|
Bei Eingaben in Text- oder Browserfelder füllen diese sich zuerst mit 6en! Hallo liebe Leute, habe folgendes Problem: - bei Eingaben in Textfeldern, Browserleisten, Suchmaschinen etc. egal welchen Buchstaben oder welche Zahl ich eingebem möchte kommt direkt eine ganze Reihe von 6en. Diese kann ich mit der Rücktaste zwar wieder eliminieren um dann meine Browseradresse, Anmeldedaten etc eingeben, aber gebe ich eine neue Adresse im Browser oder in einer Suchanfrage ein kommt wieder die 6 manchmal öffnet sich auch noch ein Suchfenster dabei was sich voller 6en füllt. Ansonsten kann ich aber ganz normal arbeiten. - Aufgetreten ist dieses Phänomen meines Erachtens am 1. Weihnachtstag. Hatte da den Firefox Browser noch. Dort hatte er noch zusätzlich unten in der Taskleiste eine Suchleiste eingefügt die vorher nie da war. Wurde im Firefox dann immer schlimmer so das ich ihn deinstalliert habe und zur Zeit nur mit dem IE surfe. Im IE taucht die Suchleiste nicht mehr auf, aber das Problem bei Eingaben mit den 6en bleibt. Manchmal kommt auch statt der 6 das kaufmännische und Zeichen (&). - Habe mit verschiedensten Programmen gegen Malware versucht der Sache auf den Grund zu kommen - ohne Erfolg. Bis gestern hatte ich GData als Virenschutz und Firewall, diesen habe ich gestern weil auch die Lizenz nur noch paar Tage gültig war gegen Bitdefender Total Security ausgetauscht. Aber auch hier nach vollständigem Systemscan - keine Viren oder Ähnliches. - Mit Tune Up habe ich Registrierung aufgeräumt und Optimierungen durchgeführt, weil ich dachte, na ja vielleicht ist es ja kein Virus. Aber auch das hat nichts geholfen ausser der Tatsache, das ich vor paar Tagen das Problem hatte das der Rechner sich nicht mehr runterfahren liess und immer wieder neu startete. Das hat aber wohl Tune Up gelöst... hoffe ich... Ehrlich gesagt bin ich ziemlich ratlos und traue mich zum Beispiel zurzeit nicht Onliine Banking zu machen oder meinen Onlineshop zu bearbeiten. Also eine wirklich missliche Situation. - Ich hoffe sehr, dass hier die Profis der Sache auf die Spur kommen... Habe auch alles brav gemacht wie Ihr es beschrieben habt. Habe die Logfiles gezippt und diesem Beitrag angehängt. Folgendes habe ich dazu noch anzumerken: Bei der Ausführung von OTL (rechtsklick, starten als Admin) kam nur das Programm selbst. Einen Text zum einfügen in die Scan Fixes Textbox hatte ich also nicht. Als ich dann den Quick Scan ausgeführt habe hatte ich mittendrin die Meldung: "Es befindet sich kein Datenträger im Laufwerk. Legen Sie einen Datenträger in Laufwerk \Device\Harddisk6\DR6 ein. Habe dann mehrfach "Weiter" gedrückt und dann lief das Programm weiter und hat auch die angehängten Logfiles generiert (das von Hijackthis habe ich auch mal beigefügt) Weiss echt nicht mehr weiter und müsste so langsam auch mal wieder Online Banking machen... Ich hoffe sehr Ihr könnt mir schnell helfen, wäre ich Euch mehr als nur dankbar!!!! Gruss Stephan |
Habe jetzt mal malwarebyte was ich hier im forum gesehen habe ausgeführt und es wurde ein infizierter Registrierungsschlüssel gefunden. Dachte damit wäre das Problem jetzt erledigt, ist es aber wohl noch nicht ganz... Jetzt schreibt er keine 6en mehr, das ist weg, aber bei Eingaben (nicht jedesmal) springt er in die Suchmaske.. hier das Logfile von Malwarebyte: Malwarebytes Anti-Malware 1.60.0.1800 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Datenbank Version: v2012.01.05.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Yzerman :: YZERMAN-PC [Administrator] 05.01.2012 20:09:04 mbam-log-2012-01-05 (20-09-04).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 382747 Laufzeit: 1 Stunde(n), 10 Minute(n), 12 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 1 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chrome.exe (Security.Hijack) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Bitte kann mir jemand helfen, ich werde echt wahnsinnig bei dem Problem...... |
sorry war jetzt zwei mal drin das posting. |
Als ich hier von der Software Super Anti Spyware las kam ich nicht umher die einfach mal auszuprobieren, weil mir ja bis jetzt auch noch keiner geantwortet hat und ich meinen PC dringend auch wieder für Bankgeschäfte und meine Onlineshop brauche. Folgendes kam dabei heraus: der erste Scan brachte 28 infizierte Registrierungsschlüssel und 110 infizierte Dateielemente. Nach weiteren drei Stunden habe ich noch einen zweiten Quick Scan gemacht der nochmals 6 infizierte Dateielemente gefunden hat. Die Logfiles sind am Ende der Nachricht. Computer verhält sich eigentlich normal. Nur bei der ersten Eingabe in den Browser springt er in die Suchmaske mit dem Cursor. Danach aber nciht mehr. Möchte zu gerne wissen woran das liegt. Bitte helft mir doch mal Leute.... 1. Logfile: SUPERAntiSpyware Scan Log SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware! Generated 01/06/2012 at 08:58 AM Application Version : 5.0.1142 Core Rules Database Version : 8107 Trace Rules Database Version: 5919 Scan type : Complete Scan Total Scan Time : 00:12:11 Operating System Information Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601) UAC On - Limited User Memory items scanned : 731 Memory threats detected : 0 Registry items scanned : 74429 Registry threats detected : 28 File items scanned : 19644 File threats detected : 110 Security.HiJack[ImageFileExecutionOptions] (x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CREATOR10.EXE (x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CREATOR10.EXE#Debugger (x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DELLDOCK.EXE (x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DELLDOCK.EXE#Debugger (x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DESKTOPREMINDER.EXE (x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DESKTOPREMINDER.EXE#Debugger (x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DSC.EXE (x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DSC.EXE#Debugger (x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DSLAUNCHER.EXE (x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DSLAUNCHER.EXE#Debugger (x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HPWUCLI.EXE (x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HPWUCLI.EXE#Debugger (x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MUSICDISCCREATOR10.EXE (x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MUSICDISCCREATOR10.EXE#Debugger (x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PHOTOSUITE10.EXE (x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PHOTOSUITE10.EXE#Debugger (x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\POWERDVD.EXE (x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\POWERDVD.EXE#Debugger (x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RETRIEVE10.EXE (x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RETRIEVE10.EXE#Debugger (x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ROXWIZARDLAUNCHER10.EXE (x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ROXWIZARDLAUNCHER10.EXE#Debugger (x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SKYPE.EXE (x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SKYPE.EXE#Debugger (x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SOUNDEDIT10.EXE (x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SOUNDEDIT10.EXE#Debugger (x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VID.EXE (x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VID.EXE#Debugger Adware.Tracking Cookie .doubleclick.net [ C:\USERS\YZERMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .peniscult.com [ C:\USERS\YZERMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .enoratraffic.com [ C:\USERS\YZERMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .peniscult.com [ C:\USERS\YZERMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] counter2.sexmoney.com [ C:\USERS\YZERMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .peniscult.com [ C:\USERS\YZERMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .peniscult.com [ C:\USERS\YZERMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .peniscult.com [ C:\USERS\YZERMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .adxpansion.com [ C:\USERS\YZERMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .asianpornmovies.com [ C:\USERS\YZERMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .asianpornmovies.com [ C:\USERS\YZERMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .asianpornmovies.com [ C:\USERS\YZERMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] ads.asianpornmovies.com [ C:\USERS\YZERMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] clicktrace.info [ C:\USERS\YZERMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .clicktrace.info [ C:\USERS\YZERMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .clicktrace.info [ C:\USERS\YZERMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .trafficholder.com [ C:\USERS\YZERMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .adultfriendfinder.com [ C:\USERS\YZERMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] Meet Singles | Sex Toys | Fetish Personals | Free Porn at Occporn.com [ C:\USERS\YZERMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .occporn.com [ C:\USERS\YZERMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .occporn.com [ C:\USERS\YZERMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .occporn.com [ C:\USERS\YZERMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .trafficholder.com [ C:\USERS\YZERMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] sexangels.net [ C:\USERS\YZERMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] sexangels.net [ C:\USERS\YZERMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] sexangels.net [ C:\USERS\YZERMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] sexangels.net [ C:\USERS\YZERMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] sexangels.net [ C:\USERS\YZERMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .revsci.net [ C:\USERS\YZERMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .revsci.net [ C:\USERS\YZERMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .revsci.net [ C:\USERS\YZERMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .revsci.net [ C:\USERS\YZERMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .finesexpictures.com [ C:\USERS\YZERMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .trafficholder.com [ C:\USERS\YZERMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .trafficholder.com [ C:\USERS\YZERMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .trafficholder.com [ C:\USERS\YZERMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .trafficholder.com [ C:\USERS\YZERMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] FPCTraffic - turning traffic into cash [ C:\USERS\YZERMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .trafficholder.com [ C:\USERS\YZERMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .trafficholder.com [ C:\USERS\YZERMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] FPCTraffic - turning traffic into cash [ C:\USERS\YZERMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .adultfriendfinder.com [ C:\USERS\YZERMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .adultfriendfinder.com [ C:\USERS\YZERMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .adultfriendfinder.com [ C:\USERS\YZERMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .adultfriendfinder.com [ C:\USERS\YZERMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .adultfriendfinder.com [ C:\USERS\YZERMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .adultfriendfinder.com [ C:\USERS\YZERMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .adultfriendfinder.com [ C:\USERS\YZERMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .adultfriendfinder.com [ C:\USERS\YZERMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] FPCTraffic - turning traffic into cash [ C:\USERS\YZERMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] FPCTraffic - turning traffic into cash [ C:\USERS\YZERMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] FPCTraffic - turning traffic into cash [ C:\USERS\YZERMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .ero-advertising.com [ C:\USERS\YZERMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] FPCTraffic - turning traffic into cash [ C:\USERS\YZERMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] Free Porn Videos & Sex Movies - Porno, XXX, Porn Tube and Pussy Porn [ C:\USERS\YZERMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .trafficholder.com [ C:\USERS\YZERMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] TLDAdserv.com - Ihr Partner für seriöse Auszahlungen [ C:\USERS\YZERMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .girlsteachsex.com [ C:\USERS\YZERMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .zedo.com [ C:\USERS\YZERMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] www.zanox-affiliate.de [ C:\USERS\YZERMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .zedo.com [ C:\USERS\YZERMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .zedo.com [ C:\USERS\YZERMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .zedo.com [ C:\USERS\YZERMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .zedo.com [ C:\USERS\YZERMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .zedo.com [ C:\USERS\YZERMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .zedo.com [ C:\USERS\YZERMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .sexad.net [ C:\USERS\YZERMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .pornvideospider.com [ C:\USERS\YZERMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .pornvideospider.com [ C:\USERS\YZERMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .pornvideospider.com [ C:\USERS\YZERMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .pornhub.com [ C:\USERS\YZERMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .pornhub.com [ C:\USERS\YZERMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .pornhub.com [ C:\USERS\YZERMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .pornhub.com [ C:\USERS\YZERMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .pornhub.com [ C:\USERS\YZERMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] ads.trafficjunky.net [ C:\USERS\YZERMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .trafficholder.com [ C:\USERS\YZERMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .hot-sex-tube.com [ C:\USERS\YZERMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .hot-sex-tube.com [ C:\USERS\YZERMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .hot-sex-tube.com [ C:\USERS\YZERMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .hot-sex-tube.com [ C:\USERS\YZERMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .hot-sex-tube.com [ C:\USERS\YZERMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .hot-sex-tube.com [ C:\USERS\YZERMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .hot-sex-tube.com [ C:\USERS\YZERMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .hot-sex-tube.com [ C:\USERS\YZERMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .hot-sex-tube.com [ C:\USERS\YZERMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] hot-sex-tube.com [ C:\USERS\YZERMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] go.trafficshop.com [ C:\USERS\YZERMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] go.trafficshop.com [ C:\USERS\YZERMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] go.trafficshop.com [ C:\USERS\YZERMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] go.trafficshop.com [ C:\USERS\YZERMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] go.trafficshop.com [ C:\USERS\YZERMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .pornoadler.com [ C:\USERS\YZERMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .pornoadler.com [ C:\USERS\YZERMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .pornoadler.com [ C:\USERS\YZERMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] lookforporn.com [ C:\USERS\YZERMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .lookforporn.com [ C:\USERS\YZERMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .freepornsubmits.com [ C:\USERS\YZERMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .freepornsubmits.com [ C:\USERS\YZERMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .freepornsubmits.com [ C:\USERS\YZERMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .freepornsubmits.com [ C:\USERS\YZERMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] ads.crakmedia.com [ C:\USERS\YZERMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] pornzeus.com [ C:\USERS\YZERMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .pornzeus.com [ C:\USERS\YZERMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .yadro.ru [ C:\USERS\YZERMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .syndication.traffichaus.com [ C:\USERS\YZERMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .syndication.traffichaus.com [ C:\USERS\YZERMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .syndication.traffichaus.com [ C:\USERS\YZERMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .exoclick.com [ C:\USERS\YZERMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .exoclick.com [ C:\USERS\YZERMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] 2. Logfile: UPERAntiSpyware Scan Log SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware! Generated 01/06/2012 at 12:21 PM Application Version : 5.0.1142 Core Rules Database Version : 8107 Trace Rules Database Version: 5919 Scan type : Quick Scan Total Scan Time : 00:03:22 Operating System Information Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601) UAC On - Limited User Memory items scanned : 832 Memory threats detected : 0 Registry items scanned : 60384 Registry threats detected : 0 File items scanned : 10478 File threats detected : 6 Adware.Tracking Cookie C:\USERS\YZERMAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\1QNX39EV.txt [ Cookie:yzerman@www.googleadservices.com/pagead/conversion/1053860776/ ] C:\USERS\YZERMAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\4YA108M1.txt [ Cookie:yzerman@tracking.quisma.com/ ] C:\USERS\YZERMAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\2TYB8NKR.txt [ Cookie:yzerman@accounts.google.com/ ] C:\USERS\YZERMAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\J5M8R01F.txt [ Cookie:yzerman@adfarm1.adition.com/ ] C:\USERS\YZERMAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\DIMC95CP.txt [ Cookie:yzerman@ad4.adfarm1.adition.com/ ] C:\USERS\YZERMAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\YCEDLK2E.txt [ Cookie:yzerman@ad2.adfarm1.adition.com/ ] |
Zitat:
TuneUp ist das letzte Unsinn und hoch drei und hat sehr gefährliche Funktionen! Versuch mal alles mit TuneUp rückgängig zu machen, wenn das geht sollte TuneUp umgehend deinstalliert werden! Finger weg von Registry-Cleanern!! Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich. Wir lesen oft genug von Hilfesuchenden, dass deren System nach der Nutzung von Registry Cleanern nicht mehr startet.
