Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Schwarzer Bildschirm: ACHTUNG! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert. (https://www.trojaner-board.de/109468-schwarzer-bildschirm-achtung-sicherheitsgruenden-wurde-windowssystem-blockiert.html)

legte 09.02.2012 15:35
Schwarzer Bildschirm: ACHTUNG! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert.
 
Hallo...habe mir wohl auch den Trojaner eingefangen. Bin eher Ahnungslos was solche sachen angeht, bitte deswegen um Hilfe!

vielen dank schonmal

legte 09.02.2012 16:10
hier schonmal die OTL.text:OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 09.02.2012 15:45:51 - Run 1
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\McBong\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,40 Gb Available Physical Memory | 70,31% Memory free
4,23 Gb Paging File | 3,82 Gb Available in Paging File | 90,42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,19 Gb Total Space | 10,60 Gb Free Space | 9,53% Space Free | Partition Type: NTFS
Drive D: | 110,95 Gb Total Space | 110,86 Gb Free Space | 99,92% Space Free | Partition Type: NTFS
 
Computer Name: LEGTE | User Name: McBong | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2944183903-2455385367-4239640993-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{66B47709-635B-4CA1-86AD-F11BD5303671}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{750D4C9D-988B-466E-82ED-5780E836752F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{993E6505-5896-4409-A30C-8ECD6DDD98BA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{ADE928CB-8C72-41E1-BCEC-ADBC7154BDBF}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C76C1869-8368-4D25-AA49-823AF9188784}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{CE8FB913-CC4E-40E2-81EB-764B0ABF4658}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{E7878355-A559-4311-B728-B173B2FA35F4}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02536760-7D51-4789-B4A3-C1D97425AB46}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{0D1BCE91-3C8D-4EA0-ACC0-1F2DF1A43146}" = protocol=58 | dir=in | app=system |
"{17CEBFDD-5CD1-4704-B7FF-AF5DC4689A71}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{18BFABD5-C9C3-4F87-87D8-7D9739CB0989}" = protocol=6 | dir=in | app=c:\program files\electronic arts\medal of honor airborne\unrealengine3\binaries\moha.exe |
"{1A665A4A-9EC0-4CC0-9408-6E96FE262997}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{1C684CF4-F823-4683-A4E7-491D3A46DC5B}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-203 |
"{1C961E3D-10A2-4931-ADC1-EA4A6EFD5330}" = protocol=6 | dir=in | app=c:\steam\steamapps\common\company of heroes\reliccoh.exe |
"{216FED1D-5691-4908-BE91-A3C182EDB07F}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{2301E2C8-0142-4F45-AB16-23DBCAB4A282}" = protocol=6 | dir=in | app=c:\program files\thq\frontlines-fuel of war\binaries\ffow.exe |
"{28B68D2A-F821-4D4D-A083-5B60167B28BF}" = protocol=6 | dir=in | app=c:\steam\steamapps\common\company of heroes\help.htm |
"{36C8B3D4-5A40-4E1B-8C8B-D75D12DC52C1}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{3C86F8DD-FDAF-493D-A0C0-E6D476E7C3A5}" = protocol=6 | dir=in | app=c:\steam\steamapps\_nbc_mbomba\counter-strike source\hl2.exe |
"{42C7D4B2-21A3-4CDB-816C-B4DB073046A6}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{47B8C551-CCB6-4CCA-9117-AFF40CA3F148}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{4B9D91F1-250A-471F-B0C5-AE98E78E80E5}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{553B680A-D891-4610-8C8F-F7B9D3192FDA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{56A85547-800A-4835-BDE3-777F78234076}" = protocol=17 | dir=in | app=c:\program files\thq\company of heroes\reliccoh.exe |
"{57E8D0E2-7940-4D45-9BBE-77D8DE0EAD75}" = protocol=6 | dir=in | app=d:\games\call of duty 4 - modern warfare\iw3mp.exe |
"{583B2C32-E529-4604-9AED-C8A893858DAD}" = protocol=17 | dir=in | app=d:\games\call of duty 4 - modern warfare\iw3mp.exe |
"{648B391E-7E2A-4F78-BBFB-3286EFD5B5D9}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{6803871C-4FB4-42F0-B992-3569EA50AAEE}" = protocol=6 | dir=in | app=c:\program files\thq\company of heroes\reliccoh.exe |
"{68971CB7-50FE-4EC0-A6AB-D0951CD77475}" = protocol=6 | dir=in | app=c:\program files\veetle\player\veetlenet.exe |
"{6A187A56-1195-48C3-8C34-CE74248DFEBB}" = protocol=17 | dir=in | app=c:\steam\steamapps\_nbc_mbomba\counter-strike source\hl2.exe |
"{6B4BE259-C11A-410F-99E4-6EA4F5EF2D41}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{6D4282FF-3832-4DF8-A5F3-92DEEFCAEB9C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{6D4F9697-3EAF-4C37-8F5D-8822BC8589DA}" = protocol=6 | dir=in | app=c:\steam\steamapps\common\company of heroes\reliccoh.exe |
"{6F19FA79-B383-4960-824E-7F27698CA82F}" = protocol=17 | dir=in | app=c:\steam\steamapps\common\world in conflict\wic.exe |
"{7C564EF5-AE71-4DCE-A4C3-7609830AFB66}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{7ED31B05-C6DA-4535-ADC6-E8354B6530B6}" = protocol=17 | dir=in | app=c:\steam\steamapps\common\company of heroes\help.htm |
"{824AF212-CCFB-4F46-BF6F-90AC4959727C}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{82796F7D-B65B-4D40-A79E-FB7CA8B18DBA}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{8C26093A-D21D-4F51-9963-5D6D31D511A2}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{90F02C4B-D06A-4220-843E-995B5328991F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{92D4F71D-9C18-4D71-8CF6-2B9573DD3B37}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{9AEA4279-CBEB-4792-B481-6F368D51FE20}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{9B923C7C-0EF1-4243-B77E-0643971F5E84}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{9E0BA064-C12D-4696-96F1-246521FF0811}" = protocol=6 | dir=in | app=c:\steam\steamapps\common\world in conflict\wic.exe |
"{A097B9BC-2BC3-4896-9B3B-7BA6C6FCBE2C}" = protocol=17 | dir=in | app=c:\steam\steamapps\common\company of heroes\help.htm |
"{AC5AA03A-E556-4C3E-A262-AF337B9FEF6F}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{B2B32BD7-B5E7-4951-AB92-0F23F1B9C4C4}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{B439009E-23E8-44CF-8EC0-E2A666409AA6}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{B4EE88E1-8AFC-4CDC-8FD1-485E67E0E959}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{BA103456-6480-4F35-B51D-25A079ADE8FD}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{BFCAA488-6566-41E1-B93C-8309359BECC6}" = protocol=17 | dir=in | app=c:\steam\steamapps\common\world in conflict\wic.exe |
"{C041FC16-93D6-4F5E-A418-4068436E0E88}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{C1E7F250-11AE-4FC2-91FB-47C556FF5F9D}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{CECCB2DC-9CAB-480B-86EF-A8E0C79A8EB6}" = protocol=17 | dir=in | app=c:\program files\thq\frontlines-fuel of war\binaries\ffow.exe |
"{D17C7047-AB1C-46B6-A813-3B1FFFDA59F8}" = protocol=6 | dir=in | app=c:\steam\steamapps\common\world in conflict\wic.exe |
"{D52E6C49-2C6B-45ED-88D8-165B3195705C}" = protocol=17 | dir=in | app=c:\steam\steamapps\common\company of heroes\reliccoh.exe |
"{D5A6F7EF-B32F-4047-A0F1-F1DED339BFCA}" = protocol=6 | dir=in | app=c:\steam\steamapps\common\company of heroes\help.htm |
"{D5F4C610-F9BC-4EEE-BF48-161BD52FB26B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{DC9C6998-4443-4923-968A-4520B6EE1844}" = protocol=17 | dir=in | app=c:\program files\electronic arts\medal of honor airborne\unrealengine3\binaries\moha.exe |
"{E42A4B06-1E2C-4991-99BA-D71315749654}" = protocol=17 | dir=in | app=c:\steam\steamapps\common\company of heroes\reliccoh.exe |
"{E61FF275-CAE1-4C42-A592-22E6FF02ACB7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{F18DF5D2-44AF-4694-A26A-F0CC5D64F51C}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{F1B3DEB0-A03B-4D5E-AEA8-6A1EF03149A3}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{F24CAFE8-F9E7-4904-A80B-16C2650C0EF1}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{F33A75D7-0C99-44B4-A2AC-2C184232B014}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{F6D46925-C78C-4D61-ADD0-794E2F52861A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F8C41732-CF22-4B90-A58F-448491D55EE5}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"TCP Query User{05C7D752-9A6E-49CE-A6D6-45345B572E6B}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{0897D947-6F1E-4317-A57C-962A6631BC25}C:\steam\steamapps\_nbc_mbomba\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\steam\steamapps\_nbc_mbomba\counter-strike source\hl2.exe |
"TCP Query User{0ABD0DE2-23EB-434A-976B-06BCD9D979DC}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{11033848-3F4F-47D5-9B65-69DE994F8C64}C:\program files\icqlite\icqlite.exe" = protocol=6 | dir=in | app=c:\program files\icqlite\icqlite.exe |
"TCP Query User{17AF5A3E-B6DF-4A76-BC2D-682A85FA8589}C:\users\mcbong\desktop\lan\bf\bf1942.exe" = protocol=6 | dir=in | app=c:\users\mcbong\desktop\lan\bf\bf1942.exe |
"TCP Query User{19B78AAC-9E3C-4D55-85B8-88E11119EAB3}C:\users\mcbong\desktop\lan\q3\quake3.exe" = protocol=6 | dir=in | app=c:\users\mcbong\desktop\lan\q3\quake3.exe |
"TCP Query User{1E0DBB0D-133D-433A-8B0C-F33E48FF9984}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{1F11B69F-5D9B-4EFA-B819-87737346396D}C:\users\mcbong\desktop\aoe2\age2_x1.exe" = protocol=6 | dir=in | app=c:\users\mcbong\desktop\aoe2\age2_x1.exe |
"TCP Query User{1F8E718E-9581-43B3-950C-7DB1207E3180}C:\users\mcbong\desktop\lan\flatout 2\flatout2.exe" = protocol=6 | dir=in | app=c:\users\mcbong\desktop\lan\flatout 2\flatout2.exe |
"TCP Query User{2C31DDE3-75B0-4D03-A095-DDF0F111C7BF}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{345A58A4-0811-4280-8CF5-32687880928D}F:\lan\sudden strike 2\sudden strike ii\game\code\release\game_exe.exe" = protocol=6 | dir=in | app=f:\lan\sudden strike 2\sudden strike ii\game\code\release\game_exe.exe |
"TCP Query User{479BFE56-A7AF-4711-AD4C-2D1233A96AB3}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{4A20FDB7-7FC6-48EB-BB10-A61AE0F9FAA1}C:\program files\steam\steamapps\mcbong_nbc_\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\mcbong_nbc_\counter-strike source\hl2.exe |
"TCP Query User{4D1AFB2D-2046-4B91-AF7F-ACDBAFD8010B}C:\windows\system32\ppshell.exe" = protocol=6 | dir=in | app=c:\windows\system32\ppshell.exe |
"TCP Query User{4D7548E6-A559-4854-B436-2ED835381F85}D:\games\wwp\wwp.exe" = protocol=6 | dir=in | app=d:\games\wwp\wwp.exe |
"TCP Query User{52FA41C3-60E0-4CC0-8C59-3B91D5F40600}C:\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe" = protocol=6 | dir=in | app=c:\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe |
"TCP Query User{54396F5A-B949-4AC9-A5B8-1C3462BB8C08}C:\users\mcbong\desktop\lan\mohaa\moh_breakthrough.exe" = protocol=6 | dir=in | app=c:\users\mcbong\desktop\lan\mohaa\moh_breakthrough.exe |
"TCP Query User{60919F8B-AFED-4BDF-9856-9BA52A278C95}C:\program files\mirandax ardena\mirandax-ardena.exe" = protocol=6 | dir=in | app=c:\program files\mirandax ardena\mirandax-ardena.exe |
"TCP Query User{643B8478-3F0B-4F60-8164-D5DB745EEBE8}C:\users\mcbong\desktop\lan\cssoffline\hl2.exe" = protocol=6 | dir=in | app=c:\users\mcbong\desktop\lan\cssoffline\hl2.exe |
"TCP Query User{660547D2-AF74-4DA6-B201-7D20BF022CB6}E:\setup.exe" = protocol=6 | dir=in | app=e:\setup.exe |
"TCP Query User{69A80354-B362-471B-B136-6EA1471AB041}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{69F9E804-19EF-409B-8DFF-A15AEE33B7A5}C:\program files\cities online\cities3d.exe" = protocol=6 | dir=in | app=c:\program files\cities online\cities3d.exe |
"TCP Query User{6E0EDCE6-7A75-4B92-8341-82AE03E70A55}C:\users\mcbong\desktop\lan\cod\codmp.exe" = protocol=6 | dir=in | app=c:\users\mcbong\desktop\lan\cod\codmp.exe |
"TCP Query User{6FE743C2-FBA2-4879-886D-88252639E514}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{721B4FE6-72B5-4019-A9C6-6DA5E2F33A3B}C:\users\mcbong\desktop\mohaa\moh_breakthrough.exe" = protocol=6 | dir=in | app=c:\users\mcbong\desktop\mohaa\moh_breakthrough.exe |
"TCP Query User{7766E3D5-8584-42BC-8F73-9D5CA65CD17D}C:\program files\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files\miranda im\miranda32.exe |
"TCP Query User{7ADB50B4-7AFD-4E5D-9F1D-BDF20B0A8B2C}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{7DA29A13-6D72-4BDE-A631-498B564C32FC}D:\games\css\hl2.exe" = protocol=6 | dir=in | app=d:\games\css\hl2.exe |
"TCP Query User{802A4884-2B07-487E-9BC5-C462D66ACB44}C:\users\mcbong\desktop\lan\c&c generals\game.dat" = protocol=6 | dir=in | app=c:\users\mcbong\desktop\lan\c&c generals\game.dat |
"TCP Query User{8164924E-6C56-4A0E-BD8D-A8B5F1A4C8C0}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{8AE403CF-7A32-4AB0-A641-E53FFC4BB41E}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{917FEE78-A9CE-4F42-81B7-645D82D5808D}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{9CF143C9-E45A-4DB5-A9EA-ECB51245DA3D}D:\games\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=d:\games\team fortress 2\hl2.exe |
"TCP Query User{9FA98226-8060-4D3B-9413-B1114459C35E}C:\users\mcbong\desktop\lan\cs 1.6\hl.exe" = protocol=6 | dir=in | app=c:\users\mcbong\desktop\lan\cs 1.6\hl.exe |
"TCP Query User{A2CE2F00-360B-4892-AA6F-13FB95287084}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{A3D1BE41-BA1B-4DDC-9F8A-7B4167B82C31}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{AF3415C6-F76F-4545-87FB-85664298C10E}C:\program files\tvants\tvants.exe" = protocol=6 | dir=in | app=c:\program files\tvants\tvants.exe |
