Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Start Windows 7 white Screen dann leerer Desktop abgesichterer Modus geht normal

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 05.08.2012, 14:05   #1
itszhsn
 
Start Windows 7 white Screen dann leerer Desktop abgesichterer Modus geht normal - Standard

Start Windows 7 white Screen dann leerer Desktop abgesichterer Modus geht normal



Hallo ich bin neu hier und hab halt ein Problem und wollte hier um Hilfe bitten,
Ich hab Windows 7 und als ich gestern im Netz war kam ein White Screen danach schaltete er sich automatisch ab. Beim neustarten konnte ich mich ganz normal einloggen doch dann kam der Whitescreen und eine Meldung danach kommt aber immer der Leerer Desktop, Task Manager geht Abgesichter Modus geht so ein Thred gibt es scho hier zb . http://www.trojaner-board.de/120788-...-anzeigen.html doch ich hab alles nachgemacht komm aber nicht bei der Box weiter was ich da halt fixen muss .

Ich hab jetzt alles mal gescant und hab 2 Sachen erhalten :

Einmal OTL.txt :
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 8/5/2012 2:38:51 PM - Run 1
OTL by OldTimer - Version 3.2.56.0     Folder = C:\Users\Hasan\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3.98 Gb Total Physical Memory | 2.92 Gb Available Physical Memory | 73.46% Memory free
7.96 Gb Paging File | 6.93 Gb Available in Paging File | 87.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919.26 Gb Total Space | 829.24 Gb Free Space | 90.21% Space Free | Partition Type: NTFS
Drive D: | 12.16 Gb Total Space | 1.49 Gb Free Space | 12.28% Space Free | Partition Type: NTFS
Drive E: | 4.38 Gb Total Space | 4.24 Gb Free Space | 96.96% Space Free | Partition Type: UDF
Drive J: | 1.58 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: HASAN-HP | User Name: Hasan | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Hasan\Desktop\OTL.exe (OldTimer Tools)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Hasan\AppData\Local\Google\Chrome\USERDA~1\Default\EXTENS~1\DHKPLH~1\1.7_0\BABYLO~1.DLL ()
MOD - C:\Users\Hasan\AppData\Roaming\BabylonToolbar\CR\BUSolution.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\STacSV64.exe (IDT, Inc.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (HPAuto) -- C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe (Hewlett-Packard)
SRV:64bit: - (HPClientSvc) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (AESTFilters) -- C:\Program Files\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (syshost32) -- C:\Windows\Installer\{8A1CE765-70F9-308B-172E-191DF63D1250}\syshost.exe (Samsung)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (Hewlett-Packard Company)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (VCam_WDM) -- C:\Windows\SysNative\drivers\VCam_WDM.sys (e2eSoft)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (mcaudrv_simple) -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys (ManyCam LLC)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (ManyCam) -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys (ManyCam LLC)
DRV:64bit: - (pmxdrv) -- C:\Windows\SysNative\drivers\pmxdrv.sys ()
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (tixhci) -- C:\Windows\SysNative\drivers\tixhci.sys (Texas Instruments Incorporated)
DRV:64bit: - (tihub3) -- C:\Windows\SysNative\drivers\tihub3.sys (Texas Instruments Incorporated)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (OxSer) -- C:\Windows\SysNative\drivers\OxSer.sys (OEM)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (V0330VID) -- C:\Windows\SysNative\drivers\V0330Vid.sys (Creative Technology Ltd.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (PCWinSoft) -- C:\Windows\SysNative\drivers\scrcamlrdrv_x64.sys (Windows (R) Server 2003 DDK provider)
DRV:64bit: - (mcdbus) -- C:\Windows\SysNative\drivers\mcdbus.sys (MagicISO, Inc.)
DRV:64bit: - (OxPPort) -- C:\Windows\SysNative\drivers\OxPPort.sys (OEM)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (mcdbus) -- C:\Windows\SysWOW64\drivers\mcdbus.sys (MagicISO, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/28
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/28
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CMDTDF
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMDTDF
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-5/4?satitle={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{F625FDB0-9AA1-4969-B902-A345E6A8D8CE}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/28
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/28
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CMDTDF
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMDTDF
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-5/4?satitle={searchTerms}
IE - HKLM\..\SearchScopes\{F625FDB0-9AA1-4969-B902-A345E6A8D8CE}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/28
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=112542&tt=010812_hplgoff_3112_1&babsrc=HP_ss&mntrId=96ad0afd000000000000386077b87e7b
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=112542&tt=010812_hplgoff_3112_1&babsrc=SP_ss&mntrId=96ad0afd000000000000386077b87e7b
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMDTDF
IE - HKCU\..\SearchScopes\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD}: "URL" = hxxp://eu.ask.com/web?l=dis&o=APN10630&gct=sb&qsrc=2869&apn_dtid=^YYYYYY^YY^AT&apn_ptnrs=^AE2&apn_uid=0325063925894589&p2=^AE2^YYYYYY^YY^AT&q={searchTerms}
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-5/4?satitle={searchTerms}
IE - HKCU\..\SearchScopes\{F625FDB0-9AA1-4969-B902-A345E6A8D8CE}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/?affID=112542&tt=010812_hplgoff_3112_1&babsrc=HP_ss&mntrId=96ad0afd000000000000386077b87e7b"
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?affID=112542&tt=010812_hplgoff_3112_1&babsrc=KW_ss&mntrId=96ad0afd000000000000386077b87e7b&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Hasan\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/21 23:47:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012/05/15 18:41:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hasan\AppData\Roaming\mozilla\Extensions
[2012/08/02 01:15:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hasan\AppData\Roaming\mozilla\Firefox\Profiles\b0ehi8gq.default\extensions
[2012/07/16 21:24:01 | 000,000,000 | ---D | M] (Search Results Toolbar) -- C:\Users\Hasan\AppData\Roaming\mozilla\Firefox\Profiles\b0ehi8gq.default\extensions\{6f895323-a0d1-4844-b5d1-89e3962fa2b2}
[2012/06/23 15:09:45 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Hasan\AppData\Roaming\mozilla\Firefox\Profiles\b0ehi8gq.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012/07/07 13:19:26 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Hasan\AppData\Roaming\mozilla\Firefox\Profiles\b0ehi8gq.default\extensions\toolbar@ask.com
[2012/05/15 18:41:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012/07/24 19:03:42 | 000,413,408 | ---- | M] () (No name found) -- C:\USERS\HASAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\B0EHI8GQ.DEFAULT\EXTENSIONS\{C45C406E-AB73-11D8-BE73-000A95BE3B12}.XPI
[2012/07/21 23:47:53 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/07/21 23:47:48 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/07/16 21:24:02 | 000,002,274 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\ask.xml
[2012/08/02 01:15:22 | 000,002,364 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012/07/21 23:47:48 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/07/21 23:47:48 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/07/21 23:47:48 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/07/21 23:47:48 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/07/21 23:47:48 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://search.babylon.com/?affID=112542&tt=010812_hplgoff_3112_1&babsrc=HP_ss&mntrId=96ad0afd000000000000386077b87e7b
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Hasan\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Hasan\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Hasan\AppData\Local\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - Extension: Ask Toolbar = C:\Users\Hasan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaodnbkkemkkaekocofmphoadofkdh\7.15.4.24117_0\
CHR - Extension: Web Developer = C:\Users\Hasan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm\0.4.1_0\
CHR - Extension: YouTube = C:\Users\Hasan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Hasan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Babylon Toolbar = C:\Users\Hasan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.7_0\
CHR - Extension: Facebook Autolike = C:\Users\Hasan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnmoffkbpmaikkcdaponiiakfojdjacp\1.0_0\
CHR - Extension: Google Mail = C:\Users\Hasan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2012/05/25 23:28:32 | 000,000,718 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Search Results Toolbar) - {6f895323-a0d1-4844-b5d1-89e3962fa2b2} - C:\Program Files (x86)\searchresults7\searchresultsDx.dll (Ask.com)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Search Results Toolbar) - {6f895323-a0d1-4844-b5d1-89e3962fa2b2} - C:\Program Files (x86)\searchresults7\searchresultsDx.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [4StoryPrePatch] C:\Program Files (x86)\Gameforge4D\4Story_DE\PrePatch.exe (Zemi Interactive Inc.)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe (Hewlett-Packard)
O4 - HKLM..\Run: [File Sanitizer] c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe File not found
O4 - HKLM..\Run: [HP KEYBOARDx] C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE (Hewlett-Packard)
O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard)
O4 - HKLM..\Run: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe (Hewlett-Packard)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [V0330Mon.exe] C:\Windows\V0330Mon.exe (Creative Technology Ltd.)
O4 - HKCU..\Run: [] C:\Users\Hasan\AppData\Local\Temp\ezeyekhbko.exe (XEROX)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [Facebook Update] C:\Users\Hasan\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [ManyCam] C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe (ManyCam LLC)
O4 - HKCU..\Run: [msnmsgr] "C:\Program Files (x86)\MSN Messenger\MsnMsgr.Exe" /background File not found
O4 - Startup: C:\Users\Hasan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Hasan\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Hasan\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105 File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{01E32558-04E0-47CB-9B2E-2427C0BF0AF6}: DhcpNameServer = 194.48.124.202 194.48.124.200
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4FEC8B8A-844A-4648-BBA6-77D1D4CFCE20}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/02/10 08:27:47 | 000,000,063 | R--- | M] () - J:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/08/05 14:38:07 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Hasan\Desktop\OTL.exe
[2012/08/05 00:48:14 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{5ADD9703-0938-4983-BE15-21426345892A}
[2012/08/05 00:47:53 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{57F68B9E-B5FF-4E8A-8ABE-FA5B56731A34}
[2012/08/03 01:10:21 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{7CC89465-27CC-43AD-BBA7-8D5E0AF05412}
[2012/08/03 01:10:00 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{709EE5F8-6F4C-4F79-A830-BB563039B320}
[2012/08/02 19:42:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ManyCam
[2012/08/02 13:09:49 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{25A14C24-115B-4743-A4B9-360970F10CE8}
[2012/08/02 13:09:39 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{68825BD3-17BF-4AC0-A390-1ED1815C70F2}
[2012/08/02 01:15:45 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HyperCam 2
[2012/08/02 01:15:45 | 000,000,000 | ---D | C] -- C:\Program Files\HyperCam 2
[2012/08/02 01:15:39 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Roaming\BabylonToolbar
[2012/08/02 01:15:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BabylonToolbar
[2012/08/02 01:15:16 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Roaming\Babylon
[2012/08/02 01:15:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012/08/01 22:56:45 | 000,000,000 | ---D | C] -- C:\Users\Hasan\Desktop\Multi-Connector1.1
[2012/08/01 15:53:27 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{28BFCE1E-D883-4416-8C9C-891A79D3D3A4}
[2012/08/01 15:53:12 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{3A6EBDDD-A536-4508-84AB-1C7AB7B4227E}
[2012/08/01 01:02:00 | 000,000,000 | ---D | C] -- C:\Users\Hasan\Desktop\Originals
[2012/07/31 21:05:08 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{159B3B5D-A9C6-4D54-90AB-A27F571892EC}
[2012/07/31 21:04:47 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{FF1B64E1-599B-47EF-BCAC-A1F6625D08D4}
[2012/07/30 17:09:42 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{8A2A63B4-4D80-4DDE-BE6E-FB4EA9A96D57}
[2012/07/30 17:09:21 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{7E5CE4C6-5036-4490-9BAE-E50BA4C11417}
[2012/07/30 02:13:40 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{3E10D924-3BDC-4355-971A-B740D0FCE0E2}
[2012/07/30 02:13:19 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{1A89631F-5958-4CBD-A308-256703E7611D}
[2012/07/30 01:39:18 | 000,000,000 | R--D | C] -- C:\Users\Hasan\Desktop\Videos
[2012/07/29 23:31:27 | 000,000,000 | ---D | C] -- C:\Users\Hasan\Desktop\Programme
[2012/07/29 23:31:17 | 000,000,000 | ---D | C] -- C:\Users\Hasan\Desktop\Sachen
[2012/07/29 22:02:34 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Roaming\TS3Client
[2012/07/29 22:02:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
[2012/07/29 22:02:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamSpeak 3 Client
[2012/07/29 14:12:40 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{4113691A-3B75-4EDE-90DA-290FF82ADA47}
[2012/07/29 14:12:18 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{C4773A9E-32D7-4C53-BC99-57C1E190B471}
[2012/07/29 02:12:06 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{6F7D28C4-4998-4FCA-B5AB-580B76D71599}
[2012/07/29 02:11:44 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{1AB74AAC-EB01-46E0-AA5D-24F26A670F73}
[2012/07/28 14:11:22 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{8456CACF-BDE2-4C4E-A4DE-55E1F28B6B2F}
[2012/07/28 14:11:00 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{00F0E8B7-6F72-4A1C-907A-85FE1AECB568}
[2012/07/28 02:10:48 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{B1CDDB69-B683-4068-AA0E-41095B0B6DD9}
[2012/07/28 02:10:27 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{72B4D5F5-480A-4C20-9689-F4C11120BCA9}
[2012/07/28 01:40:34 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\Microsoft Games
[2012/07/26 02:08:17 | 000,000,000 | ---D | C] -- C:\Users\Hasan\Documents\Unbenannte Site 2
[2012/07/26 01:56:35 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Roaming\PDAppFlex
[2012/07/26 01:45:34 | 000,000,000 | ---D | C] -- C:\Users\Hasan\Adobe Dreamweaver CS6
[2012/07/26 01:44:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Download Assistant
[2012/07/26 01:25:53 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/07/25 21:20:38 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Roaming\FileZilla
[2012/07/25 21:20:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
[2012/07/25 21:20:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client
[2012/07/25 00:45:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
[2012/07/25 00:45:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012/07/24 23:56:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CamStudio
[2012/07/24 23:56:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CamStudio
[2012/07/24 11:31:52 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{4D8D930D-F207-4E3F-9E69-11B4E6EEC7E7}
[2012/07/24 11:31:40 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{36B0E413-3D08-43A3-A6A7-BD69E81ABE9A}
[2012/07/23 15:28:49 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{1898ADF7-F218-4D8B-AE96-1B7C4392FBD4}
[2012/07/23 15:28:28 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{0D47F3FB-B1D1-446E-B815-032FE959D3BD}
[2012/07/23 03:28:15 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{5916EFA4-C072-49B4-A3EB-3E587C054DA4}
[2012/07/23 03:27:51 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{37C8340E-A5A5-4056-A03B-153E9D315E1B}
[2012/07/22 15:27:39 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{31BFB867-5022-4FB9-BA6C-81F5D53534C4}
[2012/07/22 15:27:29 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{DD916C18-EBB4-4DB0-A7FA-008DC5583B2A}
[2012/07/21 22:50:48 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{8C10D91D-2B5B-4B38-B1C4-97301E9A8697}
[2012/07/21 22:50:38 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{8405A8A4-0F97-42CB-AB21-C8E759D636A8}
[2012/07/21 22:49:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2012/07/21 17:48:20 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{47385DC7-0AB8-4901-9E04-E3B14BAB1013}
[2012/07/21 17:47:59 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{5A0E4F8C-F4AF-45BB-9E15-3CA017798A7D}
[2012/07/20 15:51:38 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{A9FD05A7-BCF4-4201-AED4-5DB918256C71}
[2012/07/20 15:51:26 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{79322B56-BE36-4D41-B66F-06770DAAD19A}
[2012/07/20 03:19:04 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{B187B9EF-200B-4666-9672-D93CD4B5AB06}
[2012/07/20 03:18:54 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{4E1F4D8B-496F-48B0-8318-B09A586B1A00}
[2012/07/19 18:26:12 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\fontconfig
[2012/07/19 18:26:11 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\gegl-0.2
[2012/07/19 18:26:11 | 000,000,000 | ---D | C] -- C:\Users\Hasan\.gimp-2.8
[2012/07/19 18:25:29 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2
[2012/07/19 15:09:59 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{2D343FC7-5462-4F5C-A971-F7015DFED365}
[2012/07/19 15:09:36 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{B1F8A5FC-AF8A-4298-8C6B-C74AEC933273}
[2012/07/19 02:35:22 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{E4285FAF-A47F-4C5F-BDAC-A11291FA2DD3}
[2012/07/19 02:35:01 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{1AB7B756-E749-4F1C-9026-7CBB6FE024CB}
[2012/07/18 14:34:50 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{0E629838-A0AC-4DC2-90FF-38C206B177E7}
[2012/07/18 14:34:40 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{63435A9F-FDB7-4567-9D9B-F4979AB435CA}
[2012/07/18 02:15:57 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{1CA24466-3668-4247-A926-8452B1B57AD4}
[2012/07/18 02:15:36 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{1ECB46B2-34B2-479F-AF43-E4234C9D9173}
[2012/07/17 14:15:13 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{B61A7FFA-D63A-4B94-90EA-20A6E60F32A7}
[2012/07/17 02:14:40 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{1C834213-0DCA-4D5A-9639-801764BABEB6}
[2012/07/17 02:14:30 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{329BB924-8C3B-4541-8E3A-6C3F10972398}
[2012/07/16 21:27:37 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Roaming\Tinychat
[2012/07/16 21:24:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tinychat
[2012/07/16 21:24:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tinychat
[2012/07/16 21:23:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\searchresults7
[2012/07/16 14:14:07 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{1CE463C0-D0D0-4E19-BAB8-62BC9A251D25}
[2012/07/15 20:13:25 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{31B85B1D-A190-46D5-97E7-46CF5ADE1DD5}
[2012/07/15 20:13:15 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{9A975B2F-DFF3-4127-80B1-42FF96905B43}
[2012/07/13 15:01:17 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{782B7C2C-DAFC-4E3F-B9CD-5F233D49F7FA}
[2012/07/13 01:46:31 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{66660F43-5618-493E-9F43-AD1F1386E375}
[2012/07/12 12:59:48 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{05EECE62-9759-48CA-867E-E7B3D302A6AA}
[2012/07/12 12:59:37 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{3844BF78-B4C2-4467-9FB3-5FAA87656AC6}
[2012/07/12 02:26:25 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/07/12 02:26:25 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/07/12 02:26:25 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/07/12 02:26:25 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/07/12 02:26:24 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/07/12 02:26:24 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/07/12 02:26:24 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/07/12 02:26:24 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/07/12 02:26:23 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/07/12 02:26:22 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/07/12 02:26:22 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/07/12 02:26:22 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/07/12 02:26:22 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/07/11 22:48:41 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{CA84F0AE-D45F-4F56-90EA-DB90756C7788}
[2012/07/11 10:48:09 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{A22F3D48-4488-4037-BFF8-96FE929B906A}
[2012/07/11 07:31:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012/07/11 07:31:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012/07/11 07:31:15 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012/07/11 07:31:12 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/07/11 07:31:12 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012/07/11 07:31:10 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012/07/11 07:31:09 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012/07/11 03:00:41 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe
[2012/07/10 22:47:36 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{E6276D7C-555D-40A5-9762-30F26344B02F}
[2012/07/10 20:02:25 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2012/07/10 19:54:22 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012/07/10 19:53:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012/07/10 19:52:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Media Player
[2012/07/10 19:52:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2012/07/10 10:47:02 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{812E6B8C-2027-442A-A986-848C7D084781}
[2012/07/10 10:46:52 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{EF48C423-FB01-4809-9322-09319CF26E93}
[2012/07/09 23:27:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SubscribeWinManual
[2012/07/09 23:27:23 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SubscribeWin
[2012/07/09 13:21:33 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{84FE4ED8-B384-4FF1-B81D-B2EF8EF8885D}
[2012/07/09 13:21:23 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{8B572D86-6D41-4096-B021-B96EC02DD0F2}
[2012/07/09 00:07:53 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{921B9F9A-E79C-4036-A1B7-06DD03A4267B}
[2012/07/09 00:07:31 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{BAE7F533-C021-4FC6-A870-7C73BC8A702B}
[2012/07/08 01:11:08 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{D32ACB7E-8123-415F-80AD-FE042B6AD2A4}
[2012/07/08 01:10:52 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{9D7B3FDC-9E10-4463-B97E-9C9BB348944B}
[2012/07/07 13:20:00 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\ManyCam
[2012/07/07 13:20:00 | 000,000,000 | ---D | C] -- C:\ProgramData\ManyCam
[2012/07/07 13:19:59 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Roaming\ManyCam
[2012/07/07 13:19:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
[2012/07/07 13:10:29 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{32147400-E5C5-4A9C-AE69-C1CCDDC4DEE3}
[2012/07/06 22:12:30 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{0F510498-6011-4AAB-9008-C8F95FED5F13}
 
