Morgen :)
Die Umleitungen sind immer noch nicht weg .... T T
Hier die Logs:
Combofix: Code:
ComboFix 12-11-24.02 - t.dung 25.11.2012 2:47.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3066.1418 [GMT 1:00]
ausgeführt von:: c:\users\t.dung\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\t.dung\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\etc\hosts.ics
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-10-25 bis 2012-11-25 ))))))))))))))))))))))))))))))
.
.
2012-11-25 02:35 . 2012-11-25 02:37 -------- d-----w- c:\users\t.dung\AppData\Local\temp
2012-11-25 02:35 . 2012-11-25 02:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-24 23:08 . 2012-11-24 23:08 -------- d-----w- c:\users\t.dung\AppData\Roaming\Avira
2012-11-24 23:04 . 2012-11-24 23:04 -------- d-----w- c:\program files\Avira
2012-11-23 17:48 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{19E0A280-E2D3-4A3B-921C-DBC991BB81C3}\mpengine.dll
2012-11-23 16:10 . 2012-11-23 16:09 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-11-22 05:54 . 2012-11-22 05:54 -------- d-----w- c:\program files\ESET
2012-11-21 12:53 . 2012-11-21 12:53 -------- d-----w- c:\program files\LogMeIn Hamachi
2012-11-16 17:03 . 2012-09-25 16:19 75776 ----a-w- c:\windows\system32\synceng.dll
2012-11-16 17:02 . 2012-10-12 14:29 2047488 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-23 16:09 . 2012-09-07 13:24 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-11-23 16:09 . 2010-05-12 16:54 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-11-20 18:37 . 2012-09-05 19:40 6400 ----a-w- c:\programdata\NanoRepository.bin
2012-11-07 15:03 . 2012-02-14 20:49 36552 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-11-07 15:03 . 2012-02-14 20:49 133824 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-11-07 15:03 . 2012-02-14 20:49 83432 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-10-09 18:25 . 2012-04-12 09:00 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 18:25 . 2011-06-20 18:49 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-09 18:25 . 2012-09-21 15:25 10220472 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-09-29 09:32 . 2009-06-13 13:45 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-09-13 13:28 . 2012-10-10 08:38 2048 ----a-w- c:\windows\system32\tzres.dll
2012-08-29 11:27 . 2012-10-10 08:38 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-29 11:27 . 2012-10-10 08:38 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2007-01-25 01:52 . 2007-01-25 01:52 65536 ----a-w- c:\program files\Common Files\NMSAccessU.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="c:\program files\Packard Bell\SetupMyPC\SmpSys.exe" [2009-03-18 1160736]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-24 68856]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2011-10-26 2816328]
"Akamai NetSession Interface"="c:\users\t.dung\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe" [2008-11-06 474168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-10 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-10 92704]
"VideoWebCamera"="c:\program files\VideoWebCamera\VideoWebCamera.exe" [2009-04-02 1552497]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-02-19 866824]
"BackupManagerTray"="c:\program files\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" [2009-03-09 250624]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-10-17 91432]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"Acer ePower Management"="c:\program files\Packard Bell\Packard Bell PowerSave Solution\ePowerTrayLauncher.exe" [2009-04-15 440864]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2012-09-29 296096]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-11-19 2254768]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-11-06 384800]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Pando Media Booster"=c:\program files\Pando Networks\Media Booster\PMB.exe
"BitTorrent DNA"="c:\users\t.dung\Program Files\DNA\btdna.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Akamai REG_MULTI_SZ Akamai
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
2012-11-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 18:25]
.
2012-11-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 20:04]
.
2012-11-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 20:04]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0609&m=easynote_tj66
uInternet Settings,ProxyOverride = <local>
IE: Free YouTube Download - c:\users\t.dung\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-11-25 03:36
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_ce5ba24.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2012-11-25 03:52:24
ComboFix-quarantined-files.txt 2012-11-25 02:52
ComboFix2.txt 2012-11-23 17:42
ComboFix3.txt 2012-11-21 14:27
.
Vor Suchlauf: 26 Verzeichnis(se), 131.359.502.336 Bytes frei
Nach Suchlauf: 27 Verzeichnis(se), 131.532.443.648 Bytes frei
.
- - End Of File - - 078413B0DC74A9A18776CEA50B3F8080
OTL Fix Log 11252012_102549: Code:
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8B63A8D6-BBED-4341-8867-790E5F524C96}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8B63A8D6-BBED-4341-8867-790E5F524C96}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9B6103C1-F818-48a8-9683-314055BE6075}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9B6103C1-F818-48a8-9683-314055BE6075}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
File C:\Users\t.dung\AppData\Roaming\mozilla\firefox\profiles\ls5c6otl.default\searchplugins\MyStart Search.xml not found.
File C:\Users\t.dung\AppData\Roaming\mozilla\firefox\profiles\ls5c6otl.default\searchplugins\sweetim.xml not found.
C:\ProgramData\-7ADZ5g9QZthTedr moved successfully.
C:\ProgramData\-7ADZ5g9QZthTed moved successfully.
C:\ProgramData\7ADZ5g9QZthTed moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
User: t.dung
->Temp folder emptied: 2178270 bytes
->Temporary Internet Files folder emptied: 7914725 bytes
->Java cache emptied: 33205014 bytes
->Apple Safari cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 70706 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 41,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 11252012_102549
Files\Folders moved on Reboot...
File\Folder C:\Users\t.dung\AppData\Local\Temp\fla21E6.tmp not found!
File\Folder C:\Users\t.dung\AppData\Local\Temp\fla486C.tmp not found!
File\Folder C:\Users\t.dung\AppData\Local\Temp\fla76F9.tmp not found!
File\Folder C:\Users\t.dung\AppData\Local\Temp\fla81B5.tmp not found!
File\Folder C:\Users\t.dung\AppData\Local\Temp\fla8971.tmp not found!
File\Folder C:\Users\t.dung\AppData\Local\Temp\flaD1D3.tmp not found!
