| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Windows system alert - Desktop schwarz - explorer und Startmenue fast leerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
12.05.2011, 06:37
| #1 |
 |  Windows system alert - Desktop schwarz - explorer und Startmenue fast leer Guten Morgen! Gestern hat sich der PC meine Junior mit diversen Fehlermeldungen verabschiedet. Unter anderem kam immer die Meldung, dass die Festplatte defekt ist. Die Meldungen wurden von "Windows system alert" ausgegeben. Der Desktop ist bis auf wenige Verknüpfungen schwarz, im Startmenü sind nur wenige Programme, bei den meisten steht "leer" mit dabei und auf eigene Dateien kann ich gar nicht zugreifen. Der explorer ist auch fast leer. Ich habe nun die scans mit Malwarebytes und OTL durchgeführt. Anbei die logs. Ich hoffe Ihr könnt mir weiter helfen. lg etbei |
|
12.05.2011, 11:17
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Windows system alert - Desktop schwarz - explorer und Startmenue fast leer Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________
__________________ |
|
12.05.2011, 11:43
| #3 |
| | Windows system alert - Desktop schwarz - explorer und Startmenue fast leer Hi Arne,
__________________nein es gibt nur die eine logdatei. lg etbei |
|
12.05.2011, 13:21
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows system alert - Desktop schwarz - explorer und Startmenue fast leerZitat:
Anschließend ein frisches OTL-Log erstellen: CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
12.05.2011, 15:25
| #5 |
| | Windows system alert - Desktop schwarz - explorer und Startmenue fast leer Sodale, McAfee ist deinstalliert und OTL ist durch, hier der log:OTL Logfile: Code:
ATTFilter OTL logfile created on: 12.05.2011 15:00:07 - Run 2 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\****\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 7,00 Gb Available Physical Memory | 83,00% Memory free 16,00 Gb Paging File | 15,00 Gb Available in Paging File | 91,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 458,45 Gb Total Space | 132,35 Gb Free Space | 28,87% Space Free | Partition Type: NTFS Drive D: | 458,96 Gb Total Space | 458,86 Gb Free Space | 99,98% Space Free | Partition Type: NTFS Drive E: | 5,78 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: ****-PC | User Name: **** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\****\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de) PRC - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated) PRC - C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe () PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) PRC - C:\Windows\SysWOW64\brss01a.exe (brother Industries Ltd) PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe (Brother Industries, Ltd.) PRC - C:\Windows\SysWOW64\brsvc01a.exe (brother Industries Ltd) ========== Modules (SafeList) ========== MOD - C:\Users\****\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software) SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (npggsvc) -- C:\Windows\SysWow64\GameMon.des (INCA Internet Co., Ltd.) SRV - (MWLService) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe () SRV - (Greg_Service) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated) SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) SRV - (Brother XP spl Service) -- C:\Windows\SysWOW64\brsvc01a.exe (brother Industries Ltd) ========== Driver Services (SafeList) ========== DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG) DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH) DRV:64bit: - (e1kexpress) Intel(R) -- C:\Windows\SysNative\drivers\e1k62x64.sys (Intel Corporation) DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation) DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof () DRV:64bit: - (netr28ux) -- C:\Windows\SysNative\drivers\netr28ux.sys (Ralink Technology Corp.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.) DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation) DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys (TuneUp Software) DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m5810&r=17360210qn06973154ll5qh9539351 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m5810&r=17360210qn06973154ll5qh9539351 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m5810&r=17360210qn06973154ll5qh9539351 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m5810&r=17360210qn06973154ll5qh9539351 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m5810&r=17360210qn06973154ll5qh9539351 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/home?AF=55555 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "iMesh Web Search" FF - prefs.js..browser.search.order.1: "iMesh Web Search" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://search.imesh.com/" FF - prefs.js..extensions.enabledItems: corexplayer@l39studios.de:1.1 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6 FF - prefs.js..extensions.enabledItems: battlefieldplay4free@ea.com:1.0.53.2 FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:5.0.31.0 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {6D697BD6-EA3C-4E64-824E-A50A76E547DB}:1.9.1 FF - prefs.js..keyword.URL: "hxxp://search.imesh.com/web?src=ffb&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files (x86)\MyWebSearch\bar\1.bin FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.05.11 15:04:09 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.05.11 18:36:50 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.05.04 14:05:44 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2010.02.09 12:12:33 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\****\AppData\Roaming\Mozilla\Extensions [2010.02.09 12:12:33 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\****\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.05.12 07:38:57 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ytvnc77m.default\extensions [2011.05.11 18:36:12 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ytvnc77m.default\extensions\{28D35620-51D9-11DE-9D13-2DB156D89593}-trash [2011.05.11 18:36:12 | 000,000,000 | -H-D | M] ("DVDVideoSoft Menu") -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ytvnc77m.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.05.11 18:36:12 | 000,000,000 | -H-D | M] (Greasemonkey) -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ytvnc77m.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2011.05.11 18:36:12 | 000,000,000 | -H-D | M] (Battlefield Heroes Updater) -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ytvnc77m.default\extensions\battlefieldheroespatcher@ea.com [2011.05.11 18:36:12 | 000,000,000 | -H-D | M] (Battlefield Play4Free) -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ytvnc77m.default\extensions\battlefieldplay4free@ea.com [2011.05.11 18:36:12 | 000,000,000 | -H-D | M] ("CoreXPlayer") -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ytvnc77m.default\extensions\corexplayer@l39studios.de [2010.09.21 07:05:21 | 000,000,950 | -H-- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ytvnc77m.default\searchplugins\icqplugin-2.xml [2010.07.24 08:39:07 | 000,001,056 | -H-- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ytvnc77m.default\searchplugins\icqplugin.xml [2010.04.12 14:01:34 | 000,002,456 | -H-- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ytvnc77m.default\searchplugins\iMeshWebSearch.xml [2011.02.12 15:18:04 | 000,002,057 | -H-- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ytvnc77m.default\searchplugins\youtube-videosuche.xml [2011.02.12 11:26:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.01.13 16:59:10 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2011.01.26 18:27:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.01.27 07:50:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.05.11 18:36:14 | 000,000,000 | -H-D | M] (XULRunner) -- C:\USERS\****\APPDATA\LOCAL\{6D697BD6-EA3C-4E64-824E-A50A76E547DB} [2010.11.12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2010.07.28 19:14:08 | 000,022,016 | -H-- | M] (NHN USA Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npijjiFFPlugin1.dll [2011.03.08 23:28:01 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.10.15 15:09:16 | 000,002,226 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2011.03.08 23:28:01 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.04.12 14:01:34 | 000,002,456 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\iMeshWebSearch.xml [2011.03.08 23:28:01 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.03.08 23:28:01 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.03.08 23:28:01 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll () O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe () O4 - HKCU..\Run: [Free Download Manager] C:\Program Files (x86)\Free Download Manager\fdm.exe (FreeDownloadManager.ORG) O4 - HKCU..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation) O4 - HKCU..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8:64bit: - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm () O8:64bit: - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm () O8:64bit: - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm () O8:64bit: - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm () O8:64bit: - Extra context menu item: Webseite mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlpage.htm () O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm () O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm () O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm () O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm () O8 - Extra context menu item: Webseite mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlpage.htm () O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007.10.15 11:41:02 | 004,270,042 | R--- | M] (Macromedia, Inc.) - E:\Autorun.exe -- [ CDFS ] O32 - AutoRun File - [2007.10.31 16:59:10 | 000,000,062 | RH-- | M] () - E:\Autorun.inf -- [ CDFS ] O33 - MountPoints2\{16410abd-f494-11de-abff-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{16410abd-f494-11de-abff-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2007.10.15 11:41:02 | 004,270,042 | R--- | M] (Macromedia, Inc.) O33 - MountPoints2\{a82c289f-77aa-11df-867b-90fba62e6b58}\Shell - "" = AutoRun O33 - MountPoints2\{a82c289f-77aa-11df-867b-90fba62e6b58}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software) MsConfig:64bit - StartUpFolder: C:^Users^****^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - C:\PROGRA~2\MICROS~1\Office12\ONENOTEM.EXE - (Microsoft Corporation) MsConfig:64bit - StartUpFolder: C:^Users^****^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk - C:\PROGRA~2\OPENOF~1.ORG\program\QUICKS~1.EXE - () MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: ArcadeDeluxeAgent - hkey= - key= - C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) MsConfig:64bit - StartUpReg: EgisTecLiveUpdate - hkey= - key= - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.) MsConfig:64bit - StartUpReg: GameShadow - hkey= - key= - C:\Program Files (x86)\GameShadow\GameShadow.exe (GameShadow Ltd) MsConfig:64bit - StartUpReg: IAAnotif - hkey= - key= - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) MsConfig:64bit - StartUpReg: JMB36X IDE Setup - hkey= - key= - C:\Windows\RaidTool\xInsIDE.exe () MsConfig:64bit - StartUpReg: LogMeIn Hamachi Ui - hkey= - key= - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) MsConfig:64bit - StartUpReg: mcagent_exe - hkey= - key= - File not found MsConfig:64bit - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: mwlDaemon - hkey= - key= - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.) MsConfig:64bit - StartUpReg: My Web Search Bar Search Scope Monitor - hkey= - key= - File not found MsConfig:64bit - StartUpReg: MyWebSearch Email Plugin - hkey= - key= - File not found MsConfig:64bit - StartUpReg: NortonOnlineBackupReminder - hkey= - key= - C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation) MsConfig:64bit - StartUpReg: PlayMovie - hkey= - key= - C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) MsConfig:64bit - StartUpReg: swg - hkey= - key= - File not found MsConfig:64bit - StartUpReg: T-Online Kinderschutz-Software - hkey= - key= - File not found MsConfig:64bit - StartUpReg: VirtualCloneDrive - hkey= - key= - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG) MsConfig:64bit - State: "startup" - Reg Error: Key error. SafeBootMin:64bit: AppMgmt - Service SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: mcmscsvc - Service SafeBootMin:64bit: MCODS - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: mcmscsvc - Service SafeBootMin: MCODS - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - Service SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: mcmscsvc - Service SafeBootNet:64bit: MCODS - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: MpfService - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: Hamachi2Svc - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SafeBootNet: HelpSvc - Service SafeBootNet: mcmscsvc - Service SafeBootNet: MCODS - Service SafeBootNet: Messenger - Service SafeBootNet: MpfService - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L) Drivers32:64bit: VIDC.XFR1 - xfcodec64.dll () Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L) Drivers32: vidc.iv31 - C:\Windows\SysWOW64\ir32_32.dll (Intel(R) Corporation) Drivers32: vidc.iv32 - C:\Windows\SysWOW64\ir32_32.dll (Intel(R) Corporation) Drivers32: VIDC.IV41 - C:\Windows\SysWow64\ir41_32.dll (Intel Corporation) Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com) Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com) Drivers32: VIDC.WMV3 - C:\Windows\SysWow64\wmv9vcm.dll (Microsoft Corporation) Drivers32: VIDC.XFR1 - C:\Windows\SysWow64\xfcodec.dll () CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.05.12 07:01:40 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe [2011.05.11 19:34:14 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Malwarebytes [2011.05.11 19:34:07 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011.05.11 19:34:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.05.11 19:34:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.05.11 19:34:03 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.05.11 19:34:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.05.11 13:58:15 | 000,000,000 | -H-D | C] -- C:\Users\****\AppData\Local\{6D697BD6-EA3C-4E64-824E-A50A76E547DB} [2011.05.10 15:47:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent [2011.05.10 15:46:45 | 000,000,000 | -H-D | C] -- C:\Users\****\AppData\Roaming\uTorrent [2011.05.09 17:43:56 | 000,000,000 | -H-D | C] -- C:\GAMIGO [2011.05.09 17:43:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LastChaosGER [2011.05.08 19:22:23 | 000,000,000 | -H-D | C] -- C:\Users\****\Documents\Mount&Blade With Fire and Sword [2011.05.08 19:22:23 | 000,000,000 | -H-D | C] -- C:\Users\****\AppData\Roaming\Mount&Blade With Fire and Sword [2011.05.06 23:14:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace [2011.05.06 14:35:32 | 000,000,000 | -H-D | C] -- C:\Users\****\Documents\RPGVX [2011.05.06 14:34:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Enterbrain [2011.05.06 14:33:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Enterbrain [2011.05.05 17:59:43 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Game Maker 8.1 [2011.05.05 17:42:01 | 000,000,000 | -H-D | C] -- C:\Users\****\AppData\Local\GameMaker8.1 [2011.05.05 17:41:36 | 000,000,000 | -H-D | C] -- C:\Users\****\AppData\Roaming\GameMaker [2011.05.05 17:41:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Game Maker 8.1 [2011.05.05 17:04:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2011.04.29 16:31:44 | 000,000,000 | -H-D | C] -- C:\Users\****\Documents\Battleground Europe [2011.04.29 16:31:25 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cornered Rat Software [2011.04.29 15:44:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wolfenstein - Enemy Territory [2011.04.28 15:02:29 | 000,000,000 | -H-D | C] -- C:\Users\****\AppData\Roaming\.minecraft [2011.04.27 14:33:01 | 000,000,000 | -H-D | C] -- C:\Users\****\Desktop\.minecraft Mine Colony [2011.04.27 14:25:11 | 000,000,000 | -H-D | C] -- C:\Users\****\AppData\Roaming\Minecraft [2011.04.27 14:24:28 | 000,000,000 | -H-D | C] -- C:\Users\****\AppData\Roaming\texturepacks [2011.04.27 14:24:28 | 000,000,000 | -H-D | C] -- C:\Users\****\AppData\Roaming\saves [2011.04.27 14:24:28 | 000,000,000 | -H-D | C] -- C:\Users\****\AppData\Roaming\bin [2011.04.27 14:24:27 | 000,000,000 | -H-D | C] -- C:\Users\****\AppData\Roaming\resources [2011.04.23 18:34:02 | 000,000,000 | -H-D | C] -- C:\Users\****\Desktop\Teeworlds [2011.04.23 18:30:09 | 000,000,000 | -H-D | C] -- C:\Users\****\AppData\Roaming\Teeworlds [2011.04.17 22:35:04 | 000,000,000 | -H-D | C] -- C:\Users\****\AppData\Roaming\ChessBase [2011.04.17 22:35:02 | 000,000,000 | -H-D | C] -- C:\Users\****\Documents\ChessBase [2011.04.17 22:34:59 | 000,000,000 | -H-D | C] -- C:\Users\****\AppData\Local\Fritz und Fertig [2011.04.17 22:34:36 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ChessBase [2011.04.17 22:34:33 | 000,000,000 | -H-D | C] -- C:\Users\****\AppData\Local\ChessBase [2011.04.17 22:34:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ChessBase [2011.04.16 09:48:53 | 000,036,160 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll [2011.04.16 09:48:53 | 000,029,504 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll [2011.04.16 09:48:53 | 000,025,920 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll [2011.04.16 09:48:53 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll [2011.04.15 14:02:47 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameSpy Arcade [2011.04.15 14:02:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GameSpy Arcade [2011.04.15 14:02:01 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JoWooD [2009.10.13 00:29:57 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.05.12 15:00:09 