Umleitung auf falsche Seiten bei Google-Suchergebnissen

schrauber · 24.11.2012, 17:28

Hi,

Firefox komplett deinstallieren, nichts behalten, keine Daten/Profile oder so.

Panda Security komplett deinstallieren, Du hast Antivir.

Combofix-Skript

WARNUNG für die MITLESER:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von folgenden Download-Spiegel neu herunter: Link

Speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!

Drücke die Windows + R Taste --> notepad (hinein schreiben) --> OK
Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.
Code:
ATTFilter
Registry::
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"panda2_0dn"=-
"panda2_0dn_XP"=-
Firefox::
FF - ProfilePath - c:\users\t.dung\AppData\Roaming\Mozilla\Firefox\Profiles\ls5c6otl.default\
FF - ExtSQL: !HIDDEN! 2009-08-27 09:20; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
         
Speichere dies als CFScript.txt auf deinem Desktop.

Wichtig: Stelle deine Anti Viren Software temporär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
Danach wieder anstellen nicht vergessen!

Schließe alle laufenden Programme damit ComboFix ungehindert arbeiten kann.

Ziehe CFScript.txt in die ComboFix.exe wie in diesem Bild:

Mache nichts am Computer, bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein. Dies kann dazu führen, dass ComboFix sich aufhängt.

Wenn ComboFix fertig ist wird es ein Log erstellen: C:\ComboFix.txt
Bitte füge es hier als Antwort (in CODE-Tags mit dem #-Button des Editors) ein.
Hinweis:
Suspect:: und Collect::
Falls im Skript diese Anweisungen enthalten sind, sollen Dateien zur Analyse eingeschickt werden. Es erscheint eine Message-Box, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen. Teile mir unbedingt mit, ob der Upload geklappt hat!

Fixen mit OTL

Starte bitte die OTL.exe.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

ATTFilter

:OTL
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2604146
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=BT5&o=15443&src=crm&q={searchTerms}&locale=de_DE
IE - HKCU\..\SearchScopes\{8B63A8D6-BBED-4341-8867-790E5F524C96}: "URL" = hxxp://mystart.hiyo.com/?search={searchTerms}&loc=ie_search
IE - HKCU\..\SearchScopes\{9B6103C1-F818-48a8-9683-314055BE6075}: "URL" = hxxp://mystart.hiyo.com/?search={searchTerms}&loc=ie_search
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2604146
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "HotSpot International Customized Web Search"
FF - prefs.js..browser.search.selectedEngine: "Panda Safe Search"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties"
[2010.07.11 15:25:35 | 000,002,135 | -H-- | M] () -- C:\Users\t.dung\AppData\Roaming\mozilla\firefox\profiles\ls5c6otl.default\searchplugins\MyStart Search.xml
[2009.10.11 18:53:49 | 000,003,915 | -H-- | M] () -- C:\Users\t.dung\AppData\Roaming\mozilla\firefox\profiles\ls5c6otl.default\searchplugins\sweetim.xml
[2012.09.05 19:59:27 | 000,000,176 | ---- | C] () -- C:\ProgramData\-7ADZ5g9QZthTedr
[2012.09.05 19:59:26 | 000,000,160 | ---- | C] () -- C:\ProgramData\-7ADZ5g9QZthTed
[2012.09.05 19:59:24 | 000,000,368 | ---- | C] () -- C:\ProgramData\7ADZ5g9QZthTed
:Commands
[emptytemp]

Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
Schließe bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Falls vorhanden, AdwCleaner löschen.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Jetzt rebooten und ein frisches OTL log bitte. Noch Umleitungen in allen Browsern?

Pheles · 25.11.2012, 11:10

Morgen

Die Umleitungen sind immer noch nicht weg .... T T

Hier die Logs:

Combofix:

Code:

ATTFilter

ComboFix 12-11-24.02 - t.dung 25.11.2012   2:47.4.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3066.1418 [GMT 1:00]
ausgeführt von:: c:\users\t.dung\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\t.dung\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\etc\hosts.ics
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-10-25 bis 2012-11-25  ))))))))))))))))))))))))))))))
.
.
2012-11-25 02:35 . 2012-11-25 02:37	--------	d-----w-	c:\users\t.dung\AppData\Local\temp
2012-11-25 02:35 . 2012-11-25 02:35	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-11-24 23:08 . 2012-11-24 23:08	--------	d-----w-	c:\users\t.dung\AppData\Roaming\Avira
2012-11-24 23:04 . 2012-11-24 23:04	--------	d-----w-	c:\program files\Avira
2012-11-23 17:48 . 2012-11-08 18:00	6812136	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{19E0A280-E2D3-4A3B-921C-DBC991BB81C3}\mpengine.dll
2012-11-23 16:10 . 2012-11-23 16:09	93672	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2012-11-22 05:54 . 2012-11-22 05:54	--------	d-----w-	c:\program files\ESET
2012-11-21 12:53 . 2012-11-21 12:53	--------	d-----w-	c:\program files\LogMeIn Hamachi
2012-11-16 17:03 . 2012-09-25 16:19	75776	----a-w-	c:\windows\system32\synceng.dll
2012-11-16 17:02 . 2012-10-12 14:29	2047488	----a-w-	c:\windows\system32\win32k.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-23 16:09 . 2012-09-07 13:24	821736	----a-w-	c:\windows\system32\npdeployJava1.dll
2012-11-23 16:09 . 2010-05-12 16:54	746984	----a-w-	c:\windows\system32\deployJava1.dll
2012-11-20 18:37 . 2012-09-05 19:40	6400	----a-w-	c:\programdata\NanoRepository.bin
2012-11-07 15:03 . 2012-02-14 20:49	36552	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2012-11-07 15:03 . 2012-02-14 20:49	133824	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-11-07 15:03 . 2012-02-14 20:49	83432	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-10-09 18:25 . 2012-04-12 09:00	696760	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-10-09 18:25 . 2011-06-20 18:49	73656	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-09 18:25 . 2012-09-21 15:25	10220472	----a-w-	c:\windows\system32\FlashPlayerInstaller.exe
2012-09-29 09:32 . 2009-06-13 13:45	499712	----a-w-	c:\windows\system32\msvcp71.dll
2012-09-13 13:28 . 2012-10-10 08:38	2048	----a-w-	c:\windows\system32\tzres.dll
2012-08-29 11:27 . 2012-10-10 08:38	3602816	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-08-29 11:27 . 2012-10-10 08:38	3550080	----a-w-	c:\windows\system32\ntoskrnl.exe
2007-01-25 01:52 . 2007-01-25 01:52	65536	----a-w-	c:\program files\Common Files\NMSAccessU.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="c:\program files\Packard Bell\SetupMyPC\SmpSys.exe" [2009-03-18 1160736]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-24 68856]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2011-10-26 2816328]
"Akamai NetSession Interface"="c:\users\t.dung\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe" [2008-11-06 474168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-10 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-10 92704]
"VideoWebCamera"="c:\program files\VideoWebCamera\VideoWebCamera.exe" [2009-04-02 1552497]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-02-19 866824]
"BackupManagerTray"="c:\program files\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" [2009-03-09 250624]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-10-17 91432]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"Acer ePower Management"="c:\program files\Packard Bell\Packard Bell PowerSave Solution\ePowerTrayLauncher.exe" [2009-04-15 440864]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2012-09-29 296096]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-11-19 2254768]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-11-06 384800]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Pando Media Booster"=c:\program files\Pando Networks\Media Booster\PMB.exe
"BitTorrent DNA"="c:\users\t.dung\Program Files\DNA\btdna.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
Akamai	REG_MULTI_SZ   	Akamai
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
2012-11-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 18:25]
.
2012-11-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 20:04]
.
2012-11-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 20:04]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0609&m=easynote_tj66
uInternet Settings,ProxyOverride = <local>
IE: Free YouTube Download - c:\users\t.dung\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-11-25 03:36
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_ce5ba24.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2012-11-25  03:52:24
ComboFix-quarantined-files.txt  2012-11-25 02:52
ComboFix2.txt  2012-11-23 17:42
ComboFix3.txt  2012-11-21 14:27
.
Vor Suchlauf: 26 Verzeichnis(se), 131.359.502.336 Bytes frei
Nach Suchlauf: 27 Verzeichnis(se), 131.532.443.648 Bytes frei
.
- - End Of File - - 078413B0DC74A9A18776CEA50B3F8080

OTL Fix Log 11252012_102549:

Code:

ATTFilter

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8B63A8D6-BBED-4341-8867-790E5F524C96}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8B63A8D6-BBED-4341-8867-790E5F524C96}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9B6103C1-F818-48a8-9683-314055BE6075}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9B6103C1-F818-48a8-9683-314055BE6075}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
File C:\Users\t.dung\AppData\Roaming\mozilla\firefox\profiles\ls5c6otl.default\searchplugins\MyStart Search.xml not found.
File C:\Users\t.dung\AppData\Roaming\mozilla\firefox\profiles\ls5c6otl.default\searchplugins\sweetim.xml not found.
C:\ProgramData\-7ADZ5g9QZthTedr moved successfully.
C:\ProgramData\-7ADZ5g9QZthTed moved successfully.
C:\ProgramData\7ADZ5g9QZthTed moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: t.dung
->Temp folder emptied: 2178270 bytes
->Temporary Internet Files folder emptied: 7914725 bytes
->Java cache emptied: 33205014 bytes
->Apple Safari cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 70706 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 41,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 11252012_102549

Files\Folders moved on Reboot...
File\Folder C:\Users\t.dung\AppData\Local\Temp\fla21E6.tmp not found!
File\Folder C:\Users\t.dung\AppData\Local\Temp\fla486C.tmp not found!
File\Folder C:\Users\t.dung\AppData\Local\Temp\fla76F9.tmp not found!
File\Folder C:\Users\t.dung\AppData\Local\Temp\fla81B5.tmp not found!
File\Folder C:\Users\t.dung\AppData\Local\Temp\fla8971.tmp not found!
File\Folder C:\Users\t.dung\AppData\Local\Temp\flaD1D3.tmp not found!
File\Folder C:\Users\t.dung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content(2955).IE5\KOE04USQ\14014173.271444916;ac.1346872510-2817964;wi.300;hi.250;cp.0.022633;01;ai.114014173.271444916;ct.1_01_href=http___tracking.metalyzer.com_cunda_shop_forwarding[1].htm not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

AdwCleaner:

Code:

ATTFilter

# AdwCleaner v2.009 - Datei am 25/11/2012 um 10:33:46 erstellt
# Aktualisiert am 24/11/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : t.dung - TDUNG-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\t.dung\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\user.js
Datei Gelöscht : C:\Users\Public\Desktop\eBay.lnk
Ordner Gelöscht : C:\Program Files\ICQ6Toolbar
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\Users\t.dung\AppData\Local\Ilivid Player
Ordner Gelöscht : C:\Users\t.dung\AppData\Local\OpenCandy
Ordner Gelöscht : C:\Users\t.dung\AppData\LocalLow\boost_interprocess

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Headlight
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2604146
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\ImInstaller

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com

-\\ Opera v [Version kann nicht ermittelt werden]

Datei : C:\Users\t.dung\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [1649 octets] - [25/11/2012 10:33:46]

########## EOF - C:\AdwCleaner[S1].txt - [1709 octets] ##########

OTL:

Code:

ATTFilter

OTL logfile created on: 25.11.2012 10:51:31 - Run 6
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\t.dung\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,52 Gb Available Physical Memory | 50,87% Memory free
6,19 Gb Paging File | 4,54 Gb Available in Paging File | 73,31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288,32 Gb Total Space | 122,43 Gb Free Space | 42,46% Space Free | Partition Type: NTFS
 
