| |
| |||||||
Log-Analyse und Auswertung: avast - PC-Neustart bei überprüfung "starten" button klick, virusbefall?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
15.09.2011, 04:13
| #1 |
| |  avast - PC-Neustart bei überprüfung "starten" button klick, virusbefall? Guten Morgen, hier die Chronologie der Ereignisse: 1. mein laptop (inzwischen mit neuer festplatte versehen) hatte einen malware-befall (mein homeverzeichnis war betroffen, PC machte Notabschaltung und blue screen kurz nach benutzeranmeldung). Nachdem ein neuer Benutzer eingerichtet wurde in den wichtige dateien (auch anwendungen :/ ) kopiert werden konnten, wurde die Festplatte ausgebaut und sollte zur datensicherung an den jetzt betroffenen PC angeschlossen werden. 2.Ich schloss also die verseuchte festplatte als external device an den PC an und führte eine "vollständige überprüfung" mit avast durch (ich überprüfte also sowohl PC als auch externes) und siehe da es fanden sich verschiedene bedrohungen in den verzeichnissen in "C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\10\" 6 Java:Agent-UK [Expl] mit namen: "C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\10\7bc15c8a-1c847196" "C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\10\7bc15c8a-3964e369" "C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\10\7bc15c8a-616d23c3" "C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\10\7bc15c8a-629fa3f1" "C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\10\7bc15c8a-6b65511a" "C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\10\7bc15c8a-79f54efc" in dem bereich auch ein Win32:Malware-gen mit name: "C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\44\1ca3d4ac-6d866008" (weitere info zu dem problem: hxxp://www.java.com/en/download/help/cache_virus.xml) in "C:\Documents and Settings\Administrator" ein Win32:Malware-gen mit name: "C:\Documents and Settings\Administrator\0.09012543475195989.exe" in "C:\Documents and Setting\Administrator\Local Settings\Temp\ ein Win32:Malware-gen mit Name: C:\Documents and Setting\Administrator\Local Settings\Temp\jar_cache46754221171660111.tmp ein Trojaner mit name: C:\Documents and Setting\Administrator\Local Settings\Temp\jar_cache4931301801747041631.tmp ein Rootkit mit name: C:\Documents and Setting\Administrator\Local Settings\Temp\nswcremxao.tmp in "C:SystemData\ zwei Win32:Malware-gen mit namen: "C:SystemData\217FA966995" (komischer weise 2mal dasselbe) in allen Fällen empfahl avast "in Container verschieben, was ich gemacht habe. Allerdings bin ich hier ein wenig verunsichert, da (a) alle diese bedrohungen auf dem PC gefunden wurden und nicht auf der verseuchten "externen" festplatte. (b) ich meine mich zu erinnern, dass es auch eine malware gab, bei der avast löschen empfohlen hatte, diese taucht im Protokoll (das Protokoll, welches über die avast-oberfläche anzusehen ist) allerdings nicht mehr auf. 3. Ich koppelte dann die verseuchte externe Festplatte ab und führte eine erneute "vollständige Überprüfung durch", welche keine Virus finden konnte. Die zu sichernden Daten habe ich vorsichtshalber nicht kopiert, weil es mir nicht ganz geheuer war, das avast auf der externen platte nichts gefunden hat. Außerdem führte ich ein update durch. 4. Am Nächsten morgen war der PC neu gestartet. (scheinbar ohne Fremdwinwirkung) Ich wollte dann eine weitere überprüfung durchführen (wegen des updates). Dabei gab es allerdings ein Problem: Der Computer startet neu, sobald ich den "starten" button drücke. 5. Das hat mich dann sehr beunruhigt, also versuchte ich etwas anderes, ich wählte "Überprüfung des gewählten Ordners" und wählte dabei den gesamten Arbeitsplatz aus. Das hat funktioniert, allerdings wurde nichts gefunden. Das wunderte mich, da es ja ganz offensichtlich ein Problem gibt (computer-neustart). 6. Also Reset und PC-Start im abgesicherten modus, wieder "vollständige Überprüfung". Hier ist das möglich, aber ebenfalls ohne befund. 7. Daraufhin hab ich nach dem Problem im Internet gesucht und bin auf "Trojaner board gestoßen". Mein Problem habe ich allerdings nicht finden können, allerdings wurde dort häufiger eine Startzeit-Überprüfung empfohlen. Ich führte dann eine Startzeitprüfung mit avast durch. Dabei wurden dann plötzlich wieder bedrohungen gefunden. 14 im Verzeichnis: "C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\" mit Namen: "C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\1\798d9401-2b79f58d|>buildService\Cid.class" Java:Agent-UM [expl] "C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\1\798d9401-2b79f58d|>buildService\ClassId.class" Java:Agent-US [expl] "C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\1\798d9401-2b79f58d|>buildService\ClassType.class" Java:Agent-UN [expl] "C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\1\798d9401-2b79f58d|>buildService\MailAgent.class" Java:Agent-UL [expl] "C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\1\798d9401-2b79f58d|>buildService\Virtual Table.class" Java:Agent-UP [expl] "C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\30\134325e-7ca0d59a|>FAQ\Checklist.class" Java:Agent-IF [expl] "C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\30\134325e-7ca0d59a|>FAQ\constant.class" Java:Agent-IJ [expl] "C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\30\134325e-7ca0d59a|>FAQ\J2EE.class" Java:Agent-IG [expl] "C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\30\134325e-7ca0d59a|>FAQ\Template.class" Java:Agent-IM [expl] "C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\30\134325e-7ca0d59a|>tools\Commander.class Java:Agent-LF [expl] "C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\30\134325e-7ca0d59a|Syntax.class" Java:Agent-RR [expl] "C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\30\134325e-7ca0d59a|XmlStandard.class" Java:Agent-RV [expl] "C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\47\42cc9baf-2d521695|>vload.class" Java:Jade-C [heur] "C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\47\42cc9baf-2d521695|>vmain.class" Java:CVE-2010-0094-C [expl] und 1 weitere in "C:\Documents and Settings\Administrator\My Documents\Downloads\u95.exe Win32.PUP-gen [PUP] Also nochmal reichlich Beute im Java cache, trotz einiger Kontrollen. 