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.05.12 15:00:09 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.05.12 14:52:49 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.05.12 14:52:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.05.12 14:52:24 | 2140,467,199 | -HS- | M] () -- C:\hiberfil.sys [2011.05.12 14:24:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.05.12 07:36:04 | 000,004,865 | ---- | M] () -- C:\Users\****\Desktop\mbam-log-2011-05-11 (23-20-08).zip [2011.05.12 07:35:56 | 000,012,969 | ---- | M] () -- C:\Users\****\Desktop\Extras.zip [2011.05.12 07:35:44 | 000,013,653 | ---- | M] () -- C:\Users\****\Desktop\OTL.zip [2011.05.12 07:00:40 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe [2011.05.12 06:46:25 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.05.11 19:34:07 | 000,001,171 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.05.11 18:41:13 | 000,000,120 | -H-- | M] () -- C:\Users\****\AppData\Local\Ypihoz.dat [2011.05.11 15:09:29 | 000,000,344 | -H-- | M] () -- C:\ProgramData\44818168 [2011.05.11 13:58:17 | 000,000,000 | -H-- | M] () -- C:\Users\****\AppData\Local\Ukiheviwepasul.bin [2011.05.08 18:58:06 | 000,000,221 | -H-- | M] () -- C:\Users\****\Desktop\Mount & Blade With Fire and Sword.url [2011.05.08 18:57:34 | 000,044,212 | -H-- | M] () -- C:\Users\****\Documents\Mountandbladekaufdaten.pdf [2011.05.06 14:35:14 | 000,000,848 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys [2011.05.06 14:35:14 | 000,000,088 | RHS- | M] () -- C:\ProgramData\BE58BC58DD.sys [2011.05.05 19:24:49 | 000,016,740 | -H-- | M] () -- C:\Users\****\Desktop\Tutorial.gb1 [2011.04.27 14:25:49 | 000,270,142 | -H-- | M] () -- C:\Users\****\Desktop\Minecraft mine colony.exe [2011.04.26 12:34:13 | 000,234,768 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2011.04.26 12:34:13 | 000,234,768 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.04.18 09:43:10 | 000,373,520 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.04.17 22:34:36 | 000,002,177 | -H-- | M] () -- C:\Users\****\Desktop\PlayChess.lnk [2011.04.16 17:19:35 | 000,000,221 | -H-- | M] () -- C:\Users\****\Desktop\Mount&Blade Warband.url [2011.04.15 14:02:27 | 000,002,957 | -H-- | M] () -- C:\Users\****\Desktop\IndustrieGigant 2.lnk [2011.04.14 17:35:03 | 000,028,237 | -H-- | M] () -- C:\Users\****\AppData\Roaming\OFMissionEditorConfig.xml [2011.04.14 17:35:02 | 000,009,767 | -H-- | M] () -- C:\Users\****\Documents\dragon rising.mssn [2011.04.13 20:20:50 | 001,547,984 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.04.13 20:20:50 | 000,664,396 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.04.13 20:20:50 | 000,624,578 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.04.13 20:20:50 | 000,134,564 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.04.13 20:20:50 | 000,110,216 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.05.12 07:36:04 | 000,004,865 | ---- | C] () -- C:\Users\****\Desktop\mbam-log-2011-05-11 (23-20-08).zip [2011.05.12 07:35:56 | 000,012,969 | ---- | C] () -- C:\Users\****\Desktop\Extras.zip [2011.05.12 07:35:44 | 000,013,653 | ---- | C] () -- C:\Users\****\Desktop\OTL.zip [2011.05.12 06:46:25 | 000,000,826 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.05.11 19:34:07 | 000,001,171 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.05.11 15:09:29 | 000,000,344 | -H-- | C] () -- C:\ProgramData\44818168 [2011.05.11 13:58:17 | 000,000,120 | -H-- | C] () -- C:\Users\****\AppData\Local\Ypihoz.dat [2011.05.11 13:58:17 | 000,000,000 | -H-- | C] () -- C:\Users\****\AppData\Local\Ukiheviwepasul.bin [2011.05.08 18:58:05 | 000,000,221 | -H-- | C] () -- C:\Users\****\Desktop\Mount & Blade With Fire and Sword.url [2011.05.08 18:57:33 | 000,044,212 | -H-- | C] () -- C:\Users\****\Documents\Mountandbladekaufdaten.pdf [2011.05.06 14:35:06 | 000,000,848 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2011.05.06 14:35:06 | 000,000,088 | RHS- | C] () -- C:\ProgramData\BE58BC58DD.sys [2011.05.05 19:24:49 | 000,016,740 | -H-- | C] () -- C:\Users\****\Desktop\Tutorial.gb1 [2011.04.27 14:33:01 | 000,270,142 | -H-- | C] () -- C:\Users\****\Desktop\Minecraft mine colony.exe [2011.04.27 14:24:28 | 000,270,142 | -H-- | C] () -- C:\Users\****\AppData\Roaming\Minecraft.exe [2011.04.17 22:34:36 | 000,002,177 | -H-- | C] () -- C:\Users\****\Desktop\PlayChess.lnk [2011.04.16 17:19:35 | 000,000,221 | -H-- | C] () -- C:\Users\****\Desktop\Mount&Blade Warband.url [2011.04.15 14:02:27 | 000,002,957 | -H-- | C] () -- C:\Users\****\Desktop\IndustrieGigant 2.lnk [2011.04.10 11:40:08 | 000,028,237 | -H-- | C] () -- C:\Users\****\AppData\Roaming\OFMissionEditorConfig.xml [2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.02.26 03:23:00 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll [2011.02.11 14:34:04 | 000,195,520 | -H-- | C] () -- C:\Windows\Kino Mogul Uninstaller.exe [2011.02.09 15:53:37 | 000,000,030 | ---- | C] () -- C:\Windows\SysWow64\brss01a.ini [2011.02.09 15:53:36 | 000,000,425 | -H-- | C] () -- C:\Windows\BRWMARK.INI [2011.02.09 15:53:36 | 000,000,027 | -H-- | C] () -- C:\Windows\BRPP2KA.INI [2011.02.09 15:36:16 | 000,141,816 | -H-- | C] () -- C:\Windows\Scan to PDF Uninstaller.exe [2011.02.05 00:13:35 | 000,003,584 | -H-- | C] () -- C:\Users\****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.02.04 14:30:46 | 000,000,121 | -H-- | C] () -- C:\Windows\AutoScreenRecorder.INI [2011.02.01 21:17:37 | 000,000,120 | -H-- | C] () -- C:\Windows\wininit.ini [2011.01.13 16:59:50 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.12.25 10:26:03 | 000,000,097 | -H-- | C] () -- C:\Users\****\AppData\Local\fusioncache.dat [2010.12.25 10:24:34 | 001,553,234 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.11.05 16:12:33 | 000,000,186 | ---- | C] () -- C:\Program Files (x86)\InstallRecord.blob [2010.10.14 19:11:59 | 000,007,605 | -H-- | C] () -- C:\Users\****\AppData\Local\Resmon.ResmonCfg [2010.10.12 19:38:47 | 002,427,248 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_heroes.exe [2010.10.06 15:25:08 | 002,601,752 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_moh.exe [2010.04.21 14:19:06 | 000,000,000 | -H-- | C] () -- C:\Users\****\AppData\Roaming\wklnhst.dat [2010.02.22 21:08:53 | 000,234,768 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2010.02.22 21:08:50 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2010.02.22 21:08:49 | 003,360,624 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2010.02.08 18:06:03 | 000,000,858 | -H-- | C] () -- C:\Windows\client.config.ini [2010.02.06 22:55:41 | 000,000,000 | -H-- | C] () -- C:\Windows\nsreg.dat [2010.02.06 18:17:09 | 000,000,534 | -H-- | C] () -- C:\Windows\eReg.dat [2009.10.13 00:04:50 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat ========== LOP Check ========== [2011.01.16 12:20:39 | 000,000,000 | -HSD | M] -- C:\Users\****\AppData\Roaming\.# [2011.05.06 14:51:34 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\.minecraft [2010.11.06 20:18:04 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\ASCOMP Software [2011.05.11 18:36:13 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\bin [2010.09.08 08:46:21 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Blitware [2011.04.17 22:53:27 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\ChessBase [2010.11.12 18:02:54 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\DAEMON Tools Pro [2011.02.12 11:26:17 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\DVDVideoSoftIEHelpers [2010.11.27 17:49:22 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Firefly Studios [2011.05.12 14:56:41 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Free Download Manager [2010.02.07 16:58:21 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\GameConsole [2011.05.11 18:36:13 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\GameMaker [2010.11.06 20:17:53 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\GetRightToGo [2011.04.07 19:27:11 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Grand Ages Rome [2011.05.11 18:36:13 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\ijjigame [2010.02.09 19:38:29 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Imperium Romanum [2010.11.20 12:30:58 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Kalypso Media [2011.05.11 18:36:13 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Meine Der Herr der Ringe™, Aufstieg des Hexenkönigs™-Dateien [2011.05.11 18:36:13 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Meine Die Schlacht um Mittelerde™ II-Dateien [2011.04.27 14:27:48 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Minecraft [2010.07.21 19:28:12 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Mount&Blade [2010.09.20 16:32:47 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Mount&Blade Warband [2011.05.08 19:24:04 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Mount&Blade With Fire and Sword [2010.11.08 18:29:55 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Need for Speed World [2010.06.11 07:10:08 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\OpenOffice.org [2010.04.18 19:09:57 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\PlayFirst [2011.05.11 18:36:12 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\ProtectDISC [2011.02.01 23:04:46 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Quest3D [2011.02.24 16:26:52 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\resources [2011.02.01 23:04:46 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Roaming [2011.02.24 16:25:56 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\saves [2011.05.11 18:36:12 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Scan2PDF [2010.05.25 15:31:42 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\SecondLife [2010.02.08 18:48:45 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Sierra [2011.01.08 15:52:17 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\TeamViewer [2011.05.11 18:36:12 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Teeworlds [2010.04.21 14:19:08 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Template [2011.02.24 16:25:56 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\texturepacks [2010.04.25 18:07:22 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\The Creative Assembly [2011.05.11 18:36:11 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Thunderbird [2011.01.08 16:15:40 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Tropico 3 [2011.05.11 18:36:11 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\TS3Client [2011.03.21 20:10:52 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\TuneUp Software [2010.12.25 12:52:49 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Turbine [2010.09.08 08:39:58 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Uniblue [2011.03.06 01:32:28 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Unity [2011.05.12 06:56:15 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\uTorrent [2010.02.08 20:05:26 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\ViquaSoft [2011.01.28 07:51:06 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\wargaming.net [2010.10.16 19:13:34 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Wildlife Park 2 [2010.10.17 07:17:16 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Wildlife Park 2 - Crazy Zoo [2010.10.17 09:28:32 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Wildlife Park 2 - Marine World [2011.02.20 09:14:49 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\File Helper.job [2011.03.30 18:59:05 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.01.16 12:20:39 | 000,000,000 | -HSD | M] -- C:\Users\****\AppData\Roaming\.# [2011.05.06 14:51:34 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\.minecraft [2011.05.11 13:56:01 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Adobe [2010.11.06 20:18:04 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\ASCOMP Software [2010.11.06 19:41:21 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Avira [2011.05.11 18:36:13 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\bin [2010.09.08 08:46:21 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Blitware [2011.04.17 22:53:27 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\ChessBase [2010.11.12 18:02:54 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\DAEMON Tools Pro [2011.02.12 11:26:17 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\DVDVideoSoftIEHelpers [2010.11.27 17:49:22 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Firefly Studios [2011.05.12 14:56:41 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Free Download Manager [2010.02.07 16:58:21 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\GameConsole [2011.05.11 18:36:13 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\GameMaker [2010.11.06 20:17:53 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\GetRightToGo [2010.02.06 16:47:04 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Google [2011.04.07 19:27:11 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Grand Ages Rome [2010.02.06 13:07:14 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Identities [2011.05.11 18:36:13 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\ijjigame [2010.02.09 19:38:29 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Imperium Romanum [2010.02.06 13:40:23 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\InstallShield [2010.11.20 12:30:58 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Kalypso Media [2010.02.06 13:07:31 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Macromedia [2011.05.11 19:34:14 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Malwarebytes [2009.07.14 09:44:38 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Media Center Programs [2011.05.11 18:36:13 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Meine Der Herr der Ringe™, Aufstieg des Hexenkönigs™-Dateien [2011.05.11 18:36:13 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Meine Die Schlacht um Mittelerde™ II-Dateien [2011.05.11 18:36:13 | 000,000,000 | --SD | M] -- C:\Users\****\AppData\Roaming\Microsoft [2011.04.27 14:27:48 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Minecraft [2010.07.21 19:28:12 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Mount&Blade [2010.09.20 16:32:47 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Mount&Blade Warband [2011.05.08 19:24:04 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Mount&Blade With Fire and Sword [2011.05.11 18:36:12 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Mozilla [2011.02.05 00:34:55 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\NCH Software [2010.11.08 18:29:55 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Need for Speed World [2010.09.08 08:59:55 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Nero [2010.06.11 07:10:08 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\OpenOffice.org [2010.04.18 19:09:57 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\PlayFirst [2011.05.11 18:36:12 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\ProtectDISC [2011.02.01 23:04:46 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Quest3D [2011.02.24 16:26:52 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\resources [2011.02.01 23:04:46 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Roaming [2011.02.24 16:25:56 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\saves [2011.05.11 18:36:12 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Scan2PDF [2010.05.25 15:31:42 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\SecondLife [2011.02.18 13:59:48 | 000,000,000 | RH-D | M] -- C:\Users\****\AppData\Roaming\SecuROM [2010.02.08 18:48:45 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Sierra [2011.05.12 06:54:49 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Skype [2011.05.11 13:48:11 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\skypePM [2011.04.08 20:20:12 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Sun [2011.01.08 15:52:17 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\TeamViewer [2011.05.11 18:36:12 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Teeworlds [2010.04.21 14:19:08 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Template [2011.02.24 16:25:56 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\texturepacks [2010.04.25 18:07:22 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\The Creative Assembly [2011.05.11 18:36:11 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Thunderbird [2011.01.08 16:15:40 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Tropico 3 [2011.05.11 18:36:11 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\TS3Client [2011.03.21 20:10:52 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\TuneUp Software [2010.12.25 12:52:49 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Turbine [2011.05.11 18:36:11 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\U3 [2010.09.08 08:39:58 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Uniblue [2011.03.06 01:32:28 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Unity [2011.05.12 06:56:15 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\uTorrent [2010.02.08 20:05:26 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\ViquaSoft [2011.01.28 07:51:06 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\wargaming.net [2010.10.16 19:13:34 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Wildlife Park 2 [2010.10.17 07:17:16 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Wildlife Park 2 - Crazy Zoo [2010.10.17 09:28:32 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\Wildlife Park 2 - Marine World [2010.06.09 16:53:14 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2011.02.24 16:24:30 | 000,270,142 | -H-- | M] () -- C:\Users\****\AppData\Roaming\Minecraft.exe [2011.02.13 03:33:59 | 007,194,112 | -H-- | M] (Blitware Technology Inc. ) -- C:\Users\****\AppData\Roaming\Blitware\FileHelper\updates\2.5.2.0\filehelper_setup.exe [2011.05.05 17:59:47 | 000,120,136 | -H-- | M] (Microsoft) -- C:\Users\****\AppData\Roaming\GameMaker\GameMaker.exe [2011.05.05 17:59:48 | 014,721,232 | -H-- | M] (YoYo Games Ltd) -- C:\Users\****\AppData\Roaming\GameMaker\Game_Maker.exe [2010.11.05 11:34:46 | 000,393,216 | -H-- | M] (Acresso Software Inc.) -- C:\Users\****\AppData\Roaming\ijjigame\setup.exe [2010.11.05 09:00:47 | 509,708,424 | -H-- | M] (Macrovision Corporation) -- C:\Users\****\AppData\Roaming\ijjigame\U_SFInstaller.exe [2010.09.29 17:15:36 | 000,053,632 | -H-- | M] (Adobe Systems Inc.) -- C:\Users\****\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe [2010.10.16 15:35:26 | 000,010,134 | RH-- | M] () -- C:\Users\****\AppData\Roaming\Microsoft\Installer\{554532CE-43E2-4B4F-BBDE-27742A32C236}\ARPPRODUCTICON.exe [2010.10.16 15:35:26 | 000,040,960 | RH-- | M] (Macrovision Corporation) -- C:\Users\****\AppData\Roaming\Microsoft\Installer\{554532CE-43E2-4B4F-BBDE-27742A32C236}\AWE.exe1_554532CE43E24B4FBBDE27742A32C236.exe [2010.10.16 15:35:26 | 000,040,960 | RH-- | M] (Macrovision Corporation) -- C:\Users\****\AppData\Roaming\Microsoft\Installer\{554532CE-43E2-4B4F-BBDE-27742A32C236}\AWE.exe_554532CE43E24B4FBBDE27742A32C236.exe [2010.10.16 15:35:26 | 000,008,854 | RH-- | M] () -- C:\Users\****\AppData\Roaming\Microsoft\Installer\{554532CE-43E2-4B4F-BBDE-27742A32C236}\UNINST_Uninstall_A_554532CE43E24B4FBBDE27742A32C236.exe [2010.11.13 15:58:21 | 000,100,864 | RH-- | M] () -- C:\Users\****\AppData\Roaming\Microsoft\Installer\{68D2A2E2-6B64-4433-8073-0605EB306C1B}\Icon68D2A2E2.exe [2011.04.15 14:02:27 | 000,026,624 | RH-- | M] () -- C:\Users\****\AppData\Roaming\Microsoft\Installer\{6910C412-A523-493C-BC22-0213CD7F4F3A}\Icon6910C412.exe [2010.09.11 11:23:26 | 000,010,134 | RH-- | M] () -- C:\Users\****\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe [2010.03.15 19:21:50 | 000,003,262 | RH-- | M] () -- C:\Users\****\AppData\Roaming\Microsoft\Installer\{ECB4D56B-E365-4922-AC0F-70CF770443A3}\_16496df1.exe [2010.03.15 19:21:50 | 000,001,078 | RH-- | M] () -- C:\Users\****\AppData\Roaming\Microsoft\Installer\{ECB4D56B-E365-4922-AC0F-70CF770443A3}\_18be6784.exe [2010.03.15 19:21:50 | 000,001,078 | RH-- | M] () -- C:\Users\****\AppData\Roaming\Microsoft\Installer\{ECB4D56B-E365-4922-AC0F-70CF770443A3}\_26e91eb.exe [2010.03.15 19:21:50 | 000,003,262 | RH-- | M] () -- C:\Users\****\AppData\Roaming\Microsoft\Installer\{ECB4D56B-E365-4922-AC0F-70CF770443A3}\_294823.exe [2010.03.15 19:21:50 | 000,001,078 | RH-- | M] () -- C:\Users\****\AppData\Roaming\Microsoft\Installer\{ECB4D56B-E365-4922-AC0F-70CF770443A3}\_2cd672ae.exe [2010.03.15 19:21:50 | 000,001,078 | RH-- | M] () -- C:\Users\****\AppData\Roaming\Microsoft\Installer\{ECB4D56B-E365-4922-AC0F-70CF770443A3}\_4ae13d6c.exe [2010.03.15 19:21:50 | 000,001,078 | RH-- | M] () -- C:\Users\****\AppData\Roaming\Microsoft\Installer\{ECB4D56B-E365-4922-AC0F-70CF770443A3}\_5af141bb.exe [2010.03.15 19:21:50 | 000,001,078 | RH-- | M] () -- C:\Users\****\AppData\Roaming\Microsoft\Installer\{ECB4D56B-E365-4922-AC0F-70CF770443A3}\_69525f90.exe [2010.08.20 00:46:28 | 001,312,120 | -H-- | M] (EA Digital Illusions CE AB) -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ytvnc77m.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\BFHUpdater.exe [2011.02.24 15:07:18 | 001,004,928 | -H-- | M] (EA Digital Illusions CE AB) -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ytvnc77m.default\extensions\battlefieldplay4free@ea.com\plugins\BP4FUpdater.exe [2007.10.23 09:27:20 | 000,110,592 | -H-- | M] () -- C:\Users\****\AppData\Roaming\U3\temp\cleanup.exe [2008.05.02 10:41:48 | 003,493,888 | -H-- | M] (SanDisk Corporation) -- C:\Users\****\AppData\Roaming\U3\temp\Launchpad Removal.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: IASTOR.SYS > [2009.06.05 03:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys [2009.06.05 03:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\drivers\iaStor.sys [2009.06.05 03:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\DriverStore\FileRepository\iastor.inf_amd64_neutral_c065a1006c648409\iaStor.sys [2009.06.05 03:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys < MD5 for: IASTORV.SYS > [2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys [2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll [2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys [2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll [2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll [2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll [2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll < MD5 for: USERINIT.EXE > [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe [2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < > ========== Alternate Data Streams ========== @Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:4D066AD2 @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:5D7E5A8F @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:444C53BA @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:0B9176C0 < End of report > |
|
12.05.2011, 18:12
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows system alert - Desktop schwarz - explorer und Startmenue fast leer Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!! Code:
ATTFilter :OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.10.15 11:41:02 | 004,270,042 | R--- | M] (Macromedia, Inc.) - E:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2007.10.31 16:59:10 | 000,000,062 | RH-- | M] () - E:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{16410abd-f494-11de-abff-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{16410abd-f494-11de-abff-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2007.10.15 11:41:02 | 004,270,042 | R--- | M] (Macromedia, Inc.)
O33 - MountPoints2\{a82c289f-77aa-11df-867b-90fba62e6b58}\Shell - "" = AutoRun
O33 - MountPoints2\{a82c289f-77aa-11df-867b-90fba62e6b58}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
[2011.05.11 13:58:15 | 000,000,000 | -H-D | C] -- C:\Users\****\AppData\Local\{6D697BD6-EA3C-4E64-824E-A50A76E547DB}
[2011.05.11 18:41:13 | 000,000,120 | -H-- | M] () -- C:\Users\****\AppData\Local\Ypihoz.dat
[2011.05.11 15:09:29 | 000,000,344 | -H-- | M] () -- C:\ProgramData\44818168
[2011.05.11 13:58:17 | 000,000,000 | -H-- | M] () -- C:\Users\****\AppData\Local\Ukiheviwepasul.bin
[2011.01.16 12:20:39 | 000,000,000 | -HSD | M] -- C:\Users\****\AppData\Roaming\.#
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:4D066AD2
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:5D7E5A8F
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:444C53BA
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:0B9176C0
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ --> Windows system alert - Desktop schwarz - explorer und Startmenue fast leer |
|
12.05.2011, 19:11
| #7 |
| | Windows system alert - Desktop schwarz - explorer und Startmenue fast leer Fix erledigt: All processes killed ========== OTL ========== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! File move failed. E:\Autorun.exe scheduled to be moved on reboot. File move failed. E:\Autorun.inf scheduled to be moved on reboot. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{16410abd-f494-11de-abff-806e6f6e6963}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{16410abd-f494-11de-abff-806e6f6e6963}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{16410abd-f494-11de-abff-806e6f6e6963}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{16410abd-f494-11de-abff-806e6f6e6963}\ not found. File move failed. E:\Autorun.exe scheduled to be moved on reboot. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a82c289f-77aa-11df-867b-90fba62e6b58}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a82c289f-77aa-11df-867b-90fba62e6b58}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a82c289f-77aa-11df-867b-90fba62e6b58}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a82c289f-77aa-11df-867b-90fba62e6b58}\ not found. File K:\LaunchU3.exe -a not found. C:\Users\Sebastian\AppData\Local\{6D697BD6-EA3C-4E64-824E-A50A76E547DB}\chrome\content folder moved successfully. C:\Users\Sebastian\AppData\Local\{6D697BD6-EA3C-4E64-824E-A50A76E547DB}\chrome folder moved successfully. C:\Users\Sebastian\AppData\Local\{6D697BD6-EA3C-4E64-824E-A50A76E547DB} folder moved successfully. C:\Users\Sebastian\AppData\Local\Ypihoz.dat moved successfully. C:\ProgramData\44818168 moved successfully. C:\Users\Sebastian\AppData\Local\Ukiheviwepasul.bin moved successfully. C:\Users\Sebastian\AppData\Roaming\.# folder moved successfully. ADS C:\ProgramData\Temp:4D066AD2 deleted successfully. ADS C:\ProgramData\Temp:5D7E5A8F deleted successfully. ADS C:\ProgramData\Temp:444C53BA deleted successfully. ADS C:\ProgramData\Temp:0B9176C0 deleted successfully. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 56504 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public User: Sebastian ->Temp folder emptied: 376914387 bytes ->Temporary Internet Files folder emptied: 1138584 bytes ->Java cache emptied: 11375289 bytes ->FireFox cache emptied: 58791441 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 62784 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 356352 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 1629386 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67765 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 430,00 mb OTL by OldTimer - Version 3.2.22.3 log created on 05122011_200431 Files\Folders moved on Reboot... File move failed. E:\Autorun.exe scheduled to be moved on reboot. File move failed. E:\Autorun.inf scheduled to be moved on reboot. File\Folder C:\Users\Sebastian\AppData\Local\Temp\smtmp\1\Programs\Sierra\EMPIRE EARTH 2 \EMPIRE EARTH 2 deinstallieren.lnk not found! File\Folder C:\Users\Sebastian\AppData\Local\Temp\smtmp\1\Programs\Sierra\EMPIRE EARTH 2 \EMPIRE EARTH 2 mit GameSpy Arcade online spielen.url not found! File\Folder C:\Users\Sebastian\AppData\Local\Temp\smtmp\1\Programs\Sierra\EMPIRE EARTH 2 \EMPIRE EARTH 2 online registrieren.url not found! File\Folder C:\Users\Sebastian\AppData\Local\Temp\smtmp\1\Programs\Sierra\EMPIRE EARTH 2 \EMPIRE EARTH 2 starten.lnk not found! File\Folder C:\Users\Sebastian\AppData\Local\Temp\smtmp\1\Programs\Sierra\EMPIRE EARTH 2 \EMPIRE EARTH 2.com besuchen.url not found! File\Folder C:\Users\Sebastian\AppData\Local\Temp\smtmp\1\Programs\Sierra\EMPIRE EARTH 2 \LIESMICH.lnk not found! File\Folder C:\Users\Sebastian\AppData\Local\Temp\smtmp\1\Programs\Sierra\EMPIRE EARTH 2 \Mad Doc Software.com besuchen.url not found! File\Folder C:\Users\Sebastian\AppData\Local\Temp\smtmp\1\Programs\Sierra\EMPIRE EARTH 2 \VUGames.com besuchen.url not found! C:\Users\Sebastian\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. Registry entries deleted on Reboot... |
|
12.05.2011, 19:23
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows system alert - Desktop schwarz - explorer und Startmenue fast leer Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.05.2011, 19:42
| #9 |
| | Windows system alert - Desktop schwarz - explorer und Startmenue fast leer Hier schon mal der TDSSKiller-log - unhide muss ich noch laufen lassen. 2011/05/12 20:41:24.0393 3292 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16 2011/05/12 20:41:24.0627 3292 ================================================================================ 2011/05/12 20:41:24.0627 3292 SystemInfo: 2011/05/12 20:41:24.0627 3292 2011/05/12 20:41:24.0627 3292 OS Version: 6.1.7600 ServicePack: 0.0 2011/05/12 20:41:24.0627 3292 Product type: Workstation 2011/05/12 20:41:24.0627 3292 ComputerName: SEBASTIAN-PC 2011/05/12 20:41:24.0627 3292 UserName: Sebastian 2011/05/12 20:41:24.0627 3292 Windows directory: C:\Windows 2011/05/12 20:41:24.0627 3292 System windows directory: C:\Windows 2011/05/12 20:41:24.0627 3292 Running under WOW64 2011/05/12 20:41:24.0627 3292 Processor architecture: Intel x64 2011/05/12 20:41:24.0627 3292 Number of processors: 4 2011/05/12 20:41:24.0627 3292 Page size: 0x1000 2011/05/12 20:41:24.0627 3292 Boot type: Normal boot 2011/05/12 20:41:24.0627 3292 ================================================================================ 2011/05/12 20:41:24.0954 3292 Initialize success 2011/05/12 20:41:27.0731 3996 ================================================================================ 2011/05/12 20:41:27.0731 3996 Scan started 2011/05/12 20:41:27.0731 3996 Mode: Manual; 2011/05/12 20:41:27.0731 3996 ================================================================================ 2011/05/12 20:41:28.0074 3996 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys 2011/05/12 20:41:28.0152 3996 acedrv11 (a3769020f7e8a70fd3e824c050f33306) C:\Windows\system32\drivers\acedrv11.sys 2011/05/12 20:41:28.0199 3996 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys 2011/05/12 20:41:28.0215 3996 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys 2011/05/12 20:41:28.0261 3996 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 2011/05/12 20:41:28.0293 3996 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 2011/05/12 20:41:28.0324 3996 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 2011/05/12 20:41:28.0386 3996 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys 2011/05/12 20:41:28.0417 3996 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys 2011/05/12 20:41:28.0433 3996 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys 2011/05/12 20:41:28.0449 3996 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys 2011/05/12 20:41:28.0480 3996 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 2011/05/12 20:41:28.0511 3996 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 2011/05/12 20:41:28.0558 3996 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys 2011/05/12 20:41:28.0605 3996 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 2011/05/12 20:41:28.0636 3996 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys 2011/05/12 20:41:28.0729 3996 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys 2011/05/12 20:41:28.0776 3996 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 2011/05/12 20:41:28.0792 3996 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 2011/05/12 20:41:28.0839 3996 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 2011/05/12 20:41:28.0885 3996 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys 2011/05/12 20:41:28.0995 3996 atikmdag (3efd964d52221360af0673cd61c2f4f5) C:\Windows\system32\DRIVERS\atikmdag.sys 2011/05/12 20:41:29.0213 3996 avgntflt (39c2e2870fc0c2ae0595b883cbe716b4) C:\Windows\system32\DRIVERS\avgntflt.sys 2011/05/12 20:41:29.0275 3996 avipbb (c98fa6e5ad0e857d22716bd2b8b1f399) C:\Windows\system32\DRIVERS\avipbb.sys 2011/05/12 20:41:29.0353 3996 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 2011/05/12 20:41:29.0385 3996 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 2011/05/12 20:41:29.0416 3996 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 2011/05/12 20:41:29.0447 3996 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 2011/05/12 20:41:29.0525 3996 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys 2011/05/12 20:41:29.0556 3996 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 2011/05/12 20:41:29.0587 3996 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 2011/05/12 20:41:29.0634 3996 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 2011/05/12 20:41:29.0665 3996 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 2011/05/12 20:41:29.0681 3996 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 2011/05/12 20:41:29.0712 3996 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 2011/05/12 20:41:29.0743 3996 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 2011/05/12 20:41:29.0775 3996 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 2011/05/12 20:41:29.0806 3996 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys 2011/05/12 20:41:29.0837 3996 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 2011/05/12 20:41:29.0868 3996 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 2011/05/12 20:41:29.0931 3996 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 2011/05/12 20:41:29.0977 3996 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys 2011/05/12 20:41:30.0009 3996 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys 2011/05/12 20:41:30.0040 3996 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 2011/05/12 20:41:30.0087 3996 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys 2011/05/12 20:41:30.0118 3996 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 2011/05/12 20:41:30.0149 3996 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys 2011/05/12 20:41:30.0180 3996 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 2011/05/12 20:41:30.0227 3996 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 2011/05/12 20:41:30.0258 3996 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 2011/05/12 20:41:30.0414 3996 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys 2011/05/12 20:41:30.0445 3996 e1kexpress (52a482dc61f24b498c8268866b90bb44) C:\Windows\system32\DRIVERS\e1k62x64.sys 2011/05/12 20:41:30.0508 3996 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 2011/05/12 20:41:30.0648 3996 ElbyCDIO (a05fc7eca0966ebb70e4d17b855a853b) C:\Windows\system32\Drivers\ElbyCDIO.sys 2011/05/12 20:41:30.0679 3996 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 2011/05/12 20:41:30.0695 3996 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys 2011/05/12 20:41:30.0742 3996 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 2011/05/12 20:41:30.0773 3996 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 2011/05/12 20:41:30.0789 3996 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 2011/05/12 20:41:30.0820 3996 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 2011/05/12 20:41:30.0835 3996 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 2011/05/12 20:41:30.0867 3996 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 2011/05/12 20:41:30.0898 3996 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys 2011/05/12 20:41:30.0929 3996 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 