"TCP Query User{B33D3408-C4CD-4354-A0C1-12AB15E42A88}C:\program files\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files\miranda im\miranda32.exe |
"TCP Query User{B3DBCEF9-2133-4FC3-AAEF-F10933B251CA}C:\users\mcbong\desktop\lan\cs 1.6\hl.exe" = protocol=6 | dir=in | app=c:\users\mcbong\desktop\lan\cs 1.6\hl.exe |
"TCP Query User{C0653B83-EAF7-43D0-9B6A-756268CDB3B3}D:\games\unreal tournament\system\unrealtournament.exe" = protocol=6 | dir=in | app=d:\games\unreal tournament\system\unrealtournament.exe |
"TCP Query User{CDF75EC9-5C97-40A3-BCBC-0F5364AE7435}C:\program files\mirandafusion\miranda32.exe" = protocol=6 | dir=in | app=c:\program files\mirandafusion\miranda32.exe |
"TCP Query User{CFDADCA3-71CA-4BD1-9058-7E9A336E0849}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{D138FDFE-47DE-460C-A255-97B18D1E70A8}C:\program files\steam\steamapps\mcbong_nbc_\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\mcbong_nbc_\counter-strike source\hl2.exe |
"TCP Query User{D885E559-97ED-472B-AB44-1977894AFF1A}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{DBAE94CA-7386-4F95-8820-AD84592A77CB}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{E1FEF574-7F20-4320-87CD-493E3E440795}C:\users\mcbong\desktop\lan\cs 1.6\hltv.exe" = protocol=6 | dir=in | app=c:\users\mcbong\desktop\lan\cs 1.6\hltv.exe |
"TCP Query User{E38F35C6-6229-4458-AC9C-29523F216DEC}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe |
"TCP Query User{FCCFCD43-8847-4400-9B7D-E9899B8ADC44}C:\program files\mirandafusion\miranda32.exe" = protocol=6 | dir=in | app=c:\program files\mirandafusion\miranda32.exe |
"TCP Query User{FEB45630-055F-4909-BF55-DB942E17D4C5}C:\users\mcbong\desktop\lan\insane\game.exe" = protocol=6 | dir=in | app=c:\users\mcbong\desktop\lan\insane\game.exe |
"UDP Query User{005991EB-BE8C-4FA5-8405-F12CA6067A97}C:\program files\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files\miranda im\miranda32.exe |
"UDP Query User{0259D18D-3FAB-4718-B0DB-B0CCFCD716FB}D:\games\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=d:\games\team fortress 2\hl2.exe |
"UDP Query User{025C3F39-C2E2-4BB7-BEAD-47E47AE08ADA}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{03DE8CEF-2B49-4015-A719-D69E64A057E8}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{0622F752-BDCE-440D-A1EC-72201E823A4E}D:\games\css\hl2.exe" = protocol=17 | dir=in | app=d:\games\css\hl2.exe |
"UDP Query User{15F8FCE3-5680-4471-A81C-2495BA3CF7F6}C:\users\mcbong\desktop\lan\cs 1.6\hltv.exe" = protocol=17 | dir=in | app=c:\users\mcbong\desktop\lan\cs 1.6\hltv.exe |
"UDP Query User{20B345B0-74BC-419D-894A-5A9AF0A26B7B}C:\program files\cities online\cities3d.exe" = protocol=17 | dir=in | app=c:\program files\cities online\cities3d.exe |
"UDP Query User{26045F51-BE03-4364-AC4E-7CB34CA3F210}C:\users\mcbong\desktop\lan\cssoffline\hl2.exe" = protocol=17 | dir=in | app=c:\users\mcbong\desktop\lan\cssoffline\hl2.exe |
"UDP Query User{3181219D-1AFE-44C4-9076-4D78A1D6F61D}D:\games\unreal tournament\system\unrealtournament.exe" = protocol=17 | dir=in | app=d:\games\unreal tournament\system\unrealtournament.exe |
"UDP Query User{363217F0-23A5-452C-AEC1-FF17B21CFAAD}C:\users\mcbong\desktop\lan\flatout 2\flatout2.exe" = protocol=17 | dir=in | app=c:\users\mcbong\desktop\lan\flatout 2\flatout2.exe |
"UDP Query User{3B0BC93D-9152-4342-9561-4DA4C1D34338}C:\users\mcbong\desktop\mohaa\moh_breakthrough.exe" = protocol=17 | dir=in | app=c:\users\mcbong\desktop\mohaa\moh_breakthrough.exe |
"UDP Query User{3C7865F8-0133-473D-80EB-7E079E09303E}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{3FB1EF2C-4DFE-4B4F-A69F-935FEDC5E4B7}C:\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe" = protocol=17 | dir=in | app=c:\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe |
"UDP Query User{43AC643A-40E3-4EE0-9F55-6BE6AF336B4C}C:\windows\system32\ppshell.exe" = protocol=17 | dir=in | app=c:\windows\system32\ppshell.exe |
"UDP Query User{441B8061-B1E7-4D5A-AEF1-F811BEF2B812}F:\lan\sudden strike 2\sudden strike ii\game\code\release\game_exe.exe" = protocol=17 | dir=in | app=f:\lan\sudden strike 2\sudden strike ii\game\code\release\game_exe.exe |
"UDP Query User{46578B5D-30A2-4CE1-9C88-2BCC8F5F6966}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{497FE6ED-943E-4BA5-8F4D-226B29A21388}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{4C348885-129A-4340-BD69-20F3A6EE5572}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe |
"UDP Query User{4C7BE2ED-D3B2-4180-B196-0036AE9B3839}C:\program files\mirandafusion\miranda32.exe" = protocol=17 | dir=in | app=c:\program files\mirandafusion\miranda32.exe |
"UDP Query User{4E6568CD-E3F4-4547-BE75-9031543956CB}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{4F8EB8BB-056D-45D4-A692-28497E6B4784}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{52466F6C-53F9-4FB1-87D0-39EF9680A52A}C:\program files\icqlite\icqlite.exe" = protocol=17 | dir=in | app=c:\program files\icqlite\icqlite.exe |
"UDP Query User{52983BFB-870C-45FA-A4FF-B3AC317D1A42}C:\program files\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files\miranda im\miranda32.exe |
"UDP Query User{54C5584C-A1CA-4874-880B-6553BFB04717}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{592CDD5D-4493-4B06-9D23-E0A96B460161}C:\program files\tvants\tvants.exe" = protocol=17 | dir=in | app=c:\program files\tvants\tvants.exe |
"UDP Query User{5951B289-F426-4922-B061-41A3CB9BB4C3}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{6007B437-7556-439C-BCD8-264E6EF6B02A}C:\program files\steam\steamapps\mcbong_nbc_\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\mcbong_nbc_\counter-strike source\hl2.exe |
"UDP Query User{63CED4FE-C5B3-464E-9C20-732AD2EB3D16}C:\users\mcbong\desktop\lan\cod\codmp.exe" = protocol=17 | dir=in | app=c:\users\mcbong\desktop\lan\cod\codmp.exe |
"UDP Query User{6E59DA57-897A-48D7-8C69-361697F5097E}D:\games\wwp\wwp.exe" = protocol=17 | dir=in | app=d:\games\wwp\wwp.exe |
"UDP Query User{7E45C771-9739-4520-97EA-738E23305FB5}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{7E90B9F8-7B6B-4FD7-AD42-3FE63843F10F}C:\users\mcbong\desktop\lan\c&c generals\game.dat" = protocol=17 | dir=in | app=c:\users\mcbong\desktop\lan\c&c generals\game.dat |
"UDP Query User{83D181F1-6D69-4ABB-B380-32DA73264C2A}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{85E615A4-1E7F-4699-9DB7-CA4910016D60}C:\program files\mirandafusion\miranda32.exe" = protocol=17 | dir=in | app=c:\program files\mirandafusion\miranda32.exe |
"UDP Query User{8E378500-F5F0-43B7-B9CC-A0532CFDBB0C}C:\users\mcbong\desktop\lan\mohaa\moh_breakthrough.exe" = protocol=17 | dir=in | app=c:\users\mcbong\desktop\lan\mohaa\moh_breakthrough.exe |
"UDP Query User{9A69D11C-2957-4F43-9937-7A6DD9F24FA2}C:\program files\steam\steamapps\mcbong_nbc_\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\mcbong_nbc_\counter-strike source\hl2.exe |
"UDP Query User{B7904D14-D44D-4662-89E1-82CB9A831BF4}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{BDC7684F-EBE6-4D42-80B0-22246F0A4178}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{BE23EAFA-5FF6-48E5-8F81-D1F6B5C2B9CC}C:\users\mcbong\desktop\lan\q3\quake3.exe" = protocol=17 | dir=in | app=c:\users\mcbong\desktop\lan\q3\quake3.exe |
"UDP Query User{C2C9D2CB-48EB-49C3-8518-78D5EDD98000}C:\users\mcbong\desktop\aoe2\age2_x1.exe" = protocol=17 | dir=in | app=c:\users\mcbong\desktop\aoe2\age2_x1.exe |
"UDP Query User{C50E82A5-C5A3-46E2-AB0D-0848C3D02433}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{D39536D6-822D-40F9-B5F4-E7B1A7423B72}C:\program files\mirandax ardena\mirandax-ardena.exe" = protocol=17 | dir=in | app=c:\program files\mirandax ardena\mirandax-ardena.exe |
"UDP Query User{D3E3D578-19C5-4ACC-A704-A0AC60802C0E}C:\users\mcbong\desktop\lan\cs 1.6\hl.exe" = protocol=17 | dir=in | app=c:\users\mcbong\desktop\lan\cs 1.6\hl.exe |
"UDP Query User{D9B8FB54-6B37-47AE-B93B-F2C3A195BBF3}C:\users\mcbong\desktop\lan\insane\game.exe" = protocol=17 | dir=in | app=c:\users\mcbong\desktop\lan\insane\game.exe |
"UDP Query User{DC67A3DE-885E-4BF0-8582-B9E0AD3E801D}E:\setup.exe" = protocol=17 | dir=in | app=e:\setup.exe |
"UDP Query User{DD4524ED-4C93-4075-B90A-F2FFE2FC8CA1}C:\steam\steamapps\_nbc_mbomba\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\steam\steamapps\_nbc_mbomba\counter-strike source\hl2.exe |
"UDP Query User{E0099091-F7D5-4548-94B0-081583B269D9}C:\users\mcbong\desktop\lan\cs 1.6\hl.exe" = protocol=17 | dir=in | app=c:\users\mcbong\desktop\lan\cs 1.6\hl.exe |
"UDP Query User{F0BBF570-5096-4EB5-9DDC-E7880998D52D}C:\users\mcbong\desktop\lan\bf\bf1942.exe" = protocol=17 | dir=in | app=c:\users\mcbong\desktop\lan\bf\bf1942.exe |
"UDP Query User{F5D3F14B-8EB1-416F-AB4B-B549D3C5879F}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{FEC70D01-6339-47E4-857E-EA806115A0BB}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX300_series" = Canon MX300 series
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216016F0}" = Java(TM) 6 Update 16
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{3127F76D-5335-4AC7-BD1E-2F5247A23C24}" = iTunes
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode
"{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Acer Crystal Eye Webcam Video Class Camera
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{46B70DEB-97B3-4E38-B746-EC16905E6A8F}" = WISO Sparbuch 2010
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}" = Cisco Systems VPN Client 5.0.04.0300
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56918C0C-0D87-4CA6-92BF-4975A43AC719}" = KhalInstallWrapper
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{5ff9ed1e-282e-4eb6-95ec-d2e1d10397f5}" = Nero 9 Trial
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7
"{6B2C675E-8040-431B-99C4-137DF4FBF75A}" = Thermal Analysis Tool
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11170417}" = Luxor 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111730193}" = Star Defender 3
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95F19350-A3A2-491B-A404-54BDD34DB49D}" = Gameztar Toolbar
"{9DE4E17F-0C99-4A57-8F7D-5B69CC95D7A9}" = NHL Eastside Hockey Manager 2007
"{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA047D7C-5E7C-4878-B75C-77589151B563}" = Acer Crystal Eye webcam
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC1ACE88-C471-494E-B5FA-0B7C21F22E4F}" = Orion
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{AEEAE013-92F1-4515-B278-139F1A692A36}" = Acer eDataSecurity Management
"{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer 3.72
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{DCCAB2CD-3E76-4B47-A8DB-35BAF7B600A3}" = Oracle Crystal Ball (32-bit)
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E17141A6-211D-5854-61D9-69827A430D82}" = EA Download Manager UI
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows-Treiberpaket - Nokia pccsmcfd  (10/12/2007 6.85.4.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus
"Bannco DriverInstaller for X86_is1" = Bannco DriverInstaller for X86 V2.0
"bwin Poker_is1" = bwin Poker
"Canon MX300 series Benutzerregistrierung" = Canon MX300 series Benutzerregistrierung
"CANONIJPLM100" = PIXMA Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CitiesOnline" = CitiesOnline
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"EA Download Manager" = EA Download Manager
"Eastside Hockey Manager v1.16_is1" = Eastside Hockey Manager v1.16
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"Gameztar Toolbar" = Gameztar Toolbar
"GNU Backgammon_is1" = GNU Backgammon (MAIN branch, 20081113 code)
"Google Chrome" = Google Chrome
"GridVista" = Acer GridVista
"HOMESTUDENTR" = Microsoft Office Home and Student 2007-Testversion
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch
"InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"LManager" = Launch Manager
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Miranda IM" = Miranda IM 0.7.19
"Mozilla Firefox (3.6.26)" = Mozilla Firefox (3.6.26)
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"NVIDIA Drivers" = NVIDIA Drivers
"PartyPoker" = PartyPoker
"PhotoFiltre" = PhotoFiltre
"PokerStars" = PokerStars
"QuestService" = QuestService 1.0 build 115
"R for Windows 2.9.2_is1" = R for Windows 2.9.2
"Rasche`s Doppelkopf 2.0 & 3.3" = Rasche`s Doppelkopf 2.0 & 3.3
"Samsung ML-1640 Series" = Samsung ML-1640 Series
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"SopCast" = SopCast 3.0.3
"SpeedFan" = SpeedFan (remove only)
"Steam App 21760" = World in Conflict
"Steam App 21910" = World in Conflict: Soviet Assault
"Steam App 240" = Counter-Strike: Source
"Steam App 4560" = Company of Heroes
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"The Game of Life Deluxe Fyrrion" = The Game of Life Deluxe Fyrrion
"Tinn-R_is1" = Tinn-R 2.3.2.3
"TripleAVersion1_1_1_0" = TripleA Version 1_1_1_0
"TVAnts 1.0" = TVAnts 1.0
"Uninstall_is1" = Uninstall 1.0.0.1
"Urlaubsparadies Tycoon 2011_is1" = Urlaubsparadies Tycoon 2011
"UseNeXT_is1" = UseNeXT
"Veetle TV" = Veetle TV
"VLC media player" = VLC media player 1.0.5
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"XP Codec Pack" = XP Codec Pack
"Yahoo! Companion" = Yahoo! Toolbar mit Pop-Up-Blocker
"Yahoo! Toolbar" = Yahoo! Toolbar
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 08.02.2012 15:15:23 | Computer Name = Legte.VorrübergehendMadDog | Source = RasClient | ID = 20227
Description =
 
