| |
| |||||||
Log-Analyse und Auswertung: avast - PC-Neustart bei überprüfung "starten" button klick, virusbefall?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
| |
15.09.2011, 04:13
| #1 |
| |  avast - PC-Neustart bei überprüfung "starten" button klick, virusbefall? Guten Morgen, hier die Chronologie der Ereignisse: 1. mein laptop (inzwischen mit neuer festplatte versehen) hatte einen malware-befall (mein homeverzeichnis war betroffen, PC machte Notabschaltung und blue screen kurz nach benutzeranmeldung). Nachdem ein neuer Benutzer eingerichtet wurde in den wichtige dateien (auch anwendungen :/ ) kopiert werden konnten, wurde die Festplatte ausgebaut und sollte zur datensicherung an den jetzt betroffenen PC angeschlossen werden. 2.Ich schloss also die verseuchte festplatte als external device an den PC an und führte eine "vollständige überprüfung" mit avast durch (ich überprüfte also sowohl PC als auch externes) und siehe da es fanden sich verschiedene bedrohungen in den verzeichnissen in "C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\10\" 6 Java:Agent-UK [Expl] mit namen: "C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\10\7bc15c8a-1c847196" "C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\10\7bc15c8a-3964e369" "C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\10\7bc15c8a-616d23c3" "C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\10\7bc15c8a-629fa3f1" "C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\10\7bc15c8a-6b65511a" "C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\10\7bc15c8a-79f54efc" in dem bereich auch ein Win32:Malware-gen mit name: "C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\44\1ca3d4ac-6d866008" (weitere info zu dem problem: hxxp://www.java.com/en/download/help/cache_virus.xml) in "C:\Documents and Settings\Administrator" ein Win32:Malware-gen mit name: "C:\Documents and Settings\Administrator\0.09012543475195989.exe" in "C:\Documents and Setting\Administrator\Local Settings\Temp\ ein Win32:Malware-gen mit Name: C:\Documents and Setting\Administrator\Local Settings\Temp\jar_cache46754221171660111.tmp ein Trojaner mit name: C:\Documents and Setting\Administrator\Local Settings\Temp\jar_cache4931301801747041631.tmp ein Rootkit mit name: C:\Documents and Setting\Administrator\Local Settings\Temp\nswcremxao.tmp in "C:SystemData\ zwei Win32:Malware-gen mit namen: "C:SystemData\217FA966995" (komischer weise 2mal dasselbe) in allen Fällen empfahl avast "in Container verschieben, was ich gemacht habe. Allerdings bin ich hier ein wenig verunsichert, da (a) alle diese bedrohungen auf dem PC gefunden wurden und nicht auf der verseuchten "externen" festplatte. (b) ich meine mich zu erinnern, dass es auch eine malware gab, bei der avast löschen empfohlen hatte, diese taucht im Protokoll (das Protokoll, welches über die avast-oberfläche anzusehen ist) allerdings nicht mehr auf. 3. Ich koppelte dann die verseuchte externe Festplatte ab und führte eine erneute "vollständige Überprüfung durch", welche keine Virus finden konnte. Die zu sichernden Daten habe ich vorsichtshalber nicht kopiert, weil es mir nicht ganz geheuer war, das avast auf der externen platte nichts gefunden hat. Außerdem führte ich ein update durch. 4. Am Nächsten morgen war der PC neu gestartet. (scheinbar ohne Fremdwinwirkung) Ich wollte dann eine weitere überprüfung durchführen (wegen des updates). Dabei gab es allerdings ein Problem: Der Computer startet neu, sobald ich den "starten" button drücke. 5. Das hat mich dann sehr beunruhigt, also versuchte ich etwas anderes, ich wählte "Überprüfung des gewählten Ordners" und wählte dabei den gesamten Arbeitsplatz aus. Das hat funktioniert, allerdings wurde nichts gefunden. Das wunderte mich, da es ja ganz offensichtlich ein Problem gibt (computer-neustart). 6. Also Reset und PC-Start im abgesicherten modus, wieder "vollständige Überprüfung". Hier ist das möglich, aber ebenfalls ohne befund. 7. Daraufhin hab ich nach dem Problem im Internet gesucht und bin auf "Trojaner board gestoßen". Mein Problem habe ich allerdings nicht finden können, allerdings wurde dort häufiger eine Startzeit-Überprüfung empfohlen. Ich führte dann eine Startzeitprüfung mit avast durch. Dabei wurden dann plötzlich wieder bedrohungen gefunden. 14 im Verzeichnis: "C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\" mit Namen: "C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\1\798d9401-2b79f58d|>buildService\Cid.class" Java:Agent-UM [expl] "C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\1\798d9401-2b79f58d|>buildService\ClassId.class" Java:Agent-US [expl] "C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\1\798d9401-2b79f58d|>buildService\ClassType.class" Java:Agent-UN [expl] "C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\1\798d9401-2b79f58d|>buildService\MailAgent.class" Java:Agent-UL [expl] "C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\1\798d9401-2b79f58d|>buildService\Virtual Table.class" Java:Agent-UP [expl] "C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\30\134325e-7ca0d59a|>FAQ\Checklist.class" Java:Agent-IF [expl] "C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\30\134325e-7ca0d59a|>FAQ\constant.class" Java:Agent-IJ [expl] "C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\30\134325e-7ca0d59a|>FAQ\J2EE.class" Java:Agent-IG [expl] "C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\30\134325e-7ca0d59a|>FAQ\Template.class" Java:Agent-IM [expl] "C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\30\134325e-7ca0d59a|>tools\Commander.class Java:Agent-LF [expl] "C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\30\134325e-7ca0d59a|Syntax.class" Java:Agent-RR [expl] "C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\30\134325e-7ca0d59a|XmlStandard.class" Java:Agent-RV [expl] "C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\47\42cc9baf-2d521695|>vload.class" Java:Jade-C [heur] "C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\47\42cc9baf-2d521695|>vmain.class" Java:CVE-2010-0094-C [expl] und 1 weitere in "C:\Documents and Settings\Administrator\My Documents\Downloads\u95.exe Win32.PUP-gen [PUP] Also nochmal reichlich Beute im Java cache, trotz einiger Kontrollen. 8. Deshalb jetzt ein Check mit der Boot-CD von G-Data eines Freundes. Die führte ein Update durch, durchsuchte den PC SEHR LANGSAM und fand wieder was in "C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\30\ mit der Bezeichnung "virus". Der Scan blieb allerdings hängen und ich konnte nicht reagieren. Ärgerlich. 