File\Folder C:\Users\t.dung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content(2955).IE5\KOE04USQ\14014173.271444916;ac.1346872510-2817964;wi.300;hi.250;cp.0.022633;01;ai.114014173.271444916;ct.1_01_href=http___tracking.metalyzer.com_cunda_shop_forwarding[1].htm not found!
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
AdwCleaner: Code:
# AdwCleaner v2.009 - Datei am 25/11/2012 um 10:33:46 erstellt
# Aktualisiert am 24/11/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : t.dung - TDUNG-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\t.dung\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\user.js
Datei Gelöscht : C:\Users\Public\Desktop\eBay.lnk
Ordner Gelöscht : C:\Program Files\ICQ6Toolbar
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\Users\t.dung\AppData\Local\Ilivid Player
Ordner Gelöscht : C:\Users\t.dung\AppData\Local\OpenCandy
Ordner Gelöscht : C:\Users\t.dung\AppData\LocalLow\boost_interprocess
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Headlight
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2604146
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\ImInstaller
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com
-\\ Opera v [Version kann nicht ermittelt werden]
Datei : C:\Users\t.dung\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [1649 octets] - [25/11/2012 10:33:46]
########## EOF - C:\AdwCleaner[S1].txt - [1709 octets] ##########
OTL: Code:
OTL logfile created on: 25.11.2012 10:51:31 - Run 6
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\t.dung\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,99 Gb Total Physical Memory | 1,52 Gb Available Physical Memory | 50,87% Memory free
6,19 Gb Paging File | 4,54 Gb Available in Paging File | 73,31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288,32 Gb Total Space | 122,43 Gb Free Space | 42,46% Space Free | Partition Type: NTFS
Computer Name: TDUNG-PC | User Name: t.dung | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\t.dung\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
PRC - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Users\t.dung\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe (Giraffic)
PRC - C:\Program Files\Giraffic\Veoh_Giraffic.exe (Giraffic)
PRC - C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerTray.exe (Acer Incorporated)
PRC - C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerSvc.exe (Acer Incorporated)
PRC - C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerEvent.exe (Acer Incorporated)
PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Packard Bell\SetupMyPC\SmpSys.exe (Acer Incorporated)
PRC - C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe (Conexant Systems, Inc.)
PRC - C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
PRC - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
PRC - C:\Program Files\Common Files\NMSAccessU.exe ()
========== Modules (No Company Name) ==========
MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files\Veoh Networks\VeohWebPlayer\QtNetwork4.dll ()
MOD - C:\Program Files\Veoh Networks\VeohWebPlayer\QtWebKit4.dll ()
MOD - C:\Program Files\Veoh Networks\VeohWebPlayer\QtScript4.dll ()
MOD - C:\Program Files\Veoh Networks\VeohWebPlayer\phonon4.dll ()
MOD - C:\Program Files\Veoh Networks\VeohWebPlayer\QtGui4.dll ()
MOD - C:\Program Files\Veoh Networks\VeohWebPlayer\QtCore4.dll ()
MOD - C:\Program Files\WinRAR\rarext.dll ()
MOD - C:\Program Files\Veoh Networks\VeohWebPlayer\imageformats\qjpeg4.dll ()
MOD - C:\Program Files\Veoh Networks\VeohWebPlayer\imageformats\qgif4.dll ()
MOD - C:\Program Files\VideoWebCamera\Utility.dll ()
MOD - C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\sqlite3.dll ()
MOD - C:\Program Files\Launch Manager\PowerUtl.dll ()
========== Services (SafeList) ==========
SRV - (Hamachi2Svc) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_ce5ba24.dll ()
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Giraffic) -- C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe (Giraffic)
SRV - (TuneUp.Defrag) -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (TeamViewer5) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (ePowerSvc) -- C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerSvc.exe (Acer Incorporated)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (NTI IScheduleSvc) -- C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (AdobeActiveFileMonitor6.0) -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
SRV - (NMSAccessU) -- C:\Program Files\Common Files\NMSAccessU.exe ()
========== Driver Services (SafeList) ==========
DRV - (XDva380) -- C:\Windows\system32\XDva380.sys File not found
DRV - (XDva375) -- C:\Windows\system32\XDva375.sys File not found
DRV - (XDva370) -- C:\Windows\system32\XDva370.sys File not found
DRV - (XDva358) -- C:\Windows\system32\XDva358.sys File not found
DRV - (XDva354) -- C:\Windows\system32\XDva354.sys File not found
DRV - (XDva352) -- C:\Windows\system32\XDva352.sys File not found
DRV - (XDva351) -- C:\Windows\system32\XDva351.sys File not found
DRV - (XDva349) -- C:\Windows\system32\XDva349.sys File not found
DRV - (XDva347) -- C:\Windows\system32\XDva347.sys File not found
DRV - (XDva346) -- C:\Windows\system32\XDva346.sys File not found
DRV - (XDva343) -- C:\Windows\system32\XDva343.sys File not found
DRV - (XDva341) -- C:\Windows\system32\XDva341.sys File not found
DRV - (XDva337) -- C:\Windows\system32\XDva337.sys File not found
DRV - (XDva332) -- C:\Windows\system32\XDva332.sys File not found
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (NLNdisPT) -- system32\DRIVERS\nlndis.sys File not found
DRV - (NLNdisMP) -- system32\DRIVERS\nlndis.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (EagleXNt) -- C:\Windows\system32\drivers\EagleXNt.sys File not found
DRV - (EagleNT) -- C:\Windows\system32\drivers\EagleNT.sys File not found
DRV - (catchme) -- C:\Users\TDADB~1.DUN\AppData\Local\Temp\catchme.sys File not found
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (ANDModem) -- C:\Windows\System32\drivers\lgandmodem.sys (LG Electronics Inc.)
DRV - (AndDiag) -- C:\Windows\System32\drivers\lganddiag.sys (LG Electronics Inc.)
DRV - (AndGps) -- C:\Windows\System32\drivers\lgandgps.sys (LG Electronics Inc.)
DRV - (Andbus) -- C:\Windows\System32\drivers\lgandbus.sys (LG Electronics Inc.)