Error - 08.02.2012 15:16:44 | Computer Name = Legte.VorrübergehendMadDog | Source = RasClient | ID = 20227
Description =
 
Error - 08.02.2012 15:18:54 | Computer Name = Legte.VorrübergehendMadDog | Source = RasClient | ID = 20227
Description =
 
Error - 08.02.2012 16:21:49 | Computer Name = Legte.VorrübergehendMadDog | Source = Application Hang | ID = 1002
Description = Programm miranda32.exe, Version 0.7.4.3 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: ea0  Anfangszeit: 01cce697b8f8b188  Zeitpunkt der Beendigung:
 328
 
Error - 09.02.2012 04:11:25 | Computer Name = Legte.VorrübergehendMadDog | Source = Application Hang | ID = 1002
Description = Programm miranda32.exe, Version 0.7.4.3 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: ee4  Anfangszeit: 01cce70174eb879c  Zeitpunkt der Beendigung:
 15
 
Error - 09.02.2012 10:10:43 | Computer Name = Legte.VorrübergehendMadDog | Source = Application Hang | ID = 1002
Description = Programm miranda32.exe, Version 0.7.4.3 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: 4e8  Anfangszeit: 01cce73446e2dc8e  Zeitpunkt der Beendigung:
 0
 
Error - 09.02.2012 10:13:17 | Computer Name = Legte.VorrübergehendMadDog | Source = EventSystem | ID = 4609
Description =
 
Error - 09.02.2012 10:24:07 | Computer Name = Legte.VorrübergehendMadDog | Source = Application Hang | ID = 1002
Description = Programm miranda32.exe, Version 0.7.4.3 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: e94  Anfangszeit: 01cce73625f05f7b  Zeitpunkt der Beendigung:
 78
 
Error - 09.02.2012 10:28:18 | Computer Name = Legte.VorrübergehendMadDog | Source = EventSystem | ID = 4609
Description =
 
Error - 09.02.2012 10:48:52 | Computer Name = Legte.VorrübergehendMadDog | Source = System Restore | ID = 8193
Description =
 
[ OSession Events ]
Error - 24.02.2011 15:00:44 | Computer Name = Legte.VorrübergehendMadDog | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2351
 seconds with 2340 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 17.11.2008 14:45:35 | Computer Name = McBong-PC.VorrübergehendMadDog | Source = netbt | ID = 4321
Description = Der Name "MCBONG-PC      :0" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.2.33  registriert werden. Der Computer mit IP-Adresse 192.168.2.89
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 17.11.2008 14:45:35 | Computer Name = McBong-PC.VorrübergehendMadDog | Source = netbt | ID = 4321
Description = Der Name "MCBONG-PC      :20" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.2.33  registriert werden. Der Computer mit IP-Adresse 192.168.2.89
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 19.11.2008 04:59:25 | Computer Name = McBong-PC.VorrübergehendMadDog | Source = HTTP | ID = 15016
Description =
 
Error - 19.11.2008 12:38:58 | Computer Name = McBong-PC.VorrübergehendMadDog | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 20.11.2008 04:23:25 | Computer Name = McBong-PC.VorrübergehendMadDog | Source = HTTP | ID = 15016
Description =
 
Error - 20.11.2008 06:13:42 | Computer Name = McBong-PC.VorrübergehendMadDog | Source = HTTP | ID = 15016
Description =
 
Error - 20.11.2008 06:20:19 | Computer Name = McBong-PC.VorrübergehendMadDog | Source = ACPI | ID = 327693
Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen
 Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware
 hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie
den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen
 Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
 
Error - 20.11.2008 06:20:31 | Computer Name = McBong-PC.VorrübergehendMadDog | Source = HTTP | ID = 15016
Description =
 
Error - 20.11.2008 06:43:59 | Computer Name = McBong-PC.VorrübergehendMadDog | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.2.33 für die Netzwerkkarte mit der Netzwerkadresse
 001CBF6062B3 wurde durch den DHCP-Server 192.168.2.1 abgelehnt (der DHCP-Server
 hat eine DHCPNACK-Meldung gesendet).
 