9. Ich wusste ja jetzt, dass es weitere Bedrohungen gibt und weil ich ja wusste, dass immer Java betroffen war hab ich mal gegoogelt und diesen link gefunden: hxxp://www.java.com/en/download/help/cache_virus.xml Ich habe dann die Anweisungen befolgt, die dort aufgeführt sind zur Säuberung per Hand. Das avast Problem löste sich dadurch leider nicht (also beim klicken des "starten"-buttons bei "vollständige Überprüfung" und "schnelle "überprüfung" wird der PC weiterhin neu gestartet) 10. Ich führte dann allerdings einen boot scan mit der G-Data CD durch, wieder updates. Diesmal ging er allerdings schneller und war auch vollständig. Dabei wurde nichts gefunden. Das war komisch, denn das avast problem war noch nicht behoben. Im Gegenteil, der Computer startete nun auch gelegentlich ohne "starten" button klick neu, also von ganz allein. Ich war ratlos genug, um mich (reichlich spät) bei trojaner board anzumelden und nun bin ich hier. 11. habe sowohl defogger als auch OTL angewendet (die logs kommen gleich). Interessant dabei ist: ich hatte den PC solange ich OTL und defogger benutzte vom internet abgehängt und avast deaktiviert. Seit dem funktioniert avast wieder, also kein neustart mit "starten"-button-click. Trotzdem fände ich es gut, wenn das Problem besprochen werden könnte. Könnt ihr mir sagen, wie ich an die avast logs rankomme? (also als txt oder so). Die würde ich dann auch hochladen. Meint ihr auch, wir sollten die Passwörter unserer email-postfächer ändern? Zu guter letzt noch so ein paar randnotizen: Der PC wird hauptsächlich von mir und meinem Bruder, aber generell von der ganzen Familie benutzt. Ich habe also keinen besonders guten Überblick darüber, was hier alles passiert und außerdem kann ich nicht einfach den PC platt machen. Ich verfüge über recht rudimentäre programmierfähigkeiten und user-mündigkeit, also überfordert mich bitte nicht, Ich danke euch schonmal für eure Hilfe und freundliche Grüße PS: mich interessiert, ob ich von der verseuchten festplatte lieber die finger lassen sollte. PPS: Ich bin politisch aktiv und habe schon erfahren müssen, wie der Staat in meine Privatsphäre auf ziemlich krasse Weise eindringt. Wenn sowas passiert, werde ich also ein wenig paranoid und würde gerne hören, dass ich mir in der Hinsicht zumindest in diesem Fall keine Sorgen machen muss... HIER DIE OTL.TXT:OTL Logfile: Code:
ATTFilter OTL logfile created on: 15.09.2011 02:30:06 - Run 1 OTL by OldTimer - Version 3.2.28.0 Folder = C:\Documents and Settings\Administrator\Desktop\fight the virus 64bit-Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,44 Gb Available Physical Memory | 71,90% Memory free 3,87 Gb Paging File | 3,53 Gb Available in Paging File | 91,11% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 48,83 Gb Total Space | 1,95 Gb Free Space | 3,99% Space Free | Partition Type: NTFS Drive D: | 184,05 Gb Total Space | 23,68 Gb Free Space | 12,87% Space Free | Partition Type: NTFS Computer Name: XYJLT4GFLO6VZAN | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.09.15 02:06:47 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\fight the virus\OTL.exe PRC - [2011.09.06 22:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe PRC - [2011.09.06 22:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe PRC - [2010.09.29 15:20:46 | 000,190,928 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\QipGuard\QipGuard.exe PRC - [2010.08.05 02:35:30 | 000,066,872 | ---- | M] () -- C:\WINDOWS\SysWOW64\PnkBstrA.exe PRC - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Documents and Settings\Administrator\Desktop\Malte Malte\uni\vpn client\vpn client 4\cvpnd.exe PRC - [2008.04.17 14:14:00 | 000,102,712 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe PRC - [2008.04.17 14:14:00 | 000,098,616 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe ========== Modules (No Company Name) ========== MOD - [2011.09.14 21:17:31 | 001,562,112 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\11091401\algo.dll MOD - [2011.09.14 14:44:51 | 000,208,544 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\11091401\aswRep.dll MOD - [2010.09.29 15:20:46 | 000,190,928 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\QipGuard\QipGuard.exe MOD - [2010.08.05 02:35:30 | 000,066,872 | ---- | M] () -- C:\WINDOWS\SysWOW64\PnkBstrA.exe MOD - [2010.03.23 13:26:48 | 000,201,512 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\***\uni\vpn client\vpn client 4\vpnapi.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011.09.06 22:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) SRV:64bit: - [2011.02.11 23:23:34 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) SRV - [2011.08.04 14:34:48 | 002,329,480 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2010.08.05 02:35:30 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\WINDOWS\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Documents and Settings\Administrator\Desktop\***\uni\vpn client\vpn client 4\cvpnd.exe -- (CVPND) SRV - [2008.07.25 11:17:02 | 000,069,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.04.17 14:14:00 | 000,102,712 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2008.03.28 21:05:00 | 000,663,552 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\SysWOW64\ati2saag.exe -- (ATI Smart) SRV - [2007.02.17 00:44:20 | 000,077,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchsvc.dll -- (helpsvc) SRV - [2006.12.14 18:00:00 | 000,544,768 | ---- | M] (Magix AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService) SRV - [2006.10.18 20:05:24 | 000,913,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc) SRV - [2005.11.17 15:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) ========== Driver Services (SafeList) ========== DRV - [2009.07.13 13:09:44 | 000,073,312 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\windows\SysWow64\drivers\adfs.sys -- (adfs) DRV - [2006.04.04 14:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\windows\SysWow64\mnmdd.dll -- (mnmdd) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://qip.ru IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.qip.ru IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.qip.ru/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.qip.ru IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://vshare.toolbarhome.com/?hp=df IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.qip.ru/ie IE - HKCU\..