8. Deshalb jetzt ein Check mit der Boot-CD von G-Data eines Freundes. Die führte ein Update durch, durchsuchte den PC SEHR LANGSAM und fand wieder was in "C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\30\ mit der Bezeichnung "virus". Der Scan blieb allerdings hängen und ich konnte nicht reagieren. Ärgerlich. 9. Ich wusste ja jetzt, dass es weitere Bedrohungen gibt und weil ich ja wusste, dass immer Java betroffen war hab ich mal gegoogelt und diesen link gefunden: hxxp://www.java.com/en/download/help/cache_virus.xml Ich habe dann die Anweisungen befolgt, die dort aufgeführt sind zur Säuberung per Hand. Das avast Problem löste sich dadurch leider nicht (also beim klicken des "starten"-buttons bei "vollständige Überprüfung" und "schnelle "überprüfung" wird der PC weiterhin neu gestartet) 10. Ich führte dann allerdings einen boot scan mit der G-Data CD durch, wieder updates. Diesmal ging er allerdings schneller und war auch vollständig. Dabei wurde nichts gefunden. Das war komisch, denn das avast problem war noch nicht behoben. Im Gegenteil, der Computer startete nun auch gelegentlich ohne "starten" button klick neu, also von ganz allein. Ich war ratlos genug, um mich (reichlich spät) bei trojaner board anzumelden und nun bin ich hier. 11. habe sowohl defogger als auch OTL angewendet (die logs kommen gleich). Interessant dabei ist: ich hatte den PC solange ich OTL und defogger benutzte vom internet abgehängt und avast deaktiviert. Seit dem funktioniert avast wieder, also kein neustart mit "starten"-button-click. Trotzdem fände ich es gut, wenn das Problem besprochen werden könnte. Könnt ihr mir sagen, wie ich an die avast logs rankomme? (also als txt oder so). Die würde ich dann auch hochladen. Meint ihr auch, wir sollten die Passwörter unserer email-postfächer ändern? Zu guter letzt noch so ein paar randnotizen: Der PC wird hauptsächlich von mir und meinem Bruder, aber generell von der ganzen Familie benutzt. Ich habe also keinen besonders guten Überblick darüber, was hier alles passiert und außerdem kann ich nicht einfach den PC platt machen. Ich verfüge über recht rudimentäre programmierfähigkeiten und user-mündigkeit, also überfordert mich bitte nicht, Ich danke euch schonmal für eure Hilfe und freundliche Grüße PS: mich interessiert, ob ich von der verseuchten festplatte lieber die finger lassen sollte. PPS: Ich bin politisch aktiv und habe schon erfahren müssen, wie der Staat in meine Privatsphäre auf ziemlich krasse Weise eindringt. Wenn sowas passiert, werde ich also ein wenig paranoid und würde gerne hören, dass ich mir in der Hinsicht zumindest in diesem Fall keine Sorgen machen muss... HIER DIE OTL.TXT:OTL Logfile: Code:
ATTFilter OTL logfile created on: 15.09.2011 02:30:06 - Run 1 OTL by OldTimer - Version 3.2.28.0 Folder = C:\Documents and Settings\Administrator\Desktop\fight the virus 64bit-Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,44 Gb Available Physical Memory | 71,90% Memory free 3,87 Gb Paging File | 3,53 Gb Available in Paging File | 91,11% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 48,83 Gb Total Space | 1,95 Gb Free Space | 3,99% Space Free | Partition Type: NTFS Drive D: | 184,05 Gb Total Space | 23,68 Gb Free Space | 12,87% Space Free | Partition Type: NTFS Computer Name: XYJLT4GFLO6VZAN | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.09.15 02:06:47 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\fight the virus\OTL.exe PRC - [2011.09.06 22:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe PRC - [2011.09.06 22:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe PRC - [2010.09.29 15:20:46 | 000,190,928 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\QipGuard\QipGuard.exe PRC - [2010.08.05 02:35:30 | 000,066,872 | ---- | M] () -- C:\WINDOWS\SysWOW64\PnkBstrA.exe PRC - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Documents and Settings\Administrator\Desktop\Malte Malte\uni\vpn client\vpn client 4\cvpnd.exe PRC - [2008.04.17 14:14:00 | 000,102,712 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe PRC - [2008.04.17 14:14:00 | 000,098,616 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe ========== Modules (No Company Name) ========== MOD - [2011.09.14 21:17:31 | 001,562,112 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\11091401\algo.dll MOD - [2011.09.14 14:44:51 | 000,208,544 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\11091401\aswRep.dll MOD - [2010.09.29 15:20:46 | 000,190,928 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\QipGuard\QipGuard.exe MOD - [2010.08.05 02:35:30 | 000,066,872 | ---- | M] () -- C:\WINDOWS\SysWOW64\PnkBstrA.exe MOD - [2010.03.23 13:26:48 | 000,201,512 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\***\uni\vpn client\vpn client 4\vpnapi.