Ein sogenanntes False Positive von einem Cleaner kann auch dein System unbootbar machen. Zerstörst Du die Registry, zerstörst Du Windows. |
Ok, danke für den Tipp schonmal, werde Tune Up dann mal deinstallieren. Habe dann aber wohl noch Glück gehabt, denn was das booten angeht habe ich überhaupt keine Probleme. Auch die 6en schreibt er ja nicht mehr. Das einzige was noch ist und was mir was Sorge macht, ist das bei Eingaben teilwweise, - eben nicht immer - der Cursor in die Suchmaske springt. Soll ich obwohl ich keinerleid boot probleme habe versuchen die Registry Säuberungen von Tune Up wiederherzustellen? Bootet wirklich einwandfrei. Bin halt Computerlaie.. Was sind die nächsten Schritte die ich sonst machen soll? Vielen Dank schon mal im Voraus für die Hilfe! |
Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt? Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind. |
Hallo, die aller erste Logware Datei von Malware habe ich hier ja schon gepostet, hier noch die von gestern: Malwarebytes Anti-Malware 1.60.0.1800 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Datenbank Version: v2012.01.06.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Yzerman :: YZERMAN-PC [Administrator] 06.01.2012 18:09:54 mbam-log-2012-01-06 (18-09-54).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 383490 Laufzeit: 1 Stunde(n), 12 Minute(n), 23 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Gruss Stephan |
Bin gerade in Excel am Arbeiten, bei eingaben in Feldern, öffnet sich die Formelfunktion dauernd. und das verfassen dieses postings ist auch schwierig weil der cursor dauernd beim schreiben in die Suchmaske springt... ich fass es nicht.... |
Führ bitte auch ESET aus, danach sehen wir weiter: ESET Online Scanner
|
Hier nun das Logfile nach 6 Stunden Laufzeit: ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial= # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-01-07 11:57:55 # local_time=2012-01-08 12:57:55 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=512 16777215 100 0 0 0 0 0 # compatibility_mode=4096 16777215 100 0 24047072 24047072 0 0 # compatibility_mode=5893 16776574 100 94 257464 77585715 0 0 # compatibility_mode=8192 67108863 100 0 3703 3703 0 0 # scanned=218738 # found=0 # cleaned=0 # scan_time=24830 Möchte zu gerne mal wissen was das ist, das meinen Cursor dauernd ungewollt in die Suchmaske springen lässt oder Suchfenster etc öffnet... |
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code: hier steht das LogFalls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code: netsvcs
|
So hier das OTL File. Beim Scannen kam wieder zwischendurch die Meldung: "Es befindet sich kein Datenträger im Laufwerk. Legen Sie einen Datenträger in Laufwerk\Device\Harddisk6\DR6 ein" Habe dann mehrfache auf weiter gedrückt bis der Scan weiterlief. Da das File grösser als 100.000 Zeichen ist habe ich es gezippt. Gruss Stephan |
Was ist denn mit der TXT-Datei passiert? Ich bekomme da nur Zeichenbrei wenn meine Texteditoren die Datei überhaupt öffnen wollen. geany brngt mir "nicht unterstützte Zeichenkodierung" Jednefalls ist deine Textdatei kaputt und du musst es nochmal machen |
Hier noch mal die Datei habe Sie neu gezippt. |
Nee kann es immer noch nicht öffnen :( Kannst du die OTL.txt von dir mit einem Editor öffnen? Notfalls mal alles von dieser Datei kopieren, bei nopaste.info - free nopaste script and service einfügen und hier verlinken |
Auch in dem Programm was Du mir vorgeschlagen hast krieg ich den Text nicht rein. ist zu gross.. Ich selbst sehe das Logfile ganz normal auch wenn ich es hier im Board öffne. Kopiere es jetzt hier in zwei hier Teilen rein: Teil 1: OTL logfile created on: 08.01.2012 02:41:53 - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Yzerman\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,87 Gb Total Physical Memory | 1,96 Gb Available Physical Memory | 50,79% Memory free 7,73 Gb Paging File | 5,73 Gb Available in Paging File | 74,07% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 1182,61 Gb Total Space | 1089,86 Gb Free Space | 92,16% Space Free | Partition Type: NTFS Drive J: | 931,51 Gb Total Space | 562,34 Gb Free Space | 60,37% Space Free | Partition Type: NTFS Computer Name: YZERMAN-PC | User Name: Yzerman | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.01.05 16:27:50 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Yzerman\Desktop\OTL.exe PRC - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.04.09 09:12:08 | 003,520,000 | ---- | M] (sw4you, Siegfried Weckmann) -- C:\Program Files (x86)\Hardcopy\hardcopy.exe PRC - [2011.03.18 08:11:51 | 000,031,744 | ---- | M] () -- C:\Program Files (x86)\Hardcopy\hcdll2_ex_Win32.exe PRC - [2010.05.07 17:47:32 | 000,114,008 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe PRC - [2009.10.02 13:26:12 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2009.06.09 10:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Programme\Dell\DellDock\DockLogin.exe PRC - [2009.03.20 01:03:00 | 001,904,640 | R--- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WLanGUI.exe PRC - [2009.03.20 01:03:00 | 000,368,640 | R--- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe PRC - [2008.05.02 03:00:00 | 000,077,824 | ---- | M] () -- C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe ========== Modules (No Company Name) ========== MOD - [2011.04.09 09:11:53 | 002,920,960 | ---- | M] () -- C:\Program Files (x86)\Hardcopy\HcDllS.dll MOD - [2011.03.18 08:11:51 | 000,031,744 | ---- | M] () -- C:\Program Files (x86)\Hardcopy\hcdll2_ex_Win32.exe MOD - [2010.09.30 09:14:19 | 000,055,296 | ---- | M] () -- C:\Program Files (x86)\Hardcopy\hardcopy_03.dll MOD - [2010.04.21 10:00:35 | 000,058,368 | ---- | M] () -- C:\Program Files (x86)\Hardcopy\HcDLL2_30_Win32.dll MOD - [2008.05.02 03:00:00 | 000,077,824 | ---- | M] () -- C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011.12.21 11:16:18 | 000,075,384 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe -- (SafeBox) SRV:64bit: - [2011.12.19 20:24:38 | 001,950,448 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe -- (VSSERV) SRV:64bit: - [2011.12.13 09:29:20 | 000,036,160 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp) SRV:64bit: - [2011.11.17 15:42:12 | 000,062,512 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe -- (UPDATESRV) SRV:64bit: - [2011.08.12 00:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE) SRV:64bit: - [2010.05.07 17:45:16 | 000,197,976 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64) SRV:64bit: - [2009.09.19 07:17:42 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2011.12.13 09:34:52 | 002,028,864 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) SRV - [2011.12.13 09:29:16 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp) SRV - [2011.10.14 22:57:26 | 000,466,736 | ---- | M] (BitDefender) [On_Demand | Stopped] -- C:\Programme\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe -- (Update Server) SRV - [2011.08.18 16:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Disabled | Stopped] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService) SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2010.10.22 12:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.09 09:57:19 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2009.10.02 13:26:12 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R) SRV - [2009.06.26 11:19:12 | 001,124,848 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.06.09 10:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Programme\Dell\DellDock\DockLogin.exe -- (DockLoginService) SRV - [2009.05.21 08:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter) SRV - [2009.03.20 01:03:00 | 000,368,640 | R--- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe -- (AVM WLAN Connection Service) SRV - [2008.10.21 14:50:00 | 000,548,864 | ---- | M] (Magix AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService) SRV - [2008.05.02 01:49:54 | 000,160,272 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.11.28 17:33:46 | 000,543,528 | ---- | M] (BitDefender) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\avckf.sys -- (avckf) DRV:64bit: - [2011.11.25 14:00:36 | 000,258,736 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avchv.sys -- (avchv) DRV:64bit: - [2011.11.25 13:57:34 | 000,685,192 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avc3.sys -- (avc3) DRV:64bit: - [2011.10.27 14:07:05 | 000,329,800 | ---- | M] (BitDefender S.R.L.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\trufos.sys -- (trufos) DRV:64bit: - [2011.09.29 15:09:50 | 000,079,952 | ---- | M] (BitDefender SRL) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bdsandbox.sys -- (bdsandbox) DRV:64bit: - [2011.07.26 18:49:12 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss) DRV:64bit: - [2011.05.10 07:06:14 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl) DRV:64bit: - [2011.05.10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.03.24 14:36:22 | 000,431,176 | ---- | M] (BitDefender) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\bdfsfltr.sys -- (bdfsfltr) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.05.14 21:02:14 | 006,465,760 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech Webcam 500(UVC) DRV:64bit: - [2010.05.14 21:00:52 | 000,329,952 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64) DRV:64bit: - [2010.05.07 17:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon) DRV:64bit: - [2010.05.07 17:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64) DRV:64bit: - [2010.01.19 18:32:40 | 000,103,944 | ---- | M] (BitDefender) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bdvedisk.sys -- (BDVEDISK) DRV:64bit: - [2009.10.02 21:58:58 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.09.26 16:42:58 | 000,233,984 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R) DRV:64bit: - [2009.09.19 09:32:38 | 006,170,624 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009.09.17 21:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R) DRV:64bit: - [2009.08.23 19:02:30 | 000,120,336 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2009.08.06 13:43:58 | 000,320,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.09 11:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GearAspiWDM) DRV:64bit: - [2009.03.20 01:03:00 | 000,460,800 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fwlanusb.sys -- (FWLANUSB) DRV:64bit: - [2009.03.20 01:03:00 | 000,014,120 | R--- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject) DRV:64bit: - [2008.02.29 02:16:52 | 000,057,360 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2008.02.29 02:16:44 | 000,054,800 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2006.11.01 12:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV - [2011.11.14 19:16:42 | 000,090,192 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- c:\Programme\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys -- (BdfNdisf) DRV - [2011.11.14 19:16:38 | 000,103,504 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Programme\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys -- (bdfwfpf) DRV - [2011.07.22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV) DRV - [2011.07.12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL) DRV - [2010.10.07 13:34:32 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009.06.26 10:27:28 | 000,065,520 | ---- | M] (Sonic Solutions) [File_System | System | Stopped] -- C:\Windows\SysWOW64\drivers\RxFilter.sys -- (RxFilter) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.msn.com/?ocid=ie9hp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.ksta.de/ [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.ksta.de/ [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.msn.com/?ocid=ie9hp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1B 45 34 05 88 C4 CC 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "www.ksta.de" FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170633FE}:22.1.11061.544 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7280 FF - prefs.js..keyword.URL: "hxxp://search.hotspotshield.com/g/results.php?c=s&q=" FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2012\BDTBEXT\ [2012.01.06 14:24:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011.06.06 09:01:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.08.27 17:18:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2011.12.06 16:04:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\Bitdefender\Bitdefender 2012\bdtbext\ [2012.01.06 14:24:55 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.08.27 17:18:44 | 000,000,000 | ---D | M] [2010.04.20 18:44:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Yzerman\AppData\Roaming\mozilla\Extensions [2012.01.05 00:14:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Yzerman\AppData\Roaming\mozilla\Firefox\Profiles\cyev6dyl.default\extensions [2011.12.27 12:29:08 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Users\Yzerman\AppData\Roaming\mozilla\Firefox\Profiles\cyev6dyl.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2012.01.05 00:25:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.08.16 06:24:07 | 000,000,000 | ---D | M] (G Data BankGuard) -- C:\Program Files (x86)\mozilla firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad} [2011.04.04 10:20:44 | 000,000,000 | ---D | M] (G Data WebFilter) -- C:\Program Files (x86)\mozilla firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE} [2011.12.06 16:04:12 | 000,000,000 | ---D | M] (Freemake Video Converter Plugin) -- C:\PROGRAM FILES (X86)\FREEMAKE\FREEMAKE VIDEO CONVERTER\BROWSERPLUGIN\FIREFOX () (No name found) -- C:\USERS\YZERMAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CYEV6DYL.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFiel dTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.63\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.63\pdf.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\Yzerman\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: YouTube = C:\Users\Yzerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\ CHR - Extension: Google-Suche = C:\Users\Yzerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\ CHR - Extension: Freemake Video Converter = C:\Users\Yzerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\ CHR - Extension: Ti\u00EBsto = C:\Users\Yzerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnmeobddjkkgkglnogihcaejaleikhdh\2_0\ CHR - Extension: Google Mail = C:\Users\Yzerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\ O1 HOSTS File: ([2011.12.07 10:48:17 | 000,438,845 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 123fporn.info O1 - Hosts: 15092 more lines... O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Message Faces for Internet Explorer) - {E3758FC2-BB95-4B86-84BF-D91F4748EC76} - C:\Program Files (x86)\Message Faces for Internet Explorer\x64\messagefaces-ie.dll () O2:64bit: - BHO: (no name) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No CLSID value found. O2 - BHO: (Message Faces for Internet Explorer) - {E3758FC2-BB95-4B86-84BF-D91F4748EC75} - C:\Program Files (x86)\Message Faces for Internet Explorer\x86\messagefaces-ie.dll () O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4:64bit: - HKLM..\Run: [BDAgent] C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe (Bitdefender) O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin) O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.) O4 - HKLM..\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.) O4 - HKCU..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Vid HD\Vid.exe (Logitech Inc.) O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell) O4 - HKLM..\RunOnceEx: [ContentMerger] c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe (Sonic Solutions) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {5BF3E4A3-7E64-4D53-B512-2E242E837D24} https://einfach.otto.de/ottoproj/ottomce//bin/activex/MCEControls.cab (CMCEInputCtl Object) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4626455E-71B5-4184-8F41-FA95AFDA748F}: DhcpNameServer = 10.111.81.129 10.129.32.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{81D53781-5B81-464E-AC4A-CC6804D091AC}: DhcpNameServer = 192.168.2.1 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.12.01 10:01:38 | 000,000,000 | RH-D | M] - J:\autorun -- [ NTFS ] O33 - MountPoints2\{23f2218d-4f73-11df-86eb-001f3f0c9821}\Shell - "" = AutoRun O33 - MountPoints2\{23f2218d-4f73-11df-86eb-001f3f0c9821}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a O33 - MountPoints2\{7b6d5763-efe6-11df-8c80-001f3f0c9821}\Shell - "" = AutoRun O33 - MountPoints2\{7b6d5763-efe6-11df-8c80-001f3f0c9821}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a O33 - MountPoints2\{abfe58e4-3f15-11df-87d5-002564f4a491}\Shell - "" = AutoRun O33 - MountPoints2\{abfe58e4-3f15-11df-87d5-002564f4a491}\Shell\AutoRun\command - "" = I:\pushinst.exe O34 - HKLM BootExecute: (autocheck autochk /r \??