\URLSearchHook: - Reg Error: CLSID key missing. File not found IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official" FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19.1 FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2 FF - prefs.js..extensions.enabledItems: es-es@dictionaries.addons.mozilla.org:1.5 FF - prefs.js..extensions.enabledItems: dictionary-switcher@design-noir.de:1.3.1 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:5.0.1 FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110704 FF - prefs.js..extensions.enabledItems: radiobar@toolbar:1.0.0 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.2.6 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.7 FF - prefs.js..extensions.enabledItems: {43c35458-c907-439b-bcfd-07d373834689}:2.2.1 FF - prefs.js..extensions.enabledItems: QipCounter@qip.ru:1.0 FF - prefs.js..extensions.enabledItems: {32a1fd71-835e-4b11-8e54-886fda0b4c89}:1.1 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.3.2 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.2 FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.1.3 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.4 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2 FF - prefs.js..extensions.enabledItems: wrc@avast.com:6.0.1289 FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=bc843d900000000000007a7900000002&tlver=1.4.19.19&instlRef=sst&ss=1&affID=17395&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Administrator\Application Data\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks) FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: D:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: D:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: D:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Administrator\Application Data\Facebook\npfbplugin_1_0_3.dll ( ) FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Administrator\Application Data\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011.09.08 01:36:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.03.12 18:18:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.04.30 14:28:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.22\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2009.08.03 17:05:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.22\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011.03.12 18:18:27 | 000,000,000 | ---D | M] [2010.07.24 12:41:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Extensions [2010.03.26 17:31:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Extensions\IMVUClientXUL@imvu.com [2010.07.24 12:41:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Extensions\mozswing@mozswing.org [2011.09.15 02:04:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ii23qwue.default\extensions [2010.06.28 23:58:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ii23qwue.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.10.11 20:20:51 | 000,000,000 | ---D | M] (QipAuthorizer) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ii23qwue.default\extensions\{32a1fd71-835e-4b11-8e54-886fda0b4c89} [2010.08.26 17:17:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ii23qwue.default\extensions\{43c35458-c907-439b-bcfd-07d373834689} [2011.08.03 09:05:39 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ii23qwue.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2011.08.03 09:05:36 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ii23qwue.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2011.08.03 09:05:39 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ii23qwue.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2011.01.20 18:38:25 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ii23qwue.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.08.03 09:05:36 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ii23qwue.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.08.03 09:05:39 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ii23qwue.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2011.08.03 09:05:32 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ii23qwue.default\extensions\de-DE@dictionaries.addons.mozilla.org [2011.08.03 09:05:33 | 000,000,000 | ---D | M] (Dictionary Switcher) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ii23qwue.default\extensions\dictionary-switcher@design-noir.de [2011.08.03 09:05:32 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ii23qwue.default\extensions\en-GB@dictionaries.addons.mozilla.org [2011.08.03 09:05:35 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ii23qwue.default\extensions\engine@conduit.com [2011.08.03 09:07:07 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ii23qwue.default\extensions\en-US@dictionaries.addons.mozilla.org [2011.08.03 09:05:33 | 000,000,000 | ---D | M] (Diccionario de Español/España) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ii23qwue.default\extensions\es-es@dictionaries.addons.mozilla.org [2010.10.11 20:21:01 | 000,000,000 | ---D | M] ("QipCounter") -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ii23qwue.default\extensions\QipCounter@qip.ru [2010.05.05 13:30:54 | 000,000,000 | ---D | M] (RadioBar Toolbar) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ii23qwue.default\extensions\radiobar@toolbar [2011.01.23 23:49:41 | 000,000,000 | ---D | M] (vShare) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ii23qwue.default\extensions\vshare@toolbar [2011.01.20 18:44:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\wc0vcnln.default\extensions [2011.01.20 18:44:29 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\wc0vcnln.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2011.01.20 18:38:25 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\wc0vcnln.