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011.09.06 22:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) SRV:64bit: - [2011.02.11 23:23:34 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) SRV - [2011.08.04 14:34:48 | 002,329,480 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2010.08.05 02:35:30 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\WINDOWS\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Documents and Settings\Administrator\Desktop\***\uni\vpn client\vpn client 4\cvpnd.exe -- (CVPND) SRV - [2008.07.25 11:17:02 | 000,069,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.04.17 14:14:00 | 000,102,712 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2008.03.28 21:05:00 | 000,663,552 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\SysWOW64\ati2saag.exe -- (ATI Smart) SRV - [2007.02.17 00:44:20 | 000,077,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchsvc.dll -- (helpsvc) SRV - [2006.12.14 18:00:00 | 000,544,768 | ---- | M] (Magix AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService) SRV - [2006.10.18 20:05:24 | 000,913,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc) SRV - [2005.11.17 15:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) ========== Driver Services (SafeList) ========== DRV - [2009.07.13 13:09:44 | 000,073,312 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\windows\SysWow64\drivers\adfs.sys -- (adfs) DRV - [2006.04.04 14:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\windows\SysWow64\mnmdd.dll -- (mnmdd) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://qip.ru IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.qip.ru IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.qip.ru/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.qip.ru IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://vshare.toolbarhome.com/?hp=df IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.qip.ru/ie IE - HKCU\..\URLSearchHook: - Reg Error: CLSID key missing. File not found IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official" FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19.1 FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2 FF - prefs.js..extensions.enabledItems: es-es@dictionaries.addons.mozilla.org:1.5 FF - prefs.js..extensions.enabledItems: dictionary-switcher@design-noir.de:1.3.1 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:5.0.1 FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110704 FF - prefs.js..extensions.enabledItems: radiobar@toolbar:1.0.0 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.2.6 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.7 FF - prefs.js..extensions.enabledItems: {43c35458-c907-439b-bcfd-07d373834689}:2.2.1 FF - prefs.js..extensions.enabledItems: QipCounter@qip.ru:1.0 FF - prefs.js..extensions.enabledItems: {32a1fd71-835e-4b11-8e54-886fda0b4c89}:1.1 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.3.2 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.2 FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.1.3 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.4 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2 FF - prefs.js..extensions.enabledItems: wrc@avast.com:6.0.1289 FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=bc843d900000000000007a7900000002&tlver=1.4.19.19&instlRef=sst&ss=1&affID=17395&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Administrator\Application Data\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks) FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: D:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: D:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: D:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Administrator\Application Data\Facebook\npfbplugin_1_0_3.dll ( ) FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Administrator\Application Data\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011.09.08 01:36:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.03.12 18:18:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.04.30 14:28:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.22\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2009.08.03 17:05:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.22\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011.03.12 18:18:27 | 000,000,000 | ---D | M] [2010.07.24 12:41:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Extensions [2010.03.26 17:31:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Extensions\IMVUClientXUL@imvu.com [2010.07.24 12:41:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Extensions\mozswing@mozswing.org [2011.09.15 02:04:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ii23qwue.default\extensions [2010.06.28 23:58:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ii23qwue.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.10.11 20:20:51 | 000,000,000 | ---D | M] (QipAuthorizer) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ii23qwue.default\extensions\{32a1fd71-835e-4b11-8e54-886fda0b4c89} [2010.08.26 17:17:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ii23qwue.default\extensions\{43c35458-c907-439b-bcfd-07d373834689} [2011.08.03 09:05:39 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ii23qwue.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2011.08.03 09:05:36 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ii23qwue.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2011.08.03 09:05:39 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ii23qwue.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2011.01.20 18:38:25 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ii23qwue.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.08.03 09:05:36 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ii23qwue.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.08.03 09:05:39 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ii23qwue.