\J:) O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software) SafeBootMin:64bit: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com) SafeBootMin:64bit: AppMgmt - Service SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: mcmscsvc - Service SafeBootMin:64bit: MCODS - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: mcmscsvc - Service SafeBootMin: MCODS - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com) SafeBootNet:64bit: AppMgmt - Service SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: mcmscsvc - Service SafeBootNet:64bit: MCODS - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: MpfService - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: mcmscsvc - Service SafeBootNet: MCODS - Service SafeBootNet: Messenger - Service SafeBootNet: MpfService - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX:64bit: {0B74300D-9D18-4656-9F79-BBF0891365AF} - Bing Bar ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4CBF8339-9F09-4213-846D-8E1C2B921451} - Desktop Icon ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9038A68F-9554-44B1-A5BA-6F60DA15E7C5} - Bing Bar ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {B8BA4AC9-AF8D-4C81-9960-6CDBC3F97CEB} - Message Faces ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{40194995-2263-49FA-93D2-0A11E13FA518} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {741B27D4-2120-D63C-DF0B-F15F4BE602DF} - Java (Sun) ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {9813E6A2-F778-E37E-9BF7-24FF812E5454} - .NET Framework ActiveX: {B314BA4C-167D-3526-0E27-91846724DD54} - .NET Framework ActiveX: {B6881912-2921-8A6C-0386-7215A10A022D} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32:64bit: vidc.i420 - lvcod64.dll (Logitech Inc.) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: vidc.i420 - C:\Windows\SysWow64\lvcodec2.dll (Logitech Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.01.07 18:02:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.01.06 14:24:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2012 [2012.01.06 14:23:13 | 000,431,176 | ---- | C] (BitDefender) -- C:\Windows\SysNative\drivers\bdfsfltr.sys [2012.01.06 14:23:13 | 000,329,800 | ---- | C] (BitDefender S.R.L.) -- C:\Windows\SysNative\drivers\trufos.sys [2012.01.06 08:38:02 | 000,000,000 | ---D | C] -- C:\Users\Yzerman\AppData\Roaming\SUPERAntiSpyware.com [2012.01.06 08:37:32 | 000,000,000 | ---D | C] -- C:\Users\Yzerman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware [2012.01.06 08:37:31 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2012.01.06 08:37:31 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2012.01.05 22:36:20 | 000,000,000 | ---D | C] -- C:\ProgramData\BDLogging [2012.01.05 20:07:41 | 000,000,000 | ---D | C] -- C:\Users\Yzerman\AppData\Roaming\Malwarebytes [2012.01.05 20:07:32 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.01.05 20:07:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.01.05 20:07:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.01.05 20:07:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.01.05 16:27:50 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Yzerman\Desktop\OTL.exe [2012.01.05 14:36:43 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2012.01.05 01:05:42 | 000,000,000 | ---D | C] -- C:\Users\Yzerman\AppData\Local\s.menze [2012.01.05 01:05:41 | 000,000,000 | ---D | C] -- C:\Users\Yzerman\AppData\Local\SafeBox [2012.01.04 19:33:11 | 000,000,000 | ---D | C] -- C:\Users\Yzerman\AppData\Roaming\Bitdefender [2012.01.04 19:33:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Bitdefender [2012.01.04 19:29:40 | 000,000,000 | ---D | C] -- C:\Program Files\Bitdefender [2012.01.04 19:28:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender [2012.01.04 19:28:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Bitdefender [2012.01.03 18:44:47 | 000,000,000 | ---D | C] -- C:\Users\Yzerman\AppData\Local\{80AD6CAD-6476-480F-BA3E-919959A9AD32} [2012.01.03 18:44:16 | 000,000,000 | ---D | C] -- C:\Users\Yzerman\AppData\Local\{37F26350-6F9E-4EF7-A366-016AE7366380} [2012.01.03 18:41:13 | 000,000,000 | ---D | C] -- C:\Users\Yzerman\AppData\Local\{4F7D3A77-431B-4392-BF04-6E56576AF114} [2011.12.29 19:46:47 | 000,000,000 | ---D | C] -- C:\ProgramData\clp [2011.12.29 19:46:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Common Toolkit Suite [2011.12.28 14:02:14 | 000,200,976 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysWow64\drivers\tmcomm.sys [2011.12.27 12:30:17 | 000,000,000 | ---D | C] -- C:\Users\Yzerman\AppData\Roaming\QuickScan [2011.12.27 12:06:01 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess [2011.12.18 01:11:22 | 000,000,000 | ---D | C] -- C:\Users\Yzerman\AppData\Roaming\ZoomBrowser EX [2011.12.18 00:28:56 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Canon MyCameraFiles [2011.12.18 00:28:43 | 000,000,000 | ---D | C] -- C:\ProgramData\ZoomBrowser [2011.12.18 00:28:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities [2011.12.18 00:28:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canon [2011.12.18 00:27:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Canon [2011.12.17 20:11:34 | 000,000,000 | ---D | C] -- C:\Users\Yzerman\Documents\Canon Powershot Bedienungsanleitung [2011.12.15 01:29:04 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA% [2010.04.03 13:14:22 | 008,656,832 | ---- | C] (Dell, Inc. ) -- C:\Users\Yzerman\AppData\Roaming\DataSafeDotNet.exe [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [2 C:\Users\Yzerman\*.tmp files -> C:\Users\Yzerman\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.01.08 01:19:59 | 000,001,023 | ---- | M] () -- C:\Users\Yzerman\Desktop\SafeBox Folder.lnk [2012.01.07 17:26:35 | 000,004,704 | ---- | M] () -- C:\Users\Yzerman\Desktop\mbam-log-2012-01-06 (18-09-54).zip [2012.01.07 16:39:27 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.01.07 16:39:27 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.01.07 16:39:19 | 001,508,502 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.01.07 16:39:19 | 000,657,944 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.01.07 16:39:19 | 000,619,220 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.01.07 16:39:19 | 000,131,316 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.01.07 16:39:19 | 000,107,540 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.01.07 16:32:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.01.07 16:32:10 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs [2012.01.06 14:25:38 | 000,199,827 | ---- | M] () -- C:\ProgramData\1325856142.bdinstall.bin [2012.01.06 14:25:10 | 000,000,270 | -H-- | M] () -- C:\bdr-conf [2012.01.06 14:24:56 | 000,002,092 | ---- | M] () -- C:\Users\Public\Desktop\Bitdefender Total Security 2012.lnk [2012.01.06 08:37:32 | 000,001,810 | ---- | M] () -- C:\Users\Yzerman\Desktop\SUPERAntiSpyware Free Edition.lnk [2012.01.05 20:07:32 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012.01.05 16:55:13 | 000,040,246 | ---- | M] () -- C:\Users\Yzerman\Desktop\Logfiles.zip [2012.01.05 16:32:15 | 000,000,000 | ---- | M] () -- C:\Users\Yzerman\defogger_reenable [2012.01.05 16:27:50 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Yzerman\Desktop\OTL.exe [2012.01.05 16:27:23 | 000,050,477 | ---- | M] () -- C:\Users\Yzerman\Desktop\Defogger.exe [2012.01.05 13:00:28 | 000,000,385 | ---- | M] () -- C:\Windows\SysNative\user_gensett.xml [2012.01.04 19:34:23 | 000,247,636 | ---- | M] () -- C:\ProgramData\1325701732.bdinstall.bin [2012.01.04 19:33:17 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_avchv_01009.Wdf [2012.01.04 11:26:18 | 000,512,192 | ---- | M] () -- C:\Windows\SysWow64\sig.bin [2012.01.04 11:26:18 | 000,035,585 | ---- | M] () -- C:\Windows\SysWow64\nmp.map [2012.01.02 23:33:50 | 000,000,115 | ---- | M] () -- C:\Users\Yzerman\Desktop\MSN.de.url [2011.12.28 14:07:01 | 000,182,182 | ---- | M] () -- C:\Users\Yzerman\AppData\Local\census.cache [2011.12.28 14:06:58 | 000,152,134 | ---- | M] () -- C:\Users\Yzerman\AppData\Local\ars.cache [2011.12.28 14:01:32 | 000,000,036 | ---- | M] () -- C:\Users\Yzerman\AppData\Local\housecall.guid.cache [2011.12.18 00:28:43 | 000,001,298 | ---- | M] () -- C:\Users\Public\Desktop\ZoomBrowser EX.lnk [2011.12.17 20:16:55 | 000,003,672 | ---- | M] () -- C:\Users\Yzerman\Desktop\Powershot Handbuch.lnk [2011.12.15 09:24:08 | 000,434,816 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.12.13 09:35:46 | 000,034,624 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe [2011.12.13 09:29:26 | 000,025,920 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll [2011.12.13 09:29:24 | 000,021,312 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll [2011.12.13 09:29:20 | 000,036,160 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll [2011.12.13 09:29:16 | 000,029,504 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll [2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [2 C:\Users\Yzerman\*.tmp files -> C:\Users\Yzerman\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.01.07 17:26:35 | 000,004,704 | ---- | C] () -- C:\Users\Yzerman\Desktop\mbam-log-2012-01-06 (18-09-54).zip [2012.01.06 14:25:38 | 000,199,827 | ---- | C] () -- C:\ProgramData\1325856142.bdinstall.bin [2012.01.06 14:25:10 | 000,000,270 | -H-- | C] () -- C:\bdr-conf [2012.01.06 14:25:09 | 036,942,680 | -H-- | C] () -- C:\bdrescue.gz [2012.01.06 14:25:09 | 002,510,608 | -H-- | C] () -- C:\bdrescue.vm [2012.01.06 14:25:09 | 000,217,769 | -H-- | C] () -- C:\bdrescue [2012.01.06 14:25:09 | 000,009,216 | -H-- | C] () -- C:\bdrescue.mbr [2012.01.06 14:24:56 | 000,002,092 | ---- | C] () -- C:\Users\Public\Desktop\Bitdefender Total Security 2012.lnk [2012.01.06 08:37:32 | 000,001,810 | ---- | C] () -- C:\Users\Yzerman\Desktop\SUPERAntiSpyware Free Edition.lnk [2012.01.05 20:07:32 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012.01.05 16:55:13 | 000,040,246 | ---- | C] () -- C:\Users\Yzerman\Desktop\Logfiles.zip [2012.01.05 16:32:15 | 000,000,000 | ---- | C] () -- C:\Users\Yzerman\defogger_reenable [2012.01.05 16:27:23 | 000,050,477 | ---- | C] () -- C:\Users\Yzerman\Desktop\Defogger.exe [2012.01.05 13:00:28 | 000,000,385 | ---- | C] () -- C:\Windows\SysNative\user_gensett.xml [2012.01.05 01:05:42 | 000,001,023 | ---- | C] () -- C:\Users\Yzerman\Desktop\SafeBox Folder.lnk [2012.01.04 19:34:23 | 000,247,636 | ---- | C] () -- C:\ProgramData\1325701732.bdinstall.bin [2012.01.04 19:33:17 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_avchv_01009.Wdf [2012.01.02 23:33:50 | 000,000,115 | ---- | C] () -- C:\Users\Yzerman\Desktop\MSN.de.url [2011.12.28 14:07:01 | 000,182,182 | ---- | C] () -- C:\Users\Yzerman\AppData\Local\census.cache [2011.12.28 14:06:58 | 000,152,134 | ---- | C] () -- C:\Users\Yzerman\AppData\Local\ars.cache [2011.12.28 14:01:32 | 000,000,036 | ---- | C] () -- C:\Users\Yzerman\AppData\Local\housecall.guid.cache [2011.12.18 00:28:43 | 000,001,298 | ---- | C] () -- C:\Users\Public\Desktop\ZoomBrowser EX.lnk [2011.12.17 20:16:55 | 000,003,672 | ---- | C] () -- C:\Users\Yzerman\Desktop\Powershot Handbuch.lnk [2011.09.05 12:24:56 | 000,001,097 | ---- | C] () -- C:\Windows\wiso.ini [2011.08.27 17:41:31 | 000,251,124 | ---- | C] () -- C:\Windows\hpwins14.dat.temp [2011.08.27 17:22:08 | 000,000,411 | ---- | C] () -- C:\Windows\hpwmdl14.dat.temp [2011.08.27 17:14:30 | 000,250,436 | ---- | C] () -- C:\Windows\hpwins14.dat [2011.08.27 17:14:30 | 000,000,411 | ---- | C] () -- C:\Windows\hpwmdl14.dat [2011.08.12 08:11:02 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.05.06 07:51:15 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.04.19 17:41:31 | 000,000,000 | ---- | C] () -- C:\Users\Yzerman\AppData\Local\rx_image32.Cache [2011.04.19 17:41:29 | 000,002,120 | ---- | C] () -- C:\Users\Yzerman\AppData\Local\rx_audio.Cache [2011.04.06 14:19:33 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll [2011.04.05 18:32:29 | 000,016,183 | ---- | C] () -- C:\Windows\SysWow64\SELF32.INI [2011.04.05 14:56:37 | 000,000,000 | ---- | C] () -- C:\Windows\buhl.ini [2011.04.05 14:55:53 | 000,182,264 | ---- | C] () -- C:\Windows\SysWow64\BpShellEx.dll [2011.04.04 10:28:30 | 000,512,192 | ---- | C] () -- C:\Windows\SysWow64\sig.bin [2010.06.28 19:34:37 | 000,000,000 | ---- | C] () -- C:\Users\Yzerman\AppData\Roaming\wklnhst.dat [2010.05.14 20:56:06 | 010,830,680 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll [2010.05.14 20:56:06 | 000,102,744 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe [2010.05.14 20:55:58 | 000,290,648 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll [2010.04.03 15:30:05 | 000,000,760 | ---- | C] () -- C:\Users\Yzerman\AppData\Roaming\setup_ldm.iss [2010.02.09 09:57:55 | 000,001,112 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini [2010.02.09 09:57:55 | 000,001,099 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini [2010.02.09 09:57:55 | 000,001,099 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini [2010.02.09 09:57:51 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2010.02.09 09:57:51 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2010.02.09 09:39:00 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat ========== LOP Check ========== [2012.01.04 19:34:51 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\Bitdefender [2011.04.05 15:03:53 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\Buhl Data Service [2011.04.05 15:55:44 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\Buhl Data Service GmbH [2011.02.05 12:27:15 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\DesktopReminder [2011.12.29 19:46:48 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\Fighters [2011.02.05 12:48:16 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\GetRightToGo [2011.12.06 10:30:27 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\GrabPro [2010.04.03 15:30:07 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\Leadertech [2011.04.06 14:47:31 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\MAGIX [2011.05.11 17:30:02 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\MAPILab NNTP Accounts [2011.12.06 10:30:29 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\OpenCandy [2012.01.05 00:14:09 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\Orbit [2011.12.06 10:30:33 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\ProgSense [2011.12.28 13:52:04 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\QuickScan [2010.06.28 19:34:38 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\Template [2011.04.06 14:58:37 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\Titanium [2010.11.06 12:33:05 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\TuneUp Software [2010.08.03 10:19:44 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\Ugzyuf [2011.02.05 12:43:21 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\UK's Kalender [2011.11.17 01:13:16 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\Windows Live Writer [2010.09.12 09:01:14 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\Ybukwo [2012.01.06 09:41:28 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== |