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.09.07 16:03:58 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-1.xml [2008.04.17 22:13:19 | 000,000,949 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-10.xml [2008.07.04 11:41:42 | 000,000,949 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-11.xml [2008.07.17 07:27:03 | 000,000,949 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-12.xml [2008.07.17 22:58:47 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-13.xml [2008.12.04 17:39:50 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-14.xml [2008.12.14 04:41:39 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-15.xml [2008.12.17 22:55:43 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-16.xml [2009.02.05 18:02:33 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-17.xml [2009.03.07 03:06:34 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-18.xml [2009.03.28 21:40:03 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-19.xml [2007.08.01 15:09:59 | 000,000,949 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-2.xml [2009.04.13 00:08:48 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-20.xml [2009.04.22 17:42:34 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-21.xml [2009.05.06 18:17:43 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-22.xml [2009.07.13 12:38:07 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-23.xml [2009.07.17 19:51:58 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-24.xml [2009.08.04 22:16:54 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-25.xml [2009.09.11 16:27:43 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-26.xml [2009.11.21 23:34:54 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-27.xml [2009.12.16 14:49:16 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-28.xml [2009.12.25 14:13:53 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-29.xml [2007.09.19 22:45:12 | 000,000,949 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-3.xml [2010.02.18 22:19:30 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-30.xml [2010.03.13 02:59:59 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-31.xml [2010.03.24 11:25:25 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-32.xml [2010.04.02 19:48:43 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-33.xml [2010.06.23 18:01:50 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-34.xml [2010.07.21 20:32:23 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-35.xml [2010.07.25 14:29:33 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-36.xml [2010.10.11 20:24:20 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-37.xml [2007.10.20 10:49:43 | 000,000,949 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-4.xml [2007.11.02 12:46:20 | 000,000,949 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-5.xml [2007.11.30 21:18:05 | 000,000,949 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-6.xml [2007.12.02 12:28:59 | 000,000,949 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-7.xml [2008.02.09 23:10:24 | 000,000,949 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-8.xml [2008.03.27 02:20:53 | 000,000,949 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-9.xml [2011.06.20 10:45:18 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin.gif [2011.06.20 10:45:18 | 000,000,618 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin.src [2008.11.18 14:56:02 | 000,000,944 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin.xml [2010.10.12 13:37:08 | 000,002,062 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\qip-search.xml [2011.01.23 23:49:49 | 000,001,583 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\web-search.xml [2011.09.12 20:55:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2008.12.04 17:39:45 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files (x86)\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2011.03.28 19:30:03 | 000,000,000 | ---D | M] (Babylon) -- C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com [2009.07.13 11:45:14 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES (X86)\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2011.09.08 01:36:27 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF [2008.05.13 03:50:42 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\msvcm80.dll [2008.05.13 03:50:42 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\msvcp80.dll [2008.05.13 03:50:42 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\msvcr80.dll [2011.04.12 09:55:08 | 000,167,704 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2010.03.13 02:59:41 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.03.13 02:59:41 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.03.13 02:59:41 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.03.13 02:59:41 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.03.13 02:59:41 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml Hosts file not found O2 - BHO: (CescrtHlpr Object) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (QipLI Class) - {6B5863A0-C43F-4C0A-982B-CC0E9125783F} - C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\qstatsrv.dll (TODO: <Company name>) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) O2 - BHO: (QIPBHO Class) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll (Babylon Ltd.) O3:64bit: - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - %SystemRoot%\system32\browseui.dll File not found O3:64bit: - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - %SystemRoot%\system32\browseui.dll File not found O3:64bit: - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - %SystemRoot%\system32\SHELL32.dll File not found O3:64bit: - HKCU\..\Toolbar\WebBrowser - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKCU..\Run: [4E3E0230AEBB4E96] C:\Recycle.Bin\Recycle.Bin.exe File not found O4 - HKCU..\Run: [QIP Internet Guardian] C:\Documents and Settings\Administrator\Application Data\QipGuard\QipGuard.exe () O4 - HKCU..\Run: [Steam] "h:\anwendungen\steam\steam.exe" -silent File not found O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\vpngui.exe.lnk = C:\WINDOWS\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\Administrator\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\Administrator\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000 File not found O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk () O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - %SystemRoot%\System32\mswsock.dll File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - %SystemRoot%\System32\winrnr.dll File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - %SystemRoot%\System32\mswsock.dll File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\system32\mswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\system32\mswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\system32\mswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\system32\mswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\system32\mswsock.dll File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKCU\..Trusted