|
Plagegeister aller Art und deren Bekämpfung: Nur noch Desktop Hintergrund-Bild oder weißer Bildschirm zu sehenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
04.05.2013, 13:21 | #1 |
| Nur noch Desktop Hintergrund-Bild oder weißer Bildschirm zu sehen Hallo Trojaner-Board Team, vielen Dank im Voraus für die Unterstützung. Mein PC Problem ist verwandt mit dem Thema"weißer Desktop nach Anmeldung" v. User Schnitzel87 Link http://www.trojaner-board.de/132331-...anmeldung.html Was bei mir anders ist: Die Symptome sind gleich, nach dem Neustart und Login wir nur mein Bildschirm-Hintergrund-Bild gezeigt oder eben ein weißes Bildschirm. Task-Fenster bleibt unsichtbar. Während des Shut down sieht man was offen war. Ein weiteres Problem: USB Stick wird am Arbeitsplatz nicht dargestellt, wenn ich versuche mit Notepad die Buchstabe des USB Laufwerks zu finden. Problem umgangen: CD als USB Flash gebrannt und OTL und die übrigen im o.g. Thema benötigten Tools darauf gebrannt. OTL Log mit Benutze SafeList und Scanne alle Benutzer ausgeführt. Logs anbei. Ich habe die übrigen Schritte noch nicht befolgt, da ich vermute, dass ich ein individuelles Fix von Euch benötige damit mein infiziertes Rechner entsperrt ist und ich im Normal Modus starten kann. So, ich hoffe, dass ich an alles gedacht habe ansonsten einfach per E-Mail oder PM melden. Vielen Dank und beste Grüße romulus Code:
ATTFilter OTL Extras logfile created on: 04.05.2013 12:39:44 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = e:\ 64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 11,99 Gb Total Physical Memory | 11,01 Gb Available Physical Memory | 91,78% Memory free 29,61 Gb Paging File | 28,99 Gb Available in Paging File | 97,91% Paging File free Paging file location(s): c:\pagefile.sys 18417 18417 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 931,51 Gb Total Space | 452,88 Gb Free Space | 48,62% Space Free | Partition Type: NTFS Drive D: | 5,41 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive E: | 702,81 Mb Total Space | 654,42 Mb Free Space | 93,11% Space Free | Partition Type: UDF Drive J: | 14,91 Gb Total Space | 0,97 Gb Free Space | 6,49% Space Free | Partition Type: FAT32 Computer Name: JUSTPC | User Name: Tkhoygan | Logged in as Administrator. Boot Mode: SafeMode | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-3381971859-1467835855-1895993161-1000\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htafile [open] -- "%1" %* inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- "C:\Program Files (x86)\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS) Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htafile [open] -- "%1" %* inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- "C:\Program Files (x86)\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS) Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 "AntiVirusDisableNotify" = 0 "AntiSpyWareDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = C2 FE 8D 6A DC 5B C8 01 [binary data] "VistaSp2" = 9C B1 38 E5 1B 35 CA 01 [binary data] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3381971859-1467835855-1895993161-1000] "EnableNotificationsRef" = 2 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "oobe_av" = 1 ========== Firewall Settings ========== ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64 "{26A24AE4-039D-4CA4-87B4-2F86417011FF}" = Java 7 Update 11 (64-bit) "{43D5D50E-DA81-4455-911E-B27F2B38B0FE}" = Foxit PDF IFilter "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software 8.00 "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64 "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64 "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64 "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 314.22 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 314.22 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 314.22 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.23.1 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "CCleaner" = CCleaner "CPUID CPU-Z_is1" = CPUID CPU-Z 1.58 "doPDF 7 printer_is1" = doPDF 7.1 printer "DriverAgent.exe" = DriverAgent by eSupport.com "GPL Ghostscript 8.64" = GPL Ghostscript 8.64 "maxdome - Online Videothek" = maxdome - Online Videothek "Meine Dienste Software" = Meine Dienste Software "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software "sp6" = Logitech SetPoint 6.32 "UltSounds" = Windows-Soundschemas "UltSounds2" = Ultimate Extras sounds from Microsoft® Tinker™ "WinRAR archiver" = WinRAR [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02F0B8AE-7501-4333-AFBE-6BAABFEC7637}" = WISO Steuer-Sparbuch 2011 "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0CC1DAFB-40C8-4903-953D-471E541477C7}" = WISO Steuer-Sparbuch 2012 "{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 "{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}" = Sound Blaster X-Fi "{19C64880-BBCA-11D4-9EEE-0004ACDDDB3B}" = CyberLink InstantBurn "{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = LifeFrame2 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Hi-Def Suite "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31 "{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17 "{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg "{2BF9702B-52EE-4841-83C4-B5E640B6C97A}" = Media Go "{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}" = BD/HD Advisor 1.0 "{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan "{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012 "{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0 "{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}" = Titan Quest "{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective "{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth "{46B70DEB-97B3-4E38-B746-EC16905E6A8F}" = WISO Sparbuch 2010 "{46EDCFA5-7EDB-46A9-B093-1C6237470CEC}" = 3DMark 11 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A57592C-FF92-4083-97A9-92783BD5AFB4}" = ASUS USB2.0 Webcam "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3 "{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}" = Batman: Arkham Asylum "{532F6E8A-AF97-41C3-915F-39F718EC07D1}" = ASUS GPU Tweak "{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate "{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE) "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG ODD Auto Firmware Update "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}" = AION Free-To-Play "{6E36A172-06FB-4BC8-B7FC-D30D219E6776}" = Tom Clancy's H.A.W.X "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{745D37C2-26F4-4B65-BA13-F9840EBFA75B}" = Might & Magic Heroes VI "{76F76BFC-B58E-41A6-B8A4-A861DA51C594}" = hpg2410QFolder "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{7E5CDECB-726B-4581-BA8C-5B11148C3FA5}" = G Data TotalCare 2012 "{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver "{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE) "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX "{8DA06234-6608-416E-A632-5EF43AE2DCF5}" = hpg2410 "{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1 "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}" = Assassin's Creed (R) III "{A0AFB64E-79E1-45BF-BA6C-18C21E007D8E}" = Age of Wushu "{A4F094CE-9B05-FB0C-DD73-A85DE5D8D283}" = Media Go Video Playback Engine 1.92.162.06140 "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5 "{A7BC02AF-1128-4A31-BCF8-1A3EE803D3B3}" = SweetIM Toolbar for Internet Explorer 4.2 "{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch "{ADD5DB49-72CF-11D8-9D75-000129760D75}" = PowerBackup "{B1AAE4BF-C98E-467E-94C7-4E1F51DD86E0}" = Darkspore™ "{B48E264C-C8CD-4617-B0BE-46E977BAD694}" = ANNO 2070 "{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}" = Titan Quest Immortal Throne "{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader "{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86 "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer "{B96DB037-DBEA-4186-9081-9CBD537F82E8}" = 3D-Viewer-innoplus "{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo "{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5 "{C8BCC14C-2807-4C2D-A659-843427BF82E2}" = TopSecret Biometrics Components "{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel "{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE) "{D08A5DFE-F0C2-74FC-DD56-A3B371E9344D}" = EA Shared Game Component: Activation "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DC48E09D-4E5F-4039-B93A-FCED36EFBE55}" = Adobe Flash Player 11 ActiveX "{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update "{DFE02C0F-FB51-4259-949F-2FA842164CEF}" = PixRecovery 3.0.36996.1 "{E1845F1C-068C-F8F4-D31D-D3540D47C453}" = Adobe Download Assistant "{E948B551-08DB-4163-8995-8C43B03D1B19}" = maxdome Download Manager 4.1.300.78 "{EB1B8449-CD8F-485B-ADB6-02FBCFE180D3}" = Razer DeathAdder(TM) Mouse "{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential "{EFC1B3CA-9B90-458D-AD7A-A0F2CD6F4A84}" = Realtek Card Reader "{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.136 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR "Adobe AIR" = Adobe AIR "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.15 "ArtistScope Plugin FX4.2.0.3" = ArtistScope Plugin FX "AudioCS" = Creative Audio-Systemsteuerung "Bejeweled 3" = Bejeweled 3 (entfernen) "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant "com.ea.Activation.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Shared Game Component: Activation "Console Launcher" = Creative Konsole Starter "Creative Software AutoUpdate" = Creative Software AutoUpdate "Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition "Creative Volume Panel" = Lautstärkefenster "Desktop Media_is1" = Desktop Media 1.7 "Diablo III" = Diablo III "DriverCleanerDotNET" = Driver Cleaner.NET "EADM" = EA Download Manager "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.8 "Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 4.2.21.524 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.38.517 "Google Chrome" = Google Chrome "Guild Wars 2" = Guild Wars 2 "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "InstallShield_{532F6E8A-AF97-41C3-915F-39F718EC07D1}" = ASUS GPU Tweak "InstallShield_{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}" = AION Free-To-Play "InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "IrfanView" = IrfanView (remove only) "KLiteCodecPack_is1" = K-Lite Codec Pack 5.1.0 (Full) "Kremlin" = Kremlin "Marvell Miniport Driver" = Marvell Miniport Driver "Mozilla Firefox 20.0.1 (x86 en-US)" = Mozilla Firefox 20.0.1 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "NCLauncher_GameForge" = NC Launcher (GameForge) "NFR" = Nasty File Remover v0.72 (remove only) "OpenAL" = OpenAL "PDF Reader 3" = PDF Reader 3 "ProtectDisc Driver 11" = ProtectDisc Driver, Version 11 "PunkBusterSvc" = PunkBuster Services "Smart Recorder" = Creative Smart Recorder "StarCraft II" = StarCraft II "Steam App 200510" = XCOM: Enemy Unknown "Steam App 570" = Dota 2 "Steam App 72850" = The Elder Scrolls V: Skyrim "SystemRequirementsLab" = System Requirements Lab "TomTom HOME" = TomTom HOME 2.7.6.2056 "Trine_is1" = Trine 1.08 "Trusted Software Assistant_is1" = File Type Assistant "TuneUp Utilities 2012" = TuneUp Utilities 2012 "Uninstall_is1" = Uninstall 1.0.0.1 "VLC media player" = VLC media player 2.0.6 "WaveStudio 7" = Creative WaveStudio 7 "WebMoney Agent" = WebMoney Agent "WheelMouse" = iOfficeWorks 7.64 "WinLiveSuite_Wave3" = Windows Live Essentials "World of Warcraft" = World of Warcraft "Xfire" = Xfire (remove only) ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-3381971859-1467835855-1895993161-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Play65" = Play65 "soe-DC Universe Online PSG" = DC Universe Online PSG "TeamSpeak 3 Client" = TeamSpeak 3 Client "UnityWebPlayer" = Unity Web Player ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 19.07.2011 12:59:34 | Computer Name = JustPC | Source = WinMgmt | ID = 10 Description = Error - 20.07.2011 13:50:09 | Computer Name = JustPC | Source = WinMgmt | ID = 10 Description = Error - 21.07.2011 11:13:07 | Computer Name = JustPC | Source = WinMgmt | ID = 10 Description = Error - 22.07.2011 14:18:13 | Computer Name = JustPC | Source = WinMgmt | ID = 10 Description = Error - 23.07.2011 03:57:21 | Computer Name = JustPC | Source = WinMgmt | ID = 10 Description = Error - 24.07.2011 04:01:35 | Computer Name = JustPC | Source = WinMgmt | ID = 10 Description = Error - 25.07.2011 14:27:57 | Computer Name = JustPC | Source = WinMgmt | ID = 10 Description = Error - 26.07.2011 14:44:05 | Computer Name = JustPC | Source = WinMgmt | ID = 10 Description = Error - 27.07.2011 12:41:16 | Computer Name = JustPC | Source = WinMgmt | ID = 10 Description = Error - 28.07.2011 12:32:29 | Computer Name = JustPC | Source = WinMgmt | ID = 10 Description = [ OSession Events ] Error - 19.02.2011 05:50:57 | Computer Name = JustPC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 17 seconds with 0 seconds of active time. This session ended with a crash. Error - 30.11.2011 16:29:52 | Computer Name = JustPC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6611.