========== Files - Modified Within 30 Days ==========
 
[2012/08/05 14:37:31 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Hasan\Desktop\OTL.exe
[2012/08/05 14:36:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/05 14:36:29 | 3205,750,784 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/05 14:34:00 | 000,001,138 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3434772256-3054764370-1773770708-1002UA.job
[2012/08/05 04:29:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/05 03:19:32 | 000,110,537 | ---- | M] () -- C:\Users\Hasan\Desktop\hasaaan.jpg
[2012/08/05 01:41:49 | 000,027,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/05 01:41:49 | 000,027,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/05 00:59:32 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3434772256-3054764370-1773770708-1002Core.job
[2012/08/04 18:20:18 | 000,088,007 | ---- | M] () -- C:\Users\Hasan\Desktop\SD.png
[2012/08/04 18:19:27 | 000,058,368 | -H-- | M] () -- C:\Users\Hasan\Desktop\photothumb.db
[2012/08/04 17:18:22 | 000,071,059 | ---- | M] () -- C:\Users\Hasan\Desktop\562807_370809989656901_1234293370_n.jpg
[2012/08/04 15:09:07 | 064,144,603 | ---- | M] () -- C:\Users\Hasan\Desktop\Bushido Chakuza Eko Fresh - Vendetta HD.mp4
[2012/08/04 14:30:48 | 073,956,886 | ---- | M] () -- C:\Users\Hasan\Desktop\Farid Bang - KEINE TRÄNE [ OFFICIAL HQ VIDEO ].mp4
[2012/08/04 01:12:17 | 001,217,607 | ---- | M] () -- C:\Users\Hasan\Desktop\YouTubeDesign (1).psd
[2012/08/04 01:09:34 | 000,000,132 | ---- | M] () -- C:\Users\Hasan\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/08/04 00:43:52 | 000,315,727 | ---- | M] () -- C:\Users\Hasan\Desktop\YouTubeDesign (1).jpg
[2012/08/04 00:17:35 | 067,016,797 | ---- | M] () -- C:\Users\Hasan\Desktop\Eko Fresh feat Bushido - Diese Zwei.mp4
[2012/08/04 00:17:03 | 000,048,094 | ---- | M] () -- C:\Users\Hasan\Desktop\302411_396647383730381_1472445167_n.jpg
[2012/08/03 20:18:00 | 000,033,394 | ---- | M] () -- C:\Users\Hasan\Desktop\376244_400094576704528_98968371_n.jpg
[2012/08/03 16:39:28 | 000,049,143 | ---- | M] () -- C:\Users\Hasan\Desktop\Unbe2nannt.jpg
[2012/08/03 16:29:26 | 000,177,770 | ---- | M] () -- C:\Users\Hasan\Desktop\Unbe2nannt.png
[2012/08/03 16:01:02 | 000,499,943 | ---- | M] () -- C:\Users\Hasan\Desktop\Unbenannt.png
[2012/08/03 01:40:29 | 000,105,824 | ---- | M] () -- C:\Users\Hasan\Desktop\298932_283558561660464_3026746_n.jpg
[2012/08/03 01:39:39 | 000,087,083 | ---- | M] () -- C:\Users\Hasan\Desktop\303178_283559654993688_3472297_n.jpg
[2012/08/02 23:29:18 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/08/02 23:29:18 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/08/02 19:42:19 | 000,001,083 | ---- | M] () -- C:\Users\Public\Desktop\ManyCam.lnk
[2012/08/02 19:36:59 | 030,588,416 | ---- | M] () -- C:\Users\Hasan\Desktop\as.avi
[2012/08/02 02:28:28 | 000,017,814 | ---- | M] () -- C:\Users\Hasan\Desktop\598467_445013055516595_304178624_n.jpg
[2012/08/02 02:23:43 | 000,082,978 | ---- | M] () -- C:\Users\Hasan\Desktop\284733_227562447288329_8062195_n.jpg
[2012/08/02 01:30:40 | 000,004,096 | ---- | M] () -- C:\graph.grf
[2012/08/02 01:25:44 | 003,165,951 | ---- | M] () -- C:\Users\Hasan\Desktop\Sexy Girl On Web Cam (  Y  ).wmv
[2012/08/02 01:15:45 | 000,000,937 | ---- | M] () -- C:\Users\Hasan\Desktop\HyperCam 2.lnk
[2012/08/02 01:15:37 | 000,000,319 | ---- | M] () -- C:\user.js
[2012/08/01 16:57:15 | 000,070,214 | ---- | M] () -- C:\Users\Hasan\Desktop\306336_457323334299711_1458944365_n.jpg
[2012/08/01 01:02:00 | 000,177,305 | ---- | M] () -- C:\Users\Hasan\Desktop\40930_153596414656680_1407373_n.jpg
[2012/08/01 00:27:58 | 000,030,107 | ---- | M] () -- C:\Users\Hasan\Desktop\561120_348432891893517_1205270673_n.jpg
[2012/07/25 00:42:28 | 000,004,634 | ---- | M] () -- C:\Users\Hasan\AppData\Local\recently-used.xbel
[2012/07/12 12:43:45 | 004,970,672 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/10 23:23:13 | 000,138,460 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat
 