Computer Name: TDUNG-PC | User Name: t.dung | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\t.dung\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
PRC - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Users\t.dung\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe (Giraffic)
PRC - C:\Program Files\Giraffic\Veoh_Giraffic.exe (Giraffic)
PRC - C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerTray.exe (Acer Incorporated)
PRC - C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerSvc.exe (Acer Incorporated)
PRC - C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerEvent.exe (Acer Incorporated)
PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Packard Bell\SetupMyPC\SmpSys.exe (Acer Incorporated)
PRC - C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe (Conexant Systems, Inc.)
PRC - C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
PRC - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
PRC - C:\Program Files\Common Files\NMSAccessU.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files\Veoh Networks\VeohWebPlayer\QtNetwork4.dll ()
MOD - C:\Program Files\Veoh Networks\VeohWebPlayer\QtWebKit4.dll ()
MOD - C:\Program Files\Veoh Networks\VeohWebPlayer\QtScript4.dll ()
MOD - C:\Program Files\Veoh Networks\VeohWebPlayer\phonon4.dll ()
MOD - C:\Program Files\Veoh Networks\VeohWebPlayer\QtGui4.dll ()
MOD - C:\Program Files\Veoh Networks\VeohWebPlayer\QtCore4.dll ()
MOD - C:\Program Files\WinRAR\rarext.dll ()
MOD - C:\Program Files\Veoh Networks\VeohWebPlayer\imageformats\qjpeg4.dll ()
MOD - C:\Program Files\Veoh Networks\VeohWebPlayer\imageformats\qgif4.dll ()
MOD - C:\Program Files\VideoWebCamera\Utility.dll ()
MOD - C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\sqlite3.dll ()
MOD - C:\Program Files\Launch Manager\PowerUtl.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (Hamachi2Svc) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_ce5ba24.dll ()
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Giraffic) -- C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe (Giraffic)
SRV - (TuneUp.Defrag) -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (TeamViewer5) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (ePowerSvc) -- C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerSvc.exe (Acer Incorporated)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (NTI IScheduleSvc) -- C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (AdobeActiveFileMonitor6.0) -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
SRV - (NMSAccessU) -- C:\Program Files\Common Files\NMSAccessU.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (XDva380) -- C:\Windows\system32\XDva380.sys File not found
DRV - (XDva375) -- C:\Windows\system32\XDva375.sys File not found
DRV - (XDva370) -- C:\Windows\system32\XDva370.sys File not found
DRV - (XDva358) -- C:\Windows\system32\XDva358.sys File not found
DRV - (XDva354) -- C:\Windows\system32\XDva354.sys File not found
DRV - (XDva352) -- C:\Windows\system32\XDva352.sys File not found
DRV - (XDva351) -- C:\Windows\system32\XDva351.sys File not found
DRV - (XDva349) -- C:\Windows\system32\XDva349.sys File not found
DRV - (XDva347) -- C:\Windows\system32\XDva347.sys File not found
DRV - (XDva346) -- C:\Windows\system32\XDva346.sys File not found
DRV - (XDva343) -- C:\Windows\system32\XDva343.sys File not found
DRV - (XDva341) -- C:\Windows\system32\XDva341.sys File not found
DRV - (XDva337) -- C:\Windows\system32\XDva337.sys File not found
DRV - (XDva332) -- C:\Windows\system32\XDva332.sys File not found
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (NLNdisPT) -- system32\DRIVERS\nlndis.sys File not found
DRV - (NLNdisMP) -- system32\DRIVERS\nlndis.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (EagleXNt) -- C:\Windows\system32\drivers\EagleXNt.sys File not found
DRV - (EagleNT) -- C:\Windows\system32\drivers\EagleNT.sys File not found
DRV - (catchme) -- C:\Users\TDADB~1.DUN\AppData\Local\Temp\catchme.sys File not found
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (ANDModem) -- C:\Windows\System32\drivers\lgandmodem.sys (LG Electronics Inc.)
DRV - (AndDiag) -- C:\Windows\System32\drivers\lganddiag.sys (LG Electronics Inc.)
DRV - (AndGps) -- C:\Windows\System32\drivers\lgandgps.sys (LG Electronics Inc.)
DRV - (Andbus) -- C:\Windows\System32\drivers\lgandbus.sys (LG Electronics Inc.)
DRV - (androidusb) -- C:\Windows\System32\drivers\lgandadb.sys (Google Inc)
DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (NETw5v32) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (k57nd60x) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0609&m=easynote_tj66
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {860F2751-420C-4F95-8B0B-07D986B0125A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes\{539C11B5-7A97-4A07-8468-073E6EAAFFB9}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW
IE - HKCU\..\SearchScopes\{860F2751-420C-4F95-8B0B-07D986B0125A}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACPW_deDE342DE342
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\t.dung\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.09.29 10:32:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.04.08 14:41:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.09.29 10:32:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\t.dung\Program Files\DNA [2012.09.07 08:47:25 | 000,000,000 | ---D | M]
 
[2012.11.25 01:55:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\t.dung\AppData\Roaming\mozilla\Firefox\Profiles\ls5c6otl.default\extensions
[2012.05.07 15:27:09 | 000,060,243 | -H-- | M] () (No name found) -- C:\Users\t.dung\AppData\Roaming\mozilla\firefox\profiles\ls5c6otl.default\extensions\{45d8ff86-d909-11db-9705-005056c00008}.xpi
[2012.11.25 01:55:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2009.10.26 21:22:13 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.09.07 14:24:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2009.10.22 16:15:35 | 000,000,000 | ---D | M] (FirefoxHelper) -- C:\Program Files\mozilla firefox\extensions\firefoxhelper@mozilla.org
[2010.12.28 20:10:39 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files\mozilla firefox\extensions\KavAntiBanner@kaspersky.ru_bak
[2010.12.28 20:10:25 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Program Files\mozilla firefox\extensions\linkfilter@kaspersky.ru_bak
[2012.09.29 10:32:26 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
 
O1 HOSTS File: ([2012.11.25 03:35:48 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [Acer ePower Management] C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerTrayLauncher.exe (Acer Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe (Conexant Systems, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] c:\Program Files\CyberLink\PowerDVD8\Language\Language.exe ()
O4 - HKLM..\Run: [RemoteControl8] c:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VideoWebCamera] C:\Program Files\VideoWebCamera\VideoWebCamera.exe (Suyin)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\t.dung\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetupMyPC\SmpSys.exe (Acer Incorporated)
O4 - HKCU..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 5
O8 - Extra context menu item: Free YouTube Download - C:\Users\t.dung\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}  (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{848DEB77-6767-4AB8-821C-490AC8438F8F}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{99316BF3-6B18-43A7-A84D-4F0446665C57}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.25 10:46:44 | 000,000,000 | R--D | C] -- C:\Users\t.dung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
[2012.11.25 10:25:49 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.11.25 03:53:01 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.11.25 03:52:47 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.11.25 03:35:15 | 000,000,000 | ---D | C] -- C:\Users\t.dung\AppData\Local\temp
[2012.11.25 02:36:47 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012.11.25 02:33:27 | 005,006,466 | R--- | C] (Swearware) -- C:\Users\t.dung\Desktop\ComboFix.exe
[2012.11.25 00:31:45 | 000,000,000 | ---D | C] -- C:\Users\t.dung\Desktop\temp
[2012.11.25 00:31:45 | 000,000,000 | ---D | C] -- C:\Users\t.dung\Desktop\install
[2012.11.25 00:31:26 | 002,208,104 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Users\t.dung\Desktop\fusebundle.exe
[2012.11.25 00:08:46 | 000,000,000 | ---D | C] -- C:\Users\t.dung\AppData\Roaming\Avira
[2012.11.25 00:04:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.11.25 00:04:27 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012.11.24 22:45:49 | 000,000,000 | ---D | C] -- C:\Users\t.dung\Desktop\avira_registry_cleaner_de
[2012.11.24 22:45:42 | 000,450,768 | ---- | C] (Avira GmbH) -- C:\Users\t.dung\Desktop\RegCleaner.exe
[2012.11.24 22:45:42 | 000,000,000 | ---D | C] -- C:\Users\t.dung\Desktop\de-de
[2012.11.23 17:10:54 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012.11.23 17:10:02 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012.11.23 17:10:02 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012.11.23 17:10:02 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012.11.23 17:05:12 | 000,895,464 | ---- | C] (Oracle Corporation) -- C:\Users\t.dung\Desktop\jxpiinstall.exe
[2012.11.23 16:43:44 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012.11.23 16:09:53 | 000,000,000 | ---D | C] -- C:\Users\t.dung\Desktop\javara-2.0
[2012.11.23 14:14:35 | 019,231,504 | ---- | C] (Mozilla) -- C:\Users\t.dung\Desktop\Firefox Setup 17.0.exe
[2012.11.22 21:40:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\t.dung\Desktop\OTL.exe
[2012.11.22 06:54:49 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.11.21 20:46:21 | 002,322,184 | ---- | C] (ESET) -- C:\Users\t.dung\Desktop\esetsmartinstaller_enu.exe
[2012.11.21 14:05:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.11.21 14:05:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.11.21 14:05:51 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.11.21 14:02:08 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.11.21 14:00:44 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.11.21 13:53:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012.11.21 13:53:48 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi
[2012.11.20 19:18:29 | 000,000,000 | ---D | C] -- C:\Users\t.dung\Desktop\Neuer Ordner (4)
[2012.11.20 19:18:13 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\t.dung\Desktop\aswMBR.exe
[2012.11.16 22:25:44 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.11.16 22:25:43 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.11.16 22:25:43 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.11.16 22:25:42 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.11.16 22:25:42 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.11.16 22:25:40 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.11.16 22:25:40 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.11.16 22:25:38 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.11.16 18:03:26 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll
[2012.11.16 18:02:50 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.25 10:52:15 | 000,671,674 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.11.25 10:52:15 | 000,632,364 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.11.25 10:52:15 | 000,144,810 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.11.25 10:52:15 | 000,118,990 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.11.25 10:46:34 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.25 10:46:00 | 000,000,436 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2012.11.25 10:45:36 | 000,079,942 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.11.25 10:45:36 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.25 10:45:36 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.25 10:45:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.25 10:32:18 | 000,480,125 | ---- | M] () -- C:\Users\t.dung\Desktop\adwcleaner.exe
[2012.11.25 10:28:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.25 10:25:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.25 03:35:48 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.11.25 02:33:41 | 005,006,466 | R--- | M] (Swearware) -- C:\Users\t.dung\Desktop\ComboFix.exe
[2012.11.25 01:50:29 | 000,020,824 | ---- | M] () -- C:\Users\t.dung\firefox lesezeichen.rtf
[2012.11.25 01:06:26 | 000,238,143 | ---- | M] () -- C:\Users\t.dung\Documents\bookmarks.html
[2012.11.25 00:30:38 | 000,906,493 | ---- | M] () -- C:\Users\t.dung\Desktop\avira_fusebundlegen-win32-en.zip
[2012.11.25 00:25:26 | 000,001,029 | ---- | M] () -- C:\Users\t.dung\Desktop\Avira Produkt Update.lnk
[2012.11.25 00:06:44 | 000,354,360 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.11.25 00:04:33 | 000,001,849 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.11.24 22:45:27 | 000,088,626 | ---- | M] () -- C:\Users\t.dung\Desktop\avira_registry_cleaner_de.zip
[2012.11.24 22:32:59 | 105,142,912 | ---- | M] () -- C:\Users\t.dung\Desktop\avira_free_antivirus_de.exe
[2012.11.23 17:09:33 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012.11.23 17:09:20 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012.11.23 17:09:20 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012.11.23 17:09:17 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012.11.23 17:09:14 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll
[2012.11.23 17:09:14 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2012.11.23 17:05:29 | 000,895,464 | ---- | M] (Oracle Corporation) -- C:\Users\t.dung\Desktop\jxpiinstall.exe
[2012.11.23 16:09:19 | 000,135,237 | ---- | M] () -- C:\Users\t.dung\Desktop\javara-2.0.zip
[2012.11.23 14:15:39 | 019,231,504 | ---- | M] (Mozilla) -- C:\Users\t.dung\Desktop\Firefox Setup 17.0.exe
[2012.11.22 21:40:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\t.dung\Desktop\OTL.exe
[2012.11.22 06:48:16 | 414,289,096 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.11.21 20:46:21 | 002,322,184 | ---- | M] (ESET) -- C:\Users\t.dung\Desktop\esetsmartinstaller_enu.exe
[2012.11.21 13:53:49 | 000,000,809 | ---- | M] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
[2012.11.20 19:37:07 | 000,006,400 | ---- | M] () -- C:\ProgramData\NanoRepository.bin
[2012.11.20 19:18:50 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\t.dung\Desktop\aswMBR.exe
[2012.11.16 20:05:41 | 000,302,592 | ---- | M] () -- C:\Users\t.dung\Desktop\wj3feti9.exe
[2012.11.16 19:06:23 | 000,000,000 | ---- | M] () -- C:\Users\t.dung\defogger_reenable
[2012.11.16 19:05:26 | 000,050,477 | ---- | M] () -- C:\Users\t.dung\Desktop\Defogger.exe
[2012.11.07 16:03:24 | 000,133,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2012.11.07 16:03:24 | 000,083,432 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.11.07 16:03:24 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.10.26 18:17:06 | 000,006,400 | ---- | M] () -- C:\ProgramData\NanoRepository.bin.bak
 
