" = Namco All-Stars: PAC-MAN
"WTA-5fb6a6fe-5d48-4ddc-9efd-4099ae337ccf" = Chronicles of Albian
"WTA-6404e09b-d8d7-4de6-8f39-f27c713275c4" = Penguins!
"WTA-681a3586-040d-4e6f-8acd-26b5e898c677" = Mystery of Mortlake Mansion
"WTA-7c9fe226-856b-48e7-b9a4-f05af971107f" = Cake Mania
"WTA-9b4b9c43-42d6-4d28-942d-e43ffd1a35b4" = Farm Frenzy
"WTA-a39cb1db-6a2c-469c-b935-3fe86a3ee08e" = Chuzzle Deluxe
"WTA-a48da115-f42a-486b-afe4-bcada26401e9" = Blasterball 3
"WTA-a79d8e80-1e52-45f3-aec2-6a86a5719cda" = Cradle of Rome 2
"WTA-af41b837-3235-4515-96e0-0a7ab7478c93" = FATE
"WTA-b586f4c4-522b-4913-abce-c24bb1bd00e3" = Slingo Deluxe
"WTA-e590ef0c-023e-4571-aad5-67bd5ed3de28" = Polar Bowler
"WTA-e7bb3e9b-6514-4954-8f84-04416238b57a" = Bejeweled 3
"WTA-e92c4454-f57f-49c7-a227-7a41f58c4448" = Agatha Christie - Peril at End House
"WTA-ed79fc9c-35f1-473b-819c-390b46548c89" = Plants vs. Zombies - Game of the Year
"ZinioReader4" = Zinio Reader 4
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"CopyTrans Suite" = Nur Entfernen der CopyTrans Suite möglich
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 7/21/2012 1:23:01 PM | Computer Name = Hasan-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5008
Error - 7/21/2012 1:23:02 PM | Computer Name = Hasan-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 7/21/2012 1:23:02 PM | Computer Name = Hasan-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6006
Error - 7/21/2012 1:23:02 PM | Computer Name = Hasan-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6006
Error - 7/21/2012 1:23:03 PM | Computer Name = Hasan-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 7/21/2012 1:23:03 PM | Computer Name = Hasan-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7004
Error - 7/21/2012 1:23:03 PM | Computer Name = Hasan-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7004
Error - 7/21/2012 1:23:04 PM | Computer Name = Hasan-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 7/21/2012 1:23:04 PM | Computer Name = Hasan-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8003
Error - 7/21/2012 1:23:04 PM | Computer Name = Hasan-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8003
[ Hewlett-Packard Events ]
Error - 8/4/2012 7:25:33 PM | Computer Name = Hasan-HP | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164 bei System.RuntimeTypeHandle.CreateInstance(RuntimeType
type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
ctor, Boolean& bNeedSecurityCheck) bei System.RuntimeType.CreateInstanceSlow(Boolean
publicOnly, Boolean fillCache) bei System.RuntimeType.CreateInstanceImpl(Boolean
publicOnly, Boolean skipVisibilityChecks, Boolean fillCache) bei System.Activator.CreateInstance(Type
type, Boolean nonPublic) bei HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed()
StackTrace:
bei System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)
bei System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)
bei System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
Boolean fillCache) bei System.Activator.CreateInstance(Type type, Boolean nonPublic)
bei HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed() Source: mscorlib
Name:
HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: de-DE RAM: 4076 Ram
Utilization: 30 TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean,
Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)
Error - 8/4/2012 7:36:31 PM | Computer Name = Hasan-HP | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164 bei System.RuntimeTypeHandle.CreateInstance(RuntimeType
type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
ctor, Boolean& bNeedSecurityCheck) bei System.RuntimeType.CreateInstanceSlow(Boolean
publicOnly, Boolean fillCache) bei System.RuntimeType.CreateInstanceImpl(Boolean
publicOnly, Boolean skipVisibilityChecks, Boolean fillCache) bei System.Activator.CreateInstance(Type
type, Boolean nonPublic) bei HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed()
StackTrace:
bei System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)
bei System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)
bei System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
Boolean fillCache) bei System.Activator.CreateInstance(Type type, Boolean nonPublic)
bei HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed() Source: mscorlib
Name:
HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: de-DE RAM: 4076 Ram
Utilization: 30 TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean,
Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)
[ Media Center Events ]
Error - 7/3/2012 9:35:03 AM | Computer Name = Hasan-HP | Source = MCUpdate | ID = 0
Description = 15:35:03 - Fehler beim Herstellen der Internetverbindung. 15:35:03
- Serververbindung konnte nicht hergestellt werden..
Error - 7/3/2012 9:35:16 AM | Computer Name = Hasan-HP | Source = MCUpdate | ID = 0
Description = 15:35:09 - Fehler beim Herstellen der Internetverbindung. 15:35:09
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 8/5/2012 8:36:53 AM | Computer Name = Hasan-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 8/5/2012 8:36:53 AM | Computer Name = Hasan-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 8/5/2012 8:36:53 AM | Computer Name = Hasan-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 8/5/2012 8:36:53 AM | Computer Name = Hasan-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 8/5/2012 8:37:04 AM | Computer Name = Hasan-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 8/5/2012 8:37:04 AM | Computer Name = Hasan-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 8/5/2012 8:37:04 AM | Computer Name = Hasan-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 8/5/2012 8:38:50 AM | Computer Name = Hasan-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 8/5/2012 8:38:50 AM | Computer Name = Hasan-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 8/5/2012 8:38:50 AM | Computer Name = Hasan-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
< End of report >
Das wars ich hoffe jemand kann mir helfen Ich bedanke mich im Vorraus MFG Itszhsn |
| Themen zu Start Windows 7 white Screen dann leerer Desktop abgesichterer Modus geht normal |
| babylon toolbar, babylontoolbar, bho, bonjour, desktop, document, entfernen, error, excel, fehler, firefox, flash player, format, ftp, google, helper, index, install.exe, jdownloader, limited.com/facebook, logfile, plug-in, problem, realtek, recuva, registry, rundll, search results toolbar, search the web, security, server, sich automatisch, software, start windows 7, syshost.exe, syshost32, teamspeak, udp, white, wildtangent games, windows |
Baum-Darstellung