========== Files Created - No Company Name ==========
 
[2012/08/05 03:19:17 | 000,110,537 | ---- | C] () -- C:\Users\Hasan\Desktop\hasaaan.jpg
[2012/08/04 18:19:17 | 000,088,007 | ---- | C] () -- C:\Users\Hasan\Desktop\SD.png
[2012/08/04 17:18:24 | 000,071,059 | ---- | C] () -- C:\Users\Hasan\Desktop\562807_370809989656901_1234293370_n.jpg
[2012/08/04 16:02:42 | 064,144,603 | ---- | C] () -- C:\Users\Hasan\Desktop\Bushido Chakuza Eko Fresh - Vendetta HD.mp4
[2012/08/04 14:23:46 | 073,956,886 | ---- | C] () -- C:\Users\Hasan\Desktop\Farid Bang - KEINE TRÄNE [ OFFICIAL HQ VIDEO ].mp4
[2012/08/04 00:53:26 | 001,217,607 | ---- | C] () -- C:\Users\Hasan\Desktop\YouTubeDesign (1).psd
[2012/08/04 00:43:54 | 000,315,727 | ---- | C] () -- C:\Users\Hasan\Desktop\YouTubeDesign (1).jpg
[2012/08/04 00:17:06 | 000,048,094 | ---- | C] () -- C:\Users\Hasan\Desktop\302411_396647383730381_1472445167_n.jpg
[2012/08/04 00:12:52 | 067,016,797 | ---- | C] () -- C:\Users\Hasan\Desktop\Eko Fresh feat Bushido - Diese Zwei.mp4
[2012/08/03 20:18:04 | 000,033,394 | ---- | C] () -- C:\Users\Hasan\Desktop\376244_400094576704528_98968371_n.jpg
[2012/08/03 16:38:58 | 000,049,143 | ---- | C] () -- C:\Users\Hasan\Desktop\Unbe2nannt.jpg
[2012/08/03 16:27:37 | 000,177,770 | ---- | C] () -- C:\Users\Hasan\Desktop\Unbe2nannt.png
[2012/08/03 16:01:02 | 000,499,943 | ---- | C] () -- C:\Users\Hasan\Desktop\Unbenannt.png
[2012/08/03 01:39:57 | 000,105,824 | ---- | C] () -- C:\Users\Hasan\Desktop\298932_283558561660464_3026746_n.jpg
[2012/08/03 01:39:39 | 000,087,083 | ---- | C] () -- C:\Users\Hasan\Desktop\303178_283559654993688_3472297_n.jpg
[2012/08/02 19:42:19 | 000,001,083 | ---- | C] () -- C:\Users\Public\Desktop\ManyCam.lnk
[2012/08/02 19:37:02 | 030,588,416 | ---- | C] () -- C:\Users\Hasan\Desktop\as.avi
[2012/08/02 02:28:31 | 000,017,814 | ---- | C] () -- C:\Users\Hasan\Desktop\598467_445013055516595_304178624_n.jpg
[2012/08/02 02:23:42 | 000,082,978 | ---- | C] () -- C:\Users\Hasan\Desktop\284733_227562447288329_8062195_n.jpg
[2012/08/02 01:26:11 | 003,165,951 | ---- | C] () -- C:\Users\Hasan\Desktop\Sexy Girl On Web Cam (  Y  ).wmv
[2012/08/02 01:21:25 | 000,004,096 | ---- | C] () -- C:\graph.grf
[2012/08/02 01:15:45 | 000,000,937 | ---- | C] () -- C:\Users\Hasan\Desktop\HyperCam 2.lnk
[2012/08/02 01:15:37 | 000,000,319 | ---- | C] () -- C:\user.js
[2012/08/01 16:57:21 | 000,070,214 | ---- | C] () -- C:\Users\Hasan\Desktop\306336_457323334299711_1458944365_n.jpg
[2012/08/01 01:01:09 | 000,058,368 | -H-- | C] () -- C:\Users\Hasan\Desktop\photothumb.db
[2012/08/01 01:00:39 | 000,177,305 | ---- | C] () -- C:\Users\Hasan\Desktop\40930_153596414656680_1407373_n.jpg
[2012/08/01 00:28:02 | 000,030,107 | ---- | C] () -- C:\Users\Hasan\Desktop\561120_348432891893517_1205270673_n.jpg
[2012/07/27 02:42:03 | 000,000,132 | ---- | C] () -- C:\Users\Hasan\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/07/26 01:55:55 | 000,001,237 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Dreamweaver CS6.lnk
[2012/07/26 01:55:07 | 000,001,359 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk
[2012/07/26 01:55:06 | 000,001,525 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk
[2012/07/26 01:54:47 | 000,001,099 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Widget Browser.lnk
[2012/07/26 01:25:52 | 000,001,045 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk
[2012/07/25 00:42:28 | 000,004,634 | ---- | C] () -- C:\Users\Hasan\AppData\Local\recently-used.xbel
[2012/07/21 22:49:57 | 000,002,488 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2012/07/19 18:26:04 | 000,001,120 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
[2012/07/10 23:23:13 | 000,138,460 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/07/10 19:54:27 | 000,001,234 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5 (64 Bit).lnk
[2012/07/10 19:53:25 | 000,001,175 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.lnk
[2012/07/10 19:53:13 | 000,001,268 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.lnk
[2012/07/10 19:52:22 | 000,001,359 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.lnk
[2012/07/10 19:52:17 | 000,001,525 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.lnk
[2012/07/10 19:51:55 | 000,000,999 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2012/06/28 21:06:50 | 000,000,004 | ---- | C] () -- C:\Windows\info147.sys
[2012/06/24 22:49:35 | 000,003,584 | ---- | C] () -- C:\Users\Hasan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/20 17:08:20 | 000,000,184 | ---- | C] () -- C:\Windows\AutoKMS.ini
[2012/06/20 17:07:26 | 000,078,848 | ---- | C] () -- C:\Windows\KMSEmulator.exe
[2012/05/24 16:38:56 | 000,000,600 | ---- | C] () -- C:\Users\Hasan\AppData\Roaming\winscp.rnd
[2012/01/08 07:17:07 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/01/08 07:12:57 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/06/21 10:07:00 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
[2011/06/08 08:03:12 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/02/11 22:29:00 | 001,598,486 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