Error - 21.11.2008 05:03:19 | Computer Name = McBong-PC.VorrübergehendMadDog | Source = HTTP | ID = 15016
Description =
 
 
< End of report >
--- --- ---

markusg 09.02.2012 16:12
hi,
1. weist du noch wo du zum infektionszeitpunkt gesurft bist, info an mich als private nachicht.
2. otl.txt fehlt.

legte 09.02.2012 16:43
OTL textOTL Logfile:
Code:
OTL logfile created on: 09.02.2012 16:30:48 - Run 1
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\McBong\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,21 Gb Available Physical Memory | 60,59% Memory free
4,23 Gb Paging File | 3,70 Gb Available in Paging File | 87,53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,19 Gb Total Space | 10,58 Gb Free Space | 9,51% Space Free | Partition Type: NTFS
Drive D: | 110,95 Gb Total Space | 110,86 Gb Free Space | 99,92% Space Free | Partition Type: NTFS
 
Computer Name: LEGTE | User Name: McBong | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.02.09 15:40:39 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\McBong\Downloads\OTL.exe
PRC - [2012.02.01 17:38:24 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.02.01 17:38:24 | 001,014,232 | ---- | M] () -- C:\Programme\Mozilla Firefox\js3250.dll
MOD - [2010.11.07 00:12:51 | 005,971,408 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] --  -- (QuestService Service)
SRV - File not found [Auto | Stopped] --  -- (gupdate) Google Update Service (gupdate)
SRV - File not found [Auto | Stopped] --  -- (CLTNetCnService)
SRV - [2011.10.21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.10.13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010.02.21 19:55:29 | 000,002,560 | ---- | M] () [Auto | Stopped] -- C:\Windows\Runservice.exe -- (LicCtrlService)
SRV - [2009.10.20 16:46:57 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009.09.24 10:59:26 | 001,695,368 | ---- | M] (NanJing Nagasoft Co, LTD.) [Auto | Stopped] -- C:\Windows\System32\nagasoft\vjocx.dll -- (vvdsvc)
SRV - [2009.09.23 13:38:18 | 000,935,208 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009.04.07 08:39:44 | 000,233,472 | ---- | M] (Teruten) [Auto | Stopped] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2008.10.26 22:36:28 | 000,068,865 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler)
SRV - [2008.10.26 22:36:23 | 000,151,297 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService)
SRV - [2008.08.29 13:58:16 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2008.04.07 08:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 08:36:49 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008.01.19 08:36:15 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007.09.14 14:32:46 | 000,167,936 | ---- | M] (acer) [Auto | Stopped] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)
SRV - [2007.05.10 13:05:36 | 000,024,576 | ---- | M] () [Auto | Stopped] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007.04.25 15:34:30 | 000,457,512 | ---- | M] (HiTRSUT) [Auto | Stopped] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service)
SRV - [2007.04.13 08:20:22 | 000,097,432 | ---- | M] () [Auto | Stopped] -- C:\Programme\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2007.03.21 13:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007.03.14 09:52:30 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Stopped] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2007.02.13 06:26:50 | 000,053,248 | ---- | M] (Acer Inc.) [Auto | Stopped] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2007.01.26 13:24:42 | 000,050,688 | ---- | M] () [Auto | Stopped] -- C:\Acer\ALaunch\ALaunchSvc.exe -- (ALaunchService)
SRV - [2006.11.24 11:57:54 | 000,107,008 | ---- | M] () [Auto | Stopped] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2010.09.06 12:09:58 | 000,023,680 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\W_MouseCombo.sys -- (MOUSECONTROLLER)
DRV - [2009.08.19 12:35:00 | 009,787,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.05.28 11:23:37 | 000,075,096 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.05.28 11:23:31 | 000,052,056 | ---- | M] (Avira GmbH) [File_System | On_Demand | Stopped] -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt)
DRV - [2009.05.28 11:23:29 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio)
DRV - [2009.04.11 05:45:24 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST) RMCAST (Pgm)
DRV - [2009.04.07 08:39:44 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009.03.20 09:01:26 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2009.03.20 09:01:26 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
DRV - [2009.03.20 09:01:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
DRV - [2008.10.18 18:08:56 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008.08.29 13:57:18 | 000,306,299 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2008.03.29 17:36:28 | 000,125,328 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2008.02.22 15:33:02 | 000,114,304 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2008.02.22 15:33:02 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2008.02.22 15:33:00 | 000,087,936 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2008.01.10 02:34:43 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2008.01.10 02:34:42 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2007.09.17 14:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007.08.08 01:26:06 | 002,226,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007.08.02 15:17:26 | 001,749,376 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2007.06.14 03:33:26 | 000,154,624 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007.04.11 15:33:14 | 000,028,688 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2007.04.11 15:32:58 | 000,036,112 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2007.04.11 15:32:52 | 000,034,832 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007.03.21 21:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007.03.07 09:26:50 | 000,032,256 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
DRV - [2007.03.01 10:34:36 | 000,028,352 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2007.02.24 13:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007.01.30 06:23:30 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007.01.23 15:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007.01.18 18:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006.12.07 18:12:02 | 000,076,584 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2006.11.02 14:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Stopped] -- C:\Programme\Launch Manager\DPortIO.sys -- (DritekPortIO)
DRV - [2006.11.02 08:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2006.09.24 14:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\Windows\system32\speedfan.sys -- (speedfan)
DRV - [1996.04.03 20:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\giveio.sys -- (giveio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/sp/*hxxp://de.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 78.49.66.2.:80
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {AAF6454A-4000-4015-84C1-6CD844C06B19}:1.0
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {E63605FC-D583-4C81-867F-9457BDB3EA1B}:4.1.0.2080
FF - prefs.js..network.proxy.type: 4
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.16: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{40f1eb95-4de4-4f36-a826-054ee36bb905}: C:\Program Files\Gameztar Toolbar\2.1.3.6670\FFToolbar
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{E63605FC-D583-4C81-867F-9457BDB3EA1B}: C:\Program Files\Web Search Operator\4.1.0.2080\FF [2009.12.20 15:35:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8141440E-08F0-4339-9959-5C31C6A69F23}: C:\Program Files\Automated Content Enhancer\4.1.0.5290\FF [2009.12.20 15:35:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{E889F097-B0BE-471B-89AD-B86B6F04B506}: C:\Program Files\Customized Platform Advancer\4.1.0.1960\FF [2009.12.20 15:36:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.26\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.01 17:38:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.26\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.02.01 17:38:25 | 000,000,000 | ---D | M]
 
[2009.05.14 19:29:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\McBong\AppData\Roaming\mozilla\Extensions
[2012.02.08 18:06:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\McBong\AppData\Roaming\mozilla\Firefox\Profiles\e9u709uq.default\extensions
[2009.09.02 10:08:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\McBong\AppData\Roaming\mozilla\Firefox\Profiles\e9u709uq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.11.13 10:52:00 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\McBong\AppData\Roaming\mozilla\Firefox\Profiles\e9u709uq.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010.10.04 17:26:06 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\McBong\AppData\Roaming\mozilla\Firefox\Profiles\e9u709uq.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.10.04 17:26:06 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\McBong\AppData\Roaming\mozilla\Firefox\Profiles\e9u709uq.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.02.10 19:36:00 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\McBong\AppData\Roaming\mozilla\Firefox\Profiles\e9u709uq.default\extensions\firefox@tvunetworks.com
[2009.07.19 12:50:55 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\McBong\AppData\Roaming\mozilla\Firefox\Profiles\e9u709uq.default\extensions\toolbar@ask.com
[2010.10.04 18:38:51 | 000,000,881 | ---- | M] () -- C:\Users\McBong\AppData\Roaming\Mozilla\Firefox\Profiles\e9u709uq.default\searchplugins\conduit.xml
[2012.02.08 18:06:54 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.01.01 10:34:28 | 000,000,000 | ---D | M] (QuestService) -- C:\Programme\Mozilla Firefox\extensions\{AAF6454A-4000-4015-84C1-6CD844C06B19}
[2010.01.01 10:34:28 | 000,000,000 | ---D | M] (QuestService) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{AAF6454A-4000-4015-84C1-6CD844C06B19}
[2010.01.05 17:05:22 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009.11.13 10:12:00 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2009.12.20 15:35:50 | 000,000,000 | ---D | M] ("WSO Helper Class") -- C:\PROGRAM FILES\WEB SEARCH OPERATOR\4.1.0.2080\FF
[2011.06.23 11:37:56 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.06.23 11:37:57 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.06.23 11:37:57 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:34:28 | 000,002,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\questservice115.xml
[2011.06.23 11:37:57 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.06.23 11:37:57 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
 