Teil 2: < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.09.09 14:47:08 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\Adobe [2011.11.26 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\Apple Computer [2010.04.03 12:46:47 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\ATI [2011.04.01 18:13:55 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\AVS4YOU [2012.01.04 19:34:51 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\Bitdefender [2011.04.05 15:03:53 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\Buhl Data Service [2011.04.05 15:55:44 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\Buhl Data Service GmbH [2010.04.03 12:52:28 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\CyberLink [2010.04.03 12:47:05 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\Dell [2011.02.05 12:27:15 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\DesktopReminder [2011.12.29 19:46:48 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\Fighters [2011.02.05 12:48:16 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\GetRightToGo [2011.12.06 10:30:27 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\GrabPro [2011.08.27 17:38:16 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\HP [2010.04.03 12:46:25 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\Identities [2011.04.06 15:07:05 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\IDMComp [2010.04.03 15:21:50 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\InstallShield [2010.04.03 12:46:51 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\Intel Corporation [2010.04.03 15:30:07 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\Leadertech [2010.04.03 15:30:17 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\Logitech [2010.09.12 14:07:56 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\Macromedia [2011.04.06 14:47:31 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\MAGIX [2012.01.05 20:07:41 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\Malwarebytes [2011.05.11 17:30:02 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\MAPILab NNTP Accounts [2009.07.14 19:18:18 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\Media Center Programs [2011.11.29 10:42:32 | 000,000,000 | --SD | M] -- C:\Users\Yzerman\AppData\Roaming\Microsoft [2010.04.20 18:44:54 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\Mozilla [2011.12.06 10:30:29 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\OpenCandy [2012.01.05 00:14:09 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\Orbit [2011.12.06 10:30:33 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\ProgSense [2011.12.28 13:52:04 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\QuickScan [2011.04.19 17:36:31 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\Roxio [2011.06.23 10:59:03 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\Skype [2011.06.22 15:06:21 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\skypePM [2012.01.06 08:38:02 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\SUPERAntiSpyware.com [2010.06.28 19:34:38 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\Template [2011.04.06 14:58:37 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\Titanium [2010.11.06 12:33:05 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\TuneUp Software [2010.08.03 10:19:44 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\Ugzyuf [2011.02.05 12:43:21 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\UK's Kalender [2011.11.17 01:13:16 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\Windows Live Writer [2010.09.12 09:01:14 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\Ybukwo [2011.12.18 01:11:22 | 000,000,000 | ---D | M] -- C:\Users\Yzerman\AppData\Roaming\ZoomBrowser EX < %APPDATA%\*.exe /s > [2010.05.04 18:31:35 | 008,656,832 | ---- | M] (Dell, Inc. ) -- C:\Users\Yzerman\AppData\Roaming\DataSafeDotNet.exe [2010.04.03 15:30:06 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\Yzerman\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe [2011.09.05 09:15:02 | 000,010,134 | R--- | M] () -- C:\Users\Yzerman\AppData\Roaming\Microsoft\Installer\{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}\ARPPRODUCTICON.exe [2011.11.18 05:30:06 | 002,081,208 | ---- | M] (Speedchecker Limited ) -- C:\Users\Yzerman\AppData\Roaming\OpenCandy\DE5EAB164F9D4377902301B034F6871B\pcspeedup_oc.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2011.10.14 22:57:26 | 000,007,840 | ---- | M] () MD5=A8B15EC290C2F28AF39A6FE02F0ACF0D -- C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\lib\eventlog.dll < MD5 for: IASTOR.SYS > [2009.10.02 21:58:58 | 000,537,112 | ---- | M] (Intel Corporation) MD5=631FA8935163B01FC0C02966CB3ADB92 -- C:\Drivers\storage\R245418\iaStor.sys [2009.10.02 21:58:58 | 000,537,112 | ---- | M] (Intel Corporation) MD5=631FA8935163B01FC0C02966CB3ADB92 -- C:\Windows\SysNative\drivers\iaStor.sys [2009.10.02 21:58:58 | 000,537,112 | ---- | M] (Intel Corporation) MD5=631FA8935163B01FC0C02966CB3ADB92 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_b03f80929ac23556\iaStor.sys [2009.10.02 21:58:58 | 000,537,112 | ---- | M] (Intel Corporation) MD5=631FA8935163B01FC0C02966CB3ADB92 -- C:\Windows\SysNative\DriverStore\FileRepository\iastor.inf_amd64_neutral_093f326ff5f9285e\iaStor.sys < MD5 for: IASTORV.SYS > [2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > ========== Files - Unicode (All) ========== [2011.04.03 11:00:00 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{ca04255d-5cf9-11e0-8a85-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF싚䂪{ca04255d-5cf9-11e0-8a85-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms [2011.04.03 11:00:00 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{ca04255d-5cf9-11e0-8a85-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF싚䂪{ca04255d-5cf9-11e0-8a85-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms [2011.04.03 11:00:00 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{ca04255d-5cf9-11e0-8a85-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF싚䂪{ca04255d-5cf9-11e0-8a85-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms [2011.04.03 11:00:00 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{ca04255d-5cf9-11e0-8a85-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF싚䂪{ca04255d-5cf9-11e0-8a85-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms [2011.04.03 11:00:00 | 000,262,144 | ---- | M] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF싚䂪 [2011.04.03 11:00:00 | 000,262,144 | ---- | C] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF싚䂪 [2011.04.03 11:00:00 | 000,065,536 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{ca04255d-5cf9-11e0-8a85-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF싚䂪{ca04255d-5cf9-11e0-8a85-001f3f0c9821}.TM.blf [2011.04.03 11:00:00 | 000,065,536 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{ca04255d-5cf9-11e0-8a85-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF싚䂪{ca04255d-5cf9-11e0-8a85-001f3f0c9821}.TM.blf [2011.04.03 11:00:00 | 000,005,120 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF싚䂪.LOG1 [2011.04.03 11:00:00 | 000,005,120 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF싚䂪.LOG1 [2011.04.03 11:00:00 | 000,000,000 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF싚䂪.LOG2 [2011.04.03 11:00:00 | 000,000,000 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF싚䂪.LOG2 [2011.03.27 11:00:01 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{8f1a9844-5855-11e0-84c4-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF�ꤦ{8f1a9844-5855-11e0-84c4-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms [2011.03.27 11:00:01 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{8f1a9844-5855-11e0-84c4-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF�ꤦ{8f1a9844-5855-11e0-84c4-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms [2011.03.27 11:00:01 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{8f1a9844-5855-11e0-84c4-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF�ꤦ{8f1a9844-5855-11e0-84c4-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms [2011.03.27 11:00:01 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{8f1a9844-5855-11e0-84c4-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF�ꤦ{8f1a9844-5855-11e0-84c4-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms [2011.03.27 11:00:01 | 000,262,144 | ---- | M] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF�ꤦ [2011.03.27 11:00:01 | 000,262,144 | ---- | C] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF�ꤦ [2011.03.27 11:00:01 | 000,065,536 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{8f1a9844-5855-11e0-84c4-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF�ꤦ{8f1a9844-5855-11e0-84c4-001f3f0c9821}.TM.blf [2011.03.27 11:00:01 | 000,065,536 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{8f1a9844-5855-11e0-84c4-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF�ꤦ{8f1a9844-5855-11e0-84c4-001f3f0c9821}.TM.blf [2011.03.27 11:00:01 | 000,005,120 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF�ꤦ.LOG1 [2011.03.27 11:00:01 | 000,005,120 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF�ꤦ.LOG1 [2011.03.27 11:00:01 | 000,000,000 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF�ꤦ.LOG2 [2011.03.27 11:00:01 | 000,000,000 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF�ꤦ.LOG2 [2011.03.20 13:25:43 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{56717b7a-52ec-11e0-842a-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF둒ꧣ{56717b7a-52ec-11e0-842a-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms [2011.03.20 13:25:43 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{56717b7a-52ec-11e0-842a-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF둒ꧣ{56717b7a-52ec-11e0-842a-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms [2011.03.20 13:25:43 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{56717b7a-52ec-11e0-842a-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF둒ꧣ{56717b7a-52ec-11e0-842a-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms [2011.03.20 13:25:43 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{56717b7a-52ec-11e0-842a-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF둒ꧣ{56717b7a-52ec-11e0-842a-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms [2011.03.20 13:25:43 | 000,065,536 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{56717b7a-52ec-11e0-842a-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF둒ꧣ{56717b7a-52ec-11e0-842a-001f3f0c9821}.TM.blf [2011.03.20 13:25:43 | 000,065,536 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{56717b7a-52ec-11e0-842a-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF둒ꧣ{56717b7a-52ec-11e0-842a-001f3f0c9821}.TM.blf [2011.03.20 13:25:42 | 000,262,144 | ---- | M] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF둒ꧣ [2011.03.20 13:25:42 | 000,262,144 | ---- | C] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF둒ꧣ [2011.03.20 13:25:42 | 000,005,120 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF둒ꧣ.LOG1 [2011.03.20 13:25:42 | 000,005,120 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF둒ꧣ.LOG1 [2011.03.20 13:25:42 | 000,000,000 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF둒ꧣ.LOG2 [2011.03.20 13:25:42 | 000,000,000 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF둒ꧣ.LOG2 [2011.03.13 12:00:01 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{088f6aa3-4d5e-11e0-8f0b-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF赹㲱{088f6aa3-4d5e-11e0-8f0b-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms [2011.03.13 12:00:01 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{088f6aa3-4d5e-11e0-8f0b-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF赹㲱{088f6aa3-4d5e-11e0-8f0b-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms [2011.03.13 12:00:01 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{088f6aa3-4d5e-11e0-8f0b-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF赹㲱{088f6aa3-4d5e-11e0-8f0b-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms [2011.03.13 12:00:01 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{088f6aa3-4d5e-11e0-8f0b-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF赹㲱{088f6aa3-4d5e-11e0-8f0b-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms [2011.03.13 12:00:01 | 000,262,144 | ---- | M] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF赹㲱 [2011.03.13 12:00:01 | 000,262,144 | ---- | C] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF赹㲱 [2011.03.13 12:00:01 | 000,065,536 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{088f6aa3-4d5e-11e0-8f0b-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF赹㲱{088f6aa3-4d5e-11e0-8f0b-001f3f0c9821}.TM.blf [2011.03.13 12:00:01 | 000,065,536 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{088f6aa3-4d5e-11e0-8f0b-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF赹㲱{088f6aa3-4d5e-11e0-8f0b-001f3f0c9821}.TM.blf [2011.03.13 12:00:01 | 000,005,120 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF赹㲱.LOG1 [2011.03.13 12:00:01 | 000,005,120 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF赹㲱.LOG1 [2011.03.13 12:00:01 | 000,000,000 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF赹㲱.LOG2 [2011.03.13 12:00:01 | 000,000,000 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF赹㲱.LOG2 [2011.03.06 12:00:00 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{dc5b10c3-47d0-11e0-9c07-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF왪島{dc5b10c3-47d0-11e0-9c07-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms [2011.03.06 12:00:00 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{dc5b10c3-47d0-11e0-9c07-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF왪島{dc5b10c3-47d0-11e0-9c07-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms [2011.03.06 12:00:00 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{dc5b10c3-47d0-11e0-9c07-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF왪島{dc5b10c3-47d0-11e0-9c07-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms [2011.03.06 12:00:00 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{dc5b10c3-47d0-11e0-9c07-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF왪島{dc5b10c3-47d0-11e0-9c07-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms [2011.03.06 12:00:00 | 000,262,144 | ---- | M] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF왪島 [2011.03.06 12:00:00 | 000,262,144 | ---- | C] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF왪島 [2011.03.06 12:00:00 | 000,065,536 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{dc5b10c3-47d0-11e0-9c07-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF왪島{dc5b10c3-47d0-11e0-9c07-001f3f0c9821}.TM.blf [2011.03.06 12:00:00 | 000,065,536 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{dc5b10c3-47d0-11e0-9c07-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF왪島{dc5b10c3-47d0-11e0-9c07-001f3f0c9821}.TM.blf [2011.03.06 12:00:00 | 000,005,120 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF왪島.LOG1 [2011.03.06 12:00:00 | 000,005,120 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF왪島.LOG1 [2011.03.06 12:00:00 | 000,000,000 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF왪島.LOG2 [2011.03.06 12:00:00 | 000,000,000 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF왪島.LOG2 |
Teil 3: [2011.02.27 12:00:00 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{5da44f65-4246-11e0-86a0-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF㗺䴛{5da44f65-4246-11e0-86a0-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms [2011.02.27 12:00:00 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{5da44f65-4246-11e0-86a0-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF㗺䴛{5da44f65-4246-11e0-86a0-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms [2011.02.27 12:00:00 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{5da44f65-4246-11e0-86a0-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF㗺䴛{5da44f65-4246-11e0-86a0-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms [2011.02.27 12:00:00 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{5da44f65-4246-11e0-86a0-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF㗺䴛{5da44f65-4246-11e0-86a0-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms [2011.02.27 12:00:00 | 000,262,144 | ---- | M] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF㗺䴛 [2011.02.27 12:00:00 | 000,262,144 | ---- | C] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF㗺䴛 [2011.02.27 12:00:00 | 000,065,536 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{5da44f65-4246-11e0-86a0-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF㗺䴛{5da44f65-4246-11e0-86a0-001f3f0c9821}.TM.blf [2011.02.27 12:00:00 | 000,065,536 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{5da44f65-4246-11e0-86a0-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF㗺䴛{5da44f65-4246-11e0-86a0-001f3f0c9821}.TM.blf [2011.02.27 12:00:00 | 000,005,120 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF㗺䴛.LOG1 [2011.02.27 12:00:00 | 000,005,120 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF㗺䴛.LOG1 [2011.02.27 12:00:00 | 000,000,000 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF㗺䴛.LOG2 [2011.02.27 12:00:00 | 000,000,000 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF㗺䴛.LOG2 [2011.02.20 12:00:00 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{b1ef8267-3cce-11e0-8699-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GFይ숕{b1ef8267-3cce-11e0-8699-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms [2011.02.20 12:00:00 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{b1ef8267-3cce-11e0-8699-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GFይ숕{b1ef8267-3cce-11e0-8699-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms [2011.02.20 12:00:00 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{b1ef8267-3cce-11e0-8699-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GFይ숕{b1ef8267-3cce-11e0-8699-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms [2011.02.20 12:00:00 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{b1ef8267-3cce-11e0-8699-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GFይ숕{b1ef8267-3cce-11e0-8699-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms [2011.02.20 12:00:00 | 000,262,144 | ---- | M] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GFይ숕 [2011.02.20 12:00:00 | 000,262,144 | ---- | C] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GFይ숕 [2011.02.20 12:00:00 | 000,065,536 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{b1ef8267-3cce-11e0-8699-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GFይ숕{b1ef8267-3cce-11e0-8699-001f3f0c9821}.TM.blf [2011.02.20 12:00:00 | 000,065,536 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{b1ef8267-3cce-11e0-8699-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GFይ숕{b1ef8267-3cce-11e0-8699-001f3f0c9821}.TM.blf [2011.02.20 12:00:00 | 000,005,120 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GFይ숕.LOG1 [2011.02.20 12:00:00 | 000,005,120 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GFይ숕.LOG1 [2011.02.20 12:00:00 | 000,000,000 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GFይ숕.LOG2 [2011.02.20 12:00:00 | 000,000,000 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GFይ숕.LOG2 [2011.02.13 12:00:07 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{99281fad-3758-11e0-8137-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF믣䃃{99281fad-3758-11e0-8137-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms [2011.02.13 