< End of report >
         
--- --- ---


und einmal Extras.txt :OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 8/5/2012 2:38:51 PM - Run 1
OTL by OldTimer - Version 3.2.56.0     Folder = C:\Users\Hasan\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3.98 Gb Total Physical Memory | 2.92 Gb Available Physical Memory | 73.46% Memory free
7.96 Gb Paging File | 6.93 Gb Available in Paging File | 87.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919.26 Gb Total Space | 829.24 Gb Free Space | 90.21% Space Free | Partition Type: NTFS
Drive D: | 12.16 Gb Total Space | 1.49 Gb Free Space | 12.28% Space Free | Partition Type: NTFS
Drive E: | 4.38 Gb Total Space | 4.24 Gb Free Space | 96.96% Space Free | Partition Type: UDF
Drive J: | 1.58 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: HASAN-HP | User Name: Hasan | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E19619F-77BC-4270-940A-B53F7817FBCF}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{10C4A4DC-DC10-4D70-8DEE-4B5D2B3B2248}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{1383E9C6-BB05-4694-808B-A87FD35757E0}" = lport=445 | protocol=6 | dir=in | app=system | 
"{193A6342-5E8A-49E2-BA44-DF31F23C62AF}" = rport=445 | protocol=6 | dir=out | app=system | 
"{1F13BED9-63AD-4468-B176-5342B9978204}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1F4209F4-7637-4AA4-A41F-743470E0CD5F}" = rport=137 | protocol=17 | dir=out | app=system | 
"{27CE8CE8-4634-4EB0-89B3-EDC5C68C8B10}" = rport=139 | protocol=6 | dir=out | app=system | 
"{2D5C4AF5-8702-4809-AA22-E20657D3445D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4D77C586-F3F8-4406-BEE0-633E0482BFFB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6E8C3149-FE99-4685-BC36-4CD57E237573}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{6E99A594-C591-4C67-8A3A-2D106535BB68}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{74A1CA5A-2968-4839-884C-81033EEBBA6E}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{7736531C-D2F3-4F8E-8E15-5507724B23D7}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{86013738-958C-454D-BB49-B41543764520}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{8D46DDFB-B687-4D46-95B2-1E2D589B749F}" = lport=137 | protocol=17 | dir=in | app=system | 
"{8E091E77-1BED-47C1-AE40-F6114BA7B8AD}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{93FA86F5-E6A5-46C8-823F-23D775F2E6B0}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 
"{99E554B1-59C0-4815-9257-325A29E2249E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A5D6FF02-2759-4CE7-9F73-ECC129820392}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A7ADC0D2-19DD-4701-9B3C-A92234C6A5CF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A847D995-E8D2-488A-81CB-65C2C9BAE355}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{A9694B50-D2FC-436F-B595-4D24AB86801A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{B4FD4BF8-3E3A-4BA4-87F5-B134D6D189DD}" = lport=139 | protocol=6 | dir=in | app=system | 
"{CAD9F7BF-F8AF-40CE-80F0-9BA803F1C38D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CBD32ADD-423A-43D5-99B6-B3C1F69D653A}" = lport=138 | protocol=17 | dir=in | app=system | 
"{D7EE0B2F-D4C6-44B5-A625-273C46C7D3B2}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{E15E52BC-5FB9-4013-A2E5-C5298918D767}" = rport=138 | protocol=17 | dir=out | app=system | 
"{EA817059-DC48-4C6D-A43F-7A26B416368B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FB054029-3CB4-4A34-A2C8-F8A2008D17B1}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06F64AB2-C3D0-4023-8F07-CDEFBFDD482A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0BDC4360-D54C-4D8A-9849-9E458E48623F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{24E8DB53-B7E3-43B6-9F00-96712C0E4208}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{270B4589-1370-4528-8822-23B70B363334}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{2BACA463-73AE-437D-82A6-AEA752EF847E}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{2FE40683-510C-473D-BE0D-541A9216A0B3}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{34D2306D-2838-4F5B-A703-85A00B41156C}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{3ECE5F0F-9600-4415-AF5A-9A7D47B504D6}" = protocol=17 | dir=in | app=c:\program files (x86)\searchresults7\dtuser.exe | 
"{46144965-349B-4166-ADBB-00A1AF20F8B8}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{48A0AB34-A453-46E0-B615-7462749434B2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5B7D06A2-FE98-4EF0-AF20-313D3822789D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{5F0A4050-1C9D-4C14-9E5E-B8B1A4E74A06}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{606E9F03-EFAD-4496-A259-7681E883828B}" = protocol=17 | dir=in | app=c:\users\hasan\appdata\local\vghd\bin\virtuagirl_downloader.exe | 
"{62D462D7-FFD8-46B8-B174-93ABB0F082EA}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{696C45FA-2E11-4591-82A3-87A6A9B1BB5B}" = protocol=6 | dir=in | app=c:\program files (x86)\msn messenger\msnmsgr.exe | 
"{6D57F4B8-AA60-468D-8526-8408FF33141B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{73E65777-1300-43F9-BA48-5D6A12B48A5B}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{83C24CD0-9CF2-461A-BAE4-C022BFCD4A12}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{8432E6AB-DDCF-4AB1-A99D-D1BE3F5C4102}" = protocol=17 | dir=in | app=c:\program files (x86)\msn messenger\msnmsgr.exe | 
"{9975D3BB-3B71-44DE-9410-A43CDB7A4C8A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{9A3447CE-0E22-4110-8BCF-634DDC89BED2}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{9E45F22A-7DAC-4392-986A-35B88212746C}" = protocol=6 | dir=out | app=system | 
"{9FEB17D0-5AD1-4F09-921E-B60AF32DCD01}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{A6E4B216-2967-4B64-B1A0-4040E722C1F7}" = protocol=6 | dir=in | app=c:\users\hasan\appdata\local\vghd\bin\virtuagirl_downloader.exe | 
"{AC8CE6ED-FFF8-48A9-B554-C13C26FA59F0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{B63573AA-7FD3-4DE3-A712-46DB25168B4A}" = protocol=6 | dir=in | app=c:\program files (x86)\searchresults7\dtuser.exe | 
"{B83013B1-D385-40AC-BB15-4888FD877BA6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{BF19CCD8-59DC-42C4-B72B-A46450743342}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{C8C5C722-11E7-4B4D-BB1A-B3490B04DF4F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{C9D25748-3EC0-47B8-B518-B6D4865755E3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CC0AECD3-6ECA-473F-9390-121D813BE4B9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{CCCD8166-AD01-47EF-84E2-36AD41BB02B6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{CFF9F14B-9CC9-4982-8A99-0C578389BB0B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{D700BF8D-A07F-440F-9F0A-866184074415}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{D9C6251D-7A05-4353-8119-269889442DA9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E12D6191-DADB-4F0C-82F6-BDA139EB9B37}" = protocol=6 | dir=in | app=c:\program files (x86)\msn messenger\msnmsgr.exe | 
"{E266EC61-BE0D-4D50-870C-0577B11F91F7}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{E429ACF5-D09D-453D-9504-383DF3F71759}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{E47CB9B2-D31F-4F6A-8829-79D10026D0FF}" = protocol=17 | dir=in | app=c:\program files (x86)\msn messenger\msnmsgr.exe | 
"{E6BAD4B7-A4E1-42AF-BFD8-F34BE5D45310}" = dir=in | app=c:\users\hasan\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{F481BD07-F843-4F30-A3DB-1AA457F1FC99}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{F802DAF4-8CF4-4EB0-B847-9E359A91FE1A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FE67EFB8-F505-4EBE-A9DD-C5ED37AD8402}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"TCP Query User{582ECB7A-E751-4E74-A4A9-B344912998D9}C:\program files (x86)\jdownloader\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\javaw.exe | 
"TCP Query User{81C1E9B3-251A-4BD8-A021-4B3AEC3EB0B3}C:\users\hasan\appdata\local\mediaget2\mediaget.exe" = protocol=6 | dir=in | app=c:\users\hasan\appdata\local\mediaget2\mediaget.exe | 
"TCP Query User{89075516-A709-4707-AEA9-705E3214DC2D}C:\program files (x86)\counter-strike 1.6\hl.exe" = protocol=6 | dir=in | app=c:\program files (x86)\counter-strike 1.6\hl.exe | 
"TCP Query User{9235E029-E040-4691-B0EC-A7A6F6991F13}C:\windows\kmsemulator.exe" = protocol=6 | dir=in | app=c:\windows\kmsemulator.exe | 
"TCP Query User{F095EC05-7D86-406D-A6C3-4DC45345745B}C:\users\hasan\desktop\tinyumbrella-5.11.00b.exe" = protocol=6 | dir=in | app=c:\users\hasan\desktop\tinyumbrella-5.11.00b.exe | 
"UDP Query User{16C4A4C3-4221-474A-9A96-A97CAD3B3752}C:\users\hasan\desktop\tinyumbrella-5.11.00b.exe" = protocol=17 | dir=in | app=c:\users\hasan\desktop\tinyumbrella-5.11.00b.exe | 
"UDP Query User{3C16B6F7-407D-4ABC-AEA8-54CA1388456E}C:\program files (x86)\jdownloader\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\javaw.exe | 
"UDP Query User{54F853BA-774C-4563-B235-72D00DC02909}C:\program files (x86)\counter-strike 1.6\hl.exe" = protocol=17 | dir=in | app=c:\program files (x86)\counter-strike 1.6\hl.exe | 
"UDP Query User{A0E04234-E5AB-4685-A836-63560F87E51B}C:\users\hasan\appdata\local\mediaget2\mediaget.exe" = protocol=17 | dir=in | app=c:\users\hasan\appdata\local\mediaget2\mediaget.exe | 
"UDP Query User{BDEC1C1B-B20C-48AF-89FA-3B185DD3CCED}C:\windows\kmsemulator.exe" = protocol=17 | dir=in | app=c:\windows\kmsemulator.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160" = Canon MP160
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-1000-0000000FF1CE}_Office14.SingleImage_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-1000-0000000FF1CE}_Office14.SingleImage_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-1000-0000000FF1CE}_Office14.SingleImage_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-1000-0000000FF1CE}_Office14.SingleImage_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-1000-0000000FF1CE}_Office14.SingleImage_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-1000-0000000FF1CE}_Office14.SingleImage_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.SingleImage_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.SingleImage_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.SingleImage_{1779650B-2E44-4A19-8DF6-3866D645764A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-1000-0000000FF1CE}_Office14.SingleImage_{270CA0B9-9881-44DB-BC3B-37C7E66A044A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-1000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-0043-0409-1000-0000000FF1CE}_Office14.SingleImage_{FCD1C311-8B02-4DBD-BA46-1079C629577E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}_Office14.SingleImage_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-1000-0000000FF1CE}_Office14.SingleImage_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}_Office14.SingleImage_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-1000-0000000FF1CE}_Office14.SingleImage_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96F38867-9D41-683C-DF60-034A731C37FE}" = ATI Catalyst Install Manager
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{E03EE2F0-5B77-5288-BB47-BF31F8411E9F}" = ccc-utility64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CANONIJINBOXADDON200" = Canon Inkjet Printer Driver Add-On Module V2.00
"Creative VF0330" = Creative WebCam Vista/Live! Cam Chat (VF0330) Driver (1.12.01.00)
"GIMP-2_is1" = GIMP 2.8.0
"HyperCam 2" = HyperCam 2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"Office14.SingleImage" = Microsoft Office Professional 2010
"Recuva" = Recuva
"WinRAR archiver" = WinRAR 4.11 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{02F7A7B2-913A-4032-F7D7-3F2C14F812B6}" = CCC Help Chinese Standard
"{03046EBB-CB7C-4B98-BEFB-690EB955DA22}" = HP Setup
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{06D0056A-DC6A-B1E1-8D13-D440F2AD3E63}" = Catalyst Control Center
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0FD57355-9934-E3B7-8ABA-4AE4AC72507F}" = Catalyst Control Center InstallProxy
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{149D4F00-AD01-3AA1-816F-A067A68A4F9E}" = HydraVision
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2242081E-F673-ED92-6CCB-1244A751346C}" = CCC Help Spanish
"{22758D8F-E023-44ED-8647-3C6985ABF663}" = Nero Kwik Media
"{23E558E2-D070-3BDA-B1B8-72FA0A82841D}" = Catalyst Control Center Localization All
"{2432E589-6256-4513-B0BF-EFA8E325D5F0}" = Nero SharedVideoCodecs
"{24C36B60-9443-4E4B-A620-C936992E96F1}" = SubscribeWinManual
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4
"{273F0620-4324-4A86-891D-07E99D5C5D8A}" = Catalyst Control Center - Branding
"{28F27BB2-08FA-D2E7-FFCE-9434146975C7}" = CCC Help Dutch
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3282009E-EE34-CCE0-8246-022DC6DE9691}" = CCC Help Korean
"{33D36680-4219-B641-587F-CCAB6953133E}" = CCC Help Portuguese
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53DA6CFE-7CDE-4F72-9E23-39AAC686DE17}" = iPhone Folders
"{550ABD27-7F34-8904-E77F-0039DD33D271}" = CCC Help Finnish
"{5928359F-BF46-4646-BF19-B64E55171EB5}" = FILSHtray
"{5A212B2D-140D-46F4-B625-2D1CA5A00594}" = Nero 11 Kwik Themes Basic
"{5CA6A108-BBC3-D7FC-F1C5-8F2AD0C5D6DD}" = CCC Help German
"{5DA7CED3-4C7A-0ECF-8B48-B575637A7445}" = CCC Help Swedish
"{5DCAAED5-F17D-91DD-2FE7-7EB5A73C5AFB}" = CCC Help English
"{5F40A933-8DF6-365A-9E98-C7696991D007}" = CCC Help Japanese
"{61B7B98F-D217-4299-AC8C-42BA90B4CDF5}" = Tinychat Updater
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.1.0
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7849D2B4-1F45-38C2-E0BA-A0B194D17DF9}" = CCC Help Hungarian
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B9DD7CB-22A1-5CB3-8F3A-0D8FD8FE700B}" = CCC Help Czech
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}" = HP Support Information
"{7FB00B6B-6843-97EC-EED6-78BD6D35370A}" = Zinio Reader 4
"{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1" = iExplorer 2.2.1.3
"{822AD542-7F2D-156D-706B-357D2ABA9A05}" = CCC Help Italian
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83AA2913-C123-4146-85BD-AD8F93971D39}" = BabylonObjectInstaller
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8DC069E7-893C-41E1-9442-DE89FEC33371}" = Xobni Core
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E18934B-DAB7-3C80-D423-8A7661F03D4D}" = CCC Help French
"{A15D03FE-44F7-CE8E-4BF0-EB7224792537}" = Catalyst Control Center Profiles Desktop
"{A4ED5E53-7AA0-11E1-BF04-B2D4D4A5360E}" = Adobe Dreamweaver CS6
"{A4FA7AA2-BF23-A1D6-1893-B5045CF100AE}" = CCC Help Norwegian
"{A6A93CA6-7564-A30A-A7F8-6C85B0E533B2}" = CCC Help Thai
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{B40D7926-AE5F-41EA-8AC6-56C0E2F00E9D}" = HP MAINSTREAM KEYBOARD
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM)
"{BE1674EC-4B9B-1C56-3EF1-6B35B5C2AA74}" = CCC Help Chinese Traditional
"{BE1C9464-DEBB-4DA6-B19A-8EC634F22D73}" = HP Connect Solutions
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{BFDCAFC1-E6CD-70C8-53E5-1B3339A28E4D}" = CCC Help Danish
"{C01A86F5-56E7-101F-9BC9-E3F1025EB779}" = Intel(R) Identity Protection Technology 1.1.2.0
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C611CF88-969D-43E6-A877-D6D6439DD081}" = HP Remote Solution
"{C920EFB6-59DB-472D-B445-21821477AD17}" = True Crime® New York City
"{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}" = HP Support Assistant
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CED55396-8C6B-2BE0-4113-731C6201498B}" = CCC Help Polish
"{CF7B4D8C-BF93-11FD-04A7-DD57BBF1078C}" = Tinychat
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DF2035BE-5820-4965-BD97-7FAF8D4A7879}" = Microsoft_VC90_CRT_x86
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2A1A51F-5018-23DA-FCDA-BEA21C7EA48D}" = CCC Help Russian
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E4C92944-F31A-3FB0-C3B0-D7C5950B1D82}" = Adobe Download Assistant
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ED7B3025-3CA1-7985-DB04-2B0299BBF846}" = CCC Help Turkish
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{EFBE6DD5-B224-96E5-72B9-68D328CB12A6}" = Adobe Widget Browser
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F393ED40-AD54-6F34-3534-4B51C167B5EB}" = Catalyst Control Center Graphics Previews Common
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FAF448F1-4460-440C-9280-07F66A63D6F5}" = Nero Kwik Media
"{FDE8AA35-A16F-CFE6-6EEF-C6A28DAED127}" = CCC Help Greek
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"4Story_DE_is1" = 4Story DE 3.9.154
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"BabylonToolbar" = Babylon toolbar on IE
"CamStudio" = CamStudio
"Canon MP160 Benutzerregistrierung" = Canon MP160 Benutzerregistrierung
"CanonMyPrinter" = Canon My Printer
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"com.adobe.WidgetBrowser" = Adobe Widget Browser
"Counter-Strike 1.6" = Counter-Strike 1.6
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"FileZilla Client" = FileZilla Client 3.2.7.1
"Free YouTube Download_is1" = Free YouTube Download version 3.1.29.608
"HP Keyboard_is1" = HP Desktop Keyboard
"HP Remote Solution" = HP Remote Solution
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"IrfanView" = IrfanView (remove only)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"ManyCam" = ManyCam 3.0.79 (remove only)
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator 3.0" = Canon MP Navigator 3.0
"PhotoScape" = PhotoScape
"Picasa 3" = Picasa 3
"searchresults7" = Search Results Toolbar
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 7" = TeamViewer 7
"Tinychat" = Tinychat
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"winscp3_is1" = WinSCP 4.3.7
"WTA-0791aad2-c16c-4413-9600-52e03b1a3fae" = Jewel Quest Solitaire
"WTA-11c881f2-cfc3-48c7-80d6-7d0fe8371f94" = Zuma Deluxe
"WTA-1f3bdd62-1b0f-4774-bc4d-00546b62f60a" = Governor of Poker 2 Premium Edition
"WTA-26425b32-832e-4c6c-8ed8-d5cbb3b000bb" = Vacation Quest - The Hawaiian Islands
"WTA-284f9aa6-055d-435d-a19e-ac55f0736285" = Mah Jong Medley
"WTA-2f66db47-4890-4302-a43a-352d66658994" = Jewel Quest: The Sleepless Star - Collector's Edition
"WTA-37100e2b-f138-4c73-8091-92d8a12213fb" = Bounce Symphony
"WTA-43686210-ff74-42ce-b457-9a2f7ebaae58" = Virtual Villagers - The Secret City
"WTA-45fec9c0-564b-4267-bc11-a7feae81381c" = Namco All-Stars: PAC-MAN
"WTA-5fb6a6fe-5d48-4ddc-9efd-4099ae337ccf" = Chronicles of Albian
"WTA-6404e09b-d8d7-4de6-8f39-f27c713275c4" = Penguins!
"WTA-681a3586-040d-4e6f-8acd-26b5e898c677" = Mystery of Mortlake Mansion
"WTA-7c9fe226-856b-48e7-b9a4-f05af971107f" = Cake Mania
"WTA-9b4b9c43-42d6-4d28-942d-e43ffd1a35b4" = Farm Frenzy
"WTA-a39cb1db-6a2c-469c-b935-3fe86a3ee08e" = Chuzzle Deluxe
"WTA-a48da115-f42a-486b-afe4-bcada26401e9" = Blasterball 3
"WTA-a79d8e80-1e52-45f3-aec2-6a86a5719cda" = Cradle of Rome 2
"WTA-af41b837-3235-4515-96e0-0a7ab7478c93" = FATE
"WTA-b586f4c4-522b-4913-abce-c24bb1bd00e3" = Slingo Deluxe
"WTA-e590ef0c-023e-4571-aad5-67bd5ed3de28" = Polar Bowler
"WTA-e7bb3e9b-6514-4954-8f84-04416238b57a" = Bejeweled 3
"WTA-e92c4454-f57f-49c7-a227-7a41f58c4448" = Agatha Christie - Peril at End House
"WTA-ed79fc9c-35f1-473b-819c-390b46548c89" = Plants vs. Zombies - Game of the Year
"ZinioReader4" = Zinio Reader 4
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"CopyTrans Suite" = Nur Entfernen der CopyTrans Suite möglich
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 7/21/2012 1:23:01 PM | Computer Name = Hasan-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5008
 
Error - 7/21/2012 1:23:02 PM | Computer Name = Hasan-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 7/21/2012 1:23:02 PM | Computer Name = Hasan-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6006
 
Error - 7/21/2012 1:23:02 PM | Computer Name = Hasan-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6006
 
Error - 7/21/2012 1:23:03 PM | Computer Name = Hasan-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 7/21/2012 1:23:03 PM | Computer Name = Hasan-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7004
 
Error - 7/21/2012 1:23:03 PM | Computer Name = Hasan-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7004
 
Error - 7/21/2012 1:23:04 PM | Computer Name = Hasan-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 7/21/2012 1:23:04 PM | Computer Name = Hasan-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8003
 
Error - 7/21/2012 1:23:04 PM | Computer Name = Hasan-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8003
 
[ Hewlett-Packard Events ]
Error - 8/4/2012 7:25:33 PM | Computer Name = Hasan-HP | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164   bei System.RuntimeTypeHandle.CreateInstance(RuntimeType
 type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
 ctor, Boolean& bNeedSecurityCheck)     bei System.RuntimeType.CreateInstanceSlow(Boolean
 publicOnly, Boolean fillCache)     bei System.RuntimeType.CreateInstanceImpl(Boolean
 publicOnly, Boolean skipVisibilityChecks, Boolean fillCache)     bei System.Activator.CreateInstance(Type
 type, Boolean nonPublic)     bei HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed()
StackTrace:
   bei System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
 Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)

   bei System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)

   bei System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
 Boolean fillCache)     bei System.Activator.CreateInstance(Type type, Boolean nonPublic)

   bei HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed()  Source: mscorlib

Name:
 HPSFMsgr.exe  Version: 01.00.00.00  Path: C:\Program Files (x86)\Hewlett-Packard\HP
 Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe  Format: de-DE  RAM: 4076  Ram
 Utilization: 30  TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean,
 Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)  
 