2011/05/12 20:41:30.0945 3996 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys 2011/05/12 20:41:30.0976 3996 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys 2011/05/12 20:41:30.0991 3996 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 2011/05/12 20:41:31.0069 3996 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys 2011/05/12 20:41:31.0116 3996 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 2011/05/12 20:41:31.0147 3996 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys 2011/05/12 20:41:31.0163 3996 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys 2011/05/12 20:41:31.0179 3996 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 2011/05/12 20:41:31.0210 3996 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 2011/05/12 20:41:31.0225 3996 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 2011/05/12 20:41:31.0272 3996 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys 2011/05/12 20:41:31.0303 3996 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys 2011/05/12 20:41:31.0350 3996 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys 2011/05/12 20:41:31.0413 3996 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys 2011/05/12 20:41:31.0428 3996 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys 2011/05/12 20:41:31.0491 3996 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys 2011/05/12 20:41:31.0537 3996 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys 2011/05/12 20:41:31.0553 3996 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 2011/05/12 20:41:31.0615 3996 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys 2011/05/12 20:41:31.0647 3996 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 2011/05/12 20:41:31.0662 3996 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2011/05/12 20:41:31.0693 3996 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys 2011/05/12 20:41:31.0725 3996 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 2011/05/12 20:41:31.0740 3996 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 2011/05/12 20:41:31.0756 3996 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys 2011/05/12 20:41:31.0771 3996 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys 2011/05/12 20:41:31.0803 3996 JRAID (2224abc439d115a44edb5630a92c1d7e) C:\Windows\system32\DRIVERS\jraid.sys 2011/05/12 20:41:31.0834 3996 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 2011/05/12 20:41:31.0865 3996 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys 2011/05/12 20:41:31.0881 3996 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys 2011/05/12 20:41:31.0896 3996 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys 2011/05/12 20:41:31.0927 3996 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 2011/05/12 20:41:31.0990 3996 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 2011/05/12 20:41:32.0021 3996 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 2011/05/12 20:41:32.0037 3996 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 2011/05/12 20:41:32.0068 3996 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 2011/05/12 20:41:32.0099 3996 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 2011/05/12 20:41:32.0099 3996 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 2011/05/12 20:41:32.0146 3996 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 2011/05/12 20:41:32.0161 3996 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 2011/05/12 20:41:32.0193 3996 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 2011/05/12 20:41:32.0208 3996 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 2011/05/12 20:41:32.0224 3996 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 2011/05/12 20:41:32.0255 3996 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 2011/05/12 20:41:32.0271 3996 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys 2011/05/12 20:41:32.0302 3996 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys 2011/05/12 20:41:32.0317 3996 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 2011/05/12 20:41:32.0349 3996 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys 2011/05/12 20:41:32.0380 3996 mrxsmb (b7f3d2c40bdf8ffb73ebfb19c77734e2) C:\Windows\system32\DRIVERS\mrxsmb.sys 2011/05/12 20:41:32.0411 3996 mrxsmb10 (86c6f88b5168ce21cf8d69d0b3ff5d19) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2011/05/12 20:41:32.0427 3996 mrxsmb20 (b081069251c8e9f42cb8769d07148f9c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2011/05/12 20:41:32.0458 3996 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys 2011/05/12 20:41:32.0489 3996 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys 2011/05/12 20:41:32.0520 3996 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 2011/05/12 20:41:32.0551 3996 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 2011/05/12 20:41:32.0551 3996 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys 2011/05/12 20:41:32.0598 3996 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 2011/05/12 20:41:32.0614 3996 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 2011/05/12 20:41:32.0629 3996 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 2011/05/12 20:41:32.0661 3996 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys 2011/05/12 20:41:32.0692 3996 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys 2011/05/12 20:41:32.0723 3996 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 2011/05/12 20:41:32.0739 3996 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 2011/05/12 20:41:32.0754 3996 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 2011/05/12 20:41:32.0785 3996 mwlPSDFilter (6ffecc25b39dc7652a0cec0ada9db589) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys 2011/05/12 20:41:32.0801 3996 mwlPSDNServ (0befe32ca56d6ee89d58175725596a85) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys 2011/05/12 20:41:32.0817 3996 mwlPSDVDisk (d43bc633b8660463e446e28e14a51262) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys 2011/05/12 20:41:32.0879 3996 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 2011/05/12 20:41:32.0973 3996 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys 2011/05/12 20:41:33.0004 3996 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 2011/05/12 20:41:33.0035 3996 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 2011/05/12 20:41:33.0051 3996 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys 2011/05/12 20:41:33.0082 3996 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys 2011/05/12 20:41:33.0097 3996 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys 2011/05/12 20:41:33.0113 3996 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 2011/05/12 20:41:33.0144 3996 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys 2011/05/12 20:41:33.0285 3996 netr28ux (618c55b392238b9467f9113e13525c49) C:\Windows\system32\DRIVERS\netr28ux.sys 2011/05/12 20:41:33.0378 3996 netr28x (d66596db0a0739a89c25b590ce36d628) C:\Windows\system32\DRIVERS\netr28x.sys 2011/05/12 20:41:33.0409 3996 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 2011/05/12 20:41:33.0425 3996 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 2011/05/12 20:41:33.0472 3996 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 2011/05/12 20:41:33.0519 3996 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys 2011/05/12 20:41:33.0565 3996 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys 2011/05/12 20:41:33.0581 3996 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 2011/05/12 20:41:33.0612 3996 NVHDA (ad37248bd442d41c9a896e53eb8a85ee) C:\Windows\system32\drivers\nvhda64v.sys 2011/05/12 20:41:33.0846 3996 nvlddmkm (34b73206afafd49e9e8b98661cc92176) C:\Windows\system32\DRIVERS\nvlddmkm.sys 2011/05/12 20:41:33.0924 3996 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys 2011/05/12 20:41:33.0987 3996 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys 2011/05/12 20:41:34.0018 3996 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys 2011/05/12 20:41:34.0049 3996 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys 2011/05/12 20:41:34.0096 3996 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 2011/05/12 20:41:34.0111 3996 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys 2011/05/12 20:41:34.0127 3996 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys 2011/05/12 20:41:34.0143 3996 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys 2011/05/12 20:41:34.0158 3996 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 2011/05/12 20:41:34.0189 3996 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 2011/05/12 20:41:34.0221 3996 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 2011/05/12 20:41:34.0345 3996 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys 2011/05/12 20:41:34.0377 3996 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 2011/05/12 20:41:34.0408 3996 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys 2011/05/12 20:41:34.0455 3996 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 2011/05/12 20:41:34.0501 3996 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 2011/05/12 20:41:34.0533 3996 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 2011/05/12 20:41:34.0548 3996 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 2011/05/12 20:41:34.0564 3996 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 2011/05/12 20:41:34.0579 3996 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys 2011/05/12 20:41:34.0595 3996 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 2011/05/12 20:41:34.0611 3996 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 2011/05/12 20:41:34.0642 3996 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys 2011/05/12 20:41:34.0673 3996 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 2011/05/12 20:41:34.0689 3996 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 2011/05/12 20:41:34.0704 3996 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 2011/05/12 20:41:34.0735 3996 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 2011/05/12 20:41:34.0767 3996 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys 2011/05/12 20:41:34.0798 3996 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys 2011/05/12 20:41:34.0829 3996 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 2011/05/12 20:41:34.0845 3996 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys 2011/05/12 20:41:34.0876 3996 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys 2011/05/12 20:41:34.0907 3996 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 2011/05/12 20:41:34.0938 3996 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 2011/05/12 20:41:34.0954 3996 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 2011/05/12 20:41:34.0985 3996 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 2011/05/12 20:41:35.0016 3996 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys 2011/05/12 20:41:35.0032 3996 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys 2011/05/12 20:41:35.0047 3996 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys 2011/05/12 20:41:35.0079 3996 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 2011/05/12 20:41:35.0094 3996 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 2011/05/12 20:41:35.0125 3996 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 2011/05/12 20:41:35.0157 3996 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 2011/05/12 20:41:35.0188 3996 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 2011/05/12 20:41:35.0219 3996 srv (148d50904d2a0df29a19778715eb35bb) C:\Windows\system32\DRIVERS\srv.sys 2011/05/12 20:41:35.0250 3996 srv2 (ce2189fe31d36678ac9eb7ddee08ec96) C:\Windows\system32\DRIVERS\srv2.sys 2011/05/12 20:41:35.0266 3996 srvnet (cb69edeb069a49577592835659cd0e46) C:\Windows\system32\DRIVERS\srvnet.sys 2011/05/12 20:41:35.0328 3996 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 2011/05/12 20:41:35.0375 3996 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys 2011/05/12 20:41:35.0437 3996 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys 2011/05/12 20:41:35.0500 3996 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys 2011/05/12 20:41:35.0531 3996 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys 2011/05/12 20:41:35.0547 3996 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 2011/05/12 20:41:35.0578 3996 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys 2011/05/12 20:41:35.0578 3996 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys 2011/05/12 20:41:35.0625 3996 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys 2011/05/12 20:41:35.0656 3996 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys 2011/05/12 20:41:35.0734 3996 TuneUpUtilitiesDrv (dcc94c51d27c7ec0dadeca8f64c94fcf) C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys 2011/05/12 20:41:35.0781 3996 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys 2011/05/12 20:41:35.0812 3996 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 2011/05/12 20:41:35.0827 3996 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys 2011/05/12 20:41:35.0859 3996 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys 2011/05/12 20:41:35.0905 3996 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys 2011/05/12 20:41:35.0937 3996 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys 2011/05/12 20:41:35.0952 3996 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 2011/05/12 20:41:35.0999 3996 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys 2011/05/12 20:41:36.0030 3996 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys 2011/05/12 20:41:36.0061 3996 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys 2011/05/12 20:41:36.0077 3996 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys 2011/05/12 20:41:36.0093 3996 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys 2011/05/12 20:41:36.0124 3996 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys 2011/05/12 20:41:36.0155 3996 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 2011/05/12 20:41:36.0171 3996 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys 2011/05/12 20:41:36.0202 3996 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\drivers\USBSTOR.SYS 2011/05/12 20:41:36.0217 3996 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys 2011/05/12 20:41:36.0280 3996 VClone (fd911873c0bb6945fa38c16e9a2b58f9) C:\Windows\system32\DRIVERS\VClone.sys 2011/05/12 20:41:36.0327 3996 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys 2011/05/12 20:41:36.0358 3996 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 2011/05/12 20:41:36.0389 3996 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 2011/05/12 20:41:36.0405 3996 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys 2011/05/12 20:41:36.0436 3996 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys 2011/05/12 20:41:36.0451 3996 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys 2011/05/12 20:41:36.0451 3996 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys 2011/05/12 20:41:36.0467 3996 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys 2011/05/12 20:41:36.0529 3996 vpcbus (abd9b4a7e2d0ae51a3b8df1af3152d61) C:\Windows\system32\DRIVERS\vpchbus.sys 2011/05/12 20:41:36.0545 3996 vpcusb (31924e31bc315773e6d149b157db46d5) C:\Windows\system32\DRIVERS\vpcusb.sys 2011/05/12 20:41:36.0576 3996 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 2011/05/12 20:41:36.0592 3996 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 2011/05/12 20:41:36.0623 3996 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 2011/05/12 20:41:36.0654 3996 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys 2011/05/12 20:41:36.0670 3996 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 2011/05/12 20:41:36.0685 3996 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys 2011/05/12 20:41:36.0701 3996 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys 2011/05/12 20:41:36.0717 3996 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 2011/05/12 20:41:36.0748 3996 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 2011/05/12 20:41:36.0779 3996 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 2011/05/12 20:41:36.0795 3996 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 2011/05/12 20:41:36.0857 3996 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys 2011/05/12 20:41:36.0904 3996 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 2011/05/12 20:41:36.0935 3996 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys 2011/05/12 20:41:36.0951 3996 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys 2011/05/12 20:41:37.0044 3996 ================================================================================ 2011/05/12 20:41:37.0044 3996 Scan finished 2011/05/12 20:41:37.0044 3996 ================================================================================ |
|
12.05.2011, 20:06
| #10 |
| | Windows system alert - Desktop schwarz - explorer und Startmenue fast leer unhide ist jetzt auch durch. Allerdings sind die meisten Symbole auf dem Desktop jetzt weiße Blätter. Im Explorer ist - soweit ich das sehen kann - alles wieder vorhanden. lg etbei Edit: Die Blätter sind jetzt wieder die gewohnten Symbole |
|
13.05.2011, 15:45
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows system alert - Desktop schwarz - explorer und Startmenue fast leer Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.05.2011, 17:22
| #12 |
| | Windows system alert - Desktop schwarz - explorer und Startmenue fast leer cofi ist durch: Combofix Logfile: Code:
ATTFilter ComboFix 11-05-12.04 - Sebastian 13.05.2011 18:10:54.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.8183.6633 [GMT 2:00]
ausgeführt von:: c:\users\Sebastian\Desktop\cofi.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Steam\steam.exe
c:\users\Sebastian\AppData\Roaming\Adobe\plugs
c:\users\Sebastian\AppData\Roaming\Adobe\shed
c:\users\Sebastian\AppData\Roaming\Adobe\shed\thr1.chm
c:\users\Sebastian\AppData\Roaming\Minecraft.exe
c:\windows\SysWow64\f3PSSavr.scr
D:\install.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-04-13 bis 2011-05-13 ))))))))))))))))))))))))))))))
.
.