DRV - (androidusb) -- C:\Windows\System32\drivers\lgandadb.sys (Google Inc)
DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (NETw5v32) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (k57nd60x) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0609&m=easynote_tj66
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {860F2751-420C-4F95-8B0B-07D986B0125A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes\{539C11B5-7A97-4A07-8468-073E6EAAFFB9}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW
IE - HKCU\..\SearchScopes\{860F2751-420C-4F95-8B0B-07D986B0125A}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACPW_deDE342DE342
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\t.dung\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.09.29 10:32:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.04.08 14:41:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.09.29 10:32:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\t.dung\Program Files\DNA [2012.09.07 08:47:25 | 000,000,000 | ---D | M]
[2012.11.25 01:55:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\t.dung\AppData\Roaming\mozilla\Firefox\Profiles\ls5c6otl.default\extensions
[2012.05.07 15:27:09 | 000,060,243 | -H-- | M] () (No name found) -- C:\Users\t.dung\AppData\Roaming\mozilla\firefox\profiles\ls5c6otl.default\extensions\{45d8ff86-d909-11db-9705-005056c00008}.xpi
[2012.11.25 01:55:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2009.10.26 21:22:13 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.09.07 14:24:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2009.10.22 16:15:35 | 000,000,000 | ---D | M] (FirefoxHelper) -- C:\Program Files\mozilla firefox\extensions\firefoxhelper@mozilla.org
[2010.12.28 20:10:39 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files\mozilla firefox\extensions\KavAntiBanner@kaspersky.ru_bak
[2010.12.28 20:10:25 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Program Files\mozilla firefox\extensions\linkfilter@kaspersky.ru_bak
[2012.09.29 10:32:26 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
O1 HOSTS File: ([2012.11.25 03:35:48 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [Acer ePower Management] C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerTrayLauncher.exe (Acer Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe (Conexant Systems, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] c:\Program Files\CyberLink\PowerDVD8\Language\Language.exe ()
O4 - HKLM..\Run: [RemoteControl8] c:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VideoWebCamera] C:\Program Files\VideoWebCamera\VideoWebCamera.exe (Suyin)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\t.dung\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetupMyPC\SmpSys.exe (Acer Incorporated)
O4 - HKCU..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 5
O8 - Extra context menu item: Free YouTube Download - C:\Users\t.dung\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{848DEB77-6767-4AB8-821C-490AC8438F8F}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{99316BF3-6B18-43A7-A84D-4F0446665C57}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012.11.25 10:46:44 | 000,000,000 | R--D | C] -- C:\Users\t.dung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
[2012.11.25 10:25:49 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.11.25 03:53:01 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.11.25 03:52:47 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.11.25 03:35:15 | 000,000,000 | ---D | C] -- C:\Users\t.dung\AppData\Local\temp
[2012.11.25 02:36:47 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012.11.25 02:33:27 | 005,006,466 | R--- | C] (Swearware) -- C:\Users\t.dung\Desktop\ComboFix.exe
[2012.11.25 00:31:45 | 000,000,000 | ---D | C] -- C:\Users\t.dung\Desktop\temp
[2012.11.25 00:31:45 | 000,000,000 | ---D | C] -- C:\Users\t.dung\Desktop\install
[2012.11.25 00:31:26 | 002,208,104 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Users\t.dung\Desktop\fusebundle.exe
[2012.11.25 00:08:46 | 000,000,000 | ---D | C] -- C:\Users\t.dung\AppData\Roaming\Avira
[2012.11.25 00:04:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.11.25 00:04:27 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012.11.24 22:45:49 | 000,000,000 | ---D | C] -- C:\Users\t.dung\Desktop\avira_registry_cleaner_de
[2012.11.24 22:45:42 | 000,450,768 | ---- | C] (Avira GmbH) -- C:\Users\t.dung\Desktop\RegCleaner.exe
[2012.11.24 22:45:42 | 000,000,000 | ---D | C] -- C:\Users\t.dung\Desktop\de-de
[2012.11.23 17:10:54 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012.11.23 17:10:02 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012.11.23 17:10:02 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012.11.23 17:10:02 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012.11.23 17:05:12 | 000,895,464 | ---- | C] (Oracle Corporation) -- C:\Users\t.dung\Desktop\jxpiinstall.exe
[2012.11.23 16:43:44 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012.11.23 16:09:53 | 000,000,000 | ---D | C] -- C:\Users\t.dung\Desktop\javara-2.0
[2012.11.23 14:14:35 | 019,231,504 | ---- | C] (Mozilla) -- C:\Users\t.dung\Desktop\Firefox Setup 17.0.exe
[2012.11.22 21:40:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\t.dung\Desktop\OTL.exe
[2012.11.22 06:54:49 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.11.21 20:46:21 | 002,322,184 | ---- | C] (ESET) -- C:\Users\t.dung\Desktop\esetsmartinstaller_enu.exe
[2012.11.21 14:05:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.11.21 14:05:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.11.21 14:05:51 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.11.21 14:02:08 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.11.21 14:00:44 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.11.21 13:53:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012.11.21 13:53:48 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi
[2012.11.20 19:18:29 | 000,000,000 | ---D | C] -- C:\Users\t.dung\Desktop\Neuer Ordner (4)
[2012.11.20 19:18:13 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\t.dung\Desktop\aswMBR.exe
[2012.11.16 22:25:44 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.11.16 22:25:43 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.11.16 22:25:43 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.11.16 22:25:42 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.11.16 22:25:42 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.11.16 22:25:40 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.11.16 22:25:40 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.11.16 22:25:38 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.11.16 18:03:26 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll
[2012.11.16 18:02:50 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
========== Files - Modified Within 30 Days ==========
[2012.11.25 10:52:15 | 000,671,674 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.11.25 10:52:15 | 000,632,364 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.11.25 10:52:15 | 000,144,810 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.11.25 10:52:15 | 000,118,990 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.11.25 10:46:34 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.25 10:46:00 | 000,000,436 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2012.11.25 10:45:36 | 000,079,942 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.11.25 10:45:36 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.25 10:45:36 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.25 10:45:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.25 10:32:18 | 000,480,125 | ---- | M] () -- C:\Users\t.dung\Desktop\adwcleaner.exe
[2012.11.25 10:28:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.25 10:25:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.25 03:35:48 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.11.25 02:33:41 | 005,006,466 | R--- | M] (Swearware) -- C:\Users\t.dung\Desktop\ComboFix.exe
[2012.11.25 01:50:29 | 000,020,824 | ---- | M] () -- C:\Users\t.dung\firefox lesezeichen.rtf
[2012.11.25 01:06:26 | 000,238,143 | ---- | M] () -- C:\Users\t.dung\Documents\bookmarks.html
[2012.11.25 00:30:38 | 000,906,493 | ---- | M] () -- C:\Users\t.dung\Desktop\avira_fusebundlegen-win32-en.zip
[2012.11.25 00:25:26 | 000,001,029 | ---- | M] () -- C:\Users\t.dung\Desktop\Avira Produkt Update.lnk
[2012.11.25 00:06:44 | 000,354,360 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.11.25 00:04:33 | 000,001,849 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.11.24 22:45:27 | 000,088,626 | ---- | M] () -- C:\Users\t.dung\Desktop\avira_registry_cleaner_de.zip
[2012.11.24 22:32:59 | 105,142,912 | ---- | M] () -- C:\Users\t.dung\Desktop\avira_free_antivirus_de.exe
[2012.11.23 17:09:33 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012.11.23 17:09:20 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012.11.23 17:09:20 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012.11.23 17:09:17 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012.11.23 17:09:14 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll
[2012.11.23 17:09:14 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2012.11.23 17:05:29 | 000,895,464 | ---- | M] (Oracle Corporation) -- C:\Users\t.dung\Desktop\jxpiinstall.exe
[2012.11.23 16:09:19 | 000,135,237 | ---- | M] () -- C:\Users\t.dung\Desktop\javara-2.0.zip
[2012.11.23 14:15:39 | 019,231,504 | ---- | M] (Mozilla) -- C:\Users\t.dung\Desktop\Firefox Setup 17.0.exe
[2012.11.22 21:40:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\t.dung\Desktop\OTL.exe
[2012.11.22 06:48:16 | 414,289,096 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.11.21 20:46:21 | 002,322,184 | ---- | M] (ESET) -- C:\Users\t.dung\Desktop\esetsmartinstaller_enu.exe
[2012.11.21 13:53:49 | 000,000,809 | ---- | M] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
[2012.11.20 19:37:07 | 000,006,400 | ---- | M] () -- C:\ProgramData\NanoRepository.bin
[2012.11.20 19:18:50 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\t.dung\Desktop\aswMBR.exe
[2012.11.16 20:05:41 | 000,302,592 | ---- | M] () -- C:\Users\t.dung\Desktop\wj3feti9.exe
[2012.11.16 19:06:23 | 000,000,000 | ---- | M] () -- C:\Users\t.dung\defogger_reenable
[2012.11.16 19:05:26 | 000,050,477 | ---- | M] () -- C:\Users\t.dung\Desktop\Defogger.exe
[2012.11.07 16:03:24 | 000,133,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2012.11.07 16:03:24 | 000,083,432 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.11.07 16:03:24 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.10.26 18:17:06 | 000,006,400 | ---- | M] () -- C:\ProgramData\NanoRepository.bin.bak
========== Files Created - No Company Name ==========
[2012.11.25 10:32:18 | 000,480,125 | ---- | C] () -- C:\Users\t.dung\Desktop\adwcleaner.exe
[2012.11.25 01:50:29 | 000,020,824 | ---- | C] () -- C:\Users\t.dung\firefox lesezeichen.rtf
[2012.11.25 01:06:25 | 000,238,143 | ---- | C] () -- C:\Users\t.dung\Documents\bookmarks.html
[2012.11.25 00:31:26 | 000,005,018 | ---- | C] () -- C:\Users\t.dung\Desktop\fusebundle_msg.avr
[2012.11.25 00:31:26 | 000,001,209 | ---- | C] () -- C:\Users\t.dung\Desktop\fusebundle.conf
[2012.11.25 00:30:30 | 000,906,493 | ---- | C] () -- C:\Users\t.dung\Desktop\avira_fusebundlegen-win32-en.zip
[2012.11.25 00:20:48 | 000,001,029 | ---- | C] () -- C:\Users\t.dung\Desktop\Avira Produkt Update.lnk
[2012.11.25 00:04:33 | 000,001,849 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.11.24 22:45:42 | 000,000,551 | ---- | C] () -- C:\Users\t.dung\Desktop\build.dat
[2012.11.24 22:45:26 | 000,088,626 | ---- | C] () -- C:\Users\t.dung\Desktop\avira_registry_cleaner_de.zip
[2012.11.24 21:54:14 | 105,142,912 | ---- | C] () -- C:\Users\t.dung\Desktop\avira_free_antivirus_de.exe
[2012.11.23 16:09:12 | 000,135,237 | ---- | C] () -- C:\Users\t.dung\Desktop\javara-2.0.zip