========== Files Created - No Company Name ==========
 
[2012.11.25 10:32:18 | 000,480,125 | ---- | C] () -- C:\Users\t.dung\Desktop\adwcleaner.exe
[2012.11.25 01:50:29 | 000,020,824 | ---- | C] () -- C:\Users\t.dung\firefox lesezeichen.rtf
[2012.11.25 01:06:25 | 000,238,143 | ---- | C] () -- C:\Users\t.dung\Documents\bookmarks.html
[2012.11.25 00:31:26 | 000,005,018 | ---- | C] () -- C:\Users\t.dung\Desktop\fusebundle_msg.avr
[2012.11.25 00:31:26 | 000,001,209 | ---- | C] () -- C:\Users\t.dung\Desktop\fusebundle.conf
[2012.11.25 00:30:30 | 000,906,493 | ---- | C] () -- C:\Users\t.dung\Desktop\avira_fusebundlegen-win32-en.zip
[2012.11.25 00:20:48 | 000,001,029 | ---- | C] () -- C:\Users\t.dung\Desktop\Avira Produkt Update.lnk
[2012.11.25 00:04:33 | 000,001,849 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.11.24 22:45:42 | 000,000,551 | ---- | C] () -- C:\Users\t.dung\Desktop\build.dat
[2012.11.24 22:45:26 | 000,088,626 | ---- | C] () -- C:\Users\t.dung\Desktop\avira_registry_cleaner_de.zip
[2012.11.24 21:54:14 | 105,142,912 | ---- | C] () -- C:\Users\t.dung\Desktop\avira_free_antivirus_de.exe
[2012.11.23 16:09:12 | 000,135,237 | ---- | C] () -- C:\Users\t.dung\Desktop\javara-2.0.zip
[2012.11.22 06:48:16 | 414,289,096 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.11.21 14:05:51 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.11.21 14:05:51 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.11.21 14:05:51 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.11.21 14:05:51 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.11.21 14:05:51 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.11.16 20:05:41 | 000,302,592 | ---- | C] () -- C:\Users\t.dung\Desktop\wj3feti9.exe
[2012.11.16 19:06:23 | 000,000,000 | ---- | C] () -- C:\Users\t.dung\defogger_reenable
[2012.11.16 19:05:26 | 000,050,477 | ---- | C] () -- C:\Users\t.dung\Desktop\Defogger.exe
[2012.10.08 19:18:12 | 000,011,872 | ---- | C] () -- C:\Users\t.dung\bewerbungt 1.odt
[2012.10.08 17:09:30 | 000,010,261 | ---- | C] () -- C:\Users\t.dung\Lebenslauf.odt
[2012.09.21 21:16:15 | 000,005,441 | ---- | C] () -- C:\Users\t.dung\safe_image[3].jpg
[2012.09.08 14:31:21 | 000,354,360 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.09.05 20:40:24 | 000,006,400 | ---- | C] () -- C:\ProgramData\NanoRepository.bin.bak
[2012.09.05 20:40:24 | 000,006,400 | ---- | C] () -- C:\ProgramData\NanoRepository.bin
[2012.08.31 01:31:58 | 000,719,644 | ---- | C] () -- C:\Users\t.dung\bio.rtf
[2012.08.03 19:21:03 | 000,000,000 | ---- | C] () -- C:\ProgramData\0x0304A000.sfl
[2012.07.30 13:44:30 | 000,229,470 | ---- | C] () -- C:\Users\t.dung\beelzebub-3380623.jpg
[2012.05.17 22:45:44 | 000,003,089 | ---- | C] () -- C:\Users\t.dung\songs.rtf
[2012.05.13 10:42:31 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2012.05.03 16:46:42 | 000,000,167 | ---- | C] () -- C:\Users\t.dung\fr8tz.rtf
[2012.01.28 17:39:14 | 000,000,000 | ---- | C] () -- C:\Users\t.dung\AppData\Local\{2741957C-0A26-4715-A593-AEB61F61C992}
[2011.12.31 16:37:46 | 000,000,185 | ---- | C] () -- C:\Users\t.dung\grkushf.rtf
[2011.11.15 14:28:38 | 000,224,844 | ---- | C] () -- C:\Users\t.dung\Chemie.odt
[2011.09.27 04:37:13 | 000,002,728 | ---- | C] () -- C:\Users\t.dung\.recently-used.xbel
[2011.09.26 22:31:21 | 000,018,082 | ---- | C] () -- C:\Users\t.dung\kloster_corin2_01.jpg
[2011.09.02 22:54:22 | 000,000,277 | ---- | C] () -- C:\Users\t.dung\Gedanken.rtf
[2011.08.29 21:32:52 | 000,000,356 | ---- | C] () -- C:\Users\t.dung\dieser SATZ !!!.rtf
[2011.08.26 16:07:30 | 000,000,354 | ---- | C] () -- C:\Users\t.dung\ort in berlin.rtf
[2011.08.17 21:27:01 | 000,012,614 | ---- | C] () -- C:\Users\t.dung\scheiß elli, hure.rtf
[2011.08.11 22:13:17 | 000,012,499 | ---- | C] () -- C:\Users\t.dung\an.rtf
[2011.08.07 11:01:06 | 001,245,491 | ---- | C] () -- C:\Users\t.dung\ydfh bdf.JPG
[2011.08.04 12:01:04 | 000,000,624 | ---- | C] () -- C:\Users\t.dung\Ich.rtf
[2011.07.26 00:12:28 | 000,036,112 | ---- | C] () -- C:\Users\t.dung\ende mit.rtf
[2011.06.10 15:32:01 | 000,001,987 | ---- | C] () -- C:\Users\t.dung\antrag auf rücktritt.rtf
[2011.06.09 18:45:04 | 000,002,699 | ---- | C] () -- C:\Users\t.dung\fritzbox einstellungen.rtf
[2011.05.05 19:18:01 | 000,066,808 | ---- | C] () -- C:\Users\t.dung\spirited_away_006.jpg
[2011.05.05 19:15:49 | 000,230,993 | ---- | C] () -- C:\Users\t.dung\Chihiros Reise ins Zauberland.jpg
[2011.04.30 15:20:43 | 000,086,004 | ---- | C] () -- C:\Users\t.dung\parasyte-1169925.jpg
[2011.03.11 21:50:40 | 026,128,352 | ---- | C] () -- C:\Users\t.dung\DSCN1910.AVI
[2010.11.06 18:57:19 | 000,367,254 | ---- | C] () -- C:\Users\t.dung\AppData\Local\TempBeispiel 5.bmp
[2010.11.06 18:55:33 | 000,095,572 | ---- | C] () -- C:\Users\t.dung\AppData\Local\Tempsexy-manga-1-4.jpg
[2010.05.28 11:32:48 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.05.17 07:04:00 | 000,001,332 | ---- | C] () -- C:\Users\t.dung\Aktuelle Wiedergabe1.wpl
[2010.02.01 18:04:35 | 000,000,330 | ---- | C] () -- C:\Users\t.dung\gmxnr.rtf
[2010.01.27 18:53:01 | 000,118,805 | ---- | C] () -- C:\Users\t.dung\castle-jinmeri sheet.pdf
[2010.01.20 07:40:48 | 000,002,741 | ---- | C] () -- C:\Users\t.dung\Aktuelle Wiedergabe.wpl
[2010.01.14 07:42:23 | 000,000,438 | ---- | C] () -- C:\Users\t.dung\quellen nihei.rtf
[2010.01.13 07:49:28 | 000,002,030 | ---- | C] () -- C:\Users\t.dung\weerke.rtf
[2010.01.13 07:49:17 | 000,000,780 | ---- | C] () -- C:\Users\t.dung\nuhei.rtf
[2010.01.12 21:01:26 | 000,002,011 | ---- | C] () -- C:\Users\t.dung\tsutomu nihei werke.rtf
[2010.01.10 22:53:28 | 000,002,269 | ---- | C] () -- C:\Users\t.dung\tsutomu nihei.rtf
[2010.01.06 07:02:16 | 000,002,665 | ---- | C] () -- C:\Users\t.dung\frauen kafka.rtf
[2010.01.03 17:40:02 | 000,000,982 | ---- | C] () -- C:\Users\t.dung\elli infos.rtf
[2009.12.23 18:09:34 | 000,000,344 | ---- | C] () -- C:\Users\t.dung\flyff dialog XD.rtf
[2009.12.14 23:59:18 | 000,008,556 | ---- | C] () -- C:\Users\t.dung\heinrich.rtf
[2009.12.13 22:45:10 | 000,000,553 | ---- | C] () -- C:\Users\t.dung\termine.rtf
[2009.11.15 20:02:14 | 000,007,123 | -HS- | C] () -- C:\Users\t.dung\Folder.jpg
[2009.11.15 20:02:14 | 000,007,123 | -HS- | C] () -- C:\Users\t.dung\AlbumArt_{0FA16295-43E1-48B8-B2D1-EA960B18B30C}_Large.jpg
[2009.11.15 20:02:14 | 000,001,982 | -HS- | C] () -- C:\Users\t.dung\AlbumArtSmall.jpg
[2009.11.15 20:02:14 | 000,001,982 | -HS- | C] () -- C:\Users\t.dung\AlbumArt_{0FA16295-43E1-48B8-B2D1-EA960B18B30C}_Small.jpg
[2009.10.28 23:48:34 | 000,247,431 | ---- | C] () -- C:\Users\t.dung\Unbenannt merry.wma
[2009.10.26 20:56:36 | 006,262,762 | ---- | C] () -- C:\Users\t.dung\05-polysics-kaja_kaja_goo.mp3
[2009.10.04 08:45:08 | 000,000,552 | ---- | C] () -- C:\Users\t.dung\AppData\Local\d3d8caps.dat
[2009.09.10 14:27:29 | 000,001,356 | ---- | C] () -- C:\Users\t.dung\AppData\Local\d3d9caps.dat
[2009.09.07 13:58:15 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.08.30 15:34:22 | 1029,197,824 | ---- | C] () -- C:\Users\t.dung\VTS_03_1.VOB
[2009.08.30 15:34:21 | 000,001,980 | ---- | C] () -- C:\Users\t.dung\Visubands.rtf
[2009.08.30 15:34:19 | 000,000,496 | ---- | C] () -- C:\Users\t.dung\musicliste.rtf
[2009.08.24 21:22:46 | 000,130,560 | ---- | C] () -- C:\Users\t.dung\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.06.13 14:29:50 | 000,079,942 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.06.13 14:29:44 | 000,079,942 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2007.01.25 02:52:26 | 000,065,536 | ---- | C] () -- C:\Program Files\Common Files\NMSAccessU.exe
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 64 bytes -> C:\Users\t.dung\VTS_03_1.VOB:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\t.dung\DSCN1910.AVI:TOC.WMV
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:0651F96C
@Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:F63A059B

< End of report >

Extras:

Code:

ATTFilter

OTL Extras logfile created on: 25.11.2012 10:51:31 - Run 6
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\t.dung\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,52 Gb Available Physical Memory | 50,87% Memory free
6,19 Gb Paging File | 4,54 Gb Available in Paging File | 73,31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288,32 Gb Total Space | 122,43 Gb Free Space | 42,46% Space Free | Partition Type: NTFS
 