2011-05-13 16:17 . 2011-05-13 16:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-13 15:57 . 2011-04-11 08:21 8802128 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E09905F0-52FB-4B89-8F6D-3D62425A339A}\mpengine.dll
2011-05-12 19:48 . 2011-04-09 06:45 5509504 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-12 19:48 . 2011-04-09 06:13 3957632 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-05-12 19:48 . 2011-04-09 06:13 3901824 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-05-12 18:04 . 2011-05-12 18:04 -------- d-----w- C:\_OTL
2011-05-11 17:34 . 2011-05-11 17:34 -------- d-----w- c:\users\Sebastian\AppData\Roaming\Malwarebytes
2011-05-11 17:34 . 2010-12-20 16:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-11 17:34 . 2011-05-11 17:34 -------- d-----w- c:\programdata\Malwarebytes
2011-05-11 17:34 . 2011-05-11 17:34 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-05-11 17:34 . 2010-12-20 16:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-10 13:47 . 2011-05-11 16:36 -------- d-----w- c:\program files (x86)\uTorrent
2011-05-10 13:46 . 2011-05-12 04:56 -------- d-----w- c:\users\Sebastian\AppData\Roaming\uTorrent
2011-05-09 15:43 . 2011-05-09 15:43 -------- d-----w- C:\GAMIGO
2011-05-08 17:22 . 2011-05-08 17:24 -------- d-----w- c:\users\Sebastian\AppData\Roaming\Mount&Blade With Fire and Sword
2011-05-06 12:35 . 2011-05-06 12:35 88 --sh--r- c:\programdata\BE58BC58DD.sys
2011-05-06 12:35 . 2011-05-06 12:35 848 --sha-w- c:\programdata\KGyGaAvL.sys
2011-05-06 12:34 . 2011-05-06 12:34 -------- d-----w- c:\program files (x86)\Common Files\Enterbrain
2011-05-06 12:33 . 2011-05-06 12:33 -------- d-----w- c:\program files (x86)\Enterbrain
2011-05-05 15:42 . 2011-05-05 15:42 -------- d-----w- c:\users\Sebastian\AppData\Local\GameMaker8.1
2011-05-05 15:41 . 2011-05-11 16:36 -------- d-----w- c:\users\Sebastian\AppData\Roaming\GameMaker
2011-05-05 15:41 . 2011-05-05 15:59 -------- d-----w- c:\program files (x86)\Game Maker 8.1
2011-04-28 13:02 . 2011-05-06 12:51 -------- d-----w- c:\users\Sebastian\AppData\Roaming\.minecraft
2011-04-27 12:25 . 2011-04-27 12:27 -------- d-----w- c:\users\Sebastian\AppData\Roaming\Minecraft
2011-04-27 12:24 . 2011-05-11 16:36 -------- d-----w- c:\users\Sebastian\AppData\Roaming\bin
2011-04-27 12:24 . 2011-02-24 14:25 -------- d-----w- c:\users\Sebastian\AppData\Roaming\texturepacks
2011-04-27 12:24 . 2011-02-24 14:25 -------- d-----w- c:\users\Sebastian\AppData\Roaming\saves
2011-04-27 12:24 . 2011-02-24 14:26 -------- d-----w- c:\users\Sebastian\AppData\Roaming\resources
2011-04-27 11:23 . 2011-02-26 06:23 2870272 ----a-w- c:\windows\explorer.exe
2011-04-27 11:23 . 2011-02-26 05:33 2614784 ----a-w- c:\windows\SysWow64\explorer.exe
2011-04-27 11:23 . 2011-03-12 12:03 662528 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-27 11:23 . 2011-03-12 11:31 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2011-04-23 16:30 . 2011-05-11 16:36 -------- d-----w- c:\users\Sebastian\AppData\Roaming\Teeworlds
2011-04-17 20:35 . 2011-04-17 20:53 -------- d-----w- c:\users\Sebastian\AppData\Roaming\ChessBase
2011-04-17 20:34 . 2011-05-11 16:36 -------- d-----w- c:\users\Sebastian\AppData\Local\Fritz und Fertig
2011-04-17 20:34 . 2011-05-11 16:36 -------- d-----w- c:\users\Sebastian\AppData\Local\ChessBase
2011-04-17 20:34 . 2011-04-17 20:34 -------- d-----w- c:\program files (x86)\ChessBase
2011-04-16 07:48 . 2011-03-30 17:45 25920 ----a-w- c:\windows\system32\authuitu.dll
2011-04-16 07:48 . 2011-03-30 17:45 21312 ----a-w- c:\windows\SysWow64\authuitu.dll
2011-04-16 07:48 . 2011-03-30 17:45 36160 ----a-w- c:\windows\system32\uxtuneup.dll
2011-04-16 07:48 . 2011-03-30 17:45 29504 ----a-w- c:\windows\SysWow64\uxtuneup.dll
2011-04-15 12:02 . 2011-04-15 12:02 -------- d-----w- c:\program files (x86)\GameSpy Arcade
2011-04-15 12:02 . 2011-04-15 12:02 26624 ----a-r- c:\users\Sebastian\AppData\Roaming\Microsoft\Installer\{6910C412-A523-493C-BC22-0213CD7F4F3A}\Icon6910C412.exe
2011-04-14 01:39 . 2011-04-14 01:39 103864 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2011-04-14 01:39 . 2011-04-14 01:39 103864 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-26 10:34 . 2010-10-06 13:25 234768 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-04-26 10:34 . 2010-02-22 19:08 234768 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-04-09 16:55 . 2011-04-09 16:55 15453336 ----a-w- c:\windows\SysWow64\xlive.dll
2011-04-09 16:55 . 2011-04-09 16:55 13642904 ----a-w- c:\windows\SysWow64\xlivefnt.dll
2011-03-30 17:50 . 2011-04-06 12:48 34624 ----a-w- c:\windows\system32\TURegOpt.exe
2011-03-29 07:30 . 2011-03-29 07:30 86016 ----a-w- c:\windows\SysWow64\frapsvid.dll
2011-03-29 07:30 . 2011-03-29 07:30 84992 ----a-w- c:\windows\system32\frapsv64.dll
2011-03-18 12:20 . 2009-08-18 11:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2011-03-18 12:20 . 2009-08-18 10:24 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-13 09:08 . 2011-03-13 09:08 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2011-03-11 06:19 . 2011-04-13 05:04 1395712 ----a-w- c:\windows\system32\mfc42.dll
2011-03-11 06:19 . 2011-04-13 05:04 1359872 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-11 05:40 . 2011-04-13 05:04 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll
2011-03-11 05:40 . 2011-04-13 05:04 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll
2011-03-08 06:14 . 2011-04-13 05:03 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-08 05:38 . 2011-04-13 05:03 740864 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-03-07 02:08 . 2011-03-07 02:08 93552 ----a-w- c:\windows\SysWow64\ElbyCDIO.dll
2011-03-07 00:52 . 2011-03-07 00:52 134512 ----a-w- c:\windows\SysWow64\ElbyVCD.dll
2011-03-04 06:17 . 2011-04-27 11:22 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:17 . 2011-04-27 11:22 347648 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2011-03-03 06:17 . 2011-04-13 05:03 182272 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-03-03 06:14 . 2011-04-13 05:03 30208 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-03-03 05:27 . 2011-04-13 05:03 28672 ----a-w- c:\windows\SysWow64\dnscacheugc.exe
2011-03-03 03:58 . 2011-04-13 05:04 3133440 ----a-w- c:\windows\system32\win32k.sys
2011-02-26 01:23 . 2011-02-26 01:23 41872 ----a-w- c:\windows\SysWow64\xfcodec.dll
2011-02-26 01:23 . 2011-02-26 01:23 27536 ----a-w- c:\windows\system32\xfcodec64.dll
2011-02-24 06:30 . 2011-04-13 05:04 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-24 06:29 . 2011-04-13 05:04 1197056 ----a-w- c:\windows\system32\wininet.dll
2011-02-24 06:24 . 2011-04-13 05:04 57856 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-24 05:32 . 2011-04-13 05:04 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2011-02-24 05:32 . 2011-04-13 05:04 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2011-02-24 05:30 . 2011-04-13 05:04 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-02-24 05:05 . 2011-04-13 05:04 482816 ----a-w- c:\windows\system32\html.iec
2011-02-24 04:24 . 2011-04-13 05:04 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-02-24 04:23 . 2011-04-13 05:04 386048 ----a-w- c:\windows\SysWow64\html.iec
2011-02-24 03:50 . 2011-04-13 05:04 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-02-23 05:16 . 2011-04-13 05:04 461312 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-23 05:16 . 2011-04-13 05:04 401920 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-02-23 05:15 . 2011-04-13 05:04 161792 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-02-23 05:15 . 2011-04-13 05:03 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-23 05:15 . 2011-04-13 05:03 286720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-02-23 05:15 . 2011-04-13 05:03 126464 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-02-23 05:15 . 2011-04-13 05:03 90624 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-02-19 06:37 . 2011-03-09 08:33 1135104 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 06:37 . 2011-03-09 08:33 1540608 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 06:36 . 2011-03-09 08:33 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-02-19 06:36 . 2011-04-13 05:04 46080 ----a-w- c:\windows\system32\atmlib.dll
2011-02-19 05:32 . 2011-03-09 08:33 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-02-19 05:32 . 2011-03-09 08:33 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-02-19 05:32 . 2011-04-13 05:04 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2011-02-19 04:13 . 2011-04-13 05:04 367104 ----a-w- c:\windows\system32\atmfd.dll
2011-02-19 03:37 . 2011-04-13 05:04 294912 ----a-w- c:\windows\SysWow64\atmfd.dll
2011-02-18 06:37 . 2011-04-13 05:04 612352 ----a-w- c:\windows\system32\vbscript.dll
2011-02-18 05:36 . 2011-04-13 05:04 428032 ----a-w- c:\windows\SysWow64\vbscript.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:41 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2009-07-14 44544]
"Free Download Manager"="c:\program files (x86)\Free Download Manager\fdm.exe" [2010-04-28 3727411]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-08-12 261888]
"Hotkey Utility"="c:\program files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe" [2009-08-18 629280]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-11-26 281768]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"FreePDF Assistant"="c:\program files (x86)\FreePDF_XP\fpassist.exe" [2010-06-17 370176]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-06 135664]
R3 dump_wmimmc;dump_wmimmc;c:\ijji\ENGLISH\u_sf\GameGuard\dump_wmimmc.sys [x]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-06 135664]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-09-10 305448]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 X6va005;X6va005;c:\users\SEBAST~1\AppData\Local\Temp\0051DA9.tmp [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-03-28 2111368]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-08-12 62208]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-07 2228008]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2011-03-30 2026304]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S3 netr28ux;RT2870-USB-Drahtlos-LAN-Kartentreiber für Vista;c:\windows\system32\DRIVERS\netr28ux.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2011-02-10 11856]
.
.
Inhalt des "geplante Tasks" Ordners
.
2011-02-20 c:\windows\Tasks\File Helper.job
- c:\program files (x86)\File Helper\File Helper.lnk [2010-09-08 01:34]
.
2011-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-06 14:49]
.
2011-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-06 14:49]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:44 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.babylon.com/home?AF=55555
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m5810&r=17360210qn06973154ll5qh9539351
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Alles mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dlall.htm
IE: Auswahl mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dlselected.htm
IE: Datei mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: Videos mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dlfvideo.htm
IE: Webseite mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dlpage.htm
FF - ProfilePath - c:\users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\ytvnc77m.default\
FF - prefs.js: browser.startup.homepage - hxxp://search.imesh.com/
FF - prefs.js: keyword.URL - hxxp://search.imesh.com/web?src=ffb&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: CoreXPlayer: corexplayer@l39studios.de - %profile%\extensions\corexplayer@l39studios.de
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Battlefield Play4Free: battlefieldplay4free@ea.com - %profile%\extensions\battlefieldplay4free@ea.com
FF - Ext: Battlefield Heroes Updater: battlefieldheroespatcher@ea.com - %profile%\extensions\battlefieldheroespatcher@ea.com
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-Steam - c:\program files (x86)\Steam\steam.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Battleground Europe - c:\progra~2\CRS\BATTLE~1\UNWISE.EXE
AddRemove-Steam App 10 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 12830 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 17570 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 30 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 34030 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 42120 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 45000 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 48700 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 48720 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 48800 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 630 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 64000 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 80 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 8170 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 8600 - c:\program files (x86)\Steam\steam.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\SEBAST~1\AppData\Local\Temp\0051DA9.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2300125515-776338666-2675739939-1000\Software\SecuROM\License information*]
"datasecu"=hex:9d,4d,fb,f5,ae,08,4f,2d,07,b3,76,54,9f,cc,6b,58,67,cc,e1,2b,f5,
b3,75,5a,6d,6b,ac,d6,c4,73,a0,b3,61,3b,72,00,76,c3,33,4d,ea,a3,16,78,b3,90,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components]
@Denied: (Full) (Everyone)
@Denied: (Full) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
@="Microsoft Windows Media Player"
"Version"="12,0,7600,16667"
"IsInstalled"=dword:00000000
"ComponentID"="WMPACCESS"
"LocalizedName"=expand:"@%SystemRoot%\\system32\\wmploc.dll,-128"
"StubPath"=expand:"%SystemRoot%\\system32\\unregmp2.exe /ShowWMP"
"DontAsk"=dword:00000002
"Locale"="*"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
@="Internet Explorer"
"Version"="8,0,7600,17136"
"IsInstalled"=dword:00000001
"ComponentID"="IEACCESS"
"LocalizedName"="@c:\\Windows\\SysWOW64\\ie4uinit.exe,-21"
"StubPath"="c:\\Windows\\SysWOW64\\ie4uinit.exe -UserIconConfig"
"Dontask"=dword:00000002
"Locale"="*"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
@="Browser Customizations"
"IsInstalled"=dword:00000001
"Version"="8,0,7100,0"
"ComponentiD"="BRANDING.CAB"
"LocalizedName"="@c:\\Windows\\SysWOW64\\iedkcs32.dll,-3052"
"StubPath"="\"c:\\Windows\\SysWOW64\\rundll32.exe\" \"c:\\Windows\\SysWOW64\\iedkcs32.dll\",BrandIEActiveSetup SIGNUP"
"Locale"="*"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
@="Java (Sun)"
"ComponentID"="JAVAVM"
"IsInstalled"=dword:00000001
"KeyFileName"="c:\\Program Files (x86)\\Java\\jre6\\bin\\regutils.dll"
"Version"="5,0,5000,0"
"Locale"="EN"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
@="Microsoft Windows Media Player 12.0"
"IsInstalled"=dword:00000001
"Version"="12,0,7600,16667"
"DontAsk"=dword:00000002
"Locale"="EN"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{25FFAAD0-F4A3-4164-95FF-4461E9F35D51}]
@=".NET Framework"
"Version"="2,0,50727,1"
"ComponentID"=".NETFramework"
"Locale"=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
@="Themes Setup"
"LocalizedName"=expand:"@%SystemRoot%\\system32\\themeui.dll,-2682"
"ComponentID"="Theme Component"
"IsInstalled"=dword:00000001
"Locale"="EN"
"StubPath"=expand:"%SystemRoot%\\system32\\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\\system32\\themeui.dll"
"Version"="1,1,1,9"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}]
@="Offline Browsing Pack"
"IsInstalled"=dword:00000001
"Version"="8,0,7600,16385"
"ComponentID"="MobilePk"
"Locale"="*"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{411EDCF7-755D-414E-A74B-3DCD6583F589}]
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="1,1,4322"
"ComponentID"="S867460"
@="Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"IsInstalled"=dword:00000001
"Dontask"=dword:00000002
"Locale"="*"
"ComponentID"="MailNews"
"CloneUser"=dword:00000001
"StubPath"=expand:"\"%ProgramFiles(x86)%\\Windows Mail\\WinMail.exe\" OCInstallUserConfigOE"
"Version"="6,1,7600,16385"
@="Microsoft Windows"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
@="DirectDrawEx"
"ComponentID"="DirectDrawEx"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="4,71,1113,0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
@="Internet Explorer Help"
"IsInstalled"=dword:00000001
"Version"="8,0,7600,16385"
"ComponentID"="HelpCont"
"Locale"="*"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
@="Microsoft Windows Script 5.6"
"ComponentID"="MSVBScript"
"IsInstalled"=dword:00000001
"Locale"="EN"
"Version"="5,6,0,8833"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
@="Internet Explorer Setup Tools"
"IsInstalled"=dword:00000001
"Version"="8,0,7600,16385"
"ComponentID"="GenSetup"
"Locale"="*"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
"KeyFileName"=expand:"%SystemRoot%\\system32\\msieftp.dll"
@="Browsing Enhancements"
"IsInstalled"=dword:00000001
"Version"="8,0,7600,16385"
"ComponentID"="ExtraPack"
"Locale"="*"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
@="Microsoft Windows Media Player"
"IsInstalled"=dword:00000001
"Version"="12,0,7600,16667"
"ComponentID"="Microsoft Windows Media Player"
"LocalizedName"=expand:"@%SystemRoot%\\system32\\wmploc.dll,-128"
"StubPath"=expand:"%SystemRoot%\\system32\\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI"
"DontAsk"=dword:00000002
"Locale"="EN"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
@="MSN Site Access"
"IsInstalled"=dword:00000001
"Version"="4,9,9,2"
"ComponentID"="MSN_Auth"
"Locale"="*"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
@="Address Book 7"
"Version"="6,1,7600,16684"
"IsInstalled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{7C028AF8-F614-47B3-82DA-BA94E41B1089}]
@=".NET Framework"
"Locale"=""
"ComponentID"=".NETFramework"
"Version"="2,0,50727,0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
@="Windows Desktop Update"
"LocalizedName"=expand:"@%SystemRoot%\\system32\\shell32.dll,-32969"
"ComponentID"="IE4_SHELLID"
"IsInstalled"=dword:00000001
"Locale"="en"
"StubPath"=expand:"regsvr32.exe /s /n /i:U shell32.dll"
"Version"="6,1,7600,16644"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
@="Web Platform Customizations"
"IsInstalled"=dword:00000001
"Version"="8,0,7600,17136"
"ComponentID"="BASEIE40_W2K"
"LocalizedName"="@c:\\Windows\\SysWOW64\\ie4uinit.exe,-2000"
"StubPath"="c:\\Windows\\SysWOW64\\ie4uinit.exe -BaseSettings"
"Locale"="en"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
"IsInstalled"=dword:00000001
"ComponentID"="DOTNETFRAMEWORKS"
"StubPath"="c:\\Windows\\SysWOW64\\Rundll32.exe c:\\Windows\\SysWOW64\\mscories.dll,Install"
"DontAsk"=dword:00000002
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
@="Dynamic HTML Data Binding"
"IsInstalled"=dword:00000001
"Version"="8,0,7600,16385"
"ComponentID"="Tridata"
"Locale"="*"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}]
@="Internet Explorer Core Fonts"
"IsInstalled"=dword:00000001
"Version"="8,0,7600,17136"
"ComponentID"="Fontcore"
"Locale"="*"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}]
"Locale"=""
"Version"="1,0,4322,1"
"ComponentID"=".NETFramework"
@=".NET Framework"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
@="Adobe Flash Player"
"ComponentID"="Flash"
"IsInstalled"=hex:01,00,00,00
"Version"="10.0.32.18"
"Locale"="EN"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
@="HTML Help"
"IsInstalled"=dword:00000001
"Version"="6,1,7600,16385"
"ComponentID"="HTMLHelp"
"Locale"="*"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
@="Active Directory Service Interface"
"ComponentID"="ADSI"
"IsInstalled"=dword:00000001
"Locale"="EN"
"Version"="5,0,00,0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}]
"Locale"=""
"Version"="4,0,30319,0"
"ComponentID"=".NETFramework"
@=".NET Framework"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-05-13 18:19:19
ComboFix-quarantined-files.txt 2011-05-13 16:19
.