Error - 8/4/2012 7:36:31 PM | Computer Name = Hasan-HP | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164   bei System.RuntimeTypeHandle.CreateInstance(RuntimeType
 type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
 ctor, Boolean& bNeedSecurityCheck)     bei System.RuntimeType.CreateInstanceSlow(Boolean
 publicOnly, Boolean fillCache)     bei System.RuntimeType.CreateInstanceImpl(Boolean
 publicOnly, Boolean skipVisibilityChecks, Boolean fillCache)     bei System.Activator.CreateInstance(Type
 type, Boolean nonPublic)     bei HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed()
StackTrace:
   bei System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
 Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)

   bei System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)

   bei System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
 Boolean fillCache)     bei System.Activator.CreateInstance(Type type, Boolean nonPublic)

   bei HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed()  Source: mscorlib

Name:
 HPSFMsgr.exe  Version: 01.00.00.00  Path: C:\Program Files (x86)\Hewlett-Packard\HP
 Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe  Format: de-DE  RAM: 4076  Ram
 Utilization: 30  TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean,
 Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)  
 
[ Media Center Events ]
Error - 7/3/2012 9:35:03 AM | Computer Name = Hasan-HP | Source = MCUpdate | ID = 0
Description = 15:35:03 - Fehler beim Herstellen der Internetverbindung.  15:35:03 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 7/3/2012 9:35:16 AM | Computer Name = Hasan-HP | Source = MCUpdate | ID = 0
Description = 15:35:09 - Fehler beim Herstellen der Internetverbindung.  15:35:09 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 8/5/2012 8:36:53 AM | Computer Name = Hasan-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 8/5/2012 8:36:53 AM | Computer Name = Hasan-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 8/5/2012 8:36:53 AM | Computer Name = Hasan-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 8/5/2012 8:36:53 AM | Computer Name = Hasan-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 8/5/2012 8:37:04 AM | Computer Name = Hasan-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 8/5/2012 8:37:04 AM | Computer Name = Hasan-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 8/5/2012 8:37:04 AM | Computer Name = Hasan-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 8/5/2012 8:38:50 AM | Computer Name = Hasan-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 8/5/2012 8:38:50 AM | Computer Name = Hasan-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 8/5/2012 8:38:50 AM | Computer Name = Hasan-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
 
< End of report >
         
--- --- ---


Das wars ich hoffe jemand kann mir helfen

Ich bedanke mich im Vorraus

MFG Itszhsn

Alt 05.08.2012, 19:27   #2
Chris4You
 
Start Windows 7 white Screen dann leerer Desktop abgesichterer Modus geht normal - Standard

Start Windows 7 white Screen dann leerer Desktop abgesichterer Modus geht normal



Hi,

Bitte folgende Files prüfen:

Dateien Online überprüfen lassen:
  • Suche die Seite Virtustotal auf, klicke auf den Button „Durchsuchen“
    und suche folgende Datei/Dateien:
Code:
ATTFilter
C:\Windows\Installer\{8A1CE765-70F9-308B-172E-191DF63D1250}\syshost.exe
         
  • Lade nun nacheinander jede/alle Datei/Dateien hoch, und warte bis der Scan vorbei ist. (kann bis zu 2 Minuten dauern.)
  • Poste im Anschluss das Ergebnis der Auswertung, alles abkopieren und in einen Beitrag einfügen.
  • Wichtig: Auch die Größenangabe sowie den HASH mit kopieren!

Das Teil ist von Samsung, gleichzeitig fährt auch nochwas von HP rum, was für eine Kiste ist das? Falls die Syshost erkannt wurde, muss ich das script nochmal anpassen.

in den abgesicherten Modus (f8 beim Booten) booten...

OTL:
  • Doppelklick auf die OTL.exe, um das Programm auszuführen.
  • Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.
  • Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"

Code:
ATTFilter
:OTL
O4 - HKLM..\Run: []  File not found
O4 - HKCU..\Run: [] C:\Users\Hasan\AppData\Local\Temp\ezeyekhbko.exe (XEROX)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

:REG
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = dword:0x01

:Commands
[purity]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
         
  • Den roten Run Fixes! Button anklicken.
  • Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.
  • Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:
  • %systemroot%\_OTL

Der Rechner sollte normal booten können, dann weiter mit MAM...
Malwarebytes Antimalware (MAM)
Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html
Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen:
http://filepony.de/download-chameleon/
Danach bitte update der Signaturdateien (Reiter "Aktualisierungen" -> Suche nach Aktualisierungen")
Fullscan und alles bereinigen lassen! Log posten.

chris
__________________

__________________

Alt 05.08.2012, 23:25   #3
itszhsn
 
Start Windows 7 white Screen dann leerer Desktop abgesichterer Modus geht normal - Standard

Start Windows 7 white Screen dann leerer Desktop abgesichterer Modus geht normal



Hi danke für deine Antwort doch als ich C:\Windows\Installer\{8A1CE765-70F9-308B-172E-191DF63D1250}\syshost.exe suchen wollte hab ich unabsichtlich drauf geklickt und mein Pc hatte nen Neustart und als ich diese Datei wieder suchen wollte fand ich sie nicht mehr.

Ich besitzt einen hp elite 7300 series mt Rechner.

Ok alles hat wunderbar geklappt.

Alles geht wieder und das Ergebnis vom Malware Scan :

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.05.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Hasan :: HASAN-HP [Administrator]

Schutz: Aktiviert

06.08.2012 01:20:47
mbam-log-2012-08-06 (01-20-47).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 373880
Laufzeit: 44 Minute(n), 37 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 11
C:\Users\Hasan\AppData\Local\Temp\gxzcnownvrku.exe (Trojan.Phex.THAGen6) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Hasan\AppData\Local\Temp\mmyiqrdyjnnxdgqv.exe (Trojan.Phex.THAGen6) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Hasan\AppData\Local\Temp\pkvdnoljqd.exe (Trojan.Phex.THAGen6) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Hasan\Desktop\Multi-Connector1.1\eip\nc.exe (PUP.Netcat) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Hasan\Desktop\Multi-Connector1.1\fb\nc.exe (PUP.Netcat) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Hasan\Desktop\Sachen\Call of Duty - Modern Warfare 3\iw5sp.exe (Trojan.Agent.H) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Hasan\Downloads\scrcaminstfree (1).exe (PUP.BundleInstaller.BI) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Hasan\Downloads\scrcaminstfree.exe (PUP.BundleInstaller.BI) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Hasan\Downloads\SoftonicDownloader_fuer_fast-ip-changer.exe (PUP.ToolbarDownloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\KMSEmulator.exe (RiskWare.Tool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\_OTL\MovedFiles\08062012_002941\C_Users\Hasan\AppData\Local\Temp\ezeyekhbko.exe (Trojan.Phex.THAGen6) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         

Danke für deine Hilfe !
__________________

Alt 06.08.2012, 06:59   #4
Chris4You
 
Start Windows 7 white Screen dann leerer Desktop abgesichterer Modus geht normal - Standard

Start Windows 7 white Screen dann leerer Desktop abgesichterer Modus geht normal



Hi,

poste noch ein neues OTL-Log...

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 06.08.2012, 13:08   #5
itszhsn
 
Start Windows 7 white Screen dann leerer Desktop abgesichterer Modus geht normal - Standard