[2012.11.22 06:48:16 | 414,289,096 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.11.21 14:05:51 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.11.21 14:05:51 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.11.21 14:05:51 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.11.21 14:05:51 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.11.21 14:05:51 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.11.16 20:05:41 | 000,302,592 | ---- | C] () -- C:\Users\t.dung\Desktop\wj3feti9.exe
[2012.11.16 19:06:23 | 000,000,000 | ---- | C] () -- C:\Users\t.dung\defogger_reenable
[2012.11.16 19:05:26 | 000,050,477 | ---- | C] () -- C:\Users\t.dung\Desktop\Defogger.exe
[2012.10.08 19:18:12 | 000,011,872 | ---- | C] () -- C:\Users\t.dung\bewerbungt 1.odt
[2012.10.08 17:09:30 | 000,010,261 | ---- | C] () -- C:\Users\t.dung\Lebenslauf.odt
[2012.09.21 21:16:15 | 000,005,441 | ---- | C] () -- C:\Users\t.dung\safe_image[3].jpg
[2012.09.08 14:31:21 | 000,354,360 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.09.05 20:40:24 | 000,006,400 | ---- | C] () -- C:\ProgramData\NanoRepository.bin.bak
[2012.09.05 20:40:24 | 000,006,400 | ---- | C] () -- C:\ProgramData\NanoRepository.bin
[2012.08.31 01:31:58 | 000,719,644 | ---- | C] () -- C:\Users\t.dung\bio.rtf
[2012.08.03 19:21:03 | 000,000,000 | ---- | C] () -- C:\ProgramData\0x0304A000.sfl
[2012.07.30 13:44:30 | 000,229,470 | ---- | C] () -- C:\Users\t.dung\beelzebub-3380623.jpg
[2012.05.17 22:45:44 | 000,003,089 | ---- | C] () -- C:\Users\t.dung\songs.rtf
[2012.05.13 10:42:31 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2012.05.03 16:46:42 | 000,000,167 | ---- | C] () -- C:\Users\t.dung\fr8tz.rtf
[2012.01.28 17:39:14 | 000,000,000 | ---- | C] () -- C:\Users\t.dung\AppData\Local\{2741957C-0A26-4715-A593-AEB61F61C992}
[2011.12.31 16:37:46 | 000,000,185 | ---- | C] () -- C:\Users\t.dung\grkushf.rtf
[2011.11.15 14:28:38 | 000,224,844 | ---- | C] () -- C:\Users\t.dung\Chemie.odt
[2011.09.27 04:37:13 | 000,002,728 | ---- | C] () -- C:\Users\t.dung\.recently-used.xbel
[2011.09.26 22:31:21 | 000,018,082 | ---- | C] () -- C:\Users\t.dung\kloster_corin2_01.jpg
[2011.09.02 22:54:22 | 000,000,277 | ---- | C] () -- C:\Users\t.dung\Gedanken.rtf
[2011.08.29 21:32:52 | 000,000,356 | ---- | C] () -- C:\Users\t.dung\dieser SATZ !!!.rtf
[2011.08.26 16:07:30 | 000,000,354 | ---- | C] () -- C:\Users\t.dung\ort in berlin.rtf
[2011.08.17 21:27:01 | 000,012,614 | ---- | C] () -- C:\Users\t.dung\scheiß elli, hure.rtf
[2011.08.11 22:13:17 | 000,012,499 | ---- | C] () -- C:\Users\t.dung\an.rtf
[2011.08.07 11:01:06 | 001,245,491 | ---- | C] () -- C:\Users\t.dung\ydfh bdf.JPG
[2011.08.04 12:01:04 | 000,000,624 | ---- | C] () -- C:\Users\t.dung\Ich.rtf
[2011.07.26 00:12:28 | 000,036,112 | ---- | C] () -- C:\Users\t.dung\ende mit.rtf
[2011.06.10 15:32:01 | 000,001,987 | ---- | C] () -- C:\Users\t.dung\antrag auf rücktritt.rtf
[2011.06.09 18:45:04 | 000,002,699 | ---- | C] () -- C:\Users\t.dung\fritzbox einstellungen.rtf
[2011.05.05 19:18:01 | 000,066,808 | ---- | C] () -- C:\Users\t.dung\spirited_away_006.jpg
[2011.05.05 19:15:49 | 000,230,993 | ---- | C] () -- C:\Users\t.dung\Chihiros Reise ins Zauberland.jpg
[2011.04.30 15:20:43 | 000,086,004 | ---- | C] () -- C:\Users\t.dung\parasyte-1169925.jpg
[2011.03.11 21:50:40 | 026,128,352 | ---- | C] () -- C:\Users\t.dung\DSCN1910.AVI
[2010.11.06 18:57:19 | 000,367,254 | ---- | C] () -- C:\Users\t.dung\AppData\Local\TempBeispiel 5.bmp
[2010.11.06 18:55:33 | 000,095,572 | ---- | C] () -- C:\Users\t.dung\AppData\Local\Tempsexy-manga-1-4.jpg
[2010.05.28 11:32:48 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.05.17 07:04:00 | 000,001,332 | ---- | C] () -- C:\Users\t.dung\Aktuelle Wiedergabe1.wpl
[2010.02.01 18:04:35 | 000,000,330 | ---- | C] () -- C:\Users\t.dung\gmxnr.rtf
[2010.01.27 18:53:01 | 000,118,805 | ---- | C] () -- C:\Users\t.dung\castle-jinmeri sheet.pdf
[2010.01.20 07:40:48 | 000,002,741 | ---- | C] () -- C:\Users\t.dung\Aktuelle Wiedergabe.wpl
[2010.01.14 07:42:23 | 000,000,438 | ---- | C] () -- C:\Users\t.dung\quellen nihei.rtf
[2010.01.13 07:49:28 | 000,002,030 | ---- | C] () -- C:\Users\t.dung\weerke.rtf
[2010.01.13 07:49:17 | 000,000,780 | ---- | C] () -- C:\Users\t.dung\nuhei.rtf
[2010.01.12 21:01:26 | 000,002,011 | ---- | C] () -- C:\Users\t.dung\tsutomu nihei werke.rtf
[2010.01.10 22:53:28 | 000,002,269 | ---- | C] () -- C:\Users\t.dung\tsutomu nihei.rtf
[2010.01.06 07:02:16 | 000,002,665 | ---- | C] () -- C:\Users\t.dung\frauen kafka.rtf
[2010.01.03 17:40:02 | 000,000,982 | ---- | C] () -- C:\Users\t.dung\elli infos.rtf
[2009.12.23 18:09:34 | 000,000,344 | ---- | C] () -- C:\Users\t.dung\flyff dialog XD.rtf
[2009.12.14 23:59:18 | 000,008,556 | ---- | C] () -- C:\Users\t.dung\heinrich.rtf
[2009.12.13 22:45:10 | 000,000,553 | ---- | C] () -- C:\Users\t.dung\termine.rtf
[2009.11.15 20:02:14 | 000,007,123 | -HS- | C] () -- C:\Users\t.dung\Folder.jpg
[2009.11.15 20:02:14 | 000,007,123 | -HS- | C] () -- C:\Users\t.dung\AlbumArt_{0FA16295-43E1-48B8-B2D1-EA960B18B30C}_Large.jpg
[2009.11.15 20:02:14 | 000,001,982 | -HS- | C] () -- C:\Users\t.dung\AlbumArtSmall.jpg
[2009.11.15 20:02:14 | 000,001,982 | -HS- | C] () -- C:\Users\t.dung\AlbumArt_{0FA16295-43E1-48B8-B2D1-EA960B18B30C}_Small.jpg
[2009.10.28 23:48:34 | 000,247,431 | ---- | C] () -- C:\Users\t.dung\Unbenannt merry.wma
[2009.10.26 20:56:36 | 006,262,762 | ---- | C] () -- C:\Users\t.dung\05-polysics-kaja_kaja_goo.mp3
[2009.10.04 08:45:08 | 000,000,552 | ---- | C] () -- C:\Users\t.dung\AppData\Local\d3d8caps.dat
[2009.09.10 14:27:29 | 000,001,356 | ---- | C] () -- C:\Users\t.dung\AppData\Local\d3d9caps.dat
[2009.09.07 13:58:15 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.08.30 15:34:22 | 1029,197,824 | ---- | C] () -- C:\Users\t.dung\VTS_03_1.VOB
[2009.08.30 15:34:21 | 000,001,980 | ---- | C] () -- C:\Users\t.dung\Visubands.rtf