Vor Suchlauf: 23 Verzeichnis(se), 144.244.637.696 Bytes frei
Nach Suchlauf: 26 Verzeichnis(se), 143.750.234.112 Bytes frei
.
- - End Of File - - A14CAD8A6BD57A4F5B0AEEA16050E49D
|
|
13.05.2011, 18:23
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows system alert - Desktop schwarz - explorer und Startmenue fast leer Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Code:
ATTFilter Folder::
c:\users\Sebastian\AppData\Local\GameMaker8.1
c:\users\Sebastian\AppData\Roaming\GameMaker
c:\program files (x86)\Game Maker 8.1
File::
c:\users\SEBAST~1\AppData\Local\Temp\0051DA9.tmp
Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
Driver::
X6va005
4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.  6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.05.2011, 19:38
| #14 |
| | Windows system alert - Desktop schwarz - explorer und Startmenue fast leer erledigt Combofix Logfile: Code:
ATTFilter ComboFix 11-05-12.04 - Sebastian 13.05.2011 19:31:56.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.8183.6500 [GMT 2:00]
ausgeführt von:: c:\users\Sebastian\Desktop\cofi.exe
Benutzte Befehlsschalter :: c:\users\Sebastian\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\SEBAST~1\AppData\Local\Temp\0051DA9.tmp"
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Game Maker 8.1
c:\program files (x86)\Game Maker 8.1\BouncyCastle.Crypto.dll
c:\program files (x86)\Game Maker 8.1\GameMaker.exe
c:\program files (x86)\Game Maker 8.1\GameMaker.exe.config
c:\program files (x86)\Game Maker 8.1\GameMakerInstaller.nsi
c:\program files (x86)\Game Maker 8.1\Ionic.Zip.Reduced.dll
c:\program files (x86)\Game Maker 8.1\uninstall.exe
c:\users\Sebastian\AppData\Local\GameMaker8.1
c:\users\Sebastian\AppData\Roaming\GameMaker
c:\users\Sebastian\AppData\Roaming\GameMaker\Backgrounds\bars.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Backgrounds\clouds.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Backgrounds\earth.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Backgrounds\lines.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Backgrounds\metal_blue.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Backgrounds\metal_dark.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Backgrounds\mist.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Backgrounds\mountains.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Backgrounds\plants.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Backgrounds\sand.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Backgrounds\stone.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Backgrounds\Tilesets\pipes.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Backgrounds\Tilesets\platform.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Backgrounds\Tilesets\railway_strip16.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Backgrounds\Tilesets\wall.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Backgrounds\Tilesets\wood_large.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Backgrounds\Tilesets\wood_small.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Backgrounds\Tutorial1\wood.gif
c:\users\Sebastian\AppData\Roaming\GameMaker\Backgrounds\wood.png
c:\users\Sebastian\AppData\Roaming\GameMaker\BouncyCastle.Crypto.dll
c:\users\Sebastian\AppData\Roaming\GameMaker\dxdata
c:\users\Sebastian\AppData\Roaming\GameMaker\Examples\.gm81
c:\users\Sebastian\AppData\Roaming\GameMaker\Examples\street racing.gmk
c:\users\Sebastian\AppData\Roaming\GameMaker\Examples\treasure.gmk
c:\users\Sebastian\AppData\Roaming\GameMaker\Examples\tutorial1.gmk
c:\users\Sebastian\AppData\Roaming\GameMaker\extensions\GM Printing.chm
c:\users\Sebastian\AppData\Roaming\GameMaker\extensions\GM Printing.dat
c:\users\Sebastian\AppData\Roaming\GameMaker\extensions\GM Printing.ged
c:\users\Sebastian\AppData\Roaming\GameMaker\extensions\GM Room Transitions.chm
c:\users\Sebastian\AppData\Roaming\GameMaker\extensions\GM Room Transitions.dat
c:\users\Sebastian\AppData\Roaming\GameMaker\extensions\GM Room Transitions.ged
c:\users\Sebastian\AppData\Roaming\GameMaker\extensions\GM Windows Dialogs.chm
c:\users\Sebastian\AppData\Roaming\GameMaker\extensions\GM Windows Dialogs.dat
c:\users\Sebastian\AppData\Roaming\GameMaker\extensions\GM Windows Dialogs.ged
c:\users\Sebastian\AppData\Roaming\GameMaker\extensions\Readme.txt
c:\users\Sebastian\AppData\Roaming\GameMaker\fnames
c:\users\Sebastian\AppData\Roaming\GameMaker\Game_Maker.chm
c:\users\Sebastian\AppData\Roaming\GameMaker\Game_Maker.exe
c:\users\Sebastian\AppData\Roaming\GameMaker\GameMaker.exe
c:\users\Sebastian\AppData\Roaming\GameMaker\GameMaker.exe.config
c:\users\Sebastian\AppData\Roaming\GameMaker\html\FirstTime.htm
c:\users\Sebastian\AppData\Roaming\GameMaker\html\images\bg.png
c:\users\Sebastian\AppData\Roaming\GameMaker\html\images\button.png
c:\users\Sebastian\AppData\Roaming\GameMaker\html\images\larrow_small.png
c:\users\Sebastian\AppData\Roaming\GameMaker\html\Loader.htm
c:\users\Sebastian\AppData\Roaming\GameMaker\html\Loader2.htm
c:\users\Sebastian\AppData\Roaming\GameMaker\html\style.css
c:\users\Sebastian\AppData\Roaming\GameMaker\Ionic.Zip.Reduced.dll
c:\users\Sebastian\AppData\Roaming\GameMaker\lib\01_move.lib
c:\users\Sebastian\AppData\Roaming\GameMaker\lib\02_main1.lib
c:\users\Sebastian\AppData\Roaming\GameMaker\lib\03_main2.lib
c:\users\Sebastian\AppData\Roaming\GameMaker\lib\04_control.lib
c:\users\Sebastian\AppData\Roaming\GameMaker\lib\05_score.lib
c:\users\Sebastian\AppData\Roaming\GameMaker\lib\06_extra.lib
c:\users\Sebastian\AppData\Roaming\GameMaker\lib\07_draw.lib
c:\users\Sebastian\AppData\Roaming\GameMaker\lib\Readme.txt
c:\users\Sebastian\AppData\Roaming\GameMaker\libeay32.dll
c:\users\Sebastian\AppData\Roaming\GameMaker\License.txt
c:\users\Sebastian\AppData\Roaming\GameMaker\rundata
c:\users\Sebastian\AppData\Roaming\GameMaker\Sounds\alarm.wav
c:\users\Sebastian\AppData\Roaming\GameMaker\Sounds\applause.wav
c:\users\Sebastian\AppData\Roaming\GameMaker\Sounds\baby1.wav
c:\users\Sebastian\AppData\Roaming\GameMaker\Sounds\baby2.wav
c:\users\Sebastian\AppData\Roaming\GameMaker\Sounds\beep_high.wav
c:\users\Sebastian\AppData\Roaming\GameMaker\Sounds\beep1.wav
c:\users\Sebastian\AppData\Roaming\GameMaker\Sounds\beep2.wav
c:\users\Sebastian\AppData\Roaming\GameMaker\Sounds\beep3.wav
c:\users\Sebastian\AppData\Roaming\GameMaker\Sounds\beep4.wav
c:\users\Sebastian\AppData\Roaming\GameMaker\Sounds\boomshot.wav
c:\users\Sebastian\AppData\Roaming\GameMaker\Sounds\breaking.wav
c:\users\Sebastian\AppData\Roaming\GameMaker\Sounds\cancel.wav
c:\users\Sebastian\AppData\Roaming\GameMaker\Sounds\cannon.wav
c:\users\Sebastian\AppData\Roaming\GameMaker\Sounds\cash_register.wav
c:\users\Sebastian\AppData\Roaming\GameMaker\Sounds\click_multiple.wav
c:\users\Sebastian\AppData\Roaming\GameMaker\Sounds\click_tiny.wav
c:\users\Sebastian\AppData\Roaming\GameMaker\Sounds\click1.wav
c:\users\Sebastian\AppData\Roaming\GameMaker\Sounds\click2.wav
c:\users\Sebastian\AppData\Roaming\GameMaker\Sounds\close1.wav
c:\users\Sebastian\AppData\Roaming\GameMaker\Sounds\close2.wav
c:\users\Sebastian\AppData\Roaming\GameMaker\Sounds\computer1.wav
c:\users\Sebastian\AppData\Roaming\GameMaker\Sounds\computer2.wav
c:\users\Sebastian\AppData\Roaming\GameMaker\Sounds\cough.wav
c:\users\Sebastian\AppData\Roaming\GameMaker\Sounds\crunchy.wav
c:\users\Sebastian\AppData\Roaming\GameMaker\Sounds\curious_down.wav
c:\users\Sebastian\AppData\Roaming\GameMaker\Sounds\curious_up.wav
c:\users\Sebastian\AppData\Roaming\GameMaker\Sounds\door_rough.wav
c:\users\Sebastian\AppData\Roaming\GameMaker\Sounds\doorcreak1.wav
c:\users\Sebastian\AppData\Roaming\GameMaker\Sounds\doorcreak2.wav
c:\users\Sebastian\AppData\Roaming\GameMaker\Sounds\doorcreak3.wav
c:\users\Sebastian\AppData\Roaming\GameMaker\Sounds\electric.wav
c:\users\Sebastian\AppData\Roaming\GameMaker\Sounds\eliminateline.wav
c:\users\Sebastian\AppData\Roaming\GameMaker\Sounds\fanfare1.wav
c:\users\Sebastian\AppData\Roaming\GameMaker\Sounds\fanfare2.wav
c:\users\Sebastian\AppData\Roaming\GameMaker\Sounds\found_item.wav
c:\users\Sebastian\AppData\Roaming\GameMaker\Sounds\gun1.wav
c:\users\Sebastian\AppData\Roaming\GameMaker\Sounds\gun2.wav
c:\users\Sebastian\AppData\Roaming\GameMaker\Sounds\gun3.wav
c:\users\Sebastian\AppData\Roaming\GameMaker\Sounds\gun4.wav
c:\users\Sebastian\AppData\Roaming\GameMaker\Sounds\gun5.wav
c:\users\Sebastian\AppData\Roaming\GameMaker\Sounds\gun6.wav
c:\users\Sebastian\AppData\Roaming\GameMaker\Sounds\gun7.wav
c:\users\Sebastian\AppData\Roaming\GameMaker\Sounds\happy_chord.wav
c:\users\Sebastian\AppData\Roaming\GameMaker\Sounds\lasergun1.wav
c:\users\Sebastian\AppData\Roaming\GameMaker\Sounds\lasergun2.wav
c:\users\Sebastian\AppData\Roaming\GameMaker\Sounds\lasergun3.wav
c:\users\Sebastian\AppData\Roaming\GameMaker\Sounds\lever.wav
c:\users\Sebastian\AppData\Roaming\GameMaker\Sounds\lose1.wav
c:\users\Sebastian\AppData\Roaming\GameMaker\Sounds\lose2.wav
c:\users\Sebastian\AppData\Roaming\GameMaker\Sounds\miss.wav
c:\users\Sebastian\AppData\Roaming\GameMaker\Sounds\move_block.wav
c:\users\Sebastian\AppData\Roaming\GameMaker\Sounds\oooh_laugh.wav
c:\users\Sebastian\AppData\Roaming\GameMaker\Sounds\open.wav
c:\users\Sebastian\AppData\Roaming\GameMaker\Sounds\phone_ring.wav
c:\users\Sebastian\AppData\Roaming\GameMaker\Sounds\spear_trap.wav
c:\users\Sebastian\AppData\Roaming\GameMaker\Sounds\squeak1.wav
c:\users\Sebastian\AppData\Roaming\GameMaker\Sounds\squeak2.wav
c:\users\Sebastian\AppData\Roaming\GameMaker\Sounds\step.wav
c:\users\Sebastian\AppData\Roaming\GameMaker\Sounds\switch1.wav
c:\users\Sebastian\AppData\Roaming\GameMaker\Sounds\switch2.wav
c:\users\Sebastian\AppData\Roaming\GameMaker\Sounds\Tutorial1\click.wav
c:\users\Sebastian\AppData\Roaming\GameMaker\Sounds\Tutorial1\explosion.wav
c:\users\Sebastian\AppData\Roaming\GameMaker\Sounds\Tutorial1\music.mid
c:\users\Sebastian\AppData\Roaming\GameMaker\Sounds\win1.wav
c:\users\Sebastian\AppData\Roaming\GameMaker\Sounds\win2.wav
c:\users\Sebastian\AppData\Roaming\GameMaker\Sounds\win3.wav
c:\users\Sebastian\AppData\Roaming\GameMaker\Sounds\wood1.wav
c:\users\Sebastian\AppData\Roaming\GameMaker\Sounds\wood2.wav
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Boardgame\bishop_black.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Boardgame\bishop_white.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Boardgame\king_black.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Boardgame\king_white.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Boardgame\knight_black.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Boardgame\knight_white.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Boardgame\pawn_black.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Boardgame\pawn_white.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Boardgame\queen_black.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Boardgame\queen_white.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Boardgame\rook_black.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Boardgame\rook_white.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Boardgame\token_black.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Boardgame\token_blue.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Boardgame\token_green.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Boardgame\token_red.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Boardgame\token_white.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Boardgame\token_yellow.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\ball_basketball.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\ball_blue.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\ball_pinball.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\ball_purple.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\ball_red.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\ball_soccer.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\bat_huge.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\bat_large.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\bat_small.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\bat_special_strip10.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\bat_tiny.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\bat2_huge.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\bat2_large.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\bat2_small.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\bat2_special_strip10.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\bat2_tiny.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\bumper_strip2.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\deflector_fire_left.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\deflector_fire_right.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\deflector_goo_left.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\deflector_goo_right.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\deflector_spark_left.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\deflector_spark_right.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\flipper_fire_left_strip2.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\flipper_fire_right_strip2.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\flipper_goo_left_strip2.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\flipper_goo_right_strip2.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\flipper_left_strip2.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\flipper_old_left_strip2.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\flipper_old_right_strip2.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\flipper_right_strip2.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\flipper_spark_left_strip2.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\flipper_spark_right_strip2.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\flipper_white_left_strip2.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\flipper_white_right_strip2.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\Stones\stone_breaking_blue_strip5.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\Stones\stone_breaking_green_strip5.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\Stones\stone_breaking_orange_strip5.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\Stones\stone_breaking_pink_strip5.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\Stones\stone_breaking_purple_strip5.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\Stones\stone_breaking_red_strip5.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\Stones\stone_breaking_yellow_strip5.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\Stones\stone_cross_blue.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\Stones\stone_cross_green.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\Stones\stone_cross_orange.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\Stones\stone_cross_pink.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\Stones\stone_cross_purple.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\Stones\stone_cross_red.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\Stones\stone_cross_yellow.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\Stones\stone_damaged1_blue.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\Stones\stone_damaged1_green.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\Stones\stone_damaged1_orange.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\Stones\stone_damaged1_pink.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\Stones\stone_damaged1_purple.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\Stones\stone_damaged1_red.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\Stones\stone_damaged1_yellow.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\Stones\stone_damaged2_blue.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\Stones\stone_damaged2_green.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\Stones\stone_damaged2_orange.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\Stones\stone_damaged2_pink.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\Stones\stone_damaged2_purple.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\Stones\stone_damaged2_red.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\Stones\stone_damaged2_yellow.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\Stones\stone_damaged3_blue.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\Stones\stone_damaged3_green.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\Stones\stone_damaged3_orange.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\Stones\stone_damaged3_pink.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\Stones\stone_damaged3_purple.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\Stones\stone_damaged3_red.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\Stones\stone_damaged3_yellow.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\Stones\stone_energy_blue.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\Stones\stone_energy_green.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\Stones\stone_energy_orange.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\Stones\stone_energy_pink.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\Stones\stone_energy_purple.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\Stones\stone_energy_red.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\Stones\stone_energy_yellow.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\Stones\stone_glow_blue.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\Stones\stone_glow_green.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\Stones\stone_glow_orange.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\Stones\stone_glow_pink.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\Stones\stone_glow_purple.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\Stones\stone_glow_red.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\Stones\stone_glow_yellow.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\Stones\stone_life_blue.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\Stones\stone_life_green.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\Stones\stone_life_orange.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\Stones\stone_life_pink.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\Stones\stone_life_purple.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\Stones\stone_life_red.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\Stones\stone_life_yellow.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\Stones\stone_normal_blue.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\Stones\stone_normal_green.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\Stones\stone_normal_orange.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\Stones\stone_normal_pink.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\Stones\stone_normal_purple.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\Stones\stone_normal_red.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\Stones\stone_normal_yellow.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\Stones\stone_nuclear_blue.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\Stones\stone_nuclear_green.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\Stones\stone_nuclear_orange.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\Stones\stone_nuclear_pink.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\Stones\stone_nuclear_purple.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\Stones\stone_nuclear_red.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\Stones\stone_nuclear_yellow.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\Stones\stone_plastic_blue.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\Stones\stone_plastic_green.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\Stones\stone_plastic_orange.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\Stones\stone_plastic_pink.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\Stones\stone_plastic_purple.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\Stones\stone_plastic_red.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\Stones\stone_plastic_yellow.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\Stones\stone_skull_blue.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\Stones\stone_skull_green.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\Stones\stone_skull_orange.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\Stones\stone_skull_pink.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\Stones\stone_skull_purple.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\Stones\stone_skull_red.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\Stones\stone_skull_yellow.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\Stones\stone_smile_blue.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\Stones\stone_smile_green.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\Stones\stone_smile_orange.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\Stones\stone_smile_pink.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\Stones\stone_smile_purple.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\Stones\stone_smile_red.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\Stones\stone_smile_yellow.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\Stones\stone_spots_blue.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\Stones\stone_spots_green.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\Stones\stone_spots_orange.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\Stones\stone_spots_pink.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\Stones\stone_spots_purple.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\Stones\stone_spots_red.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\Stones\stone_spots_yellow.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\Stones\stone_transparent_blue.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\Stones\stone_transparent_green.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\Stones\stone_transparent_orange.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\Stones\stone_transparent_pink.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\Stones\stone_transparent_purple.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\Stones\stone_transparent_red.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\Stones\stone_transparent_yellow.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\Stones\stone_void_blue.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\Stones\stone_void_green.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\Stones\stone_void_orange.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\Stones\stone_void_pink.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\Stones\stone_void_purple.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\Stones\stone_void_red.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Bouncing Balls\Stones\stone_void_yellow.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Buttons\button_back.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Buttons\button_empty.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Buttons\button_help.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Buttons\button_info.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Buttons\button_load.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Buttons\button_play.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Buttons\button_quit.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Buttons\button_save.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Buttons\buttonsmall_empty.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Buttons\loading.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Cards\backs_strip10.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Cards\empty.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Cards\playingcards_strip54.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Cards\symbols_strip7.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Icons\cross.ico
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Icons\energy.ico
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Icons\life.ico
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Icons\nuclear.ico
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Icons\skull.ico
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Icons\smile.ico