O1 HOSTS File: ([2011.11.17 15:19:21 | 000,000,000 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Automated Content Enhancer) - {1D74E9DD-8987-448b-B2CB-67FFF2B8A932} - C:\Program Files\Automated Content Enhancer\4.1.0.5290\ACEIEAddOn.dll File not found
O2 - BHO: (Customized Platform Advancer) - {42C7C39F-3128-4a17-BDB7-91C46032B5B9} - C:\Program Files\Customized Platform Advancer\4.1.0.1960\CPAIEAddOn.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Reg Error: Value error.) - {8AB43529-97E6-4FB7-9A60-1DD00B0D475B} - C:\Windows\system32\MSVjdCtl.dll File not found
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Content Management Wizard) - {B72681C0-A222-4b21-A0E2-53A5A5CA3D41} - C:\Program Files\Content Management Wizard\1.1.0.1990\CMWIE.dll File not found
O2 - BHO: (Textual Content Provider) - {CAC89FF9-34A9-4431-8CFE-292A47F843BC} - C:\Programme\Textual Content Provider\1.1.0.1810\TCPIE.dll ()
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O2 - BHO: (Web Search Operator) - {EB4A577D-BCAD-4b1c-8AF2-9A74B8DD3431} - C:\Program Files\Web Search Operator\4.1.0.2080\wso.dll File not found
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O3 - HKLM\..\Toolbar: (Gameztar Toolbar) - {D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2} - C:\Program Files\Gameztar Toolbar\2.1.3.6670\mvb0.dll File not found
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar mit Pop-Up-Blocker) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKCU\..\Toolbar\WebBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O4 - HKLM..\Run: [Acer Tour]  File not found
O4 - HKLM..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.)
O4 - HKLM..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [eAudio] C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (HiTRUST)
O4 - HKLM..\Run: [eRecoveryService]  File not found
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize File not found
O4 - HKLM..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe File not found
O4 - HKLM..\Run: [Internet Today Task] "C:\Program Files\Internet Today\1.1.0.1260\InternetToday.exe" File not found
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Patience] C:\Windows\Patience.exe ()
O4 - HKLM..\Run: [Persistence] C:\Windows\system32\igfxpers.exe File not found
O4 - HKLM..\Run: [PLFSetL] C:\Windows\PLFSetL.exe (sonix)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd File not found
O4 - HKLM..\Run: [stsvc] C:\Windows\stsvc.exe ()
O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [Canaveral] rundll32.exe C:\Windows\system32\sshnas21.dll,BackupReadW File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKCU..\Run: [firefox.exe] C:\Users\McBong\AppData\Roaming\Mozilla\Firefox\firefox.exe ()
O4 - HKCU..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent File not found
O4 - HKCU..\Run: [KeApplet] C:\Users\McBong\AppData\Roaming\Media Center Programs\{0233F724-B519-4E95-A0B9-3520E9F97DA8}\UpgradeChecker.exe (Orb Networks)
O4 - HKCU..\Run: [Steam] C:\steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [VideoBarApp] C:\Program Files\Gameztar Toolbar\2.1.3.6670\mvbapp.exe File not found
O4 - Startup: C:\Users\McBong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Miranda Fusion.lnk = C:\Programme\MirandaFusion\miranda32.exe ( )
O4 - Startup: C:\Users\McBong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\McBong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\McBong\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL File not found
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: everestpoker.com ([account] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} hxxp://vexcast.com/download/vexcast.cab (VodClient Control Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = VorrübergehendMadDog
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7AD6A3CF-7E76-43D1-9E2A-C190800E77BE}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BE6B6425-C3F3-4BAA-9ADA-265205FA243A}: NameServer = 213.191.92.86 62.109.123.7
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) -  File not found
O24 - Desktop WallPaper: C:\Users\McBong\Pictures\2010-09-17 Lanzarote\Lanzarote 032.JPG
O24 - Desktop BackupWallPaper: C:\Users\McBong\Pictures\2010-09-17 Lanzarote\Lanzarote 032.JPG
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1563b51d-e89b-11de-a0e5-9b8612538c34}\Shell\AutoRun\command - "" = G:\Menu.exe
O33 - MountPoints2\{b3a241fa-9d37-11dd-9a40-001cbf6062b3}\Shell - "" = AutoRun
O33 - MountPoints2\{b3a241fa-9d37-11dd-9a40-001cbf6062b3}\Shell\AutoRun\command - "" = F:\setup\rsrc\Autorun.exe
O33 - MountPoints2\{b3a241fa-9d37-11dd-9a40-001cbf6062b3}\Shell\dinstall\command - "" = F:\Directx\dxsetup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.01.22 21:42:59 | 000,000,000 | ---D | C] -- C:\Users\McBong\AppData\Roaming\Sun
[2007.12.28 16:03:02 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe
[2007.12.28 15:46:33 | 000,172,032 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2007.12.28 15:46:33 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
[2007.08.14 22:37:07 | 000,045,056 | ---- | C] ( ) -- C:\Windows\PLFSet.dll
[2007.08.14 15:25:09 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll
[2004.11.24 20:25:52 | 000,335,872 | ---- | C] ( ) -- C:\Windows\System32\drvc.dll
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\McBong\AppData\Roaming\*.tmp files -> C:\Users\McBong\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.02.09 15:27:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.09 15:25:28 | 000,263,250 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012.02.09 15:25:28 | 000,263,250 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.02.09 15:24:46 | 000,002,565 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
[2012.02.09 15:24:43 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.02.09 15:21:43 | 000,000,817 | -HS- | M] () -- C:\Windows\System32\mmf.sys
[2012.02.09 15:21:16 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.09 15:21:16 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.09 14:33:59 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.02.09 09:23:49 | 000,000,272 | ---- | M] () -- C:\Users\McBong\Desktop\config.psc
[2012.02.06 18:09:28 | 002,698,134 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.02.06 18:09:27 | 007,424,946 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.02.06 18:09:27 | 002,359,404 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.02.06 18:09:27 | 002,120,436 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.02.06 17:38:02 | 000,000,434 | ---- | M] () -- C:\Users\McBong\Documents\car.rar
[2012.02.06 17:22:24 | 000,000,355 | ---- | M] () -- C:\Users\McBong\Documents\car ab 2.Spiel.lns
[2012.02.06 17:21:54 | 000,000,355 | ---- | M] () -- C:\Users\McBong\Documents\Car 1.Spiel NJ.lns
[2012.02.06 17:18:37 | 000,000,635 | ---- | M] () -- C:\Users\McBong\Documents\van.rar
[2012.02.06 17:16:33 | 000,000,352 | ---- | M] () -- C:\Users\McBong\Documents\van 3.+4. Spiel NSH+PHO.lns
[2012.02.06 17:16:01 | 000,000,350 | ---- | M] () -- C:\Users\McBong\Documents\van 2.spiel CGY.lns
[2012.02.06 17:15:50 | 000,000,352 | ---- | M] () -- C:\Users\McBong\Documents\van 1.spiel TOR.lns
[2012.02.05 18:41:53 | 000,000,222 | ---- | M] () -- C:\Users\McBong\Documents\boston.rar
[2012.02.05 18:41:28 | 000,000,359 | ---- | M] () -- C:\Users\McBong\Documents\boston.lns
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\McBong\AppData\Roaming\*.tmp files -> C:\Users\McBong\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.02.06 17:22:24 | 000,000,355 | ---- | C] () -- C:\Users\McBong\Documents\car ab 2.Spiel.lns
[2012.02.06 17:21:54 | 000,000,355 | ---- | C] () -- C:\Users\McBong\Documents\Car 1.Spiel NJ.lns
[2012.02.06 17:16:33 | 000,000,352 | ---- | C] () -- C:\Users\McBong\Documents\van 3.+4. Spiel NSH+PHO.lns
[2012.02.06 17:16:01 | 000,000,350 | ---- | C] () -- C:\Users\McBong\Documents\van 2.spiel CGY.lns
[2012.02.06 17:15:50 | 000,000,352 | ---- | C] () -- C:\Users\McBong\Documents\van 1.spiel TOR.lns
[2012.02.02 18:00:01 | 000,000,635 | ---- | C] () -- C:\Users\McBong\Documents\van.rar
[2012.01.23 16:43:15 | 000,000,434 | ---- | C] () -- C:\Users\McBong\Documents\car.rar
[2011.03.24 02:53:37 | 000,003,701 | ---- | C] () -- C:\Users\McBong\AppData\Roaming\805A.90A
[2011.02.23 10:47:09 | 000,000,121 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.02.23 10:29:28 | 001,874,432 | ---- | C] () -- C:\Windows\System32\myodbc5S.dll
[2011.02.23 10:29:28 | 001,743,360 | ---- | C] () -- C:\Windows\System32\myodbc-installer.exe
[2011.02.23 10:29:28 | 000,000,188 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010.09.26 21:28:34 | 000,722,718 | ---- | C] () -- C:\Windows\unins000.exe
[2010.09.26 21:28:34 | 000,001,372 | ---- | C] () -- C:\Windows\unins000.dat
[2010.07.29 19:52:28 | 000,000,437 | ---- | C] () -- C:\Windows\KRIMI.INI
[2010.07.29 12:41:05 | 000,069,632 | ---- | C] () -- C:\Windows\System32\realbap1.dll
[2010.03.25 23:34:46 | 000,034,569 | ---- | C] () -- C:\Windows\System32\uninstall.exe
[2010.03.24 00:58:30 | 000,040,960 | ---- | C] () -- C:\Windows\stsvc.dll
[2010.03.24 00:58:30 | 000,005,120 | ---- | C] () -- C:\Windows\stsvc.exe
[2010.03.23 18:06:04 | 000,000,078 | ---- | C] () -- C:\Windows\wiso.ini
[2010.03.23 16:45:15 | 000,332,800 | ---- | C] () -- C:\Windows\Patience.exe
[2010.02.21 19:55:29 | 000,048,640 | ---- | C] () -- C:\Windows\mmfs.dll
[2010.02.21 19:55:29 | 000,002,560 | ---- | C] () -- C:\Windows\Runservice.exe
[2010.02.21 19:55:29 | 000,000,817 | -HS- | C] () -- C:\Windows\System32\mmf.sys
[2009.12.30 12:36:26 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.12.30 12:36:26 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.12.27 14:13:58 | 000,000,062 | ---- | C] () -- C:\Windows\GPM2MICP.INI
[2009.12.14 14:55:46 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2009.11.03 16:17:55 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2009.11.03 16:17:55 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2009.10.27 14:57:57 | 000,479,232 | ---- | C] () -- C:\Windows\ssndii.exe
[2009.10.27 14:56:09 | 000,022,723 | ---- | C] () -- C:\Windows\System32\ssp2ml3.dll
[2009.09.01 12:36:36 | 000,263,250 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.09.01 12:36:36 | 000,263,250 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.05.14 19:29:50 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.01.26 17:03:35 | 000,003,584 | ---- | C] () -- C:\Windows\System32\CNCFLcNL.DLL
[2009.01.26 13:49:42 | 000,000,210 | ---- | C] () -- C:\Users\McBong\AppData\Roaming\wklnhst.dat
[2009.01.24 20:24:20 | 000,000,680 | ---- | C] () -- C:\Users\McBong\AppData\Local\d3d9caps.dat
[2008.12.19 16:15:58 | 004,338,246 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2008.12.17 18:41:18 | 000,884,237 | ---- | C] () -- C:\Windows\System32\ff_x264.dll
[2008.12.17 18:22:58 | 000,093,184 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2008.12.17 18:22:48 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008.12.17 18:17:34 | 000,239,247 | ---- | C] () -- C:\Windows\System32\ff_theora.dll
[2008.12.17 17:59:54 | 000,560,802 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2008.10.07 08:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 08:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008.08.29 13:58:26 | 000,197,408 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2008.08.03 10:18:00 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.03.07 19:33:37 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2008.03.07 19:33:37 | 000,022,328 | ---- | C] () -- C:\Users\McBong\AppData\Roaming\PnkBstrK.sys
[2008.03.07 19:33:18 | 000,103,736 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2008.03.07 19:33:15 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2008.03.07 19:33:14 | 000,000,300 | ---- | C] () -- C:\Windows\game.ini
[2008.03.07 12:45:21 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008.03.07 12:44:40 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2008.03.07 02:14:39 | 000,027,430 | ---- | C] () -- C:\Users\McBong\AppData\Roaming\nvModes.dat
[2008.03.06 22:11:58 | 000,014,848 | ---- | C] () -- C:\Users\McBong\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.03.06 20:47:31 | 000,027,430 | ---- | C] () -- C:\Users\McBong\AppData\Roaming\nvModes.001
[2007.12.29 01:34:05 | 000,000,030 | ---- | C] () -- C:\Windows\SETPANEL.INI
[2007.12.29 01:33:54 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI
[2007.12.28 16:03:02 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe
[2007.12.28 15:46:33 | 001,749,376 | ---- | C] () -- C:\Windows\System32\snp2uvc.sys
[2007.12.28 15:46:33 | 000,028,032 | ---- | C] () -- C:\Windows\System32\sncduvc.sys
[2007.12.28 15:46:33 | 000,000,131 | ---- | C] () -- C:\Windows\System32\PidList.ini
[2007.12.28 15:46:33 | 000,000,131 | ---- | C] () -- C:\Windows\PidList.ini
[2007.10.25 17:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2007.08.15 02:00:11 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2007.08.14 22:37:25 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1280.dll
[2007.08.14 22:37:08 | 001,749,376 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2007.08.14 22:37:08 | 000,028,032 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2007.08.14 15:35:26 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll
[2007.08.14 15:26:16 | 000,076,584 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys
[2007.08.14 15:26:16 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2007.08.14 15:25:02 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll
[2007.08.14 14:33:35 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007.04.25 15:33:22 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll
[2007.04.25 15:32:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll
[2007.04.25 15:32:46 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll
[2007.04.25 15:31:00 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll
[2007.04.25 15:30:52 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll
[2007.04.25 15:30:44 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll
[2006.12.25 14:44:48 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll
[2006.11.13 04:50:06 | 000,071,680 | ---- | C] () -- C:\Windows\System32\HTCA_SelfExtract.bin
[2006.11.02 17:10:16 | 000,080,912 | ---- | C] () -- C:\Windows\System32\sherlock2.exe
[2006.11.02 16:33:31 | 007,424,946 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 16:33:31 | 002,359,404 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 16:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 16:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,399,120 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 002,698,134 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 002,120,436 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2004.10.03 18:50:54 | 000,129,024 | ---- | C] () -- C:\Windows\System32\ff_mpeg2enc.dll
[2001.12.26 14:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.09.03 21:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 14:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 20:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
[1996.04.03 20:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys
 