Domains: //@install.mar@/ ([]msni in My Computer) O15 - HKCU\..Trusted Domains: //@mail.mar@/ ([]msni in Local intranet) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1211483953078 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E4BE1B4F-485A-4A56-BFC5-6969417BFDC0}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll File not found O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll File not found O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found O18:64bit: - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found O18:64bit: - Protocol\Handler\http\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\http\oledb - No CLSID value found O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found O18:64bit: - Protocol\Handler\https\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\https\oledb - No CLSID value found O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll File not found O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - %SystemRoot%\system32\inetcomm.dll File not found O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll File not found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - %SystemRoot%\system32\mshtml.dll File not found O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll File not found O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found O18:64bit: - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll File not found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found O18:64bit: - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll File not found O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found O18:64bit: - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found O18:64bit: - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - %SystemRoot%\system32\SHELL32.dll File not found O18:64bit: - Protocol\Filter\text/xml - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - File not found O20:64bit: - HKLM Winlogon: UIHost - (%SystemRoot%\system32\logonui.exe) - File not found O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: System - (lsass.exe) - File not found O20 - HKLM Winlogon: UserInit - (userinit) -C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - File not found O20:64bit: - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - File not found O20:64bit: - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - File not found O20:64bit: - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - File not found O20:64bit: - Winlogon\Notify\dimsntfy: DllName - (dimsntfy.dll) - File not found O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found O20:64bit: - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - File not found O20:64bit: - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - File not found O20:64bit: - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - File not found O20:64bit: - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - File not found O20:64bit: - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - File not found O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - File not found O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - File not found O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - File not found O21:64bit: - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll File not found O21:64bit: - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll File not found O21:64bit: - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll File not found O21:64bit: - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll File not found O22:64bit: - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - %SystemRoot%\system32\browseui.dll File not found O22:64bit: - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - %SystemRoot%\system32\browseui.dll File not found O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Windows XP.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Windows XP.bmp O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll File not found O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{43c02d6a-9934-11dd-9219-0018f3fd278b}\Shell\AutoRun\command - "" = G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe O33 - MountPoints2\{43c02d6a-9934-11dd-9219-0018f3fd278b}\Shell\open\command - "" = G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe O33 - MountPoints2\{52bcf4c7-3176-11dd-ad7c-0018f3fd278b}\Shell\AutoRun\command - "" = RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe O33 - MountPoints2\{52bcf4c7-3176-11dd-ad7c-0018f3fd278b}\Shell\open\command - "" = RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe O33 - MountPoints2\{68947b47-4d1b-11dd-a2aa-0018f3fd278b}\Shell\AutoRun\command - "" = G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe O33 - MountPoints2\{68947b47-4d1b-11dd-a2aa-0018f3fd278b}\Shell\open\command - "" = G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX:64bit: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Reg Error: Value error. ActiveX:64bit: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX:64bit: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX:64bit: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {abcdf74f-9a64-4e6e-b8eb-6e5a41de6550} - Help and Support Center ActiveX:64bit: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - ActiveX:64bit: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework ActiveX:64bit: {B6EC01E7-431D-4D29-B9D4-E1D74CAF0AB0} - .NET Framework ActiveX:64bit: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX:64bit: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML) ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1 ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1 ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447) ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\SysWOW64\Rundll32.exe C:\WINDOWS\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework ActiveX: {B6EC01E7-431D-4D29-B9D4-E1D74CAF0AB0} - .NET Framework ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.09.15 02:04:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\fight the virus [2011.09.08 01:36:26 | 000,041,184 | ---- | C] (AVAST Software) -- C:\windows\avastSS.scr [2011.08.30 19:24:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\PAP1 [4 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] [2 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ] [1 C:\Documents and Settings\Administrator\My Documents\*.tmp