Computer Name: TDUNG-PC | User Name: t.dung | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00301B2F-9A85-478D-ADC9-F2DA9C01ECF1}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{04874073-7CAF-4A7A-A16C-39147171F85F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{0DCFF7E8-E9BA-43A2-80A1-0E59859EC497}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{0E0A3944-3718-48D3-9464-215F928E599E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{17E15091-B784-4BD2-9854-DDFCBCA0E93E}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{1814E8FD-FB24-4C73-86BB-602FBFF28406}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=c:\windows\system32\svchost.exe | 
"{27DC23C0-108B-4BBC-82BF-2D70DBAB4F59}" = lport=49177 | protocol=6 | dir=in | name=akamai netsession interface | 
"{30BE9797-CB63-456E-88FB-EBEBADE08430}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{3DD07163-DB56-492D-A736-1E52D6F92ABA}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe | 
"{46682535-74FC-4804-BE6A-CD983FF7F439}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe | 
"{49E5EE38-C0F3-467D-9E64-C2B71522D0A0}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{55425BC0-D33F-4E8E-90CE-3E1F7EDDCCD6}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=c:\windows\system32\svchost.exe | 
"{631B22F9-11A4-4DF9-9C27-553FFB89C453}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe | 
"{7687FB33-BAD6-41E0-B0DC-5A47085B2425}" = lport=49185 | protocol=6 | dir=in | name=akamai netsession interface | 
"{78F3AA63-C09A-4959-A9FB-EB0DCE0EC843}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=c:\windows\system32\svchost.exe | 
"{7AA0920A-18A0-4677-9D2D-009A895D81D9}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 | 
"{85936755-AF83-478D-9281-23F52C080D87}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{87D24086-5D81-4A1A-B743-826734BA873B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{88DFC6DA-DD93-4720-B100-2A45333C5E9E}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{AE41CA38-443F-4E6D-B954-41030968C8BA}" = lport=67 | protocol=17 | dir=in | name=dhcp discovery service | 
"{B4D05A89-E3BC-400F-AE0E-E0EDFBCE7411}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{BD4F18FE-F333-401D-A6F1-A2FB78D8923C}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{CD3661AE-E683-4C8F-8C8F-C183B8738250}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{D4802EA6-0211-4AE1-A6DF-DF7FD3E9713F}" = lport=49977 | protocol=6 | dir=in | name=akamai netsession interface | 
"{DF1BD78F-6CC4-42B0-9389-9E6ACD608132}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{E9469BA3-09E3-4C6D-8B51-78F6F77874AA}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=c:\windows\system32\svchost.exe | 
"{EB4E5E13-9512-4C81-B4CA-21D07D28063A}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{F1B29396-EDC1-4473-896E-39C75AE82DEF}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{045FB334-7578-4F12-BD4A-07A5652C8B16}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{119B4D9B-A9DE-4981-A1FA-D16A3027494F}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe | 
"{14CF75CF-FBEB-478E-8307-EE4433CBD618}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{16A4861A-AA4A-46F2-912B-126051A09435}" = protocol=17 | dir=in | app=c:\program files\gameforge4d\elsword_de\data\x2.exe | 
"{1EB12BE3-CCD3-4EA1-898B-46F6200DD605}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{26B1F04B-E80B-488B-A9E2-61398C78C253}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{28107E13-35DB-4F6E-B9AA-D1363C12DD47}" = protocol=6 | dir=in | app=c:\program files\gameforge4d\elsword_de\data\x2.exe | 
"{29B635A2-2F2D-4009-8FD9-ED70B0C88519}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{2FD5E674-892D-445F-8997-A3B41A9E4968}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{314DC154-1DE6-4395-90FF-E8A390189167}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | 
"{424BBE6D-78E1-406D-99D6-B6A174459F2E}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | 
"{42C78116-E29B-4055-A33C-3EAAFEAF84DA}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{45AC146B-FEB2-4B9D-9767-B5C505B900D2}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | 
"{4B5A7CC6-EC18-4E86-B573-D8B673E6EF34}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{4EF96C7C-2CA5-4E12-8C38-36B725335489}" = dir=in | app=c:\program files\cyberlink\powerdvd8\powerdvd8.exe | 
"{51E424E8-C9FB-4601-94A9-6E9D84E5A911}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | 
"{520EDC86-EE62-455A-85F6-555668667106}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{5F9B8D23-9240-4BA0-8633-8366EF8CA825}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{5FE542EB-18AC-4979-B41B-2EC8A6F58B1E}" = protocol=6 | dir=in | app=c:\program files\giraffic\veoh_giraffic.exe | 
"{61EB8BB7-5694-4A66-824C-05CB3D76D6F3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{64E4C831-CA97-499C-B238-8D108600FE29}" = protocol=6 | dir=in | app=c:\program files\giraffic\veoh_girafficwatchdog.exe | 
"{6ECF214D-E1A6-4ECF-B31B-F269C5E0D298}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer_service.exe | 
"{78922F1C-956E-4BE3-933C-8B2ADB62EE7F}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe | 
"{8523839A-8760-4195-8ABD-03135066E812}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe | 
"{8A7B7522-D73F-47C9-8CEB-7557F23DB616}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{9406ECB2-248D-4E00-AFC2-204EE3D1EED8}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | 
"{954F1335-4CDE-41E9-8B87-1445D6F36FC0}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{A79C20D4-4938-4F93-9458-6BC97BA5EBD9}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe | 
"{B21590E7-96E6-4CDA-B781-D56633BBE616}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{B335D1CE-21AB-494B-9EDC-02168AD2D300}" = protocol=17 | dir=in | app=c:\program files\gameforge4d\elsword_de\data\x2.exe | 
"{B575E7F5-9CF8-497F-9020-1B92C375F707}" = protocol=6 | dir=in | app=c:\program files\gameforge4d\elsword_de\data\x2.exe | 
"{BA3DF97D-D16B-4B46-B96E-D8B4F3E11A43}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{BD326DF9-9783-4B6D-B70F-5B75E35C0620}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BEF05DE3-A2A3-4330-8C49-A98DBEBB53F3}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer_service.exe | 
"{C3184A17-53E3-4BC6-963F-798F49F412FD}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{C869956C-320D-4888-9764-410D6E0E7965}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe | 
"{CD25C6C2-BCE5-4106-941D-AB606C3442C6}" = protocol=17 | dir=in | app=c:\program files\giraffic\veoh_giraffic.exe | 
"{D3603C44-5D7C-4AFC-9533-97CF8B487D78}" = protocol=17 | dir=in | app=c:\users\t.dung\appdata\local\akamai\netsession_win.exe | 
"{D62854FD-5CAA-4F40-B749-25AB40C11F5B}" = protocol=6 | dir=in | app=c:\users\t.dung\appdata\local\akamai\netsession_win.exe | 
"{E91BBCD3-663A-4574-8A59-D3358BE1ED58}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{F9FB3A41-A0E3-4379-9787-AFAB5B9EA221}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{FEEADB9B-2069-46B9-B6E9-079E6F50EB29}" = protocol=17 | dir=in | app=c:\program files\giraffic\veoh_girafficwatchdog.exe | 
"{FF1E95A8-4FA5-41D4-844F-458DC26D14E4}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"TCP Query User{2931268F-C893-4F11-9CFA-5A038405D425}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{3C0CF658-7210-4D4B-B87D-2288F6308F65}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{3E86B31A-F666-4F9F-984C-7CAEC6853270}E:\metin2 privat server\blacknight-mt2 client 1.2\lib\game\game.exe" = protocol=6 | dir=in | app=e:\metin2 privat server\blacknight-mt2 client 1.2\lib\game\game.exe | 
"TCP Query User{59AEA3ED-76B4-4989-8E2F-440FE18817EC}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"TCP Query User{72C83951-B207-4B31-BD80-E30A03A798DD}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | 
"TCP Query User{752A0F10-225C-445E-8212-1A0735BA19A3}C:\users\t.dung\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\t.dung\program files\dna\btdna.exe | 
"TCP Query User{A8DF7592-D65B-4309-B151-7EC8F7167AFD}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"UDP Query User{02EA6A6F-5003-41A4-A2E8-8B7A9D628129}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{26D1DA44-5EDD-4FAA-83AB-FBB1FF93B34E}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{83F044C1-3890-40BA-966D-87F132A13F77}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | 
"UDP Query User{DAC4F8E4-6AEF-4655-895B-748BB92F9F3E}C:\users\t.dung\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\t.dung\program files\dna\btdna.exe | 
"UDP Query User{DC937AAB-6BE5-4892-B9B1-F034CF759AD4}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"UDP Query User{E3D89688-C1D2-4FF6-BBDB-47AC961815D3}E:\metin2 privat server\blacknight-mt2 client 1.2\lib\game\game.exe" = protocol=17 | dir=in | app=e:\metin2 privat server\blacknight-mt2 client 1.2\lib\game\game.exe | 
"UDP Query User{FEB7E17D-08B9-4683-9880-CEA1EF70BBCA}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{256FA7E0-D9C2-44FE-AA9E-42AE2CCC2D50}_is1" = Hello Kitty Online
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{292E65F1-E9F8-4416-90A6-5916A8C95672}_is1" = Hello Kitty Online Download Manager
"{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}" = LG United Mobile Driver
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Packard Bell PowerSave Solution
"{3E2C691B-B7E6-4053-B5C3-94B8BC407E7A}" = Adobe Premiere Elements 4.0
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5928359F-BF46-4646-BF19-B64E55171EB5}_is1" = FILSHtray Version 0.8
"{5C1BF3AC-B19D-4C26-B0A0-90833A521031}" = Nero 8 Essentials
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69F0CEA4-43E2-4CBB-92DF-41860A40A631}" = Formelrechner
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{7E210E1C-52A1-40E3-817B-D504E9F64DFA}_is1" = Flyff
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{94056AE8-EF0F-45E4-A1B4-D754115F8A28}" = Numedia CD-DVD writing as non-admin user
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AF0B106-56F1-461B-A270-95BC1682E282}" = Broadcom Gigabit NetLink Controller
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{9EBDAF91-DADA-47CE-94F2-F5B004007934}" = System Requirements Lab
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Video Web Camera
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB49B509-8FCA-45E6-9FB9-9E4AEEB8F148}" = System Requirements Lab CYRI
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{b2042d5e-986d-44ec-aee3-afe4108ccc93}" = Python 3.2
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}" = WebEx Support Manager for Internet Explorer
"{C3592426-531E-4110-911D-BFECE2CE284C}" = osu!
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C6254BE3-C3FE-4F2B-AB15-397170553FF2}" = Setup
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CAE017F8-C238-4397-879B-7FBB915D9457}" = LogMeIn Hamachi
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5E94E74-0D14-48F5-B1F4-F38BB37BEE9B}" = S4 League_EU
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster 2010
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{F5A4F780-DF0C-444F-BA82-637CCF5C8052}" = Windows Live Family Safety
"{F68A7F48-9F26-4FB1-A7C2-DF3C0F2D849C}" = Crazy Taxi
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F85C7118-F3DC-4ED9-AB27-3E7931EA3D88}" = Adobe Premiere Elements 4.0 Templates
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Akamai" = Akamai NetSession Interface
"Any Video Converter_is1" = Any Video Converter 2.7.6
"Audition Online1.2.6064" = Audition Online
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Cute CD DVD Burner V6.0" = Cute CD DVD Burner V6.0
"DivX Setup" = DivX-Setup
"Elsword_DE_is1" = Elsword_DE
"ESET Online Scanner" = ESET Online Scanner v3
"FantasyTennis" = FantasyTennis
"FlorensiaEN" = FlorensiaEN 1.10.26
"Free RAR Extract Frog 1.00" = Free RAR Extract Frog 1.00
"Free YouTube Download_is1" = Free YouTube Download 2.10
"Giraffic" = Veoh Giraffic Video Accelerator
"Grand Fantasia" = Grand Fantasia
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HyperCam 2" = HyperCam 2
"Identity Card" = Identity Card
"Infocenter" = Infocenter
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Packard Bell MyBackup
"LManager" = Launch Manager
"LogMeIn Hamachi" = LogMeIn Hamachi
"Mabinogi" = Mabinogi
"MAGIX 3D Maker D" = MAGIX 3D Maker (embeded)
"MAGIX Screenshare D" = MAGIX Screenshare 4.3.6.1987 (D)
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"MinecraftAlpha" = MinecraftAlpha
"NVIDIA Drivers" = NVIDIA Drivers
"Packard Bell Customer Registration" = Packard Bell Customer Registration
"PackardBell Screensaver" = PackardBell ScreenSaver
"PhotoLine_is1" = PhotoLine 15.5.0.0
"PremElem40" = Adobe Premiere Elements 4.0
"PremElem40Templates" = Adobe Premiere Elements 4.0 Templates
"RealPlayer 15.0" = RealPlayer
"SetupMyPC" = SetupMyPC
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamViewer 5" = TeamViewer 5
"Uninstall_is1" = Uninstall 1.0.0.1
"Updator" = Updator
"Veoh Web Player Beta" = Veoh Web Player
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"Xvid_is1" = Xvid 1.2.2 final uninstall
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"BitTorrent DNA" = DNA
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 25.11.2012 05:36:29 | Computer Name = tdung-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksdb.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 25.11.2012 05:36:29 | Computer Name = tdung-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksCal.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 25.11.2012 05:36:29 | Computer Name = tdung-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 25.11.2012 05:36:29 | Computer Name = tdung-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 25.11.2012 05:36:32 | Computer Name = tdung-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 25.11.2012 05:46:40 | Computer Name = tdung-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksdb.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 25.11.2012 05:46:40 | Computer Name = tdung-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksCal.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 25.11.2012 05:46:41 | Computer Name = tdung-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 25.11.2012 05:46:41 | Computer Name = tdung-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 25.11.2012 05:46:48 | Computer Name = tdung-PC | Source = WinMgmt | ID = 10
Description = 
 
[ OSession Events ]
Error - 11.11.2010 02:43:37 | Computer Name = tdung-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 12
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 13.12.2011 01:08:44 | Computer Name = tdung-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 13.10.2009 08:17:12 | Computer Name = tdung-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.101 für die Netzwerkkarte mit der Netzwerkadresse
 0022FA20BF6E wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server
 hat eine DHCPNACK-Meldung gesendet).
 
Error - 13.10.2009 11:41:43 | Computer Name = tdung-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 13.10.2009 11:42:34 | Computer Name = tdung-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 13.10.2009 14:25:15 | Computer Name = tdung-PC | Source = iaStor | ID = 262153
Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht
 geantwortet.
 
Error - 13.10.2009 15:14:05 | Computer Name = tdung-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 13.10.2009 15:15:00 | Computer Name = tdung-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 14.10.2009 01:17:42 | Computer Name = tdung-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.101 für die Netzwerkkarte mit der Netzwerkadresse
 0022FA20BF6E wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server
 hat eine DHCPNACK-Meldung gesendet).
 
Error - 14.10.2009 10:32:17 | Computer Name = tdung-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.101 für die Netzwerkkarte mit der Netzwerkadresse
 0022FA20BF6E wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server
 hat eine DHCPNACK-Meldung gesendet).
 