========== LOP Check ==========
 
[2011.04.17 21:34:45 | 000,000,000 | ---D | M] -- C:\Users\McBong\AppData\Roaming\5015
[2010.07.30 15:21:54 | 000,000,000 | ---D | M] -- C:\Users\McBong\AppData\Roaming\Cities3D
[2008.03.13 15:24:08 | 000,000,000 | ---D | M] -- C:\Users\McBong\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2008.10.18 18:08:37 | 000,000,000 | ---D | M] -- C:\Users\McBong\AppData\Roaming\DAEMON Tools
[2010.10.04 17:26:05 | 000,000,000 | ---D | M] -- C:\Users\McBong\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.07.30 15:51:20 | 000,000,000 | ---D | M] -- C:\Users\McBong\AppData\Roaming\GOL_byHasbro
[2009.04.30 18:20:31 | 000,000,000 | ---D | M] -- C:\Users\McBong\AppData\Roaming\ICQ
[2008.04.07 12:38:01 | 000,000,000 | ---D | M] -- C:\Users\McBong\AppData\Roaming\ICQLite
[2011.04.17 21:29:00 | 000,000,000 | ---D | M] -- C:\Users\McBong\AppData\Roaming\kock
[2009.06.09 21:41:33 | 000,000,000 | ---D | M] -- C:\Users\McBong\AppData\Roaming\Miranda
[2010.01.05 17:09:21 | 000,000,000 | ---D | M] -- C:\Users\McBong\AppData\Roaming\OpenOffice.org
[2011.11.07 17:05:55 | 000,000,000 | ---D | M] -- C:\Users\McBong\AppData\Roaming\Oracle
[2010.10.15 16:40:07 | 000,000,000 | ---D | M] -- C:\Users\McBong\AppData\Roaming\PC Suite
[2009.11.03 16:17:42 | 000,000,000 | ---D | M] -- C:\Users\McBong\AppData\Roaming\Samsung
[2010.09.02 18:19:50 | 000,000,000 | ---D | M] -- C:\Users\McBong\AppData\Roaming\temp
[2009.01.26 13:49:43 | 000,000,000 | ---D | M] -- C:\Users\McBong\AppData\Roaming\Template
[2010.01.14 22:18:32 | 000,000,000 | ---D | M] -- C:\Users\McBong\AppData\Roaming\Tinn-R
[2011.04.17 21:29:32 | 000,000,000 | ---D | M] -- C:\Users\McBong\AppData\Roaming\UAs
[2010.11.12 22:03:49 | 000,000,000 | ---D | M] -- C:\Users\McBong\AppData\Roaming\UseNeXT
[2011.04.17 21:33:50 | 000,000,000 | ---D | M] -- C:\Users\McBong\AppData\Roaming\xmldm
[2012.02.09 15:25:59 | 000,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2008.03.07 00:09:38 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2008.03.07 00:09:47 | 000,000,000 | ---D | M] -- C:\Acer
[2011.11.18 11:39:39 | 000,000,000 | -HSD | M] -- C:\Boot
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2008.03.07 00:07:01 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2007.12.29 01:34:30 | 000,000,000 | ---D | M] -- C:\DRV
[2007.08.14 14:21:41 | 000,000,000 | ---D | M] -- C:\Intel
[2007.08.14 15:49:19 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2007.08.14 15:40:10 | 000,000,000 | ---D | M] -- C:\MyWorks
[2009.09.01 12:32:05 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2008.04.06 18:08:45 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.04.17 20:26:19 | 000,000,000 | -H-D | M] -- C:\polaroidexe
[2011.11.07 15:38:25 | 000,000,000 | ---D | M] -- C:\products
[2011.11.19 03:48:20 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.11.17 14:34:53 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2008.03.07 00:07:01 | 000,000,000 | -HSD | M] -- C:\Programme
[2010.03.25 14:35:00 | 000,000,000 | ---D | M] -- C:\Programs
[2012.02.09 15:25:01 | 000,000,000 | ---D | M] -- C:\steam
[2012.02.09 11:26:24 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2008.03.09 19:33:26 | 000,000,000 | ---D | M] -- C:\Temp
[2008.03.07 00:07:26 | 000,000,000 | R--D | M] -- C:\Users
[2012.02.09 15:12:39 | 000,000,000 | ---D | M] -- C:\Windows
[2011.04.17 22:01:02 | 000,000,000 | ---D | M] -- C:\xmldm
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.03.07 17:20:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008.03.07 17:20:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008.03.07 17:20:17 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008.03.07 17:23:56 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2008.03.07 17:23:55 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006.11.02 10:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008.01.19 08:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2006.12.22 04:17:02 | 000,273,920 | ---- | M] (Intel Corporation) MD5=16EC9C934AE82B45BEB0CFF9C4277EE8 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_6c5f2dca\iaStor.sys
[2006.12.22 04:17:02 | 000,273,920 | ---- | M] (Intel Corporation) MD5=16EC9C934AE82B45BEB0CFF9C4277EE8 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_4b499ec9\iaStor.sys
[2007.04.25 05:17:36 | 000,277,784 | ---- | M] (Intel Corporation) MD5=5DF93509037399B53D3ECAA8A67B6C58 -- C:\Acer\Robson\Winall\Driver\iaStor.sys
[2007.04.25 05:17:36 | 000,277,784 | ---- | M] (Intel Corporation) MD5=5DF93509037399B53D3ECAA8A67B6C58 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_b92fa6ec\iaStor.sys
[2007.04.25 05:18:12 | 000,537,368 | ---- | M] (Intel Corporation) MD5=6E9BEDAEFA5A3F86CECF40F4963F3021 -- C:\Acer\Robson\Winall\Driver64\IaStor.sys
[2007.03.21 12:58:56 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\iaStor.sys
[2007.03.21 12:58:56 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\drivers\iaStor.sys
[2007.03.21 12:58:56 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_3a63e5a6\iaStor.sys
[2007.03.21 12:59:30 | 000,381,720 | ---- | M] (Intel Corporation) MD5=9D7ED4275702E2FC409F2CC563245740 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2007.08.14 14:53:34 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\System32\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2007.08.14 14:53:34 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008.01.19 08:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006.11.02 10:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 09:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2008.10.18 18:08:56 | 000,717,296 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\drivers\sptd.sys
 
< %systemroot%\System32\config\*.sav >
[2007.08.14 22:39:38 | 006,664,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2007.08.14 22:39:36 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2007.08.14 22:39:38 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2007.08.14 22:39:48 | 015,720,448 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2007.08.14 22:39:49 | 006,012,928 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2012.02.09 16:35:19 | 006,815,744 | -HS- | M] () -- C:\Users\McBong\ntuser.dat
[2012.02.09 16:35:19 | 000,262,144 | -H-- | M] () -- C:\Users\McBong\ntuser.dat.LOG1
[2008.03.07 00:07:27 | 000,000,000 | -H-- | M] () -- C:\Users\McBong\ntuser.dat.LOG2
[2012.02.09 15:25:57 | 000,065,536 | -HS- | M] () -- C:\Users\McBong\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.07.06 16:58:35 | 000,524,288 | -HS- | M] () -- C:\Users\McBong\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2012.02.09 15:25:57 | 000,524,288 | -HS- | M] () -- C:\Users\McBong\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2008.03.07 00:07:28 | 000,000,020 | -HS- | M] () -- C:\Users\McBong\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:53384F1D
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:B623B5B8
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:B203B914
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:A95A95AC
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:798A3728
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:30A9E86A

< End of report >
--- --- ---

markusg 09.02.2012 17:12
hi


dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
:OTL
O4 - HKCU..\Run: [KeApplet] C:\Users\McBong\AppData\Roaming\Media Center Programs\{0233F724-B519-4E95-A0B9-3520E9F97DA8}\UpgradeChecker.exe (Orb Networks)
O4 - HKCU..\Run: [firefox.exe] C:\Users\McBong\AppData\Roaming\Mozilla\Firefox\firefox.exe ()
 :Files
C:\Users\McBong\AppData\Roaming\Media Center Programs\{0233F724-B519-4E95-A0B9-3520E9F97DA8}
C:\Users\McBong\AppData\Roaming\Mozilla\Firefox\firefox.exe
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus :)

legte 09.02.2012 17:40
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\KeApplet deleted successfully.
C:\Users\McBong\AppData\Roaming\Media Center Programs\{0233F724-B519-4E95-A0B9-3520E9F97DA8}\UpgradeChecker.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\firefox.exe deleted successfully.
C:\Users\McBong\AppData\Roaming\Mozilla\Firefox\firefox.exe moved successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 56504 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: McBong
->Flash cache emptied: 3248896 bytes

User: Public

Total Flash Files Cleaned = 3,00 mb


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: McBong
->Temp folder emptied: 7571314515 bytes
->Temporary Internet Files folder emptied: 204549150 bytes
->Java cache emptied: 11911655 bytes
->FireFox cache emptied: 87364283 bytes
->Google Chrome cache emptied: 6485881 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 4600067 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 204213611 bytes
RecycleBin emptied: 24441624 bytes

Total Files Cleaned = 7.739,00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 02092012_173145

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

legte 09.02.2012 17:42
Datei ist auch hochgeladen..
der schwarze bildschirm ist nicht mehr gekommen!