[2009.08.30 15:34:19 | 000,000,496 | ---- | C] () -- C:\Users\t.dung\musicliste.rtf
[2009.08.24 21:22:46 | 000,130,560 | ---- | C] () -- C:\Users\t.dung\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.06.13 14:29:50 | 000,079,942 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.06.13 14:29:44 | 000,079,942 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2007.01.25 02:52:26 | 000,065,536 | ---- | C] () -- C:\Program Files\Common Files\NMSAccessU.exe
========== ZeroAccess Check ==========
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== Alternate Data Streams ==========
@Alternate Data Stream - 64 bytes -> C:\Users\t.dung\VTS_03_1.VOB:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\t.dung\DSCN1910.AVI:TOC.WMV
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:0651F96C
@Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:F63A059B
< End of report > Extras: Code:
OTL Extras logfile created on: 25.11.2012 10:51:31 - Run 6
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\t.dung\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,99 Gb Total Physical Memory | 1,52 Gb Available Physical Memory | 50,87% Memory free
6,19 Gb Paging File | 4,54 Gb Available in Paging File | 73,31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288,32 Gb Total Space | 122,43 Gb Free Space | 42,46% Space Free | Partition Type: NTFS
Computer Name: TDUNG-PC | User Name: t.dung | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00301B2F-9A85-478D-ADC9-F2DA9C01ECF1}" = rport=2869 | protocol=6 | dir=out | app=system |
"{04874073-7CAF-4A7A-A16C-39147171F85F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0DCFF7E8-E9BA-43A2-80A1-0E59859EC497}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{0E0A3944-3718-48D3-9464-215F928E599E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{17E15091-B784-4BD2-9854-DDFCBCA0E93E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1814E8FD-FB24-4C73-86BB-602FBFF28406}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=c:\windows\system32\svchost.exe |
"{27DC23C0-108B-4BBC-82BF-2D70DBAB4F59}" = lport=49177 | protocol=6 | dir=in | name=akamai netsession interface |
"{30BE9797-CB63-456E-88FB-EBEBADE08430}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{3DD07163-DB56-492D-A736-1E52D6F92ABA}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{46682535-74FC-4804-BE6A-CD983FF7F439}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{49E5EE38-C0F3-467D-9E64-C2B71522D0A0}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{55425BC0-D33F-4E8E-90CE-3E1F7EDDCCD6}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=c:\windows\system32\svchost.exe |
"{631B22F9-11A4-4DF9-9C27-553FFB89C453}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{7687FB33-BAD6-41E0-B0DC-5A47085B2425}" = lport=49185 | protocol=6 | dir=in | name=akamai netsession interface |
"{78F3AA63-C09A-4959-A9FB-EB0DCE0EC843}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=c:\windows\system32\svchost.exe |
"{7AA0920A-18A0-4677-9D2D-009A895D81D9}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{85936755-AF83-478D-9281-23F52C080D87}" = lport=2869 | protocol=6 | dir=in | app=system |
"{87D24086-5D81-4A1A-B743-826734BA873B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{88DFC6DA-DD93-4720-B100-2A45333C5E9E}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{AE41CA38-443F-4E6D-B954-41030968C8BA}" = lport=67 | protocol=17 | dir=in | name=dhcp discovery service |
"{B4D05A89-E3BC-400F-AE0E-E0EDFBCE7411}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{BD4F18FE-F333-401D-A6F1-A2FB78D8923C}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{CD3661AE-E683-4C8F-8C8F-C183B8738250}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{D4802EA6-0211-4AE1-A6DF-DF7FD3E9713F}" = lport=49977 | protocol=6 | dir=in | name=akamai netsession interface |
"{DF1BD78F-6CC4-42B0-9389-9E6ACD608132}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{E9469BA3-09E3-4C6D-8B51-78F6F77874AA}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=c:\windows\system32\svchost.exe |
"{EB4E5E13-9512-4C81-B4CA-21D07D28063A}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{F1B29396-EDC1-4473-896E-39C75AE82DEF}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{045FB334-7578-4F12-BD4A-07A5652C8B16}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{119B4D9B-A9DE-4981-A1FA-D16A3027494F}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"{14CF75CF-FBEB-478E-8307-EE4433CBD618}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{16A4861A-AA4A-46F2-912B-126051A09435}" = protocol=17 | dir=in | app=c:\program files\gameforge4d\elsword_de\data\x2.exe |
"{1EB12BE3-CCD3-4EA1-898B-46F6200DD605}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{26B1F04B-E80B-488B-A9E2-61398C78C253}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{28107E13-35DB-4F6E-B9AA-D1363C12DD47}" = protocol=6 | dir=in | app=c:\program files\gameforge4d\elsword_de\data\x2.exe |
"{29B635A2-2F2D-4009-8FD9-ED70B0C88519}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{2FD5E674-892D-445F-8997-A3B41A9E4968}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{314DC154-1DE6-4395-90FF-E8A390189167}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{424BBE6D-78E1-406D-99D6-B6A174459F2E}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{42C78116-E29B-4055-A33C-3EAAFEAF84DA}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{45AC146B-FEB2-4B9D-9767-B5C505B900D2}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe |
"{4B5A7CC6-EC18-4E86-B573-D8B673E6EF34}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{4EF96C7C-2CA5-4E12-8C38-36B725335489}" = dir=in | app=c:\program files\cyberlink\powerdvd8\powerdvd8.exe |
"{51E424E8-C9FB-4601-94A9-6E9D84E5A911}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{520EDC86-EE62-455A-85F6-555668667106}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{5F9B8D23-9240-4BA0-8633-8366EF8CA825}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{5FE542EB-18AC-4979-B41B-2EC8A6F58B1E}" = protocol=6 | dir=in | app=c:\program files\giraffic\veoh_giraffic.exe |