Start Windows 7 white Screen dann leerer Desktop abgesichterer Modus geht normal



Hallo ahm hier


Code:
ATTFilter
OTL logfile created on: 8/6/2012 2:03:06 PM - Run 2
OTL by OldTimer - Version 3.2.56.0     Folder = C:\Users\Hasan\Desktop\Programme
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3.98 Gb Total Physical Memory | 1.28 Gb Available Physical Memory | 32.08% Memory free
7.96 Gb Paging File | 4.30 Gb Available in Paging File | 54.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919.26 Gb Total Space | 827.91 Gb Free Space | 90.06% Space Free | Partition Type: NTFS
Drive D: | 12.16 Gb Total Space | 1.49 Gb Free Space | 12.28% Space Free | Partition Type: NTFS
Drive E: | 4.38 Gb Total Space | 4.24 Gb Free Space | 96.96% Space Free | Partition Type: UDF
Drive J: | 1.58 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: HASAN-HP | User Name: Hasan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Hasan\Desktop\Programme\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Users\Hasan\AppData\Roaming\WindSolutions\CopyTransControlCenter\Applications\CopyTransManager.exe (WindSolutions)
PRC - C:\Program Files (x86)\DVDVideoSoft\Free YouTube Download\FreeYTVDownloader.exe (DVDVideoSoft Ltd.)
PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
PRC - C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe (ManyCam LLC)
PRC - C:\Program Files (x86)\Gameforge4D\4Story_DE\PrePatch.exe (Zemi Interactive Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\ATH.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE (Hewlett-Packard)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe (Hewlett-Packard)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe (Hewlett-Packard)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe ()
PRC - C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
PRC - C:\Windows\V0330Mon.exe (Creative Technology Ltd.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB9ED.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB96E.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMBB5D.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMBB1C.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMBACC.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMBA4D.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\YTMP7MC8AA\TAABD0E.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB8EF.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB832.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB7B3.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB754.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB713.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB6D3.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB6A2.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB652.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB621.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB5E1.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB5A0.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB560.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB52F.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB4EF.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB49F.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB45E.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB40E.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB3CE.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB37D.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB32D.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB24B.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB1CA.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB27B.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB2ED.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB2AC.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB20A.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB16A.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB057.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMAF88.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB0A7.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMAFF7.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMAF17.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMAEE6.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMAEB5.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMAE54.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMAE23.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMADF2.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMADC1.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB109.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMAE85.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMAF48.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMAD41.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMAD71.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB139.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB0D8.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMAC83.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.7_0\BabylonChromeToolBar.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Users\Hasan\AppData\Roaming\BabylonToolbar\CR\BUSolution.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\Microsoft.WindowsAPICodePack.Shell\1.1.0.0__31bf3856ad364e35\Microsoft.WindowsAPICodePack.Shell.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\Microsoft.WindowsAPICodePack\1.1.0.0__31bf3856ad364e35\Microsoft.WindowsAPICodePack.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6c59a14a23f734093e80d6093e25302a\Microsoft.VisualBasic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\Program Files (x86)\DVDVideoSoft\Free YouTube Download\DVDVideoSoft.Resources.dll ()
MOD - C:\Program Files (x86)\DVDVideoSoft\Free YouTube Download\de-DE\DVDVideoSoft.Resources.resources.dll ()
MOD - C:\Program Files (x86)\Common Files\DVDVideoSoft\Dll\avcodec-54.dll ()
MOD - C:\Program Files (x86)\Common Files\DVDVideoSoft\Dll\avformat-54.dll ()
MOD - C:\Program Files (x86)\Common Files\DVDVideoSoft\Dll\swscale-2.dll ()
MOD - C:\Program Files (x86)\Common Files\DVDVideoSoft\Dll\avutil-51.dll ()
MOD - C:\Program Files (x86)\ManyCam\Bin\CrashRpt.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Users\Hasan\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\Hasan\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll ()
MOD - C:\Users\Hasan\AppData\Local\Google\Chrome\Application\18.0.1025.168\libglesv2.dll ()
MOD - C:\Users\Hasan\AppData\Local\Google\Chrome\Application\18.0.1025.168\libegl.dll ()
MOD - C:\Users\Hasan\AppData\Local\Google\Chrome\Application\18.0.1025.168\avutil-51.dll ()
MOD - C:\Users\Hasan\AppData\Local\Google\Chrome\Application\18.0.1025.168\avformat-53.dll ()
MOD - C:\Users\Hasan\AppData\Local\Google\Chrome\Application\18.0.1025.168\avcodec-53.dll ()
MOD - C:\Users\Hasan\AppData\Local\Google\Chrome\Application\18.0.1025.168\gcswf32.dll ()
MOD - C:\Users\Hasan\AppData\Local\Google\Chrome\APPLIC~1\180102~1.168\gcswf32.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()
MOD - C:\Program Files (x86)\ManyCam\Bin\opencv_objdetect220.dll ()
MOD - C:\Program Files (x86)\ManyCam\Bin\opencv_highgui220.dll ()
MOD - C:\Program Files (x86)\ManyCam\Bin\opencv_video220.dll ()
MOD - C:\Program Files (x86)\ManyCam\Bin\opencv_imgproc220.dll ()
MOD - C:\Program Files (x86)\ManyCam\Bin\opencv_core220.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\WMINPUT.DLL ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\STacSV64.exe (IDT, Inc.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (HPAuto) -- C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe (Hewlett-Packard)
SRV:64bit: - (HPClientSvc) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (AESTFilters) -- C:\Program Files\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (Hewlett-Packard Company)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (VCam_WDM) -- C:\Windows\SysNative\drivers\VCam_WDM.sys (e2eSoft)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (mcaudrv_simple) -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys (ManyCam LLC)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (ManyCam) -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys (ManyCam LLC)
DRV:64bit: - (pmxdrv) -- C:\Windows\SysNative\drivers\pmxdrv.sys ()
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (tixhci) -- C:\Windows\SysNative\drivers\tixhci.sys (Texas Instruments Incorporated)
DRV:64bit: - (tihub3) -- C:\Windows\SysNative\drivers\tihub3.sys (Texas Instruments Incorporated)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (OxSer) -- C:\Windows\SysNative\drivers\OxSer.sys (OEM)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (V0330VID) -- C:\Windows\SysNative\drivers\V0330Vid.sys (Creative Technology Ltd.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (PCWinSoft) -- C:\Windows\SysNative\drivers\scrcamlrdrv_x64.sys (Windows (R) Server 2003 DDK provider)
DRV:64bit: - (mcdbus) -- C:\Windows\SysNative\drivers\mcdbus.sys (MagicISO, Inc.)
DRV:64bit: - (OxPPort) -- C:\Windows\SysNative\drivers\OxPPort.sys (OEM)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (mcdbus) -- C:\Windows\SysWOW64\drivers\mcdbus.sys (MagicISO, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/28
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/28
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CMDTDF
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMDTDF
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-5/4?satitle={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{F625FDB0-9AA1-4969-B902-A345E6A8D8CE}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/28
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/28
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CMDTDF
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMDTDF
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-5/4?satitle={searchTerms}
IE - HKLM\..\SearchScopes\{F625FDB0-9AA1-4969-B902-A345E6A8D8CE}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/28
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=112542&tt=010812_hplgoff_3112_1&babsrc=HP_ss&mntrId=96ad0afd000000000000386077b87e7b
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=112542&tt=010812_hplgoff_3112_1&babsrc=SP_ss&mntrId=96ad0afd000000000000386077b87e7b
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMDTDF
IE - HKCU\..\SearchScopes\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD}: "URL" = hxxp://eu.ask.com/web?l=dis&o=APN10630&gct=sb&qsrc=2869&apn_dtid=^YYYYYY^YY^AT&apn_ptnrs=^AE2&apn_uid=0325063925894589&p2=^AE2^YYYYYY^YY^AT&q={searchTerms}
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-5/4?satitle={searchTerms}
IE - HKCU\..\SearchScopes\{F625FDB0-9AA1-4969-B902-A345E6A8D8CE}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/?affID=112542&tt=010812_hplgoff_3112_1&babsrc=HP_ss&mntrId=96ad0afd000000000000386077b87e7b"
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?affID=112542&tt=010812_hplgoff_3112_1&babsrc=KW_ss&mntrId=96ad0afd000000000000386077b87e7b&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Hasan\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/21 23:47:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012/05/15 18:41:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hasan\AppData\Roaming\mozilla\Extensions
[2012/08/02 01:15:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hasan\AppData\Roaming\mozilla\Firefox\Profiles\b0ehi8gq.default\extensions
[2012/07/16 21:24:01 | 000,000,000 | ---D | M] (Search Results Toolbar) -- C:\Users\Hasan\AppData\Roaming\mozilla\Firefox\Profiles\b0ehi8gq.default\extensions\{6f895323-a0d1-4844-b5d1-89e3962fa2b2}
[2012/06/23 15:09:45 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Hasan\AppData\Roaming\mozilla\Firefox\Profiles\b0ehi8gq.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012/07/07 13:19:26 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Hasan\AppData\Roaming\mozilla\Firefox\Profiles\b0ehi8gq.default\extensions\toolbar@ask.com
[2012/05/15 18:41:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012/07/24 19:03:42 | 000,413,408 | ---- | M] () (No name found) -- C:\USERS\HASAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\B0EHI8GQ.DEFAULT\EXTENSIONS\{C45C406E-AB73-11D8-BE73-000A95BE3B12}.XPI
[2012/07/21 23:47:53 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/07/21 23:47:48 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/07/16 21:24:02 | 000,002,274 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\ask.xml
[2012/08/02 01:15:22 | 000,002,364 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012/07/21 23:47:48 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/07/21 23:47:48 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/07/21 23:47:48 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/07/21 23:47:48 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/07/21 23:47:48 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://search.babylon.com/?affID=112542&tt=010812_hplgoff_3112_1&babsrc=HP_ss&mntrId=96ad0afd000000000000386077b87e7b
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Hasan\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Hasan\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Hasan\AppData\Local\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - Extension: Ask Toolbar = C:\Users\Hasan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaodnbkkemkkaekocofmphoadofkdh\7.15.4.24117_0\
CHR - Extension: Web Developer = C:\Users\Hasan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm\0.4.1_0\
CHR - Extension: YouTube = C:\Users\Hasan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Hasan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Babylon Toolbar = C:\Users\Hasan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.7_0\
CHR - Extension: Facebook Autolike = C:\Users\Hasan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnmoffkbpmaikkcdaponiiakfojdjacp\1.0_0\
CHR - Extension: Google Mail = C:\Users\Hasan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2012/05/25 23:28:32 | 000,000,718 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Search Results Toolbar) - {6f895323-a0d1-4844-b5d1-89e3962fa2b2} - C:\Program Files (x86)\searchresults7\searchresultsDx.dll (Ask.com)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Search Results Toolbar) - {6f895323-a0d1-4844-b5d1-89e3962fa2b2} - C:\Program Files (x86)\searchresults7\searchresultsDx.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [4StoryPrePatch] C:\Program Files (x86)\Gameforge4D\4Story_DE\PrePatch.exe (Zemi Interactive Inc.)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe (Hewlett-Packard)
O4 - HKLM..\Run: [File Sanitizer] c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe File not found
O4 - HKLM..\Run: [HP KEYBOARDx] C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE (Hewlett-Packard)
O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard)
O4 - HKLM..\Run: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [V0330Mon.exe] C:\Windows\V0330Mon.exe (Creative Technology Ltd.)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [Facebook Update] C:\Users\Hasan\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [ManyCam] C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe (ManyCam LLC)
O4 - HKCU..\Run: [msnmsgr] "C:\Program Files (x86)\MSN Messenger\MsnMsgr.Exe" /background File not found
O4 - Startup: C:\Users\Hasan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Hasan\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Hasan\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105 File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{01E32558-04E0-47CB-9B2E-2427C0BF0AF6}: DhcpNameServer = 194.48.124.202 194.48.124.200
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4FEC8B8A-844A-4648-BBA6-77D1D4CFCE20}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/02/10 08:27:47 | 000,000,063 | R--- | M] () - J:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/08/06 13:54:10 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{2B0399E8-A7DF-423A-9B2A-F268C7A34BAC}
[2012/08/06 13:53:48 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{EF93F329-F4B3-43D9-B5C7-FCBDABEC5C5C}
[2012/08/06 12:01:30 | 000,000,000 | ---D | C] -- C:\Users\Hasan\Desktop\Neuer Ordner
[2012/08/06 12:00:09 | 000,000,000 | ---D | C] -- C:\Users\Hasan\Videos
[2012/08/06 11:19:49 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Roaming\vlc
[2012/08/06 11:19:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012/08/06 11:19:32 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2012/08/06 02:11:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/08/06 02:11:35 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/08/06 01:48:18 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{BCBA8AD9-ECB8-4230-A87B-3B6C7D48448F}
[2012/08/06 01:47:56 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{B38D7C8B-94E2-4A04-AFD7-8BA94E6C13A3}
[2012/08/06 01:46:18 | 000,000,000 | ---D | C] -- C:\Live!Cam
[2012/08/06 01:14:47 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Roaming\Malwarebytes
[2012/08/06 01:14:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/06 01:14:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/08/06 01:14:20 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/08/06 01:14:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/08/06 00:29:41 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/08/05 00:48:14 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{5ADD9703-0938-4983-BE15-21426345892A}
[2012/08/05 00:47:53 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{57F68B9E-B5FF-4E8A-8ABE-FA5B56731A34}
[2012/08/03 01:10:21 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{7CC89465-27CC-43AD-BBA7-8D5E0AF05412}
[2012/08/03 01:10:00 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{709EE5F8-6F4C-4F79-A830-BB563039B320}
[2012/08/02 19:42:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ManyCam
[2012/08/02 13:09:49 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{25A14C24-115B-4743-A4B9-360970F10CE8}
[2012/08/02 13:09:39 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{68825BD3-17BF-4AC0-A390-1ED1815C70F2}
[2012/08/02 01:15:45 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HyperCam 2
[2012/08/02 01:15:45 | 000,000,000 | ---D | C] -- C:\Program Files\HyperCam 2
[2012/08/02 01:15:39 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Roaming\BabylonToolbar
[2012/08/02 01:15:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BabylonToolbar
[2012/08/02 01:15:16 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Roaming\Babylon
[2012/08/02 01:15:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012/08/01 15:53:27 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{28BFCE1E-D883-4416-8C9C-891A79D3D3A4}
[2012/08/01 15:53:12 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{3A6EBDDD-A536-4508-84AB-1C7AB7B4227E}
[2012/08/01 01:02:00 | 000,000,000 | ---D | C] -- C:\Users\Hasan\Desktop\Originals
[2012/07/31 21:05:08 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{159B3B5D-A9C6-4D54-90AB-A27F571892EC}
[2012/07/31 21:04:47 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{FF1B64E1-599B-47EF-BCAC-A1F6625D08D4}
[2012/07/30 17:09:42 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{8A2A63B4-4D80-4DDE-BE6E-FB4EA9A96D57}
[2012/07/30 17:09:21 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{7E5CE4C6-5036-4490-9BAE-E50BA4C11417}
[2012/07/30 02:13:40 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{3E10D924-3BDC-4355-971A-B740D0FCE0E2}
[2012/07/30 02:13:19 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{1A89631F-5958-4CBD-A308-256703E7611D}
[2012/07/30 01:39:18 | 000,000,000 | R--D | C] -- C:\Users\Hasan\Desktop\Videos
[2012/07/29 23:31:27 | 000,000,000 | ---D | C] -- C:\Users\Hasan\Desktop\Programme
[2012/07/29 23:31:17 | 000,000,000 | ---D | C] -- C:\Users\Hasan\Desktop\Sachen
[2012/07/29 22:02:34 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Roaming\TS3Client
[2012/07/29 22:02:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
[2012/07/29 22:02:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamSpeak 3 Client
[2012/07/29 14:12:40 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{4113691A-3B75-4EDE-90DA-290FF82ADA47}
[2012/07/29 14:12:18 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{C4773A9E-32D7-4C53-BC99-57C1E190B471}
[2012/07/29 02:12:06 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{6F7D28C4-4998-4FCA-B5AB-580B76D71599}
[2012/07/29 02:11:44 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{1AB74AAC-EB01-46E0-AA5D-24F26A670F73}
[2012/07/28 14:11:22 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{8456CACF-BDE2-4C4E-A4DE-55E1F28B6B2F}
[2012/07/28 14:11:00 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{00F0E8B7-6F72-4A1C-907A-85FE1AECB568}
[2012/07/28 02:10:48 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{B1CDDB69-B683-4068-AA0E-41095B0B6DD9}
[2012/07/28 02:10:27 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{72B4D5F5-480A-4C20-9689-F4C11120BCA9}
[2012/07/28 01:40:34 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\Microsoft Games
[2012/07/26 02:08:17 | 000,000,000 | ---D | C] -- C:\Users\Hasan\Documents\Unbenannte Site 2
[2012/07/26 01:56:35 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Roaming\PDAppFlex
[2012/07/26 01:45:34 | 000,000,000 | ---D | C] -- C:\Users\Hasan\Adobe Dreamweaver CS6
[2012/07/26 01:44:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Download Assistant
[2012/07/26 01:25:53 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/07/25 21:20:38 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Roaming\FileZilla
[2012/07/25 21:20:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
[2012/07/25 21:20:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client
[2012/07/25 00:45:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
[2012/07/25 00:45:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012/07/24 23:56:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CamStudio
[2012/07/24 23:56:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CamStudio
[2012/07/24 11:31:52 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{4D8D930D-F207-4E3F-9E69-11B4E6EEC7E7}
[2012/07/24 11:31:40 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{36B0E413-3D08-43A3-A6A7-BD69E81ABE9A}
[2012/07/23 15:28:49 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{1898ADF7-F218-4D8B-AE96-1B7C4392FBD4}
[2012/07/23 15:28:28 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{0D47F3FB-B1D1-446E-B815-032FE959D3BD}
[2012/07/23 03:28:15 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{5916EFA4-C072-49B4-A3EB-3E587C054DA4}
[2012/07/23 03:27:51 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{37C8340E-A5A5-4056-A03B-153E9D315E1B}
[2012/07/22 15:27:39 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{31BFB867-5022-4FB9-BA6C-81F5D53534C4}
[2012/07/22 15:27:29 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{DD916C18-EBB4-4DB0-A7FA-008DC5583B2A}
[2012/07/21 22:50:48 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{8C10D91D-2B5B-4B38-B1C4-97301E9A8697}
[2012/07/21 22:50:38 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{8405A8A4-0F97-42CB-AB21-C8E759D636A8}
[2012/07/21 22:49:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2012/07/21 17:48:20 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{47385DC7-0AB8-4901-9E04-E3B14BAB1013}
[2012/07/21 17:47:59 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{5A0E4F8C-F4AF-45BB-9E15-3CA017798A7D}
[2012/07/20 15:51:38 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{A9FD05A7-BCF4-4201-AED4-5DB918256C71}
[2012/07/20 15:51:26 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{79322B56-BE36-4D41-B66F-06770DAAD19A}
[2012/07/20 03:19:04 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{B187B9EF-200B-4666-9672-D93CD4B5AB06}
[2012/07/20 03:18:54 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{4E1F4D8B-496F-48B0-8318-B09A586B1A00}
[2012/07/19 18:26:12 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\fontconfig
[2012/07/19 18:26:11 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\gegl-0.2
[2012/07/19 18:26:11 | 000,000,000 | ---D | C] -- C:\Users\Hasan\.gimp-2.8
[2012/07/19 18:25:29 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2
[2012/07/19 15:09:59 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{2D343FC7-5462-4F5C-A971-F7015DFED365}
[2012/07/19 15:09:36 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{B1F8A5FC-AF8A-4298-8C6B-C74AEC933273}
[2012/07/19 02:35:22 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{E4285FAF-A47F-4C5F-BDAC-A11291FA2DD3}
[2012/07/19 02:35:01 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{1AB7B756-E749-4F1C-9026-7CBB6FE024CB}
[2012/07/18 14:34:50 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{0E629838-A0AC-4DC2-90FF-38C206B177E7}
[2012/07/18 14:34:40 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{63435A9F-FDB7-4567-9D9B-F4979AB435CA}
[2012/07/18 02:15:57 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{1CA24466-3668-4247-A926-8452B1B57AD4}
[2012/07/18 02:15:36 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{1ECB46B2-34B2-479F-AF43-E4234C9D9173}
[2012/07/17 14:15:13 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{B61A7FFA-D63A-4B94-90EA-20A6E60F32A7}
[2012/07/17 02:14:40 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{1C834213-0DCA-4D5A-9639-801764BABEB6}
[2012/07/17 02:14:30 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{329BB924-8C3B-4541-8E3A-6C3F10972398}
[2012/07/16 21:27:37 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Roaming\Tinychat
[2012/07/16 21:24:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tinychat
[2012/07/16 21:24:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tinychat
[2012/07/16 21:23:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\searchresults7
[2012/07/16 14:14:07 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{1CE463C0-D0D0-4E19-BAB8-62BC9A251D25}
[2012/07/15 20:13:25 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{31B85B1D-A190-46D5-97E7-46CF5ADE1DD5}
[2012/07/15 20:13:15 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{9A975B2F-DFF3-4127-80B1-42FF96905B43}
[2012/07/13 15:01:17 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{782B7C2C-DAFC-4E3F-B9CD-5F233D49F7FA}
[2012/07/13 01:46:31 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{66660F43-5618-493E-9F43-AD1F1386E375}
[2012/07/12 12:59:48 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{05EECE62-9759-48CA-867E-E7B3D302A6AA}
[2012/07/12 12:59:37 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{3844BF78-B4C2-4467-9FB3-5FAA87656AC6}
[2012/07/12 02:26:25 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/07/12 02:26:25 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/07/12 02:26:25 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/07/12 02:26:25 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/07/12 02:26:24 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/07/12 02:26:24 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/07/12 02:26:24 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/07/12 02:26:24 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/07/12 02:26:23 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/07/12 02:26:22 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/07/12 02:26:22 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/07/12 02:26:22 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/07/12 02:26:22 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/07/11 22:48:41 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{CA84F0AE-D45F-4F56-90EA-DB90756C7788}
[2012/07/11 10:48:09 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{A22F3D48-4488-4037-BFF8-96FE929B906A}
[2012/07/11 07:31:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012/07/11 07:31:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012/07/11 07:31:15 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012/07/11 07:31:12 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/07/11 07:31:12 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012/07/11 07:31:10 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012/07/11 07:31:09 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012/07/11 03:00:41 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe
[2012/07/10 22:47:36 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{E6276D7C-555D-40A5-9762-30F26344B02F}
[2012/07/10 20:02:25 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2012/07/10 19:54:22 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012/07/10 19:53:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012/07/10 19:52:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Media Player
[2012/07/10 19:52:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2012/07/10 10:47:02 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{812E6B8C-2027-442A-A986-848C7D084781}
[2012/07/10 10:46:52 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{EF48C423-FB01-4809-9322-09319CF26E93}
[2012/07/09 23:27:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SubscribeWinManual
[2012/07/09 23:27:23 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SubscribeWin
[2012/07/09 13:21:33 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{84FE4ED8-B384-4FF1-B81D-B2EF8EF8885D}
[2012/07/09 13:21:23 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{8B572D86-6D41-4096-B021-B96EC02DD0F2}
[2012/07/09 00:07:53 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{921B9F9A-E79C-4036-A1B7-06DD03A4267B}
[2012/07/09 00:07:31 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{BAE7F533-C021-4FC6-A870-7C73BC8A702B}
[2012/07/08 01:11:08 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{D32ACB7E-8123-415F-80AD-FE042B6AD2A4}
[2012/07/08 01:10:52 | 000,000,000 | ---D | C] -- C:\Users\Hasan\AppData\Local\{9D7B3FDC-9E10-4463-B97E-9C9BB348944B}
 
