Trojaner-Board
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Bei Eingaben in Text- oder Browserfelder füllen diese sich zuerst mit 6en! (https://www.trojaner-board.de/107614-eingaben-text-browserfelder-fuellen-diese-zuerst-6en.html)

cosinus 08.01.2012 21:22
Nee kann es immer noch nicht öffnen :(
Kannst du die OTL.txt von dir mit einem Editor öffnen?
Notfalls mal alles von dieser Datei kopieren, bei nopaste.info - free nopaste script and service einfügen und hier verlinken

Yzerman99 08.01.2012 21:55
Auch in dem Programm was Du mir vorgeschlagen hast krieg ich den Text nicht rein. ist zu gross.. Ich selbst sehe das Logfile ganz normal auch wenn ich es hier im Board öffne.
Kopiere es jetzt hier in zwei hier Teilen rein:

Teil 1:
OTL logfile created on: 08.01.2012 02:41:53 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Yzerman\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,87 Gb Total Physical Memory | 1,96 Gb Available Physical Memory | 50,79% Memory free
7,73 Gb Paging File | 5,73 Gb Available in Paging File | 74,07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1182,61 Gb Total Space | 1089,86 Gb Free Space | 92,16% Space Free | Partition Type: NTFS
Drive J: | 931,51 Gb Total Space | 562,34 Gb Free Space | 60,37% Space Free | Partition Type: NTFS

Computer Name: YZERMAN-PC | User Name: Yzerman | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.01.05 16:27:50 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Yzerman\Desktop\OTL.exe
PRC - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.04.09 09:12:08 | 003,520,000 | ---- | M] (sw4you, Siegfried Weckmann) -- C:\Program Files (x86)\Hardcopy\hardcopy.exe
PRC - [2011.03.18 08:11:51 | 000,031,744 | ---- | M] () -- C:\Program Files (x86)\Hardcopy\hcdll2_ex_Win32.exe
PRC - [2010.05.07 17:47:32 | 000,114,008 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe
PRC - [2009.10.02 13:26:12 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009.06.09 10:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Programme\Dell\DellDock\DockLogin.exe
PRC - [2009.03.20 01:03:00 | 001,904,640 | R--- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
PRC - [2009.03.20 01:03:00 | 000,368,640 | R--- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
PRC - [2008.05.02 03:00:00 | 000,077,824 | ---- | M] () -- C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe


========== Modules (No Company Name) ==========

MOD - [2011.04.09 09:11:53 | 002,920,960 | ---- | M] () -- C:\Program Files (x86)\Hardcopy\HcDllS.dll
MOD - [2011.03.18 08:11:51 | 000,031,744 | ---- | M] () -- C:\Program Files (x86)\Hardcopy\hcdll2_ex_Win32.exe
MOD - [2010.09.30 09:14:19 | 000,055,296 | ---- | M] () -- C:\Program Files (x86)\Hardcopy\hardcopy_03.dll
MOD - [2010.04.21 10:00:35 | 000,058,368 | ---- | M] () -- C:\Program Files (x86)\Hardcopy\HcDLL2_30_Win32.dll
MOD - [2008.05.02 03:00:00 | 000,077,824 | ---- | M] () -- C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011.12.21 11:16:18 | 000,075,384 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe -- (SafeBox)
SRV:64bit: - [2011.12.19 20:24:38 | 001,950,448 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe -- (VSSERV)
SRV:64bit: - [2011.12.13 09:29:20 | 000,036,160 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2011.11.17 15:42:12 | 000,062,512 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe -- (UPDATESRV)
SRV:64bit: - [2011.08.12 00:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2010.05.07 17:45:16 | 000,197,976 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV:64bit: - [2009.09.19 07:17:42 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011.12.13 09:34:52 | 002,028,864 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011.12.13 09:29:16 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2011.10.14 22:57:26 | 000,466,736 | ---- | M] (BitDefender) [On_Demand | Stopped] -- C:\Programme\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe -- (Update Server)
SRV - [2011.08.18 16:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Disabled | Stopped] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010.10.22 12:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.09 09:57:19 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009.10.02 13:26:12 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2009.06.26 11:19:12 | 001,124,848 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.09 10:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Programme\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2009.05.21 08:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2009.03.20 01:03:00 | 000,368,640 | R--- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe -- (AVM WLAN Connection Service)
SRV - [2008.10.21 14:50:00 | 000,548,864 | ---- | M] (Magix AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService)
SRV - [2008.05.02 01:49:54 | 000,160,272 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011.11.28 17:33:46 | 000,543,528 | ---- | M] (BitDefender) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\avckf.sys -- (avckf)
DRV:64bit: - [2011.11.25 14:00:36 | 000,258,736 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avchv.sys -- (avchv)
DRV:64bit: - [2011.11.25 13:57:34 | 000,685,192 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avc3.sys -- (avc3)
DRV:64bit: - [2011.10.27 14:07:05 | 000,329,800 | ---- | M] (BitDefender S.R.L.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\trufos.sys -- (trufos)
DRV:64bit: - [2011.09.29 15:09:50 | 000,079,952 | ---- | M] (BitDefender SRL) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bdsandbox.sys -- (bdsandbox)
DRV:64bit: - [2011.07.26 18:49:12 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2011.05.10 07:06:14 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011.05.10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.03.24 14:36:22 | 000,431,176 | ---- | M] (BitDefender) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.05.14 21:02:14 | 006,465,760 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech Webcam 500(UVC)
DRV:64bit: - [2010.05.14 21:00:52 | 000,329,952 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2010.05.07 17:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2010.05.07 17:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2010.01.19 18:32:40 | 000,103,944 | ---- | M] (BitDefender) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bdvedisk.sys -- (BDVEDISK)
DRV:64bit: - [2009.10.02 21:58:58 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.09.26 16:42:58 | 000,233,984 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2009.09.19 09:32:38 | 006,170,624 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.09.17 21:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009.08.23 19:02:30 | 000,120,336 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.08.06 13:43:58 | 000,320,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.09 11:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GearAspiWDM)
DRV:64bit: - [2009.03.20 01:03:00 | 000,460,800 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fwlanusb.sys -- (FWLANUSB)
DRV:64bit: - [2009.03.20 01:03:00 | 000,014,120 | R--- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject)
DRV:64bit: - [2008.02.29 02:16:52 | 000,057,360 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2008.02.29 02:16:44 | 000,054,800 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2006.11.01 12:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2011.11.14 19:16:42 | 000,090,192 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- c:\Programme\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys -- (BdfNdisf)
DRV - [2011.11.14 19:16:38 | 000,103,504 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Programme\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys -- (bdfwfpf)
DRV - [2011.07.22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV - [2011.07.12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV - [2010.10.07 13:34:32 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.06.26 10:27:28 | 000,065,520 | ---- | M] (Sonic Solutions) [File_System | System | Stopped] -- C:\Windows\SysWOW64\drivers\RxFilter.sys -- (RxFilter)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.msn.com/?ocid=ie9hp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.ksta.de/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.ksta.de/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.msn.com/?ocid=ie9hp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1B 45 34 05 88 C4 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "www.ksta.de"
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170633FE}:22.1.11061.544
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7280
FF - prefs.js..keyword.URL: "hxxp://search.hotspotshield.com/g/results.php?c=s&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2012\BDTBEXT\ [2012.01.06 14:24:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011.06.06 09:01:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.08.27 17:18:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2011.12.06 16:04:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\Bitdefender\Bitdefender 2012\bdtbext\ [2012.01.06 14:24:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.08.27 17:18:44 | 000,000,000 | ---D | M]

[2010.04.20 18:44:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Yzerman\AppData\Roaming\mozilla\Extensions
[2012.01.05 00:14:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Yzerman\AppData\Roaming\mozilla\Firefox\Profiles\cyev6dyl.default\extensions
[2011.12.27 12:29:08 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Users\Yzerman\AppData\Roaming\mozilla\Firefox\Profiles\cyev6dyl.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2012.01.05 00:25:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.08.16 06:24:07 | 000,000,000 | ---D | M] (G Data BankGuard) -- C:\Program Files (x86)\mozilla firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad}
[2011.04.04 10:20:44 | 000,000,000 | ---D | M] (G Data WebFilter) -- C:\Program Files (x86)\mozilla firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}
[2011.12.06 16:04:12 | 000,000,000 | ---D | M] (Freemake Video Converter Plugin) -- C:\PROGRAM FILES (X86)\FREEMAKE\FREEMAKE VIDEO CONVERTER\BROWSERPLUGIN\FIREFOX
() (No name found) -- C:\USERS\YZERMAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CYEV6DYL.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFiel dTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\Yzerman\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Yzerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\
CHR - Extension: Google-Suche = C:\Users\Yzerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Freemake Video Converter = C:\Users\Yzerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\
CHR - Extension: Ti\u00EBsto = C:\Users\Yzerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnmeobddjkkgkglnogihcaejaleikhdh\2_0\
CHR - Extension: Google Mail = C:\Users\Yzerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\

O1 HOSTS File: ([2011.12.07 10:48:17 | 000,438,845 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15092 more lines...
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Message Faces for Internet Explorer) - {E3758FC2-BB95-4B86-84BF-D91F4748EC76} - C:\Program Files (x86)\Message Faces for Internet Explorer\x64\messagefaces-ie.dll ()
O2:64bit: - BHO: (no name) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No CLSID value found.
O2 - BHO: (Message Faces for Internet Explorer) - {E3758FC2-BB95-4B86-84BF-D91F4748EC75} - C:\Program Files (x86)\Message Faces for Internet Explorer\x86\messagefaces-ie.dll ()
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [BDAgent] C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe (Bitdefender)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)
O4 - HKLM..\RunOnceEx: [ContentMerger] c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe (Sonic Solutions)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {5BF3E4A3-7E64-4D53-B512-2E242E837D24} https://einfach.otto.de/ottoproj/ottomce//bin/activex/MCEControls.cab (CMCEInputCtl Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4626455E-71B5-4184-8F41-FA95AFDA748F}: DhcpNameServer = 10.111.81.129 10.129.32.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{81D53781-5B81-464E-AC4A-CC6804D091AC}: DhcpNameServer = 192.168.2.1 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.12.01 10:01:38 | 000,000,000 | RH-D | M] - J:\autorun -- [ NTFS ]
O33 - MountPoints2\{23f2218d-4f73-11df-86eb-001f3f0c9821}\Shell - "" = AutoRun
O33 - MountPoints2\{23f2218d-4f73-11df-86eb-001f3f0c9821}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\{7b6d5763-efe6-11df-8c80-001f3f0c9821}\Shell - "" = AutoRun
O33 - MountPoints2\{7b6d5763-efe6-11df-8c80-001f3f0c9821}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{abfe58e4-3f15-11df-87d5-002564f4a491}\Shell - "" = AutoRun
O33 - MountPoints2\{abfe58e4-3f15-11df-87d5-002564f4a491}\Shell\AutoRun\command - "" = I:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk /r \??\J:)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)