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 7 seconds with 0 seconds of active time. This session ended with a crash. [ System Events ] Error - 04.05.2013 04:46:12 | Computer Name = JustPC | Source = Service Control Manager | ID = 7001 Description = Error - 04.05.2013 04:46:12 | Computer Name = JustPC | Source = Service Control Manager | ID = 7026 Description = Error - 04.05.2013 04:51:59 | Computer Name = JustPC | Source = DCOM | ID = 10005 Description = Error - 04.05.2013 04:51:59 | Computer Name = JustPC | Source = Service Control Manager | ID = 7001 Description = Error - 04.05.2013 04:51:59 | Computer Name = JustPC | Source = DCOM | ID = 10005 Description = Error - 04.05.2013 04:51:59 | Computer Name = JustPC | Source = DCOM | ID = 10005 Description = Error - 04.05.2013 04:51:59 | Computer Name = JustPC | Source = DCOM | ID = 10005 Description = Error - 04.05.2013 04:53:08 | Computer Name = JustPC | Source = Service Control Manager | ID = 7001 Description = Error - 04.05.2013 05:27:36 | Computer Name = JustPC | Source = DCOM | ID = 10005 Description = Error - 04.05.2013 05:27:37 | Computer Name = JustPC | Source = DCOM | ID = 10005 Description = [ TuneUp Events ] Error - 11.12.2010 14:08:31 | Computer Name = JustPC | Source = TuneUp.UtilitiesSvc | ID = 300 Description = Error - 12.12.2010 05:00:07 | Computer Name = JustPC | Source = TuneUp.UtilitiesSvc | ID = 300 Description = Error - 13.12.2010 15:55:29 | Computer Name = JustPC | Source = TuneUp.UtilitiesSvc | ID = 300 Description = Error - 14.12.2010 15:42:31 | Computer Name = JustPC | Source = TuneUp.UtilitiesSvc | ID = 300 Description = Error - 15.12.2010 14:47:03 | Computer Name = JustPC | Source = TuneUp.UtilitiesSvc | ID = 300 Description = Error - 15.12.2010 15:34:08 | Computer Name = JustPC | Source = TuneUp.UtilitiesSvc | ID = 300 Description = Error - 16.12.2010 15:04:46 | Computer Name = JustPC | Source = TuneUp.UtilitiesSvc | ID = 300 Description = Error - 17.12.2010 18:26:16 | Computer Name = JustPC | Source = TuneUp.UtilitiesSvc | ID = 300 Description = Error - 18.12.2010 06:49:14 | Computer Name = JustPC | Source = TuneUp.UtilitiesSvc | ID = 300 Description = Error - 19.12.2010 06:01:48 | Computer Name = JustPC | Source = TuneUp.UtilitiesSvc | ID = 300 Description = < End of report > |
04.05.2013, 13:25 | #2 |
| Nur noch Desktop Hintergrund-Bild oder weißer Bildschirm zu sehen Anbei Teil 2 des OTL Reports
__________________OTL Logfile: Code:
ATTFilter OTL logfile created on: 04.05.2013 12:39:44 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = e:\ 64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 11,99 Gb Total Physical Memory | 11,01 Gb Available Physical Memory | 91,78% Memory free 29,61 Gb Paging File | 28,99 Gb Available in Paging File | 97,91% Paging File free Paging file location(s): c:\pagefile.sys 18417 18417 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 931,51 Gb Total Space | 452,88 Gb Free Space | 48,62% Space Free | Partition Type: NTFS Drive D: | 5,41 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive E: | 702,81 Mb Total Space | 654,42 Mb Free Space | 93,11% Space Free | Partition Type: UDF Drive J: | 14,91 Gb Total Space | 0,97 Gb Free Space | 6,49% Space Free | Partition Type: FAT32 Computer Name: JUSTPC | User Name: Tkhoygan | Logged in as Administrator. Boot Mode: SafeMode | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.05.04 10:37:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- e:\OTL.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - [2012.05.29 13:09:50 | 000,035,680 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp) SRV:64bit: - [2008.01.21 04:50:23 | 000,195,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013.04.19 23:10:50 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013.04.12 01:50:34 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.03.15 07:53:06 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2013.03.09 11:19:53 | 000,075,136 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2013.02.28 19:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.12.17 16:46:50 | 000,137,488 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service) SRV - [2012.05.29 13:09:52 | 002,143,072 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) SRV - [2012.05.29 13:09:50 | 000,029,024 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp) SRV - [2012.01.18 14:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion) SRV - [2012.01.17 12:24:10 | 000,055,296 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\ASGT.exe -- (ASGT) SRV - [2011.11.16 18:23:44 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc) SRV - [2011.10.28 15:43:51 | 001,498,616 | ---- | M] (G Data Software AG) [On_Demand | Stopped] -- C:\Program Files (x86)\G Data\TotalCare\AVKBackup\AVKBackupService.exe -- (GDBackupSvc) SRV - [2011.10.28 15:36:53 | 001,506,824 | ---- | M] (G Data Software AG) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe -- (AVKProxy) SRV - [2011.10.28 15:36:11 | 000,457,536 | ---- | M] (G Data Software AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe -- (GDScan) SRV - [2011.10.28 03:41:08 | 002,191,808 | ---- | M] (G Data Software AG) [Auto | Stopped] -- C:\Program Files (x86)\G Data\TotalCare\AVK\AVKWCtlx64.exe -- (AVKWCtl) SRV - [2011.09.27 21:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2011.08.17 15:00:02 | 000,464,392 | ---- | M] (G Data Software AG) [Auto | Stopped] -- C:\Program Files (x86)\G Data\TotalCare\AVK\AVKService.exe -- (AVKService) SRV - [2011.08.10 14:21:12 | 001,556,816 | ---- | M] (G Data Software AG) [On_Demand | Stopped] -- C:\Program Files (x86)\G Data\TotalCare\Firewall\GDFwSvcx64.exe -- (GDFwSvc) SRV - [2011.07.28 03:43:48 | 001,070,072 | ---- | M] (G Data Software AG) [On_Demand | Stopped] -- C:\Program Files (x86)\G Data\TotalCare\AVKTuner\AVKTunerService.exe -- (GDTunerSvc) SRV - [2010.08.24 11:38:18 | 000,092,008 | ---- | M] (TomTom) [On_Demand | Stopped] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009.12.31 13:19:45 | 000,266,240 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\CSHelper.exe -- (CSHelper) SRV - [2009.09.06 12:21:15 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service) SRV - [2009.08.19 20:56:38 | 000,090,112 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Stopped] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe -- (AsSysCtrlService) SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.05.01 17:57:50 | 000,077,032 | ---- | M] (Entriq, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\maxdome\DCBin\DCService.exe -- (Prosieben) SRV - [2009.03.30 06:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.02.23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Stopped] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService) SRV - [2008.04.07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [Disabled | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.12.19 07:41:52 | 000,194,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2012.02.29 15:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.11.03 23:01:09 | 000,053,112 | ---- | M] (G Data Software AG) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\HookCentre.sys -- (HookCentre) DRV:64bit: - [2011.11.03 23:00:57 | 000,111,992 | ---- | M] (G Data Software AG) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\MiniIcpt.sys -- (GDMnIcpt) DRV:64bit: - [2011.11.03 23:00:57 | 000,065,912 | ---- | M] (G Data Software AG) [Kernel | System | Stopped] -- C:\Windows\SysNative\DRIVERS\gdwfpcd64.sys -- (gdwfpcd) DRV:64bit: - [2011.11.03 23:00:57 | 000,050,552 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\GDBehave.sys -- (GDBehave) DRV:64bit: - [2011.09.17 18:24:10 | 000,106,648 | ---- | M] (G Data Software) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\GRD.sys -- (GRD) DRV:64bit: - [2011.09.11 20:38:38 | 000,059,256 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PktIcpt.sys -- (GDPkIcpt) DRV:64bit: - [2011.09.02 08:30:46 | 000,042,776 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\LUsbFilt.Sys -- (LUsbFilt) DRV:64bit: - [2011.09.02 08:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2011.09.02 08:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2011.08.05 11:00:07 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum) DRV:64bit: - [2011.08.05 11:00:07 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid) DRV:64bit: - [2011.02.17 11:41:00 | 000,388,896 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64) DRV:64bit: - [2010.11.09 16:35:24 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135) DRV:64bit: - [2010.10.01 00:16:34 | 000,013,312 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VKbms.sys -- (VKbms) DRV:64bit: - [2010.09.29 20:45:22 | 000,006,656 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\hidkmdf.sys -- (hidkmdf) DRV:64bit: - [2010.05.05 21:30:52 | 001,561,688 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k) DRV:64bit: - [2010.05.05 21:30:42 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia) DRV:64bit: - [2010.05.05 21:30:34 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k) DRV:64bit: - [2010.05.05 21:30:26 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k) DRV:64bit: - [2010.05.05 21:30:18 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv) DRV:64bit: - [2010.05.05 21:30:10 | 000,684,376 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) DRV:64bit: - [2010.05.05 21:30:02 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k) DRV:64bit: - [2010.05.05 21:29:52 | 001,417,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.SYS -- (CTEXFIFX.SYS) DRV:64bit: - [2010.05.05 21:29:52 | 001,417,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.SYS -- (CTEXFIFX) DRV:64bit: - [2010.05.05 21:29:42 | 000,094,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.SYS -- (CTHWIUT.SYS) DRV:64bit: - [2010.05.05 21:29:42 | 000,094,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.SYS -- (CTHWIUT) DRV:64bit: - [2010.05.05 21:29:34 | 000,202,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.SYS -- (CT20XUT.SYS) DRV:64bit: - [2010.05.05 21:29:34 | 000,202,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.SYS -- (CT20XUT) DRV:64bit: - [2010.04.27 04:25:16 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ss_bmdm.sys -- (ss_bmdm) DRV:64bit: - [2010.04.27 04:25:16 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ss_bmdfl.sys -- (ss_bmdfl) DRV:64bit: - [2010.04.25 18:39:40 | 000,310,728 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt) DRV:64bit: - [2010.04.25 18:39:40 | 000,042,696 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt) DRV:64bit: - [2010.02.24 12:20:40 | 000,191,616 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11) DRV:64bit: - [2010.02.23 08:46:36 | 000,023,680 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IOMap64.sys -- (IOMap) DRV:64bit: - [2009.03.20 11:01:30 | 000,116,224 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ss_bbus.sys -- (ss_bbus) DRV:64bit: - [2008.05.19 13:44:00 | 001,137,152 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\athrx.sys -- (athr) DRV:64bit: - [2008.02.22 18:54:00 | 000,019,496 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GearAspiWDM) DRV:64bit: - [2008.01.21 04:46:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\serscan.sys -- (StillCam) DRV:64bit: - [2007.09.17 15:53:34 | 000,029,184 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys -- (pccsmcfd) DRV:64bit: - [2007.07.26 04:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2007.06.04 18:11:16 | 000,024,824 | ---- | M] (Cyberlink Co.,Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\CLBStor.sys -- (CLBStor) DRV:64bit: - [2007.06.04 18:11:10 | 000,369,912 | ---- | M] (CyberLink Corporation.) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\CLBUDF.sys -- (CLBUDF) DRV:64bit: - [2007.04.23 20:12:44 | 000,739,760 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BisonCam.sys -- (Cam5603D) DRV:64bit: - [2007.03.05 11:58:37 | 000,363,320 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEDSPSY.DLL -- (CTEDSPSY.DLL) DRV:64bit: - [2007.03.05 11:58:29 | 000,190,264 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEDSPIO.DLL -- (CTEDSPIO.DLL) DRV:64bit: - [2007.03.05 11:58:24 | 000,142,136 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTERFXFX.DLL -- (CTERFXFX.DLL) DRV:64bit: - [2007.03.05 11:58:18 | 000,321,848 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEDSPFX.DLL -- (CTEDSPFX.DLL) DRV:64bit: - [2007.03.05 11:58:12 | 000,219,448 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEAPSFX.DLL -- (CTEAPSFX.DLL) DRV:64bit: - [2007.03.05 11:58:07 | 000,681,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTSBLFX.DLL -- (CTSBLFX.DLL) DRV:64bit: - [2007.03.05 11:58:01 | 000,700,216 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTAUDFX.DLL -- (CTAUDFX.DLL) DRV:64bit: - [2007.03.05 11:57:52 | 000,157,496 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\COMMONFX.DLL -- (COMMONFX.DLL) DRV:64bit: - [2006.11.01 00:23:42 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor) DRV - [2012.02.09 12:48:24 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv) DRV - [2011.05.20 17:05:10 | 000,021,712 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\DrvAgent64.SYS -- (DrvAgent64) DRV - [2011.03.01 18:43:34 | 000,146,928 | ---- | M] (CyberLink Corp.) [2011/01/02 14:30:24] [Kernel | Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\000.fcl -- ({B154377D-700F-42cc-9474-23858FBDF4BD}) DRV - [2009.03.31 10:39:36 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk) DRV - [2005.01.07 17:34:54 | 000,486,766 | ---- | M] () [File_System | Auto | Stopped] -- C:\Windows\CLBUDF.tbl -- (CLBUDF) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3381971859-1467835855-1895993161-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.maxdome.de/# IE - HKU\S-1-5-21-3381971859-1467835855-1895993161-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-3381971859-1467835855-1895993161-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-3381971859-1467835855-1895993161-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 79 77 6A E6 FF AF CA 01 [binary data] IE - HKU\S-1-5-21-3381971859-1467835855-1895993161-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-3381971859-1467835855-1895993161-1000\..\SearchScopes,DefaultScope = {7F0AE4D7-BE8F-4736-9A67-80A1F638A96F} IE - HKU\S-1-5-21-3381971859-1467835855-1895993161-1000\..\SearchScopes\{7F0AE4D7-BE8F-4736-9A67-80A1F638A96F}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKU\S-1-5-21-3381971859-1467835855-1895993161-1000\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms} IE - HKU\S-1-5-21-3381971859-1467835855-1895993161-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "SweetIM Search" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: extension%40hidemyass.com:1.2.7 FF - prefs.js..extensions.enabledAddons: youtube2mp3%40mondayx.de:1.2.3 FF - prefs.js..extensions.enabledAddons: %7Bd91a2be6-3b56-4dfb-97f5-5e48fe3ed473%7D:1.0 FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0 FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6 FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170633FE}:21.1.10084.997 FF - prefs.js..extensions.enabledItems: sammelfreund@webmiles.de:1.12 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7 FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.6 FF - prefs.js..keyword.URL: "hxxp://www.bing.com/search?FORM=IEFM1&q=" FF - prefs.js..network.proxy.http: "93.174.93.98" FF - prefs.js..network.proxy.http_port: 80 FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "Bing" FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "hxxp://www.bing.com/search?FORM=IEFM1&q=" FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://google.de" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@artistscope.com/ArtistScope DRM plugin 1,version=1.1.0.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npArtistScopeDRM11.dll (ArtistScope) FF - HKLM\Software\MozillaPlugins\@artistscope.com/ArtistScope plugin 42,version=4.2.0.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npArtistScope42.dll (ArtistScope) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@innoplus.de/ino3DViewer: C:\Program Files (x86)\innoplus\3D-Viewer-innoPlus\npIno3DViewer.dll (INNOVA-engineering GmbH Dresden) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.) FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@artistscope.com/ArtistScope DRM plugin 1,version=1.1.0.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npArtistScopeDRM11.dll (ArtistScope) FF - HKCU\Software\MozillaPlugins\@artistscope.com/ArtistScope plugin 42,version=4.2.0.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npArtistScope42.dll (ArtistScope) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Tkhoygan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.12 01:50:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.12 01:50:30 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.12 01:50:34 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.12 01:50:30 | 000,000,000 | ---D | M] [2010.04.02 14:31:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tkhoygan\AppData\Roaming\mozilla\Extensions [2010.04.02 14:31:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tkhoygan\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2013.02.25 00:18:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tkhoygan\AppData\Roaming\mozilla\Firefox\Profiles\0l2dx2ys.default\extensions [2013.02.25 00:18:35 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Tkhoygan\AppData\Roaming\mozilla\Firefox\Profiles\0l2dx2ys.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.09.08 19:39:21 | 000,000,000 | ---D | M] (CSHelper) -- C:\Users\Tkhoygan\AppData\Roaming\mozilla\Firefox\Profiles\0l2dx2ys.default\extensions\{d91a2be6-3b56-4dfb-97f5-5e48fe3ed473} [2012.12.03 00:52:20 | 000,000,000 | ---D | M] ([verify-U]-Add-on) -- C:\Users\Tkhoygan\AppData\Roaming\mozilla\Firefox\Profiles\0l2dx2ys.default\extensions\verify-u_2@cybits.de [2012.05.23 20:45:37 | 000,053,803 | ---- | M] () (No name found) -- C:\Users\Tkhoygan\AppData\Roaming\mozilla\firefox\profiles\0l2dx2ys.default\extensions\extension@hidemyass.com.xpi [2013.01.20 23:53:59 | 000,026,621 | ---- | M] () (No name found) -- C:\Users\Tkhoygan\AppData\Roaming\mozilla\firefox\profiles\0l2dx2ys.default\extensions\verify-u@cybits.de.xpi [2011.09.09 23:03:39 | 000,011,510 | ---- | M] () (No name found) -- C:\Users\Tkhoygan\AppData\Roaming\mozilla\firefox\profiles\0l2dx2ys.default\extensions\youtube2mp3@mondayx.de.xpi [2013.01.07 01:23:42 | 000,190,000 | ---- | M] () (No name found) -- C:\Users\Tkhoygan\AppData\Roaming\mozilla\firefox\profiles\0l2dx2ys.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [2009.09.30 21:31:59 | 000,002,171 | ---- | M] () -- C:\Users\Tkhoygan\AppData\Roaming\mozilla\firefox\profiles\0l2dx2ys.default\searchplugins\bing.xml [2011.03.26 17:41:26 | 000,000,941 | ---- | M] () -- C:\Users\Tkhoygan\AppData\Roaming\mozilla\firefox\profiles\0l2dx2ys.default\searchplugins\filestubecom-software.xml [2011.03.26 17:38:17 | 000,000,930 | ---- | M] () -- C:\Users\Tkhoygan\AppData\Roaming\mozilla\firefox\profiles\0l2dx2ys.default\searchplugins\filestubecom.xml [2012.01.28 13:26:01 | 000,003,915 | ---- | M] () -- C:\Users\Tkhoygan\AppData\Roaming\mozilla\firefox\profiles\0l2dx2ys.default\searchplugins\sweetim.xml [2013.04.12 01:50:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2013.04.12 01:50:29 | 000,000,000 | ---D | M] (G Data BankGuard) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad} [2013.04.12 01:50:29 | 000,000,000 | ---D | M] (G Data WebFilter) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE} [2009.09.07 12:29:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2013.04.12 01:50:34 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2009.01.15 20:53:03 | 000,616,448 | ---- | M] (ArtistScope) -- C:\Program Files (x86)\mozilla firefox\plugins\npArtistScope42.dll [2009.02.02 08:06:56 | 000,211,456 | ---- | M] (ArtistScope) -- C:\Program Files (x86)\mozilla firefox\plugins\npArtistScopeDRM11.dll [2012.06.11 19:23:19 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.03.07 01:54:02 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - homepage: hxxp://www.google.de/ CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Orbit Downloader (Disabled) = C:\Program Files (x86)\Google\Chrome\Application\plugins\nporbit.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: ArtistScope plugin 42 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npArtistScope42.dll CHR - plugin: ArtistScope DRM plugin 1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npArtistScopeDRM11.dll CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll CHR - plugin: AmazonMP3DownloaderPlugin (Enabled) = C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: Media Go Detector (Enabled) = C:\Program Files (x86)\Sony\Media Go\npmediago.dll CHR - plugin: PlayStation(R)Network Downloader Check Plug-in (Enabled) = C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll CHR - plugin: Uplay PC (Enabled) = C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll CHR - plugin: InoViewer Plugin (Enabled) = C:\Program Files (x86)\innoplus\3D-Viewer-innoPlus\npIno3DViewer.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: YouTube = C:\Users\Tkhoygan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Google-Suche = C:\Users\Tkhoygan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: AT_RatchetClank_v2 = C:\Users\Tkhoygan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejhfomhehcinmhgnlhdpghklkjgppdmn\3_0\ CHR - Extension: Update Notification lite = C:\Users\Tkhoygan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhaidioehlnoiodhaabomodfmkcilijk\1.0\ CHR - Extension: Hitman: Blood Money = C:\Users\Tkhoygan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbpoljfhfcoebbnkknmcaggjgejiole\1.0.0.16_0\ CHR - Extension: Tank-Blitz = C:\Users\Tkhoygan\AppData\Local\Google\Chrome\User Data\Default\Extensions\omekciedmaoalgjfodfbfdibicgbgglj\1.0_0\ CHR - Extension: Google Mail = C:\Users\Tkhoygan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ Hosts file not found O2:64bit: - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\TotalCare\WebFilter\AvkWebIEx64.dll (G Data Software AG) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\TotalCare\WebFilter\AvkWebIE.dll (G Data Software AG) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\BanksafeBHO.dll (G Data Software AG) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3:64bit: - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\TotalCare\WebFilter\AvkWebIEx64.dll (G Data Software AG) O3 - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\TotalCare\WebFilter\AvkWebIE.dll (G Data Software AG) O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKU\S-1-5-21-3381971859-1467835855-1895993161-1000\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found. O3 - HKU\S-1-5-21-3381971859-1467835855-1895993161-1000\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.) O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found O4 - HKLM..\Run: [AsioThk32Reg] CTASIO.DLL (Creative Technology Ltd) O4 - HKLM..\Run: [AudioDrvEmulator] C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe (cyberlink) O4 - HKLM..\Run: [CTHelper] CTHELPER.EXE (Creative Technology Ltd) O4 - HKLM..\Run: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe () O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\TotalCare\AVKTray\AVKTray.exe (G Data Software AG) O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\TotalCare\Firewall\GDFirewallTray.exe (G Data Software AG) O4 - HKLM..\Run: [RCSystem] C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd) O4 - HKLM..\Run: [WheelMouse] C:\Program Files (x86)\A4Tech\Mouse\Amoumain.exe (A4Tech Co., Ltd.) O4 - HKU\.DEFAULT..\Run: [CtxfiReg] C:\Windows\SysWow64\CTxfiReg.exe (Creative Technology Ltd) O4 - HKU\S-1-5-18..\Run: [CtxfiReg] C:\Windows\SysWow64\CTxfiReg.exe (Creative Technology Ltd) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-3381971859-1467835855-1895993161-1000..\Run: [Creative MediaSource Go] C:\Program Files (x86)\Creative\MediaSource5\Go\CTCMSGoU.exe (Creative Technology Ltd) O4 - HKU\S-1-5-21-3381971859-1467835855-1895993161-1000..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O4:64bit: - HKLM..\RunOnce: [*WerKernelReporting] C:\Windows\SysNative\WerFault.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3381971859-1467835855-1895993161-1000..