Error - 14.10.2009 11:55:49 | Computer Name = tdung-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 14.10.2009 11:57:27 | Computer Name = tdung-PC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >

schrauber · 25.11.2012, 14:00

Benutzt Du einen Router?

Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen.

Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ )
Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt

Poste den Inhalt bitte hier in deinen Thread.

Pheles · 25.11.2012, 16:09

Bei mit startet TDSSkiller nicht > <
Kurz nach dem Download hat der Rechner sich heruntergefahren um " Schaden zu verhindern " und dann als ich es öffnen wollte, startet es nicht..

Ja, Ich verwende einen WLÄN-Router

schrauber · 26.11.2012, 08:26

Downloade dir bitte Farbar Recovery Scan Tool 32-Bit und speichere diese auf einen USB Stick.

Schließe den USB Stick an das infizierte System an

Du musst das System nun in die System Reparatur Option booten.

Über den Boot Manager

Starte den Rechner neu auf.
Während dem Hochfahren drücke mehrmals die F8 Taste
Wähle nun Computer reparieren.
Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Mit Windows CD/DVD

Lege die Windows CD in dein Laufwerk.
Starte den Rechner neu auf und starte von der CD
Wähle die Spracheinstellungen und klicke "Weiter".
Klicke auf Computerreparaturoptionen !!
Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Wähle in den Reparaturoptionen Eingabeaufforderung

Gib nun bitte notepad ein und drücke Enter.
Im öffnenden Textdokument --> Datei --> Speichern unter und wähle Computer
Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt.
Schließe Notepad wieder
Gib nun bitte folgenden Befehl ein.
e:\frst.exe
Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks. Gegebenfalls anpassen.
Akzeptiere den Disclaimer mit Yes und klicke Scan

Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

Pheles · 29.11.2012, 20:31

Guten Abend,
Ich kann dir noch keine schnelle Antwort geben, da ich meine Installations CD gerade nicht finde.

Ich entschuldige mich für die Verzögerung > <

schrauber · 30.11.2012, 08:15

Kein Problem

Pheles · 30.12.2012, 20:03

Ich danke dir vielmals, dass du mir bis hierher geholfen hast. : D

Die letzte antwort ist eine weile her. Ich musste viel für die Schule tun ....
Ich habe die CD nicht gefunden, aber ich benutzte dann letzendlich den Packard Bell Recovery Manager um das Sytem auf einen Zustand zu bringen, damit die "Computer reparieren" Option in F8 funktionieren konnte. Dabei gingen persönliche Dateien verloren > <

Ich hoffe, dass auch wegen der langen Zeit du trotzdem noch geneigt bist, mir zu helfen : )
Ich bitte darum !!! > <

Nun hier als Ergebnis der fsr Text:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-12-2012
Ran by SYSTEM at 30-12-2012 19:33:27
Running from F:\
Windows Vista (TM) Home Premium  Service Pack 1 (X86) OS Language: English(US) 
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [34672 2008-06-11] (Adobe Systems Incorporated)
HKLM\...\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup [30192 2012-12-30] (Google)
HKLM\...\Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe [474168 2008-11-05] (Conexant Systems, Inc.)
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [13605408 2009-02-10] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit [92704 2009-02-10] (NVIDIA Corporation)
HKLM\...\Run: [VideoWebCamera] "C:\Program Files\VideoWebCamera\VideoWebCamera.exe" -a [1552497 2009-04-01] (Suyin)
HKLM\...\Run: [PLFSetI] C:\Program Files\PLFSetI.exe [x]
HKLM\...\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe [866824 2009-02-18] (Dritek System Inc.)
HKLM\...\Run: [BackupManagerTray] "C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" -k [250624 2009-03-09] (NewTech Infosystems, Inc.)
HKLM\...\Run: [RemoteControl8] "c:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe" [91432 2008-10-17] (CyberLink Corp.)
HKLM\...\Run: [PDVD8LanguageShortcut] "c:\Program Files\CyberLink\PowerDVD8\Language\Language.exe" [50472 2007-12-14] ()
HKLM\...\Run: [Acer ePower Management] C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerTrayLauncher.exe [440864 2009-04-15] (Acer Incorporated)
HKU\Default\...\RunOnce: [ScrSav] C:\Windows\Screensavers\PackardBell\run_PackardBel [x]
HKU\Default User\...\RunOnce: [ScrSav] C:\Windows\Screensavers\PackardBell\run_PackardBel [x]
HKU\t.dung\...\Run: [SmpcSys] C:\Program Files\Packard Bell\SetupMyPC\SmpSys.exe [1160736 2009-03-18] (Acer Incorporated)
HKU\t.dung\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\t.dung\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [68856 2012-12-30] (Google Inc.)
HKU\t.dung\...\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2816328 2011-10-26] (Veoh Networks)
HKU\t.dung\...\Run: [Akamai NetSession Interface] "C:\Users\t.dung\AppData\Local\Akamai\netsession_win.exe" [x]
HKLM\...\RunOnce: [Unattend0000000001{A8125975-BD0D-4F01-8D64-0910B5C74BEE}] c:\elements\1stboot\hotfix.cmd [8961 2012-12-30] ()
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

==================== Services (Whitelisted) ===================

2 AdobeActiveFileMonitor6.0; C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [124832 2007-09-10] ()
2 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerSvc.exe [703008 2009-04-15] (Acer Incorporated)
3 GoogleDesktopManager-092308-165331; "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [30192 2012-12-30] (Google)
2 Norton Internet Security; "C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "C:\Program Files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 [124784 2009-03-25] (Symantec Corporation)
3 Partner Service; "C:\ProgramData\Partner\partner.exe" [110576 2012-12-30] (Google Inc.)