files -> C:\Documents and Settings\Administrator\My Documents\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.09.15 02:17:22 | 000,002,576 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\vpngui.exe.lnk [2011.09.15 02:17:16 | 000,002,048 | --S- | M] () -- C:\windows\bootstat.dat [2011.09.15 02:11:47 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\Administrator\defogger_reenable [2011.09.15 02:09:48 | 000,000,970 | ---- | M] () -- C:\windows\imsins.BAK [2011.09.13 02:31:16 | 000,001,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk [2011.09.13 02:31:16 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\config.nt [2011.09.06 22:45:29 | 000,199,304 | ---- | M] (AVAST Software) -- C:\windows\SysWow64\aswBoot.exe [2011.09.06 22:45:29 | 000,041,184 | ---- | M] (AVAST Software) -- C:\windows\avastSS.scr [2011.09.02 19:28:22 | 000,000,116 | ---- | M] () -- C:\windows\NeroDigital.ini [2011.08.28 23:43:14 | 001,549,781 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\eBookReaderKompatibilitaetsliste_Onleihe[6].pdf [2011.08.28 23:41:53 | 001,549,781 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\eBookReaderKompatibilitaetsliste_Onleihe[5].pdf [2011.08.28 23:37:41 | 001,549,781 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\eBookReaderKompatibilitaetsliste_Onleihe[4].pdf [2011.08.28 23:34:06 | 001,526,924 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\eBookReaderKompatibilitaetsliste_Onleihe[3].pdf [2011.08.28 23:29:27 | 001,549,781 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\eBookReaderKompatibilitaetsliste_Onleihe[2].pdf [2011.08.27 15:47:08 | 000,000,296 | ---- | M] () -- C:\windows\tasks\AppleSoftwareUpdate.job [2011.08.26 13:07:18 | 000,099,328 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [4 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] [2 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ] [1 C:\Documents and Settings\Administrator\My Documents\*.tmp files -> C:\Documents and Settings\Administrator\My Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.09.15 02:11:47 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\Administrator\defogger_reenable [2011.08.28 23:42:46 | 001,549,781 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\eBookReaderKompatibilitaetsliste_Onleihe[6].pdf [2011.08.28 23:41:23 | 001,549,781 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\eBookReaderKompatibilitaetsliste_Onleihe[5].pdf [2011.08.28 23:36:53 | 001,549,781 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\eBookReaderKompatibilitaetsliste_Onleihe[4].pdf [2011.08.28 23:30:42 | 001,526,924 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\eBookReaderKompatibilitaetsliste_Onleihe[3].pdf [2011.08.28 23:28:16 | 001,549,781 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\eBookReaderKompatibilitaetsliste_Onleihe[2].pdf [2011.06.25 20:57:10 | 006,904,040 | ---- | C] () -- C:\windows\SysWow64\SpoonUninstall.exe [2011.06.25 20:57:10 | 000,017,838 | ---- | C] () -- C:\windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat [2011.02.11 23:23:34 | 000,053,299 | ---- | C] () -- C:\windows\SysWow64\pthreadVC.dll [2010.12.26 00:07:35 | 000,158,544 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [2010.08.04 00:45:46 | 000,066,872 | ---- | C] () -- C:\windows\SysWow64\PnkBstrA.exe [2010.08.04 00:45:41 | 000,103,736 | ---- | C] () -- C:\windows\SysWow64\PnkBstrB.exe [2010.05.12 15:43:50 | 000,043,520 | ---- | C] () -- C:\windows\SysWow64\CmdLineExt03.dll [2010.04.19 22:54:07 | 000,000,280 | ---- | C] () -- C:\Program Files (x86)\Verknüpfung mit Daten (D).lnk [2010.04.17 19:09:10 | 000,000,035 | ---- | C] () -- C:\windows\WorldBuilder.INI [2010.02.18 03:23:44 | 000,001,180 | ---- | C] () -- C:\windows\eReg.dat [2010.01.04 11:21:28 | 000,001,723 | ---- | C] () -- C:\windows\TSearch.INI [2009.12.25 14:25:58 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\$_hpcst$.hpc [2009.11.05 04:33:15 | 000,000,020 | ---- | C] () -- C:\windows\powerplayer.ini [2009.11.05 04:32:03 | 000,000,149 | ---- | C] () -- C:\windows\psnetwork.ini [2009.08.02 01:12:22 | 000,000,000 | ---- | C] () -- C:\windows\EEventManager.INI [2009.08.01 18:14:28 | 000,000,025 | ---- | C] () -- C:\windows\CDE V30V300DEFGIPSRUk.ini [2009.05.28 01:46:16 | 000,000,016 | -H-- | C] () -- C:\Documents and Settings\Administrator\Application Data\mxfilerelatedcache.mxc2 [2009.05.07 00:19:26 | 000,000,029 | ---- | C] () -- C:\windows\DEBUGSM.INI [2009.05.06 20:14:15 | 000,111,932 | ---- | C] () -- C:\windows\SysWow64\EPPICPrinterDB.dat [2009.05.06 20:14:15 | 000,031,053 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern131.dat [2009.05.06 20:14:15 | 000,027,417 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern121.dat [2009.05.06 20:14:15 | 000,026,154 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern1.dat [2009.05.06 20:14:15 | 000,024,903 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern3.dat [2009.05.06 20:14:15 | 000,021,390 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern5.dat [2009.05.06 20:14:15 | 000,020,148 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern2.dat [2009.05.06 20:14:15 | 000,011,811 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern4.dat [2009.05.06 20:14:15 | 000,004,943 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern6.dat [2009.05.06 20:14:15 | 000,001,146 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_DU.dat [2009.05.06 20:14:15 | 000,001,139 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_PT.dat [2009.05.06 20:14:15 | 000,001,139 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_BP.dat [2009.05.06 20:14:15 | 000,001,136 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_ES.dat [2009.05.06 20:14:15 | 000,001,129 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_FR.dat [2009.05.06 20:14:15 | 000,001,129 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_CF.dat [2009.05.06 20:14:15 | 000,001,120 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_IT.dat [2009.05.06 20:14:15 | 000,001,107 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_GE.dat [2009.05.06 20:14:15 | 000,001,104 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_EN.dat [2009.05.06 20:14:15 | 000,000,097 | ---- | C] () -- C:\windows\SysWow64\PICSDK.ini [2009.05.06 20:08:46 | 000,000,025 | ---- | C] () -- C:\windows\CDE ESP1400Euro.ini [2009.04.18 19:00:48 | 000,000,013 | ---- | C] () -- C:\windows\msgtn.ini [2009.03.03 