\RunOnce: [Shockwave Updater] C:\Windows\SysWOW64\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/5.0_(Windows;_U;_Windows_NT_6.0;_de;_rv:1.9.2.2)_Gecko/20100316_Firefox/3.6.2" -"hxxp://cc.porsche.com/icc_euro/ui/pva/application/bpModules/interior_3D.jsp?pluginsInstalled=true&RT=1270158517788" File not found O4 - Startup: C:\Users\AppData\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Meine Dienste.lnk = File not found O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Meine Dienste.lnk = File not found O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Meine Dienste.lnk = File not found O4 - Startup: C:\Users\Tkhoygan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Meine Dienste.lnk = C:\Programme\Telekom\Meine Dienste\StartMeineDienste.exe (Deutsche Telekom AG) O4 - Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Meine Dienste.lnk = File not found O4 - Startup: C:\Users\UpdatusUser.JustPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Meine Dienste.lnk = File not found O7 - HKU\S-1-5-21-3381971859-1467835855-1895993161-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 02 FE FF 03 [binary data] O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Tkhoygan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Web-Suche - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Tkhoygan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Web-Suche - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html () O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites) O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in ) O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in ) O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in ) O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in ) O15 - HKU\S-1-5-21-3381971859-1467835855-1895993161-1000\..Trusted Domains: clonewarsadventures.com ([]* in Vertrauenswürdige Sites) O15 - HKU\S-1-5-21-3381971859-1467835855-1895993161-1000\..Trusted Domains: freerealms.com ([]* in Vertrauenswürdige Sites) O15 - HKU\S-1-5-21-3381971859-1467835855-1895993161-1000\..Trusted Domains: soe.com ([]* in Vertrauenswürdige Sites) O15 - HKU\S-1-5-21-3381971859-1467835855-1895993161-1000\..Trusted Domains: sony.com ([]* in Vertrauenswürdige Sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.17.2) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15118/CTPID.cab (Creative Software AutoUpdate Support Package) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{045CB0D8-80F8-4BE5-97D3-A7AEA1906044}: DhcpNameServer = 192.168.135.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A6F6B1B4-2916-4A25-8C02-DC555670F665}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation) O20 - HKU\S-1-5-21-3381971859-1467835855-1895993161-1000 Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation) O20 - HKU\S-1-5-21-3381971859-1467835855-1895993161-1000 Winlogon: Shell - (C:\Users\Tkhoygan\AppData\Roaming\skype.dat) - C:\Users\Tkhoygan\AppData\Roaming\skype.dat () O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Tkhoygan\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Tkhoygan\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O27:64bit: - HKLM IFEO\hpwucli.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe" File not found O27:64bit: - HKLM IFEO\npsguide.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe" File not found O27:64bit: - HKLM IFEO\presentationhost.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe" File not found O27 - HKLM IFEO\hpwucli.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\npsguide.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\presentationhost.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O31 - SafeBoot: UseAlternatShell - 1 O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{0a4cc68c-3776-11df-ba00-00248c947495}\Shell - "" = AutoRun O33 - MountPoints2\{0a4cc68c-3776-11df-ba00-00248c947495}\Shell\AutoRun\command - "" = J:\AutoRun.exe O33 - MountPoints2\{0a4cc6af-3776-11df-ba00-00248c947495}\Shell - "" = AutoRun O33 - MountPoints2\{0a4cc6af-3776-11df-ba00-00248c947495}\Shell\AutoRun\command - "" = J:\AutoRun.exe O33 - MountPoints2\{6d54971f-9a75-11de-ab90-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{6d54971f-9a75-11de-ab90-806e6f6e6963}\Shell\AutoRun\command - "" = E:\menue.exe O33 - MountPoints2\{f453e214-3846-11df-a70c-00248c947495}\Shell - "" = AutoRun O33 - MountPoints2\{f453e214-3846-11df-a70c-00248c947495}\Shell\AutoRun\command - "" = J:\AutoRun.exe O33 - MountPoints2\{f453e22f-3846-11df-a70c-00248c947495}\Shell - "" = AutoRun O33 - MountPoints2\{f453e22f-3846-11df-a70c-00248c947495}\Shell\AutoRun\command - "" = J:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.04.22 01:46:27 | 000,000,000 | ---D | C] -- C:\Users\Tkhoygan\AppData\Roaming\vlc [2013.04.22 01:45:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2013.04.18 22:09:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Snail Games USA [2013.04.18 22:09:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Snail Games USA [2013.04.18 21:05:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\WuShu_0.0.1.029 [2013.04.18 21:05:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AgeofWushu_download [2013.04.17 23:55:49 | 000,000,000 | ---D | C] -- C:\Users\Tkhoygan\AppData\Local\SCE [2013.04.13 19:37:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\maxdome [2013.04.13 19:37:40 | 000,000,000 | ---D | C] -- C:\ProgramData\maxdome [2013.04.13 19:37:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\maxdome [2013.04.12 01:50:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.04.10 23:01:18 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.04.10 23:01:18 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.04.10 23:01:17 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.04.10 23:01:17 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.04.10 23:01:17 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.04.10 23:01:17 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.04.10 23:01:16 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.04.10 23:01:16 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.04.10 23:01:15 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.04.10 23:01:15 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.04.10 23:01:14 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.04.10 23:01:14 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.04.10 23:01:13 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.04.10 23:01:13 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.04.10 23:01:13 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.04.10 19:47:50 | 004,691,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013.04.10 19:47:50 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll [2013.04.10 19:47:50 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe [2013.04.10 19:42:05 | 000,451,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2013.04.10 19:42:04 | 002,425,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll [2013.04.10 19:42:04 | 002,067,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll [2010.06.02 06:22:02 | 000,089,944 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\DSETUP.dll [8 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [6 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.05.04 11:27:13 | 001,445,546 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.05.04 11:27:13 | 000,627,978 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.05.04 11:27:13 | 000,595,608 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.05.04 11:27:13 | 000,126,092 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.05.04 11:27:13 | 000,103,682 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.05.04 10:45:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.03 23:50:41 | 000,060,992 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000008-00000000-00000001-00001102-00000005-00291102}.rfx [2013.05.03 23:50:41 | 000,060,992 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000008-00000000-00000001-00001102-00000005-00291102}.rfx [2013.05.03 23:50:41 | 000,000,788 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000008-00000000-00000001-00001102-00000005-00291102}.rfx [2013.05.03 23:50:37 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.03 23:50:36 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.03 23:46:23 | 000,002,032 | ---- | M] () -- C:\Users\Tkhoygan\AppData\Local\d3d9caps.dat [2013.05.03 23:44:14 | 000,000,004 | ---- | M] () -- C:\Users\Tkhoygan\AppData\Roaming\skype.ini [2013.05.03 23:43:02 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.05.03 23:39:00 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.05.02 00:22:57 | 001,059,173 | ---- | M] () -- C:\Windows\SysWow64\sig.bin [2013.05.02 00:22:57 | 000,054,567 | ---- | M] () -- C:\Windows\SysWow64\nmp.map [2013.04.29 06:52:33 | 000,038,400 | ---- | M] () -- C:\Users\Tkhoygan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.04.22 01:45:58 | 000,000,861 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2013.04.21 15:16:09 | 000,001,460 | ---- | M] () -- C:\Users\Tkhoygan\AppData\Local\d3d9caps64.dat [2013.04.21 04:26:16 | 000,000,236 | ---- | M] () -- C:\mapui.ini [2013.04.21 04:26:16 | 000,000,154 | ---- | M] () -- C:\general_info_filter.ini [2013.04.21 04:19:53 | 000,000,005 | ---- | M] () -- C:\mail.ini [2013.04.21 04:19:43 | 000,000,307 | ---- | M] () -- C:\attach.ini [2013.04.18 22:09:24 | 000,000,825 | ---- | M] () -- C:\Users\Public\Desktop\Age of Wushu.lnk [2013.04.18 21:05:17 | 000,001,092 | ---- | M] () -- C:\Users\Tkhoygan\Desktop\AgeofWushu_downloader.lnk [2013.04.17 23:54:53 | 000,002,147 | ---- | M] () -- C:\Users\Tkhoygan\Desktop\DC Universe Online PSG.lnk [2013.04.13 19:37:45 | 000,001,880 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\maxdome Download Manager.lnk [2013.04.12 21:51:01 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.04.12 21:51:01 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.04.11 01:20:10 | 004,825,352 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [8 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [6 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.05.03 22:43:17 | 000,000,004 | ---- | C] () -- C:\Users\Tkhoygan\AppData\Roaming\skype.ini [2013.04.23 20:52:57 | 000,501,760 | ---- | C] () -- C:\Windows\SysNative\ZSHP1020.EXE [2013.04.23 20:52:57 | 000,192,512 | ---- | C] () -- C:\Windows\SysNative\ZLhp1020.DLL [2013.04.22 01:45:58 | 000,000,861 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2013.04.21 04:26:16 | 000,000,154 | ---- | C] () -- C:\general_info_filter.ini [2013.04.21 01:31:49 | 000,000,005 | ---- | C] () -- C:\mail.ini [2013.04.21 01:19:44 | 000,000,307 | ---- | C] () -- C:\attach.ini [2013.04.21 01:15:28 | 000,000,236 | ---- | C] () -- C:\mapui.ini [2013.04.18 22:09:24 | 000,000,825 | ---- | C] () -- C:\Users\Public\Desktop\Age of Wushu.lnk [2013.04.18 21:05:17 | 000,001,092 | ---- | C] () -- C:\Users\Tkhoygan\Desktop\AgeofWushu_downloader.lnk [2013.04.17 23:54:54 | 000,002,177 | ---- | C] () -- C:\Users\Tkhoygan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DC Universe Online PSG.lnk [2013.04.17 23:54:53 | 000,002,147 | ---- | C] () -- C:\Users\Tkhoygan\Desktop\DC Universe Online PSG.lnk [2013.04.13 19:37:45 | 000,001,880 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\maxdome Download Manager.lnk [2013.03.09 11:19:53 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2013.03.09 11:19:52 | 003,123,272 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2013.03.06 23:53:30 | 000,000,022 | ---- | C] () -- C:\Windows\GPU-Z.INI [2012.12.30 22:41:13 | 000,015,190 | ---- | C] () -- C:\Windows\M2000Twn.ini [2012.11.08 00:00:40 | 000,010,231 | ---- | C] () -- C:\Users\Tkhoygan\TomasKhoygani_Tkhoygan_elster_2048 - Kopie.pfx [2012.09.04 02:25:47 | 000,040,960 | R--- | C] () -- C:\Windows\SysWow64\psfind.dll [2012.08.30 11:40:14 | 000,429,416 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2012.07.02 18:49:37 | 004,503,728 | ---- | C] () -- C:\ProgramData\l_u0_0.pad [2012.01.17 12:24:10 | 000,055,296 | ---- | C] () -- C:\Windows\SysWow64\ASGT.exe [2012.01.12 20:53:13 | 000,098,304 | ---- | C] () -- C:\Users\Tkhoygan\AppData\Roaming\skype.dat [2011.12.03 18:15:00 | 000,000,000 | ---- | C] () -- C:\Users\Tkhoygan\AppData\Local\{4DDBAB34-8E35-4627-8071-1F78DE82B6BC} [2011.10.13 20:10:59 | 000,000,000 | ---- | C] () -- C:\Users\Tkhoygan\AppData\Local\{AEE60C42-E89C-4151-94DE-6FC24E9DF279} [2011.10.09 21:39:07 | 000,000,466 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2011.09.11 21:10:53 | 001,059,173 | ---- | C] () -- C:\Windows\SysWow64\sig.bin [2011.08.28 02:16:59 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2011.06.28 00:34:54 | 000,004,416 | ---- | C] () -- C:\Users\Tkhoygan\AppData\Roaming\CamStudio.cfg [2011.06.28 00:34:54 | 000,000,408 | ---- | C] () -- C:\Users\Tkhoygan\AppData\Roaming\CamShapes.ini [2011.06.28 00:34:54 | 000,000,408 | ---- | C] () -- C:\Users\Tkhoygan\AppData\Roaming\CamLayout.ini [2011.06.28 00:34:54 | 000,000,121 | ---- | C] () -- C:\Users\Tkhoygan\AppData\Roaming\Camdata.ini [2010.06.02 06:22:54 | 001,412,902 | ---- | C] () -- C:\ProgramData\OCT2006_d3dx9_31_x64.cab [2010.06.02 06:22:54 | 001,127,217 | ---- | C] () -- C:\ProgramData\OCT2006_d3dx9_31_x86.cab [2010.06.02 06:22:54 | 000,273,960 | ---- | C] () -- C:\ProgramData\Nov2008_XAudio_x64.cab [2010.06.02 06:22:54 | 000,272,611 | ---- | C] () -- C:\ProgramData\Nov2008_XAudio_x86.cab [2010.06.02 06:22:54 | 000,182,361 | ---- | C] () -- C:\ProgramData\OCT2006_XACT_x64.cab [2010.06.02 06:22:54 | 000,138,017 | ---- | C] () -- C:\ProgramData\OCT2006_XACT_x86.cab [2010.06.02 06:22:54 | 000,086,037 | ---- | C] () -- C:\ProgramData\Oct2005_xinput_x64.cab [2010.06.02 06:22:54 | 000,045,359 | ---- | C] () -- C:\ProgramData\Oct2005_xinput_x86.cab [2010.06.02 06:22:52 | 001,906,878 | ---- | C] () -- C:\ProgramData\Nov2008_d3dx9_40_x64.cab [2010.06.02 06:22:52 | 001,550,796 | ---- | C] () -- C:\ProgramData\Nov2008_d3dx9_40_x86.cab [2010.06.02 06:22:52 | 000,965,421 | ---- | C] () -- C:\ProgramData\Nov2008_d3dx10_40_x86.cab [2010.06.02 06:22:52 | 000,121,794 | ---- | C] () -- C:\ProgramData\Nov2008_XACT_x64.cab [2010.06.02 06:22:52 | 000,092,684 | ---- | C] () -- C:\ProgramData\Nov2008_XACT_x86.cab [2010.06.02 06:22:52 | 000,054,522 | ---- | C] () -- C:\ProgramData\Nov2008_X3DAudio_x64.cab [2010.06.02 06:22:52 | 000,021,851 | ---- | C] () -- C:\ProgramData\Nov2008_X3DAudio_x86.cab [2010.06.02 06:22:50 | 000,994,154 | ---- | C] () -- C:\ProgramData\Nov2008_d3dx10_40_x64.cab [2010.06.02 06:22:50 | 000,196,762 | ---- | C] () -- C:\ProgramData\NOV2007_XACT_x64.cab [2010.06.02 06:22:50 | 000,148,264 | ---- | C] () -- C:\ProgramData\NOV2007_XACT_x86.cab [2010.06.02 06:22:50 | 000,046,144 | ---- | C] () -- C:\ProgramData\NOV2007_X3DAudio_x64.cab [2010.06.02 06:22:50 | 000,018,496 | ---- | C] () -- C:\ProgramData\NOV2007_X3DAudio_x86.cab [2010.06.02 06:22:48 | 001,802,058 | ---- | C] () -- C:\ProgramData\Nov2007_d3dx9_36_x64.cab [2010.06.02 06:22:48 | 001,709,360 | ---- | C] () -- C:\ProgramData\Nov2007_d3dx9_36_x86.cab [2010.06.02 06:22:48 | 000,864,600 | ---- | C] () -- C:\ProgramData\Nov2007_d3dx10_36_x64.cab [2010.06.02 06:22:48 | 000,803,884 | ---- | C] () -- C:\ProgramData\Nov2007_d3dx10_36_x86.cab [2010.06.02 06:22:48 | 000,273,018 | ---- | C] () -- C:\ProgramData\Mar2009_XAudio_x86.cab [2010.06.02 06:22:46 | 000,275,044 | ---- | C] () -- C:\ProgramData\Mar2009_XAudio_x64.cab [2010.06.02 06:22:46 | 000,121,506 | ---- | C] () -- C:\ProgramData\Mar2009_XACT_x64.cab [2010.06.02 06:22:46 | 000,092,740 | ---- | C] () -- C:\ProgramData\Mar2009_XACT_x86.cab [2010.06.02 06:22:38 | 000,054,600 | ---- | C] () -- C:\ProgramData\Mar2009_X3DAudio_x64.cab [2010.06.02 06:22:38 | 000,021,298 | ---- | C] () -- C:\ProgramData\Mar2009_X3DAudio_x86.cab [2010.06.02 06:22:36 | 001,973,702 | ---- | C] () -- C:\ProgramData\Mar2009_d3dx9_41_x64.cab [2010.06.02 06:22:36 | 001,612,446 | ---- | C] () -- C:\ProgramData\Mar2009_d3dx9_41_x86.cab [2010.06.02 06:22:36 | 001,067,160 | ---- | C] () -- C:\ProgramData\Mar2009_d3dx10_41_x64.cab [2010.06.02 06:22:36 | 001,040,745 | ---- | C] () -- C:\ProgramData\Mar2009_d3dx10_41_x86.cab [2010.06.02 06:22:36 | 000,251,194 | ---- | C] () -- C:\ProgramData\Mar2008_XAudio_x64.cab [2010.06.02 06:22:36 | 000,226,250 | ---- | C] () -- C:\ProgramData\Mar2008_XAudio_x86.cab [2010.06.02 06:22:36 | 000,122,336 | ---- | C] () -- C:\ProgramData\Mar2008_XACT_x64.cab [2010.06.02 06:22:36 | 000,093,734 | ---- | C] () -- C:\ProgramData\Mar2008_XACT_x86.cab [2010.06.02 06:22:34 | 001,769,862 | ---- | C] () -- C:\ProgramData\Mar2008_d3dx9_37_x64.cab [2010.06.02 06:22:34 | 001,443,282 | ---- | C] () -- C:\ProgramData\Mar2008_d3dx9_37_x86.cab [2010.06.02 06:22:34 | 000,818,260 | ---- | C] () -- C:\ProgramData\Mar2008_d3dx10_37_x86.cab [2010.06.02 06:22:34 | 000,055,058 | ---- | C] () -- C:\ProgramData\Mar2008_X3DAudio_x64.cab [2010.06.02 06:22:34 | 000,021,867 | ---- | C] () -- C:\ProgramData\Mar2008_X3DAudio_x86.cab [2010.06.02 06:22:32 | 000,937,246 | ---- | C] () -- C:\ProgramData\Jun2010_d3dx9_43_x64.cab [2010.06.02 06:22:32 | 000,844,884 | ---- | C] () -- C:\ProgramData\Mar2008_d3dx10_37_x64.cab [2010.06.02 06:22:32 | 000,768,036 | ---- | C] () -- C:\ProgramData\Jun2010_d3dx9_43_x86.cab [2010.06.02 06:22:32 | 000,278,060 | ---- | C] () -- C:\ProgramData\Jun2010_XAudio_x86.cab [2010.06.02 06:22:32 | 000,277,338 | ---- | C] () -- C:\ProgramData\Jun2010_XAudio_x64.cab [2010.06.02 06:22:32 | 000,124,596 | ---- | C] () -- C:\ProgramData\Jun2010_XACT_x64.cab [2010.06.02 06:22:32 | 000,093,686 | ---- | C] () -- C:\ProgramData\Jun2010_XACT_x86.cab [2010.06.02 06:22:30 | 000,762,188 | ---- | C] () -- C:\ProgramData\Jun2010_d3dcsx_43_x86.cab [2010.06.02 06:22:30 | 000,235,955 | ---- | C] () -- C:\ProgramData\Jun2010_d3dx10_43_x64.cab [2010.06.02 06:22:30 | 000,197,283 | ---- | C] () -- C:\ProgramData\Jun2010_d3dx10_43_x86.cab [2010.06.02 06:22:30 | 000,138,205 | ---- | C] () -- C:\ProgramData\Jun2010_d3dx11_43_x64.cab [2010.06.02 06:22:30 | 000,109,445 | ---- | C] () -- C:\ProgramData\Jun2010_d3dx11_43_x86.cab [2010.06.02 06:22:28 | 000,944,460 | ---- | C] () -- C:\ProgramData\Jun2010_D3DCompiler_43_x64.cab [2010.06.02 06:22:28 | 000,931,471 | ---- | C] () -- C:\ProgramData\Jun2010_D3DCompiler_43_x86.cab [2010.06.02 06:22:28 | 000,752,783 | ---- | C] () -- C:\ProgramData\Jun2010_d3dcsx_43_x64.cab [2010.06.02 06:22:20 | 000,269,024 | ---- | C] () -- C:\ProgramData\JUN2008_XAudio_x86.cab [2010.06.02 06:22:18 | 001,792,608 | ---- | C] () -- C:\ProgramData\JUN2008_d3dx9_38_x64.cab [2010.06.02 06:22:18 | 001,463,878 | ---- | C] () -- C:\ProgramData\JUN2008_d3dx9_38_x86.cab [2010.06.02 06:22:18 | 000,867,828 | ---- | C] () -- C:\ProgramData\JUN2008_d3dx10_38_x64.cab [2010.06.02 06:22:18 | 000,849,919 | ---- | C] () -- C:\ProgramData\JUN2008_d3dx10_38_x86.cab [2010.06.02 06:22:18 | 000,269,628 | ---- | C] () -- C:\ProgramData\JUN2008_XAudio_x64.cab [2010.06.02 06:22:18 | 000,152,909 | ---- | C] () -- C:\ProgramData\JUN2007_XACT_x86.cab [2010.06.02 06:22:18 | 000,121,054 | ---- | C] () -- C:\ProgramData\JUN2008_XACT_x64.cab [2010.06.02 06:22:18 | 000,093,128 | ---- | C] () -- C:\ProgramData\JUN2008_XACT_x86.cab [2010.06.02 06:22:18 | 000,055,154 | ---- | C] () -- C:\ProgramData\JUN2008_X3DAudio_x64.cab [2010.06.02 06:22:18 | 000,021,905 | ---- | C] () -- C:\ProgramData\JUN2008_X3DAudio_x86.cab [2010.06.02 06:22:16 | 001,607,774 | ---- | C] () -- C:\ProgramData\JUN2007_d3dx9_34_x64.cab [2010.06.02 06:22:16 | 001,607,286 | ---- | C] () -- C:\ProgramData\JUN2007_d3dx9_34_x86.cab [2010.06.02 06:22:16 | 001,064,925 | ---- | C] () -- C:\ProgramData\Jun2005_d3dx9_26_x86.cab [2010.06.02 06:22:16 | 000,699,044 | ---- | C] () -- C:\ProgramData\JUN2007_d3dx10_34_x64.cab [2010.06.02 06:22:16 | 000,698,472 | ---- | C] () -- C:\ProgramData\JUN2007_d3dx10_34_x86.cab [2010.06.02 06:22:16 | 000,197,122 | ---- | C] () -- C:\ProgramData\JUN2007_XACT_x64.cab [2010.06.02 06:22:16 | 000,180,785 | ---- | C] () -- C:\ProgramData\JUN2006_XACT_x64.cab [2010.06.02 06:22:16 | 000,133,671 | ---- | C] () -- C:\ProgramData\JUN2006_XACT_x86.cab [2010.06.02 06:22:14 | 001,336,002 | ---- | C] () -- C:\ProgramData\Jun2005_d3dx9_26_x64.cab [2010.06.02 06:22:14 | 000,277,191 | ---- | C] () -- C:\ProgramData\Feb2010_XAudio_x86.cab [2010.06.02 06:22:14 | 000,276,960 | ---- | C] () -- C:\ProgramData\Feb2010_XAudio_x64.cab [2010.06.02 06:22:14 | 000,122,446 | ---- | C] () -- C:\ProgramData\Feb2010_XACT_x64.cab [2010.06.02 06:22:14 | 000,093,180 | ---- | C] () -- C:\ProgramData\Feb2010_XACT_x86.cab [2010.06.02 06:22:12 | 000,194,675 | ---- | C] () -- C:\ProgramData\FEB2007_XACT_x64.cab [2010.06.02 06:22:12 | 000,147,983 | ---- | C] () -- C:\ProgramData\FEB2007_XACT_x86.cab [2010.06.02 06:22:12 | 000,054,678 | ---- | C] () -- C:\ProgramData\Feb2010_X3DAudio_x64.cab [2010.06.02 06:22:12 | 000,020,713 | ---- | C] () -- C:\ProgramData\Feb2010_X3DAudio_x86.cab [2010.06.02 06:22:10 | 000,178,359 | ---- | C] () -- C:\ProgramData\Feb2006_XACT_x64.cab [2010.06.02 06:22:10 | 000,132,409 | ---- | C] () -- C:\ProgramData\Feb2006_XACT_x86.cab [2010.06.02 06:22:04 | 001,084,720 | ---- | C] () -- C:\ProgramData\Feb2006_d3dx9_29_x86.cab [2010.06.02 06:22:02 | 001,801,048 | ---- | C] () -- C:\ProgramData\dsetup32.dll [2010.06.02 06:22:02 | 001,574,376 | ---- | C] () -- C:\ProgramData\DEC2006_d3dx9_32_x86.cab [2010.06.02 06:22:02 | 001,362,796 | ---- | C] () -- C:\ProgramData\Feb2006_d3dx9_29_x64.cab [2010.06.02 06:22:02 | 001,247,499 | ---- | C] () -- C:\ProgramData\Feb2005_d3dx9_24_x64.cab [2010.06.02 06:22:02 | 001,013,225 | ---- | C] () -- C:\ProgramData\Feb2005_d3dx9_24_x86.cab [2010.06.02 06:22:02 | 000,537,432 | ---- | C] () -- C:\ProgramData\DXSETUP.exe [2010.06.02 06:22:02 | 000,192,475 | ---- | C] () -- C:\ProgramData\DEC2006_XACT_x64.cab [2010.06.02 06:22:02 | 000,145,599 | ---- | C] () -- C:\ProgramData\DEC2006_XACT_x86.cab [2010.06.02 06:22:02 | 000,094,011 | ---- | C] () -- C:\ProgramData\dxupdate.cab [2010.06.02 06:22:02 | 000,042,410 | ---- | C] () -- C:\ProgramData\dxdllreg_x86.cab [2010.06.02 06:22:00 | 001,571,154 | ---- | C] () -- C:\ProgramData\DEC2006_d3dx9_32_x64.cab [2010.06.02 06:22:00 | 001,357,976 | ---- | C] () -- C:\ProgramData\Dec2005_d3dx9_28_x64.cab [2010.06.02 06:22:00 | 001,079,456 | ---- | C] () -- C:\ProgramData\Dec2005_d3dx9_28_x86.cab [2010.06.02 06:22:00 | 000,273,264 | ---- | C] () -- C:\ProgramData\Aug2009_XAudio_x64.cab [2010.06.02 06:22:00 | 000,272,642 | ---- | C] () -- C:\ProgramData\Aug2009_XAudio_x86.cab [2010.06.02 06:22:00 | 000,212,807 | ---- | C] () -- C:\ProgramData\DEC2006_d3dx10_00_x64.cab [2010.06.02 06:22:00 | 000,191,720 | ---- | C] () -- C:\ProgramData\DEC2006_d3dx10_00_x86.cab [2010.06.02 06:22:00 | 000,122,408 | ---- | C] () -- C:\ProgramData\Aug2009_XACT_x64.cab [2010.06.02 06:22:00 | 000,093,106 | ---- | C] () -- C:\ProgramData\Aug2009_XACT_x86.cab [2010.06.02 06:21:58 | 000,930,116 | ---- | C] () -- C:\ProgramData\Aug2009_d3dx9_42_x64.cab [2010.06.02 06:21:58 | 000,728,456 | ---- | C] () -- C:\ProgramData\Aug2009_d3dx9_42_x86.cab [2010.06.02 06:21:58 | 000,232,635 | ---- | C] () -- C:\ProgramData\Aug2009_d3dx10_42_x64.cab [2010.06.02 06:21:58 | 000,192,131 | ---- | C] () -- C:\ProgramData\Aug2009_d3dx10_42_x86.cab [2010.06.02 06:21:58 | 000,136,301 | ---- | C] () -- C:\ProgramData\Aug2009_d3dx11_42_x64.cab [2010.06.02 06:21:58 | 000,105,044 | ---- | C] () -- C:\ProgramData\Aug2009_d3dx11_42_x86.cab [2010.06.02 06:21:56 | 003,319,740 | ---- | C] () -- C:\ProgramData\Aug2009_d3dcsx_42_x86.cab [2010.06.02 06:21:56 | 003,112,111 | ---- | C] () -- C:\ProgramData\Aug2009_d3dcsx_42_x64.cab [2010.06.02 06:21:56 | 000,900,598 | ---- | C] () -- C:\ProgramData\Aug2009_D3DCompiler_42_x86.cab [2010.06.02 06:21:46 | 000,919,044 | ---- | C] () -- C:\ProgramData\Aug2009_D3DCompiler_42_x64.cab [2010.06.02 06:21:46 | 000,271,412 | ---- | C] () -- C:\ProgramData\Aug2008_XAudio_x64.cab [2010.06.02 06:21:46 | 000,271,038 | ---- | C] () -- C:\ProgramData\Aug2008_XAudio_x86.cab [2010.06.02 06:21:44 | 001,794,084 | ---- | C] () -- C:\ProgramData\Aug2008_d3dx9_39_x64.cab [2010.06.02 06:21:44 | 001,464,672 | ---- | C] () -- C:\ProgramData\Aug2008_d3dx9_39_x86.cab [2010.06.02 06:21:44 | 000,849,167 | ---- | C] () -- C:\ProgramData\Aug2008_d3dx10_39_x86.cab [2010.06.02 06:21:44 | 000,198,096 | ---- | C] () -- C:\ProgramData\AUG2007_XACT_x64.cab [2010.06.02 06:21:44 | 000,153,012 | ---- | C] () -- C:\ProgramData\AUG2007_XACT_x86.cab [2010.06.02 06:21:44 | 000,121,772 | ---- | C] () -- C:\ProgramData\Aug2008_XACT_x64.cab [2010.06.02 06:21:44 | 000,092,996 | ---- | C] () -- C:\ProgramData\Aug2008_XACT_x86.cab [2010.06.02 06:21:42 | 001,800,160 | ---- | C] () -- C:\ProgramData\AUG2007_d3dx9_35_x64.cab [2010.06.02 06:21:42 | 001,708,152 | ---- | C] () -- C:\ProgramData\AUG2007_d3dx9_35_x86.cab [2010.06.02 06:21:42 | 000,867,612 | ---- | C] () -- C:\ProgramData\Aug2008_d3dx10_39_x64.cab [2010.06.02 06:21:42 | 000,852,286 | ---- | C] () -- C:\ProgramData\AUG2007_d3dx10_35_x64.cab [2010.06.02 06:21:42 | 000,796,867 | ---- | C] () -- C:\ProgramData\AUG2007_d3dx10_35_x86.cab [2010.06.02 06:21:40 | 001,350,542 | ---- | C] () -- C:\ProgramData\Aug2005_d3dx9_27_x64.cab [2010.06.02 06:21:40 | 001,077,644 | ---- | C] () -- C:\ProgramData\Aug2005_d3dx9_27_x86.cab [2010.06.02 06:21:40 | 000,182,903 | ---- | C] () -- C:\ProgramData\AUG2006_XACT_x64.cab [2010.06.02 06:21:40 | 000,137,235 | ---- | C] () -- C:\ProgramData\AUG2006_XACT_x86.cab [2010.06.02 06:21:40 | 000,087,142 | ---- | C] () -- C:\ProgramData\AUG2006_xinput_x64.cab [2010.06.02 06:21:40 | 000,053,302 | ---- | C] () -- C:\ProgramData\APR2007_xinput_x86.cab [2010.06.02 06:21:40 | 000,046,058 | ---- | C] () -- C:\ProgramData\AUG2006_xinput_x86.cab [2010.06.02 06:21:38 | 001,606,039 | ---- | C] () -- C:\ProgramData\APR2007_d3dx9_33_x86.cab [2010.06.02 06:21:38 | 000,195,766 | ---- | C] () -- C:\ProgramData\APR2007_XACT_x64.cab [2010.06.02 06:21:38 | 000,151,225 | ---- | C] () -- C:\ProgramData\APR2007_XACT_x86.cab [2010.06.02 06:21:38 | 000,096,817 | ---- | C] () -- C:\ProgramData\APR2007_xinput_x64.cab [2010.06.02 06:21:36 | 001,607,358 | ---- | C] () -- C:\ProgramData\APR2007_d3dx9_33_x64.cab [2010.06.02 06:21:36 | 000,698,612 | ---- | C] () -- C:\ProgramData\APR2007_d3dx10_33_x64.cab [2010.06.02 06:21:36 | 000,695,865 | ---- | C] () -- C:\ProgramData\APR2007_d3dx10_33_x86.cab [2010.06.02 06:21:34 | 000,046,010 | ---- | C] () -- C:\ProgramData\Apr2006_xinput_x86.cab [2010.06.02 06:21:20 | 000,087,101 | ---- | C] () -- C:\ProgramData\Apr2006_xinput_x64.cab [2010.06.02 06:21:18 | 004,162,630 | ---- | C] () -- C:\ProgramData\Apr2006_MDX1_x86_Archive.cab [2010.06.02 06:21:18 | 000,916,430 | ---- | C] () -- C:\ProgramData\Apr2006_MDX1_x86.cab [2010.06.02 06:21:18 | 000,179,133 | ---- | C] () -- C:\ProgramData\Apr2006_XACT_x64.cab [2010.06.02 06:21:18 | 000,133,103 | ---- | C] () -- C:\ProgramData\Apr2006_XACT_x86.cab [2010.06.02 06:21:16 | 001,397,830 | ---- | C] () -- C:\ProgramData\Apr2006_d3dx9_30_x64.cab [2010.06.02 06:21:16 | 001,347,354 | ---- | C] () -- C:\ProgramData\Apr2005_d3dx9_25_x64.cab [2010.06.02 06:21:16 | 001,115,221 | ---- | C] () -- C:\ProgramData\Apr2006_d3dx9_30_x86.cab [2010.06.02 06:21:16 | 001,078,962 | ---- | C] () -- C:\ProgramData\Apr2005_d3dx9_25_x86.cab [2010.05.05 09:31:12 | 000,024,226 | ---- | C] () -- C:\Users\Tkhoygan\AppData\Roaming\UserTile.png [2010.04.21 23:07:24 | 000,027,926 | ---- | C] () -- C:\Users\Tkhoygan\St Head.pdf.erv [2010.01.15 20:57:53 | 000,112,754 | ---- | C] () -- C:\Users\Tkhoygan\Bestellung bestätigen 15.01.10.pdf.erv [2009.11.18 23:16:23 | 000,010,455 | ---- | C] () -- C:\Users\Tkhoygan\TomasKhoygani_Tkhoygan_elster_2048.pfx [2009.11.01 11:26:19 | 000,002,032 | ---- | C] () -- C:\Users\Tkhoygan\AppData\Local\d3d9caps.dat [2009.09.08 02:47:42 | 000,038,400 | ---- | C] () -- C:\Users\Tkhoygan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.09.06 01:51:12 | 000,001,460 | ---- | C] () -- C:\Users\Tkhoygan\AppData\Local\d3d9caps64.dat ========== ZeroAccess Check ========== [2011.11.18 22:55:05 | 000,002,048 | -HS- | M] () -- C:\Users\Tkhoygan\AppData\Local\{f2480897-07a5-5235-fec4-f4d3c6b3659c}\@ [2011.11.18 22:55:05 | 000,000,000 | -HSD | M] -- C:\Users\Tkhoygan\AppData\Local\{f2480897-07a5-5235-fec4-f4d3c6b3659c}\L [2011.11.18 22:55:05 | 000,000,000 | -HSD | M] -- C:\Users\Tkhoygan\AppData\Local\{f2480897-07a5-5235-fec4-f4d3c6b3659c}\U [2006.11.02 17:29:43 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "ThreadingModel" = Both "" = C:\Users\Tkhoygan\AppData\Local\{f2480897-07a5-5235-fec4-f4d3c6b3659c}\n. [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.08 19:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.04.11 09:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 04:50:01 | 000,513,024 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Files - Unicode (All) ========== [2013.04.28 20:04:04 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\???i{52ebfe38-afec-11e2-832f-00248c947495}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\۸䅌i{52ebfe38-afec-11e2-832f-00248c947495}.TMContainer00000000000000000002.regtrans-ms [2013.04.28 20:04:04 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\???i{52ebfe38-afec-11e2-832f-00248c947495}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\۸䅌i{52ebfe38-afec-11e2-832f-00248c947495}.TMContainer00000000000000000001.regtrans-ms [2013.04.28 20:04:04 | 000,262,144 | ---- | M] ()(C:\Windows\SysWow64\???i) -- C:\Windows\SysWow64\۸䅌i [2013.04.28 20:04:04 | 000,065,536 | -HS- | M] ()(C:\Windows\SysWow64\???i{52ebfe38-afec-11e2-832f-00248c947495}.TM.blf) -- C:\Windows\SysWow64\۸䅌i{52ebfe38-afec-11e2-832f-00248c947495}.TM.blf [2013.04.28 20:04:04 | 000,021,504 | -H-- | M] ()(C:\Windows\SysWow64\???i.LOG1) -- C:\Windows\SysWow64\۸䅌i.LOG1 [2013.04.28 20:00:01 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\???i{52ebfe38-afec-11e2-832f-00248c947495}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\۸䅌i{52ebfe38-afec-11e2-832f-00248c947495}.TMContainer00000000000000000002.regtrans-ms [2013.04.28 20:00:01 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\???i{52ebfe38-afec-11e2-832f-00248c947495}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\۸䅌i{52ebfe38-afec-11e2-832f-00248c947495}.TMContainer00000000000000000001.regtrans-ms [2013.04.28 20:00:01 | 000,262,144 | ---- | C] ()(C:\Windows\SysWow64\???i) -- C:\Windows\SysWow64\۸䅌i [2013.04.28 20:00:01 | 000,065,536 | -HS- | C] ()(C:\Windows\SysWow64\???i{52ebfe38-afec-11e2-832f-00248c947495}.TM.blf) -- C:\Windows\SysWow64\۸䅌i{52ebfe38-afec-11e2-832f-00248c947495}.TM.blf [2013.04.28 20:00:01 | 000,021,504 | -H-- | C] ()(C:\Windows\SysWow64\???i.LOG1) -- C:\Windows\SysWow64\۸䅌i.LOG1 [2013.04.28 20:00:01 | 000,000,000 | -H-- | M] ()(C:\Windows\SysWow64\???i.LOG2) -- C:\Windows\SysWow64\۸䅌i.LOG2 [2013.04.28 20:00:01 | 000,000,000 | -H-- | C] ()(C:\Windows\SysWow64\???i.LOG2) -- C:\Windows\SysWow64\۸䅌i.LOG2 [2013.03.28 21:05:31 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\???j{477a15ac-97d4-11e2-9615-00248c947495}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\ۯ气j{477a15ac-97d4-11e2-9615-00248c947495}.TMContainer00000000000000000002.regtrans-ms [2013.03.28 21:05:31 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\???j{477a15ac-97d4-11e2-9615-00248c947495}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\ۯ气j{477a15ac-97d4-11e2-9615-00248c947495}.TMContainer00000000000000000001.regtrans-ms [2013.03.28 21:05:31 | 000,065,536 | -HS- | M] ()(C:\Windows\SysWow64\???j{477a15ac-97d4-11e2-9615-00248c947495}.TM.blf) -- C:\Windows\SysWow64\ۯ气j{477a15ac-97d4-11e2-9615-00248c947495}.TM.blf [2013.03.28 21:00:01 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\???j{477a15ac-97d4-11e2-9615-00248c947495}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\ۯ气j{477a15ac-97d4-11e2-9615-00248c947495}.TMContainer00000000000000000002.regtrans-ms [2013.03.28 21:00:01 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\???j{477a15ac-97d4-11e2-9615-00248c947495}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\ۯ气j{477a15ac-97d4-11e2-9615-00248c947495}.TMContainer00000000000000000001.regtrans-ms [2013.03.28 21:00:01 | 000,262,144 | ---- | M] ()(C:\Windows\SysWow64\???j) -- C:\Windows\SysWow64\ۯ气j [2013.03.28 21:00:01 | 000,262,144 | ---- | C] ()(C:\Windows\SysWow64\???j) -- C:\Windows\SysWow64\ۯ气j [2013.03.28 21:00:01 | 000,065,536 | -HS- | C] ()(C:\Windows\SysWow64\???j{477a15ac-97d4-11e2-9615-00248c947495}.TM.blf) -- C:\Windows\SysWow64\ۯ气j{477a15ac-97d4-11e2-9615-00248c947495}.TM.blf [2013.03.28 21:00:01 | 000,005,120 | -H-- | M] ()(C:\Windows\SysWow64\???j.LOG1) -- C:\Windows\SysWow64\ۯ气j.LOG1 [2013.03.28 21:00:01 | 000,005,120 | -H-- | C] ()(C:\Windows\SysWow64\???j.LOG1) -- C:\Windows\SysWow64\ۯ气j.LOG1 [2013.03.28 21:00:01 | 000,000,000 | -H-- | M] ()(C:\Windows\SysWow64\???j.LOG2) -- C:\Windows\SysWow64\ۯ气j.LOG2 [2013.03.28 21:00:01 | 000,000,000 | -H-- | C] ()(C:\Windows\SysWow64\???j.LOG2) -- C:\Windows\SysWow64\ۯ气j.LOG2 [2013.03.04 14:44:03 | 000,262,144 | ---- | M] ()(C:\Windows\SysWow64\???s) -- C:\Windows\SysWow64\۸䶌s [2013.03.04 14:44:02 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\???s{15c38fe8-84c7-11e2-bb4f-00248c947495}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\۸䶌s{15c38fe8-84c7-11e2-bb4f-00248c947495}.TMContainer00000000000000000002.regtrans-ms [2013.03.04 14:44:02 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\???s{15c38fe8-84c7-11e2-bb4f-00248c947495}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\۸䶌s{15c38fe8-84c7-11e2-bb4f-00248c947495}.TMContainer00000000000000000001.regtrans-ms [2013.03.04 14:44:02 | 000,065,536 | -HS- | M] ()(C:\Windows\SysWow64\???s{15c38fe8-84c7-11e2-bb4f-00248c947495}.TM.blf) -- C:\Windows\SysWow64\۸䶌s{15c38fe8-84c7-11e2-bb4f-00248c947495}.TM.blf [2013.03.04 14:44:02 | 000,021,504 | -H-- | M] ()(C:\Windows\SysWow64\???s.LOG1) -- C:\Windows\SysWow64\۸䶌s.LOG1 [2013.03.04 14:37:04 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\???s{15c38fe8-84c7-11e2-bb4f-00248c947495}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\۸䶌s{15c38fe8-84c7-11e2-bb4f-00248c947495}.TMContainer00000000000000000002.regtrans-ms [2013.03.04 14:37:03 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\???s{15c38fe8-84c7-11e2-bb4f-00248c947495}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\۸䶌s{15c38fe8-84c7-11e2-bb4f-00248c947495}.TMContainer00000000000000000001.regtrans-ms [2013.03.04 14:37:02 | 000,065,536 | -HS- | C] ()(C:\Windows\SysWow64\???s{15c38fe8-84c7-11e2-bb4f-00248c947495}.TM.blf) -- C:\Windows\SysWow64\۸䶌s{15c38fe8-84c7-11e2-bb4f-00248c947495}.TM.blf [2013.03.04 14:37:01 | 000,262,144 | ---- | C] ()(C:\Windows\SysWow64\???s) -- C:\Windows\SysWow64\۸䶌s [2013.03.04 14:37:01 | 000,021,504 | -H-- | C] ()(C:\Windows\SysWow64\???s.LOG1) -- C:\Windows\SysWow64\۸䶌s.LOG1 [2013.03.04 14:37:01 | 000,000,000 | -H-- | M] ()(C:\Windows\SysWow64\???s.LOG2) -- C:\Windows\SysWow64\۸䶌s.LOG2 [2013.03.04 14:37:01 | 000,000,000 | -H-- | C] ()(C:\Windows\SysWow64\???s.LOG2) -- C:\Windows\SysWow64\۸䶌s.LOG2 [2013.01.28 21:04:59 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\???o{30ac5cfe-697b-11e2-becd-00248c947495}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\ۯ䩤o{30ac5cfe-697b-11e2-becd-00248c947495}.TMContainer00000000000000000002.regtrans-ms [2013.01.28 21:04:59 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\???o{30ac5cfe-697b-11e2-becd-00248c947495}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\ۯ䩤o{30ac5cfe-697b-11e2-becd-00248c947495}.TMContainer00000000000000000001.regtrans-ms [2013.01.28 21:04:59 | 000,065,536 | -HS- | M] ()(C:\Windows\SysWow64\???o{30ac5cfe-697b-11e2-becd-00248c947495}.TM.blf) -- C:\Windows\SysWow64\ۯ䩤o{30ac5cfe-697b-11e2-becd-00248c947495}.TM.blf [2013.01.28 21:00:01 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\???o{30ac5cfe-697b-11e2-becd-00248c947495}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\ۯ䩤o{30ac5cfe-697b-11e2-becd-00248c947495}.TMContainer00000000000000000002.regtrans-ms [2013.01.28 21:00:01 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\???o{30ac5cfe-697b-11e2-becd-00248c947495}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\ۯ䩤o{30ac5cfe-697b-11e2-becd-00248c947495}.TMContainer00000000000000000001.regtrans-ms [2013.01.28 21:00:01 | 000,262,144 | ---- | M] ()(C:\Windows\SysWow64\???o) -- C:\Windows\SysWow64\ۯ䩤o [2013.01.28 21:00:01 | 000,262,144 | ---- | C] ()(C:\Windows\SysWow64\???o) -- C:\Windows\SysWow64\ۯ䩤o [2013.01.28 21:00:01 | 000,065,536 | -HS- | C] ()(C:\Windows\SysWow64\???o{30ac5cfe-697b-11e2-becd-00248c947495}.TM.blf) -- C:\Windows\SysWow64\ۯ䩤o{30ac5cfe-697b-11e2-becd-00248c947495}.TM.blf [2013.01.28 21:00:01 | 000,005,120 | -H-- | M] ()(C:\Windows\SysWow64\???o.LOG1) -- C:\Windows\SysWow64\ۯ䩤o.LOG1 [2013.01.28 21:00:01 | 000,005,120 | -H-- | C] ()(C:\Windows\SysWow64\???o.LOG1) -- C:\Windows\SysWow64\ۯ䩤o.LOG1 [2013.01.28 21:00:01 | 000,000,000 | -H-- | M] ()(C:\Windows\SysWow64\???o.LOG2) -- C:\Windows\SysWow64\ۯ䩤o.LOG2 [2013.01.28 21:00:01 | 000,000,000 | -H-- | C] ()(C:\Windows\SysWow64\???o.LOG2) -- C:\Windows\SysWow64\ۯ䩤o.LOG2 [2012.12.28 21:03:14 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\???k{4aa0b641-5111-11e2-ab3a-00248c947495}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\ۧᫌk{4aa0b641-5111-11e2-ab3a-00248c947495}.TMContainer00000000000000000002.regtrans-ms [2012.12.28 21:03:14 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\???k{4aa0b641-5111-11e2-ab3a-00248c947495}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\ۧᫌk{4aa0b641-5111-11e2-ab3a-00248c947495}.TMContainer00000000000000000001.regtrans-ms [2012.12.28 21:03:14 | 000,262,144 | ---- | M] ()(C:\Windows\SysWow64\???k) -- C:\Windows\SysWow64\ۧᫌk [2012.12.28 21:03:14 | 000,065,536 | -HS- | M] ()(C:\Windows\SysWow64\???k{4aa0b641-5111-11e2-ab3a-00248c947495}.TM.blf) -- C:\Windows\SysWow64\ۧᫌk{4aa0b641-5111-11e2-ab3a-00248c947495}.TM.blf [2012.12.28 21:03:14 | 000,021,504 | -H-- | M] ()(C:\Windows\SysWow64\???k.LOG1) -- C:\Windows\SysWow64\ۧᫌk.LOG1 [2012.12.28 21:00:01 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\???k{4aa0b641-5111-11e2-ab3a-00248c947495}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\ۧᫌk{4aa0b641-5111-11e2-ab3a-00248c947495}.TMContainer00000000000000000002.regtrans-ms [2012.12.28 21:00:01 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\???k{4aa0b641-5111-11e2-ab3a-00248c947495}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\ۧᫌk{4aa0b641-5111-11e2-ab3a-00248c947495}.TMContainer00000000000000000001.regtrans-ms [2012.12.28 21:00:01 | 000,262,144 | ---- | C] ()(C:\Windows\SysWow64\???k) -- C:\Windows\SysWow64\ۧᫌk [2012.12.28 21:00:01 | 000,065,536 | -HS- | C] ()(C:\Windows\SysWow64\???k{4aa0b641-5111-11e2-ab3a-00248c947495}.TM.blf) -- C:\Windows\SysWow64\ۧᫌk{4aa0b641-5111-11e2-ab3a-00248c947495}.TM.blf [2012.12.28 21:00:01 | 000,021,504 | -H-- | C] ()(C:\Windows\SysWow64\???k.LOG1) -- C:\Windows\SysWow64\ۧᫌk.LOG1 [2012.12.28 21:00:01 | 000,000,000 | -H-- | M] ()(C:\Windows\SysWow64\???k.LOG2) -- C:\Windows\SysWow64\ۧᫌk.LOG2 [2012.12.28 21:00:01 | 000,000,000 | -H-- | C] ()(C:\Windows\SysWow64\???k.LOG2) -- C:\Windows\SysWow64\ۧᫌk.LOG2 [2012.11.28 21:06:01 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\???1{3475cd99-398c-11e2-914f-00248c947495}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\ۨ䟬1{3475cd99-398c-11e2-914f-00248c947495}.TMContainer00000000000000000002.regtrans-ms [2012.11.28 21:06:01 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\???1{3475cd99-398c-11e2-914f-00248c947495}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\ۨ䟬1{3475cd99-398c-11e2-914f-00248c947495}.TMContainer00000000000000000001.regtrans-ms [2012.11.28 21:06:01 | 000,262,144 | ---- | M] ()(C:\Windows\SysWow64\???1) -- C:\Windows\SysWow64\ۨ䟬1 [2012.11.28 21:06:01 | 000,065,536 | -HS- | M] ()(C:\Windows\SysWow64\???1{3475cd99-398c-11e2-914f-00248c947495}.TM.blf) -- C:\Windows\SysWow64\ۨ䟬1{3475cd99-398c-11e2-914f-00248c947495}.TM.blf [2012.11.28 21:06:01 | 000,021,504 | -H-- | M] ()(C:\Windows\SysWow64\???1.LOG1) -- C:\Windows\SysWow64\ۨ䟬1.LOG1 [2012.11.28 21:00:01 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\???1{3475cd99-398c-11e2-914f-00248c947495}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\ۨ䟬1{3475cd99-398c-11e2-914f-00248c947495}.TMContainer00000000000000000002.regtrans-ms [2012.11.28 21:00:01 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\???1{3475cd99-398c-11e2-914f-00248c947495}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\ۨ䟬1{3475cd99-398c-11e2-914f-00248c947495}.TMContainer00000000000000000001.regtrans-ms [2012.11.28 21:00:01 | 000,262,144 | ---- | C] ()(C:\Windows\SysWow64\???1) -- C:\Windows\SysWow64\ۨ䟬1 [2012.11.28 21:00:01 | 000,065,536 | -HS- | C] ()(C:\Windows\SysWow64\???1{3475cd99-398c-11e2-914f-00248c947495}.TM.blf) -- C:\Windows\SysWow64\ۨ䟬1{3475cd99-398c-11e2-914f-00248c947495}.TM.blf [2012.11.28 21:00:01 | 000,021,504 | -H-- | C] ()(C:\Windows\SysWow64\???1.LOG1) -- C:\Windows\SysWow64\ۨ䟬1.LOG1 [2012.11.28 21:00:01 | 000,000,000 | -H-- | M] ()(C:\Windows\SysWow64\???1.LOG2) -- C:\Windows\SysWow64\ۨ䟬1.LOG2 [2012.11.28 21:00:01 | 000,000,000 | -H-- | C] ()(C:\Windows\SysWow64\???1.LOG2) -- C:\Windows\SysWow64\ۨ䟬1.LOG2 [2012.10.28 21:03:16 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\???x{873a9f27-20e1-11e2-8514-00248c947495}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\ۧ堬x{873a9f27-20e1-11e2-8514-00248c947495}.TMContainer00000000000000000002.regtrans-ms [2012.10.28 21:03:16 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\???x{873a9f27-20e1-11e2-8514-00248c947495}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\ۧ堬x{873a9f27-20e1-11e2-8514-00248c947495}.TMContainer00000000000000000001.regtrans-ms [2012.10.28 21:03:16 | 000,262,144 | ---- | M] ()(C:\Windows\SysWow64\???x) -- C:\Windows\SysWow64\ۧ堬x [2012.10.28 21:03:16 | 000,065,536 | -HS- | M] ()(C:\Windows\SysWow64\???x{873a9f27-20e1-11e2-8514-00248c947495}.TM.blf) -- C:\Windows\SysWow64\ۧ堬x{873a9f27-20e1-11e2-8514-00248c947495}.TM.blf [2012.10.28 21:03:16 | 000,021,504 | -H-- | M] ()(C:\Windows\SysWow64\???x.LOG1) -- C:\Windows\SysWow64\ۧ堬x.LOG1 [2012.10.28 21:00:01 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\???x{873a9f27-20e1-11e2-8514-00248c947495}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\ۧ堬x{873a9f27-20e1-11e2-8514-00248c947495}.TMContainer00000000000000000002.regtrans-ms [2012.10.28 21:00:01 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\???x{873a9f27-20e1-11e2-8514-00248c947495}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\ۧ堬x{873a9f27-20e1-11e2-8514-00248c947495}.TMContainer00000000000000000001.regtrans-ms [2012.10.28 21:00:01 | 000,262,144 | ---- | C] ()(C:\Windows\SysWow64\???x) -- C:\Windows\SysWow64\ۧ堬x [2012.10.28 21:00:01 | 000,065,536 | -HS- | C] ()(C:\Windows\SysWow64\???x{873a9f27-20e1-11e2-8514-00248c947495}.TM.blf) -- C:\Windows\SysWow64\ۧ堬x{873a9f27-20e1-11e2-8514-00248c947495}.TM.blf [2012.10.28 21:00:01 | 000,021,504 | -H-- | C] ()(C:\Windows\SysWow64\???x.LOG1) -- C:\Windows\SysWow64\ۧ堬x.LOG1 [2012.10.28 21:00:01 | 000,000,000 | -H-- | M] ()(C:\Windows\SysWow64\???x.LOG2) -- C:\Windows\SysWow64\ۧ堬x.LOG2 [2012.10.28 21:00:01 | 000,000,000 | -H-- | C] ()(C:\Windows\SysWow64\???x.LOG2) -- C:\Windows\SysWow64\ۧ堬x.LOG2 [2012.10.09 19:56:34 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\???o{b544c7ce-1238-11e2-9ae1-00248c947495}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\وⵄo{b544c7ce-1238-11e2-9ae1-00248c947495}.TMContainer00000000000000000002.regtrans-ms [2012.10.09 19:56:34 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\???o{b544c7ce-1238-11e2-9ae1-00248c947495}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\وⵄo{b544c7ce-1238-11e2-9ae1-00248c947495}.TMContainer00000000000000000001.regtrans-ms [2012.10.09 19:56:34 | 000,262,144 | ---- | M] ()(C:\Windows\SysWow64\???o) -- C:\Windows\SysWow64\وⵄo [2012.10.09 19:56:34 | 000,065,536 | -HS- | M] ()(C:\Windows\SysWow64\???o{b544c7ce-1238-11e2-9ae1-00248c947495}.TM.blf) -- C:\Windows\SysWow64\وⵄo{b544c7ce-1238-11e2-9ae1-00248c947495}.TM.blf [2012.10.09 19:56:34 | 000,021,504 | -H-- | M] ()(C:\Windows\SysWow64\???o.LOG1) -- C:\Windows\SysWow64\وⵄo.LOG1 [2012.10.09 19:50:31 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\???o{b544c7ce-1238-11e2-9ae1-00248c947495}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\وⵄo{b544c7ce-1238-11e2-9ae1-00248c947495}.TMContainer00000000000000000002.regtrans-ms [2012.10.09 19:50:31 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\???o{b544c7ce-1238-11e2-9ae1-00248c947495}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\وⵄo{b544c7ce-1238-11e2-9ae1-00248c947495}.TMContainer00000000000000000001.regtrans-ms [2012.10.09 19:50:31 | 000,065,536 | -HS- | C] ()(C:\Windows\SysWow64\???o{b544c7ce-1238-11e2-9ae1-00248c947495}.TM.blf) -- C:\Windows\SysWow64\وⵄo{b544c7ce-1238-11e2-9ae1-00248c947495}.TM.blf [2012.10.09 19:50:30 | 000,262,144 | ---- | C] ()(C:\Windows\SysWow64\???o) -- C:\Windows\SysWow64\وⵄo [2012.10.09 19:50:30 | 000,021,504 | -H-- | C] ()(C:\Windows\SysWow64\???o.LOG1) -- C:\Windows\SysWow64\وⵄo.LOG1 [2012.10.09 19:50:30 | 000,000,000 | -H-- | M] ()(C:\Windows\SysWow64\???o.LOG2) -- C:\Windows\SysWow64\وⵄo.LOG2 [2012.10.09 19:50:30 | 000,000,000 | -H-- | C] ()(C:\Windows\SysWow64\???o.LOG2) -- C:\Windows\SysWow64\وⵄo.LOG2 [2012.08.28 22:59:35 | 000,262,144 | ---- | M] ()(C:\Windows\SysWow64\???-) -- C:\Windows\SysWow64\ي釔- [2012.08.28 22:59:34 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\???-{a6ed2eed-f151-11e1-9a58-00248c947495}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\ي釔-{a6ed2eed-f151-11e1-9a58-00248c947495}.TMContainer00000000000000000002.regtrans-ms [2012.08.28 22:59:34 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\???-{a6ed2eed-f151-11e1-9a58-00248c947495}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\ي釔-{a6ed2eed-f151-11e1-9a58-00248c947495}.TMContainer00000000000000000001.regtrans-ms [2012.08.28 22:59:34 | 000,065,536 | -HS- | M] ()(C:\Windows\SysWow64\???-{a6ed2eed-f151-11e1-9a58-00248c947495}.TM.blf) -- C:\Windows\SysWow64\ي釔-{a6ed2eed-f151-11e1-9a58-00248c947495}.TM.blf [2012.08.28 22:59:34 | 000,021,504 | -H-- | M] ()(C:\Windows\SysWow64\???-.LOG1) -- C:\Windows\SysWow64\ي釔-.LOG1 [2012.08.28 22:55:54 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\???-{a6ed2eed-f151-11e1-9a58-00248c947495}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\ي釔-{a6ed2eed-f151-11e1-9a58-00248c947495}.TMContainer00000000000000000002.regtrans-ms [2012.08.28 22:55:54 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\???-{a6ed2eed-f151-11e1-9a58-00248c947495}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\ي釔-{a6ed2eed-f151-11e1-9a58-00248c947495}.TMContainer00000000000000000001.regtrans-ms [2012.08.28 22:55:54 | 000,262,144 | ---- | C] ()(C:\Windows\SysWow64\???-) -- C:\Windows\SysWow64\ي釔- [2012.08.28 22:55:54 | 000,065,536 | -HS- | C] ()(C:\Windows\SysWow64\???-{a6ed2eed-f151-11e1-9a58-00248c947495}.TM.blf) -- C:\Windows\SysWow64\ي釔-{a6ed2eed-f151-11e1-9a58-00248c947495}.TM.blf [2012.08.28 22:55:54 | 000,021,504 | -H-- | C] ()(C:\Windows\SysWow64\???-.LOG1) -- C:\Windows\SysWow64\ي釔-.LOG1 [2012.08.28 22:55:54 | 000,000,000 | -H-- | M] ()(C:\Windows\SysWow64\???-.LOG2) -- C:\Windows\SysWow64\ي釔-.LOG2 [2012.08.28 22:55:54 | 000,000,000 | -H-- | C] ()(C:\Windows\SysWow64\???-.LOG2) -- C:\Windows\SysWow64\ي釔-.LOG2 [2012.07.28 22:55:17 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\???h{6876e6df-d749-11e1-a632-00248c947495}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\ى㟬h{6876e6df-d749-11e1-a632-00248c947495}.TMContainer00000000000000000002.regtrans-ms [2012.07.28 22:55:17 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\???h{6876e6df-d749-11e1-a632-00248c947495}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\ى㟬h{6876e6df-d749-11e1-a632-00248c947495}.TMContainer00000000000000000001.regtrans-ms [2012.07.28 22:55:17 | 000,262,144 | ---- | M] ()(C:\Windows\SysWow64\???h) -- C:\Windows\SysWow64\ى㟬h [2012.07.28 22:55:17 | 000,065,536 | -HS- | M] ()(C:\Windows\SysWow64\???h{6876e6df-d749-11e1-a632-00248c947495}.TM.blf) -- C:\Windows\SysWow64\ى㟬h{6876e6df-d749-11e1-a632-00248c947495}.TM.blf [2012.07.28 22:55:17 | 000,021,504 | -H-- | M] ()(C:\Windows\SysWow64\???h.LOG1) -- C:\Windows\SysWow64\ى㟬h.LOG1 [2012.07.28 22:52:52 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\???h{6876e6df-d749-11e1-a632-00248c947495}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\ى㟬h{6876e6df-d749-11e1-a632-00248c947495}.TMContainer00000000000000000002.regtrans-ms [2012.07.28 22:52:52 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\???h{6876e6df-d749-11e1-a632-00248c947495}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\ى㟬h{6876e6df-d749-11e1-a632-00248c947495}.TMContainer00000000000000000001.regtrans-ms [2012.07.28 22:52:52 | 000,262,144 | ---- | C] ()(C:\Windows\SysWow64\???h) -- C:\Windows\SysWow64\ى㟬h [2012.07.28 22:52:52 | 000,065,536 | -HS- | C] ()(C:\Windows\SysWow64\???h{6876e6df-d749-11e1-a632-00248c947495}.TM.blf) -- C:\Windows\SysWow64\ى㟬h{6876e6df-d749-11e1-a632-00248c947495}.TM.blf [2012.07.28 22:52:52 | 000,021,504 | -H-- | C] ()(C:\Windows\SysWow64\???h.LOG1) -- C:\Windows\SysWow64\ى㟬h.LOG1 [2012.07.28 22:52:52 | 000,000,000 | -H-- | M] ()(C:\Windows\SysWow64\???h.LOG2) -- C:\Windows\SysWow64\ى㟬h.LOG2 [2012.07.28 22:52:52 | 000,000,000 | -H-- | C] ()(C:\Windows\SysWow64\???h.LOG2) -- C:\Windows\SysWow64\ى㟬h.LOG2 [2012.06.28 20:03:09 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\??¬d{101a5f47-bb85-11e1-9ef8-00248c947495}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\ڝ¬d{101a5f47-bb85-11e1-9ef8-00248c947495}.TMContainer00000000000000000002.regtrans-ms [2012.06.28 20:03:09 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\??¬d{101a5f47-bb85-11e1-9ef8-00248c947495}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\ڝ¬d{101a5f47-bb85-11e1-9ef8-00248c947495}.TMContainer00000000000000000001.regtrans-ms [2012.06.28 20:03:09 | 000,065,536 | -HS- | M] ()(C:\Windows\SysWow64\??¬d{101a5f47-bb85-11e1-9ef8-00248c947495}.TM.blf) -- C:\Windows\SysWow64\ڝ¬d{101a5f47-bb85-11e1-9ef8-00248c947495}.TM.blf [2012.06.28 20:00:01 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\??¬d{101a5f47-bb85-11e1-9ef8-00248c947495}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\ڝ¬d{101a5f47-bb85-11e1-9ef8-00248c947495}.TMContainer00000000000000000002.regtrans-ms [2012.06.28 20:00:01 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\??¬d{101a5f47-bb85-11e1-9ef8-00248c947495}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\ڝ¬d{101a5f47-bb85-11e1-9ef8-00248c947495}.TMContainer00000000000000000001.regtrans-ms [2012.06.28 20:00:01 | 000,262,144 | ---- | M] ()(C:\Windows\SysWow64\??¬d) -- C:\Windows\SysWow64\ڝ¬d [2012.06.28 20:00:01 | 000,262,144 | ---- | C] ()(C:\Windows\SysWow64\??¬d) -- C:\Windows\SysWow64\ڝ¬d [2012.06.28 20:00:01 | 000,065,536 | -HS- | C] ()(C:\Windows\SysWow64\??¬d{101a5f47-bb85-11e1-9ef8-00248c947495}.TM.blf) -- C:\Windows\SysWow64\ڝ¬d{101a5f47-bb85-11e1-9ef8-00248c947495}.TM.blf [2012.06.28 20:00:01 | 000,005,120 | -H-- | M] ()(C:\Windows\SysWow64\??¬d.LOG1) -- C:\Windows\SysWow64\ڝ¬d.LOG1 [2012.06.28 20:00:01 | 000,005,120 | -H-- | C] ()(C:\Windows\SysWow64\??¬d.LOG1) -- C:\Windows\SysWow64\ڝ¬d.LOG1 [2012.06.28 20:00:01 | 000,000,000 | -H-- | M] ()(C:\Windows\SysWow64\??¬d.LOG2) -- C:\Windows\SysWow64\ڝ¬d.LOG2 [2012.06.28 20:00:01 | 000,000,000 | -H-- | C] ()(C:\Windows\SysWow64\??