==================== Drivers (Whitelisted) ====================

3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVENG.SYS [89104 2009-03-25] (Symantec Corporation)
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVEX15.SYS [873552 2009-03-25] (Symantec Corporation)
1 SRTSP; \??\C:\Windows\system32\drivers\NIS\1000000.07D\SRTSP.SYS [305712 2009-03-25] (Symantec Corporation)
1 SRTSPX; \??\C:\Windows\system32\drivers\NIS\1000000.07D\SRTSPX.SYS [43696 2009-03-25] (Symantec Corporation)
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
4 USBSTOR; C:\Windows\system32\drivers\usbstor.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2012-12-30 18:11 - 2012-12-30 18:11 - 00000000 ____D C:\Windows\System32\Drivers\zh-TW
2012-12-30 18:11 - 2012-12-30 18:11 - 00000000 ____D C:\Windows\System32\Drivers\zh-HK
2012-12-30 18:11 - 2012-12-30 18:11 - 00000000 ____D C:\Windows\System32\Drivers\zh-CN
2012-12-30 18:11 - 2012-12-30 18:11 - 00000000 ____D C:\Windows\System32\Drivers\uk-UA
2012-12-30 18:11 - 2012-12-30 18:11 - 00000000 ____D C:\Windows\System32\Drivers\tr-TR
2012-12-30 18:11 - 2012-12-30 18:11 - 00000000 ____D C:\Windows\System32\Drivers\th-TH
2012-12-30 18:11 - 2012-12-30 18:11 - 00000000 ____D C:\Windows\System32\Drivers\sv-SE
2012-12-30 18:11 - 2012-12-30 18:11 - 00000000 ____D C:\Windows\System32\Drivers\sr-Latn-CS
2012-12-30 18:11 - 2012-12-30 18:11 - 00000000 ____D C:\Windows\System32\Drivers\sl-SI
2012-12-30 18:11 - 2012-12-30 18:11 - 00000000 ____D C:\Windows\System32\Drivers\sk-SK
2012-12-30 18:11 - 2012-12-30 18:11 - 00000000 ____D C:\Windows\System32\Drivers\ru-RU
2012-12-30 18:11 - 2012-12-30 18:11 - 00000000 ____D C:\Windows\System32\Drivers\ro-RO
2012-12-30 18:11 - 2012-12-30 18:11 - 00000000 ____D C:\Windows\System32\Drivers\pt-PT
2012-12-30 18:11 - 2012-12-30 18:11 - 00000000 ____D C:\Windows\System32\Drivers\pt-BR
2012-12-30 18:11 - 2012-12-30 18:11 - 00000000 ____D C:\Windows\System32\Drivers\pl-PL
2012-12-30 18:11 - 2012-12-30 18:11 - 00000000 ____D C:\Windows\System32\Drivers\nl-NL
2012-12-30 18:11 - 2012-12-30 18:11 - 00000000 ____D C:\Windows\System32\Drivers\nb-NO
2012-12-30 18:11 - 2012-12-30 18:11 - 00000000 ____D C:\Windows\System32\Drivers\lv-LV
2012-12-30 18:11 - 2012-12-30 18:11 - 00000000 ____D C:\Windows\System32\Drivers\lt-LT
2012-12-30 18:11 - 2012-12-30 18:11 - 00000000 ____D C:\Windows\System32\Drivers\ko-KR
2012-12-30 18:11 - 2012-12-30 18:11 - 00000000 ____D C:\Windows\System32\Drivers\ja-JP
2012-12-30 18:11 - 2012-12-30 18:11 - 00000000 ____D C:\Windows\System32\Drivers\it-IT
2012-12-30 18:11 - 2012-12-30 18:11 - 00000000 ____D C:\Windows\System32\Drivers\hu-HU
2012-12-30 18:11 - 2012-12-30 18:11 - 00000000 ____D C:\Windows\System32\Drivers\hr-HR
2012-12-30 18:11 - 2012-12-30 18:11 - 00000000 ____D C:\Windows\System32\Drivers\he-IL
2012-12-30 18:11 - 2012-12-30 18:11 - 00000000 ____D C:\Windows\System32\Drivers\fr-FR
2012-12-30 18:11 - 2012-12-30 18:11 - 00000000 ____D C:\Windows\System32\Drivers\fi-FI
2012-12-30 18:11 - 2012-12-30 18:11 - 00000000 ____D C:\Windows\System32\Drivers\et-EE
2012-12-30 18:11 - 2012-12-30 18:11 - 00000000 ____D C:\Windows\System32\Drivers\el-GR
2012-12-30 18:11 - 2012-12-30 18:11 - 00000000 ____D C:\Windows\System32\Drivers\bg-BG
2012-12-30 18:11 - 2012-12-30 18:11 - 00000000 ____D C:\Windows\System32\Drivers\ar-SA
2012-12-30 18:10 - 2012-12-30 18:10 - 02134528 ____A (Microsoft Corporation) C:\Windows\System32\FunctionDiscoveryFolder.dll
2012-12-30 18:10 - 2012-12-30 18:10 - 00968192 ____A (Microsoft Corporation) C:\Windows\System32\wcnwiz2.dll
2012-12-30 18:10 - 2012-12-30 18:10 - 00640512 ____A (Microsoft Corporation) C:\Windows\System32\bthprops.cpl
2012-12-30 18:10 - 2012-12-30 18:10 - 00478208 ____A (Microsoft Corporation) C:\Windows\System32\DevicePairing.dll
2012-12-30 18:10 - 2012-12-30 18:10 - 00291840 ____A (Microsoft Corporation) C:\Windows\System32\WscEapPr.dll
2012-12-30 18:10 - 2012-12-30 18:10 - 00165376 ____A (Microsoft Corporation) C:\Windows\System32\WcnNetsh.dll
2012-12-30 18:10 - 2012-12-30 18:10 - 00150528 ____A (Microsoft Corporation) C:\Windows\System32\fundisc.dll
2012-12-30 18:10 - 2012-12-30 18:10 - 00088064 ____A (Microsoft Corporation) C:\Windows\System32\fdBth.dll
2012-12-30 18:10 - 2012-12-30 18:10 - 00065536 ____A (Microsoft Corporation) C:\Windows\System32\DevicePairingWizard.exe
2012-12-30 18:10 - 2012-12-30 18:10 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\DevicePairingProxy.dll
2012-12-30 18:10 - 2012-12-30 18:10 - 00045568 ____A (Microsoft Corporation) C:\Windows\System32\bthci.dll
2012-12-30 18:10 - 2012-12-30 18:10 - 00040960 ____A (Microsoft Corporation) C:\Windows\System32\bthserv.dll
2012-12-30 18:10 - 2012-12-30 18:10 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hidclass.sys
2012-12-30 18:10 - 2012-12-30 18:10 - 00034816 ____A (Microsoft Corporation) C:\Windows\System32\wshbth.dll
2012-12-30 18:10 - 2012-12-30 18:10 - 00034304 ____A (Microsoft Corporation) C:\Windows\System32\bthudtask.exe
2012-12-30 18:10 - 2012-12-30 18:10 - 00025728 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hidparse.sys
2012-12-30 18:10 - 2012-12-30 18:10 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\fdProxy.dll
2012-12-30 18:10 - 2012-12-30 18:10 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hidusb.sys
2012-12-30 18:10 - 2012-12-30 18:10 - 00009728 ____A (Microsoft Corporation) C:\Windows\System32\fdBthProxy.dll
2012-12-30 18:09 - 2012-12-30 18:09 - 02033152 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-12-30 18:09 - 2012-12-30 18:09 - 00268288 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-12-30 18:08 - 2012-12-30 18:08 - 06069248 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-12-30 18:08 - 2012-12-30 18:08 - 03580416 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-12-30 18:08 - 2012-12-30 18:08 - 01383424 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-12-30 18:08 - 2012-12-30 18:08 - 01166336 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-12-30 18:08 - 2012-12-30 18:08 - 00827392 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-12-30 18:08 - 2012-12-30 18:08 - 00671232 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll
2012-12-30 18:08 - 2012-12-30 18:08 - 00458240 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-12-30 18:08 - 2012-12-30 18:08 - 00270336 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-12-30 18:08 - 2012-12-30 18:08 - 00028160 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-12-30 18:07 - 2012-12-30 18:07 - 00428544 ____A (Microsoft Corporation) C:\Windows\System32\EncDec.dll
2012-12-30 18:07 - 2012-12-30 18:07 - 00293376 ____A (Microsoft Corporation) C:\Windows\System32\psisdecd.dll
2012-12-30 18:07 - 2012-12-30 18:07 - 00217088 ____A (Microsoft Corporation) C:\Windows\System32\psisrndr.ax
2012-12-30 18:07 - 2012-12-30 18:07 - 00177664 ____A (Microsoft Corporation) C:\Windows\System32\mpg2splt.ax
2012-12-30 18:07 - 2012-12-30 18:07 - 00080896 ____A (Microsoft Corporation) C:\Windows\System32\MSNP.ax
2012-12-30 18:06 - 2012-12-30 18:06 - 00397312 ____A (Microsoft Corporation) C:\Windows\System32\AudioEng.dll
2012-12-30 18:06 - 2012-12-30 18:06 - 00314880 ____A (Microsoft Corporation) C:\Windows\System32\audiosrv.dll
2012-12-30 18:06 - 2012-12-30 18:06 - 00274944 ____A (Microsoft Corporation) C:\Windows\System32\AUDIOKSE.dll
2012-12-30 18:06 - 2012-12-30 18:06 - 00169984 ____A (Microsoft Corporation) C:\Windows\System32\EncDump.dll
2012-12-30 18:06 - 2012-12-30 18:06 - 00150528 ____A (Microsoft Corporation) C:\Windows\System32\MMDevAPI.dll
2012-12-30 18:06 - 2012-12-30 18:06 - 00116224 ____A (Microsoft Corporation) C:\Windows\System32\AudioSes.dll
2012-12-30 18:06 - 2012-12-30 18:06 - 00088064 ____A (Microsoft Corporation) C:\Windows\System32\audiodg.exe
2012-12-30 18:04 - 2012-12-30 18:15 - 00441794 ____A C:\Windows\CapsuleDll.log
2012-12-30 18:04 - 2012-12-30 18:04 - 00000000 ____D C:\Windows\Lan
2012-12-30 18:04 - 2009-02-19 05:59 - 00273408 ____A (Wistron Corp.) C:\Windows\PLAUNCH.EXE
2012-12-30 18:04 - 2008-04-03 02:19 - 00020480 ____A (Wistron Corp.) C:\Windows\PATCHFUL.EXE
2012-12-30 17:28 - 2012-12-30 17:29 - 00000000 ____D C:\Backup
2012-12-30 10:10 - 2012-12-30 10:10 - 00000000 ____D C:\Users\t.dung.tdung-PC\AppData\Local\Acer ePower Management V4
2012-12-30 10:08 - 2012-12-30 10:08 - 00000000 ____D C:\Program Files\Common Files\CyberLink
2012-12-30 10:07 - 2012-12-30 10:08 - 00000000 ____D C:\Program Files\CyberLink
2012-12-30 10:07 - 2012-12-30 10:06 - 00505128 ____A (Microsoft Corporation) C:\Windows\System32\msvcp71.dll
2012-12-30 10:07 - 2012-12-30 10:06 - 00353576 ____A (Microsoft Corporation) C:\Windows\System32\msvcr71.dll
2012-12-30 10:07 - 2012-12-30 10:06 - 00029480 ____A (Microsoft Corporation) C:\Windows\System32\msxml3a.dll
2012-12-30 10:05 - 2008-01-30 18:52 - 00014848 ____A (NewTech Infosystems, Inc.) C:\Windows\System32\Drivers\NTIDrvr.sys
2012-12-30 10:05 - 2008-01-30 18:51 - 00013824 ____A (NewTech Infosystems Corporation) C:\Windows\System32\Drivers\UBHelper.sys
2012-12-30 10:03 - 2012-12-30 10:03 - 00000000 ____D C:\Users\t.dung.tdung-PC\AppData\Roaming\Adobe
2012-12-30 10:02 - 2012-12-30 10:02 - 00000000 ____D C:\Users\t.dung.tdung-PC\AppData\Roaming\Google
2012-12-30 10:02 - 2009-04-14 22:33 - 00001922 ____A C:\Users\Public\Desktop\Magic Desktop.lnk
2012-12-30 10:01 - 2008-09-19 20:00 - 00011776 ____A (Microsoft Corporation) C:\Windows\System32\spwinsat.dll
2012-12-30 09:55 - 2012-12-30 09:55 - 00007680 ____A C:\Users\t.dung.tdung-PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-12-30 09:51 - 2012-12-30 09:51 - 00000000 ____D C:\Users\t.dung.tdung-PC\AppData\Roaming\Macromedia
2012-12-30 09:51 - 2012-12-30 09:51 - 00000000 ____A C:\Windows\Setup.INI
2012-12-30 09:49 - 2012-12-30 09:49 - 00000083 ____A C:\Windows\LManager.UNI
2012-12-30 09:49 - 2012-12-30 09:49 - 00000000 ____D C:\Program Files\Launch Manager
2012-12-30 09:46 - 2012-12-30 09:46 - 00000000 ____D C:\Users\t.dung.tdung-PC\AppData\Roaming\InstallShield
2012-12-30 09:45 - 2012-12-30 09:45 - 00000000 ____D C:\Users\t.dung.tdung-PC\Documents\Eigene Google Gadgets
2012-12-30 09:44 - 2012-12-30 10:02 - 00000000 ____D C:\Users\t.dung.tdung-PC\AppData\Local\Google
2012-12-30 09:44 - 2012-12-30 10:00 - 00000446 ____A C:\Windows\Tasks\Packard Bell Customer Registration - t.dung.job
2012-12-30 09:44 - 2012-12-30 09:44 - 00000000 ____A C:\Windows\System32\Drivers\PackardBell_EasyNoteTJ66_N-A_LXB870X011924B1B9A2200.MRK
2012-12-30 09:40 - 2012-12-30 09:44 - 00000000 ____D C:\Users\t.dung.tdung-PC\AppData\Local\Packard Bell
2012-12-30 09:40 - 2012-12-30 09:40 - 00071256 ____A C:\Users\t.dung.tdung-PC\AppData\Local\GDIPFONTCACHEV1.DAT
2012-12-30 09:39 - 2012-12-30 10:04 - 00000000 ____D C:\Program Files\Google
2012-12-30 09:39 - 2012-12-30 10:03 - 00000000 ____D C:\Users\All Users\Google
2012-12-30 09:39 - 2012-12-30 09:39 - 00000063 ____A C:\Windows\System32\SETAFR_Temp_DiskPart.txt
2012-12-30 09:39 - 2012-12-30 09:39 - 00000000 ____D C:\Windows\oem
2012-12-30 09:39 - 2012-12-30 09:39 - 00000000 ____D C:\Users\All Users\Partner
2012-12-30 09:38 - 2012-12-30 09:55 - 00000000 ____D C:\Users\t.dung.tdung-PC\AppData\Local\VirtualStore
2012-12-30 09:38 - 2012-12-30 09:51 - 00000000 ____D C:\users\t.dung.tdung-PC
2012-12-30 09:38 - 2012-12-30 09:38 - 00000020 __ASH C:\Users\t.dung.tdung-PC\ntuser.ini
2012-12-30 09:38 - 2012-12-30 09:38 - 00000000 __SHD C:\Users\t.dung.tdung-PC\Startmen¸
2012-12-30 09:38 - 2012-12-30 09:38 - 00000000 __SHD C:\Users\t.dung.tdung-PC\Netzwerkumgebung
2012-12-30 09:38 - 2012-12-30 09:38 - 00000000 __SHD C:\Users\t.dung.tdung-PC\Druckumgebung
2012-12-30 09:38 - 2012-12-30 09:38 - 00000000 __SHD C:\Users\t.dung.tdung-PC\Documents\Eigene Musik
2012-12-30 09:38 - 2012-12-30 09:38 - 00000000 __SHD C:\Users\t.dung.tdung-PC\Documents\Eigene Bilder
2012-12-30 09:38 - 2012-12-30 09:38 - 00000000 __SHD C:\Users\t.dung.tdung-PC\AppData\Local\Verlauf
2012-12-30 09:38 - 2009-08-25 22:11 - 00000000 ____D C:\Users\t.dung.tdung-PC\AppData\Local\Microsoft Help
2012-12-30 09:34 - 2012-12-30 09:34 - 00000000 __SHD C:\Users\All Users\Dokumente
2012-12-30 09:34 - 2012-12-30 09:34 - 00000000 __SHD C:\Programme
2012-12-30 09:30 - 2012-12-30 09:45 - 00000000 ____D C:\Program Files\CONEXANT
2012-12-30 09:29 - 2009-02-10 05:01 - 01108512 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpluir.dll
2012-12-30 09:29 - 2009-02-10 05:01 - 00797216 ____A (NVIDIA Corporation) C:\Windows\System32\nvcplui.exe
2012-12-30 09:29 - 2009-02-10 05:01 - 00420384 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpl.cpl
2012-12-30 09:28 - 2009-01-21 15:46 - 00453152 ____A (NVIDIA Corporation) C:\Windows\System32\nvuninst.exe
2012-12-30 09:24 - 2012-12-30 10:13 - 01386217 ____A C:\Windows\WindowsUpdate.log
2012-12-23 14:06 - 2012-12-23 14:06 - 00000000 ____D C:\Users\t.dung\Neuer Ordner (2)
2012-12-23 14:06 - 2008-05-04 12:17 - 00000000 ____D C:\Users\t.dung\sources
2012-12-23 14:06 - 2008-01-19 12:00 - 00333203 ____N C:\Users\t.dung\bootmgr
2012-12-23 14:03 - 2012-12-23 14:03 - 00000000 ____D C:\Users\t.dung\vista_recover_x86
2012-12-23 13:51 - 2012-12-23 14:03 - 150818816 ____A C:\Users\t.dung\vista_recover_x86.iso
2012-12-23 13:49 - 2012-12-23 13:49 - 00000000 ____D C:\Users\t.dung\AppData\Roaming\Canneverbe Limited
2012-12-23 13:38 - 2012-12-23 13:45 - 05212216 ____A (Canneverbe Limited                                          ) C:\Users\t.dung\Desktop\cdbxp_setup_4.5.0.3685.exe