:singsing:

markusg 09.02.2012 18:11
hi,
danke.
es wird aber bitte ausschließlich nur auf den von mir genannten seiten gesurft, bis wir fertig sind.
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.
  • Besuche folgende Seite für Downloadlinks und Anweisungen für dieses
    Tool

    Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Hinweis:
    Gehe sicher das all deine Anti Virus und Anti Malware Programme abgeschalten sind, damit diese Combofix nicht bei der Arbeit stören.
  • Poste bitte die C:\Combofix.txt in deiner nächsten Antwort.

legte 09.02.2012 18:50
Combofix Logfile:
Code:
ComboFix 12-02-09.04 - McBong 09.02.2012  18:21:50.1.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.2045.917 [GMT 1:00]
ausgeführt von:: c:\users\McBong\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\drv\Tuner\Yuan\Resources\_desktop.ini
C:\polaroidexe
c:\polaroidexe\config.bin
c:\program files\Automated Content Enhancer
c:\program files\Automated Content Enhancer\4.1.0.5290\ACECommon.dll
c:\program files\Automated Content Enhancer\4.1.0.5290\Data\config.md
c:\program files\Automated Content Enhancer\4.1.0.5290\FF\chrome.manifest
c:\program files\Automated Content Enhancer\4.1.0.5290\FF\chrome\ACEAddOn.jar
c:\program files\Automated Content Enhancer\4.1.0.5290\FF\chrome\content\ACEAddOn.js
c:\program files\Automated Content Enhancer\4.1.0.5290\FF\chrome\content\ACEAddOn.xul
c:\program files\Automated Content Enhancer\4.1.0.5290\FF\components\ACEFFAddOn.dll
c:\program files\Automated Content Enhancer\4.1.0.5290\FF\components\ACEFFAddOn.xpt
c:\program files\Automated Content Enhancer\4.1.0.5290\FF\components\ACEFFHelperComponent.js
c:\program files\Automated Content Enhancer\4.1.0.5290\FF\install.rdf
c:\program files\Automated Content Enhancer\4.1.0.5290\unins000.dat
c:\program files\Content Management Wizard
c:\program files\Content Management Wizard\1.1.0.1990\cmwsh.dll
c:\program files\Content Management Wizard\1.1.0.1990\config.mx
c:\program files\Content Management Wizard\1.1.0.1990\data.mx
c:\program files\Content Management Wizard\1.1.0.1990\exclude.mx
c:\program files\Content Management Wizard\1.1.0.1990\MatchingData.zd5
c:\program files\Content Management Wizard\1.1.0.1990\pxtmpdata.mx
c:\program files\Content Management Wizard\1.1.0.1990\unins000.dat
c:\program files\Content Management Wizard\1.1.0.1990\unins000.exe
c:\program files\Customized Platform Advancer
c:\program files\Customized Platform Advancer\4.1.0.1960\CPACommon.dll
c:\program files\Customized Platform Advancer\4.1.0.1960\Data\config.md
c:\program files\Customized Platform Advancer\4.1.0.1960\FF\chrome.manifest
c:\program files\Customized Platform Advancer\4.1.0.1960\FF\chrome\content\CPAAddOn.js
c:\program files\Customized Platform Advancer\4.1.0.1960\FF\chrome\content\CPAAddOn.xul
c:\program files\Customized Platform Advancer\4.1.0.1960\FF\chrome\CPAAddOn.jar
c:\program files\Customized Platform Advancer\4.1.0.1960\FF\components\CPAFFAddOn.dll
c:\program files\Customized Platform Advancer\4.1.0.1960\FF\components\CPAFFAddOn.xpt
c:\program files\Customized Platform Advancer\4.1.0.1960\FF\components\CPAFFHelperComponent.js
c:\program files\Customized Platform Advancer\4.1.0.1960\FF\install.rdf
c:\program files\Customized Platform Advancer\4.1.0.1960\unins000.dat
c:\program files\Internet Today
c:\program files\Internet Today\1.1.0.1260\InternetToday.ico
c:\program files\Internet Today\1.1.0.1260\InternetToday.skf
c:\program files\Internet Today\1.1.0.1260\mfc80.dll
c:\program files\Internet Today\1.1.0.1260\Microsoft.VC80.CRT.manifest
c:\program files\Internet Today\1.1.0.1260\Microsoft.VC80.MFC.manifest
c:\program files\Internet Today\1.1.0.1260\msvcr80.dll
c:\program files\Internet Today\1.1.0.1260\SkinCrafterDll.dll
c:\program files\Internet Today\1.1.0.1260\unins000.dat
c:\program files\Internet Today\1.1.0.1260\unins000.exe
c:\program files\QuestService
c:\program files\QuestService\uninstall.exe
c:\program files\Textual Content Provider
c:\program files\Textual Content Provider\1.1.0.1810\data\pxtmpdata.mx
c:\program files\Textual Content Provider\1.1.0.1810\data\TP_Config.mx
c:\program files\Textual Content Provider\1.1.0.1810\data\TP_Data.mx
c:\program files\Textual Content Provider\1.1.0.1810\data\TP_DomainExcludeList.mx
c:\program files\Textual Content Provider\1.1.0.1810\data\TP_DomainInterval.mx
c:\program files\Textual Content Provider\1.1.0.1810\data\TP_KeywordInterval.mx
c:\program files\Textual Content Provider\1.1.0.1810\TCPIe.dll
c:\program files\Textual Content Provider\1.1.0.1810\unins000.dat
c:\program files\Textual Content Provider\1.1.0.1810\unins000.exe
c:\program files\Web Search Operator
c:\program files\Web Search Operator\4.1.0.2080\Data\config.md
c:\program files\Web Search Operator\4.1.0.2080\FF\chrome.manifest
c:\program files\Web Search Operator\4.1.0.2080\FF\chrome\content\WSOAddOn.js
c:\program files\Web Search Operator\4.1.0.2080\FF\chrome\content\WSOAddOn.xul
c:\program files\Web Search Operator\4.1.0.2080\FF\chrome\WSOAddOn.jar
c:\program files\Web Search Operator\4.1.0.2080\FF\components\WSOFFAddOn.xpt
c:\program files\Web Search Operator\4.1.0.2080\FF\components\WSOFFHelperComponent.js
c:\program files\Web Search Operator\4.1.0.2080\FF\install.rdf
c:\program files\Web Search Operator\4.1.0.2080\unins000.dat
c:\program files\Web Search Operator\4.1.0.2080\unins000.exe
c:\program files\Web Search Operator\4.1.0.2080\WSOCommon.dll
c:\programdata\QuestService
c:\users\McBong\AppData\Local\Internet Today
c:\users\McBong\AppData\Local\Textual Content Provider
c:\users\McBong\AppData\Local\Textual Content Provider\1.1.0.1810\Data\TP_Config.mx
c:\users\McBong\AppData\Local\Textual Content Provider\1.1.0.1810\Data\TP_Data.mx
c:\users\McBong\AppData\Local\Textual Content Provider\1.1.0.1810\Data\TP_DomainExcludeList.mx
c:\users\McBong\AppData\Local\Textual Content Provider\1.1.0.1810\Data\TP_DomainInterval.mx
c:\users\McBong\AppData\Local\Textual Content Provider\1.1.0.1810\Data\TP_KeywordInterval.mx
c:\users\McBong\AppData\Roaming\805A.90A
c:\users\McBong\AppData\Roaming\AcroIEHelpe.txt
c:\users\McBong\AppData\Roaming\srvblck2.tmp
c:\windows\bwUnin-8.1.1.50-8876480SL.exe
c:\windows\system32\Nagasoft
c:\windows\system32\Nagasoft\Codecs\asyncflt.ax
c:\windows\system32\Nagasoft\Codecs\atrc.dll
c:\windows\system32\Nagasoft\Codecs\cook.dll
c:\windows\system32\Nagasoft\Codecs\drvc.dll
c:\windows\system32\Nagasoft\Codecs\raac.dll
c:\windows\system32\Nagasoft\Codecs\RealMediaSplitter.ax
c:\windows\system32\Nagasoft\Codecs\WMFDemux.dll
c:\windows\system32\Nagasoft\GifShower.dll
c:\windows\system32\Nagasoft\vjocx.dll
c:\windows\system32\uninstall.exe
.
.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_vvdsvc
-------\Service_QuestService Service
-------\Service_vvdsvc
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-01-09 bis 2012-02-09  ))))))))))))))))))))))))))))))
.
.
2012-02-09 17:36 . 2012-02-09 17:36        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-02-09 16:31 . 2012-02-09 16:41        --------        d-----w-        C:\_OTL
2012-02-08 08:16 . 2012-01-06 04:19        6557240        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{D5D32732-4DC4-4CE0-A2AD-AA1C2D9480B1}\mpengine.dll
2012-01-11 10:56 . 2011-11-17 06:48        440192        ----a-w-        c:\windows\system32\drivers\ksecdd.sys
2012-01-11 10:56 . 2011-11-16 16:23        377344        ----a-w-        c:\windows\system32\winhttp.dll
2012-01-11 10:56 . 2011-11-16 16:23        278528        ----a-w-        c:\windows\system32\schannel.dll
2012-01-11 10:56 . 2011-11-16 16:21        1259008        ----a-w-        c:\windows\system32\lsasrv.dll
2012-01-11 10:56 . 2011-11-16 16:23        72704        ----a-w-        c:\windows\system32\secur32.dll
2012-01-11 10:56 . 2011-11-16 14:12        9728        ----a-w-        c:\windows\system32\lsass.exe
2012-01-11 09:20 . 2011-11-18 17:47        66560        ----a-w-        c:\windows\system32\packager.dll
2012-01-11 09:20 . 2011-10-14 16:03        189952        ----a-w-        c:\windows\system32\winmm.dll
2012-01-11 09:20 . 2011-10-14 16:00        23552        ----a-w-        c:\windows\system32\mciseq.dll
2012-01-11 09:20 . 2011-11-18 20:23        1205064        ----a-w-        c:\windows\system32\ntdll.dll
2012-01-11 09:20 . 2011-11-25 15:59        376320        ----a-w-        c:\windows\system32\winsrv.dll
2012-01-11 09:20 . 2011-12-01 15:21        2409784        ----a-w-        c:\program files\Windows Mail\OESpamFilter.dat
2012-01-11 09:19 . 2011-10-25 15:58        1314816        ----a-w-        c:\windows\system32\quartz.dll
2012-01-11 09:19 . 2011-10-25 15:58        497152        ----a-w-        c:\windows\system32\qdvd.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-26 23:21 . 2009-10-05 15:39        237072        ------w-        c:\windows\system32\MpSigStub.exe
2011-11-23 13:37 . 2011-12-14 08:12        2043904        ----a-w-        c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2010-04-27 08:08        2393184        ----a-w-        c:\program files\DVDVideoSoftTB\tbDVDV.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\steam\Steam.exe" [2011-08-04 1242448]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-04-07 102400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440]
"PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-06-27 752136]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 56080]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
"eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-06-11 1286144]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-08-05 266497]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-06-06 159744]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-19 13793824]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2008-09-03 536576]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-13 149280]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Patience"="c:\windows\Patience.exe" [2010-03-23 332800]
"stsvc"="c:\windows\stsvc.exe" [2010-03-23 5120]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-08-20 1164584]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-12 421736]
.
c:\users\McBong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Miranda Fusion.lnk - c:\program files\MirandaFusion\miranda32.exe [2008-4-6 552021]
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-8-14 535336]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-5-14 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-5-14 692224]
VPN Client.lnk - c:\windows\Installer\{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}\Icon3E5562ED7.ico [2009-10-27 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2944183903-2455385367-4239640993-1000]
"EnableNotificationsRef"=dword:00000001
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - FSUSBEXDISK
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile        REG_MULTI_SZ          wcescomm rapimgr
LocalServiceRestricted        REG_MULTI_SZ          WcesComm RapiMgr
vvdsvc        REG_MULTI_SZ          vvdsvc
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
.
Inhalt des "geplante Tasks" Ordners
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://de.intl.acer.yahoo.com
uInternet Settings,ProxyServer = 78.49.66.2.:80
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/su/*hxxp://de.yahoo.com
IE: Free YouTube to Mp3 Converter - c:\users\McBong\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: everestpoker.com\account
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{BE6B6425-C3F3-4BAA-9ADA-265205FA243A}: NameServer = 213.191.92.86 62.109.123.7
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\users\McBong\AppData\Roaming\Mozilla\Firefox\Profiles\e9u709uq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: QuestService: {AAF6454A-4000-4015-84C1-6CD844C06B19} - c:\program files\Mozilla Firefox\extensions\{AAF6454A-4000-4015-84C1-6CD844C06B19}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: TVU Web Player: firefox@tvunetworks.com - %profile%\extensions\firefox@tvunetworks.com
FF - Ext: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - %profile%\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - user.js: yahoo.homepage.dontask - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{8AB43529-97E6-4FB7-9A60-1DD00B0D475B} - c:\windows\system32\MSVjdCtl.dll
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
HKCU-Run-ICQ - c:\program files\ICQ6\ICQ.exe
HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
HKCU-Run-VideoBarApp - c:\program files\Gameztar Toolbar\2.1.3.6670\mvbapp.exe
HKCU-Run-Canaveral - c:\windows\system32\sshnas21.dll
HKLM-Run-Acer Tour - (no file)
HKLM-Run-eRecoveryService - (no file)
HKLM-Run-SetPanel - c:\acer\APanel\APanel.cmd
HKLM-Run-Persistence - c:\windows\system32\igfxpers.exe
HKLM-Run-IgfxTray - c:\windows\system32\igfxtray.exe
HKLM-Run-ICQ Lite - c:\program files\ICQLite\ICQLite.exe
HKLM-Run-HotKeysCmds - c:\windows\system32\hkcmd.exe
HKLM-Run-ALaunch - c:\acer\ALaunch\AlaunchClient.exe
HKLM-Run-Internet Today Task - c:\program files\Internet Today\1.1.0.1260\InternetToday.exe
HKLM-Run-NPSStartup - (no file)
AddRemove-bwin Poker_is1 - c:\bwinpoker\unins000.exe
AddRemove-CitiesOnline - c:\program files\Cities Online\uninstall.exe
AddRemove-Google Chrome - c:\program files\Google\Chrome\Application\10.0.648.204\Installer\setup.exe
AddRemove-QuestService - c:\program files\QuestService\uninstall.exe
AddRemove-R for Windows 2.9.2_is1 - c:\program files\R\R-2.9.2\unins000.exe
AddRemove-Rasche`s Doppelkopf 2.0 & 3.3 - c:\program files\Rasche`s Doppelkopf 2.0 & 3.3\Uninstal.exe
AddRemove-Tinn-R_is1 - c:\tinn-r\unins000.exe
AddRemove-TripleAVersion1_1_1_0 - c:\program files\TripleA\TripleA_1_1_1_0\uninstaller.exe
AddRemove-Urlaubsparadies Tycoon 2011_is1 - c:\program files\Urlaubsparadies Tycoon 2011\unins000.exe
AddRemove-UseNeXT_is1 - c:\program files\UseNeXT\unins000.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
.
.
.
**************************************************************************
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien:
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2944183903-2455385367-4239640993-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:5d,fd,c9,07,84,fc,b1,d1,b5,8a,93,27,ce,07,f8,11,c8,c3,58,21,af,d8,da,
  cf,5f,5d,17,d9,54,0b,c9,a2,7a,35,78,3b,7c,5e,59,6a,4f,5b,9b,ab,6f,d2,5c,20,\
"??"=hex:2f,b6,6f,45,ee,e2,ec,0a,29,d5,69,d3,55,fd,2c,18
.
[HKEY_USERS\S-1-5-21-2944183903-2455385367-4239640993-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:fb,42,99,15,ea,3c,65,72,30,54,b2,a6,88,08,d5,69,d5,c6,7e,4e,a7,
  d9,09,f0,ba,94,f3,03,56,7b,34,2c,b3,c4,93,4c,2b,1c,9c,68,c9,78,33,35,a6,26,\
"rkeysecu"=hex:62,41,a2,75,43,76,bc,39,04,53,05,01,01,95,d3,1b
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(4356)
c:\windows\system32\MsnChatHook.dll
c:\windows\system32\ShowErrMsg.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\BatchCrypto.dll
c:\windows\system32\CryptoAPI.dll
c:\windows\system32\keyManager.dll
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\conime.exe
c:\acer\ALaunch\ALaunchSvc.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Microsoft\BingBar\BBSvc.EXE
c:\program files\Microsoft\BingBar\SeaPort.EXE
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\windows\RtHDVCpl.exe
c:\acer\Empowering Technology\eDataSecurity\eDSService.exe
c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
c:\windows\system32\FsUsbExService.Exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\windows\runservice.exe
c:\program files\Launch Manager\LManager.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\Apoint2K\ApMsgFwd.exe
c:\windows\system32\PnkBstrA.exe
c:\users\McBong\AppData\Local\Temp\RtkBtMnt.exe
c:\program files\Apoint2K\Apntex.exe
c:\windows\ehome\ehmsas.exe
c:\acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
c:\acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
c:\acer\Empowering Technology\eRecovery\ERAGENT.EXE
c:\windows\system32\DRIVERS\xaudio.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\acer\Empowering Technology\eSettings\Service\capuserv.exe
c:\acer\Empowering Technology\ePower\ePowerSvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
c:\program files\iPod\bin\iPodService.exe
c:\program files\Java\jre6\bin\jucheck.exe
c:\program files\Mozilla Firefox\firefox.exe
c:\program files\Mozilla Firefox\plugin-container.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-02-09  18:48:35 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-02-09 17:46
.
Vor Suchlauf: 16 Verzeichnis(se), 16.659.529.728 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 16.004.288.512 Bytes frei
.
- - End Of File - - 5E39B83FE0FA54F9206F8B523BBDFDC4
--- --- ---