12:00:07 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{99281fad-3758-11e0-8137-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF믣䃃{99281fad-3758-11e0-8137-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms [2011.02.13 12:00:07 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{99281fad-3758-11e0-8137-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF믣䃃{99281fad-3758-11e0-8137-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms [2011.02.13 12:00:07 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{99281fad-3758-11e0-8137-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF믣䃃{99281fad-3758-11e0-8137-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms [2011.02.13 12:00:07 | 000,262,144 | ---- | M] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF믣䃃 [2011.02.13 12:00:07 | 000,262,144 | ---- | C] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF믣䃃 [2011.02.13 12:00:07 | 000,065,536 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{99281fad-3758-11e0-8137-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF믣䃃{99281fad-3758-11e0-8137-001f3f0c9821}.TM.blf [2011.02.13 12:00:07 | 000,065,536 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{99281fad-3758-11e0-8137-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF믣䃃{99281fad-3758-11e0-8137-001f3f0c9821}.TM.blf [2011.02.13 12:00:07 | 000,005,120 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF믣䃃.LOG1 [2011.02.13 12:00:07 | 000,005,120 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF믣䃃.LOG1 [2011.02.13 12:00:07 | 000,000,000 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF믣䃃.LOG2 [2011.02.13 12:00:07 | 000,000,000 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF믣䃃.LOG2 [2011.02.06 12:00:00 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{e0c03e01-30f3-11e0-8634-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF녙傚{e0c03e01-30f3-11e0-8634-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms [2011.02.06 12:00:00 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{e0c03e01-30f3-11e0-8634-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF녙傚{e0c03e01-30f3-11e0-8634-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms [2011.02.06 12:00:00 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{e0c03e01-30f3-11e0-8634-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF녙傚{e0c03e01-30f3-11e0-8634-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms [2011.02.06 12:00:00 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{e0c03e01-30f3-11e0-8634-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF녙傚{e0c03e01-30f3-11e0-8634-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms [2011.02.06 12:00:00 | 000,262,144 | ---- | M] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF녙傚 [2011.02.06 12:00:00 | 000,262,144 | ---- | C] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF녙傚 [2011.02.06 12:00:00 | 000,065,536 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{e0c03e01-30f3-11e0-8634-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF녙傚{e0c03e01-30f3-11e0-8634-001f3f0c9821}.TM.blf [2011.02.06 12:00:00 | 000,065,536 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{e0c03e01-30f3-11e0-8634-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF녙傚{e0c03e01-30f3-11e0-8634-001f3f0c9821}.TM.blf [2011.02.06 12:00:00 | 000,005,120 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF녙傚.LOG1 [2011.02.06 12:00:00 | 000,005,120 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF녙傚.LOG1 [2011.02.06 12:00:00 | 000,000,000 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF녙傚.LOG2 [2011.02.06 12:00:00 | 000,000,000 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF녙傚.LOG2 [2011.01.30 12:00:00 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{ddd17043-2c49-11e0-9fb4-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF䥉㡂{ddd17043-2c49-11e0-9fb4-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms [2011.01.30 12:00:00 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{ddd17043-2c49-11e0-9fb4-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF䥉㡂{ddd17043-2c49-11e0-9fb4-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms [2011.01.30 12:00:00 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{ddd17043-2c49-11e0-9fb4-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF䥉㡂{ddd17043-2c49-11e0-9fb4-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms [2011.01.30 12:00:00 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{ddd17043-2c49-11e0-9fb4-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF䥉㡂{ddd17043-2c49-11e0-9fb4-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms [2011.01.30 12:00:00 | 000,262,144 | ---- | M] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF䥉㡂 [2011.01.30 12:00:00 | 000,262,144 | ---- | C] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF䥉㡂 [2011.01.30 12:00:00 | 000,065,536 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{ddd17043-2c49-11e0-9fb4-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF䥉㡂{ddd17043-2c49-11e0-9fb4-001f3f0c9821}.TM.blf [2011.01.30 12:00:00 | 000,065,536 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{ddd17043-2c49-11e0-9fb4-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF䥉㡂{ddd17043-2c49-11e0-9fb4-001f3f0c9821}.TM.blf [2011.01.30 12:00:00 | 000,005,120 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF䥉㡂.LOG1 [2011.01.30 12:00:00 | 000,005,120 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF䥉㡂.LOG1 [2011.01.30 12:00:00 | 000,000,000 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF䥉㡂.LOG2 [2011.01.30 12:00:00 | 000,000,000 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF䥉㡂.LOG2 [2011.01.23 12:00:00 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{e91b4565-26c8-11e0-8339-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF끲胲{e91b4565-26c8-11e0-8339-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms [2011.01.23 12:00:00 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{e91b4565-26c8-11e0-8339-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF끲胲{e91b4565-26c8-11e0-8339-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms [2011.01.23 12:00:00 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{e91b4565-26c8-11e0-8339-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF끲胲{e91b4565-26c8-11e0-8339-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms [2011.01.23 12:00:00 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{e91b4565-26c8-11e0-8339-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF끲胲{e91b4565-26c8-11e0-8339-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms [2011.01.23 12:00:00 | 000,262,144 | ---- | M] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF끲胲 [2011.01.23 12:00:00 | 000,262,144 | ---- | C] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF끲胲 [2011.01.23 12:00:00 | 000,065,536 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{e91b4565-26c8-11e0-8339-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF끲胲{e91b4565-26c8-11e0-8339-001f3f0c9821}.TM.blf [2011.01.23 12:00:00 | 000,065,536 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{e91b4565-26c8-11e0-8339-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF끲胲{e91b4565-26c8-11e0-8339-001f3f0c9821}.TM.blf [2011.01.23 12:00:00 | 000,005,120 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF끲胲.LOG1 [2011.01.23 12:00:00 | 000,005,120 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF끲胲.LOG1 [2011.01.23 12:00:00 | 000,000,000 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF끲胲.LOG2 [2011.01.23 12:00:00 | 000,000,000 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF끲胲.LOG2 [2011.01.16 12:00:00 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{8c08f042-2149-11e0-93dd-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF䒱氟{8c08f042-2149-11e0-93dd-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms [2011.01.16 12:00:00 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{8c08f042-2149-11e0-93dd-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF䒱氟{8c08f042-2149-11e0-93dd-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms [2011.01.16 12:00:00 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{8c08f042-2149-11e0-93dd-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF䒱氟{8c08f042-2149-11e0-93dd-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms [2011.01.16 12:00:00 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{8c08f042-2149-11e0-93dd-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF䒱氟{8c08f042-2149-11e0-93dd-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms [2011.01.16 12:00:00 | 000,262,144 | ---- | M] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF䒱氟 [2011.01.16 12:00:00 | 000,262,144 | ---- | C] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF䒱氟 [2011.01.16 12:00:00 | 000,065,536 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{8c08f042-2149-11e0-93dd-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF䒱氟{8c08f042-2149-11e0-93dd-001f3f0c9821}.TM.blf [2011.01.16 12:00:00 | 000,065,536 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{8c08f042-2149-11e0-93dd-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF䒱氟{8c08f042-2149-11e0-93dd-001f3f0c9821}.TM.blf [2011.01.16 12:00:00 | 000,005,120 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF䒱氟.LOG1 [2011.01.16 12:00:00 | 000,005,120 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF䒱氟.LOG1 [2011.01.16 12:00:00 | 000,000,000 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF䒱氟.LOG2 [2011.01.16 12:00:00 | 000,000,000 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF䒱氟.LOG2 [2011.01.09 12:00:06 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{1dbcd654-1bcc-11e0-8489-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF醖䣙{1dbcd654-1bcc-11e0-8489-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms [2011.01.09 12:00:06 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{1dbcd654-1bcc-11e0-8489-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF醖䣙{1dbcd654-1bcc-11e0-8489-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms [2011.01.09 12:00:06 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{1dbcd654-1bcc-11e0-8489-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF醖䣙{1dbcd654-1bcc-11e0-8489-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms [2011.01.09 12:00:06 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{1dbcd654-1bcc-11e0-8489-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF醖䣙{1dbcd654-1bcc-11e0-8489-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms [2011.01.09 12:00:06 | 000,262,144 | ---- | M] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF醖䣙 [2011.01.09 12:00:06 | 000,262,144 | ---- | C] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF醖䣙 [2011.01.09 12:00:06 | 000,065,536 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{1dbcd654-1bcc-11e0-8489-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF醖䣙{1dbcd654-1bcc-11e0-8489-001f3f0c9821}.TM.blf [2011.01.09 12:00:06 | 000,065,536 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{1dbcd654-1bcc-11e0-8489-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF醖䣙{1dbcd654-1bcc-11e0-8489-001f3f0c9821}.TM.blf [2011.01.09 12:00:06 | 000,005,120 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF醖䣙.LOG1 [2011.01.09 12:00:06 | 000,005,120 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF醖䣙.LOG1 [2011.01.09 12:00:06 | 000,000,000 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF醖䣙.LOG2 [2011.01.09 12:00:06 | 000,000,000 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF醖䣙.LOG2 [2011.01.02 12:00:00 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{269f04c2-165d-11e0-87a1-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF⁙菑{269f04c2-165d-11e0-87a1-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms [2011.01.02 12:00:00 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{269f04c2-165d-11e0-87a1-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF⁙菑{269f04c2-165d-11e0-87a1-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms [2011.01.02 12:00:00 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{269f04c2-165d-11e0-87a1-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF⁙菑{269f04c2-165d-11e0-87a1-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms [2011.01.02 12:00:00 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{269f04c2-165d-11e0-87a1-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF⁙菑{269f04c2-165d-11e0-87a1-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms [2011.01.02 12:00:00 | 000,262,144 | ---- | M] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF⁙菑 [2011.01.02 12:00:00 | 000,262,144 | ---- | C] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF⁙菑 [2011.01.02 12:00:00 | 000,065,536 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{269f04c2-165d-11e0-87a1-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF⁙菑{269f04c2-165d-11e0-87a1-001f3f0c9821}.TM.blf [2011.01.02 12:00:00 | 000,065,536 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{269f04c2-165d-11e0-87a1-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF⁙菑{269f04c2-165d-11e0-87a1-001f3f0c9821}.TM.blf [2011.01.02 12:00:00 | 000,005,120 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF⁙菑.LOG1 [2011.01.02 12:00:00 | 000,005,120 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF⁙菑.LOG1 [2011.01.02 12:00:00 | 000,000,000 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF⁙菑.LOG2 [2011.01.02 12:00:00 | 000,000,000 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF⁙菑.LOG2 [2010.12.26 12:00:00 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{4bc29404-10b9-11e0-86c1-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF폲{4bc29404-10b9-11e0-86c1-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms [2010.12.26 12:00:00 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{4bc29404-10b9-11e0-86c1-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF폲{4bc29404-10b9-11e0-86c1-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms [2010.12.26 12:00:00 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{4bc29404-10b9-11e0-86c1-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF폲{4bc29404-10b9-11e0-86c1-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms [2010.12.26 12:00:00 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{4bc29404-10b9-11e0-86c1-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF폲{4bc29404-10b9-11e0-86c1-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms [2010.12.26 12:00:00 | 000,262,144 | ---- | M] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF폲 [2010.12.26 12:00:00 | 000,262,144 | ---- | C] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF폲 [2010.12.26 12:00:00 | 000,065,536 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{4bc29404-10b9-11e0-86c1-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF폲{4bc29404-10b9-11e0-86c1-001f3f0c9821}.TM.blf [2010.12.26 12:00:00 | 000,065,536 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{4bc29404-10b9-11e0-86c1-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF폲{4bc29404-10b9-11e0-86c1-001f3f0c9821}.TM.blf [2010.12.26 12:00:00 | 000,005,120 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF폲.LOG1 [2010.12.26 12:00:00 | 000,005,120 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF폲.LOG1 [2010.12.26 12:00:00 | 000,000,000 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF폲.LOG2 [2010.12.26 12:00:00 | 000,000,000 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF폲.LOG2 [2010.12.19 12:00:00 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{d5b2b013-0b41-11e0-86ec-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GFﶖ쑜{d5b2b013-0b41-11e0-86ec-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms [2010.12.19 12:00:00 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{d5b2b013-0b41-11e0-86ec-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GFﶖ쑜{d5b2b013-0b41-11e0-86ec-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms [2010.12.19 12:00:00 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{d5b2b013-0b41-11e0-86ec-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GFﶖ쑜{d5b2b013-0b41-11e0-86ec-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms [2010.12.19 12:00:00 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{d5b2b013-0b41-11e0-86ec-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GFﶖ쑜{d5b2b013-0b41-11e0-86ec-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms [2010.12.19 12:00:00 | 000,262,144 | ---- | M] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GFﶖ쑜 [2010.12.19 12:00:00 | 000,262,144 | ---- | C] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GFﶖ쑜 [2010.12.19 12:00:00 | 000,065,536 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{d5b2b013-0b41-11e0-86ec-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GFﶖ쑜{d5b2b013-0b41-11e0-86ec-001f3f0c9821}.TM.blf [2010.12.19 12:00:00 | 000,065,536 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{d5b2b013-0b41-11e0-86ec-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GFﶖ쑜{d5b2b013-0b41-11e0-86ec-001f3f0c9821}.TM.blf [2010.12.19 12:00:00 | 000,005,120 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GFﶖ쑜.LOG1 [2010.12.19 12:00:00 | 000,005,120 