==================== One Month Modified Files and Folders ========

2012-12-30 19:33 - 2012-12-30 19:33 - 00000000 ____D C:\FRST
2012-12-30 18:15 - 2012-12-30 18:04 - 00441794 ____A C:\Windows\CapsuleDll.log
2012-12-30 18:15 - 2009-03-04 11:35 - 00000181 _RASH C:\Preload.rev
2012-12-30 18:15 - 2008-02-05 15:39 - 00000000 ____D C:\Elements
2012-12-30 18:15 - 2007-04-12 14:38 - 00002238 ____A C:\Windows\USER.XML
2012-12-30 18:11 - 2012-12-30 18:11 - 00000000 ____D C:\Windows\System32\Drivers\zh-TW
2012-12-30 18:11 - 2012-12-30 18:11 - 00000000 ____D C:\Windows\System32\Drivers\zh-HK
2012-12-30 18:11 - 2012-12-30 18:11 - 00000000 ____D C:\Windows\System32\Drivers\zh-CN
2012-12-30 18:11 - 2012-12-30 18:11 - 00000000 ____D C:\Windows\System32\Drivers\uk-UA
2012-12-30 18:11 - 2012-12-30 18:11 - 00000000 ____D C:\Windows\System32\Drivers\tr-TR
2012-12-30 18:11 - 2012-12-30 18:11 - 00000000 ____D C:\Windows\System32\Drivers\th-TH
2012-12-30 18:11 - 2012-12-30 18:11 - 00000000 ____D C:\Windows\System32\Drivers\sv-SE
2012-12-30 18:11 - 2012-12-30 18:11 - 00000000 ____D C:\Windows\System32\Drivers\sr-Latn-CS
2012-12-30 18:11 - 2012-12-30 18:11 - 00000000 ____D C:\Windows\System32\Drivers\sl-SI
2012-12-30 18:11 - 2012-12-30 18:11 - 00000000 ____D C:\Windows\System32\Drivers\sk-SK
2012-12-30 18:11 - 2012-12-30 18:11 - 00000000 ____D C:\Windows\System32\Drivers\ru-RU
2012-12-30 18:11 - 2012-12-30 18:11 - 00000000 ____D C:\Windows\System32\Drivers\ro-RO
2012-12-30 18:11 - 2012-12-30 18:11 - 00000000 ____D C:\Windows\System32\Drivers\pt-PT
2012-12-30 18:11 - 2012-12-30 18:11 - 00000000 ____D C:\Windows\System32\Drivers\pt-BR
2012-12-30 18:11 - 2012-12-30 18:11 - 00000000 ____D C:\Windows\System32\Drivers\pl-PL
2012-12-30 18:11 - 2012-12-30 18:11 - 00000000 ____D C:\Windows\System32\Drivers\nl-NL
2012-12-30 18:11 - 2012-12-30 18:11 - 00000000 ____D C:\Windows\System32\Drivers\nb-NO
2012-12-30 18:11 - 2012-12-30 18:11 - 00000000 ____D C:\Windows\System32\Drivers\lv-LV
2012-12-30 18:11 - 2012-12-30 18:11 - 00000000 ____D C:\Windows\System32\Drivers\lt-LT
2012-12-30 18:11 - 2012-12-30 18:11 - 00000000 ____D C:\Windows\System32\Drivers\ko-KR
2012-12-30 18:11 - 2012-12-30 18:11 - 00000000 ____D C:\Windows\System32\Drivers\ja-JP
2012-12-30 18:11 - 2012-12-30 18:11 - 00000000 ____D C:\Windows\System32\Drivers\it-IT
2012-12-30 18:11 - 2012-12-30 18:11 - 00000000 ____D C:\Windows\System32\Drivers\hu-HU
2012-12-30 18:11 - 2012-12-30 18:11 - 00000000 ____D C:\Windows\System32\Drivers\hr-HR
2012-12-30 18:11 - 2012-12-30 18:11 - 00000000 ____D C:\Windows\System32\Drivers\he-IL
2012-12-30 18:11 - 2012-12-30 18:11 - 00000000 ____D C:\Windows\System32\Drivers\fr-FR
2012-12-30 18:11 - 2012-12-30 18:11 - 00000000 ____D C:\Windows\System32\Drivers\fi-FI
2012-12-30 18:11 - 2012-12-30 18:11 - 00000000 ____D C:\Windows\System32\Drivers\et-EE
2012-12-30 18:11 - 2012-12-30 18:11 - 00000000 ____D C:\Windows\System32\Drivers\el-GR
2012-12-30 18:11 - 2012-12-30 18:11 - 00000000 ____D C:\Windows\System32\Drivers\bg-BG
2012-12-30 18:11 - 2012-12-30 18:11 - 00000000 ____D C:\Windows\System32\Drivers\ar-SA
2012-12-30 18:11 - 2009-03-25 17:15 - 00000000 ____D C:\Windows\System32\Drivers\de-DE
2012-12-30 18:11 - 2006-11-02 04:42 - 00000000 ____D C:\Windows\System32\WCN
2012-12-30 18:11 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\zh-TW
2012-12-30 18:11 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\zh-HK
2012-12-30 18:11 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\zh-CN
2012-12-30 18:11 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\uk-UA
2012-12-30 18:11 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\tr-TR
2012-12-30 18:11 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\th-TH
2012-12-30 18:11 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\sv-SE
2012-12-30 18:11 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\sr-Latn-CS
2012-12-30 18:11 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\sl-SI
2012-12-30 18:11 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\sk-SK
2012-12-30 18:11 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\ru-RU
2012-12-30 18:11 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\ro-RO
2012-12-30 18:11 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\pt-PT
2012-12-30 18:11 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\pt-BR
2012-12-30 18:11 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\pl-PL
2012-12-30 18:11 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\nl-NL
2012-12-30 18:11 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\nb-NO
2012-12-30 18:11 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\lv-LV
2012-12-30 18:11 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\lt-LT
2012-12-30 18:11 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\ko-KR
2012-12-30 18:11 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\ja-JP
2012-12-30 18:11 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\it-IT
2012-12-30 18:11 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\hu-HU
2012-12-30 18:11 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\hr-HR
2012-12-30 18:11 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\he-IL
2012-12-30 18:11 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\fr-FR
2012-12-30 18:11 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\fi-FI
2012-12-30 18:11 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\et-EE
2012-12-30 18:11 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\el-GR
2012-12-30 18:11 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\DriverStore
2012-12-30 18:11 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\de-DE
2012-12-30 18:11 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\bg-BG
2012-12-30 18:11 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\ar-SA
2012-12-30 18:10 - 2012-12-30 18:10 - 02134528 ____A (Microsoft Corporation) C:\Windows\System32\FunctionDiscoveryFolder.dll
2012-12-30 18:10 - 2012-12-30 18:10 - 00968192 ____A (Microsoft Corporation) C:\Windows\System32\wcnwiz2.dll
2012-12-30 18:10 - 2012-12-30 18:10 - 00640512 ____A (Microsoft Corporation) C:\Windows\System32\bthprops.cpl
2012-12-30 18:10 - 2012-12-30 18:10 - 00478208 ____A (Microsoft Corporation) C:\Windows\System32\DevicePairing.dll
2012-12-30 18:10 - 2012-12-30 18:10 - 00291840 ____A (Microsoft Corporation) C:\Windows\System32\WscEapPr.dll
2012-12-30 18:10 - 2012-12-30 18:10 - 00165376 ____A (Microsoft Corporation) C:\Windows\System32\WcnNetsh.dll
2012-12-30 18:10 - 2012-12-30 18:10 - 00150528 ____A (Microsoft Corporation) C:\Windows\System32\fundisc.dll
2012-12-30 18:10 - 2012-12-30 18:10 - 00088064 ____A (Microsoft Corporation) C:\Windows\System32\fdBth.dll
2012-12-30 18:10 - 2012-12-30 18:10 - 00065536 ____A (Microsoft Corporation) C:\Windows\System32\DevicePairingWizard.exe
2012-12-30 18:10 - 2012-12-30 18:10 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\DevicePairingProxy.dll
2012-12-30 18:10 - 2012-12-30 18:10 - 00045568 ____A (Microsoft Corporation) C:\Windows\System32\bthci.dll
2012-12-30 18:10 - 2012-12-30 18:10 - 00040960 ____A (Microsoft Corporation) C:\Windows\System32\bthserv.dll
2012-12-30 18:10 - 2012-12-30 18:10 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hidclass.sys
2012-12-30 18:10 - 2012-12-30 18:10 - 00034816 ____A (Microsoft Corporation) C:\Windows\System32\wshbth.dll
2012-12-30 18:10 - 2012-12-30 18:10 - 00034304 ____A (Microsoft Corporation) C:\Windows\System32\bthudtask.exe
2012-12-30 18:10 - 2012-12-30 18:10 - 00025728 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hidparse.sys
2012-12-30 18:10 - 2012-12-30 18:10 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\fdProxy.dll
2012-12-30 18:10 - 2012-12-30 18:10 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hidusb.sys
2012-12-30 18:10 - 2012-12-30 18:10 - 00009728 ____A (Microsoft Corporation) C:\Windows\System32\fdBthProxy.dll
2012-12-30 18:09 - 2012-12-30 18:09 - 02033152 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-12-30 18:09 - 2012-12-30 18:09 - 00268288 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-12-30 18:08 - 2012-12-30 18:08 - 06069248 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-12-30 18:08 - 2012-12-30 18:08 - 03580416 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-12-30 18:08 - 2012-12-30 18:08 - 01383424 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-12-30 18:08 - 2012-12-30 18:08 - 01166336 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-12-30 18:08 - 2012-12-30 18:08 - 00827392 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-12-30 18:08 - 2012-12-30 18:08 - 00671232 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll
2012-12-30 18:08 - 2012-12-30 18:08 - 00458240 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-12-30 18:08 - 2012-12-30 18:08 - 00270336 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-12-30 18:08 - 2012-12-30 18:08 - 00028160 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-12-30 18:07 - 2012-12-30 18:07 - 00428544 ____A (Microsoft Corporation) C:\Windows\System32\EncDec.dll
2012-12-30 18:07 - 2012-12-30 18:07 - 00293376 ____A (Microsoft Corporation) C:\Windows\System32\psisdecd.dll
2012-12-30 18:07 - 2012-12-30 18:07 - 00217088 ____A (Microsoft Corporation) C:\Windows\System32\psisrndr.ax
2012-12-30 18:07 - 2012-12-30 18:07 - 00177664 ____A (Microsoft Corporation) C:\Windows\System32\mpg2splt.ax
2012-12-30 18:07 - 2012-12-30 18:07 - 00080896 ____A (Microsoft Corporation) C:\Windows\System32\MSNP.ax
2012-12-30 18:06 - 2012-12-30 18:06 - 00397312 ____A (Microsoft Corporation) C:\Windows\System32\AudioEng.dll
2012-12-30 18:06 - 2012-12-30 18:06 - 00314880 ____A (Microsoft Corporation) C:\Windows\System32\audiosrv.dll
2012-12-30 18:06 - 2012-12-30 18:06 - 00274944 ____A (Microsoft Corporation) C:\Windows\System32\AUDIOKSE.dll
2012-12-30 18:06 - 2012-12-30 18:06 - 00169984 ____A (Microsoft Corporation) C:\Windows\System32\EncDump.dll
2012-12-30 18:06 - 2012-12-30 18:06 - 00150528 ____A (Microsoft Corporation) C:\Windows\System32\MMDevAPI.dll
2012-12-30 18:06 - 2012-12-30 18:06 - 00116224 ____A (Microsoft Corporation) C:\Windows\System32\AudioSes.dll
2012-12-30 18:06 - 2012-12-30 18:06 - 00088064 ____A (Microsoft Corporation) C:\Windows\System32\audiodg.exe
2012-12-30 18:04 - 2012-12-30 18:04 - 00000000 ____D C:\Windows\Lan
2012-12-30 18:04 - 2006-11-02 04:42 - 00000000 ____D C:\Windows\WindowsMobile
2012-12-30 18:04 - 2006-11-02 04:42 - 00000000 ____D C:\Windows\System32\winrm
2012-12-30 18:04 - 2006-11-02 04:42 - 00000000 ____D C:\Windows\System32\slmgr
2012-12-30 18:04 - 2006-11-02 04:42 - 00000000 ____D C:\Windows\System32\Branding
2012-12-30 18:04 - 2006-11-02 04:37 - 00000000 ____D C:\Windows\DigitalLocker
2012-12-30 18:04 - 2006-11-02 04:37 - 00000000 ____D C:\Program Files\Windows Calendar
2012-12-30 18:04 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\MUI
2012-12-30 18:04 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\IME
2012-12-30 17:39 - 2010-05-08 12:07 - 00000000 ____D C:\Users\t.dung\AppData\Local\TeamSpeak 3 Client
2012-12-30 17:38 - 2010-10-23 10:03 - 00000000 ___HD C:\Users\t.dung\AppData\Local\PMB Files
2012-12-30 17:33 - 2012-04-08 05:50 - 00000000 ____D C:\Users\t.dung\AppData\Local\DDMSettings
2012-12-30 17:33 - 2011-11-11 01:09 - 00000000 ____D C:\Users\t.dung\AppData\Local\Akamai
2012-12-30 17:33 - 2011-06-23 07:03 - 00000000 ____D C:\Users\t.dung\AppData\Local\LogMeIn Hamachi
2012-12-30 17:33 - 2009-08-30 06:35 - 00000000 ____D C:\Users\t.dung\Any Video Converter
2012-12-30 17:32 - 2009-08-24 09:24 - 00000000 ____D C:\users\t.dung
2012-12-30 17:31 - 2012-05-02 08:02 - 00000000 ____D C:\Users\t.dung\100RICOH
2012-12-30 17:31 - 2012-05-02 08:01 - 00000000 ____D C:\Users\t.dung\100RICOH65
2012-12-30 17:31 - 2011-09-20 09:33 - 00000000 ____D C:\Users\t.dung\101RICOH
2012-12-30 17:30 - 2012-09-08 09:43 - 00000000 ____D C:\Users\t.dung\100CASIO
2012-12-30 17:29 - 2012-12-30 17:28 - 00000000 ____D C:\Backup
2012-12-30 17:29 - 2012-04-23 20:28 - 00000000 ____D C:\Users\t.dung\.idlerc
2012-12-30 17:29 - 2012-04-23 20:06 - 00000000 ____D C:\Users\t.dung\.freemind
2012-12-30 17:29 - 2011-09-07 13:05 - 00000000 ____D C:\Users\t.dung\.gimp-2.6
2012-12-30 10:16 - 2009-06-13 05:29 - 00079942 ____A C:\Users\All Users\nvModes.001
2012-12-30 10:16 - 2006-11-02 05:01 - 00013092 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-12-30 10:16 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-12-30 10:16 - 2006-11-02 04:47 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-12-30 10:16 - 2006-11-02 04:47 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-12-30 10:13 - 2012-12-30 09:24 - 01386217 ____A C:\Windows\WindowsUpdate.log
2012-12-30 10:13 - 2009-03-04 11:41 - 00945455 ____A C:\Windows\launApp.log
2012-12-30 10:13 - 2009-03-04 11:35 - 00000206 ____A C:\Windows\Factory.xml
2012-12-30 10:12 - 2009-03-04 11:46 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2012-12-30 10:10 - 2012-12-30 10:10 - 00000000 ____D C:\Users\t.dung.tdung-PC\AppData\Local\Acer ePower Management V4
2012-12-30 10:08 - 2012-12-30 10:08 - 00000000 ____D C:\Program Files\Common Files\CyberLink
2012-12-30 10:08 - 2012-12-30 10:07 - 00000000 ____D C:\Program Files\CyberLink
2012-12-30 10:06 - 2012-12-30 10:07 - 00505128 ____A (Microsoft Corporation) C:\Windows\System32\msvcp71.dll
2012-12-30 10:06 - 2012-12-30 10:07 - 00353576 ____A (Microsoft Corporation) C:\Windows\System32\msvcr71.dll
2012-12-30 10:06 - 2012-12-30 10:07 - 00029480 ____A (Microsoft Corporation) C:\Windows\System32\msxml3a.dll
2012-12-30 10:06 - 2009-03-25 09:53 - 00000016 ____A C:\Windows\SetLang.bat
2012-12-30 10:04 - 2012-12-30 09:39 - 00000000 ____D C:\Program Files\Google
2012-12-30 10:03 - 2012-12-30 10:03 - 00000000 ____D C:\Users\t.dung.tdung-PC\AppData\Roaming\Adobe
2012-12-30 10:03 - 2012-12-30 09:39 - 00000000 ____D C:\Users\All Users\Google
2012-12-30 10:02 - 2012-12-30 10:02 - 00000000 ____D C:\Users\t.dung.tdung-PC\AppData\Roaming\Google
2012-12-30 10:02 - 2012-12-30 09:44 - 00000000 ____D C:\Users\t.dung.tdung-PC\AppData\Local\Google
2012-12-30 10:00 - 2012-12-30 09:44 - 00000446 ____A C:\Windows\Tasks\Packard Bell Customer Registration - t.dung.job
2012-12-30 09:55 - 2012-12-30 09:55 - 00007680 ____A C:\Users\t.dung.tdung-PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-12-30 09:55 - 2012-12-30 09:38 - 00000000 ____D C:\Users\t.dung.tdung-PC\AppData\Local\VirtualStore
2012-12-30 09:51 - 2012-12-30 09:51 - 00000000 ____D C:\Users\t.dung.tdung-PC\AppData\Roaming\Macromedia
2012-12-30 09:51 - 2012-12-30 09:51 - 00000000 ____A C:\Windows\Setup.INI
2012-12-30 09:51 - 2012-12-30 09:38 - 00000000 ____D C:\users\t.dung.tdung-PC
2012-12-30 09:50 - 2006-11-02 02:33 - 01418806 ____A C:\Windows\System32\PerfStringBackup.INI
2012-12-30 09:49 - 2012-12-30 09:49 - 00000083 ____A C:\Windows\LManager.UNI
2012-12-30 09:49 - 2012-12-30 09:49 - 00000000 ____D C:\Program Files\Launch Manager
2012-12-30 09:48 - 2009-06-13 05:34 - 00000000 ____D C:\Program Files\VideoWebCamera
2012-12-30 09:47 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\system
2012-12-30 09:46 - 2012-12-30 09:46 - 00000000 ____D C:\Users\t.dung.tdung-PC\AppData\Roaming\InstallShield
2012-12-30 09:46 - 2009-06-13 05:29 - 00000000 ____D C:\Users\All Users\NVIDIA
2012-12-30 09:46 - 2009-03-04 11:35 - 00074050 ____A C:\Windows\PLaunch.log
2012-12-30 09:46 - 2006-11-02 04:37 - 00000000 ____D C:\Windows\System32\restore
2012-12-30 09:45 - 2012-12-30 09:45 - 00000000 ____D C:\Users\t.dung.tdung-PC\Documents\Eigene Google Gadgets
2012-12-30 09:45 - 2012-12-30 09:30 - 00000000 ____D C:\Program Files\CONEXANT
2012-12-30 09:44 - 2012-12-30 09:44 - 00000000 ____A C:\Windows\System32\Drivers\PackardBell_EasyNoteTJ66_N-A_LXB870X011924B1B9A2200.MRK
2012-12-30 09:44 - 2012-12-30 09:40 - 00000000 ____D C:\Users\t.dung.tdung-PC\AppData\Local\Packard Bell
2012-12-30 09:40 - 2012-12-30 09:40 - 00071256 ____A C:\Users\t.dung.tdung-PC\AppData\Local\GDIPFONTCACHEV1.DAT
2012-12-30 09:40 - 2009-06-13 05:29 - 00079942 ____A C:\Users\All Users\nvModes.dat
2012-12-30 09:39 - 2012-12-30 09:39 - 00000063 ____A C:\Windows\System32\SETAFR_Temp_DiskPart.txt
2012-12-30 09:39 - 2012-12-30 09:39 - 00000000 ____D C:\Windows\oem
2012-12-30 09:39 - 2012-12-30 09:39 - 00000000 ____D C:\Users\All Users\Partner
2012-12-30 09:39 - 2009-03-04 11:35 - 00000000 ___HD C:\Acer
2012-12-30 09:38 - 2012-12-30 09:38 - 00000020 __ASH C:\Users\t.dung.tdung-PC\ntuser.ini
2012-12-30 09:38 - 2012-12-30 09:38 - 00000000 __SHD C:\Users\t.dung.tdung-PC\Startmen¸
2012-12-30 09:38 - 2012-12-30 09:38 - 00000000 __SHD C:\Users\t.dung.tdung-PC\Netzwerkumgebung
2012-12-30 09:38 - 2012-12-30 09:38 - 00000000 __SHD C:\Users\t.dung.tdung-PC\Druckumgebung
2012-12-30 09:38 - 2012-12-30 09:38 - 00000000 __SHD C:\Users\t.dung.tdung-PC\Documents\Eigene Musik
2012-12-30 09:38 - 2012-12-30 09:38 - 00000000 __SHD C:\Users\t.dung.tdung-PC\Documents\Eigene Bilder
2012-12-30 09:38 - 2012-12-30 09:38 - 00000000 __SHD C:\Users\t.dung.tdung-PC\AppData\Local\Verlauf
2012-12-30 09:35 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\rescache
2012-12-30 09:34 - 2012-12-30 09:34 - 00000000 __SHD C:\Users\All Users\Dokumente
2012-12-30 09:34 - 2012-12-30 09:34 - 00000000 __SHD C:\Programme
2012-12-30 09:34 - 2006-11-02 03:18 - 00000000 __RHD C:\users\Default
2012-12-30 09:32 - 2008-02-05 15:25 - 00000000 ____D C:\Windows\Panther
2012-12-30 09:31 - 2008-01-20 18:47 - 00035358 ____A C:\Windows\PFRO.log
2012-12-30 09:30 - 2006-11-02 04:52 - 00114580 ____A C:\Windows\setupact.log
2012-12-30 09:29 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\Help
2012-12-30 09:27 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\Microsoft.NET
2012-12-30 09:25 - 2008-02-05 15:29 - 00005949 ____A C:\Windows\TSSysprep.log
2012-12-30 09:22 - 2006-11-02 04:48 - 00005506 ____A C:\Windows\DtcInstall.log
2012-12-30 09:22 - 2006-11-02 04:47 - 00300456 ____A C:\Windows\System32\FNTCACHE.DAT
2012-12-23 14:06 - 2012-12-23 14:06 - 00000000 ____D C:\Users\t.dung\Neuer Ordner (2)
2012-12-23 14:03 - 2012-12-23 14:03 - 00000000 ____D C:\Users\t.dung\vista_recover_x86
2012-12-23 14:03 - 2012-12-23 13:51 - 150818816 ____A C:\Users\t.dung\vista_recover_x86.iso
2012-12-23 13:49 - 2012-12-23 13:49 - 00000000 ____D C:\Users\t.dung\AppData\Roaming\Canneverbe Limited
2012-12-23 13:45 - 2012-12-23 13:38 - 05212216 ____A (Canneverbe Limited                                          ) C:\Users\t.dung\Desktop\cdbxp_setup_4.5.0.3685.exe