14:06:48 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat [2009.01.14 17:11:57 | 000,314,427 | ---- | C] () -- C:\windows\War3Unin.dat [2008.12.21 05:48:24 | 001,278,464 | ---- | C] () -- C:\windows\SysWow64\quartz.dll [2008.10.09 22:13:00 | 000,000,016 | -H-- | C] () -- C:\Program Files (x86)\Common Files\mxfilerelatedcache.mxc2 [2008.10.09 11:53:03 | 000,000,046 | ---- | C] () -- C:\windows\Goya.INI [2008.09.07 18:49:02 | 000,000,016 | -H-- | C] () -- C:\Program Files\mxfilerelatedcache.mxc2 [2008.09.07 18:49:02 | 000,000,016 | -H-- | C] () -- C:\Program Files (x86)\mxfilerelatedcache.mxc2 [2008.06.18 18:24:46 | 000,000,116 | ---- | C] () -- C:\windows\NeroDigital.ini [2008.06.14 00:24:12 | 000,089,312 | ---- | C] () -- C:\windows\SysWow64\acedrv09.dll [2008.06.14 00:17:06 | 000,010,240 | ---- | C] () -- C:\windows\SysWow64\vidx16.dll [2008.06.14 00:02:00 | 000,006,768 | ---- | C] () -- C:\windows\mgxoschk.ini [2008.06.13 23:58:11 | 000,000,400 | ---- | C] () -- C:\windows\ODBC.INI [2008.06.02 22:52:00 | 000,000,034 | ---- | C] () -- C:\windows\cdplayer.ini [2008.05.23 05:15:09 | 000,002,048 | --S- | C] () -- C:\windows\bootstat.dat [2008.05.22 21:58:17 | 000,004,161 | ---- | C] () -- C:\windows\ODBCINST.INI [2008.05.22 20:42:39 | 000,010,288 | ---- | C] () -- C:\windows\SysWow64\drivers\ASUSHWIO.SYS [2008.05.22 20:42:25 | 000,765,952 | ---- | C] () -- C:\windows\SysWow64\xvidcore.dll [2008.05.22 20:42:25 | 000,180,224 | ---- | C] () -- C:\windows\SysWow64\xvidvfw.dll [2008.05.22 20:42:11 | 003,596,288 | ---- | C] () -- C:\windows\SysWow64\qt-dx331.dll [2008.05.22 20:42:10 | 000,198,656 | ---- | C] () -- C:\windows\SysWow64\psisdecd.dll [2008.05.22 20:42:09 | 001,150,342 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI [2008.05.22 20:41:48 | 000,831,488 | ---- | C] () -- C:\windows\SysWow64\divx_xx0a.dll [2008.05.22 20:41:48 | 000,012,288 | ---- | C] () -- C:\windows\SysWow64\DivXWMPExtType.dll [2008.05.22 20:41:41 | 000,663,552 | ---- | C] () -- C:\windows\SysWow64\ati2saag.exe [2008.05.22 20:41:30 | 000,000,166 | ---- | C] () -- C:\windows\wininit.ini [2008.05.22 20:41:26 | 000,000,000 | ---- | C] () -- C:\windows\nsreg.dat [2008.05.22 20:41:23 | 000,007,867 | ---- | C] () -- C:\windows\Irremote.ini [2008.05.22 20:41:21 | 000,021,209 | ---- | C] () -- C:\windows\Ascd_tmp.ini [2008.05.22 20:41:21 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin [2008.05.22 20:35:24 | 000,022,040 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\addon.dat [2008.05.22 20:33:00 | 000,099,328 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.05.22 20:29:12 | 000,004,886 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\amjmwaey.gaf [2008.05.22 20:29:12 | 000,001,767 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache [2007.10.25 18:26:10 | 000,005,632 | ---- | C] () -- C:\windows\SysWow64\drivers\StarOpen.sys [2007.06.19 08:59:36 | 000,070,400 | ---- | C] () -- C:\windows\SysWow64\PhysXLoader.dll [2007.04.20 07:57:30 | 000,053,248 | ---- | C] () -- C:\windows\SysWow64\AgCPanelTraditionalChinese.dll [2007.04.20 07:57:28 | 000,053,248 | ---- | C] () -- C:\windows\SysWow64\AgCPanelSwedish.dll [2007.04.20 07:57:28 | 000,053,248 | ---- | C] () -- C:\windows\SysWow64\AgCPanelSpanish.dll [2007.04.20 07:57:28 | 000,053,248 | ---- | C] () -- C:\windows\SysWow64\AgCPanelSimplifiedChinese.dll [2007.04.20 07:57:28 | 000,053,248 | ---- | C] () -- C:\windows\SysWow64\AgCPanelPortugese.dll [2007.04.20 07:57:28 | 000,053,248 | ---- | C] () -- C:\windows\SysWow64\AgCPanelKorean.dll [2007.04.20 07:57:28 | 000,053,248 | ---- | C] () -- C:\windows\SysWow64\AgCPanelJapanese.dll [2007.04.20 07:57:28 | 000,053,248 | ---- | C] () -- C:\windows\SysWow64\AgCPanelGerman.dll [2007.04.20 07:57:28 | 000,053,248 | ---- | C] () -- C:\windows\SysWow64\AgCPanelFrench.dll [2006.04.04 14:00:00 | 000,733,696 | ---- | C] () -- C:\windows\SysWow64\qedwipes.dll [2006.04.04 14:00:00 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat [2006.04.04 14:00:00 | 000,512,512 | ---- | C] () -- C:\windows\SysWow64\qedit.dll [2006.04.04 14:00:00 | 000,498,742 | ---- | C] () -- C:\windows\SysWow64\dxmasf.dll [2006.04.04 14:00:00 | 000,396,288 | ---- | C] () -- C:\windows\SysWow64\encdec.dll [2006.04.04 14:00:00 | 000,385,536 | ---- | C] () -- C:\windows\SysWow64\qdvd.dll [2006.04.04 14:00:00 | 000,355,112 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll [2006.04.04 14:00:00 | 000,279,040 | ---- | C] () -- C:\windows\SysWow64\qdv.dll [2006.04.04 14:00:00 | 000,276,992 | ---- | C] () -- C:\windows\SysWow64\sbe.dll [2006.04.04 14:00:00 | 000,199,168 | ---- | C] () -- C:\windows\SysWow64\ir32_32.dll [2006.04.04 14:00:00 | 000,192,512 | ---- | C] () -- C:\windows\SysWow64\qcap.dll [2006.04.04 14:00:00 | 000,114,688 | ---- | C] () -- C:\windows\SysWow64\msencode.dll [2006.04.04 14:00:00 | 000,072,704 | ---- | C] () -- C:\windows\SysWow64\amstream.dll [2006.04.04 14:00:00 | 000,062,464 | ---- | C] () -- C:\windows\SysWow64\mciqtz32.dll [2006.04.04 14:00:00 | 000,061,440 | ---- | C] () -- C:\windows\SysWow64\devenum.dll [2006.04.04 14:00:00 | 000,055,808 | ---- | C] () -- C:\windows\SysWow64\dvdplay.exe [2006.04.04 14:00:00 | 000,046,907 | ---- | C] () -- C:\windows\mib.bin [2006.04.04 14:00:00 | 000,016,896 | ---- | C] () -- C:\windows\SysWow64\tsd32.dll [2006.04.04 14:00:00 | 000,014,336 | ---- | C] () -- C:\windows\SysWow64\msdmo.dll [2006.04.04 14:00:00 | 000,012,498 | ---- | C] () -- C:\windows\SysWow64\append.exe [2006.04.04 14:00:00 | 000,004,126 | ---- | C] () -- C:\windows\SysWow64\msdxmlc.dll [2006.04.04 14:00:00 | 000,001,129 | ---- | C] () -- C:\windows\SysWow64\vwipxspx.exe [2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\windows\SysWow64\OUTLPERF.INI ========== LOP Check ========== [2010.10.19 20:25:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\2K Sports [2011.03.29 15:46:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BabylonToolbar [2011.06.25 21:28:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\dBpoweramp [2011.01.20 18:38:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DVDVideoSoftIEHelpers [2008.05.22 20:35:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Easy Thumbnails [2009.08.16 14:07:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\EPSON [2010.05.29 21:58:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Facebook [2009.05.26 20:20:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Gamelab [2008.05.22 20:35:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GetRightToGo [2011.07.08 13:19:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\gtk-2.0 [2008.12.27 01:21:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Helios [2008.05.22 20:35:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ICQ Toolbar [2008.05.22 20:35:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ICQLite [2011.02.12 17:13:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ID3-TagIT 3 [2010.10.07 13:29:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Leadertech [2008.10.31 19:30:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MAGIX [2008.05.22 20:35:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Miranda [2009.12.26 14:48:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\NCH Swift Sound [2009.02.15 01:29:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OpenOffice.org [2009.11.05 04:16:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ppstream [2011.07.31 20:26:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PriceGong [2009.12.25 14:10:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\QIP [2010.10.12 13:37:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\QipGuard [2009.12.25 14:25:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Samsung [2011.01.03 05:12:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Teeworlds [2009.07.13 12:38:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Thunderbird [2008.05.22 20:35:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Tobit [2008.05.22 20:35:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Ulead Systems [2011.07.09 02:30:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent [2010.03.26 17:32:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Vivox [2011.02.05 19:59:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\wargaming.net [2008.05.22 20:35:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Xilisoft Corporation [2010.02.28 23:21:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software [2010.08.07 13:57:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess [2009.05.06 20:07:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON [2008.05.22 20:30:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FREEDB [2008.12.04 17:39:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICQ [2008.05.22 21:16:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ID3-TagIT 3 [2010.09.29 18:01:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\KONAMI [2009.01.01 18:04:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Last.fm [2008.10.31 19:30:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MAGIX [2010.04.25 10:36:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound [2008.05.22 20:29:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap [2011.07.25 15:45:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Redirected [2009.05.26 20:32:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2009.05.06 20:16:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL [2008.05.22 20:29:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems [2011.09.15 02:12:11 | 000,032,604 | ---- | M] () -- C:\windows\Tasks\SchedLgU.Txt ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2009.09.08 12:08:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings [2008.10.08 13:58:47 | 000,000,000 | ---D | M] -- C:\DVDVideoSoft [2011.06.06 20:45:32 | 000,000,000 | R--D | M] -- C:\Program Files [2011.08.10 10:32:40 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2011.05.24 10:49:49 | 000,000,000 | -H-D | M] -- C:\Recycle.Bin [2009.07.13 13:00:38 | 000,000,000 | -HSD | M] -- C:\RECYCLER [2011.03.16 17:34:34 | 000,000,000 | ---D | M] -- C:\spoolerlogs [2011.09.15 02:31:26 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.09.07 20:50:19 | 000,000,000 | -H-D | M] -- C:\SystemData [2011.09.15 02:14:27 | 000,000,000 | ---D | M] -- C:\WINDOWS < %PROGRAMFILES%\*.exe > Invalid Environment Variable: LOCALAPPDATA < %systemroot%\*. /mp /s > < %systemroot%\system32\*.manifest /3 > [2 C:\windows\system32\*.tmp files -> C:\windows\system32\*.tmp -> ] < MD5 for: EXPLORER.EXE > [2007.02.18 11:05:28 | 001,053,184 | ---- | M] (Microsoft Corporation) MD5=A26C39540F8BE3729846E360E2C57344 -- C:\WINDOWS\SysWOW64\explorer.exe [2007.02.17 00:20:36 | 001,364,480 | ---- | M] (Microsoft Corporation) MD5=AE7A08C05F72A9242734C03230A5CD7F -- C:\WINDOWS\explorer.exe [2007.02.17 00:20:36 | 001,364,480 | ---- | M] (Microsoft Corporation) MD5=AE7A08C05F72A9242734C03230A5CD7F -- C:\WINDOWS\ServicePackFiles\amd64\explorer.exe < MD5 for: REGEDIT.EXE > [2007.02.18 10:59:54 | 000,224,768 | ---- | M] (Microsoft Corporation) MD5=0F4DB85E5FF5E203A94FDC5059E89297 -- C:\WINDOWS\regedit.exe [2007.02.18 11:05:48 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=0F4DB85E5FF5E203A94FDC5059E89297 -- C:\WINDOWS\SysWOW64\regedit.exe [2007.02.18 10:59:54 | 000,224,768 | ---- | M] (Microsoft Corporation) MD5=872A60B75CE6A09033FBE2461D44E696 -- C:\WINDOWS\ServicePackFiles\amd64\regedit.exe < MD5 for: USERINIT.EXE > [2007.02.17 01:00:56 | 000,039,424 | ---- | M] (Microsoft Corporation) MD5=438393CC0B5122B5D988BD7BA05FE3C9 -- C:\WINDOWS\ServicePackFiles\amd64\userinit.exe [2007.02.18 11:05:56 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=B5FEB3B971A8B8C81CE9DE65031A87E5 -- C:\WINDOWS\SysWOW64\userinit.exe < MD5 for: WINLOGON.EXE > [2007.02.17 01:02:56 | 000,944,128 | ---- | M] (Microsoft Corporation) MD5=901C7E44D11C00CA9D48BA1A866FDC4B -- C:\WINDOWS\ServicePackFiles\amd64\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > ========== Alternate Data Streams ========== @Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F50F1555 < End of report > Geändert von 21stparanoid (15.09.2011 um 04:30 Uhr) |
| Themen zu avast - PC-Neustart bei überprüfung "starten" button klick, virusbefall? |
| 0x00000001, administrator, alternate, application/pdf, application/pdf:, avast, babylon toolbar, babylontoolbar, boot-cd, c:\windows\system32\rundll32.exe, computer, computer startet neu, conduit, dateien, datensicherung, externe festplatte, festplatte, fontcache, g-data, heur, hängen, internet, intranet, kein neustart, langsam, löschen, mozilla thunderbird, namen, otl.txt, pc sehr langsam, plug-in, problem, ratlos, recycle.bin, rootkit, scan, security update, sehr langsam, shell32.dll, starten, temp, tracker, trojaner, trojaner board, updates, version=1.0, webcheck, ändern |
Baum-Darstellung