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\apple.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\arrow_down.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\arrow_left.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\arrow_right.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\arrow_up.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\banana.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\bomb.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\book_blue.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\book_gold.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\book_green.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\book_red.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\book_white.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\boulder.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\bow.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\bullet_down.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\bullet_left.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\bullet_right.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\bullet_up.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\burger.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\button.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\button_pressed.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\cherry.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\chest_closed.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\chest_lock_closed.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\chest_lock_open.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\chest_open.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\chest_reinforced_closed.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\chest_reinforced_open.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\chocolatebar.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\coin1.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\coin1_sparkle_strip32.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\coin2.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\coin2_sparkle_strip32.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\detonator_off.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\detonator_on.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\diamond.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\diamond_sparkle_strip32.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\doors.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\dynamite.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\dynamite_pack.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\exitsign.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\explorer_climb_strip8.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\explorer_down_strip8.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\explorer_jumpleft.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\explorer_jumpright.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\explorer_left_strip8.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\explorer_right_strip8.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\explorer_up_strip8.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\explosion_strip7.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\fire_glow_strip5.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\fire_strip5.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\fireball_down_strip8.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\fireball_left_strip8.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\fireball_right_strip8.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\fireball_up_strip8.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\flask_blue.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\flask_empty.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\flask_green.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\flask_purple.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\flask_red.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\flask_yellow.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\gem_blue.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\gem_blue_sparkle_strip32.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\gem_dark.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\gem_dark_sparkle_strip32.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\gem_green.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\gem_green_sparkle_strip32.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\gem_light.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\gem_light_sparkle_strip32.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\gem_purple.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\gem_purple_sparkle_strip32.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\gem_red.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\gem_red_sparkle_strip32.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\gem_yellow.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\gem_yellow_sparkle_strip32.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\ghost.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\ghost_floating_strip8.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\gold_bar.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\gold_bar_sparkle_strip32.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\gold_nuggets.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\gold_nuggets_sparkle_strip32.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\gun.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\impact_flesh_strip6.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\impact_stone_strip4.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\item_cross.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\item_energy.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\item_life.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\item_nuclear.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\item_skull.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\item_smile.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\item_void.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\key_black.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\key_copper.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\key_gold.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\key_gold_sparkle_strip32.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\key_magic.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\key_silver.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\key_silver_sparkle_strip32.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\lava_strip12.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\lock_black.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\lock_copper.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\lock_gold.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\lock_gold_sparkle_strip32.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\lock_magic.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\lock_silver.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\lock_silver_sparkle_strip32.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\npc_boy.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\npc_darkguy.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\npc_doctor.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\npc_explorergirl.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\npc_girl.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\npc_guy.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\npc_oldman.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\padlock_black.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\padlock_copper.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\padlock_gold.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\padlock_gold_sparkle_strip32.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\padlock_magic.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\padlock_silver.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\padlock_silver_sparkle_strip32.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\pear.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\pineapple.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\platform.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\pointer_down.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\pointer_left.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\pointer_right.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\pointer_up.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\potion_blue.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\potion_dark.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\potion_green.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\potion_light.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\potion_purple.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\potion_red.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\potion_yellow.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\rifle.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\rock.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\scroll_closed_black.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\scroll_closed_blue.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\scroll_closed_green.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\scroll_closed_purple.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\scroll_closed_red.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\scroll_closed_yellow.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\scroll_opened_black.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\scroll_opened_blue.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\scroll_opened_green.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\scroll_opened_purple.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\scroll_opened_red.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\scroll_opened_yellow.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\skeleton.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\skeleton_walking_strip10.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\sparkle_strip32.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\spider_down_strip8.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\spider_left_strip8.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\spider_right_strip8.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\spider_up_strip8.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\spikes_strip52.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\spring.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\spring_strip7.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\statue1.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\statue1_angry.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\statue2.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\strawberry.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\switch_off.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\switch_on.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\sword_advanced.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\sword_simple.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\sword_wooden.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\text_empty.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\text_help.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\wall_block.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\wall_block_cracked1.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\wall_block_cracked2.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\wall_block_cracked3.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\wall_block_cracked4.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\wall_block_small.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\wall_wood_damaged_horizontal.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\wall_wood_damaged_vertical.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\wall_wood_destroyed_horizontal.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\wall_wood_destroyed_vertical.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\wand.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\water_flow_strip24.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\water_strip12.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\waterfall_disappear_strip6.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\waterfall_strip6.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\watersource_rock_strip6.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Maze - Platform\woodblock.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Space\alien_green_strip8.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Space\alien_purple_strip8.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Space\lazer_blue.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Space\lazer_green.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Space\lazer_red.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Space\lazer_yellow.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Space\meteorite_large1.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Space\meteorite_large2.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Space\meteorite_medium1.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Space\meteorite_medium2.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Space\meteorite_small1.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Space\meteorite_small2.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Space\planet1.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Space\planet2.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Space\planet3.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Space\planet3_cloudy.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Space\planet4_cloudy.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Space\rocket.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Space\saturn.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Space\triangle.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Space\ufo_simple.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Tutorial1\apple.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Tutorial1\banana.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Tutorial1\bomb.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Tutorial1\cherry.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Tutorial1\strawberry.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Sprites\Tutorial1\wall.png
c:\users\Sebastian\AppData\Roaming\GameMaker\Trace.log
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\1 - Your First Game\01_actionapple.png
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\1 - Your First Game\01_actionbomb.png
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\1 - Your First Game\01_actionbounce.png
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\1 - Your First Game\01_actioncreate.png
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\1 - Your First Game\01_actionhigh.png
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\1 - Your First Game\01_actionjump.png
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\1 - Your First Game\01_actionloop.png
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\1 - Your First Game\01_actionlose.png
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\1 - Your First Game\01_actionmove.png
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\1 - Your First Game\01_actionscore.png
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\1 - Your First Game\01_actionsound.png
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\1 - Your First Game\01_advanced.png
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\1 - Your First Game\01_backgroundadd.png
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\1 - Your First Game\01_backgroundload.png
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\1 - Your First Game\01_duplicate.png
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\1 - Your First Game\01_eventcollision.png
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\1 - Your First Game\01_eventcreate.png
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\1 - Your First Game\01_game1.png
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\1 - Your First Game\01_gamefinal.png
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\1 - Your First Game\01_information.png
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\1 - Your First Game\01_objectadd.png
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\1 - Your First Game\01_objectapple.png
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\1 - Your First Game\01_objectapple2.png
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\1 - Your First Game\01_objectopen.png
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\1 - Your First Game\01_objectsprite.png
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\1 - Your First Game\01_roomadd.png
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\1 - Your First Game\01_roomback1.png
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\1 - Your First Game\01_roomback2.png
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\1 - Your First Game\01_roomclose.png
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\1 - Your First Game\01_roommusic.png
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\1 - Your First Game\01_roomobject.png
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\1 - Your First Game\01_roomopen.png
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\1 - Your First Game\01_run.png
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\1 - Your First Game\01_soundadd.png
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\1 - Your First Game\01_soundload.png
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\1 - Your First Game\01_spriteadd.png
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\1 - Your First Game\01_spritelist.png
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\1 - Your First Game\01_spriteload.png
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\1 - Your First Game\01_spritename.png
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\1 - Your First Game\arrow.png
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\1 - Your First Game\bar.png
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\1 - Your First Game\page01.html
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\1 - Your First Game\page02.html
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\1 - Your First Game\page03.html
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\1 - Your First Game\page04.html
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\1 - Your First Game\page05.html
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\1 - Your First Game\page06.html
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\1 - Your First Game\page07.html
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\1 - Your First Game\page08.html
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\1 - Your First Game\page09.html
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\1 - Your First Game\page10.html
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\1 - Your First Game\page11.html
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\1 - Your First Game\page12.html
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\1 - Your First Game\page13.html
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\1 - Your First Game\page14.html
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\1 - Your First Game\page15.html
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\1 - Your First Game\style.css
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\2 - Scrolling Shooters\02_ifvariablehasavalue.gif
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\2 - Scrolling Shooters\02_setvalueofavariable.gif
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\2 - Scrolling Shooters\arrow.png
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\2 - Scrolling Shooters\bar.png
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\2 - Scrolling Shooters\bottom.png
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\2 - Scrolling Shooters\bullet.png
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\2 - Scrolling Shooters\controllerdraw.png
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\2 - Scrolling Shooters\controllernohealth.png
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\2 - Scrolling Shooters\drawhealth.png
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\2 - Scrolling Shooters\drawhud.png
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\2 - Scrolling Shooters\drawlives.png
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\2 - Scrolling Shooters\drawscore.png
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\2 - Scrolling Shooters\enemy1bullet.png
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\2 - Scrolling Shooters\enemybulletcreate.png
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\2 - Scrolling Shooters\explosionend.png
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\2 - Scrolling Shooters\island1.png
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\2 - Scrolling Shooters\island2.png
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\2 - Scrolling Shooters\island3.png
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\2 - Scrolling Shooters\jumptoposition.png
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\2 - Scrolling Shooters\movetowards.png
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\2 - Scrolling Shooters\myplane_strip3.png
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\2 - Scrolling Shooters\page01.html
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\2 - Scrolling Shooters\page02.html
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\2 - Scrolling Shooters\page03.html
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\2 - Scrolling Shooters\page04.html
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\2 - Scrolling Shooters\page05.html
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\2 - Scrolling Shooters\page06.html
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\2 - Scrolling Shooters\page07.html
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\2 - Scrolling Shooters\page08.html
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\2 - Scrolling Shooters\page09.html
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\2 - Scrolling Shooters\page10.html
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\2 - Scrolling Shooters\page11.html
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\2 - Scrolling Shooters\page12.html
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\2 - Scrolling Shooters\page13.html
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\2 - Scrolling Shooters\planespaceevent.png
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\2 - Scrolling Shooters\Resources\1945_sprites.bmp
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\2 - Scrolling Shooters\Resources\background.mid
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\2 - Scrolling Shooters\Resources\bottom.png
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\2 - Scrolling Shooters\Resources\bullet.png
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\2 - Scrolling Shooters\Resources\enemy1_strip3.png
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\2 - Scrolling Shooters\Resources\enemy2_strip3.png
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\2 - Scrolling Shooters\Resources\enemy3_strip3.png
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\2 - Scrolling Shooters\Resources\enemy4_strip3.png
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\2 - Scrolling Shooters\Resources\enemybullet1.png
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\2 - Scrolling Shooters\Resources\enemybullet2.png
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\2 - Scrolling Shooters\Resources\explosion1_strip6.png
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\2 - Scrolling Shooters\Resources\explosion2_strip7.png
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\2 - Scrolling Shooters\Resources\Icon.ico
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\2 - Scrolling Shooters\Resources\island1.png
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\2 - Scrolling Shooters\Resources\island2.png
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\2 - Scrolling Shooters\Resources\island3.png
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\2 - Scrolling Shooters\Resources\life.png
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\2 - Scrolling Shooters\Resources\loading.gif
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\2 - Scrolling Shooters\Resources\myplane_strip3.png
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\2 - Scrolling Shooters\Resources\score.png
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\2 - Scrolling Shooters\Resources\snd_explosion1.wav
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\2 - Scrolling Shooters\Resources\snd_explosion2.wav
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\2 - Scrolling Shooters\Resources\water.png
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\2 - Scrolling Shooters\rmmain.png
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\2 - Scrolling Shooters\style.css
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\2 - Scrolling Shooters\t2-p4-1945.png
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\2 - Scrolling Shooters\testvariable.png
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\2 - Scrolling Shooters\timeline.png
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\2 - Scrolling Shooters\timeline2.png
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\2 - Scrolling Shooters\views1.png
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\2 - Scrolling Shooters\views2.png
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\2 - Scrolling Shooters\water.png
c:\users\Sebastian\AppData\Roaming\GameMaker\tutorials\readme.txt
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_X6VA005
-------\Service_X6va005
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-04-13 bis 2011-05-13 ))))))))))))))))))))))))))))))
.