"{61EB8BB7-5694-4A66-824C-05CB3D76D6F3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{64E4C831-CA97-499C-B238-8D108600FE29}" = protocol=6 | dir=in | app=c:\program files\giraffic\veoh_girafficwatchdog.exe |
"{6ECF214D-E1A6-4ECF-B31B-F269C5E0D298}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer_service.exe |
"{78922F1C-956E-4BE3-933C-8B2ADB62EE7F}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{8523839A-8760-4195-8ABD-03135066E812}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"{8A7B7522-D73F-47C9-8CEB-7557F23DB616}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{9406ECB2-248D-4E00-AFC2-204EE3D1EED8}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe |
"{954F1335-4CDE-41E9-8B87-1445D6F36FC0}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{A79C20D4-4938-4F93-9458-6BC97BA5EBD9}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{B21590E7-96E6-4CDA-B781-D56633BBE616}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{B335D1CE-21AB-494B-9EDC-02168AD2D300}" = protocol=17 | dir=in | app=c:\program files\gameforge4d\elsword_de\data\x2.exe |
"{B575E7F5-9CF8-497F-9020-1B92C375F707}" = protocol=6 | dir=in | app=c:\program files\gameforge4d\elsword_de\data\x2.exe |
"{BA3DF97D-D16B-4B46-B96E-D8B4F3E11A43}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{BD326DF9-9783-4B6D-B70F-5B75E35C0620}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BEF05DE3-A2A3-4330-8C49-A98DBEBB53F3}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer_service.exe |
"{C3184A17-53E3-4BC6-963F-798F49F412FD}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C869956C-320D-4888-9764-410D6E0E7965}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{CD25C6C2-BCE5-4106-941D-AB606C3442C6}" = protocol=17 | dir=in | app=c:\program files\giraffic\veoh_giraffic.exe |
"{D3603C44-5D7C-4AFC-9533-97CF8B487D78}" = protocol=17 | dir=in | app=c:\users\t.dung\appdata\local\akamai\netsession_win.exe |
"{D62854FD-5CAA-4F40-B749-25AB40C11F5B}" = protocol=6 | dir=in | app=c:\users\t.dung\appdata\local\akamai\netsession_win.exe |
"{E91BBCD3-663A-4574-8A59-D3358BE1ED58}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{F9FB3A41-A0E3-4379-9787-AFAB5B9EA221}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FEEADB9B-2069-46B9-B6E9-079E6F50EB29}" = protocol=17 | dir=in | app=c:\program files\giraffic\veoh_girafficwatchdog.exe |
"{FF1E95A8-4FA5-41D4-844F-458DC26D14E4}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"TCP Query User{2931268F-C893-4F11-9CFA-5A038405D425}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{3C0CF658-7210-4D4B-B87D-2288F6308F65}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{3E86B31A-F666-4F9F-984C-7CAEC6853270}E:\metin2 privat server\blacknight-mt2 client 1.2\lib\game\game.exe" = protocol=6 | dir=in | app=e:\metin2 privat server\blacknight-mt2 client 1.2\lib\game\game.exe |
"TCP Query User{59AEA3ED-76B4-4989-8E2F-440FE18817EC}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{72C83951-B207-4B31-BD80-E30A03A798DD}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |
"TCP Query User{752A0F10-225C-445E-8212-1A0735BA19A3}C:\users\t.dung\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\t.dung\program files\dna\btdna.exe |
"TCP Query User{A8DF7592-D65B-4309-B151-7EC8F7167AFD}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{02EA6A6F-5003-41A4-A2E8-8B7A9D628129}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{26D1DA44-5EDD-4FAA-83AB-FBB1FF93B34E}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{83F044C1-3890-40BA-966D-87F132A13F77}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |
"UDP Query User{DAC4F8E4-6AEF-4655-895B-748BB92F9F3E}C:\users\t.dung\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\t.dung\program files\dna\btdna.exe |
"UDP Query User{DC937AAB-6BE5-4892-B9B1-F034CF759AD4}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{E3D89688-C1D2-4FF6-BBDB-47AC961815D3}E:\metin2 privat server\blacknight-mt2 client 1.2\lib\game\game.exe" = protocol=17 | dir=in | app=e:\metin2 privat server\blacknight-mt2 client 1.2\lib\game\game.exe |
"UDP Query User{FEB7E17D-08B9-4683-9880-CEA1EF70BBCA}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{256FA7E0-D9C2-44FE-AA9E-42AE2CCC2D50}_is1" = Hello Kitty Online
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{292E65F1-E9F8-4416-90A6-5916A8C95672}_is1" = Hello Kitty Online Download Manager
"{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}" = LG United Mobile Driver
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Packard Bell PowerSave Solution
"{3E2C691B-B7E6-4053-B5C3-94B8BC407E7A}" = Adobe Premiere Elements 4.0
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5928359F-BF46-4646-BF19-B64E55171EB5}_is1" = FILSHtray Version 0.8
"{5C1BF3AC-B19D-4C26-B0A0-90833A521031}" = Nero 8 Essentials
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69F0CEA4-43E2-4CBB-92DF-41860A40A631}" = Formelrechner
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{7E210E1C-52A1-40E3-817B-D504E9F64DFA}_is1" = Flyff
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{94056AE8-EF0F-45E4-A1B4-D754115F8A28}" = Numedia CD-DVD writing as non-admin user
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AF0B106-56F1-461B-A270-95BC1682E282}" = Broadcom Gigabit NetLink Controller
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{9EBDAF91-DADA-47CE-94F2-F5B004007934}" = System Requirements Lab
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Video Web Camera
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB49B509-8FCA-45E6-9FB9-9E4AEEB8F148}" = System Requirements Lab CYRI
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{b2042d5e-986d-44ec-aee3-afe4108ccc93}" = Python 3.2
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}" = WebEx Support Manager for Internet Explorer
"{C3592426-531E-4110-911D-BFECE2CE284C}" = osu!