SafeBootMin:64bit: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: mcmscsvc - Service
SafeBootMin:64bit: MCODS - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: mcmscsvc - Service
SafeBootMin: MCODS - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: mcmscsvc - Service
SafeBootNet:64bit: MCODS - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: MpfService - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: mcmscsvc - Service
SafeBootNet: MCODS - Service
SafeBootNet: Messenger - Service
SafeBootNet: MpfService - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {0B74300D-9D18-4656-9F79-BBF0891365AF} - Bing Bar
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4CBF8339-9F09-4213-846D-8E1C2B921451} - Desktop Icon
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9038A68F-9554-44B1-A5BA-6F60DA15E7C5} - Bing Bar
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {B8BA4AC9-AF8D-4C81-9960-6CDBC3F97CEB} - Message Faces
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{40194995-2263-49FA-93D2-0A11E13FA518} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {741B27D4-2120-D63C-DF0B-F15F4BE602DF} - Java (Sun)
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {9813E6A2-F778-E37E-9BF7-24FF812E5454} - .NET Framework
ActiveX: {B314BA4C-167D-3526-0E27-91846724DD54} - .NET Framework
ActiveX: {B6881912-2921-8A6C-0386-7215A10A022D} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: vidc.i420 - lvcod64.dll (Logitech Inc.)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\SysWow64\lvcodec2.dll (Logitech Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012.01.07 18:02:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.01.06 14:24:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2012
[2012.01.06 14:23:13 | 000,431,176 | ---- | C] (BitDefender) -- C:\Windows\SysNative\drivers\bdfsfltr.sys
[2012.01.06 14:23:13 | 000,329,800 | ---- | C] (BitDefender S.R.L.) -- C:\Windows\SysNative\drivers\trufos.sys
[2012.01.06 08:38:02 | 000,000,000 | ---D | C] -- C:\Users\Yzerman\AppData\Roaming\SUPERAntiSpyware.com
[2012.01.06 08:37:32 | 000,000,000 | ---D | C] -- C:\Users\Yzerman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012.01.06 08:37:31 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012.01.06 08:37:31 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012.01.05 22:36:20 | 000,000,000 | ---D | C] -- C:\ProgramData\BDLogging
[2012.01.05 20:07:41 | 000,000,000 | ---D | C] -- C:\Users\Yzerman\AppData\Roaming\Malwarebytes
[2012.01.05 20:07:32 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.01.05 20:07:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.01.05 20:07:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.01.05 20:07:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.01.05 16:27:50 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Yzerman\Desktop\OTL.exe
[2012.01.05 14:36:43 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.01.05 01:05:42 | 000,000,000 | ---D | C] -- C:\Users\Yzerman\AppData\Local\s.menze
[2012.01.05 01:05:41 | 000,000,000 | ---D | C] -- C:\Users\Yzerman\AppData\Local\SafeBox
[2012.01.04 19:33:11 | 000,000,000 | ---D | C] -- C:\Users\Yzerman\AppData\Roaming\Bitdefender
[2012.01.04 19:33:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Bitdefender
[2012.01.04 19:29:40 | 000,000,000 | ---D | C] -- C:\Program Files\Bitdefender
[2012.01.04 19:28:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender
[2012.01.04 19:28:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Bitdefender
[2012.01.03 18:44:47 | 000,000,000 | ---D | C] -- C:\Users\Yzerman\AppData\Local\{80AD6CAD-6476-480F-BA3E-919959A9AD32}
[2012.01.03 18:44:16 | 000,000,000 | ---D | C] -- C:\Users\Yzerman\AppData\Local\{37F26350-6F9E-4EF7-A366-016AE7366380}
[2012.01.03 18:41:13 | 000,000,000 | ---D | C] -- C:\Users\Yzerman\AppData\Local\{4F7D3A77-431B-4392-BF04-6E56576AF114}
[2011.12.29 19:46:47 | 000,000,000 | ---D | C] -- C:\ProgramData\clp
[2011.12.29 19:46:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Common Toolkit Suite
[2011.12.28 14:02:14 | 000,200,976 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysWow64\drivers\tmcomm.sys
[2011.12.27 12:30:17 | 000,000,000 | ---D | C] -- C:\Users\Yzerman\AppData\Roaming\QuickScan
[2011.12.27 12:06:01 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2011.12.18 01:11:22 | 000,000,000 | ---D | C] -- C:\Users\Yzerman\AppData\Roaming\ZoomBrowser EX
[2011.12.18 00:28:56 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Canon MyCameraFiles
[2011.12.18 00:28:43 | 000,000,000 | ---D | C] -- C:\ProgramData\ZoomBrowser
[2011.12.18 00:28:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
[2011.12.18 00:28:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canon
[2011.12.18 00:27:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Canon
[2011.12.17 20:11:34 | 000,000,000 | ---D | C] -- C:\Users\Yzerman\Documents\Canon Powershot Bedienungsanleitung
[2011.12.15 01:29:04 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2010.04.03 13:14:22 | 008,656,832 | ---- | C] (Dell, Inc. ) -- C:\Users\Yzerman\AppData\Roaming\DataSafeDotNet.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Users\Yzerman\*.tmp files -> C:\Users\Yzerman\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.01.08 01:19:59 | 000,001,023 | ---- | M] () -- C:\Users\Yzerman\Desktop\SafeBox Folder.lnk
[2012.01.07 17:26:35 | 000,004,704 | ---- | M] () -- C:\Users\Yzerman\Desktop\mbam-log-2012-01-06 (18-09-54).zip
[2012.01.07 16:39:27 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.07 16:39:27 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.07 16:39:19 | 001,508,502 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.01.07 16:39:19 | 000,657,944 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.01.07 16:39:19 | 000,619,220 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.01.07 16:39:19 | 000,131,316 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.01.07 16:39:19 | 000,107,540 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.01.07 16:32:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.07 16:32:10 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2012.01.06 14:25:38 | 000,199,827 | ---- | M] () -- C:\ProgramData\1325856142.bdinstall.bin
[2012.01.06 14:25:10 | 000,000,270 | -H-- | M] () -- C:\bdr-conf
[2012.01.06 14:24:56 | 000,002,092 | ---- | M] () -- C:\Users\Public\Desktop\Bitdefender Total Security 2012.lnk
[2012.01.06 08:37:32 | 000,001,810 | ---- | M] () -- C:\Users\Yzerman\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.01.05 20:07:32 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.01.05 16:55:13 | 000,040,246 | ---- | M] () -- C:\Users\Yzerman\Desktop\Logfiles.zip
[2012.01.05 16:32:15 | 000,000,000 | ---- | M] () -- C:\Users\Yzerman\defogger_reenable
[2012.01.05 16:27:50 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Yzerman\Desktop\OTL.exe
[2012.01.05 16:27:23 | 000,050,477 | ---- | M] () -- C:\Users\Yzerman\Desktop\Defogger.exe
[2012.01.05 13:00:28 | 000,000,385 | ---- | M] () -- C:\Windows\SysNative\user_gensett.xml
[2012.01.04 19:34:23 | 000,247,636 | ---- | M] () -- C:\ProgramData\1325701732.bdinstall.bin
[2012.01.04 19:33:17 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_avchv_01009.Wdf
[2012.01.04 11:26:18 | 000,512,192 | ---- | M] () -- C:\Windows\SysWow64\sig.bin
[2012.01.04 11:26:18 | 000,035,585 | ---- | M] () -- C:\Windows\SysWow64\nmp.map
[2012.01.02 23:33:50 | 000,000,115 | ---- | M] () -- C:\Users\Yzerman\Desktop\MSN.de.url
[2011.12.28 14:07:01 | 000,182,182 | ---- | M] () -- C:\Users\Yzerman\AppData\Local\census.cache
[2011.12.28 14:06:58 | 000,152,134 | ---- | M] () -- C:\Users\Yzerman\AppData\Local\ars.cache
[2011.12.28 14:01:32 | 000,000,036 | ---- | M] () -- C:\Users\Yzerman\AppData\Local\housecall.guid.cache
[2011.12.18 00:28:43 | 000,001,298 | ---- | M] () -- C:\Users\Public\Desktop\ZoomBrowser EX.lnk
[2011.12.17 20:16:55 | 000,003,672 | ---- | M] () -- C:\Users\Yzerman\Desktop\Powershot Handbuch.lnk
[2011.12.15 09:24:08 | 000,434,816 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.12.13 09:35:46 | 000,034,624 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2011.12.13 09:29:26 | 000,025,920 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2011.12.13 09:29:24 | 000,021,312 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2011.12.13 09:29:20 | 000,036,160 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll
[2011.12.13 09:29:16 | 000,029,504 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll
[2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Users\Yzerman\*.tmp files -> C:\Users\Yzerman\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.01.07 17:26:35 | 000,004,704 | ---- | C] () -- C:\Users\Yzerman\Desktop\mbam-log-2012-01-06 (18-09-54).zip
[2012.01.06 14:25:38 | 000,199,827 | ---- | C] () -- C:\ProgramData\1325856142.bdinstall.bin
[2012.01.06 14:25:10 | 000,000,270 | -H-- | C] () -- C:\bdr-conf
[2012.01.06 14:25:09 | 036,942,680 | -H-- | C] () -- C:\bdrescue.gz
[2012.01.06 14:25:09 | 002,510,608 | -H-- | C] () -- C:\bdrescue.vm
[2012.01.06 14:25:09 | 000,217,769 | -H-- | C] () -- C:\bdrescue
[2012.01.06 14:25:09 | 000,009,216 | -H-- | C] () -- C:\bdrescue.mbr
[2012.01.06 14:24:56 | 000,002,092 | ---- | C] () -- C:\Users\Public\Desktop\Bitdefender Total Security 2012.lnk
[2012.01.06 08:37:32 | 000,001,810 | ---- | C] () -- C:\Users\Yzerman\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.01.05 20:07:32 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.01.05 16:55:13 | 000,040,246 | ---- | C] () -- C:\Users\Yzerman\Desktop\Logfiles.zip
[2012.01.05 16:32:15 | 000,000,000 | ---- | C] () -- C:\Users\Yzerman\defogger_reenable
[2012.01.05 16:27:23 | 000,050,477 | ---- | C] () -- C:\Users\Yzerman\Desktop\Defogger.exe
[2012.01.05 13:00:28 | 000,000,385 | ---- | C] () -- C:\Windows\SysNative\user_gensett.xml
[2012.01.05 01:05:42 | 000,001,023 | ---- | C] () -- C:\Users\Yzerman\Desktop\SafeBox Folder.lnk
[2012.01.04 19:34:23 | 000,247,636 | ---- | C] () -- C:\ProgramData\1325701732.bdinstall.bin
[2012.01.04 19:33:17 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_avchv_01009.Wdf
[2012.01.02 23:33:50 | 000,000,115 | ---- | C] () -- C:\Users\Yzerman\Desktop\MSN.de.url
[2011.12.28 14:07:01 | 000,182,182 | ---- | C] () -- C:\Users\Yzerman\AppData\Local\census.cache
[2011.12.28 14:06:58 | 000,152,134 | ---- | C] () -- C:\Users\Yzerman\AppData\Local\ars.cache
[2011.12.28 14:01:32 | 000,000,036 | ---- | C] () -- C:\Users\Yzerman\AppData\Local\housecall.guid.cache
[2011.12.18 00:28:43 | 000,001,298 | ---- | C] () -- C:\Users\Public\Desktop\ZoomBrowser EX.lnk
[2011.12.17 20:16:55 | 000,003,672 | ---- | C] () -- C:\Users\Yzerman\Desktop\Powershot Handbuch.lnk
[2011.09.05 12:24:56 | 000,001,097 | ---- | C] () -- C:\Windows\wiso.ini
[2011.08.27 17:41:31 | 000,251,124 | ---- | C] () -- C:\Windows\hpwins14.dat.temp
[2011.08.27 17:22:08 | 000,000,411 | ---- | C] () -- C:\Windows\hpwmdl14.dat.temp
[2011.08.27 17:14:30 | 000,250,436 | ---- | C] () -- C:\Windows\hpwins14.dat
[2011.08.27 17:14:30 | 000,000,411 | ---- | C] () -- C:\Windows\hpwmdl14.dat
[2011.08.12 08:11:02 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.05.06 07:51:15 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.04.19 17:41:31 | 000,000,000 | ---- | C] () -- C:\Users\Yzerman\AppData\Local\rx_image32.Cache
[2011.04.19 17:41:29 | 000,002,120 | ---- | C] () -- C:\Users\Yzerman\AppData\Local\rx_audio.Cache
[2011.04.06 14:19:33 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2011.04.05 18:32:29 | 000,016,183 | ---- | C] () -- C:\Windows\SysWow64\SELF32.INI
[2011.04.05 14:56:37 | 000,000,000 | ---- | C] () -- C:\Windows\buhl.ini
[2011.04.05 14:55:53 | 000,182,264 | ---- | C] () -- C:\Windows\SysWow64\BpShellEx.dll
[2011.04.04 10:28:30 | 000,512,192 | ---- | C] () -- C:\Windows\SysWow64\sig.bin
[2010.06.28 19:34:37 | 000,000,000 | ---- | C] () -- C:\Users\Yzerman\AppData\Roaming\wklnhst.dat
[2010.05.14 20:56:06 | 010,830,680 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2010.05.14 20:56:06 | 000,102,744 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2010.05.14 20:55:58 | 000,290,648 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2010.04.03 15:30:05 | 000,000,760 | ---- | C] () -- C:\Users\Yzerman\AppData\Roaming\setup_ldm.iss
[2010.02.09 09:57:55 | 000,001,112 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
[2010.02.09 09:57:55 | 000,001,099 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
[2010.02.09 09:57:55 | 000,001,099 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini
[2010.02.09 09:57:51 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010.02.09 09:57:51 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2010.02.09 09:39:00 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2012.01.04 19:34:51 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\Bitdefender
[2011.04.05 15:03:53 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\Buhl Data Service
[2011.04.05 15:55:44 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\Buhl Data Service GmbH
[2011.02.05 12:27:15 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\DesktopReminder
[2011.12.29 19:46:48 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\Fighters
[2011.02.05 12:48:16 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\GetRightToGo
[2011.12.06 10:30:27 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\GrabPro
[2010.04.03 15:30:07 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\Leadertech
[2011.04.06 14:47:31 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\MAGIX
[2011.05.11 17:30:02 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\MAPILab NNTP Accounts
[2011.12.06 10:30:29 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\OpenCandy
[2012.01.05 00:14:09 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\Orbit
[2011.12.06 10:30:33 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\ProgSense
[2011.12.28 13:52:04 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\QuickScan
[2010.06.28 19:34:38 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\Template
[2011.04.06 14:58:37 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\Titanium
[2010.11.06 12:33:05 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\TuneUp Software
[2010.08.03 10:19:44 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\Ugzyuf
[2011.02.05 12:43:21 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\UK's Kalender
[2011.11.17 01:13:16 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\Windows Live Writer
[2010.09.12 09:01:14 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\Ybukwo
[2012.01.06 09:41:28 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

Yzerman99 08.01.2012 21:58
Teil 2:

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2011.09.09 14:47:08 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\Adobe
[2011.11.26 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\Apple Computer
[2010.04.03 12:46:47 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\ATI
[2011.04.01 18:13:55 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\AVS4YOU
[2012.01.04 19:34:51 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\Bitdefender
[2011.04.05 15:03:53 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\Buhl Data Service
[2011.04.05 15:55:44 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\Buhl Data Service GmbH
[2010.04.03 12:52:28 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\CyberLink
[2010.04.03 12:47:05 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\Dell
[2011.02.05 12:27:15 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\DesktopReminder
[2011.12.29 19:46:48 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\Fighters
[2011.02.05 12:48:16 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\GetRightToGo
[2011.12.06 10:30:27 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\GrabPro
[2011.08.27 17:38:16 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\HP
[2010.04.03 12:46:25 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\Identities
[2011.04.06 15:07:05 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\IDMComp
[2010.04.03 15:21:50 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\InstallShield
[2010.04.03 12:46:51 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\Intel Corporation
[2010.04.03 15:30:07 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\Leadertech
[2010.04.03 15:30:17 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\Logitech
[2010.09.12 14:07:56 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\Macromedia
[2011.04.06 14:47:31 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\MAGIX
[2012.01.05 20:07:41 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\Malwarebytes
[2011.05.11 17:30:02 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\MAPILab NNTP Accounts
[2009.07.14 19:18:18 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\Media Center Programs
[2011.11.29 10:42:32 | 000,000,000 | --SD | M] -- C:\Users\Yzerman\AppData\Roaming\Microsoft
[2010.04.20 18:44:54 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\Mozilla
[2011.12.06 10:30:29 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\OpenCandy
[2012.01.05 00:14:09 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\Orbit
[2011.12.06 10:30:33 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\ProgSense
[2011.12.28 13:52:04 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\QuickScan
[2011.04.19 17:36:31 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\Roxio
[2011.06.23 10:59:03 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\Skype
[2011.06.22 15:06:21 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\skypePM
[2012.01.06 08:38:02 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\SUPERAntiSpyware.com
[2010.06.28 19:34:38 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\Template
[2011.04.06 14:58:37 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\Titanium
[2010.11.06 12:33:05 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\TuneUp Software
[2010.08.03 10:19:44 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\Ugzyuf
[2011.02.05 12:43:21 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\UK's Kalender
[2011.11.17 01:13:16 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\Windows Live Writer
[2010.09.12 09:01:14 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\Ybukwo
[2011.12.18 01:11:22 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\ZoomBrowser EX

< %APPDATA%\*.exe /s >
[2010.05.04 18:31:35 | 008,656,832 | ---- | M] (Dell, Inc. ) -- C:\Users\Yzerman\AppData\Roaming\DataSafeDotNet.exe
[2010.04.03 15:30:06 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\Yzerman\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
[2011.09.05 09:15:02 | 000,010,134 | R--- | M] () -- C:\Users\Yzerman\AppData\Roaming\Microsoft\Installer\{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}\ARPPRODUCTICON.exe
[2011.11.18 05:30:06 | 002,081,208 | ---- | M] (Speedchecker Limited ) -- C:\Users\Yzerman\AppData\Roaming\OpenCandy\DE5EAB164F9D4377902301B034F6871B\pcspeedup_oc.exe

< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: EVENTLOG.DLL >
[2011.10.14 22:57:26 | 000,007,840 | ---- | M] () MD5=A8B15EC290C2F28AF39A6FE02F0ACF0D -- C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\lib\eventlog.dll

< MD5 for: IASTOR.SYS >
[2009.10.02 21:58:58 | 000,537,112 | ---- | M] (Intel Corporation) MD5=631FA8935163B01FC0C02966CB3ADB92 -- C:\Drivers\storage\R245418\iaStor.sys
[2009.10.02 21:58:58 | 000,537,112 | ---- | M] (Intel Corporation) MD5=631FA8935163B01FC0C02966CB3ADB92 -- C:\Windows\SysNative\drivers\iaStor.sys
[2009.10.02 21:58:58 | 000,537,112 | ---- | M] (Intel Corporation) MD5=631FA8935163B01FC0C02966CB3ADB92 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_b03f80929ac23556\iaStor.sys
[2009.10.02 21:58:58 | 000,537,112 | ---- | M] (Intel Corporation) MD5=631FA8935163B01FC0C02966CB3ADB92 -- C:\Windows\SysNative\DriverStore\FileRepository\iastor.inf_amd64_neutral_093f326ff5f9285e\iaStor.sys

< MD5 for: IASTORV.SYS >
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

< MD5 for: USER32.DLL >
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll

< MD5 for: USERINIT.EXE >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WININIT.EXE >
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< MD5 for: WS2IFSL.SYS >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

========== Files - Unicode (All) ==========
[2011.04.03 11:00:00 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{ca04255d-5cf9-11e0-8a85-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF싚䂪{ca04255d-5cf9-11e0-8a85-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms
[2011.04.03 11:00:00 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{ca04255d-5cf9-11e0-8a85-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF싚䂪{ca04255d-5cf9-11e0-8a85-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms
[2011.04.03 11:00:00 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{ca04255d-5cf9-11e0-8a85-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF싚䂪{ca04255d-5cf9-11e0-8a85-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms
[2011.04.03 11:00:00 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{ca04255d-5cf9-11e0-8a85-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF싚䂪{ca04255d-5cf9-11e0-8a85-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms
[2011.04.03 11:00:00 | 000,262,144 | ---- | M] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF싚䂪
[2011.04.03 11:00:00 | 000,262,144 | ---- | C] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF싚䂪
[2011.04.03 11:00:00 | 000,065,536 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{ca04255d-5cf9-11e0-8a85-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF싚䂪{ca04255d-5cf9-11e0-8a85-001f3f0c9821}.TM.blf
[2011.04.03 11:00:00 | 000,065,536 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{ca04255d-5cf9-11e0-8a85-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF싚䂪{ca04255d-5cf9-11e0-8a85-001f3f0c9821}.TM.blf
[2011.04.03 11:00:00 | 000,005,120 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF싚䂪.LOG1
[2011.04.03 11:00:00 | 000,005,120 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF싚䂪.LOG1
[2011.04.03 11:00:00 | 000,000,000 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF싚䂪.LOG2
[2011.04.03 11:00:00 | 000,000,000 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF싚䂪.LOG2
[2011.03.27 11:00:01 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{8f1a9844-5855-11e0-84c4-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF�ꤦ{8f1a9844-5855-11e0-84c4-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms
[2011.03.27 11:00:01 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{8f1a9844-5855-11e0-84c4-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF�ꤦ{8f1a9844-5855-11e0-84c4-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms
[2011.03.27 11:00:01 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{8f1a9844-5855-11e0-84c4-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF�ꤦ{8f1a9844-5855-11e0-84c4-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms
[2011.03.27 11:00:01 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{8f1a9844-5855-11e0-84c4-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF�ꤦ{8f1a9844-5855-11e0-84c4-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms
[2011.03.27 11:00:01 | 000,262,144 | ---- | M] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF�ꤦ
[2011.03.27 11:00:01 | 000,262,144 | ---- | C] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF�ꤦ
[2011.03.27 11:00:01 | 000,065,536 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{8f1a9844-5855-11e0-84c4-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF�ꤦ{8f1a9844-5855-11e0-84c4-001f3f0c9821}.TM.blf
[2011.03.27 11:00:01 | 000,065,536 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{8f1a9844-5855-11e0-84c4-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF�ꤦ{8f1a9844-5855-11e0-84c4-001f3f0c9821}.TM.blf
[2011.03.27 11:00:01 | 000,005,120 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF�ꤦ.LOG1
[2011.03.27 11:00:01 | 000,005,120 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF�ꤦ.LOG1
[2011.03.27 11:00:01 | 000,000,000 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF�ꤦ.LOG2
[2011.03.27 11:00:01 | 000,000,000 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF�ꤦ.LOG2
[2011.03.20 13:25:43 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{56717b7a-52ec-11e0-842a-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF둒ꧣ{56717b7a-52ec-11e0-842a-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms
[2011.03.20 13:25:43 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{56717b7a-52ec-11e0-842a-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF둒ꧣ{56717b7a-52ec-11e0-842a-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms
[2011.03.20 13:25:43 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{56717b7a-52ec-11e0-842a-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF둒ꧣ{56717b7a-52ec-11e0-842a-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms
[2011.03.20 13:25:43 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{56717b7a-52ec-11e0-842a-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF둒ꧣ{56717b7a-52ec-11e0-842a-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms
[2011.03.20 13:25:43 | 000,065,536 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{56717b7a-52ec-11e0-842a-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF둒ꧣ{56717b7a-52ec-11e0-842a-001f3f0c9821}.TM.blf
[2011.03.20 13:25:43 | 000,065,536 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{56717b7a-52ec-11e0-842a-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF둒ꧣ{56717b7a-52ec-11e0-842a-001f3f0c9821}.TM.blf
[2011.03.20 13:25:42 | 000,262,144 | ---- | M] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF둒ꧣ
[2011.03.20 13:25:42 | 000,262,144 | ---- | C] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF둒ꧣ
[2011.03.20 13:25:42 | 000,005,120 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF둒ꧣ.LOG1
[2011.03.20 13:25:42 | 000,005,120 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF둒ꧣ.LOG1
[2011.03.20 13:25:42 | 000,000,000 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF둒ꧣ.LOG2
[2011.03.20 13:25:42 | 000,000,000 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF둒ꧣ.LOG2
[2011.03.13 12:00:01 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{088f6aa3-4d5e-11e0-8f0b-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF赹㲱{088f6aa3-4d5e-11e0-8f0b-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms
[2011.03.13 12:00:01 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{088f6aa3-4d5e-11e0-8f0b-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF赹㲱{088f6aa3-4d5e-11e0-8f0b-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms
[2011.03.13 12:00:01 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{088f6aa3-4d5e-11e0-8f0b-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF赹㲱{088f6aa3-4d5e-11e0-8f0b-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms
[2011.03.13 12:00:01 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{088f6aa3-4d5e-11e0-8f0b-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF赹㲱{088f6aa3-4d5e-11e0-8f0b-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms
[2011.03.13 12:00:01 | 000,262,144 | ---- | M] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF赹㲱
[2011.03.13 12:00:01 | 000,262,144 | ---- | C] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF赹㲱
[2011.03.13 12:00:01 | 000,065,536 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{088f6aa3-4d5e-11e0-8f0b-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF赹㲱{088f6aa3-4d5e-11e0-8f0b-001f3f0c9821}.TM.blf
[2011.03.13 12:00:01 | 000,065,536 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{088f6aa3-4d5e-11e0-8f0b-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF赹㲱{088f6aa3-4d5e-11e0-8f0b-001f3f0c9821}.TM.blf
[2011.03.13 12:00:01 | 000,005,120 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF赹㲱.LOG1
[2011.03.13 12:00:01 | 000,005,120 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF赹㲱.LOG1
[2011.03.13 12:00:01 | 000,000,000 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF赹㲱.LOG2
[2011.03.13 12:00:01 | 000,000,000 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF赹㲱.LOG2
[2011.03.06 12:00:00 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{dc5b10c3-47d0-11e0-9c07-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF왪島{dc5b10c3-47d0-11e0-9c07-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms
[2011.03.06 12:00:00 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{dc5b10c3-47d0-11e0-9c07-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF왪島{dc5b10c3-47d0-11e0-9c07-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms
[2011.03.06 12:00:00 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{dc5b10c3-47d0-11e0-9c07-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF왪島{dc5b10c3-47d0-11e0-9c07-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms
[2011.03.06 12:00:00 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{dc5b10c3-47d0-11e0-9c07-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF왪島{dc5b10c3-47d0-11e0-9c07-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms
[2011.03.06 12:00:00 | 000,262,144 | ---- | M] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF왪島
[2011.03.06 12:00:00 | 000,262,144 | ---- | C] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF왪島
[2011.03.06 12:00:00 | 000,065,536 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{dc5b10c3-47d0-11e0-9c07-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF왪島{dc5b10c3-47d0-11e0-9c07-001f3f0c9821}.TM.blf
[2011.03.06 12:00:00 | 000,065,536 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{dc5b10c3-47d0-11e0-9c07-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF왪島{dc5b10c3-47d0-11e0-9c07-001f3f0c9821}.TM.blf
[2011.03.06 12:00:00 | 000,005,120 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF왪島.LOG1
[2011.03.06 12:00:00 | 000,005,120 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF왪島.LOG1
[2011.03.06 12:00:00 | 000,000,000 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF왪島.LOG2
[2011.03.06 12:00:00 | 000,000,000 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF왪島.LOG2