.
2011-05-13 17:36 . 2011-05-13 17:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-13 15:57 . 2011-04-11 08:21 8802128 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E09905F0-52FB-4B89-8F6D-3D62425A339A}\mpengine.dll
2011-05-12 19:48 . 2011-04-09 06:45 5509504 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-12 19:48 . 2011-04-09 06:13 3957632 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-05-12 19:48 . 2011-04-09 06:13 3901824 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-05-12 18:04 . 2011-05-12 18:04 -------- d-----w- C:\_OTL
2011-05-11 17:34 . 2011-05-11 17:34 -------- d-----w- c:\users\Sebastian\AppData\Roaming\Malwarebytes
2011-05-11 17:34 . 2010-12-20 16:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-11 17:34 . 2011-05-11 17:34 -------- d-----w- c:\programdata\Malwarebytes
2011-05-11 17:34 . 2011-05-11 17:34 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-05-11 17:34 . 2010-12-20 16:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-10 13:47 . 2011-05-11 16:36 -------- d-----w- c:\program files (x86)\uTorrent
2011-05-10 13:46 . 2011-05-12 04:56 -------- d-----w- c:\users\Sebastian\AppData\Roaming\uTorrent
2011-05-09 15:43 . 2011-05-09 15:43 -------- d-----w- C:\GAMIGO
2011-05-08 17:22 . 2011-05-08 17:24 -------- d-----w- c:\users\Sebastian\AppData\Roaming\Mount&Blade With Fire and Sword
2011-05-06 12:35 . 2011-05-06 12:35 88 --sh--r- c:\programdata\BE58BC58DD.sys
2011-05-06 12:35 . 2011-05-06 12:35 848 --sha-w- c:\programdata\KGyGaAvL.sys
2011-05-06 12:34 . 2011-05-06 12:34 -------- d-----w- c:\program files (x86)\Common Files\Enterbrain
2011-05-06 12:33 . 2011-05-06 12:33 -------- d-----w- c:\program files (x86)\Enterbrain
2011-04-28 13:02 . 2011-05-06 12:51 -------- d-----w- c:\users\Sebastian\AppData\Roaming\.minecraft
2011-04-27 12:25 . 2011-04-27 12:27 -------- d-----w- c:\users\Sebastian\AppData\Roaming\Minecraft
2011-04-27 12:24 . 2011-05-11 16:36 -------- d-----w- c:\users\Sebastian\AppData\Roaming\bin
2011-04-27 12:24 . 2011-02-24 14:25 -------- d-----w- c:\users\Sebastian\AppData\Roaming\texturepacks
2011-04-27 12:24 . 2011-02-24 14:25 -------- d-----w- c:\users\Sebastian\AppData\Roaming\saves
2011-04-27 12:24 . 2011-02-24 14:26 -------- d-----w- c:\users\Sebastian\AppData\Roaming\resources
2011-04-27 11:23 . 2011-02-26 06:23 2870272 ----a-w- c:\windows\explorer.exe
2011-04-27 11:23 . 2011-02-26 05:33 2614784 ----a-w- c:\windows\SysWow64\explorer.exe
2011-04-27 11:23 . 2011-03-12 12:03 662528 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-27 11:23 . 2011-03-12 11:31 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2011-04-23 16:30 . 2011-05-11 16:36 -------- d-----w- c:\users\Sebastian\AppData\Roaming\Teeworlds
2011-04-17 20:35 . 2011-04-17 20:53 -------- d-----w- c:\users\Sebastian\AppData\Roaming\ChessBase
2011-04-17 20:34 . 2011-05-11 16:36 -------- d-----w- c:\users\Sebastian\AppData\Local\Fritz und Fertig
2011-04-17 20:34 . 2011-05-11 16:36 -------- d-----w- c:\users\Sebastian\AppData\Local\ChessBase
2011-04-17 20:34 . 2011-04-17 20:34 -------- d-----w- c:\program files (x86)\ChessBase
2011-04-16 07:48 . 2011-03-30 17:45 25920 ----a-w- c:\windows\system32\authuitu.dll
2011-04-16 07:48 . 2011-03-30 17:45 21312 ----a-w- c:\windows\SysWow64\authuitu.dll
2011-04-16 07:48 . 2011-03-30 17:45 36160 ----a-w- c:\windows\system32\uxtuneup.dll
2011-04-16 07:48 . 2011-03-30 17:45 29504 ----a-w- c:\windows\SysWow64\uxtuneup.dll
2011-04-15 12:02 . 2011-04-15 12:02 -------- d-----w- c:\program files (x86)\GameSpy Arcade
2011-04-15 12:02 . 2011-04-15 12:02 26624 ----a-r- c:\users\Sebastian\AppData\Roaming\Microsoft\Installer\{6910C412-A523-493C-BC22-0213CD7F4F3A}\Icon6910C412.exe
2011-04-14 01:39 . 2011-04-14 01:39 103864 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2011-04-14 01:39 . 2011-04-14 01:39 103864 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-26 10:34 . 2010-10-06 13:25 234768 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-04-26 10:34 . 2010-02-22 19:08 234768 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-04-09 16:55 . 2011-04-09 16:55 15453336 ----a-w- c:\windows\SysWow64\xlive.dll
2011-04-09 16:55 . 2011-04-09 16:55 13642904 ----a-w- c:\windows\SysWow64\xlivefnt.dll
2011-03-30 17:50 . 2011-04-06 12:48 34624 ----a-w- c:\windows\system32\TURegOpt.exe
2011-03-29 07:30 . 2011-03-29 07:30 86016 ----a-w- c:\windows\SysWow64\frapsvid.dll
2011-03-29 07:30 . 2011-03-29 07:30 84992 ----a-w- c:\windows\system32\frapsv64.dll
2011-03-18 12:20 . 2009-08-18 11:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2011-03-18 12:20 . 2009-08-18 10:24 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-13 09:08 . 2011-03-13 09:08 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2011-03-11 06:19 . 2011-04-13 05:04 1395712 ----a-w- c:\windows\system32\mfc42.dll
2011-03-11 06:19 . 2011-04-13 05:04 1359872 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-11 05:40 . 2011-04-13 05:04 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll
2011-03-11 05:40 . 2011-04-13 05:04 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll
2011-03-08 06:14 . 2011-04-13 05:03 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-08 05:38 . 2011-04-13 05:03 740864 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-03-07 02:08 . 2011-03-07 02:08 93552 ----a-w- c:\windows\SysWow64\ElbyCDIO.dll
2011-03-07 00:52 . 2011-03-07 00:52 134512 ----a-w- c:\windows\SysWow64\ElbyVCD.dll
2011-03-04 06:17 . 2011-04-27 11:22 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:17 . 2011-04-27 11:22 347648 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2011-03-03 06:17 . 2011-04-13 05:03 182272 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-03-03 06:14 . 2011-04-13 05:03 30208 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-03-03 05:27 . 2011-04-13 05:03 28672 ----a-w- c:\windows\SysWow64\dnscacheugc.exe
2011-03-03 03:58 . 2011-04-13 05:04 3133440 ----a-w- c:\windows\system32\win32k.sys
2011-02-26 01:23 . 2011-02-26 01:23 41872 ----a-w- c:\windows\SysWow64\xfcodec.dll
2011-02-26 01:23 . 2011-02-26 01:23 27536 ----a-w- c:\windows\system32\xfcodec64.dll
2011-02-24 06:30 . 2011-04-13 05:04 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-24 06:29 . 2011-04-13 05:04 1197056 ----a-w- c:\windows\system32\wininet.dll
2011-02-24 06:24 . 2011-04-13 05:04 57856 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-24 05:32 . 2011-04-13 05:04 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2011-02-24 05:32 . 2011-04-13 05:04 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2011-02-24 05:30 . 2011-04-13 05:04 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-02-24 05:05 . 2011-04-13 05:04 482816 ----a-w- c:\windows\system32\html.iec
2011-02-24 04:24 . 2011-04-13 05:04 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-02-24 04:23 . 2011-04-13 05:04 386048 ----a-w- c:\windows\SysWow64\html.iec
2011-02-24 03:50 . 2011-04-13 05:04 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-02-23 05:16 . 2011-04-13 05:04 461312 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-23 05:16 . 2011-04-13 05:04 401920 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-02-23 05:15 . 2011-04-13 05:04 161792 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-02-23 05:15 . 2011-04-13 05:03 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-23 05:15 . 2011-04-13 05:03 286720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-02-23 05:15 . 2011-04-13 05:03 126464 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-02-23 05:15 . 2011-04-13 05:03 90624 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-02-19 06:37 . 2011-03-09 08:33 1135104 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 06:37 . 2011-03-09 08:33 1540608 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 06:36 . 2011-03-09 08:33 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-02-19 06:36 . 2011-04-13 05:04 46080 ----a-w- c:\windows\system32\atmlib.dll
2011-02-19 05:32 . 2011-03-09 08:33 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-02-19 05:32 . 2011-03-09 08:33 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-02-19 05:32 . 2011-04-13 05:04 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2011-02-19 04:13 . 2011-04-13 05:04 367104 ----a-w- c:\windows\system32\atmfd.dll
2011-02-19 03:37 . 2011-04-13 05:04 294912 ----a-w- c:\windows\SysWow64\atmfd.dll
2011-02-18 06:37 . 2011-04-13 05:04 612352 ----a-w- c:\windows\system32\vbscript.dll
2011-02-18 05:36 . 2011-04-13 05:04 428032 ----a-w- c:\windows\SysWow64\vbscript.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-05-13_16.17.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-06 11:08 . 2011-05-13 17:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-02-06 11:08 . 2011-05-13 16:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-02-06 11:08 . 2011-05-13 16:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-02-06 11:08 . 2011-05-13 17:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-05-13 17:37 . 2011-05-13 17:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-05-13 11:06 . 2011-05-13 11:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-05-13 17:37 . 2011-05-13 17:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-05-13 11:06 . 2011-05-13 11:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2011-05-13 06:43 366824 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-05-13 17:36 366824 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-03-17 19:01 . 2011-05-13 17:36 2932832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2300125515-776338666-2675739939-1000-8192.dat
- 2010-03-17 19:01 . 2011-05-13 06:43 2932832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2300125515-776338666-2675739939-1000-8192.dat
+ 2009-07-14 02:34 . 2011-05-13 16:58 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2011-05-13 16:07 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:41 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2009-07-14 44544]
"Free Download Manager"="c:\program files (x86)\Free Download Manager\fdm.exe" [2010-04-28 3727411]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-08-12 261888]
"Hotkey Utility"="c:\program files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe" [2009-08-18 629280]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-11-26 281768]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"FreePDF Assistant"="c:\program files (x86)\FreePDF_XP\fpassist.exe" [2010-06-17 370176]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-06 135664]
R3 dump_wmimmc;dump_wmimmc;c:\ijji\ENGLISH\u_sf\GameGuard\dump_wmimmc.sys [x]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-06 135664]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-09-10 305448]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-03-28 2111368]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-08-12 62208]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-07 2228008]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2011-03-30 2026304]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S3 netr28ux;RT2870-USB-Drahtlos-LAN-Kartentreiber für Vista;c:\windows\system32\DRIVERS\netr28ux.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2011-02-10 11856]
.
.
Inhalt des "geplante Tasks" Ordners
.
2011-02-20 c:\windows\Tasks\File Helper.job
- c:\program files (x86)\File Helper\File Helper.lnk [2010-09-08 01:34]
.
2011-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-06 14:49]
.
2011-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-06 14:49]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:44 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\cofi\CF26561.cfxxe" [X]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.babylon.com/home?AF=55555
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m5810&r=17360210qn06973154ll5qh9539351
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Alles mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dlall.htm
IE: Auswahl mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dlselected.htm
IE: Datei mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: Videos mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dlfvideo.htm
IE: Webseite mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dlpage.htm
FF - ProfilePath - c:\users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\ytvnc77m.default\
FF - prefs.js: browser.startup.homepage - hxxp://search.imesh.com/
FF - prefs.js: keyword.URL - hxxp://search.imesh.com/web?src=ffb&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: CoreXPlayer: corexplayer@l39studios.de - %profile%\extensions\corexplayer@l39studios.de
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Battlefield Play4Free: battlefieldplay4free@ea.com - %profile%\extensions\battlefieldplay4free@ea.com
FF - Ext: Battlefield Heroes Updater: battlefieldheroespatcher@ea.com - %profile%\extensions\battlefieldheroespatcher@ea.com
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-GameMaker81 - c:\program files (x86)\Game Maker 8.1\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2300125515-776338666-2675739939-1000\Software\SecuROM\License information*]
"datasecu"=hex:9d,4d,fb,f5,ae,08,4f,2d,07,b3,76,54,9f,cc,6b,58,67,cc,e1,2b,f5,
b3,75,5a,6d,6b,ac,d6,c4,73,a0,b3,61,3b,72,00,76,c3,33,4d,ea,a3,16,78,b3,90,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\SysWOW64\brsvc01a.exe
c:\windows\SysWOW64\brss01a.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Brother\Brmfcmon\BrMfcmon.exe
c:\windows\SysWOW64\DllHost.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-05-13 19:43:33 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-05-13 17:43
ComboFix2.txt 2011-05-13 16:19
.
Vor Suchlauf: 25 Verzeichnis(se), 147.417.853.952 Bytes frei
Nach Suchlauf: 27 Verzeichnis(se), 146.921.156.608 Bytes frei
.
- - End Of File - - 04DEB0C213666FE15201DE09FC09531E
|
|
13.05.2011, 19:57
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows system alert - Desktop schwarz - explorer und Startmenue fast leer Bitte nun Logs mit GMER und mbrcheck erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg Anleitung zu mbrcheck: Downloade Dir MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Windows system alert - Desktop schwarz - explorer und Startmenue fast leer |
| alert, dateien, defekt, desktop, diverse, eigene dateien, explorer, fehlermeldungen, festplatte, guten, hoffe, leer, malwarebytes, menue, morgen, platte, programme, scans, schwarz, startmenü, system, system alert, verknüpfungen, wenige, windows, windows system |
Textbox.
.
Linear-Darstellung