¬d.LOG2) -- C:\Windows\SysWow64\ڝ¬d.LOG2 [2012.05.28 20:03:46 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\???9{1fe6f2b5-a7cd-11e1-84fa-00248c947495}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\ؽ䠌9{1fe6f2b5-a7cd-11e1-84fa-00248c947495}.TMContainer00000000000000000002.regtrans-ms [2012.05.28 20:03:46 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\???9{1fe6f2b5-a7cd-11e1-84fa-00248c947495}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\ؽ䠌9{1fe6f2b5-a7cd-11e1-84fa-00248c947495}.TMContainer00000000000000000001.regtrans-ms [2012.05.28 20:03:46 | 000,262,144 | ---- | M] ()(C:\Windows\SysWow64\???9) -- C:\Windows\SysWow64\ؽ䠌9 [2012.05.28 20:03:46 | 000,065,536 | -HS- | M] ()(C:\Windows\SysWow64\???9{1fe6f2b5-a7cd-11e1-84fa-00248c947495}.TM.blf) -- C:\Windows\SysWow64\ؽ䠌9{1fe6f2b5-a7cd-11e1-84fa-00248c947495}.TM.blf [2012.05.28 20:03:46 | 000,021,504 | -H-- | M] ()(C:\Windows\SysWow64\???9.LOG1) -- C:\Windows\SysWow64\ؽ䠌9.LOG1 [2012.05.28 20:00:02 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\???9{1fe6f2b5-a7cd-11e1-84fa-00248c947495}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\ؽ䠌9{1fe6f2b5-a7cd-11e1-84fa-00248c947495}.TMContainer00000000000000000002.regtrans-ms [2012.05.28 20:00:02 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\???9{1fe6f2b5-a7cd-11e1-84fa-00248c947495}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\ؽ䠌9{1fe6f2b5-a7cd-11e1-84fa-00248c947495}.TMContainer00000000000000000001.regtrans-ms [2012.05.28 20:00:02 | 000,262,144 | ---- | C] ()(C:\Windows\SysWow64\???9) -- C:\Windows\SysWow64\ؽ䠌9 [2012.05.28 20:00:02 | 000,065,536 | -HS- | C] ()(C:\Windows\SysWow64\???9{1fe6f2b5-a7cd-11e1-84fa-00248c947495}.TM.blf) -- C:\Windows\SysWow64\ؽ䠌9{1fe6f2b5-a7cd-11e1-84fa-00248c947495}.TM.blf [2012.05.28 20:00:02 | 000,021,504 | -H-- | C] ()(C:\Windows\SysWow64\???9.LOG1) -- C:\Windows\SysWow64\ؽ䠌9.LOG1 [2012.05.28 20:00:02 | 000,000,000 | -H-- | M] ()(C:\Windows\SysWow64\???9.LOG2) -- C:\Windows\SysWow64\ؽ䠌9.LOG2 [2012.05.28 20:00:02 | 000,000,000 | -H-- | C] ()(C:\Windows\SysWow64\???9.LOG2) -- C:\Windows\SysWow64\ؽ䠌9.LOG2 [2012.04.28 20:03:31 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\???e{7d71b8d9-910d-11e1-b11f-00248c947495}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\ۼ䭴e{7d71b8d9-910d-11e1-b11f-00248c947495}.TMContainer00000000000000000002.regtrans-ms [2012.04.28 20:03:31 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\???e{7d71b8d9-910d-11e1-b11f-00248c947495}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\ۼ䭴e{7d71b8d9-910d-11e1-b11f-00248c947495}.TMContainer00000000000000000001.regtrans-ms [2012.04.28 20:03:31 | 000,262,144 | ---- | M] ()(C:\Windows\SysWow64\???e) -- C:\Windows\SysWow64\ۼ䭴e [2012.04.28 20:03:31 | 000,065,536 | -HS- | M] ()(C:\Windows\SysWow64\???e{7d71b8d9-910d-11e1-b11f-00248c947495}.TM.blf) -- C:\Windows\SysWow64\ۼ䭴e{7d71b8d9-910d-11e1-b11f-00248c947495}.TM.blf [2012.04.28 20:03:31 | 000,021,504 | -H-- | M] ()(C:\Windows\SysWow64\???e.LOG1) -- C:\Windows\SysWow64\ۼ䭴e.LOG1 [2012.04.28 20:00:01 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\???e{7d71b8d9-910d-11e1-b11f-00248c947495}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\ۼ䭴e{7d71b8d9-910d-11e1-b11f-00248c947495}.TMContainer00000000000000000002.regtrans-ms [2012.04.28 20:00:01 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\???e{7d71b8d9-910d-11e1-b11f-00248c947495}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\ۼ䭴e{7d71b8d9-910d-11e1-b11f-00248c947495}.TMContainer00000000000000000001.regtrans-ms [2012.04.28 20:00:01 | 000,262,144 | ---- | C] ()(C:\Windows\SysWow64\???e) -- C:\Windows\SysWow64\ۼ䭴e [2012.04.28 20:00:01 | 000,065,536 | -HS- | C] ()(C:\Windows\SysWow64\???e{7d71b8d9-910d-11e1-b11f-00248c947495}.TM.blf) -- C:\Windows\SysWow64\ۼ䭴e{7d71b8d9-910d-11e1-b11f-00248c947495}.TM.blf [2012.04.28 20:00:01 | 000,021,504 | -H-- | C] ()(C:\Windows\SysWow64\???e.LOG1) -- C:\Windows\SysWow64\ۼ䭴e.LOG1 [2012.04.28 20:00:01 | 000,000,000 | -H-- | M] ()(C:\Windows\SysWow64\???e.LOG2) -- C:\Windows\SysWow64\ۼ䭴e.LOG2 [2012.04.28 20:00:01 | 000,000,000 | -H-- | C] ()(C:\Windows\SysWow64\???e.LOG2) -- C:\Windows\SysWow64\ۼ䭴e.LOG2 [2010.09.03 22:06:26 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\???a{4d77bb25-b787-11df-aa64-00248c947495}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\٥㏤a{4d77bb25-b787-11df-aa64-00248c947495}.TMContainer00000000000000000002.regtrans-ms [2010.09.03 22:06:26 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\???a{4d77bb25-b787-11df-aa64-00248c947495}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\٥㏤a{4d77bb25-b787-11df-aa64-00248c947495}.TMContainer00000000000000000001.regtrans-ms [2010.09.03 22:06:26 | 000,065,536 | -HS- | M] ()(C:\Windows\SysWow64\???a{4d77bb25-b787-11df-aa64-00248c947495}.TM.blf) -- C:\Windows\SysWow64\٥㏤a{4d77bb25-b787-11df-aa64-00248c947495}.TM.blf [2010.09.03 22:02:22 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\???a{4d77bb25-b787-11df-aa64-00248c947495}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\٥㏤a{4d77bb25-b787-11df-aa64-00248c947495}.TMContainer00000000000000000002.regtrans-ms [2010.09.03 22:02:22 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\???a{4d77bb25-b787-11df-aa64-00248c947495}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\٥㏤a{4d77bb25-b787-11df-aa64-00248c947495}.TMContainer00000000000000000001.regtrans-ms [2010.09.03 22:02:22 | 000,262,144 | ---- | M] ()(C:\Windows\SysWow64\???a) -- C:\Windows\SysWow64\٥㏤a [2010.09.03 22:02:22 | 000,262,144 | ---- | C] ()(C:\Windows\SysWow64\???a) -- C:\Windows\SysWow64\٥㏤a [2010.09.03 22:02:22 | 000,065,536 | -HS- | C] ()(C:\Windows\SysWow64\???a{4d77bb25-b787-11df-aa64-00248c947495}.TM.blf) -- C:\Windows\SysWow64\٥㏤a{4d77bb25-b787-11df-aa64-00248c947495}.TM.blf [2010.09.03 22:02:22 | 000,005,120 | -H-- | M] ()(C:\Windows\SysWow64\???a.LOG1) -- C:\Windows\SysWow64\٥㏤a.LOG1 [2010.09.03 22:02:22 | 000,005,120 | -H-- | C] ()(C:\Windows\SysWow64\???a.LOG1) -- C:\Windows\SysWow64\٥㏤a.LOG1 [2010.09.03 22:02:22 | 000,000,000 | -H-- | M] ()(C:\Windows\SysWow64\???a.LOG2) -- C:\Windows\SysWow64\٥㏤a.LOG2 [2010.09.03 22:02:22 | 000,000,000 | -H-- | C] ()(C:\Windows\SysWow64\???a.LOG2) -- C:\Windows\SysWow64\٥㏤a.LOG2 ========== Alternate Data Streams ========== @Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:A064CECC @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:41ADDB8A < End of report > [/CODE] Hallo an Team, habe ich etwas vergessen? Befindet sich mein Post in der Bearbeitung? Ich fragen nur deshalb Schritt 1 mit Run defogger war für mich Problem bedingt nicht möglich. Das eine Antwort war von mir selbst, da ich mein Post aufgrund zu viele Text Zeichen eben splitten müsste. Es genügt mir ja, wenn ich weiß, dass jemand von euch dran ist. Vielen Dank im Voraus. Gruß romulus |
06.05.2013, 11:44 | #3 |
/// Helfer-Team | Nur noch Desktop Hintergrund-Bild oder weißer Bildschirm zu sehenErstelle zuerst auf einem Zweitrechner das Fixskript:
Danach führe folgendermassen den Fix aus:
dann: Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers dann: Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ |
06.05.2013, 19:48 | #4 |
| Die logs anbei Hallo T'John, vielen lieben dank, dass Du Dir die Sache angenommen hast. Die Log-Dateien habe ich Dir als *.txt beigefügt. Ich gebe zu, dass ich gegen eines der Regeln verstoßen habe und entschuldige mich sehr für dieses notgedrungene Verhalten. Mein PC verwende ich ebenso Beruflich und müsste mit den Zugang zu eine nicht abgeschlossene Präsentation verschaffen. Was genau ich getan habe? Ich habe mir den Zugang zu meinem Rechnen dank viele nützliche Beiträge hier im Forum verschaffen können. Den Defogger aktiviert und danach mit Malwarebytes Anti-Malware und den Malwarebytes Anti-Rootkits die Bocker-Schädlinge entfernt. Ich mich nun wieder normal anmelden. Die Ergebnisse liegen bei. Adwarecleaner ist ohne Abstürze gelaufen (siehe Log-Dateien) Ein System neu start war nicht notwendig. Dann mit dem CC-Cleaner mal überschüssiges entsorgt 2x Ausgeführt beim zweiten Durchlauf gab es keine Überreste mehr. Finale Untersuchung war Eset Online Checkup gemäß Euere Anweisungen mit ausgeschaltetem Firewall und VS. Log-File ist beigefügt. Iframe.B.Gen virus + ScrInject.B.Gen virus (in der G-Data Trash-Store) C:\Users\Tkhoygan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\16e77edf-4056b2f1 a variant of Java/Exploit.CVE-2013-2423.Q trojan C:\Users\Tkhoygan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\7f98637e-56cc94ff multiple threats Ich habe alle Java Programme deinstalliert. Ich frage mich, weshalb G-Data versagt hat, der Scanner ist eigentlich nicht schlecht. Ich kann nicht abschätzen, ob Du gewollt bis mir dennoch Deine Unterstützung zu geben um mein PC wieder sauber und nachhaltig gut abgesichert zu bekommen. Ich für meinen Teil werde Euch mit eine wohlverdiente Spende unterstützen. Entgegen viele inkompetente Tipps die im Web kursieren ist dieses Forum die ADAC für PC's. Ich bin so schwer glücklich, dass mir eine komplette Neuinstallation erspart geblieben ist. und |
06.05.2013, 19:52 | #5 |
/// Helfer-Team | Nur noch Desktop Hintergrund-Bild oder weißer Bildschirm zu sehen OK Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). dann: Downloade Dir bitte SecurityCheck und:
|
10.05.2013, 21:58 | #6 |
| Nur noch Desktop Hintergrund-Bild oder weißer Bildschirm zu sehen Hi, vielen Dank für Deine Hilfe und die entgegengebrachte Geduld. Endlich habe ich heute Abend etwas Zeit für das Wesentliche finden können. Anbei die Scan Ergebnisse: aswMBR - Siehe Anlage aswMBR.txt security Check Code:
ATTFilter Results of screen317's Security Check version 0.99.63 Windows Vista Service Pack 2 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` G Data TotalCare 2012 Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` TuneUp Utilities 2012 TuneUp Utilities Language Pack (de-DE) Driver Cleaner.NET Adobe Flash Player 11.7.700.169 Adobe Reader 10.1.6 Adobe Reader out of Date! Mozilla Firefox (20.0.1) Google Chrome 26.0.1410.43 Google Chrome 26.0.1410.64 Google Chrome Plugins... ````````Process Check: objlist.exe by Laurent```````` G Data TotalCare Firewall GDFwSvcx64.exe G Data TotalCare Firewall GDFirewallTray.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` Vielen Dank im Voraus für die Analyse und Deine Rückmeldung. Beste Grüße romulus |
10.05.2013, 23:17 | #7 |
/// Helfer-Team | Nur noch Desktop Hintergrund-Bild oder weißer Bildschirm zu sehen Aktualisiere:
Hinweis: Registry Cleaner Ich sehe, dass du sogenannte Registry Cleaner installiert hast. In deinem Fall TuneUp Utilities 2012. Wir raten von der Verwendung jeglicher Art von Registry Cleaner ab. Der Grund ist ganz einfach: Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich. Man sollte nicht unnötigerweise an der Registry rumbasteln. Schon ein kleiner Fehler kann gravierende Folgen haben und auch Programme machen manchmal Fehler. Zerstörst du die Registry, zerstörst du Windows. Zudem ist der Nutzen zur Performancesteigerung umstritten und meist kaum im wahrnehmbaren Bereich. Ich würde dir empfehlen, Registry Cleaner nicht weiterhin zu verwenden und über Start --> Systemsteuerung --> Software (bei Windows XP)zu deinstallieren. Java aktualisieren Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: PluginCheck Java deaktivieren Aufgrund derezeitigen Sicherheitsluecke: http://www.trojaner-board.de/122961-...ktivieren.html Danach poste mir (kopieren und einfuegen), was du hier angezeigt bekommst: PluginCheck |
13.05.2013, 19:21 | #8 |
| Nur noch Desktop Hintergrund-Bild oder weißer Bildschirm zu sehen Hallo t'John, ich habe deine Anweisungen befolgt und Java (64 bit) installiert und System neu gestartet - die älteren Versionen waren bereits zuvor deinstalliert. Nach dem Neustart im Systemsteuerung den Java Symbol geklickt und folgende Fehlermeldung erhalten: Java(TM) Platform SE binary funktioniert nicht mehr Das Programm wird aufgrund eines Problems nicht richtig ausgeführt. Das Programm wird geschlossen und Sie werden benachrichtigt, wenn eine Lösung verfügbar ist. Seltsame Meldung, wer möchte mich auf welchem Wege benachrichtigen? Wie auch immer. Normale weise würde ich das Programm wieder Deinstallieren und erneut Installieren. Vorschläge? Vielen Dank im Voraus. Gruß, romulus |
13.05.2013, 20:43 | #9 | |
/// Helfer-Team | Nur noch Desktop Hintergrund-Bild oder weißer Bildschirm zu sehenZitat:
Deine Vorgehensweise ist gut. Probiers aus. Sehr gut! damit bist Du sauber und entlassen! adwCleaner entfernen
Tool-Bereinigung Die Reihenfolge ist hier entscheidend.
Zurücksetzen der Sicherheitszonen Lasse die Sicherheitszonen wieder zurücksetzen, da diese manipuliert wurden um den Browser für weitere Angriffe zu öffnen. Gehe dabei so vor: http://www.trojaner-board.de/111805-...ecksetzen.html Systemwiederherstellungen leeren Damit der Rechner nicht mit einer infizierten Systemwiederherstellung erneut infiziert werden kann, muessen wir diese leeren. Dazu schalten wir sie einmal aus und dann wieder ein: Systemwiederherstellung deaktivieren Tutorial fuer Windows XP, Windows Vista, Windows 7 Danach wieder aktivieren. Lektuere zum abarbeiten: http://www.trojaner-board.de/90880-d...tallation.html http://www.trojaner-board.de/105213-...tellungen.html PluginCheck http://www.trojaner-board.de/96344-a...-rechners.html Secunia Online Software Inspector http://www.trojaner-board.de/71715-k...iendungen.html http://www.trojaner-board.de/83238-a...sschalten.html http://www.trojaner-board.de/109844-...ren-seite.html PC wird immer langsamer - was tun? |
07.07.2013, 11:06 | #10 |
/// Helfer-Team | Nur noch Desktop Hintergrund-Bild oder weißer Bildschirm zu sehen Fehlende Rückmeldung Gibt es Probleme beim Abarbeiten obiger Anleitung? Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen. Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema. http://www.trojaner-board.de/69886-a...-beachten.html Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist. |
Themen zu Nur noch Desktop Hintergrund-Bild oder weißer Bildschirm zu sehen |
bildschirm, converter, cpu-z, desktop, e-mail, entfernen, firefox, flash player, google, home, html/iframe.b.gen, html/scrinject.b.gen, install.exe, mozilla, problem, realtek, registry, security, software, starten, teamspeak, trojan.agent, trojan.fakems, trojan.ransom.rre, trojan.zaccess, usb, visual studio, weißer desktop |