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C6254BE3-C3FE-4F2B-AB15-397170553FF2}" = Setup
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CAE017F8-C238-4397-879B-7FBB915D9457}" = LogMeIn Hamachi
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5E94E74-0D14-48F5-B1F4-F38BB37BEE9B}" = S4 League_EU
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster 2010
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{F5A4F780-DF0C-444F-BA82-637CCF5C8052}" = Windows Live Family Safety
"{F68A7F48-9F26-4FB1-A7C2-DF3C0F2D849C}" = Crazy Taxi
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F85C7118-F3DC-4ED9-AB27-3E7931EA3D88}" = Adobe Premiere Elements 4.0 Templates
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Akamai" = Akamai NetSession Interface
"Any Video Converter_is1" = Any Video Converter 2.7.6
"Audition Online1.2.6064" = Audition Online
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Cute CD DVD Burner V6.0" = Cute CD DVD Burner V6.0
"DivX Setup" = DivX-Setup
"Elsword_DE_is1" = Elsword_DE
"ESET Online Scanner" = ESET Online Scanner v3
"FantasyTennis" = FantasyTennis
"FlorensiaEN" = FlorensiaEN 1.10.26
"Free RAR Extract Frog 1.00" = Free RAR Extract Frog 1.00
"Free YouTube Download_is1" = Free YouTube Download 2.10
"Giraffic" = Veoh Giraffic Video Accelerator
"Grand Fantasia" = Grand Fantasia
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HyperCam 2" = HyperCam 2
"Identity Card" = Identity Card
"Infocenter" = Infocenter
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Packard Bell MyBackup
"LManager" = Launch Manager
"LogMeIn Hamachi" = LogMeIn Hamachi
"Mabinogi" = Mabinogi
"MAGIX 3D Maker D" = MAGIX 3D Maker (embeded)
"MAGIX Screenshare D" = MAGIX Screenshare 4.3.6.1987 (D)
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"MinecraftAlpha" = MinecraftAlpha
"NVIDIA Drivers" = NVIDIA Drivers
"Packard Bell Customer Registration" = Packard Bell Customer Registration
"PackardBell Screensaver" = PackardBell ScreenSaver
"PhotoLine_is1" = PhotoLine 15.5.0.0
"PremElem40" = Adobe Premiere Elements 4.0
"PremElem40Templates" = Adobe Premiere Elements 4.0 Templates
"RealPlayer 15.0" = RealPlayer
"SetupMyPC" = SetupMyPC
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamViewer 5" = TeamViewer 5
"Uninstall_is1" = Uninstall 1.0.0.1
"Updator" = Updator
"Veoh Web Player Beta" = Veoh Web Player
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"Xvid_is1" = Xvid 1.2.2 final uninstall
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"BitTorrent DNA" = DNA
"TeamSpeak 3 Client" = TeamSpeak 3 Client
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 25.11.2012 05:36:29 | Computer Name = tdung-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksdb.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 25.11.2012 05:36:29 | Computer Name = tdung-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksCal.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 25.11.2012 05:36:29 | Computer Name = tdung-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 25.11.2012 05:36:29 | Computer Name = tdung-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 25.11.2012 05:36:32 | Computer Name = tdung-PC | Source = WinMgmt | ID = 10
Description =
Error - 25.11.2012 05:46:40 | Computer Name = tdung-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksdb.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 25.11.2012 05:46:40 | Computer Name = tdung-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksCal.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 25.11.2012 05:46:41 | Computer Name = tdung-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 25.11.2012 05:46:41 | Computer Name = tdung-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 25.11.2012 05:46:48 | Computer Name = tdung-PC | Source = WinMgmt | ID = 10
Description =
[ OSession Events ]
Error - 11.11.2010 02:43:37 | Computer Name = tdung-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 12
seconds with 0 seconds of active time. This session ended with a crash.
Error - 13.12.2011 01:08:44 | Computer Name = tdung-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 13.10.2009 08:17:12 | Computer Name = tdung-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.101 für die Netzwerkkarte mit der Netzwerkadresse
0022FA20BF6E wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).
Error - 13.10.2009 11:41:43 | Computer Name = tdung-PC | Source = HTTP | ID = 15016
Description =
Error - 13.10.2009 11:42:34 | Computer Name = tdung-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 13.10.2009 14:25:15 | Computer Name = tdung-PC | Source = iaStor | ID = 262153
Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht
geantwortet.
Error - 13.10.2009 15:14:05 | Computer Name = tdung-PC | Source = HTTP | ID = 15016
Description =
Error - 13.10.2009 15:15:00 | Computer Name = tdung-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 14.10.2009 01:17:42 | Computer Name = tdung-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.101 für die Netzwerkkarte mit der Netzwerkadresse
0022FA20BF6E wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).
Error - 14.10.2009 10:32:17 | Computer Name = tdung-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.101 für die Netzwerkkarte mit der Netzwerkadresse
0022FA20BF6E wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).
Error - 14.10.2009 11:55:49 | Computer Name = tdung-PC | Source = HTTP | ID = 15016
Description =
Error - 14.10.2009 11:57:27 | Computer Name = tdung-PC | Source = Service Control Manager | ID = 7000
Description =
< End of report > |