markusg 09.02.2012 18:52
malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.

legte 09.02.2012 20:33
Malwarebytes Anti-Malware (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.02.09.06

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19170
McBong :: LEGTE [Administrator]

Schutz: Aktiviert

09.02.2012 19:01:53
mbam-log-2012-02-09 (19-01-53).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 373007
Laufzeit: 1 Stunde(n), 29 Minute(n), 8 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 13
HKCR\Typelib\{883DFC00-8A21-411D-956C-73A4E4B7D16F} (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{480098C6-F6AD-4C61-9B5C-2BAE228A34D1} (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Explorer\Bars\{B72681C0-A222-4b21-A0E2-53A5A5CA3D411} (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Explorer\Bars\{CAC89FF9-34A9-4431-8CFE-292A47F843BC} (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{95F19350-A3A2-491B-A404-54BDD34DB49D} (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Gameztar Toolbar (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2} (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\Gameztar Toolbar (Adware.Gameztar) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Gameztar Toolbar (Adware.Gameztar) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Media Access Startup (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\QuestService (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Web Search Operator (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\AppDataLow\SOFTWARE\Internet Today (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 8
HKLM\SOFTWARE\Mozilla\Firefox\Extensions\{40f1eb95-4de4-4f36-a826-054ee36bb905} (Adware.DoubleD) -> Daten: -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Mozilla\Firefox\Extensions|{40f1eb95-4de4-4f36-a826-054ee36bb905} (Adware.DoubleD) -> Daten: C:\Program Files\Gameztar Toolbar\2.1.3.6670\FFToolbar -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Mozilla\Firefox\Extensions\{E63605FC-D583-4C81-867F-9457BDB3EA1B} (Adware.DoubleD) -> Daten: -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Mozilla\Firefox\Extensions|{E63605FC-D583-4C81-867F-9457BDB3EA1B} (Adware.DoubleD) -> Daten: C:\Program Files\Web Search Operator\4.1.0.2080\FF -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Mozilla\Firefox\Extensions\{8141440E-08F0-4339-9959-5C31C6A69F23} (Adware.DoubleD) -> Daten: -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Mozilla\Firefox\Extensions|{8141440E-08F0-4339-9959-5C31C6A69F23} (Adware.DoubleD) -> Daten: C:\Program Files\Automated Content Enhancer\4.1.0.5290\FF -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Mozilla\Firefox\Extensions\{E889F097-B0BE-471B-89AD-B86B6F04B506} (Adware.DoubleD) -> Daten: -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Mozilla\Firefox\Extensions|{E889F097-B0BE-471B-89AD-B86B6F04B506} (Adware.DoubleD) -> Daten: C:\Program Files\Customized Platform Advancer\4.1.0.1960\FF -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 19
C:\Users\McBong\Downloads\Everest Poker.exe (PUP.EverestPoker) -> Keine Aktion durchgeführt.
C:\Users\McBong\Downloads\SoftonicDownloader_fuer_graphics-converter.exe (PUP.BundleOffer.Downloader.S) -> Keine Aktion durchgeführt.
C:\ProgramData\{0188C6A8-B559-4C1F-AA44-D0347C445C52}\Setup.exe (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\{0188C6A8-B559-4C1F-AA44-D0347C445C52}\OFFLINE\48C8FBD2\B94081D6\ProductInfo.dll (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\{0188C6A8-B559-4C1F-AA44-D0347C445C52}\OFFLINE\mFileBagIDE.dll\bag\aiaSetup.exe (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\{0188C6A8-B559-4C1F-AA44-D0347C445C52}\OFFLINE\mFileBagIDE.dll\bag\LRI.dll (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\{0188C6A8-B559-4C1F-AA44-D0347C445C52}\OFFLINE\mFileBagIDE.dll\bag\mvbterm.exe (Adware.ColorSoft) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\{0188C6A8-B559-4C1F-AA44-D0347C445C52}\OFFLINE\mFileBagIDE.dll\bag\ProductInfo.dll (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\{0188C6A8-B559-4C1F-AA44-D0347C445C52}\OFFLINE\mFileBagIDE.dll\bag\psksetup.exe (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\{0188C6A8-B559-4C1F-AA44-D0347C445C52}\OFFLINE\mFileBagIDE.dll\bag\sessetup.exe (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\{0188C6A8-B559-4C1F-AA44-D0347C445C52}\SetupArchive\261FDA5C\B94081D6\LRI.dll (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Qoobox\Quarantine\C\Program Files\Automated Content Enhancer\4.1.0.5290\FF\components\ACEFFAddOn.dll.vir (Adware.DoubleD.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Qoobox\Quarantine\C\Program Files\Content Management Wizard\1.1.0.1990\cmwsh.dll.vir (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Qoobox\Quarantine\C\Program Files\Customized Platform Advancer\4.1.0.1960\FF\components\CPAFFAddOn.dll.vir (Adware.DoubleD.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Qoobox\Quarantine\C\Program Files\QuestService\uninstall.exe.vir (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\_OTL\MovedFiles\02092012_173145\C_Users\McBong\AppData\Roaming\Media Center Programs\{0233F724-B519-4E95-A0B9-3520E9F97DA8}\UpgradeChecker.exe (Trojan.VUPX.ON) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\_OTL\MovedFiles\02092012_173145\C_Users\McBong\AppData\Roaming\Mozilla\Firefox\firefox.exe (Trojan.Dropper) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\McBong\Favorites\MyQuickFinder.url (Malware.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\Mozilla Firefox\searchplugins\questservice115.xml (Adware.DoubleD) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

markusg 09.02.2012 20:51
lade den CCleaner standard:
CCleaner Download - CCleaner 3.15.1643
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

legte 10.02.2012 09:59
bin das ganze we unterwegs, antwort also erst sonntag abend bzw. montag

markusg 10.02.2012 11:58
falls ich es übersehe, private nachicht bitte.


Alle Zeitangaben in WEZ +1. Es ist jetzt 16:11 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19