Yzerman99 08.01.2012 21:59
Teil 3:

[2011.02.27 12:00:00 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{5da44f65-4246-11e0-86a0-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF㗺䴛{5da44f65-4246-11e0-86a0-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms
[2011.02.27 12:00:00 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{5da44f65-4246-11e0-86a0-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF㗺䴛{5da44f65-4246-11e0-86a0-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms
[2011.02.27 12:00:00 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{5da44f65-4246-11e0-86a0-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF㗺䴛{5da44f65-4246-11e0-86a0-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms
[2011.02.27 12:00:00 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{5da44f65-4246-11e0-86a0-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF㗺䴛{5da44f65-4246-11e0-86a0-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms
[2011.02.27 12:00:00 | 000,262,144 | ---- | M] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF㗺䴛
[2011.02.27 12:00:00 | 000,262,144 | ---- | C] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF㗺䴛
[2011.02.27 12:00:00 | 000,065,536 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{5da44f65-4246-11e0-86a0-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF㗺䴛{5da44f65-4246-11e0-86a0-001f3f0c9821}.TM.blf
[2011.02.27 12:00:00 | 000,065,536 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{5da44f65-4246-11e0-86a0-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF㗺䴛{5da44f65-4246-11e0-86a0-001f3f0c9821}.TM.blf
[2011.02.27 12:00:00 | 000,005,120 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF㗺䴛.LOG1
[2011.02.27 12:00:00 | 000,005,120 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF㗺䴛.LOG1
[2011.02.27 12:00:00 | 000,000,000 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF㗺䴛.LOG2
[2011.02.27 12:00:00 | 000,000,000 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF㗺䴛.LOG2
[2011.02.20 12:00:00 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{b1ef8267-3cce-11e0-8699-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GFይ숕{b1ef8267-3cce-11e0-8699-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms
[2011.02.20 12:00:00 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{b1ef8267-3cce-11e0-8699-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GFይ숕{b1ef8267-3cce-11e0-8699-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms
[2011.02.20 12:00:00 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{b1ef8267-3cce-11e0-8699-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GFይ숕{b1ef8267-3cce-11e0-8699-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms
[2011.02.20 12:00:00 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{b1ef8267-3cce-11e0-8699-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GFይ숕{b1ef8267-3cce-11e0-8699-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms
[2011.02.20 12:00:00 | 000,262,144 | ---- | M] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GFይ숕
[2011.02.20 12:00:00 | 000,262,144 | ---- | C] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GFይ숕
[2011.02.20 12:00:00 | 000,065,536 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{b1ef8267-3cce-11e0-8699-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GFይ숕{b1ef8267-3cce-11e0-8699-001f3f0c9821}.TM.blf
[2011.02.20 12:00:00 | 000,065,536 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{b1ef8267-3cce-11e0-8699-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GFይ숕{b1ef8267-3cce-11e0-8699-001f3f0c9821}.TM.blf
[2011.02.20 12:00:00 | 000,005,120 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GFይ숕.LOG1
[2011.02.20 12:00:00 | 000,005,120 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GFይ숕.LOG1
[2011.02.20 12:00:00 | 000,000,000 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GFይ숕.LOG2
[2011.02.20 12:00:00 | 000,000,000 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GFይ숕.LOG2
[2011.02.13 12:00:07 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{99281fad-3758-11e0-8137-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF믣䃃{99281fad-3758-11e0-8137-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms
[2011.02.13 12:00:07 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{99281fad-3758-11e0-8137-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF믣䃃{99281fad-3758-11e0-8137-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms
[2011.02.13 12:00:07 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{99281fad-3758-11e0-8137-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF믣䃃{99281fad-3758-11e0-8137-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms
[2011.02.13 12:00:07 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{99281fad-3758-11e0-8137-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF믣䃃{99281fad-3758-11e0-8137-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms
[2011.02.13 12:00:07 | 000,262,144 | ---- | M] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF믣䃃
[2011.02.13 12:00:07 | 000,262,144 | ---- | C] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF믣䃃
[2011.02.13 12:00:07 | 000,065,536 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{99281fad-3758-11e0-8137-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF믣䃃{99281fad-3758-11e0-8137-001f3f0c9821}.TM.blf
[2011.02.13 12:00:07 | 000,065,536 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{99281fad-3758-11e0-8137-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF믣䃃{99281fad-3758-11e0-8137-001f3f0c9821}.TM.blf
[2011.02.13 12:00:07 | 000,005,120 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF믣䃃.LOG1
[2011.02.13 12:00:07 | 000,005,120 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF믣䃃.LOG1
[2011.02.13 12:00:07 | 000,000,000 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF믣䃃.LOG2
[2011.02.13 12:00:07 | 000,000,000 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF믣䃃.LOG2
[2011.02.06 12:00:00 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{e0c03e01-30f3-11e0-8634-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF녙傚{e0c03e01-30f3-11e0-8634-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms
[2011.02.06 12:00:00 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{e0c03e01-30f3-11e0-8634-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF녙傚{e0c03e01-30f3-11e0-8634-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms
[2011.02.06 12:00:00 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{e0c03e01-30f3-11e0-8634-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF녙傚{e0c03e01-30f3-11e0-8634-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms
[2011.02.06 12:00:00 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{e0c03e01-30f3-11e0-8634-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF녙傚{e0c03e01-30f3-11e0-8634-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms
[2011.02.06 12:00:00 | 000,262,144 | ---- | M] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF녙傚
[2011.02.06 12:00:00 | 000,262,144 | ---- | C] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF녙傚
[2011.02.06 12:00:00 | 000,065,536 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{e0c03e01-30f3-11e0-8634-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF녙傚{e0c03e01-30f3-11e0-8634-001f3f0c9821}.TM.blf
[2011.02.06 12:00:00 | 000,065,536 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{e0c03e01-30f3-11e0-8634-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF녙傚{e0c03e01-30f3-11e0-8634-001f3f0c9821}.TM.blf
[2011.02.06 12:00:00 | 000,005,120 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF녙傚.LOG1
[2011.02.06 12:00:00 | 000,005,120 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF녙傚.LOG1
[2011.02.06 12:00:00 | 000,000,000 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF녙傚.LOG2
[2011.02.06 12:00:00 | 000,000,000 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF녙傚.LOG2
[2011.01.30 12:00:00 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{ddd17043-2c49-11e0-9fb4-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF䥉㡂{ddd17043-2c49-11e0-9fb4-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms
[2011.01.30 12:00:00 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{ddd17043-2c49-11e0-9fb4-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF䥉㡂{ddd17043-2c49-11e0-9fb4-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms
[2011.01.30 12:00:00 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{ddd17043-2c49-11e0-9fb4-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF䥉㡂{ddd17043-2c49-11e0-9fb4-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms
[2011.01.30 12:00:00 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{ddd17043-2c49-11e0-9fb4-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF䥉㡂{ddd17043-2c49-11e0-9fb4-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms
[2011.01.30 12:00:00 | 000,262,144 | ---- | M] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF䥉㡂
[2011.01.30 12:00:00 | 000,262,144 | ---- | C] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF䥉㡂
[2011.01.30 12:00:00 | 000,065,536 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{ddd17043-2c49-11e0-9fb4-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF䥉㡂{ddd17043-2c49-11e0-9fb4-001f3f0c9821}.TM.blf
[2011.01.30 12:00:00 | 000,065,536 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{ddd17043-2c49-11e0-9fb4-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF䥉㡂{ddd17043-2c49-11e0-9fb4-001f3f0c9821}.TM.blf
[2011.01.30 12:00:00 | 000,005,120 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF䥉㡂.LOG1
[2011.01.30 12:00:00 | 000,005,120 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF䥉㡂.LOG1
[2011.01.30 12:00:00 | 000,000,000 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF䥉㡂.LOG2
[2011.01.30 12:00:00 | 000,000,000 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF䥉㡂.LOG2
[2011.01.23 12:00:00 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{e91b4565-26c8-11e0-8339-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF끲胲{e91b4565-26c8-11e0-8339-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms
[2011.01.23 12:00:00 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{e91b4565-26c8-11e0-8339-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF끲胲{e91b4565-26c8-11e0-8339-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms
[2011.01.23 12:00:00 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{e91b4565-26c8-11e0-8339-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF끲胲{e91b4565-26c8-11e0-8339-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms
[2011.01.23 12:00:00 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{e91b4565-26c8-11e0-8339-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF끲胲{e91b4565-26c8-11e0-8339-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms
[2011.01.23 12:00:00 | 000,262,144 | ---- | M] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF끲胲
[2011.01.23 12:00:00 | 000,262,144 | ---- | C] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF끲胲
[2011.01.23 12:00:00 | 000,065,536 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{e91b4565-26c8-11e0-8339-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF끲胲{e91b4565-26c8-11e0-8339-001f3f0c9821}.TM.blf
[2011.01.23 12:00:00 | 000,065,536 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{e91b4565-26c8-11e0-8339-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF끲胲{e91b4565-26c8-11e0-8339-001f3f0c9821}.TM.blf
[2011.01.23 12:00:00 | 000,005,120 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF끲胲.LOG1
[2011.01.23 12:00:00 | 000,005,120 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF끲胲.LOG1
[2011.01.23 12:00:00 | 000,000,000 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF끲胲.LOG2
[2011.01.23 12:00:00 | 000,000,000 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF끲胲.LOG2
[2011.01.16 12:00:00 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{8c08f042-2149-11e0-93dd-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF䒱氟{8c08f042-2149-11e0-93dd-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms
[2011.01.16 12:00:00 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{8c08f042-2149-11e0-93dd-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF䒱氟{8c08f042-2149-11e0-93dd-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms
[2011.01.16 12:00:00 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{8c08f042-2149-11e0-93dd-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF䒱氟{8c08f042-2149-11e0-93dd-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms
[2011.01.16 12:00:00 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{8c08f042-2149-11e0-93dd-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF䒱氟{8c08f042-2149-11e0-93dd-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms
[2011.01.16 12:00:00 | 000,262,144 | ---- | M] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF䒱氟
[2011.01.16 12:00:00 | 000,262,144 | ---- | C] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF䒱氟
[2011.01.16 12:00:00 | 000,065,536 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{8c08f042-2149-11e0-93dd-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF䒱氟{8c08f042-2149-11e0-93dd-001f3f0c9821}.TM.blf
[2011.01.16 12:00:00 | 000,065,536 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{8c08f042-2149-11e0-93dd-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF䒱氟{8c08f042-2149-11e0-93dd-001f3f0c9821}.TM.blf
[2011.01.16 12:00:00 | 000,005,120 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF䒱氟.LOG1
[2011.01.16 12:00:00 | 000,005,120 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF䒱氟.LOG1
[2011.01.16 12:00:00 | 000,000,000 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF䒱氟.LOG2
[2011.01.16 12:00:00 | 000,000,000 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF䒱氟.LOG2
[2011.01.09 12:00:06 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{1dbcd654-1bcc-11e0-8489-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF醖䣙{1dbcd654-1bcc-11e0-8489-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms
[2011.01.09 12:00:06 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{1dbcd654-1bcc-11e0-8489-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF醖䣙{1dbcd654-1bcc-11e0-8489-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms
[2011.01.09 12:00:06 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{1dbcd654-1bcc-11e0-8489-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF醖䣙{1dbcd654-1bcc-11e0-8489-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms
[2011.01.09 12:00:06 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{1dbcd654-1bcc-11e0-8489-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF醖䣙{1dbcd654-1bcc-11e0-8489-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms
[2011.01.09 12:00:06 | 000,262,144 | ---- | M] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF醖䣙
[2011.01.09 12:00:06 | 000,262,144 | ---- | C] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF醖䣙
[2011.01.09 12:00:06 | 000,065,536 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{1dbcd654-1bcc-11e0-8489-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF醖䣙{1dbcd654-1bcc-11e0-8489-001f3f0c9821}.TM.blf
[2011.01.09 12:00:06 | 000,065,536 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{1dbcd654-1bcc-11e0-8489-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF醖䣙{1dbcd654-1bcc-11e0-8489-001f3f0c9821}.TM.blf
[2011.01.09 12:00:06 | 000,005,120 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF醖䣙.LOG1
[2011.01.09 12:00:06 | 000,005,120 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF醖䣙.LOG1
[2011.01.09 12:00:06 | 000,000,000 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF醖䣙.LOG2
[2011.01.09 12:00:06 | 000,000,000 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF醖䣙.LOG2
[2011.01.02 12:00:00 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{269f04c2-165d-11e0-87a1-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF⁙菑{269f04c2-165d-11e0-87a1-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms
[2011.01.02 12:00:00 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{269f04c2-165d-11e0-87a1-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF⁙菑{269f04c2-165d-11e0-87a1-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms
[2011.01.02 12:00:00 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{269f04c2-165d-11e0-87a1-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF⁙菑{269f04c2-165d-11e0-87a1-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms
[2011.01.02 12:00:00 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{269f04c2-165d-11e0-87a1-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF⁙菑{269f04c2-165d-11e0-87a1-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms
[2011.01.02 12:00:00 | 000,262,144 | ---- | M] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF⁙菑
[2011.01.02 12:00:00 | 000,262,144 | ---- | C] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF⁙菑
[2011.01.02 12:00:00 | 000,065,536 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{269f04c2-165d-11e0-87a1-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF⁙菑{269f04c2-165d-11e0-87a1-001f3f0c9821}.TM.blf
[2011.01.02 12:00:00 | 000,065,536 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{269f04c2-165d-11e0-87a1-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF⁙菑{269f04c2-165d-11e0-87a1-001f3f0c9821}.TM.blf
[2011.01.02 12:00:00 | 000,005,120 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF⁙菑.LOG1
[2011.01.02 12:00:00 | 000,005,120 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF⁙菑.LOG1
[2011.01.02 12:00:00 | 000,000,000 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF⁙菑.LOG2
[2011.01.02 12:00:00 | 000,000,000 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF⁙菑.LOG2
[2010.12.26 12:00:00 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{4bc29404-10b9-11e0-86c1-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF폲{4bc29404-10b9-11e0-86c1-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms
[2010.12.26 12:00:00 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{4bc29404-10b9-11e0-86c1-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF폲{4bc29404-10b9-11e0-86c1-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms
[2010.12.26 12:00:00 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{4bc29404-10b9-11e0-86c1-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF폲{4bc29404-10b9-11e0-86c1-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms
[2010.12.26 12:00:00 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{4bc29404-10b9-11e0-86c1-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF폲{4bc29404-10b9-11e0-86c1-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms
[2010.12.26 12:00:00 | 000,262,144 | ---- | M] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF폲
[2010.12.26 12:00:00 | 000,262,144 | ---- | C] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF폲
[2010.12.26 12:00:00 | 000,065,536 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{4bc29404-10b9-11e0-86c1-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF폲{4bc29404-10b9-11e0-86c1-001f3f0c9821}.TM.blf
[2010.12.26 12:00:00 | 000,065,536 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{4bc29404-10b9-11e0-86c1-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF폲{4bc29404-10b9-11e0-86c1-001f3f0c9821}.TM.blf
[2010.12.26 12:00:00 | 000,005,120 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF폲.LOG1
[2010.12.26 12:00:00 | 000,005,120 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF폲.LOG1
[2010.12.26 12:00:00 | 000,000,000 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF폲.LOG2
[2010.12.26 12:00:00 | 000,000,000 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF폲.LOG2
[2010.12.19 12:00:00 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{d5b2b013-0b41-11e0-86ec-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GFﶖ쑜{d5b2b013-0b41-11e0-86ec-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms
[2010.12.19 12:00:00 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{d5b2b013-0b41-11e0-86ec-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GFﶖ쑜{d5b2b013-0b41-11e0-86ec-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms
[2010.12.19 12:00:00 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{d5b2b013-0b41-11e0-86ec-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GFﶖ쑜{d5b2b013-0b41-11e0-86ec-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms
[2010.12.19 12:00:00 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{d5b2b013-0b41-11e0-86ec-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GFﶖ쑜{d5b2b013-0b41-11e0-86ec-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms
[2010.12.19 12:00:00 | 000,262,144 | ---- | M] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GFﶖ쑜
[2010.12.19 12:00:00 | 000,262,144 | ---- | C] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GFﶖ쑜
[2010.12.19 12:00:00 | 000,065,536 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{d5b2b013-0b41-11e0-86ec-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GFﶖ쑜{d5b2b013-0b41-11e0-86ec-001f3f0c9821}.TM.blf
[2010.12.19 12:00:00 | 000,065,536 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{d5b2b013-0b41-11e0-86ec-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GFﶖ쑜{d5b2b013-0b41-11e0-86ec-001f3f0c9821}.TM.blf
[2010.12.19 12:00:00 | 000,005,120 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GFﶖ쑜.LOG1
[2010.12.19 12:00:00 | 000,005,120 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GFﶖ쑜.LOG1
[2010.12.19 12:00:00 | 000,000,000 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GFﶖ쑜.LOG2
[2010.12.19 12:00:00 | 000,000,000 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GFﶖ쑜.LOG2
[2010.12.12 12:00:00 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{016fec03-05be-11e0-8514-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF燭ᄉ{016fec03-05be-11e0-8514-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms
[2010.12.12 12:00:00 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{016fec03-05be-11e0-8514-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF燭ᄉ{016fec03-05be-11e0-8514-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms
[2010.12.12 12:00:00 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{016fec03-05be-11e0-8514-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF燭ᄉ{016fec03-05be-11e0-8514-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms
[2010.12.12 12:00:00 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{016fec03-05be-11e0-8514-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF燭ᄉ{016fec03-05be-11e0-8514-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms
[2010.12.12 12:00:00 | 000,262,144 | ---- | M] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF燭ᄉ
[2010.12.12 12:00:00 | 000,262,144 | ---- | C] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF燭ᄉ
[2010.12.12 12:00:00 | 000,065,536 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{016fec03-05be-11e0-8514-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF燭ᄉ{016fec03-05be-11e0-8514-001f3f0c9821}.TM.blf