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GFﶖ쑜.LOG1 [2010.12.19 12:00:00 | 000,000,000 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GFﶖ쑜.LOG2 [2010.12.19 12:00:00 | 000,000,000 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GFﶖ쑜.LOG2 [2010.12.12 12:00:00 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{016fec03-05be-11e0-8514-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF燭ᄉ{016fec03-05be-11e0-8514-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms [2010.12.12 12:00:00 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{016fec03-05be-11e0-8514-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF燭ᄉ{016fec03-05be-11e0-8514-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms [2010.12.12 12:00:00 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{016fec03-05be-11e0-8514-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF燭ᄉ{016fec03-05be-11e0-8514-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms [2010.12.12 12:00:00 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{016fec03-05be-11e0-8514-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF燭ᄉ{016fec03-05be-11e0-8514-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms [2010.12.12 12:00:00 | 000,262,144 | ---- | M] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF燭ᄉ [2010.12.12 12:00:00 | 000,262,144 | ---- | C] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF燭ᄉ [2010.12.12 12:00:00 | 000,065,536 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{016fec03-05be-11e0-8514-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF燭ᄉ{016fec03-05be-11e0-8514-001f3f0c9821}.TM.blf [2010.12.12 12:00:00 | 000,065,536 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{016fec03-05be-11e0-8514-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF燭ᄉ{016fec03-05be-11e0-8514-001f3f0c9821}.TM.blf [2010.12.12 12:00:00 | 000,005,120 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF燭ᄉ.LOG1 [2010.12.12 12:00:00 | 000,005,120 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF燭ᄉ.LOG1 [2010.12.12 12:00:00 | 000,000,000 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF燭ᄉ.LOG2 [2010.12.12 12:00:00 | 000,000,000 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF燭ᄉ.LOG2 [2010.12.05 12:00:07 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{fd39b367-0044-11e0-849a-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF웪骍{fd39b367-0044-11e0-849a-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms [2010.12.05 12:00:07 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{fd39b367-0044-11e0-849a-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF웪骍{fd39b367-0044-11e0-849a-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms [2010.12.05 12:00:07 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{fd39b367-0044-11e0-849a-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF웪骍{fd39b367-0044-11e0-849a-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms [2010.12.05 12:00:07 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{fd39b367-0044-11e0-849a-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF웪骍{fd39b367-0044-11e0-849a-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms [2010.12.05 12:00:07 | 000,262,144 | ---- | M] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF웪骍 [2010.12.05 12:00:07 | 000,262,144 | ---- | C] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF웪骍 [2010.12.05 12:00:07 | 000,065,536 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{fd39b367-0044-11e0-849a-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF웪骍{fd39b367-0044-11e0-849a-001f3f0c9821}.TM.blf [2010.12.05 12:00:07 | 000,065,536 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{fd39b367-0044-11e0-849a-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF웪骍{fd39b367-0044-11e0-849a-001f3f0c9821}.TM.blf [2010.12.05 12:00:07 | 000,005,120 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF웪骍.LOG1 [2010.12.05 12:00:07 | 000,005,120 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF웪骍.LOG1 [2010.12.05 12:00:07 | 000,000,000 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF웪骍.LOG2 [2010.12.05 12:00:07 | 000,000,000 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF웪骍.LOG2 [2010.11.28 12:00:00 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{82165163-fac8-11df-84e0-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GFꮥ褻{82165163-fac8-11df-84e0-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms [2010.11.28 12:00:00 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{82165163-fac8-11df-84e0-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GFꮥ褻{82165163-fac8-11df-84e0-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms [2010.11.28 12:00:00 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{82165163-fac8-11df-84e0-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GFꮥ褻{82165163-fac8-11df-84e0-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms [2010.11.28 12:00:00 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{82165163-fac8-11df-84e0-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GFꮥ褻{82165163-fac8-11df-84e0-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms [2010.11.28 12:00:00 | 000,262,144 | ---- | M] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GFꮥ褻 [2010.11.28 12:00:00 | 000,262,144 | ---- | C] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GFꮥ褻 [2010.11.28 12:00:00 | 000,065,536 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{82165163-fac8-11df-84e0-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GFꮥ褻{82165163-fac8-11df-84e0-001f3f0c9821}.TM.blf [2010.11.28 12:00:00 | 000,065,536 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{82165163-fac8-11df-84e0-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GFꮥ褻{82165163-fac8-11df-84e0-001f3f0c9821}.TM.blf [2010.11.28 12:00:00 | 000,005,120 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GFꮥ褻.LOG1 [2010.11.28 12:00:00 | 000,005,120 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GFꮥ褻.LOG1 [2010.11.28 12:00:00 | 000,000,000 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GFꮥ褻.LOG2 [2010.11.28 12:00:00 | 000,000,000 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GFꮥ褻.LOG2 [2010.11.21 12:00:00 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{ad85c308-f541-11df-84e2-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF宺옏{ad85c308-f541-11df-84e2-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms [2010.11.21 12:00:00 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{ad85c308-f541-11df-84e2-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF宺옏{ad85c308-f541-11df-84e2-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms [2010.11.21 12:00:00 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{ad85c308-f541-11df-84e2-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF宺옏{ad85c308-f541-11df-84e2-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms [2010.11.21 12:00:00 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{ad85c308-f541-11df-84e2-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF宺옏{ad85c308-f541-11df-84e2-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms [2010.11.21 12:00:00 | 000,262,144 | ---- | M] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF宺옏 [2010.11.21 12:00:00 | 000,262,144 | ---- | C] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF宺옏 [2010.11.21 12:00:00 | 000,065,536 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{ad85c308-f541-11df-84e2-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF宺옏{ad85c308-f541-11df-84e2-001f3f0c9821}.TM.blf [2010.11.21 12:00:00 | 000,065,536 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{ad85c308-f541-11df-84e2-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF宺옏{ad85c308-f541-11df-84e2-001f3f0c9821}.TM.blf [2010.11.21 12:00:00 | 000,005,120 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF宺옏.LOG1 [2010.11.21 12:00:00 | 000,005,120 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF宺옏.LOG1 [2010.11.21 12:00:00 | 000,000,000 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF宺옏.LOG2 [2010.11.21 12:00:00 | 000,000,000 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF宺옏.LOG2 [2010.11.14 12:00:00 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{0a6c3bb3-efc1-11df-873d-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GFꅭ㛊{0a6c3bb3-efc1-11df-873d-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms [2010.11.14 12:00:00 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{0a6c3bb3-efc1-11df-873d-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GFꅭ㛊{0a6c3bb3-efc1-11df-873d-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms [2010.11.14 12:00:00 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{0a6c3bb3-efc1-11df-873d-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GFꅭ㛊{0a6c3bb3-efc1-11df-873d-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms [2010.11.14 12:00:00 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{0a6c3bb3-efc1-11df-873d-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GFꅭ㛊{0a6c3bb3-efc1-11df-873d-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms [2010.11.14 12:00:00 | 000,262,144 | ---- | M] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GFꅭ㛊 [2010.11.14 12:00:00 | 000,262,144 | ---- | C] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GFꅭ㛊 [2010.11.14 12:00:00 | 000,065,536 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{0a6c3bb3-efc1-11df-873d-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GFꅭ㛊{0a6c3bb3-efc1-11df-873d-001f3f0c9821}.TM.blf [2010.11.14 12:00:00 | 000,065,536 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{0a6c3bb3-efc1-11df-873d-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GFꅭ㛊{0a6c3bb3-efc1-11df-873d-001f3f0c9821}.TM.blf [2010.11.14 12:00:00 | 000,005,120 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GFꅭ㛊.LOG1 [2010.11.14 12:00:00 | 000,005,120 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GFꅭ㛊.LOG1 [2010.11.14 12:00:00 | 000,000,000 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GFꅭ㛊.LOG2 [2010.11.14 12:00:00 | 000,000,000 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GFꅭ㛊.LOG2 [2010.11.07 12:00:00 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{054c4125-ea43-11df-870a-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GFጋ鵰{054c4125-ea43-11df-870a-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms [2010.11.07 12:00:00 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{054c4125-ea43-11df-870a-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GFጋ鵰{054c4125-ea43-11df-870a-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms [2010.11.07 12:00:00 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{054c4125-ea43-11df-870a-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GFጋ鵰{054c4125-ea43-11df-870a-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms [2010.11.07 12:00:00 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{054c4125-ea43-11df-870a-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GFጋ鵰{054c4125-ea43-11df-870a-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms [2010.11.07 12:00:00 | 000,262,144 | ---- | M] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GFጋ鵰 [2010.11.07 12:00:00 | 000,262,144 | ---- | C] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GFጋ鵰 [2010.11.07 12:00:00 | 000,065,536 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{054c4125-ea43-11df-870a-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GFጋ鵰{054c4125-ea43-11df-870a-001f3f0c9821}.TM.blf [2010.11.07 12:00:00 | 000,065,536 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{054c4125-ea43-11df-870a-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GFጋ鵰{054c4125-ea43-11df-870a-001f3f0c9821}.TM.blf [2010.11.07 12:00:00 | 000,005,120 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GFጋ鵰.LOG1 [2010.11.07 12:00:00 | 000,005,120 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GFጋ鵰.LOG1 [2010.11.07 12:00:00 | 000,000,000 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GFጋ鵰.LOG2 [2010.11.07 12:00:00 | 000,000,000 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GFጋ鵰.LOG2 [2010.10.31 12:00:00 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{10007e44-e4c8-11df-8336-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF븘ኹ{10007e44-e4c8-11df-8336-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms [2010.10.31 12:00:00 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{10007e44-e4c8-11df-8336-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF븘ኹ{10007e44-e4c8-11df-8336-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms [2010.10.31 12:00:00 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{10007e44-e4c8-11df-8336-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF븘ኹ{10007e44-e4c8-11df-8336-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms [2010.10.31 12:00:00 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{10007e44-e4c8-11df-8336-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF븘ኹ{10007e44-e4c8-11df-8336-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms [2010.10.31 12:00:00 | 000,262,144 | ---- | M] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF븘ኹ [2010.10.31 12:00:00 | 000,262,144 | ---- | C] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF븘ኹ [2010.10.31 12:00:00 | 000,065,536 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{10007e44-e4c8-11df-8336-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF븘ኹ{10007e44-e4c8-11df-8336-001f3f0c9821}.TM.blf [2010.10.31 12:00:00 | 000,065,536 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{10007e44-e4c8-11df-8336-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF븘ኹ{10007e44-e4c8-11df-8336-001f3f0c9821}.TM.blf [2010.10.31 12:00:00 | 000,005,120 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF븘ኹ.LOG1 [2010.10.31 12:00:00 | 000,005,120 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF븘ኹ.LOG1 [2010.10.31 12:00:00 | 000,000,000 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF븘ኹ.LOG2 [2010.10.31 12:00:00 | 000,000,000 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF븘ኹ.LOG2 [2010.10.24 11:00:01 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{f3a4325d-df53-11df-8270-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF喿䗪{f3a4325d-df53-11df-8270-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms [2010.10.24 11:00:01 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{f3a4325d-df53-11df-8270-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF喿䗪{f3a4325d-df53-11df-8270-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms [2010.10.24 11:00:01 | 000,065,536 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{f3a4325d-df53-11df-8270-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF喿䗪{f3a4325d-df53-11df-8270-001f3f0c9821}.TM.blf [2010.10.24 11:00:00 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{f3a4325d-df53-11df-8270-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF喿䗪{f3a4325d-df53-11df-8270-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms [2010.10.24 11:00:00 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{f3a4325d-df53-11df-8270-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF喿䗪{f3a4325d-df53-11df-8270-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms [2010.10.24 11:00:00 | 000,262,144 | ---- | M] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF喿䗪 [2010.10.24 11:00:00 | 000,262,144 | ---- | C] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF喿䗪 [2010.10.24 11:00:00 | 000,065,536 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{f3a4325d-df53-11df-8270-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF喿䗪{f3a4325d-df53-11df-8270-001f3f0c9821}.TM.blf [2010.10.24 11:00:00 | 000,005,120 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF喿䗪.LOG1 [2010.10.24 11:00:00 | 000,005,120 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF喿䗪.LOG1 [2010.10.24 11:00:00 | 000,000,000 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF喿䗪.LOG2 [2010.10.24 11:00:00 | 000,000,000 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF喿䗪.LOG2 [2010.10.17 11:00:01 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{4e6e1fa3-d9c6-11df-9bb0-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF퇶ꗨ{4e6e1fa3-d9c6-11df-9bb0-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms [2010.10.17 11:00:01 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{4e6e1fa3-d9c6-11df-9bb0-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF퇶ꗨ{4e6e1fa3-d9c6-11df-9bb0-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms [2010.10.17 11:00:01 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{4e6e1fa3-d9c6-11df-9bb0-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF퇶ꗨ{4e6e1fa3-d9c6-11df-9bb0-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms [2010.10.17 11:00:01 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{4e6e1fa3-d9c6-11df-9bb0-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF퇶ꗨ{4e6e1fa3-d9c6-11df-9bb0-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms [2010.10.17 11:00:01 | 000,262,144 | ---- | M] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF퇶ꗨ [2010.10.17 11:00:01 | 000,262,144 | ---- | C] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF퇶ꗨ [2010.10.17 11:00:01 | 000,065,536 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{4e6e1fa3-d9c6-11df-9bb0-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF퇶ꗨ{4e6e1fa3-d9c6-11df-9bb0-001f3f0c9821}.TM.blf [2010.10.17 11:00:01 | 000,065,536 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{4e6e1fa3-d9c6-11df-9bb0-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF퇶ꗨ{4e6e1fa3-d9c6-11df-9bb0-001f3f0c9821}.TM.blf [2010.10.17 11:00:01 | 000,005,120 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF퇶ꗨ.LOG1 [2010.10.17 11:00:01 | 000,005,120 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF퇶ꗨ.LOG1 [2010.10.17 11:00:01 | 000,000,000 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF퇶ꗨ.LOG2 [2010.10.17 11:00:01 | 000,000,000 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF퇶ꗨ.LOG2 [2010.10.10 11:00:00 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{63d29472-d43b-11df-8512-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF{63d29472-d43b-11df-8512-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms [2010.10.10 11:00:00 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{63d29472-d43b-11df-8512-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF{63d29472-d43b-11df-8512-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms [2010.10.10 11:00:00 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{63d29472-d43b-11df-8512-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF{63d29472-d43b-11df-8512-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms [2010.10.10 11:00:00 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{63d29472-d43b-11df-8512-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF{63d29472-d43b-11df-8512-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms [2010.10.10 11:00:00 | 000,262,144 | ---- | M] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF [2010.10.10 11:00:00 | 000,262,144 | ---- | C] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF [2010.10.10 11:00:00 | 000,065,536 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{63d29472-d43b-11df-8512-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF{63d29472-d43b-11df-8512-001f3f0c9821}.TM.blf [2010.10.10 11:00:00 | 000,065,536 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{63d29472-d43b-11df-8512-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF{63d29472-d43b-11df-8512-001f3f0c9821}.TM.blf [2010.10.10 11:00:00 | 000,005,120 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF.LOG1 [2010.10.10 11:00:00 | 000,005,120 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF.LOG1 [2010.10.10 11:00:00 | 000,000,000 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF.LOG2 [2010.10.10 11:00:00 | 000,000,000 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF.LOG2 [2010.10.03 11:00:00 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{1045472f-ceb8-11df-8a7e-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF뭽륺{1045472f-ceb8-11df-8a7e-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms [2010.10.03 11:00:00 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{1045472f-ceb8-11df-8a7e-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF뭽륺{1045472f-ceb8-11df-8a7e-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms [2010.10.03 11:00:00 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{1045472f-ceb8-11df-8a7e-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF뭽륺{1045472f-ceb8-11df-8a7e-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms [2010.10.03 11:00:00 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{1045472f-ceb8-11df-8a7e-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF뭽륺{1045472f-ceb8-11df-8a7e-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms [2010.10.03 11:00:00 | 000,262,144 | ---- | M] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF뭽륺 [2010.10.03 11:00:00 | 000,262,144 | ---- | C] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF뭽륺 [2010.10.03 11:00:00 | 000,065,536 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{1045472f-ceb8-11df-8a7e-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF뭽륺{1045472f-ceb8-11df-8a7e-001f3f0c9821}.TM.blf [2010.10.03 11:00:00 | 000,065,536 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{1045472f-ceb8-11df-8a7e-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF뭽륺{1045472f-ceb8-11df-8a7e-001f3f0c9821}.TM.blf [2010.10.03 11:00:00 | 000,005,120 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF뭽륺.LOG1 [2010.10.03 11:00:00 | 000,005,120 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF뭽륺.LOG1 [2010.10.03 11:00:00 | 000,000,000 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF뭽륺.LOG2 [2010.10.03 11:00:00 | 000,000,000 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF뭽륺.LOG2 [2010.09.26 11:00:00 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{6961b212-c946-11df-8220-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF九{6961b212-c946-11df-8220-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms [2010.09.26 11:00:00 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{6961b212-c946-11df-8220-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF九{6961b212-c946-11df-8220-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms [2010.09.26 11:00:00 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{6961b212-c946-11df-8220-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF九{6961b212-c946-11df-8220-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms [2010.09.26 11:00:00 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{6961b212-c946-11df-8220-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF九{6961b212-c946-11df-8220-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms [2010.09.26 11:00:00 | 000,262,144 | ---- | M] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF九 [2010.09.26 11:00:00 | 000,262,144 | ---- | C] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF九 [2010.09.26 11:00:00 | 000,065,536 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{6961b212-c946-11df-8220-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF九{6961b212-c946-11df-8220-001f3f0c9821}.TM.blf [2010.09.26 11:00:00 | 000,065,536 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{6961b212-c946-11df-8220-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF九{6961b212-c946-11df-8220-001f3f0c9821}.TM.blf [2010.09.26 11:00:00 | 000,005,120 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF九.LOG1 [2010.09.26 11:00:00 | 000,005,120 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF九.LOG1 [2010.09.26 11:00:00 | 000,000,000 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF九.LOG2 [2010.09.26 11:00:00 | 000,000,000 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF九.LOG2 [2010.09.19 11:00:00 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{5b9c144d-c3c1-11df-84c6-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GFओ浬{5b9c144d-c3c1-11df-84c6-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms [2010.09.19 11:00:00 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{5b9c144d-c3c1-11df-84c6-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GFओ浬{5b9c144d-c3c1-11df-84c6-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms [2010.09.19 11:00:00 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{5b9c144d-c3c1-11df-84c6-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GFओ浬{5b9c144d-c3c1-11df-84c6-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms [2010.09.19 11:00:00 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{5b9c144d-c3c1-11df-84c6-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GFओ浬{5b9c144d-c3c1-11df-84c6-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms [2010.09.19 11:00:00 | 000,262,144 | ---- | M] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GFओ浬 [2010.09.19 11:00:00 | 000,262,144 | ---- | C] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GFओ浬 [2010.09.19 11:00:00 | 000,065,536 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{5b9c144d-c3c1-11df-84c6-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GFओ浬{5b9c144d-c3c1-11df-84c6-001f3f0c9821}.TM.blf [2010.09.19 11:00:00 | 000,065,536 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{5b9c144d-c3c1-11df-84c6-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GFओ浬{5b9c144d-c3c1-11df-84c6-001f3f0c9821}.TM.blf [2010.09.19 11:00:00 | 000,005,120 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GFओ浬.LOG1 [2010.09.19 11:00:00 | 000,005,120 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GFओ浬.LOG1 [2010.09.19 11:00:00 | 000,000,000 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GFओ浬.LOG2 [2010.09.19 11:00:00 | 000,000,000 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GFओ浬.LOG2 [2010.09.12 11:00:00 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{e799fe22-be42-11df-86b0-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF�㻛{e799fe22-be42-11df-86b0-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms [2010.09.12 11:00:00 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{e799fe22-be42-11df-86b0-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF�㻛{e799fe22-be42-11df-86b0-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms [2010.09.12 11:00:00 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{e799fe22-be42-11df-86b0-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF�㻛{e799fe22-be42-11df-86b0-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms [2010.09.12 11:00:00 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{e799fe22-be42-11df-86b0-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF�㻛{e799fe22-be42-11df-86b0-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms [2010.09.12 11:00:00 | 000,262,144 | ---- | M] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF�㻛 [2010.09.12 11:00:00 | 000,262,144 | ---- | C] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF�㻛 [2010.09.12 11:00:00 | 000,065,536 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{e799fe22-be42-11df-86b0-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF�㻛{e799fe22-be42-11df-86b0-001f3f0c9821}.TM.blf [2010.09.12 11:00:00 | 000,065,536 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{e799fe22-be42-11df-86b0-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF�㻛{e799fe22-be42-11df-86b0-001f3f0c9821}.TM.blf [2010.09.12 11:00:00 | 000,005,120 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF�㻛.LOG1 [2010.09.12 11:00:00 | 000,005,120 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF�㻛.LOG1 [2010.09.12 11:00:00 | 000,000,000 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF�㻛.LOG2 [2010.09.12 11:00:00 | 000,000,000 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF�㻛.LOG2 [2010.09.05 11:00:00 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{f1152553-b8cf-11df-8843-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF䗠{f1152553-b8cf-11df-8843-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms [2010.09.05 11:00:00 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{f1152553-b8cf-11df-8843-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF䗠{f1152553-b8cf-11df-8843-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms [2010.09.05 11:00:00 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{f1152553-b8cf-11df-8843-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF䗠{f1152553-b8cf-11df-8843-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms [2010.09.05 11:00:00 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{f1152553-b8cf-11df-8843-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF䗠{f1152553-b8cf-11df-8843-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms [2010.09.05 11:00:00 | 000,262,144 | ---- | M] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF䗠 [2010.09.05 11:00:00 | 000,262,144 | ---- | C] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF䗠 [2010.09.05 11:00:00 | 000,065,536 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{f1152553-b8cf-11df-8843-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF䗠{f1152553-b8cf-11df-8843-001f3f0c9821}.TM.blf [2010.09.05 11:00:00 | 000,065,536 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{f1152553-b8cf-11df-8843-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF䗠{f1152553-b8cf-11df-8843-001f3f0c9821}.TM.blf [2010.09.05 11:00:00 | 000,005,120 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF䗠.LOG1 [2010.09.05 11:00:00 | 000,005,120 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF䗠.LOG1 [2010.09.05 11:00:00 | 000,000,000 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF䗠.LOG2 [2010.09.05 11:00:00 | 000,000,000 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF䗠.LOG2 [2010.08.29 11:00:00 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{a38765fd-b33e-11df-82b2-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF厼䤵{a38765fd-b33e-11df-82b2-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms [2010.08.29 11:00:00 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{a38765fd-b33e-11df-82b2-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF厼䤵{a38765fd-b33e-11df-82b2-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms [2010.08.29 11:00:00 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{a38765fd-b33e-11df-82b2-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF厼䤵{a38765fd-b33e-11df-82b2-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms [2010.08.29 11:00:00 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{a38765fd-b33e-11df-82b2-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF厼䤵{a38765fd-b33e-11df-82b2-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms [2010.08.29 11:00:00 | 000,262,144 | ---- | M] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF厼䤵 [2010.08.29 11:00:00 | 000,262,144 | ---- | C] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF厼䤵 [2010.08.29 11:00:00 | 000,065,536 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{a38765fd-b33e-11df-82b2-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF厼䤵{a38765fd-b33e-11df-82b2-001f3f0c9821}.TM.blf [2010.08.29 11:00:00 | 000,065,536 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{a38765fd-b33e-11df-82b2-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF厼䤵{a38765fd-b33e-11df-82b2-001f3f0c9821}.TM.blf [2010.08.29 11:00:00 | 000,005,120 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF厼䤵.LOG1 [2010.08.29 11:00:00 | 000,005,120 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF厼䤵.LOG1 [2010.08.29 11:00:00 | 000,000,000 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF厼䤵.LOG2 [2010.08.29 11:00:00 | 000,000,000 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF厼䤵.LOG2 [2010.08.22 11:17:35 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{a5e2ddf1-add5-11df-88ed-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF꾆祥{a5e2ddf1-add5-11df-88ed-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms [2010.08.22 11:17:35 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{a5e2ddf1-add5-11df-88ed-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF꾆祥{a5e2ddf1-add5-11df-88ed-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms [2010.08.22 11:17:35 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{a5e2ddf1-add5-11df-88ed-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF꾆祥{a5e2ddf1-add5-11df-88ed-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms [2010.08.22 11:17:35 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{a5e2ddf1-add5-11df-88ed-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF꾆祥{a5e2ddf1-add5-11df-88ed-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms [2010.08.22 11:17:35 | 000,262,144 | ---- | M] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF꾆祥 [2010.08.22 11:17:35 | 000,262,144 | ---- | C] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF꾆祥 [2010.08.22 11:17:35 | 000,065,536 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{a5e2ddf1-add5-11df-88ed-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF꾆祥{a5e2ddf1-add5-11df-88ed-001f3f0c9821}.TM.blf [2010.08.22 11:17:35 | 000,065,536 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{a5e2ddf1-add5-11df-88ed-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF꾆祥{a5e2ddf1-add5-11df-88ed-001f3f0c9821}.TM.blf [2010.08.22 11:17:35 | 000,005,120 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF꾆祥.LOG1 [2010.08.22 11:17:35 | 000,005,120 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF꾆祥.LOG1 [2010.08.22 11:17:35 | 000,000,000 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF꾆祥.LOG2 [2010.08.22 11:17:35 | 000,000,000 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF꾆祥.LOG2 [2010.08.15 11:00:00 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{20944781-a83d-11df-84ee-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF轺{20944781-a83d-11df-84ee-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms [2010.08.15 11:00:00 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{20944781-a83d-11df-84ee-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF轺{20944781-a83d-11df-84ee-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms [2010.08.15 11:00:00 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{20944781-a83d-11df-84ee-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF轺{20944781-a83d-11df-84ee-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms [2010.08.15 11:00:00 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{20944781-a83d-11df-84ee-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF轺{20944781-a83d-11df-84ee-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms [2010.08.15 11:00:00 | 000,262,144 | ---- | M] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF轺 [2010.08.15 11:00:00 | 000,262,144 | ---- | C] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF轺 [2010.08.15 11:00:00 | 000,065,536 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{20944781-a83d-11df-84ee-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF轺{20944781-a83d-11df-84ee-001f3f0c9821}.TM.blf [2010.08.15 11:00:00 | 000,065,536 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{20944781-a83d-11df-84ee-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF轺{20944781-a83d-11df-84ee-001f3f0c9821}.TM.blf [2010.08.15 11:00:00 | 000,005,120 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF轺.LOG1 [2010.08.15 11:00:00 | 000,005,120 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF轺.LOG1 [2010.08.15 11:00:00 | 000,000,000 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF轺.LOG2 [2010.08.15 11:00:00 | 000,000,000 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF轺.LOG2 [2010.08.08 11:30:02 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{e52c484f-a2bc-11df-9e27-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF귙쒛{e52c484f-a2bc-11df-9e27-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms [2010.08.08 11:30:02 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{e52c484f-a2bc-11df-9e27-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF귙쒛{e52c484f-a2bc-11df-9e27-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms [2010.08.08 11:30:02 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{e52c484f-a2bc-11df-9e27-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF귙쒛{e52c484f-a2bc-11df-9e27-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms [2010.08.08 11:30:02 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{e52c484f-a2bc-11df-9e27-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF귙쒛{e52c484f-a2bc-11df-9e27-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms [2010.08.08 11:30:02 | 000,262,144 | ---- | M] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF귙쒛 [2010.08.08 11:30:02 | 000,262,144 | ---- | C] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF귙쒛 [2010.08.08 11:30:02 | 000,065,536 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{e52c484f-a2bc-11df-9e27-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF귙쒛{e52c484f-a2bc-11df-9e27-001f3f0c9821}.TM.blf [2010.08.08 11:30:02 | 000,065,536 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{e52c484f-a2bc-11df-9e27-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF귙쒛{e52c484f-a2bc-11df-9e27-001f3f0c9821}.TM.blf [2010.08.08 11:30:02 | 000,005,120 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF귙쒛.LOG1 [2010.08.08 11:30:02 | 000,005,120 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF귙쒛.LOG1 [2010.08.08 11:30:02 | 000,000,000 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF귙쒛.LOG2 [2010.08.08 11:30:02 | 000,000,000 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF귙쒛.LOG2 [2010.08.02 06:38:18 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{566ee84d-9df7-11df-9819-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF몥갨{566ee84d-9df7-11df-9819-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms [2010.08.02 06:38:18 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{566ee84d-9df7-11df-9819-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF몥갨{566ee84d-9df7-11df-9819-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms [2010.08.02 06:38:18 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{566ee84d-9df7-11df-9819-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF몥갨{566ee84d-9df7-11df-9819-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms [2010.08.02 06:38:18 | 000,065,536 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{566ee84d-9df7-11df-9819-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF몥갨{566ee84d-9df7-11df-9819-001f3f0c9821}.TM.blf [2010.08.02 06:38:17 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{566ee84d-9df7-11df-9819-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF몥갨{566ee84d-9df7-11df-9819-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms [2010.08.02 06:38:17 | 000,262,144 | ---- | M] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF몥갨 [2010.08.02 06:38:17 | 000,262,144 | ---- | C] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF몥갨 [2010.08.02 06:38:17 | 000,065,536 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{566ee84d-9df7-11df-9819-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF몥갨{566ee84d-9df7-11df-9819-001f3f0c9821}.TM.blf [2010.08.02 06:38:17 | 000,005,120 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF몥갨.LOG1 [2010.08.02 06:38:17 | 000,005,120 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF몥갨.LOG1 [2010.08.02 06:38:17 | 000,000,000 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF몥갨.LOG2 [2010.08.02 06:38:17 | 000,000,000 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF몥갨.LOG2 [2010.07.18 20:19:16 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{8625ffb2-92a0-11df-84d7-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF徊{8625ffb2-92a0-11df-84d7-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms [2010.07.18 20:19:16 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{8625ffb2-92a0-11df-84d7-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF徊{8625ffb2-92a0-11df-84d7-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms [2010.07.18 20:19:16 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{8625ffb2-92a0-11df-84d7-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF徊{8625ffb2-92a0-11df-84d7-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms [2010.07.18 20:19:16 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{8625ffb2-92a0-11df-84d7-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF徊{8625ffb2-92a0-11df-84d7-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms [2010.07.18 20:19:16 | 000,262,144 | ---- | M] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF徊 [2010.07.18 20:19:16 | 000,262,144 | ---- | C] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF徊 [2010.07.18 20:19:16 | 000,065,536 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{8625ffb2-92a0-11df-84d7-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF徊{8625ffb2-92a0-11df-84d7-001f3f0c9821}.TM.blf [2010.07.18 20:19:16 | 000,065,536 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{8625ffb2-92a0-11df-84d7-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF徊{8625ffb2-92a0-11df-84d7-001f3f0c9821}.TM.blf [2010.07.18 20:19:16 | 000,005,120 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF徊.LOG1 [2010.07.18 20:19:16 | 000,005,120 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF徊.LOG1 [2010.07.18 20:19:16 | 000,000,000 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF徊.LOG2 [2010.07.18 20:19:16 | 000,000,000 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF徊.LOG2 [2010.07.11 11:00:00 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{6b070724-8cb5-11df-99e3-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF怽{6b070724-8cb5-11df-99e3-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms [2010.07.11 11:00:00 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{6b070724-8cb5-11df-99e3-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF怽{6b070724-8cb5-11df-99e3-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms [2010.07.11 11:00:00 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{6b070724-8cb5-11df-99e3-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF怽{6b070724-8cb5-11df-99e3-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms [2010.07.11 11:00:00 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{6b070724-8cb5-11df-99e3-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF怽{6b070724-8cb5-11df-99e3-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms [2010.07.11 11:00:00 | 000,262,144 | ---- | M] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF怽 [2010.07.11 11:00:00 | 000,262,144 | ---- | C] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF怽 [2010.07.11 11:00:00 | 000,065,536 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{6b070724-8cb5-11df-99e3-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF怽{6b070724-8cb5-11df-99e3-001f3f0c9821}.TM.blf [2010.07.11 11:00:00 | 000,065,536 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{6b070724-8cb5-11df-99e3-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF怽{6b070724-8cb5-11df-99e3-001f3f0c9821}.TM.blf [2010.07.11 11:00:00 | 000,005,120 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF怽.LOG1 [2010.07.11 11:00:00 | 000,005,120 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF怽.LOG1 [2010.07.11 11:00:00 | 000,000,000 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF怽.LOG2 [2010.07.11 11:00:00 | 000,000,000 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF怽.LOG2 [2010.07.04 17:48:31 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{24804ccc-878b-11df-88e6-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF䔫�{24804ccc-878b-11df-88e6-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms [2010.07.04 17:48:31 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{24804ccc-878b-11df-88e6-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF䔫�{24804ccc-878b-11df-88e6-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms [2010.07.04 17:48:31 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{24804ccc-878b-11df-88e6-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\屢GF䔫�{24804ccc-878b-11df-88e6-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms [2010.07.04 17:48:31 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{24804ccc-878b-11df-88e6-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\屢GF䔫�{24804ccc-878b-11df-88e6-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms [2010.07.04 17:48:31 | 000,262,144 | ---- | M] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF䔫� [2010.07.04 17:48:31 | 000,262,144 | ---- | C] ()(C:\Windows\SysWow64\?G?F??) -- C:\Windows\SysWow64\屢GF䔫� [2010.07.04 17:48:31 | 000,065,536 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??{24804ccc-878b-11df-88e6-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF䔫�{24804ccc-878b-11df-88e6-001f3f0c9821}.TM.blf [2010.07.04 17:48:31 | 000,065,536 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??{24804ccc-878b-11df-88e6-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\屢GF䔫�{24804ccc-878b-11df-88e6-001f3f0c9821}.TM.blf [2010.07.04 17:48:31 | 000,005,120 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF䔫�.LOG1 [2010.07.04 17:48:31 | 000,005,120 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG1) -- C:\Windows\SysWow64\屢GF䔫�.LOG1 [2010.07.04 17:48:31 | 000,000,000 | -HS- | M] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF䔫�.LOG2 [2010.07.04 17:48:31 | 000,000,000 | -HS- | C] ()(C:\Windows\SysWow64\?G?F??.LOG2) -- C:\Windows\SysWow64\屢GF䔫�.LOG2 [2010.07.03 13:25:15 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?F??{64fcd9cd-869d-11df-8a98-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\F㚵脏{64fcd9cd-869d-11df-8a98-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms [2010.07.03 13:25:15 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?F??{64fcd9cd-869d-11df-8a98-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\F㚵脏{64fcd9cd-869d-11df-8a98-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms [2010.07.03 13:25:15 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?F??{64fcd9cd-869d-11df-8a98-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\F㚵脏{64fcd9cd-869d-11df-8a98-001f3f0c9821}.TMContainer00000000000000000002.regtrans-ms [2010.07.03 13:25:15 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?F??{64fcd9cd-869d-11df-8a98-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\F㚵脏{64fcd9cd-869d-11df-8a98-001f3f0c9821}.TMContainer00000000000000000001.regtrans-ms [2010.07.03 13:25:15 | 000,262,144 | ---- | M] ()(C:\Windows\SysWow64\?F??) -- C:\Windows\SysWow64\F㚵脏 [2010.07.03 13:25:15 | 000,262,144 | ---- | C] ()(C:\Windows\SysWow64\?F??) -- C:\Windows\SysWow64\F㚵脏 [2010.07.03 13:25:15 | 000,065,536 | -HS- | M] ()(C:\Windows\SysWow64\?F??{64fcd9cd-869d-11df-8a98-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\F㚵脏{64fcd9cd-869d-11df-8a98-001f3f0c9821}.TM.blf [2010.07.03 13:25:15 | 000,065,536 | -HS- | C] ()(C:\Windows\SysWow64\?F??{64fcd9cd-869d-11df-8a98-001f3f0c9821}.TM.blf) -- C:\Windows\SysWow64\F㚵脏{64fcd9cd-869d-11df-8a98-001f3f0c9821}.TM.blf [2010.07.03 13:25:15 | 000,005,120 | -HS- | M] ()(C:\Windows\SysWow64\?F??.LOG1) -- C:\Windows\SysWow64\F㚵脏.LOG1 [2010.07.03 13:25:15 | 000,005,120 | -HS- | C] ()(C:\Windows\SysWow64\?F??.LOG1) -- C:\Windows\SysWow64\F㚵脏.LOG1 [2010.07.03 13:25:15 | 000,000,000 | -HS- | M] ()(C:\Windows\SysWow64\?F??.LOG2) -- C:\Windows\SysWow64\F㚵脏.LOG2 [2010.07.03 13:25:15 | 000,000,000 | -HS- | C] ()(C:\Windows\SysWow64\?F??.LOG2) -- C:\Windows\SysWow64\F㚵脏.LOG2 ========== Alternate Data Streams ========== @Alternate Data Stream - 16 bytes -> C:\Users\Yzerman\Desktop\OTL.exe:BDU @Alternate Data Stream - 16 bytes -> C:\Users\Yzerman\Desktop\Defogger.exe:BDU < End of report > |
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!! Code: :OTLDas Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann! |
Hier das OTL File nach Fix: Code: All processes killed |
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern ) http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif |
So hier das Kaspersky File. Hat nichts gefunden. Das springen in die Suchmaske habe ich aber immer noch. Code: 20:54:26.0235 4792 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16 |
Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
|
Hallo Arne, hier das Combo File Log für Dich: Combofix Logfile: Code: ComboFix 12-01-10.02 - Yzerman 10.01.2012 19:49:52.2.4 - x64 |
Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
|
Hallo Arne, hier das File. Gruss Stephan. es wird wieder schlimmer... springt dauernd in dei suchmaske... Code: aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software |
Zitat:
|
Hallo Arne, möchte ich Eingaben in Textfenstern wie auch hier z.B. im Board tätigen springt der Cursor teilweise immer oben in die Suchleiste des Browsers. Das meinte ich. Auch bei Eingaben in Suchmaschinen oder in der Browserleiste habe ich diese Problem Übrigens habe ich bei dem Avast Scan keinen Fix Button gedrückt, hatte ich noch vergessen zu sagen. Gruss Stephan |
Sieht soweit ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
|
Hallo Arne, werde ich machen, aber es beunruhigt mich das Du sagst sieht soweit alles ok aus... Weil dauernd springt der Cursor bei Eingaben in die Suchmaske und ich finde wenn ich meinen temporären Internetspeicher leere habe ich extrem viele Dateien, was ich früher nie hatte... gerade eben noch mal geleert die temporären Internetdateien und es waren mehrere Tausend... obwohl ich gerade mal auf 5 Internetseiten seit meinem letzten Leeren der Temporären Internetdateien war... Ich führe dann jetzt nochmals die Vollscans durch und poste die Logs hier. Gruss Stephan |
Zitat:
|
Hallo Arne, habe alle drei Scanner durchlaufen lassen, bei malwarebyte und super anti spyware kam nichts. Elset hat vier Bedrohungen gefunden. Aber wenn ich das Elset File aufmachen will, ist es das alte vom 07.01. habe mir die Pfade der Bedrohungen mit hardcopy aber als Bild gespeichert. was soll ich jetzt tun. übrigens habe die Threats nicht entfernt. Gruss Stephan |
Scroll doch mal nach unten, ESET hängt die neuen Logs immer der Textdatei unten an |
Hallo Arne, hier nun das File, habe es einfach nochmal gestartet :-) Habe noch nichts selber bereinigt. Gruss Stephan Code: ESETSmartInstaller@High as CAB hook log: |
SInd Fehlalarm. Abgesehen vom Cursor-Springen alles ok? Das Cursor-Hüpfen hast du immer auch im abgesicherten Modus? |
Ob ich es im abgesicherten Modus habe weiss ich nicht. aber kann doch auch im abgesicherten alarm nicht den Browser öffnen oder? wie starte ich den abgesicherten modus wenn F8 während des Startens nicht klappt weil ich usb Tastatur und Maus habe? Gruss Stephan P.S. also diese Threats von ESET auch nicht löschen? |
ach ja abgesehen vom Cursor springen alles ok. Wo er richtig Ärger macht ist wenn ich Facebook aufmache. wenn ich da ne PN schreiben möchte, hakt er immer wieder, ist total langsam... |
Probier es doch einfach mal aus im abgesicherten und beantworte die Frage. Sonst kommen wir nicht weiter |
Im abgesicherten Modus war alles so weit in Ordnung. Habe mal IE aufgemacht (der zwar nicht ging, aber ist ja auch klar) und oben in der Adressleiste mehrfach was eingegeben, dabei ist er nicht mit dem Cursor in die Suchmaske gesprungen. In Excel hat er im abgesicherten Modus auch einwandfrei funktioniert. |
Hast du ein besonderes Maus/Tastatur-Set, musst du Treiber dafür installieren? Wenn ja mal deinstallieren |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 17:59 Uhr. |
Copyright ©2000-2025, Trojaner-Board