========== Files - Modified Within 30 Days ==========
 
[2012/08/06 13:29:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/06 13:08:32 | 000,050,701 | ---- | M] () -- C:\Users\Hasan\Desktop\527239_458266014203741_1415742370_n.jpg
[2012/08/06 12:50:50 | 000,058,590 | ---- | M] () -- C:\Users\Hasan\Desktop\599748_458542030842806_1298556685_n.jpg
[2012/08/06 11:34:00 | 000,001,138 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3434772256-3054764370-1773770708-1002UA.job
[2012/08/06 11:26:03 | 000,032,036 | ---- | M] () -- C:\Users\Hasan\Desktop\422249_399836330063686_1661092028_n.jpg
[2012/08/06 11:19:45 | 000,000,873 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/08/06 11:16:07 | 000,027,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/06 11:16:07 | 000,027,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/06 11:15:13 | 001,617,924 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/06 11:15:13 | 000,700,348 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012/08/06 11:15:13 | 000,654,330 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/06 11:15:13 | 000,149,304 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012/08/06 11:15:13 | 000,122,162 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/06 11:08:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/06 11:08:41 | 3205,750,784 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/06 03:58:54 | 000,903,970 | ---- | M] () -- C:\Users\Hasan\Desktop\ASDAS.png
[2012/08/06 03:58:31 | 000,006,144 | -H-- | M] () -- C:\Users\Hasan\Desktop\photothumb.db
[2012/08/06 03:35:59 | 898,983,936 | ---- | M] () -- C:\Users\Hasan\Desktop\SEX.avi
[2012/08/06 03:33:41 | 001,277,080 | ---- | M] () -- C:\Users\Hasan\Desktop\CAMSEX.png
[2012/08/06 03:06:53 | 000,048,534 | ---- | M] () -- C:\Users\Hasan\Desktop\560959_405156242874566_1258274355_n.jpg
[2012/08/06 02:49:23 | 001,259,799 | ---- | M] () -- C:\Users\Hasan\Desktop\Unbenannt.png
[2012/08/05 00:59:32 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3434772256-3054764370-1773770708-1002Core.job
[2012/08/04 01:09:34 | 000,000,132 | ---- | M] () -- C:\Users\Hasan\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/08/02 23:29:18 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/08/02 23:29:18 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/08/02 01:30:40 | 000,004,096 | ---- | M] () -- C:\graph.grf
[2012/08/02 01:15:37 | 000,000,319 | ---- | M] () -- C:\user.js
[2012/07/25 00:42:28 | 000,004,634 | ---- | M] () -- C:\Users\Hasan\AppData\Local\recently-used.xbel
[2012/07/12 12:43:45 | 004,970,672 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/10 23:23:13 | 000,138,460 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat
 
========== Files Created - No Company Name ==========
 
[2012/08/06 13:31:38 | 220,780,554 | ---- | C] () -- C:\Users\Hasan\Desktop\Deutsches 18j junges Teen im Urlaub gefickt.avi
[2012/08/06 13:08:36 | 000,050,701 | ---- | C] () -- C:\Users\Hasan\Desktop\527239_458266014203741_1415742370_n.jpg
[2012/08/06 12:50:53 | 000,058,590 | ---- | C] () -- C:\Users\Hasan\Desktop\599748_458542030842806_1298556685_n.jpg
[2012/08/06 11:26:07 | 000,032,036 | ---- | C] () -- C:\Users\Hasan\Desktop\422249_399836330063686_1661092028_n.jpg
[2012/08/06 11:19:45 | 000,000,873 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/08/06 03:58:31 | 000,006,144 | -H-- | C] () -- C:\Users\Hasan\Desktop\photothumb.db
[2012/08/06 03:58:23 | 000,903,970 | ---- | C] () -- C:\Users\Hasan\Desktop\ASDAS.png
[2012/08/06 03:36:03 | 898,983,936 | ---- | C] () -- C:\Users\Hasan\Desktop\SEX.avi
[2012/08/06 03:33:41 | 001,277,080 | ---- | C] () -- C:\Users\Hasan\Desktop\CAMSEX.png
[2012/08/06 03:06:57 | 000,048,534 | ---- | C] () -- C:\Users\Hasan\Desktop\560959_405156242874566_1258274355_n.jpg
[2012/08/06 02:49:23 | 001,259,799 | ---- | C] () -- C:\Users\Hasan\Desktop\Unbenannt.png
[2012/08/06 00:06:26 | 000,084,424 | ---- | C] () -- C:\Windows\SysNative\drivers\c0a601981b06d85c.sys
[2012/08/02 01:21:25 | 000,004,096 | ---- | C] () -- C:\graph.grf
[2012/08/02 01:15:37 | 000,000,319 | ---- | C] () -- C:\user.js
[2012/07/27 02:42:03 | 000,000,132 | ---- | C] () -- C:\Users\Hasan\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/07/26 01:55:55 | 000,001,237 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Dreamweaver CS6.lnk
[2012/07/26 01:55:07 | 000,001,359 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk
[2012/07/26 01:55:06 | 000,001,525 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk
[2012/07/26 01:54:47 | 000,001,099 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Widget Browser.lnk
[2012/07/26 01:25:52 | 000,001,045 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk
[2012/07/25 00:42:28 | 000,004,634 | ---- | C] () -- C:\Users\Hasan\AppData\Local\recently-used.xbel
[2012/07/21 22:49:57 | 000,002,488 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2012/07/19 18:26:04 | 000,001,120 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
[2012/07/10 23:23:13 | 000,138,460 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/07/10 19:54:27 | 000,001,234 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5 (64 Bit).lnk
[2012/07/10 19:53:25 | 000,001,175 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.lnk
[2012/07/10 19:53:13 | 000,001,268 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.lnk
[2012/07/10 19:52:22 | 000,001,359 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.lnk
[2012/07/10 19:52:17 | 000,001,525 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.lnk
[2012/07/10 19:51:55 | 000,000,999 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2012/06/28 21:06:50 | 000,000,004 | ---- | C] () -- C:\Windows\info147.sys
[2012/06/24 22:49:35 | 000,003,584 | ---- | C] () -- C:\Users\Hasan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/20 17:08:20 | 000,000,184 | ---- | C] () -- C:\Windows\AutoKMS.ini
[2012/05/24 16:38:56 | 000,000,600 | ---- | C] () -- C:\Users\Hasan\AppData\Roaming\winscp.rnd
[2012/01/08 07:17:07 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/01/08 07:12:57 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/06/21 10:07:00 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
[2011/06/08 08:03:12 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/02/11 22:29:00 | 001,598,486 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

< End of report >
         


Alt 06.08.2012, 13:53   #6
Chris4You
 
Start Windows 7 white Screen dann leerer Desktop abgesichterer Modus geht normal - Standard

Start Windows 7 white Screen dann leerer Desktop abgesichterer Modus geht normal



Hi,

durch den Doppelklick auf die Datei syshost.exe, hast Du Dir gleich den nächsten eingefangen...

Fix für OTL:
  • Doppelklick auf die OTL.exe, um das Programm auszuführen.
  • Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.
  • Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"

Code:
ATTFilter
:OTL
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB9ED.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB96E.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMBB5D.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMBB1C.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMBACC.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMBA4D.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\YTMP7MC8AA\TAABD0E.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB8EF.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB832.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB7B3.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB754.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB713.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB6D3.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB6A2.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB652.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB621.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB5E1.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB5A0.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB560.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB52F.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB4EF.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB49F.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB45E.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB40E.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB3CE.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB37D.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB32D.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB24B.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB1CA.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB27B.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB2ED.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB2AC.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB20A.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB16A.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB057.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMAF88.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB0A7.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMAFF7.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMAF17.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMAEE6.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMAEB5.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMAE54.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMAE23.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMADF2.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMADC1.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB109.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMAE85.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMAF48.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMAD41.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMAD71.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB139.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMB0D8.tmp ()
MOD - C:\Users\Hasan\AppData\Local\Temp\XTMP1MC3VE\DEMAC83.tmp ()
[2012/08/06 00:06:26 | 000,084,424 | ---- | C] () -- C:\Windows\SysNative\drivers\c0a601981b06d85c.sys


:Commands
[emptytemp]
[Reboot]
         
  • Den roten Run Fixes! Button anklicken.
  • Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.
  • Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:
  • %systemroot%\_OTL

AdwareCleaner (AdwCleaner)
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!
Poste die Logfiles in Code-Tags
Download über AdwCleaner by Xplode zum Desktop.

Starte AdwCleaner und klicke Search
Nach einiger zeit öffnet ein Logfile (C:\AdwCleaner[xx].txt) poste dessen Inhalt hier ins Forum.

MAM updaten und Fullscan, Log posten...

chris
__________________
--> Start Windows 7 white Screen dann leerer Desktop abgesichterer Modus geht normal

Alt 06.08.2012, 14:50   #7
itszhsn
 
Start Windows 7 white Screen dann leerer Desktop abgesichterer Modus geht normal - Standard

Start Windows 7 white Screen dann leerer Desktop abgesichterer Modus geht normal



hej

ok habs gemacht neugestartet und ja

adware Ergebniss :

Code:
ATTFilter
# AdwCleaner v1.800 - Logfile created 08/06/2012 at 15:02:05
# Updated 01/08/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Hasan - HASAN-HP
# Running from : C:\Users\Hasan\Downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\Hasan\AppData\Local\APN
Folder Found : C:\Users\Hasan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Folder Found : C:\Users\Hasan\AppData\Local\vghd
Folder Found : C:\Users\Hasan\AppData\LocalLow\AskToolbar
Folder Found : C:\Users\Hasan\AppData\Roaming\Babylon
Folder Found : C:\Users\Hasan\AppData\Roaming\BabylonToolbar
Folder Found : C:\Users\Hasan\AppData\Roaming\Mozilla\Firefox\Profiles\b0ehi8gq.default\extensions\toolbar@ask.com
Folder Found : C:\ProgramData\Ask
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\Program Files (x86)\Ask.com
Folder Found : C:\Program Files (x86)\BabylonToolbar
Folder Found : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\ask.xml
File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml

***** [Registry] *****

Key Found : HKCU\Software\APN
Key Found : HKCU\Software\APN DTX
Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
Key Found : HKCU\Software\Ask.com
Key Found : HKCU\Software\BabylonToolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\APN
Key Found : HKLM\SOFTWARE\AskToolbar
Key Found : HKLM\SOFTWARE\Babylon
Key Found : HKLM\SOFTWARE\BabylonToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\b
Key Found : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Key Found : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Key Found : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Key Found : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Found : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Key Found : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{83AA2913-C123-4146-85BD-AD8F93971D39}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
[x64] Key Found : HKCU\Software\APN
[x64] Key Found : HKCU\Software\APN DTX
[x64] Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
[x64] Key Found : HKCU\Software\Ask.com
[x64] Key Found : HKCU\Software\BabylonToolbar
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
[x64] Key Found : HKCU\Software\Softonic
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\b
[x64] Key Found : HKLM\SOFTWARE\Classes\Babylon.dskBnd
[x64] Key Found : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
[x64] Key Found : HKLM\SOFTWARE\Classes\bbylnApp.appCore
[x64] Key Found : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
[x64] Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane
[x64] Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
[x64] Key Found : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
[x64] Key Found : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
[x64] Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
[x64] Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
[x64] Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
[x64] Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
[x64] Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar
[x64] Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Key Found : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
[x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
[x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
[x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD}
[x64] Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?affID=112542&tt=010812_hplgoff_3112_1&babsrc=HP_ss&mntrId=96ad0afd000000000000386077b87e7b

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default 
File : C:\Users\Hasan\AppData\Roaming\Mozilla\Firefox\Profiles\b0ehi8gq.default\prefs.js

Found : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=112542&tt=010812_hplgoff_3112_1&ba[...]
Found : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Found : user_pref("browser.search.order.1", "Search the web (Babylon)");
Found : user_pref("browser.search.selectedEngine", "Search the web (Babylon)");
Found : user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?affID=112542&tt=010812_hplgoff_311[...]
Found : user_pref("extensions.BabylonToolbar.admin", false);
Found : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Found : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Found : user_pref("extensions.BabylonToolbar.excTlbr", false);
Found : user_pref("extensions.BabylonToolbar.id", "96ad0afd000000000000386077b87e7b");
Found : user_pref("extensions.BabylonToolbar.instlDay", "15553");
Found : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Found : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Found : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Found : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Found : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://www.google.com/search?babsrc=TB_ggl&q=");
Found : user_pref("extensions.BabylonToolbar.vrsn", "1.5.29.1");
Found : user_pref("extensions.BabylonToolbar.vrsni", "1.5.29.1");
Found : user_pref("extensions.BabylonToolbar_i.babExt", "");
Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=112542&tt=010812_hplgoff_3112_1");
Found : user_pref("extensions.BabylonToolbar_i.newTab", true);
Found : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=112542&tt=01081[...]
Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.29.11:15:34");
Found : user_pref("keyword.URL", "hxxp://search.babylon.com/?affID=112542&tt=010812_hplgoff_3112_1&babsrc=KW[...]

-\\ Google Chrome v18.0.1025.168

File : C:\Users\Hasan\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found :                "scriptable_host": [ "*://*.ask.com/", "*://*.bagsbuy.com/*", "*://*.childrenschorus.[...]
Found :                   "matches": [ "*://*.google.com/*", "*://*.ask.com/", "*://*.bagsbuy.com/*", "*://*[...]
Found :                "update_url": "hxxp://apnmedia.ask.com/media/toolbar/supertoolbar/chrome/manifest.php[...]
Found :                   "default_icon": "browser_icon_babylon48.png",
Found :                   "default_title": "Babylon Toolbar"
Found :                "description": "Babylon ToolBar",
Found :                   "128": "babylon48.png",
Found :                   "48": "babylon48.png"
Found :                "name": "Babylon Toolbar",
Found :                   "path": "BabylonChromeToolBar.dll",
Found :                "update_url": "hxxp://img.babylon.com/ext/chrome/update/update1.xml",
Found :    "homepage": "hxxp://search.babylon.com/?affID=112542&tt=010812_hplgoff_3112_1&babsrc=HP_ss&mntrId[...]

*************************

AdwCleaner[R1].txt - [16676 octets] - [06/08/2012 15:02:05]

########## EOF - C:\AdwCleaner[R1].txt - [16805 octets] ##########
         

Malware :

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.06.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Hasan :: HASAN-HP [Administrator]

Schutz: Aktiviert

06.08.2012 15:04:53
mbam-log-2012-08-06 (15-04-53).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 368260
Laufzeit: 38 Minute(n), 32 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

Alt 06.08.2012, 15:59   #8
Chris4You
 
Start Windows 7 white Screen dann leerer Desktop abgesichterer Modus geht normal - Standard

Start Windows 7 white Screen dann leerer Desktop abgesichterer Modus geht normal



Hi,

AdwareCleaner
Schliesse alle offenstehende Fenster und starte AdwCleaner (Win7/Vista: Als Administrator ausführen)
  • Klicke Delete
  • Klicke bei:AdwCleaner-Information OK
  • Klicke bei:AdwCleaner-Restart Required OK
Alle Icons werden kurzzeitig verschwinden...
Dein Rechner wird neu gestartet und es öffnet sich ein Logfile (C:\AdwCleaner[xx].txt), poste dessen Inhalt hier ins Forum.

MAM hat nichts erkannt, da bin ich mal gespannt...

Das Verzeichnis C:\_OTL\MovedFiles packen und wie folgt hier hochladen:
Datei hochladen:
http://www.trojaner-board.de/54791-a...ner-board.html
Folge den Anweisungen dort...

Wie verhält sich der Rechner?

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 06.08.2012, 16:28   #9
itszhsn
 
Start Windows 7 white Screen dann leerer Desktop abgesichterer Modus geht normal - Standard

Start Windows 7 white Screen dann leerer Desktop abgesichterer Modus geht normal



Hallo

Ok habs abgeschickt ahm der Rechner ist eigentlich ganz Normal also ich merke nichts nur etwas merke ich rechts unten aufm Desktop steht " Testmodus Windows 7 build 7601 " sonst eigentlich garnichts .

Code:
ATTFilter
# AdwCleaner v1.800 - Logfile created 08/06/2012 at 17:21:33
# Updated 01/08/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Hasan - HASAN-HP
# Running from : C:\Users\Hasan\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Hasan\AppData\Local\APN
Folder Deleted : C:\Users\Hasan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Folder Deleted : C:\Users\Hasan\AppData\Local\vghd
Folder Deleted : C:\Users\Hasan\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Hasan\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Hasan\AppData\Roaming\BabylonToolbar
Folder Deleted : C:\Users\Hasan\AppData\Roaming\Mozilla\Firefox\Profiles\b0ehi8gq.default\extensions\toolbar@ask.com
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\Program Files (x86)\Ask.com
Folder Deleted : C:\Program Files (x86)\BabylonToolbar
Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\ask.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml

***** [Registry] *****

Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\APN DTX
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\Ask.com.tmp
Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\APN
Key Deleted : HKLM\SOFTWARE\AskToolbar
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\BabylonToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\b
Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{83AA2913-C123-4146-85BD-AD8F93971D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
[x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
[x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?affID=112542&tt=010812_hplgoff_3112_1&babsrc=HP_ss&mntrId=96ad0afd000000000000386077b87e7b --> hxxp://www.google.com

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default 
File : C:\Users\Hasan\AppData\Roaming\Mozilla\Firefox\Profiles\b0ehi8gq.default\prefs.js

C:\Users\Hasan\AppData\Roaming\Mozilla\Firefox\Profiles\b0ehi8gq.default\user.js ... Deleted !

Deleted : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=112542&tt=010812_hplgoff_3112_1&ba[...]
Deleted : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");
Deleted : user_pref("browser.search.selectedEngine", "Search the web (Babylon)");
Deleted : user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?affID=112542&tt=010812_hplgoff_311[...]
Deleted : user_pref("extensions.BabylonToolbar.admin", false);
Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);
Deleted : user_pref("extensions.BabylonToolbar.id", "96ad0afd000000000000386077b87e7b");
Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15553");
Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Deleted : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://www.google.com/search?babsrc=TB_ggl&q=");
Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.5.29.1");
Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.5.29.1");
Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=112542&tt=010812_hplgoff_3112_1");
Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=112542&tt=01081[...]
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.29.11:15:34");
Deleted : user_pref("keyword.URL", "hxxp://search.babylon.com/?affID=112542&tt=010812_hplgoff_3112_1&babsrc=KW[...]

-\\ Google Chrome v18.0.1025.168

File : C:\Users\Hasan\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted :                "scriptable_host": [ "*://*.ask.com/", "*://*.bagsbuy.com/*", "*://*.childrenschorus.[...]
Deleted :                   "matches": [ "*://*.google.com/*", "*://*.ask.com/", "*://*.bagsbuy.com/*", "*://*[...]
Deleted :                "update_url": "hxxp://apnmedia.ask.com/media/toolbar/supertoolbar/chrome/manifest.php[...]
Deleted :                   "default_icon": "browser_icon_babylon48.png",
Deleted :                   "default_title": "Babylon Toolbar"
Deleted :                "description": "Babylon ToolBar",
Deleted :                   "128": "babylon48.png",
Deleted :                   "48": "babylon48.png"
Deleted :                "name": "Babylon Toolbar",
Deleted :                   "path": "BabylonChromeToolBar.dll",
Deleted :                "update_url": "hxxp://img.babylon.com/ext/chrome/update/update1.xml",
Deleted :    "homepage": "hxxp://search.babylon.com/?affID=112542&tt=010812_hplgoff_3112_1&babsrc=HP_ss&mntrId[...]

*************************

AdwCleaner[R1].txt - [16681 octets] - [06/08/2012 15:02:05]
AdwCleaner[S1].txt - [13662 octets] - [06/08/2012 17:21:33]

########## EOF - C:\AdwCleaner[S1].txt - [13791 octets] ##########
         

Alt 08.08.2012, 06:42   #10
Chris4You
 
Start Windows 7 white Screen dann leerer Desktop abgesichterer Modus geht normal - Standard

Start Windows 7 white Screen dann leerer Desktop abgesichterer Modus geht normal



Hi,

das liegt an unsignierten Treibern die Installiert wurden...

Eine Möglichkeit wäre in einer mit Adminrechten ausgestatteten CommandShell
(testhalber) folgendes einzugeben:
Code:
ATTFilter
1) Bcdedit.exe -set Loadoptions ENABLE_INTEGRITY_CHECKS
2) Bcdedit.exe -set TESTSIGNING OFF
         

OSAM
Prüft Programme/Treiber die gestartet werden online.
Folge den Anweisungen hier http://www.trojaner-board.de/84180-a...n-manager.html zur Erstellung eines Logs und poste das hier in Deinem Thread.

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Antwort

Themen zu Start Windows 7 white Screen dann leerer Desktop abgesichterer Modus geht normal
babylon toolbar, babylontoolbar, bho, bonjour, desktop, document, entfernen, error, excel, fehler, firefox, flash player, format, ftp, google, helper, index, install.exe, jdownloader, limited.com/facebook, logfile, plug-in, problem, realtek, recuva, registry, rundll, search results toolbar, search the web, security, server, sich automatisch, software, start windows 7, syshost.exe, syshost32, teamspeak, udp, white, wildtangent games, windows



Ähnliche Themen: Start Windows 7 white Screen dann leerer Desktop abgesichterer Modus geht normal


  1. Windows/Desktop läd ganz normal, bleibt dann doch hängen
    Plagegeister aller Art und deren Bekämpfung - 03.03.2015 (33)
  2. Windows: White Screen nach hochfahren des Computers
    Plagegeister aller Art und deren Bekämpfung - 24.03.2014 (22)
  3. Windows 8 : abgesicherter Modus geht nicht, Desktop gesperrt
    Log-Analyse und Auswertung - 30.11.2013 (1)
  4. White Screen Virus eingefangen (Windows 7)
    Plagegeister aller Art und deren Bekämpfung - 15.11.2013 (4)
  5. win XP - BKA Trojaner/Virus seit heute - White Screen + Abgesicherter Modus geblockt
    Log-Analyse und Auswertung - 03.11.2013 (13)
  6. Windows 7: BKA? Grauer Screen beim Start, abgesicherter Modus nicht möglich.
    Log-Analyse und Auswertung - 01.11.2013 (9)
  7. WIN7 (64): White screen im Normalmodus - Automatischer Reboot im abgesicherten Modus
    Log-Analyse und Auswertung - 15.08.2013 (11)
  8. trojan.agent.ad auf Laptop gefunden, white-screen nach Start von WinXP
    Log-Analyse und Auswertung - 05.07.2013 (6)
  9. White Screen beim Starten von Windows 7
    Plagegeister aller Art und deren Bekämpfung - 13.05.2013 (68)
  10. White Screen beim Starten von Windows 7
    Plagegeister aller Art und deren Bekämpfung - 11.05.2013 (11)
  11. Trojaner, Win 7, 64 Bit, White Screen, stürzt im abgesicherten immer Modus ab - Ausweg ?
    Plagegeister aller Art und deren Bekämpfung - 22.03.2013 (13)
  12. white screen abgesicherter modus
    Plagegeister aller Art und deren Bekämpfung - 14.03.2013 (16)
  13. White Screen im abgesicherten Modus
    Plagegeister aller Art und deren Bekämpfung - 25.11.2012 (6)
  14. White Screen nach Computerstart Windows Vista
    Plagegeister aller Art und deren Bekämpfung - 21.10.2012 (24)
  15. White Screen trotz abgesicherter Modus
    Plagegeister aller Art und deren Bekämpfung - 06.09.2012 (1)
  16. Windows blockiert ( white-screen )
    Plagegeister aller Art und deren Bekämpfung - 08.08.2012 (5)
  17. Windows Desktop blockiert - white screen - "Please wait while the connection is beeing established"
    Plagegeister aller Art und deren Bekämpfung - 27.04.2012 (21)

Zum Thema Start Windows 7 white Screen dann leerer Desktop abgesichterer Modus geht normal - Hallo ich bin neu hier und hab halt ein Problem und wollte hier um Hilfe bitten, Ich hab Windows 7 und als ich gestern im Netz war kam ein White - Start Windows 7 white Screen dann leerer Desktop abgesichterer Modus geht normal...
Archiv
Du betrachtest: Start Windows 7 white Screen dann leerer Desktop abgesichterer Modus geht normal auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.