[2010.12.12 12:00:00 | 000,065,536 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{016fec03-05be-11e0-8514-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF燭ᄉ{016fec03-05be-11e0-8514-001f3f0c9821}.TM.blf
[2010.12.12 12:00:00 | 000,005,120 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF燭ᄉ.LOG1
[2010.12.12 12:00:00 | 000,005,120 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF燭ᄉ.LOG1
[2010.12.12 12:00:00 | 000,000,000 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF燭ᄉ.LOG2
[2010.12.12 12:00:00 | 000,000,000 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF燭ᄉ.LOG2
[2010.12.05 12:00:07 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{fd39b367-0044-11e0-849a-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF웪骍{fd39b367-0044-11e0-849a-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms
[2010.12.05 12:00:07 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{fd39b367-0044-11e0-849a-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF웪骍{fd39b367-0044-11e0-849a-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms
[2010.12.05 12:00:07 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{fd39b367-0044-11e0-849a-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF웪骍{fd39b367-0044-11e0-849a-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms
[2010.12.05 12:00:07 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{fd39b367-0044-11e0-849a-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF웪骍{fd39b367-0044-11e0-849a-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms
[2010.12.05 12:00:07 | 000,262,144 | ---- | M] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF웪骍
[2010.12.05 12:00:07 | 000,262,144 | ---- | C] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF웪骍
[2010.12.05 12:00:07 | 000,065,536 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{fd39b367-0044-11e0-849a-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF웪骍{fd39b367-0044-11e0-849a-001f3f0c9821}.TM.blf
[2010.12.05 12:00:07 | 000,065,536 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{fd39b367-0044-11e0-849a-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF웪骍{fd39b367-0044-11e0-849a-001f3f0c9821}.TM.blf
[2010.12.05 12:00:07 | 000,005,120 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF웪骍.LOG1
[2010.12.05 12:00:07 | 000,005,120 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF웪骍.LOG1
[2010.12.05 12:00:07 | 000,000,000 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF웪骍.LOG2
[2010.12.05 12:00:07 | 000,000,000 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF웪骍.LOG2
[2010.11.28 12:00:00 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{82165163-fac8-11df-84e0-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GFꮥ褻{82165163-fac8-11df-84e0-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms
[2010.11.28 12:00:00 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{82165163-fac8-11df-84e0-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GFꮥ褻{82165163-fac8-11df-84e0-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms
[2010.11.28 12:00:00 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{82165163-fac8-11df-84e0-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GFꮥ褻{82165163-fac8-11df-84e0-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms
[2010.11.28 12:00:00 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{82165163-fac8-11df-84e0-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GFꮥ褻{82165163-fac8-11df-84e0-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms
[2010.11.28 12:00:00 | 000,262,144 | ---- | M] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GFꮥ褻
[2010.11.28 12:00:00 | 000,262,144 | ---- | C] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GFꮥ褻
[2010.11.28 12:00:00 | 000,065,536 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{82165163-fac8-11df-84e0-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GFꮥ褻{82165163-fac8-11df-84e0-001f3f0c9821}.TM.blf
[2010.11.28 12:00:00 | 000,065,536 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{82165163-fac8-11df-84e0-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GFꮥ褻{82165163-fac8-11df-84e0-001f3f0c9821}.TM.blf
[2010.11.28 12:00:00 | 000,005,120 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GFꮥ褻.LOG1
[2010.11.28 12:00:00 | 000,005,120 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GFꮥ褻.LOG1
[2010.11.28 12:00:00 | 000,000,000 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GFꮥ褻.LOG2
[2010.11.28 12:00:00 | 000,000,000 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GFꮥ褻.LOG2
[2010.11.21 12:00:00 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{ad85c308-f541-11df-84e2-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF宺옏{ad85c308-f541-11df-84e2-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms
[2010.11.21 12:00:00 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{ad85c308-f541-11df-84e2-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF宺옏{ad85c308-f541-11df-84e2-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms
[2010.11.21 12:00:00 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{ad85c308-f541-11df-84e2-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF宺옏{ad85c308-f541-11df-84e2-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms
[2010.11.21 12:00:00 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{ad85c308-f541-11df-84e2-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF宺옏{ad85c308-f541-11df-84e2-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms
[2010.11.21 12:00:00 | 000,262,144 | ---- | M] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF宺옏
[2010.11.21 12:00:00 | 000,262,144 | ---- | C] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF宺옏
[2010.11.21 12:00:00 | 000,065,536 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{ad85c308-f541-11df-84e2-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF宺옏{ad85c308-f541-11df-84e2-001f3f0c9821}.TM.blf
[2010.11.21 12:00:00 | 000,065,536 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{ad85c308-f541-11df-84e2-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF宺옏{ad85c308-f541-11df-84e2-001f3f0c9821}.TM.blf
[2010.11.21 12:00:00 | 000,005,120 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF宺옏.LOG1
[2010.11.21 12:00:00 | 000,005,120 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF宺옏.LOG1
[2010.11.21 12:00:00 | 000,000,000 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF宺옏.LOG2
[2010.11.21 12:00:00 | 000,000,000 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF宺옏.LOG2
[2010.11.14 12:00:00 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{0a6c3bb3-efc1-11df-873d-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GFꅭ㛊{0a6c3bb3-efc1-11df-873d-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms
[2010.11.14 12:00:00 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{0a6c3bb3-efc1-11df-873d-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GFꅭ㛊{0a6c3bb3-efc1-11df-873d-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms
[2010.11.14 12:00:00 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{0a6c3bb3-efc1-11df-873d-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GFꅭ㛊{0a6c3bb3-efc1-11df-873d-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms
[2010.11.14 12:00:00 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{0a6c3bb3-efc1-11df-873d-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GFꅭ㛊{0a6c3bb3-efc1-11df-873d-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms
[2010.11.14 12:00:00 | 000,262,144 | ---- | M] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GFꅭ㛊
[2010.11.14 12:00:00 | 000,262,144 | ---- | C] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GFꅭ㛊
[2010.11.14 12:00:00 | 000,065,536 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{0a6c3bb3-efc1-11df-873d-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GFꅭ㛊{0a6c3bb3-efc1-11df-873d-001f3f0c9821}.TM.blf
[2010.11.14 12:00:00 | 000,065,536 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{0a6c3bb3-efc1-11df-873d-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GFꅭ㛊{0a6c3bb3-efc1-11df-873d-001f3f0c9821}.TM.blf
[2010.11.14 12:00:00 | 000,005,120 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GFꅭ㛊.LOG1
[2010.11.14 12:00:00 | 000,005,120 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GFꅭ㛊.LOG1
[2010.11.14 12:00:00 | 000,000,000 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GFꅭ㛊.LOG2
[2010.11.14 12:00:00 | 000,000,000 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GFꅭ㛊.LOG2
[2010.11.07 12:00:00 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{054c4125-ea43-11df-870a-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GFጋ鵰{054c4125-ea43-11df-870a-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms
[2010.11.07 12:00:00 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{054c4125-ea43-11df-870a-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GFጋ鵰{054c4125-ea43-11df-870a-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms
[2010.11.07 12:00:00 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{054c4125-ea43-11df-870a-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GFጋ鵰{054c4125-ea43-11df-870a-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms
[2010.11.07 12:00:00 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{054c4125-ea43-11df-870a-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GFጋ鵰{054c4125-ea43-11df-870a-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms
[2010.11.07 12:00:00 | 000,262,144 | ---- | M] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GFጋ鵰
[2010.11.07 12:00:00 | 000,262,144 | ---- | C] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GFጋ鵰
[2010.11.07 12:00:00 | 000,065,536 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{054c4125-ea43-11df-870a-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GFጋ鵰{054c4125-ea43-11df-870a-001f3f0c9821}.TM.blf
[2010.11.07 12:00:00 | 000,065,536 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{054c4125-ea43-11df-870a-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GFጋ鵰{054c4125-ea43-11df-870a-001f3f0c9821}.TM.blf
[2010.11.07 12:00:00 | 000,005,120 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GFጋ鵰.LOG1
[2010.11.07 12:00:00 | 000,005,120 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GFጋ鵰.LOG1
[2010.11.07 12:00:00 | 000,000,000 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GFጋ鵰.LOG2
[2010.11.07 12:00:00 | 000,000,000 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GFጋ鵰.LOG2
[2010.10.31 12:00:00 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{10007e44-e4c8-11df-8336-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF븘ኹ{10007e44-e4c8-11df-8336-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms
[2010.10.31 12:00:00 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{10007e44-e4c8-11df-8336-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF븘ኹ{10007e44-e4c8-11df-8336-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms
[2010.10.31 12:00:00 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{10007e44-e4c8-11df-8336-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF븘ኹ{10007e44-e4c8-11df-8336-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms
[2010.10.31 12:00:00 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{10007e44-e4c8-11df-8336-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF븘ኹ{10007e44-e4c8-11df-8336-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms
[2010.10.31 12:00:00 | 000,262,144 | ---- | M] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF븘ኹ
[2010.10.31 12:00:00 | 000,262,144 | ---- | C] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF븘ኹ
[2010.10.31 12:00:00 | 000,065,536 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{10007e44-e4c8-11df-8336-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF븘ኹ{10007e44-e4c8-11df-8336-001f3f0c9821}.TM.blf
[2010.10.31 12:00:00 | 000,065,536 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{10007e44-e4c8-11df-8336-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF븘ኹ{10007e44-e4c8-11df-8336-001f3f0c9821}.TM.blf
[2010.10.31 12:00:00 | 000,005,120 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF븘ኹ.LOG1
[2010.10.31 12:00:00 | 000,005,120 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF븘ኹ.LOG1
[2010.10.31 12:00:00 | 000,000,000 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF븘ኹ.LOG2
[2010.10.31 12:00:00 | 000,000,000 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF븘ኹ.LOG2
[2010.10.24 11:00:01 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{f3a4325d-df53-11df-8270-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF喿䗪{f3a4325d-df53-11df-8270-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms
[2010.10.24 11:00:01 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{f3a4325d-df53-11df-8270-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF喿䗪{f3a4325d-df53-11df-8270-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms
[2010.10.24 11:00:01 | 000,065,536 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{f3a4325d-df53-11df-8270-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF喿䗪{f3a4325d-df53-11df-8270-001f3f0c9821}.TM.blf
[2010.10.24 11:00:00 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{f3a4325d-df53-11df-8270-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF喿䗪{f3a4325d-df53-11df-8270-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms
[2010.10.24 11:00:00 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{f3a4325d-df53-11df-8270-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF喿䗪{f3a4325d-df53-11df-8270-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms
[2010.10.24 11:00:00 | 000,262,144 | ---- | M] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF喿䗪
[2010.10.24 11:00:00 | 000,262,144 | ---- | C] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF喿䗪
[2010.10.24 11:00:00 | 000,065,536 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{f3a4325d-df53-11df-8270-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF喿䗪{f3a4325d-df53-11df-8270-001f3f0c9821}.TM.blf
[2010.10.24 11:00:00 | 000,005,120 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF喿䗪.LOG1
[2010.10.24 11:00:00 | 000,005,120 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF喿䗪.LOG1
[2010.10.24 11:00:00 | 000,000,000 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF喿䗪.LOG2
[2010.10.24 11:00:00 | 000,000,000 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF喿䗪.LOG2
[2010.10.17 11:00:01 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{4e6e1fa3-d9c6-11df-9bb0-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF퇶ꗨ{4e6e1fa3-d9c6-11df-9bb0-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms
[2010.10.17 11:00:01 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{4e6e1fa3-d9c6-11df-9bb0-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF퇶ꗨ{4e6e1fa3-d9c6-11df-9bb0-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms
[2010.10.17 11:00:01 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{4e6e1fa3-d9c6-11df-9bb0-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF퇶ꗨ{4e6e1fa3-d9c6-11df-9bb0-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms
[2010.10.17 11:00:01 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{4e6e1fa3-d9c6-11df-9bb0-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF퇶ꗨ{4e6e1fa3-d9c6-11df-9bb0-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms
[2010.10.17 11:00:01 | 000,262,144 | ---- | M] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF퇶ꗨ
[2010.10.17 11:00:01 | 000,262,144 | ---- | C] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF퇶ꗨ
[2010.10.17 11:00:01 | 000,065,536 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{4e6e1fa3-d9c6-11df-9bb0-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF퇶ꗨ{4e6e1fa3-d9c6-11df-9bb0-001f3f0c9821}.TM.blf
[2010.10.17 11:00:01 | 000,065,536 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{4e6e1fa3-d9c6-11df-9bb0-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF퇶ꗨ{4e6e1fa3-d9c6-11df-9bb0-001f3f0c9821}.TM.blf
[2010.10.17 11:00:01 | 000,005,120 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF퇶ꗨ.LOG1
[2010.10.17 11:00:01 | 000,005,120 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF퇶ꗨ.LOG1
[2010.10.17 11:00:01 | 000,000,000 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF퇶ꗨ.LOG2
[2010.10.17 11:00:01 | 000,000,000 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF퇶ꗨ.LOG2
[2010.10.10 11:00:00 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{63d29472-d43b-11df-8512-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF꥗{63d29472-d43b-11df-8512-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms
[2010.10.10 11:00:00 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{63d29472-d43b-11df-8512-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF꥗{63d29472-d43b-11df-8512-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms
[2010.10.10 11:00:00 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{63d29472-d43b-11df-8512-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF꥗{63d29472-d43b-11df-8512-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms
[2010.10.10 11:00:00 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{63d29472-d43b-11df-8512-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF꥗{63d29472-d43b-11df-8512-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms
[2010.10.10 11:00:00 | 000,262,144 | ---- | M] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF꥗
[2010.10.10 11:00:00 | 000,262,144 | ---- | C] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF꥗
[2010.10.10 11:00:00 | 000,065,536 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{63d29472-d43b-11df-8512-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF꥗{63d29472-d43b-11df-8512-001f3f0c9821}.TM.blf
[2010.10.10 11:00:00 | 000,065,536 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{63d29472-d43b-11df-8512-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF꥗{63d29472-d43b-11df-8512-001f3f0c9821}.TM.blf
[2010.10.10 11:00:00 | 000,005,120 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF꥗.LOG1
[2010.10.10 11:00:00 | 000,005,120 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF꥗.LOG1
[2010.10.10 11:00:00 | 000,000,000 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF꥗.LOG2
[2010.10.10 11:00:00 | 000,000,000 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF꥗.LOG2
[2010.10.03 11:00:00 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{1045472f-ceb8-11df-8a7e-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF뭽륺{1045472f-ceb8-11df-8a7e-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms
[2010.10.03 11:00:00 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{1045472f-ceb8-11df-8a7e-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF뭽륺{1045472f-ceb8-11df-8a7e-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms
[2010.10.03 11:00:00 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{1045472f-ceb8-11df-8a7e-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF뭽륺{1045472f-ceb8-11df-8a7e-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms
[2010.10.03 11:00:00 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{1045472f-ceb8-11df-8a7e-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF뭽륺{1045472f-ceb8-11df-8a7e-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms
[2010.10.03 11:00:00 | 000,262,144 | ---- | M] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF뭽륺
[2010.10.03 11:00:00 | 000,262,144 | ---- | C] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF뭽륺
[2010.10.03 11:00:00 | 000,065,536 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{1045472f-ceb8-11df-8a7e-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF뭽륺{1045472f-ceb8-11df-8a7e-001f3f0c9821}.TM.blf
[2010.10.03 11:00:00 | 000,065,536 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{1045472f-ceb8-11df-8a7e-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF뭽륺{1045472f-ceb8-11df-8a7e-001f3f0c9821}.TM.blf
[2010.10.03 11:00:00 | 000,005,120 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF뭽륺.LOG1
[2010.10.03 11:00:00 | 000,005,120 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF뭽륺.LOG1
[2010.10.03 11:00:00 | 000,000,000 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF뭽륺.LOG2
[2010.10.03 11:00:00 | 000,000,000 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF뭽륺.LOG2
[2010.09.26 11:00:00 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{6961b212-c946-11df-8220-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF九{6961b212-c946-11df-8220-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms
[2010.09.26 11:00:00 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{6961b212-c946-11df-8220-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF九{6961b212-c946-11df-8220-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms
[2010.09.26 11:00:00 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{6961b212-c946-11df-8220-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF九{6961b212-c946-11df-8220-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms
[2010.09.26 11:00:00 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{6961b212-c946-11df-8220-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF九{6961b212-c946-11df-8220-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms
[2010.09.26 11:00:00 | 000,262,144 | ---- | M] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF九
[2010.09.26 11:00:00 | 000,262,144 | ---- | C] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF九
[2010.09.26 11:00:00 | 000,065,536 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{6961b212-c946-11df-8220-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF九{6961b212-c946-11df-8220-001f3f0c9821}.TM.blf
[2010.09.26 11:00:00 | 000,065,536 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{6961b212-c946-11df-8220-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF九{6961b212-c946-11df-8220-001f3f0c9821}.TM.blf
[2010.09.26 11:00:00 | 000,005,120 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF九.LOG1
[2010.09.26 11:00:00 | 000,005,120 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF九.LOG1
[2010.09.26 11:00:00 | 000,000,000 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF九.LOG2
[2010.09.26 11:00:00 | 000,000,000 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF九.LOG2
[2010.09.19 11:00:00 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{5b9c144d-c3c1-11df-84c6-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GFओ浬{5b9c144d-c3c1-11df-84c6-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms
[2010.09.19 11:00:00 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{5b9c144d-c3c1-11df-84c6-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GFओ浬{5b9c144d-c3c1-11df-84c6-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms
[2010.09.19 11:00:00 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{5b9c144d-c3c1-11df-84c6-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GFओ浬{5b9c144d-c3c1-11df-84c6-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms
[2010.09.19 11:00:00 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{5b9c144d-c3c1-11df-84c6-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GFओ浬{5b9c144d-c3c1-11df-84c6-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms
[2010.09.19 11:00:00 | 000,262,144 | ---- | M] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GFओ浬
[2010.09.19 11:00:00 | 000,262,144 | ---- | C] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GFओ浬
[2010.09.19 11:00:00 | 000,065,536 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{5b9c144d-c3c1-11df-84c6-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GFओ浬{5b9c144d-c3c1-11df-84c6-001f3f0c9821}.TM.blf
[2010.09.19 11:00:00 | 000,065,536 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{5b9c144d-c3c1-11df-84c6-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GFओ浬{5b9c144d-c3c1-11df-84c6-001f3f0c9821}.TM.blf
[2010.09.19 11:00:00 | 000,005,120 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GFओ浬.LOG1
[2010.09.19 11:00:00 | 000,005,120 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GFओ浬.LOG1
[2010.09.19 11:00:00 | 000,000,000 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GFओ浬.LOG2
[2010.09.19 11:00:00 | 000,000,000 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GFओ浬.LOG2
[2010.09.12 11:00:00 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{e799fe22-be42-11df-86b0-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF�㻛{e799fe22-be42-11df-86b0-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms
[2010.09.12 11:00:00 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{e799fe22-be42-11df-86b0-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF�㻛{e799fe22-be42-11df-86b0-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms
[2010.09.12 11:00:00 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{e799fe22-be42-11df-86b0-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF�㻛{e799fe22-be42-11df-86b0-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms
[2010.09.12 11:00:00 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{e799fe22-be42-11df-86b0-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF�㻛{e799fe22-be42-11df-86b0-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms
[2010.09.12 11:00:00 | 000,262,144 | ---- | M] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF�㻛
[2010.09.12 11:00:00 | 000,262,144 | ---- | C] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF�㻛
[2010.09.12 11:00:00 | 000,065,536 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{e799fe22-be42-11df-86b0-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF�㻛{e799fe22-be42-11df-86b0-001f3f0c9821}.TM.blf
[2010.09.12 11:00:00 | 000,065,536 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{e799fe22-be42-11df-86b0-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF�㻛{e799fe22-be42-11df-86b0-001f3f0c9821}.TM.blf
[2010.09.12 11:00:00 | 000,005,120 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF�㻛.LOG1
[2010.09.12 11:00:00 | 000,005,120 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF�㻛.LOG1
[2010.09.12 11:00:00 | 000,000,000 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF�㻛.LOG2
[2010.09.12 11:00:00 | 000,000,000 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF�㻛.LOG2
[2010.09.05 11:00:00 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{f1152553-b8cf-11df-8843-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF䗠{f1152553-b8cf-11df-8843-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms
[2010.09.05 11:00:00 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{f1152553-b8cf-11df-8843-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF䗠{f1152553-b8cf-11df-8843-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms
[2010.09.05 11:00:00 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{f1152553-b8cf-11df-8843-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF䗠{f1152553-b8cf-11df-8843-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms
[2010.09.05 11:00:00 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{f1152553-b8cf-11df-8843-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF䗠{f1152553-b8cf-11df-8843-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms
[2010.09.05 11:00:00 | 000,262,144 | ---- | M] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF䗠
[2010.09.05 11:00:00 | 000,262,144 | ---- | C] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF䗠
[2010.09.05 11:00:00 | 000,065,536 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{f1152553-b8cf-11df-8843-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF䗠{f1152553-b8cf-11df-8843-001f3f0c9821}.TM.blf
[2010.09.05 11:00:00 | 000,065,536 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{f1152553-b8cf-11df-8843-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF䗠{f1152553-b8cf-11df-8843-001f3f0c9821}.TM.blf
[2010.09.05 11:00:00 | 000,005,120 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF䗠.LOG1
[2010.09.05 11:00:00 | 000,005,120 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF䗠.LOG1
[2010.09.05 11:00:00 | 000,000,000 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF䗠.LOG2
[2010.09.05 11:00:00 | 000,000,000 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF䗠.LOG2
[2010.08.29 11:00:00 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{a38765fd-b33e-11df-82b2-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF厼䤵{a38765fd-b33e-11df-82b2-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms
[2010.08.29 11:00:00 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{a38765fd-b33e-11df-82b2-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF厼䤵{a38765fd-b33e-11df-82b2-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms
[2010.08.29 11:00:00 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{a38765fd-b33e-11df-82b2-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF厼䤵{a38765fd-b33e-11df-82b2-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms
[2010.08.29 11:00:00 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{a38765fd-b33e-11df-82b2-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF厼䤵{a38765fd-b33e-11df-82b2-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms
[2010.08.29 11:00:00 | 000,262,144 | ---- | M] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF厼䤵
[2010.08.29 11:00:00 | 000,262,144 | ---- | C] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF厼䤵
[2010.08.29 11:00:00 | 000,065,536 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{a38765fd-b33e-11df-82b2-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF厼䤵{a38765fd-b33e-11df-82b2-001f3f0c9821}.TM.blf
[2010.08.29 11:00:00 | 000,065,536 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{a38765fd-b33e-11df-82b2-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF厼䤵{a38765fd-b33e-11df-82b2-001f3f0c9821}.TM.blf
[2010.08.29 11:00:00 | 000,005,120 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF厼䤵.LOG1
[2010.08.29 11:00:00 | 000,005,120 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF厼䤵.LOG1
[2010.08.29 11:00:00 | 000,000,000 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF厼䤵.LOG2
[2010.08.29 11:00:00 | 000,000,000 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF厼䤵.LOG2
[2010.08.22 11:17:35 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{a5e2ddf1-add5-11df-88ed-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF꾆祥{a5e2ddf1-add5-11df-88ed-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms
[2010.08.22 11:17:35 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{a5e2ddf1-add5-11df-88ed-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF꾆祥{a5e2ddf1-add5-11df-88ed-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms
[2010.08.22 11:17:35 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{a5e2ddf1-add5-11df-88ed-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF꾆祥{a5e2ddf1-add5-11df-88ed-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms
[2010.08.22 11:17:35 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{a5e2ddf1-add5-11df-88ed-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF꾆祥{a5e2ddf1-add5-11df-88ed-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms
[2010.08.22 11:17:35 | 000,262,144 | ---- | M] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF꾆祥
[2010.08.22 11:17:35 | 000,262,144 | ---- | C] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF꾆祥
[2010.08.22 11:17:35 | 000,065,536 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{a5e2ddf1-add5-11df-88ed-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF꾆祥{a5e2ddf1-add5-11df-88ed-001f3f0c9821}.TM.blf
[2010.08.22 11:17:35 | 000,065,536 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{a5e2ddf1-add5-11df-88ed-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF꾆祥{a5e2ddf1-add5-11df-88ed-001f3f0c9821}.TM.blf
[2010.08.22 11:17:35 | 000,005,120 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF꾆祥.LOG1
[2010.08.22 11:17:35 | 000,005,120 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF꾆祥.LOG1
[2010.08.22 11:17:35 | 000,000,000 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF꾆祥.LOG2
[2010.08.22 11:17:35 | 000,000,000 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF꾆祥.LOG2
[2010.08.15 11:00:00 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{20944781-a83d-11df-84ee-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF轺{20944781-a83d-11df-84ee-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms
[2010.08.15 11:00:00 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{20944781-a83d-11df-84ee-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF轺{20944781-a83d-11df-84ee-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms
[2010.08.15 11:00:00 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{20944781-a83d-11df-84ee-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF轺{20944781-a83d-11df-84ee-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms
[2010.08.15 11:00:00 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{20944781-a83d-11df-84ee-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF轺{20944781-a83d-11df-84ee-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms
[2010.08.15 11:00:00 | 000,262,144 | ---- | M] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF轺
[2010.08.15 11:00:00 | 000,262,144 | ---- | C] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF轺
[2010.08.15 11:00:00 | 000,065,536 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{20944781-a83d-11df-84ee-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF轺{20944781-a83d-11df-84ee-001f3f0c9821}.TM.blf
[2010.08.15 11:00:00 | 000,065,536 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{20944781-a83d-11df-84ee-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF轺{20944781-a83d-11df-84ee-001f3f0c9821}.TM.blf
[2010.08.15 11:00:00 | 000,005,120 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF轺.LOG1
[2010.08.15 11:00:00 | 000,005,120 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF轺.LOG1
[2010.08.15 11:00:00 | 000,000,000 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF轺.LOG2
[2010.08.15 11:00:00 | 000,000,000 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF轺.LOG2
[2010.08.08 11:30:02 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{e52c484f-a2bc-11df-9e27-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF귙쒛{e52c484f-a2bc-11df-9e27-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms
[2010.08.08 11:30:02 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{e52c484f-a2bc-11df-9e27-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF귙쒛{e52c484f-a2bc-11df-9e27-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms
[2010.08.08 11:30:02 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{e52c484f-a2bc-11df-9e27-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF귙쒛{e52c484f-a2bc-11df-9e27-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms
[2010.08.08 11:30:02 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{e52c484f-a2bc-11df-9e27-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF귙쒛{e52c484f-a2bc-11df-9e27-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms
[2010.08.08 11:30:02 | 000,262,144 | ---- | M] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF귙쒛
[2010.08.08 11:30:02 | 000,262,144 | ---- | C] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF귙쒛
[2010.08.08 11:30:02 | 000,065,536 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{e52c484f-a2bc-11df-9e27-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF귙쒛{e52c484f-a2bc-11df-9e27-001f3f0c9821}.TM.blf
[2010.08.08 11:30:02 | 000,065,536 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{e52c484f-a2bc-11df-9e27-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF귙쒛{e52c484f-a2bc-11df-9e27-001f3f0c9821}.TM.blf
[2010.08.08 11:30:02 | 000,005,120 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF귙쒛.LOG1
[2010.08.08 11:30:02 | 000,005,120 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF귙쒛.LOG1
[2010.08.08 11:30:02 | 000,000,000 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF귙쒛.LOG2
[2010.08.08 11:30:02 | 000,000,000 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF귙쒛.LOG2
[2010.08.02 06:38:18 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{566ee84d-9df7-11df-9819-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF몥갨{566ee84d-9df7-11df-9819-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms
[2010.08.02 06:38:18 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{566ee84d-9df7-11df-9819-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF몥갨{566ee84d-9df7-11df-9819-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms
[2010.08.02 06:38:18 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{566ee84d-9df7-11df-9819-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF몥갨{566ee84d-9df7-11df-9819-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms
[2010.08.02 06:38:18 | 000,065,536 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{566ee84d-9df7-11df-9819-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF몥갨{566ee84d-9df7-11df-9819-001f3f0c9821}.TM.blf
[2010.08.02 06:38:17 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{566ee84d-9df7-11df-9819-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF몥갨{566ee84d-9df7-11df-9819-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms
[2010.08.02 06:38:17 | 000,262,144 | ---- | M] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF몥갨
[2010.08.02 06:38:17 | 000,262,144 | ---- | C] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF몥갨
[2010.08.02 06:38:17 | 000,065,536 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{566ee84d-9df7-11df-9819-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF몥갨{566ee84d-9df7-11df-9819-001f3f0c9821}.TM.blf
[2010.08.02 06:38:17 | 000,005,120 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF몥갨.LOG1
[2010.08.02 06:38:17 | 000,005,120 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF몥갨.LOG1
[2010.08.02 06:38:17 | 000,000,000 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF몥갨.LOG2
[2010.08.02 06:38:17 | 000,000,000 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF몥갨.LOG2
[2010.07.18 20:19:16 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{8625ffb2-92a0-11df-84d7-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF徊{8625ffb2-92a0-11df-84d7-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms
[2010.07.18 20:19:16 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{8625ffb2-92a0-11df-84d7-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF徊{8625ffb2-92a0-11df-84d7-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms
[2010.07.18 20:19:16 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{8625ffb2-92a0-11df-84d7-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF徊{8625ffb2-92a0-11df-84d7-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms
[2010.07.18 20:19:16 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{8625ffb2-92a0-11df-84d7-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF徊{8625ffb2-92a0-11df-84d7-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms
[2010.07.18 20:19:16 | 000,262,144 | ---- | M] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF徊
[2010.07.18 20:19:16 | 000,262,144 | ---- | C] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF徊
[2010.07.18 20:19:16 | 000,065,536 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{8625ffb2-92a0-11df-84d7-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF徊{8625ffb2-92a0-11df-84d7-001f3f0c9821}.TM.blf
[2010.07.18 20:19:16 | 000,065,536 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{8625ffb2-92a0-11df-84d7-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF徊{8625ffb2-92a0-11df-84d7-001f3f0c9821}.TM.blf
[2010.07.18 20:19:16 | 000,005,120 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF徊.LOG1
[2010.07.18 20:19:16 | 000,005,120 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF徊.LOG1
[2010.07.18 20:19:16 | 000,000,000 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF徊.LOG2
[2010.07.18 20:19:16 | 000,000,000 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF徊.LOG2
[2010.07.11 11:00:00 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{6b070724-8cb5-11df-99e3-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF怽{6b070724-8cb5-11df-99e3-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms
[2010.07.11 11:00:00 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{6b070724-8cb5-11df-99e3-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF怽{6b070724-8cb5-11df-99e3-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms
[2010.07.11 11:00:00 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{6b070724-8cb5-11df-99e3-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF怽{6b070724-8cb5-11df-99e3-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms
[2010.07.11 11:00:00 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{6b070724-8cb5-11df-99e3-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF怽{6b070724-8cb5-11df-99e3-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms
[2010.07.11 11:00:00 | 000,262,144 | ---- | M] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF怽
[2010.07.11 11:00:00 | 000,262,144 | ---- | C] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF怽
[2010.07.11 11:00:00 | 000,065,536 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{6b070724-8cb5-11df-99e3-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF怽{6b070724-8cb5-11df-99e3-001f3f0c9821}.TM.blf
[2010.07.11 11:00:00 | 000,065,536 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{6b070724-8cb5-11df-99e3-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF怽{6b070724-8cb5-11df-99e3-001f3f0c9821}.TM.blf
[2010.07.11 11:00:00 | 000,005,120 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF怽.LOG1
[2010.07.11 11:00:00 | 000,005,120 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF怽.LOG1
[2010.07.11 11:00:00 | 000,000,000 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF怽.LOG2
[2010.07.11 11:00:00 | 000,000,000 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF怽.LOG2
[2010.07.04 17:48:31 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{24804ccc-878b-11df-88e6-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF䔫�{24804ccc-878b-11df-88e6-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms
[2010.07.04 17:48:31 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{24804ccc-878b-11df-88e6-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF䔫�{24804ccc-878b-11df-88e6-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms
[2010.07.04 17:48:31 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{24804ccc-878b-11df-88e6-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF䔫�{24804ccc-878b-11df-88e6-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms
[2010.07.04 17:48:31 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{24804ccc-878b-11df-88e6-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF䔫�{24804ccc-878b-11df-88e6-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms
[2010.07.04 17:48:31 | 000,262,144 | ---- | M] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF䔫�
[2010.07.04 17:48:31 | 000,262,144 | ---- | C] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF䔫�
[2010.07.04 17:48:31 | 000,065,536 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{24804ccc-878b-11df-88e6-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF䔫�{24804ccc-878b-11df-88e6-001f3f0c9821}.TM.blf
[2010.07.04 17:48:31 | 000,065,536 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{24804ccc-878b-11df-88e6-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF䔫�{24804ccc-878b-11df-88e6-001f3f0c9821}.TM.blf
[2010.07.04 17:48:31 | 000,005,120 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF䔫�.LOG1
[2010.07.04 17:48:31 | 000,005,120 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF䔫�.LOG1
[2010.07.04 17:48:31 | 000,000,000 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF䔫�.LOG2
[2010.07.04 17:48:31 | 000,000,000 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF䔫�.LOG2
[2010.07.03 13:25:15 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?F??{64fcd9cd-869d-11df-8a98-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\F㚵脏{64fcd9cd-869d-11df-8a98-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms
[2010.07.03 13:25:15 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?F??{64fcd9cd-869d-11df-8a98-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\F㚵脏{64fcd9cd-869d-11df-8a98-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms
[2010.07.03 13:25:15 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?F??{64fcd9cd-869d-11df-8a98-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\F㚵脏{64fcd9cd-869d-11df-8a98-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms
[2010.07.03 13:25:15 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?F??{64fcd9cd-869d-11df-8a98-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\F㚵脏{64fcd9cd-869d-11df-8a98-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms
[2010.07.03 13:25:15 | 000,262,144 | ---- | M] ()(C:\Windows\SysWow64\?F??) -- C:\Windows\SysWow64\F㚵脏
[2010.07.03 13:25:15 | 000,262,144 | ---- | C] ()(C:\Windows\SysWow64\?F??) -- C:\Windows\SysWow64\F㚵脏
[2010.07.03 13:25:15 | 000,065,536 | -HS- | M] ()(C:\Windows\SysWow64\?F??{64fcd9cd-869d-11df-8a98-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\F㚵脏{64fcd9cd-869d-11df-8a98-001f3f0c9821}.TM.blf
[2010.07.03 13:25:15 | 000,065,536 | -HS- | C] ()(C:\Windows\SysWow64\?F??{64fcd9cd-869d-11df-8a98-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\F㚵脏{64fcd9cd-869d-11df-8a98-001f3f0c9821}.TM.blf
[2010.07.03 13:25:15 | 000,005,120 | -HS- | M] ()(C:\Windows\SysWow64\?F??.LOG1) -- C:\Windows\SysWow64\F㚵脏.LOG1
[2010.07.03 13:25:15 | 000,005,120 | -HS- | C] ()(C:\Windows\SysWow64\?F??.LOG1) -- C:\Windows\SysWow64\F㚵脏.LOG1
[2010.07.03 13:25:15 | 000,000,000 | -HS- | M] ()(C:\Windows\SysWow64\?F??.LOG2) -- C:\Windows\SysWow64\F㚵脏.LOG2
[2010.07.03 13:25:15 | 000,000,000 | -HS- | C] ()(C:\Windows\SysWow64\?F??.LOG2) -- C:\Windows\SysWow64\F㚵脏.LOG2