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2012-11-22 04:24:07
Restore point made on: 2012-11-23 06:13:12
Restore point made on: 2012-11-23 06:15:52
Restore point made on: 2012-11-23 06:16:31
Restore point made on: 2012-11-23 06:17:32
Restore point made on: 2012-11-23 06:19:27
Restore point made on: 2012-11-23 06:23:26
Restore point made on: 2012-11-23 06:25:00
Restore point made on: 2012-11-23 06:27:58
Restore point made on: 2012-11-23 07:33:22
Restore point made on: 2012-11-23 07:45:22
Restore point made on: 2012-11-23 08:04:07
Restore point made on: 2012-11-23 08:08:43
Restore point made on: 2012-11-24 12:52:48
Restore point made on: 2012-11-25 02:58:50
Restore point made on: 2012-11-29 16:24:39
Restore point made on: 2012-12-21 10:58:25
Restore point made on: 2012-12-22 01:33:42
Restore point made on: 2012-12-23 01:45:30
Restore point made on: 2012-12-23 17:32:21
Restore point made on: 2012-12-30 04:21:46
Restore point made on: 2012-12-30 09:47:18
Restore point made on: 2012-12-30 09:47:41
Restore point made on: 2012-12-30 09:48:08
Restore point made on: 2012-12-30 09:51:38
Restore point made on: 2012-12-30 10:00:05
Restore point made on: 2012-12-30 10:02:33
Restore point made on: 2012-12-30 10:06:58
Restore point made on: 2012-12-30 10:10:25
Restore point made on: 2012-12-30 10:11:58

==================== Memory info =========================== 

Percentage of memory in use: 13%
Total physical RAM: 4089.92 MB
Available physical RAM: 3519.09 MB
Total Pagefile: 3714.25 MB
Available Pagefile: 3556.17 MB
Total Virtual: 2047.88 MB
Available Virtual: 1966.31 MB

==================== Partitions =============================

1 Drive c: (OS) (Fixed) (Total:288.32 GB) (Free:151.91 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
3 Drive e: (PQSERVICE) (Fixed) (Total:9.76 GB) (Free:0.62 GB) FAT32
4 Drive f: (THUY DUNG) (Removable) (Total:1.89 GB) (Free:1.77 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

  Disk ###  Status      Size     Free     Dyn  Gpt
  --------  ----------  -------  -------  ---  ---
  Disk 0    Online       298 GB      0 B         
  Disk 1    Online      1936 MB      0 B         

Partitions of Disk 0:
===============

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    OEM                 10 GB  1024 KB
  Partition 2    Primary            288 GB    10 GB
  Partition 3    Primary           1360 KB   298 GB

=========================================================

Disk: 0
Partition 1
Type  : 27
Hidden: Yes
Active: No

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 3     E   PQSERVICE    FAT32  Partition     10 GB  Healthy    Hidden  

=========================================================

Disk: 0
Partition 2
Type  : 07
Hidden: No
Active: Yes

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 1     C   OS           NTFS   Partition    288 GB  Healthy            

=========================================================

Disk: 0
Partition 3
Type  : 17 (Suspicious Type)
Hidden: Yes
Active: No

There is no volume associated with this partition.

=========================================================

Partitions of Disk 1:
===============

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary           1935 MB    16 KB

=========================================================

Disk: 1
Partition 1
Type  : 0B
Hidden: No
Active: Yes

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 2     F   THUY DUNG    FAT32  Removable   1935 MB  Healthy            

=========================================================

Last Boot: 2012-12-30 09:40

==================== End Of Log ============================

schrauber · 31.12.2012, 12:01

Alles sauber

30.11.2012, 08:15	#22
schrauber /// the machine /// TB-Ausbilder	Umleitung auf falsche Seiten bei Google-Suchergebnissen Kein Problem __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

31.12.2012, 12:01	#24
schrauber /// the machine /// TB-Ausbilder	Umleitung auf falsche Seiten bei Google-Suchergebnissen Alles sauber __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Umleitung auf falsche Seiten bei Google-Suchergebnissen

Plagegeister aller Art und deren Bekämpfung: Umleitung auf falsche Seiten bei Google-Suchergebnissen