========== Alternate Data Streams ==========

@Alternate Data Stream - 16 bytes -> C:\Users\Yzerman\Desktop\OTL.exe:BDU
@Alternate Data Stream - 16 bytes -> C:\Users\Yzerman\Desktop\Defogger.exe:BDU

< End of report >

cosinus 08.01.2012 22:18
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:
:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.msn.com/?ocid=ie9hp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.ksta.de/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.ksta.de/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://de.msn.com/?ocid=ie9hp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1B 45 34 05 88 C4 CC 01 [binary data]
O2:64bit: - BHO: (no name) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No CLSID value found.
O2 - BHO: (Message Faces for Internet Explorer) - {E3758FC2-BB95-4B86-84BF-D91F4748EC75} - C:\Program Files (x86)\Message Faces for Internet Explorer\x86\messagefaces-ie.dll ()
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.12.01 10:01:38 | 000,000,000 | RH-D | M] - J:\autorun -- [ NTFS ]
O33 - MountPoints2\{23f2218d-4f73-11df-86eb-001f3f0c9821}\Shell - "" = AutoRun
O33 - MountPoints2\{23f2218d-4f73-11df-86eb-001f3f0c9821}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\{7b6d5763-efe6-11df-8c80-001f3f0c9821}\Shell - "" = AutoRun
O33 - MountPoints2\{7b6d5763-efe6-11df-8c80-001f3f0c9821}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{abfe58e4-3f15-11df-87d5-002564f4a491}\Shell - "" = AutoRun
O33 - MountPoints2\{abfe58e4-3f15-11df-87d5-002564f4a491}\Shell\AutoRun\command - "" = I:\pushinst.exe
@Alternate Data Stream - 16 bytes -> C:\Users\Yzerman\Desktop\OTL.exe:BDU
@Alternate Data Stream - 16 bytes -> C:\Users\Yzerman\Desktop\Defogger.exe:BDU
:Commands
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Yzerman99 08.01.2012 22:47
Hier das OTL File nach Fix:

Code:
All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchDefaultBranded| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E3758FC2-BB95-4B86-84BF-D91F4748EC75}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E3758FC2-BB95-4B86-84BF-D91F4748EC75}\ deleted successfully.
C:\Program Files (x86)\Message Faces for Internet Explorer\x86\messagefaces-ie.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File  not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{23f2218d-4f73-11df-86eb-001f3f0c9821}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{23f2218d-4f73-11df-86eb-001f3f0c9821}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{23f2218d-4f73-11df-86eb-001f3f0c9821}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{23f2218d-4f73-11df-86eb-001f3f0c9821}\ not found.
File K:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b6d5763-efe6-11df-8c80-001f3f0c9821}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b6d5763-efe6-11df-8c80-001f3f0c9821}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b6d5763-efe6-11df-8c80-001f3f0c9821}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b6d5763-efe6-11df-8c80-001f3f0c9821}\ not found.
File I:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{abfe58e4-3f15-11df-87d5-002564f4a491}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{abfe58e4-3f15-11df-87d5-002564f4a491}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{abfe58e4-3f15-11df-87d5-002564f4a491}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{abfe58e4-3f15-11df-87d5-002564f4a491}\ not found.
File I:\pushinst.exe not found.
ADS C:\Users\Yzerman\Desktop\OTL.exe:BDU deleted successfully.
ADS C:\Users\Yzerman\Desktop\Defogger.exe:BDU deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: Yzerman
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 50392789 bytes
->Java cache emptied: 22552283 bytes
->FireFox cache emptied: 52904648 bytes
->Google Chrome cache emptied: 98912222 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 489 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 76109 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67966 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 215,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 01082012_223848

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cosinus 09.01.2012 09:43
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg


Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Yzerman99 09.01.2012 20:58
So hier das Kaspersky File. Hat nichts gefunden. Das springen in die Suchmaske habe ich aber immer noch.
Code:
20:54:26.0235 4792        TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
20:54:26.0359 4792        ============================================================
20:54:26.0359 4792        Current date / time: 2012/01/09 20:54:26.0359
20:54:26.0359 4792        SystemInfo:
20:54:26.0359 4792       
20:54:26.0359 4792        OS Version: 6.1.7601 ServicePack: 1.0
20:54:26.0359 4792        Product type: Workstation
20:54:26.0359 4792        ComputerName: YZERMAN-PC
20:54:26.0359 4792        UserName: Yzerman
20:54:26.0359 4792        Windows directory: C:\Windows
20:54:26.0359 4792        System windows directory: C:\Windows
20:54:26.0359 4792        Running under WOW64
20:54:26.0359 4792        Processor architecture: Intel x64
20:54:26.0359 4792        Number of processors: 4
20:54:26.0359 4792        Page size: 0x1000
20:54:26.0359 4792        Boot type: Normal boot
20:54:26.0359 4792        ============================================================
20:54:26.0703 4792        Initialize success
20:54:37.0092 1128        ============================================================
20:54:37.0092 1128        Scan started
20:54:37.0092 1128        Mode: Manual; SigCheck; TDLFS;
20:54:37.0092 1128        ============================================================
20:54:37.0342 1128        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
20:54:37.0404 1128        1394ohci - ok
20:54:37.0435 1128        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
20:54:37.0435 1128        ACPI - ok
20:54:37.0451 1128        AcpiPmi        (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
20:54:37.0467 1128        AcpiPmi - ok
20:54:37.0498 1128        adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
20:54:37.0513 1128        adp94xx - ok
20:54:37.0513 1128        adpahci        (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
20:54:37.0529 1128        adpahci - ok
20:54:37.0545 1128        adpu320        (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
20:54:37.0560 1128        adpu320 - ok
20:54:37.0591 1128        AFD            (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
20:54:37.0607 1128        AFD - ok
20:54:37.0638 1128        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
20:54:37.0638 1128        agp440 - ok
20:54:37.0669 1128        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
20:54:37.0669 1128        aliide - ok
20:54:37.0685 1128        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
20:54:37.0701 1128        amdide - ok
20:54:37.0716 1128        AmdK8          (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
20:54:37.0732 1128        AmdK8 - ok
20:54:37.0747 1128        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
20:54:37.0763 1128        AmdPPM - ok
20:54:37.0763 1128        amdsata        (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
20:54:37.0779 1128        amdsata - ok
20:54:37.0794 1128        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
20:54:37.0810 1128        amdsbs - ok
20:54:37.0810 1128        amdxata        (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
20:54:37.0825 1128        amdxata - ok
20:54:37.0857 1128        AppID          (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
20:54:37.0888 1128        AppID - ok
20:54:37.0903 1128        arc            (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
20:54:37.0919 1128        arc - ok
20:54:37.0919 1128        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
20:54:37.0935 1128        arcsas - ok
20:54:37.0935 1128        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:54:37.0966 1128        AsyncMac - ok
20:54:37.0981 1128        atapi          (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
20:54:37.0981 1128        atapi - ok
20:54:38.0013 1128        AtiHdmiService  (506934df94e3197f4a1bbe8fbeab0ccd) C:\Windows\system32\drivers\AtiHdmi.sys
20:54:38.0044 1128        AtiHdmiService - ok
20:54:38.0169 1128        atikmdag        (79ceb8d4f25cabe69f3762c90f5b06b8) C:\Windows\system32\DRIVERS\atikmdag.sys
20:54:38.0231 1128        atikmdag - ok
20:54:38.0309 1128        avc3            (e275a45da5e9e6f043c47c245a9007aa) C:\Windows\system32\DRIVERS\avc3.sys
20:54:38.0340 1128        avc3 - ok
20:54:38.0356 1128        avchv          (4c6bcc638798abe1f70afca70d889c3f) C:\Windows\system32\DRIVERS\avchv.sys
20:54:38.0371 1128        avchv - ok
20:54:38.0387 1128        avckf          (3c64d0e61572bfe2c5c2beb8cb850d5b) C:\Windows\system32\DRIVERS\avckf.sys
20:54:38.0403 1128        avckf - ok
20:54:38.0403 1128        AVFSFilter - ok
20:54:38.0418 1128        avmeject        (1dc2f715792cf33428ad7993acbd224d) C:\Windows\system32\drivers\avmeject.sys
20:54:38.0434 1128        avmeject - ok
20:54:38.0449 1128        b06bdrv        (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
20:54:38.0465 1128        b06bdrv - ok
20:54:38.0496 1128        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:54:38.0512 1128        b57nd60a - ok
20:54:38.0590 1128        BdfNdisf        (707ac68f86f97c17c30498aaf3c7e27e) c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys
20:54:38.0605 1128        BdfNdisf - ok
20:54:38.0637 1128        bdfsfltr        (66116e0a4da8407ff7f2aaace52b8b54) C:\Windows\system32\DRIVERS\bdfsfltr.sys
20:54:38.0668 1128        bdfsfltr - ok
20:54:38.0699 1128        bdfwfpf        (4ce4b0098fc315c237fa8867f07886c4) C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys
20:54:38.0715 1128        bdfwfpf - ok
20:54:38.0746 1128        bdsandbox      (afda933f10d5b536b8713f119eba6912) C:\Windows\system32\drivers\bdsandbox.sys
20:54:38.0746 1128        bdsandbox - ok
20:54:38.0777 1128        BDVEDISK        (b89deff4817b4cc6fc2bcd8f83b4e75d) C:\Windows\system32\DRIVERS\bdvedisk.sys
20:54:38.0793 1128        BDVEDISK - ok
20:54:38.0808 1128        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
20:54:38.0839 1128        Beep - ok
20:54:38.0855 1128        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
20:54:38.0871 1128        blbdrive - ok
20:54:38.0902 1128        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
20:54:38.0917 1128        bowser - ok
20:54:38.0933 1128        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:54:38.0949 1128        BrFiltLo - ok
20:54:38.0949 1128        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:54:38.0964 1128        BrFiltUp - ok
20:54:38.0980 1128        Brserid        (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
20:54:38.0995 1128        Brserid - ok
20:54:39.0011 1128        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
20:54:39.0027 1128        BrSerWdm - ok
20:54:39.0042 1128        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:54:39.0058 1128        BrUsbMdm - ok
20:54:39.0058 1128        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
20:54:39.0073 1128        BrUsbSer - ok
20:54:39.0073 1128        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
20:54:39.0089 1128        BTHMODEM - ok
20:54:39.0105 1128        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
20:54:39.0136 1128        cdfs - ok
20:54:39.0151 1128        cdrom          (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
20:54:39.0167 1128        cdrom - ok
20:54:39.0183 1128        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
20:54:39.0183 1128        circlass - ok
20:54:39.0214 1128        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
20:54:39.0229 1128        CLFS - ok
20:54:39.0245 1128        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
20:54:39.0261 1128        CmBatt - ok
20:54:39.0261 1128        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
20:54:39.0276 1128        cmdide - ok
20:54:39.0323 1128        CNG            (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
20:54:39.0339 1128        CNG - ok
20:54:39.0339 1128        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
20:54:39.0354 1128        Compbatt - ok
20:54:39.0354 1128        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
20:54:39.0370 1128        CompositeBus - ok
20:54:39.0385 1128        crcdisk        (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
20:54:39.0401 1128        crcdisk - ok
20:54:39.0432 1128        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
20:54:39.0463 1128        DfsC - ok
20:54:39.0479 1128        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
20:54:39.0510 1128        discache - ok
20:54:39.0526 1128        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
20:54:39.0526 1128        Disk - ok
20:54:39.0557 1128        Dot4            (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
20:54:39.0557 1128        Dot4 - ok
20:54:39.0573 1128        Dot4Print      (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys
20:54:39.0588 1128        Dot4Print - ok
20:54:39.0588 1128        dot4usb        (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
20:54:39.0604 1128        dot4usb - ok
20:54:39.0619 1128        drmkaud        (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
20:54:39.0635 1128        drmkaud - ok
20:54:39.0682 1128        DXGKrnl        (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
20:54:39.0697 1128        DXGKrnl - ok
20:54:39.0791 1128        ebdrv          (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
20:54:39.0822 1128        ebdrv - ok
20:54:39.0853 1128        elxstor        (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
20:54:39.0869 1128        elxstor - ok
20:54:39.0885 1128        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
20:54:39.0885 1128        ErrDev - ok
20:54:39.0916 1128        exfat          (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
20:54:39.0947 1128        exfat - ok
20:54:39.0963 1128        fastfat        (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
20:54:39.0994 1128        fastfat - ok
20:54:40.0009 1128        fdc            (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
20:54:40.0025 1128        fdc - ok
20:54:40.0025 1128        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
20:54:40.0041 1128        FileInfo - ok
20:54:40.0056 1128        Filetrace      (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
20:54:40.0087 1128        Filetrace - ok
20:54:40.0103 1128        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
20:54:40.0103 1128        flpydisk - ok
20:54:40.0134 1128        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
20:54:40.0150 1128        FltMgr - ok
20:54:40.0165 1128        FsDepends      (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
20:54:40.0165 1128        FsDepends - ok
20:54:40.0165 1128        Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
20:54:40.0181 1128        Fs_Rec - ok
20:54:40.0228 1128        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
20:54:40.0228 1128        fvevol - ok
20:54:40.0259 1128        FWLANUSB        (444534cba693dd23c1cc589681e01656) C:\Windows\system32\DRIVERS\fwlanusb.sys
20:54:40.0290 1128        FWLANUSB - ok
20:54:40.0290 1128        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
20:54:40.0306 1128        gagp30kx - ok
20:54:40.0321 1128        GearAspiWDM    (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\drivers\GEARAspiWDM.sys
20:54:40.0337 1128        GearAspiWDM - ok
20:54:40.0337 1128        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
20:54:40.0353 1128        hcw85cir - ok
20:54:40.0384 1128        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
20:54:40.0399 1128        HDAudBus - ok
20:54:40.0431 1128        HECIx64        (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
20:54:40.0446 1128        HECIx64 - ok
20:54:40.0446 1128        HidBatt        (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
20:54:40.0462 1128        HidBatt - ok
20:54:40.0477 1128        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
20:54:40.0493 1128        HidBth - ok
20:54:40.0509 1128        HidIr          (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
20:54:40.0524 1128        HidIr - ok
20:54:40.0524 1128        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
20:54:40.0540 1128        HidUsb - ok
20:54:40.0571 1128        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
20:54:40.0571 1128        HpSAMD - ok
20:54:40.0618 1128        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
20:54:40.0649 1128        HTTP - ok
20:54:40.0680 1128        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
20:54:40.0696 1128        hwpolicy - ok
20:54:40.0696 1128        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
20:54:40.0711 1128        i8042prt - ok
20:54:40.0727 1128        iaStor          (631fa8935163b01fc0c02966cb3adb92) C:\Windows\system32\DRIVERS\iaStor.sys
20:54:40.0743 1128        iaStor - ok
20:54:40.0758 1128        iaStorV        (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
20:54:40.0774 1128        iaStorV - ok
20:54:40.0789 1128        iirsp          (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
20:54:40.0789 1128        iirsp - ok
20:54:40.0883 1128        IntcAzAudAddService (ee64207f2f5c20bfe5f73db2566c4601) C:\Windows\system32\drivers\RTKVHD64.sys
20:54:40.0914 1128        IntcAzAudAddService - ok
20:54:40.0930 1128        IntcDAud        (49072edbc5c2f964917d1b585c90ed0a) C:\Windows\system32\DRIVERS\IntcDAud.sys
20:54:40.0945 1128        IntcDAud - ok
20:54:40.0945 1128        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
20:54:40.0961 1128        intelide - ok
20:54:40.0961 1128        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
20:54:40.0977 1128        intelppm - ok
20:54:41.0008 1128        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:54:41.0039 1128        IpFilterDriver - ok
20:54:41.0055 1128        IPMIDRV        (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
20:54:41.0070 1128        IPMIDRV - ok
20:54:41.0086 1128        IPNAT          (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:54:41.0117 1128        IPNAT - ok
20:54:41.0133 1128        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:54:41.0148 1128        IRENUM - ok
20:54:41.0148 1128        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
20:54:41.0164 1128        isapnp - ok
20:54:41.0164 1128        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
20:54:41.0179 1128        iScsiPrt - ok
20:54:41.0195 1128        k57nd60a        (d85f3f18e44f7447b5f1ba5c85baeb7c) C:\Windows\system32\DRIVERS\k57nd60a.sys
20:54:41.0211 1128        k57nd60a - ok
20:54:41.0211 1128        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
20:54:41.0226 1128        kbdclass - ok
20:54:41.0242 1128        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
20:54:41.0257 1128        kbdhid - ok
20:54:41.0304 1128        KSecDD          (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
20:54:41.0304 1128        KSecDD - ok
20:54:41.0351 1128        KSecPkg        (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
20:54:41.0367 1128        KSecPkg - ok
20:54:41.0382 1128        ksthunk        (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:54:41.0413 1128        ksthunk - ok
20:54:41.0429 1128        LHidFilt        (aa3d903c5a7538803f2400a8391f1881) C:\Windows\system32\DRIVERS\LHidFilt.Sys
20:54:41.0445 1128        LHidFilt - ok
20:54:41.0460 1128        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:54:41.0476 1128        lltdio - ok
20:54:41.0507 1128        LMouFilt        (90b4b2b0b5f05abb9fb365405a7b825b) C:\Windows\system32\DRIVERS\LMouFilt.Sys
20:54:41.0507 1128        LMouFilt - ok
20:54:41.0523 1128        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
20:54:41.0523 1128        LSI_FC - ok
20:54:41.0538 1128        LSI_SAS        (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
20:54:41.0554 1128        LSI_SAS - ok
20:54:41.0554 1128        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:54:41.0569 1128        LSI_SAS2 - ok
20:54:41.0569 1128        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:54:41.0585 1128        LSI_SCSI - ok
20:54:41.0601 1128        luafv          (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:54:41.0632 1128        luafv - ok
20:54:41.0647 1128        LVPr2M64        (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys
20:54:41.0647 1128        LVPr2M64 - ok
20:54:41.0647 1128        LVPr2Mon        (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys
20:54:41.0663 1128        LVPr2Mon - ok
20:54:41.0679 1128        LVRS64          (a43a6cbea073990a784603ef065a281b) C:\Windows\system32\DRIVERS\lvrs64.sys
20:54:41.0694 1128        LVRS64 - ok
20:54:41.0819 1128        LVUVC64        (4350876ab0d0c77d0b40a1c85935c96b) C:\Windows\system32\DRIVERS\lvuvc64.sys
20:54:41.0897 1128        LVUVC64 - ok
20:54:41.0913 1128        megasas        (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
20:54:41.0928 1128        megasas - ok
20:54:41.0928 1128        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
20:54:41.0944 1128        MegaSR - ok
20:54:41.0959 1128        Modem          (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:54:41.0991 1128        Modem - ok
20:54:41.0991 1128        monitor        (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:54:42.0006 1128        monitor - ok
20:54:42.0022 1128        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
20:54:42.0022 1128        mouclass - ok
20:54:42.0037 1128        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
20:54:42.0037 1128        mouhid - ok
20:54:42.0053 1128        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
20:54:42.0069 1128        mountmgr - ok
20:54:42.0069 1128        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
20:54:42.0084 1128        mpio - ok
20:54:42.0100 1128        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:54:42.0131 1128        mpsdrv - ok
20:54:42.0162 1128        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
20:54:42.0209 1128        MRxDAV - ok
20:54:42.0240 1128        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:54:42.0271 1128        mrxsmb - ok
20:54:42.0318 1128        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:54:42.0334 1128        mrxsmb10 - ok
20:54:42.0349 1128        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:54:42.0365 1128        mrxsmb20 - ok
20:54:42.0381 1128        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
20:54:42.0381 1128        msahci - ok
20:54:42.0396 1128        msdsm          (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
20:54:42.0412 1128        msdsm - ok
20:54:42.0427 1128        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:54:42.0459 1128        Msfs - ok
20:54:42.0474 1128        mshidkmdf      (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:54:42.0521 1128        mshidkmdf - ok
20:54:42.0537 1128        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
20:54:42.0552 1128        msisadrv - ok
20:54:42.0552 1128        MSKSSRV        (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:54:42.0583 1128        MSKSSRV - ok
20:54:42.0599 1128        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:54:42.0630 1128        MSPCLOCK - ok
20:54:42.0630 1128        MSPQM          (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:54:42.0661 1128        MSPQM - ok
20:54:42.0693 1128        MsRPC          (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
20:54:42.0708 1128        MsRPC - ok
20:54:42.0739 1128        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
20:54:42.0755 1128        mssmbios - ok
20:54:42.0755 1128        MSTEE          (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:54:42.0786 1128        MSTEE - ok
20:54:42.0786 1128        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
20:54:42.0802 1128        MTConfig - ok
20:54:42.0802 1128        Mup            (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:54:42.0817 1128        Mup - ok
20:54:42.0833 1128        NativeWifiP    (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:54:42.0849 1128        NativeWifiP - ok
20:54:42.0895 1128        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
20:54:42.0911 1128        NDIS - ok
20:54:42.0911 1128        NdisCap        (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:54:42.0942 1128        NdisCap - ok
20:54:42.0958 1128        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:54:42.0989 1128        NdisTapi - ok
20:54:43.0020 1128        Ndisuio        (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
20:54:43.0067 1128        Ndisuio - ok
20:54:43.0083 1128        NdisWan        (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
20:54:43.0114 1128        NdisWan - ok
20:54:43.0145 1128        NDProxy        (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
20:54:43.0207 1128        NDProxy - ok
20:54:43.0239 1128        Netaapl        (6f4607e2333fe21e9e3ff8133a88b35b) C:\Windows\system32\DRIVERS\netaapl64.sys
20:54:43.0239 1128        Netaapl - ok
20:54:43.0254 1128        NetBIOS        (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:54:43.0285 1128        NetBIOS - ok
20:54:43.0317 1128        NetBT          (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
20:54:43.0363 1128        NetBT - ok
20:54:43.0379 1128        nfrd960        (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
20:54:43.0395 1128        nfrd960 - ok
20:54:43.0395 1128        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:54:43.0426 1128        Npfs - ok
20:54:43.0441 1128        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:54:43.0473 1128        nsiproxy - ok
20:54:43.0551 1128        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
20:54:43.0582 1128        Ntfs - ok
20:54:43.0597 1128        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:54:43.0629 1128        Null - ok
20:54:43.0629 1128        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
20:54:43.0644 1128        nvraid - ok
20:54:43.0660 1128        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
20:54:43.0660 1128        nvstor - ok
20:54:43.0675 1128        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
20:54:43.0691 1128        nv_agp - ok
20:54:43.0722 1128        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
20:54:43.0738 1128        ohci1394 - ok
20:54:43.0753 1128        Parport        (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
20:54:43.0769 1128        Parport - ok
20:54:43.0769 1128        partmgr        (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
20:54:43.0785 1128        partmgr - ok
20:54:43.0800 1128        pci            (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
20:54:43.0800 1128        pci - ok
20:54:43.0831 1128        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
20:54:43.0847 1128        pciide - ok
20:54:43.0847 1128        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
20:54:43.0863 1128        pcmcia - ok
20:54:43.0878 1128        pcw            (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:54:43.0894 1128        pcw - ok
20:54:43.0909 1128        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:54:43.0941 1128        PEAUTH - ok
20:54:44.0003 1128        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
20:54:44.0034 1128        PptpMiniport - ok
20:54:44.0034 1128        Processor      (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
20:54:44.0050 1128        Processor - ok
20:54:44.0081 1128        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
20:54:44.0128 1128        Psched - ok
20:54:44.0143 1128        PxHlpa64        (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
20:54:44.0159 1128        PxHlpa64 - ok
20:54:44.0206 1128        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
20:54:44.0237 1128        ql2300 - ok
20:54:44.0237 1128        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
20:54:44.0253 1128        ql40xx - ok
20:54:44.0268 1128        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:54:44.0284 1128        QWAVEdrv - ok
20:54:44.0284 1128        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:54:44.0315 1128        RasAcd - ok
20:54:44.0331 1128        RasAgileVpn    (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:54:44.0362 1128        RasAgileVpn - ok
20:54:44.0393 1128        Rasl2tp        (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:54:44.0440 1128        Rasl2tp - ok
20:54:44.0455 1128        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:54:44.0487 1128        RasPppoe - ok
20:54:44.0502 1128        RasSstp        (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:54:44.0533 1128        RasSstp - ok
20:54:44.0549 1128        rdbss          (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
20:54:44.0580 1128        rdbss - ok
20:54:44.0611 1128        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
20:54:44.0627 1128        rdpbus - ok
20:54:44.0643 1128        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:54:44.0674 1128        RDPCDD - ok
20:54:44.0674 1128        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:54:44.0705 1128        RDPENCDD - ok
20:54:44.0721 1128        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:54:44.0752 1128        RDPREFMP - ok
20:54:44.0767 1128        RDPWD          (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
20:54:44.0799 1128        RDPWD - ok
20:54:44.0830 1128        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
20:54:44.0845 1128        rdyboost - ok
20:54:44.0877 1128        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:54:44.0908 1128        rspndr - ok
20:54:44.0923 1128        RxFilter - ok
20:54:45.0001 1128        SASDIFSV        (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
20:54:45.0017 1128        SASDIFSV - ok
20:54:45.0064 1128        SASKUTIL        (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
20:54:45.0079 1128        SASKUTIL - ok
20:54:45.0095 1128        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
20:54:45.0095 1128        sbp2port - ok
20:54:45.0126 1128        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
20:54:45.0157 1128        scfilter - ok
20:54:45.0173 1128        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:54:45.0204 1128        secdrv - ok
20:54:45.0220 1128        Serenum        (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
20:54:45.0235 1128        Serenum - ok
20:54:45.0251 1128        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
20:54:45.0251 1128        Serial - ok
20:54:45.0267 1128        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
20:54:45.0267 1128        sermouse - ok
20:54:45.0282 1128        sffdisk        (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
20:54:45.0298 1128        sffdisk - ok
20:54:45.0313 1128        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
20:54:45.0329 1128        sffp_mmc - ok
20:54:45.0329 1128        sffp_sd        (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
20:54:45.0345 1128        sffp_sd - ok
20:54:45.0345 1128        sfloppy        (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
20:54:45.0360 1128        sfloppy - ok
20:54:45.0391 1128        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:54:45.0391 1128        SiSRaid2 - ok
20:54:45.0407 1128        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
20:54:45.0423 1128        SiSRaid4 - ok
20:54:45.0423 1128        Smb            (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:54:45.0454 1128        Smb - ok
20:54:45.0469 1128        spldr          (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:54:45.0485 1128        spldr - ok
20:54:45.0532 1128        srv            (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
20:54:45.0547 1128        srv - ok
20:54:45.0563 1128        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
20:54:45.0579 1128        srv2 - ok
20:54:45.0594 1128        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
20:54:45.0594 1128        srvnet - ok
20:54:45.0625 1128        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
20:54:45.0625 1128        stexstor - ok
20:54:45.0641 1128        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
20:54:45.0657 1128        swenum - ok
20:54:45.0672 1128        taphss          (f33fdc72298df4bf9813a55d21f4eb31) C:\Windows\system32\DRIVERS\taphss.sys
20:54:45.0688 1128        taphss - ok
20:54:45.0781 1128        Tcpip          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
20:54:45.0828 1128        Tcpip - ok
20:54:45.0844 1128        TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
20:54:45.0875 1128        TCPIP6 - ok
20:54:45.0906 1128        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
20:54:45.0937 1128        tcpipreg - ok
20:54:45.0937 1128        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:54:45.0969 1128        TDPIPE - ok
20:54:45.0984 1128        TDTCP          (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
20:54:46.0015 1128        TDTCP - ok
20:54:46.0047 1128        tdx            (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
20:54:46.0078 1128        tdx - ok
20:54:46.0093 1128        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
20:54:46.0109 1128        TermDD - ok
20:54:46.0171 1128        trufos          (df219721ddffcbe03aa894b6b6742ba1) C:\Windows\system32\DRIVERS\trufos.sys
20:54:46.0187 1128        trufos - ok
20:54:46.0234 1128        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:54:46.0281 1128        tssecsrv - ok
20:54:46.0312 1128        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
20:54:46.0312 1128        TsUsbFlt - ok
20:54:46.0374 1128        TuneUpUtilitiesDrv (dcc94c51d27c7ec0dadeca8f64c94fcf) C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys
20:54:46.0390 1128        TuneUpUtilitiesDrv - ok
20:54:46.0421 1128        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
20:54:46.0468 1128        tunnel - ok
20:54:46.0468 1128        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
20:54:46.0483 1128        uagp35 - ok
20:54:46.0515 1128        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
20:54:46.0546 1128        udfs - ok
20:54:46.0561 1128        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
20:54:46.0577 1128        uliagpkx - ok
20:54:46.0577 1128        umbus          (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
20:54:46.0593 1128        umbus - ok
20:54:46.0593 1128        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
20:54:46.0608 1128        UmPass - ok
20:54:46.0639 1128        USBAAPL64      (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
20:54:46.0655 1128        USBAAPL64 - ok
20:54:46.0686 1128        usbaudio        (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
20:54:46.0702 1128        usbaudio - ok
20:54:46.0702 1128        usbccgp        (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
20:54:46.0717 1128        usbccgp - ok
20:54:46.0749 1128        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
20:54:46.0764 1128        usbcir - ok
20:54:46.0764 1128        usbehci        (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
20:54:46.0780 1128        usbehci - ok
20:54:46.0795 1128        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
20:54:46.0811 1128        usbhub - ok
20:54:46.0827 1128        usbohci        (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
20:54:46.0842 1128        usbohci - ok
20:54:46.0842 1128        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
20:54:46.0858 1128        usbprint - ok
20:54:46.0889 1128        usbscan        (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
20:54:46.0920 1128        usbscan - ok
20:54:46.0920 1128        USBSTOR        (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:54:46.0936 1128        USBSTOR - ok
20:54:46.0936 1128        usbuhci        (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
20:54:46.0951 1128        usbuhci - ok
20:54:46.0967 1128        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
20:54:46.0967 1128        vdrvroot - ok
20:54:46.0983 1128        vga            (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:54:46.0998 1128        vga - ok
20:54:46.0998 1128        VgaSave        (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:54:47.0029 1128        VgaSave - ok
20:54:47.0045 1128        vhdmp          (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
20:54:47.0061 1128        vhdmp - ok
20:54:47.0061 1128        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
20:54:47.0076 1128        viaide - ok
20:54:47.0092 1128        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
20:54:47.0092 1128        volmgr - ok
20:54:47.0123 1128        volmgrx        (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
20:54:47.0154 1128        volmgrx - ok
20:54:47.0170 1128        volsnap        (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
20:54:47.0185 1128        volsnap - ok
20:54:47.0185 1128        vsmraid        (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
20:54:47.0201 1128        vsmraid - ok
20:54:47.0217 1128        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
20:54:47.0232 1128        vwifibus - ok
20:54:47.0263 1128        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
20:54:47.0263 1128        WacomPen - ok
20:54:47.0295 1128        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:54:47.0310 1128        WANARP - ok
20:54:47.0326 1128        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:54:47.0341 1128        Wanarpv6 - ok
20:54:47.0357 1128        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
20:54:47.0373 1128        Wd - ok
20:54:47.0388 1128        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:54:47.0404 1128        Wdf01000 - ok
20:54:47.0419 1128        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:54:47.0451 1128        WfpLwf - ok
20:54:47.0466 1128        WimFltr        (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
20:54:47.0466 1128        WimFltr - ok
20:54:47.0482 1128        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:54:47.0482 1128        WIMMount - ok
20:54:47.0513 1128        WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
20:54:47.0513 1128        WinUsb - ok
20:54:47.0560 1128        WmiAcpi        (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
20:54:47.0575 1128        WmiAcpi - ok
20:54:47.0591 1128        ws2ifsl        (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:54:47.0622 1128        ws2ifsl - ok
20:54:47.0653 1128        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
20:54:47.0685 1128        WudfPf - ok
20:54:47.0700 1128        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:54:47.0731 1128        WUDFRd - ok
20:54:47.0747 1128        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
20:54:47.0903 1128        \Device\Harddisk0\DR0 - ok
20:54:47.0903 1128        MBR (0x1B8)    (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
20:54:48.0246 1128        \Device\Harddisk1\DR1 - ok
20:54:48.0246 1128        Boot (0x1200)  (42d388cd6d9a4a721afa84cc5c478650) \Device\Harddisk0\DR0\Partition0
20:54:48.0246 1128        \Device\Harddisk0\DR0\Partition0 - ok
20:54:48.0277 1128        Boot (0x1200)  (1593ab372be4700b886691c512889c4e) \Device\Harddisk0\DR0\Partition1
20:54:48.0277 1128        \Device\Harddisk0\DR0\Partition1 - ok
20:54:48.0293 1128        Boot (0x1200)  (4dae3a28d6a7b35dff8264b99c60e12f) \Device\Harddisk1\DR1\Partition0
20:54:48.0293 1128        \Device\Harddisk1\DR1\Partition0 - ok
20:54:48.0293 1128        ============================================================
20:54:48.0293 1128        Scan finished
20:54:48.0293 1128        ============================================================
20:54:48.0309 2996        Detected object count: 0
20:54:48.0309 2996        Actual detected object count: 0
20:55:03.0831 3408        Deinitialize success

cosinus 09.01.2012 22:09
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Yzerman99 10.01.2012 20:05
Hallo Arne, hier das Combo File Log für Dich:
Combofix Logfile:
Code:
ComboFix 12-01-10.02 - Yzerman 10.01.2012  19:49:52.2.4 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.3959.2433 [GMT 1:00]
ausgeführt von:: c:\users\Yzerman\Desktop\ComboFix.exe
AV: Bitdefender Virenschutz *Disabled/Updated* {50909708-FF80-02AF-F814-B28405891E92}
FW: Bitdefender Firewall *Disabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}
SP: Bitdefender Spyware-Schutz *Disabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\java.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-12-10 bis 2012-01-10  ))))))))))))))))))))))))))))))
.
.
2012-01-10 18:54 . 2012-01-10 18:54        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-01-10 09:08 . 2012-01-10 09:08        --------        d-----w-        c:\users\Yzerman\AppData\Roaming\FreeHideIP
2012-01-10 09:08 . 2012-01-10 09:08        --------        d-----w-        c:\programdata\FreeHideIP
2012-01-08 21:38 . 2012-01-08 21:38        --------        d-----w-        C:\_OTL
2012-01-07 17:02 . 2012-01-07 17:02        --------        d-----w-        c:\program files (x86)\ESET
2012-01-06 13:25 . 2012-01-06 13:25        199827        ----a-w-        c:\programdata\1325856142.bdinstall.bin
2012-01-06 13:23 . 2011-10-27 13:07        329800        ----a-w-        c:\windows\system32\drivers\trufos.sys
2012-01-06 13:23 . 2011-03-24 13:36        431176        ----a-w-        c:\windows\system32\drivers\bdfsfltr.sys
2012-01-06 07:38 . 2012-01-06 07:38        --------        d-----w-        c:\users\Yzerman\AppData\Roaming\SUPERAntiSpyware.com
2012-01-06 07:37 . 2012-01-06 12:15        --------        d-----w-        c:\program files\SUPERAntiSpyware
2012-01-06 07:37 . 2012-01-06 07:37        --------        d-----w-        c:\programdata\SUPERAntiSpyware.com
2012-01-05 21:36 . 2012-01-05 21:42        --------        d-----w-        c:\programdata\BDLogging
2012-01-05 19:07 . 2012-01-05 19:07        --------        d-----w-        c:\users\Yzerman\AppData\Roaming\Malwarebytes
2012-01-05 19:07 . 2012-01-05 19:07        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2012-01-05 19:07 . 2012-01-05 19:07        --------        d-----w-        c:\programdata\Malwarebytes
2012-01-05 19:07 . 2011-12-10 14:24        23152        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-01-05 13:36 . 2012-01-05 13:36        525544        ----a-w-        c:\windows\system32\deployJava1.dll
2012-01-05 13:36 . 2012-01-05 13:36        --------        d-----w-        c:\program files\Java
2012-01-05 00:05 . 2012-01-05 00:05        --------        d-----w-        c:\users\Yzerman\AppData\Local\s.menze
2012-01-05 00:05 . 2012-01-05 00:05        --------        d-----w-        c:\users\Yzerman\AppData\Local\SafeBox
2012-01-04 18:34 . 2012-01-04 18:34        247636        ----a-w-        c:\programdata\1325701732.bdinstall.bin
2012-01-04 18:33 . 2012-01-04 18:34        --------        d-----w-        c:\users\Yzerman\AppData\Roaming\Bitdefender
2012-01-04 18:33 . 2012-01-06 13:24        --------        d-----w-        c:\programdata\Bitdefender
2012-01-04 18:29 . 2012-01-04 18:30        --------        d-----w-        c:\program files\Bitdefender
2012-01-04 18:28 . 2012-01-04 18:29        --------        d-----w-        c:\program files\Common Files\Bitdefender
2012-01-04 18:28 . 2012-01-04 18:28        --------        d-----w-        c:\program files (x86)\Common Files\Bitdefender
2012-01-03 17:41 . 2012-01-03 17:41        15712        ----a-w-        c:\program files (x86)\Common Files\Windows Live\.cache\fde1205b1ccca3e01\MeshBetaRemover.exe
2012-01-03 07:58 . 2011-11-21 11:40        8822856        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{5F63B1FE-F3CD-4BFB-89D9-719A1FD463E1}\mpengine.dll
2011-12-29 18:46 . 2012-01-04 17:23        --------        d-----w-        c:\programdata\clp
2011-12-29 18:46 . 2011-12-29 18:46        --------        d-----w-        c:\programdata\Common Toolkit Suite
2011-12-28 13:02 . 2011-06-21 04:09        200976        ----a-w-        c:\windows\SysWow64\drivers\tmcomm.sys
2011-12-27 11:30 . 2011-12-28 12:52        --------        d-----w-        c:\users\Yzerman\AppData\Roaming\QuickScan
2011-12-27 11:06 . 2011-12-27 11:06        --------        d-----w-        c:\programdata\boost_interprocess
2011-12-18 00:11 . 2011-12-18 00:11        --------        d-----w-        c:\users\Yzerman\AppData\Roaming\ZoomBrowser EX
2011-12-17 23:28 . 2011-12-17 23:28        --------        d-----w-        c:\programdata\ZoomBrowser
2011-12-17 23:28 . 2011-12-17 23:29        --------        d-----w-        c:\program files (x86)\Canon
2011-12-17 23:27 . 2011-12-17 23:27        --------        d-----w-        c:\program files (x86)\Common Files\Canon
2011-12-14 17:37 . 2011-10-26 05:21        43520        ----a-w-        c:\windows\system32\csrsrv.dll
2011-12-14 17:37 . 2011-11-24 04:52        3145216        ----a-w-        c:\windows\system32\win32k.sys
2011-12-14 17:37 . 2011-10-15 06:31        723456        ----a-w-        c:\windows\system32\EncDec.dll
2011-12-14 17:37 . 2011-10-15 05:38        534528        ----a-w-        c:\windows\SysWow64\EncDec.dll
2011-12-14 17:37 . 2011-11-05 05:32        2048        ----a-w-        c:\windows\system32\tzres.dll
2011-12-14 17:37 . 2011-11-05 04:26        2048        ----a-w-        c:\windows\SysWow64\tzres.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-03 11:35 . 2010-04-03 16:15        2300696        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2012-01-03 11:34 . 2010-05-19 19:18        42776        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-01-03 11:34 . 2010-05-09 16:16        1248080        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-12-14 10:12 . 2010-04-03 16:15        1248080        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-12-13 08:35 . 2010-11-01 13:07        34624        ----a-w-        c:\windows\system32\TURegOpt.exe
2011-12-13 08:29 . 2010-11-01 13:07        25920        ----a-w-        c:\windows\system32\authuitu.dll
2011-12-13 08:29 . 2010-11-01 13:07        21312        ----a-w-        c:\windows\SysWow64\authuitu.dll
2011-12-13 08:29 . 2010-11-01 13:07        36160        ----a-w-        c:\windows\system32\uxtuneup.dll
2011-12-13 08:29 . 2010-11-01 13:07        29504        ----a-w-        c:\windows\SysWow64\uxtuneup.dll
2011-12-01 08:29 . 2011-05-20 05:49        414368        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-28 16:33 . 2011-11-28 16:33        543528        ----a-w-        c:\windows\system32\drivers\avckf.sys
2011-11-25 13:00 . 2011-11-25 13:00        258736        ----a-w-        c:\windows\system32\drivers\avchv.sys
2011-11-25 12:57 . 2011-11-25 12:57        685192        ----a-w-        c:\windows\system32\drivers\avc3.sys
2011-11-23 16:48 . 2011-04-05 13:55        182264        ----a-w-        c:\windows\SysWow64\BpShellEx.dll
2011-11-14 18:16 . 2011-11-14 18:16        90192        ----a-w-        c:\windows\system32\drivers\BdfNdisf6.sys
2011-11-13 14:03 . 2011-03-28 17:36        18328        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-11-04 08:51 . 2010-04-03 12:32        50552        ----a-w-        c:\windows\system32\drivers\GDBehave.sys
2011-11-04 08:51 . 2010-04-03 12:12        111992        ----a-w-        c:\windows\system32\drivers\MiniIcpt.sys
2011-11-04 08:51 . 2010-04-03 12:11        65912        ----a-w-        c:\windows\system32\drivers\gdwfpcd64.sys
2011-10-24 13:29 . 2011-10-24 13:29        94208        ----a-w-        c:\windows\SysWow64\QuickTimeVR.qtx
2011-10-24 13:29 . 2011-10-24 13:29        69632        ----a-w-        c:\windows\SysWow64\QuickTime.qts
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Vid"="c:\program files (x86)\Logitech\Vid HD\Vid.exe" [2011-01-13 6129496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2009-07-17 237568]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-24 140520]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"AVMWlanClient"="c:\program files (x86)\avmwlanstick\wlangui.exe" [2009-03-20 1904640]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-08 559616]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Hardcopy.LNK - c:\program files (x86)\Hardcopy\hardcopy.exe [2011-4-12 3520000]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-23 270336]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-4-3 1196048]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute        REG_MULTI_SZ          autocheck autochk /r \??\J:\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"UpdReg"=c:\windows\UpdReg.EXE
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"PDFPrint"=c:\program files (x86)\PDF24\pdf24.exe
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
"IAStorIcon"=c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
"LWS"=c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]
R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [x]
R3 AVFSFilter;AVFSFilter;c:\windows\system32\DRIVERS\avfsfilter.sys [x]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [x]
R3 bdsandbox;bdsandbox;c:\windows\system32\drivers\bdsandbox.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe [2011-10-14 466736]
R3 UPnPService;UPnPService;c:\program files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2008-10-21 548864]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R4 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848]
R4 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2011-11-14 90192]
S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2011-11-14 103504]
S1 BDVEDISK;BDVEDISK;c:\windows\system32\DRIVERS\bdvedisk.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe [2010-05-07 197976]
S2 SafeBox;SafeBox;c:\program files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [2011-12-21 75384]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2011-12-13 2028864]
S2 UPDATESRV;BitDefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2012\updatesrv.exe [2011-11-17 62512]
S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys [x]
S3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech Webcam 500(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2010-10-07 11856]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt        REG_MULTI_SZ          hpqcxs08 hpqddsvc
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E3758FC2-BB95-4B86-84BF-D91F4748EC76}]
2011-03-17 15:41        75024        ----a-w-        c:\program files (x86)\Message Faces for Internet Explorer\x64\messagefaces-ie.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox1]
@="{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}"
[HKEY_CLASSES_ROOT\CLSID\{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}]
2011-12-21 10:16        264344        ----a-w-        c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox2]
@="{342DAA0B-D796-460D-8566-901E08A1CCAD}"
[HKEY_CLASSES_ROOT\CLSID\{342DAA0B-D796-460D-8566-901E08A1CCAD}]
2011-12-21 10:16        264344        ----a-w-        c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox3]
@="{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}"
[HKEY_CLASSES_ROOT\CLSID\{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}]
2011-12-21 10:16        264344        ----a-w-        c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox4]
@="{33816773-98AE-4723-ADE0-EBE54C8B5A67}"
[HKEY_CLASSES_ROOT\CLSID\{33816773-98AE-4723-ADE0-EBE54C8B5A67}]
2011-12-21 10:16        264344        ----a-w-        c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 242192]
"BDAgent"="c:\program files\Bitdefender\Bitdefender 2012\bdagent.exe" [2011-12-21 1063136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.ksta.de/
mLocal Page =
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
DPF: {5BF3E4A3-7E64-4D53-B512-2E242E837D24} - hxxps://einfach.otto.de/ottoproj/ottomce//bin/activex/MCEControls.cab
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-mcmscsvc
SafeBoot-MCODS
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\avmwlanstick\WlanNetService.exe
c:\program files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe
c:\program files\Logitech\SetPoint\x86\SetPoint32.exe
c:\program files (x86)\Hardcopy\hcdll2_ex_Win32.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-01-10  19:59:05 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-01-10 18:59
.
Vor Suchlauf: 14 Verzeichnis(se), 1.167.661.363.200 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 1.167.093.407.744 Bytes frei
.
- - End Of File - - 5F867991769B69761A7311AE5D8B2E9F
--- --- ---

cosinus 10.01.2012 21:23
Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Yzerman99 10.01.2012 21:41
Hallo Arne, hier das File. Gruss Stephan. es wird wieder schlimmer... springt dauernd in dei suchmaske...
Code:
aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
Run date: 2012-01-10 21:36:19
-----------------------------
21:36:19.828    OS Version: Windows x64 6.1.7601 Service Pack 1
21:36:19.828    Number of processors: 4 586 0x2502
21:36:19.828    ComputerName: YZERMAN-PC  UserName: Yzerman
21:36:21.341    Initialize success
21:36:51.162    AVAST engine download error: 0
21:37:11.317    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:37:11.317    Disk 0 Vendor: Intel___ 1.0. Size: 1220956MB BusType: 8
21:37:11.333    Disk 0 MBR read successfully
21:37:11.333    Disk 0 MBR scan
21:37:11.333    Disk 0 Windows 7 default MBR code
21:37:11.333    Disk 0 Partition 1 00    DE Dell Utility Dell 8.0      117 MB offset 63
21:37:11.349    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        9842 MB offset 241664
21:37:11.364    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS      1210995 MB offset 20398080
21:37:11.364    Service scanning
21:37:12.207    Modules scanning
21:37:12.207    Disk 0 trace - called modules:
21:37:12.207    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
21:37:12.222    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c47060]
21:37:12.222    3 CLASSPNP.SYS[fffff88001a5143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800493b050]
21:37:12.238    Scan finished successfully
21:37:51.300    Disk 0 MBR has been saved successfully to "C:\Users\Yzerman\Desktop\MBR.dat"
21:37:51.316    The log file has been saved successfully to "C:\Users\Yzerman\Desktop\aswMBR.txt"

cosinus 10.01.2012 22:11
Zitat:
springt dauernd in dei suchmaske...
Mit der Fehleberbeschreibung kann ich nichts anfange

Yzerman99 10.01.2012 22:14
Hallo Arne, möchte ich Eingaben in Textfenstern wie auch hier z.B. im Board tätigen springt der Cursor teilweise immer oben in die Suchleiste des Browsers. Das meinte ich. Auch bei Eingaben in Suchmaschinen oder in der Browserleiste habe ich diese Problem

Übrigens habe ich bei dem Avast Scan keinen Fix Button gedrückt, hatte ich noch vergessen zu sagen. Gruss Stephan

cosinus 10.01.2012 22:27
Sieht soweit ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!


Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset



Alle Zeitangaben in WEZ +1. Es ist jetzt 01:36 Uhr.
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131