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2011.08.03 09:05:32 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ii23qwue.default\extensions\de-DE@dictionaries.addons.mozilla.org [2011.08.03 09:05:33 | 000,000,000 | ---D | M] (Dictionary Switcher) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ii23qwue.default\extensions\dictionary-switcher@design-noir.de [2011.08.03 09:05:32 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ii23qwue.default\extensions\en-GB@dictionaries.addons.mozilla.org [2011.08.03 09:05:35 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ii23qwue.default\extensions\engine@conduit.com [2011.08.03 09:07:07 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ii23qwue.default\extensions\en-US@dictionaries.addons.mozilla.org [2011.08.03 09:05:33 | 000,000,000 | ---D | M] (Diccionario de Español/España) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ii23qwue.default\extensions\es-es@dictionaries.addons.mozilla.org [2010.10.11 20:21:01 | 000,000,000 | ---D | M] ("QipCounter") -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ii23qwue.default\extensions\QipCounter@qip.ru [2010.05.05 13:30:54 | 000,000,000 | ---D | M] (RadioBar Toolbar) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ii23qwue.default\extensions\radiobar@toolbar [2011.01.23 23:49:41 | 000,000,000 | ---D | M] (vShare) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ii23qwue.default\extensions\vshare@toolbar [2011.01.20 18:44:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\wc0vcnln.default\extensions [2011.01.20 18:44:29 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\wc0vcnln.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2011.01.20 18:38:25 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\wc0vcnln.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.09.07 16:03:58 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-1.xml [2008.04.17 22:13:19 | 000,000,949 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-10.xml [2008.07.04 11:41:42 | 000,000,949 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-11.xml [2008.07.17 07:27:03 | 000,000,949 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-12.xml [2008.07.17 22:58:47 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-13.xml [2008.12.04 17:39:50 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-14.xml [2008.12.14 04:41:39 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-15.xml [2008.12.17 22:55:43 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-16.xml [2009.02.05 18:02:33 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-17.xml [2009.03.07 03:06:34 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-18.xml [2009.03.28 21:40:03 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-19.xml [2007.08.01 15:09:59 | 000,000,949 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-2.xml [2009.04.13 00:08:48 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-20.xml [2009.04.22 17:42:34 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-21.xml [2009.05.06 18:17:43 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-22.xml [2009.07.13 12:38:07 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-23.xml [2009.07.17 19:51:58 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-24.xml [2009.08.04 22:16:54 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-25.xml [2009.09.11 16:27:43 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-26.xml [2009.11.21 23:34:54 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-27.xml [2009.12.16 14:49:16 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-28.xml [2009.12.25 14:13:53 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-29.xml [2007.09.19 22:45:12 | 000,000,949 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-3.xml [2010.02.18 22:19:30 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-30.xml [2010.03.13 02:59:59 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-31.xml [2010.03.24 11:25:25 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-32.xml [2010.04.02 19:48:43 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-33.xml [2010.06.23 18:01:50 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-34.xml [2010.07.21 20:32:23 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-35.xml [2010.07.25 14:29:33 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-36.xml [2010.10.11 20:24:20 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-37.xml [2007.10.20 10:49:43 | 000,000,949 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-4.xml [2007.11.02 12:46:20 | 000,000,949 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-5.xml [2007.11.30 21:18:05 | 000,000,949 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-6.xml [2007.12.02 12:28:59 | 000,000,949 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-7.xml [2008.02.09 23:10:24 | 000,000,949 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-8.xml [2008.03.27 02:20:53 | 000,000,949 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-9.xml [2011.06.20 10:45:18 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin.gif [2011.06.20 10:45:18 | 000,000,618 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin.src [2008.11.18 14:56:02 | 000,000,944 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin.xml [2010.10.12 13:37:08 | 000,002,062 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\qip-search.xml [2011.01.23 23:49:49 | 000,001,583 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\web-search.xml [2011.09.12 20:55:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2008.12.04 17:39:45 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files (x86)\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2011.03.28 19:30:03 | 000,000,000 | ---D | M] (Babylon) -- C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com [2009.07.13 11:45:14 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES (X86)\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2011.09.08 01:36:27 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF [2008.05.13 03:50:42 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\msvcm80.dll [2008.05.13 03:50:42 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\msvcp80.dll [2008.05.13 03:50:42 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\msvcr80.dll [2011.04.12 09:55:08 | 000,167,704 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2010.03.13 02:59:41 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.03.13 02:59:41 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.03.13 02:59:41 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.03.13 02:59:41 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.03.13 02:59:41 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml Hosts file not found O2 - BHO: (CescrtHlpr Object) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (QipLI Class) - {6B5863A0-C43F-4C0A-982B-CC0E9125783F} - C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\qstatsrv.dll (TODO: <Company name>) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) O2 - BHO: (QIPBHO Class) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll (Babylon Ltd.) O3:64bit: - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - %SystemRoot%\system32\browseui.dll File not found O3:64bit: - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - %SystemRoot%\system32\browseui.dll File not found O3:64bit: - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - %SystemRoot%\system32\SHELL32.dll File not found O3:64bit: - HKCU\..\Toolbar\WebBrowser - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKCU..\Run: [4E3E0230AEBB4E96] C:\Recycle.Bin\Recycle.Bin.exe File not found O4 - HKCU..\Run: [QIP Internet Guardian] C:\Documents and Settings\Administrator\Application Data\QipGuard\QipGuard.exe () O4 - HKCU..\Run: [Steam] "h:\anwendungen\steam\steam.exe" -silent File not found O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\vpngui.exe.lnk = C:\WINDOWS\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\Administrator\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\Administrator\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000 File not found O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk () O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - %SystemRoot%\System32\mswsock.dll File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - %SystemRoot%\System32\winrnr.dll File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - %SystemRoot%\System32\mswsock.dll File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\system32\mswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\system32\mswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\system32\mswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\system32\mswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\system32\mswsock.dll File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKCU\..Trusted Domains: //@install.mar@/ ([]msni in My Computer) O15 - HKCU\..Trusted Domains: //@mail.mar@/ ([]msni in Local intranet) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1211483953078 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E4BE1B4F-485A-4A56-BFC5-6969417BFDC0}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll File not found O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll File not found O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found O18:64bit: - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found O18:64bit: - Protocol\Handler\http\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\http\oledb - No CLSID value found O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found O18:64bit: - Protocol\Handler\https\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\https\oledb - No CLSID value found O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll File not found O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - %SystemRoot%\system32\inetcomm.dll File not found O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll File not found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - %SystemRoot%\system32\mshtml.dll File not found O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll File not found O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found O18:64bit: - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll File not found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found O18:64bit: - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll File not found O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found O18:64bit: - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found O18:64bit: - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - %SystemRoot%\system32\SHELL32.dll File not found O18:64bit: - Protocol\Filter\text/xml - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - File not found O20:64bit: - HKLM Winlogon: UIHost - (%SystemRoot%\system32\logonui.exe) - File not found O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: System - (lsass.exe) - File not found O20 - HKLM Winlogon: UserInit - (userinit) -C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - File not found O20:64bit: - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - File not found O20:64bit: - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - File not found O20:64bit: - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - File not found O20:64bit: - Winlogon\Notify\dimsntfy: DllName - (dimsntfy.dll) - File not found O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found O20:64bit: - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - File not found O20:64bit: - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - File not found O20:64bit: - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - File not found O20:64bit: - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - File not found O20:64bit: - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - File not found O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - File not found O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - File not found O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - File not found O21:64bit: - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll File not found O21:64bit: - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll File not found O21:64bit: - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll File not found O21:64bit: - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll File not found O22:64bit: - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - %SystemRoot%\system32\browseui.dll File not found O22:64bit: - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - %SystemRoot%\system32\browseui.dll File not found O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Windows XP.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Windows XP.bmp O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll File not found O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{43c02d6a-9934-11dd-9219-0018f3fd278b}\Shell\AutoRun\command - "" = G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe O33 - MountPoints2\{43c02d6a-9934-11dd-9219-0018f3fd278b}\Shell\open\command - "" = G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe O33 - MountPoints2\{52bcf4c7-3176-11dd-ad7c-0018f3fd278b}\Shell\AutoRun\command - "" = RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe O33 - MountPoints2\{52bcf4c7-3176-11dd-ad7c-0018f3fd278b}\Shell\open\command - "" = RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe O33 - MountPoints2\{68947b47-4d1b-11dd-a2aa-0018f3fd278b}\Shell\AutoRun\command - "" = G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe O33 - MountPoints2\{68947b47-4d1b-11dd-a2aa-0018f3fd278b}\Shell\open\command - "" = G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX:64bit: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Reg Error: Value error. ActiveX:64bit: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX:64bit: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX:64bit: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {abcdf74f-9a64-4e6e-b8eb-6e5a41de6550} - Help and Support Center ActiveX:64bit: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - ActiveX:64bit: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework ActiveX:64bit: {B6EC01E7-431D-4D29-B9D4-E1D74CAF0AB0} - .NET Framework ActiveX:64bit: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX:64bit: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML) ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1 ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1 ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447) ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\SysWOW64\Rundll32.exe C:\WINDOWS\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework ActiveX: {B6EC01E7-431D-4D29-B9D4-E1D74CAF0AB0} - .NET Framework ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.09.15 02:04:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\fight the virus [2011.09.08 01:36:26 | 000,041,184 | ---- | C] (AVAST Software) -- C:\windows\avastSS.scr [2011.08.30 19:24:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\PAP1 [4 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] [2 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ] [1 C:\Documents and Settings\Administrator\My Documents\*.tmp files -> C:\Documents and Settings\Administrator\My Documents\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.09.15 02:17:22 | 000,002,576 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\vpngui.exe.lnk [2011.09.15 02:17:16 | 000,002,048 | --S- | M] () -- C:\windows\bootstat.dat [2011.09.15 02:11:47 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\Administrator\defogger_reenable [2011.09.15 02:09:48 | 000,000,970 | ---- | M] () -- C:\windows\imsins.BAK [2011.09.13 02:31:16 | 000,001,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk [2011.09.13 02:31:16 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\config.nt [2011.09.06 22:45:29 | 000,199,304 | ---- | M] (AVAST Software) -- C:\windows\SysWow64\aswBoot.exe [2011.09.06 22:45:29 | 000,041,184 | ---- | M] (AVAST Software) -- C:\windows\avastSS.scr [2011.09.02 19:28:22 | 000,000,116 | ---- | M] () -- C:\windows\NeroDigital.ini [2011.08.28 23:43:14 | 001,549,781 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\eBookReaderKompatibilitaetsliste_Onleihe[6].pdf [2011.08.28 23:41:53 | 001,549,781 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\eBookReaderKompatibilitaetsliste_Onleihe[5].pdf [2011.08.28 23:37:41 | 001,549,781 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\eBookReaderKompatibilitaetsliste_Onleihe[4].pdf [2011.08.28 23:34:06 | 001,526,924 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\eBookReaderKompatibilitaetsliste_Onleihe[3].pdf [2011.08.28 23:29:27 | 001,549,781 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\eBookReaderKompatibilitaetsliste_Onleihe[2].pdf [2011.08.27 15:47:08 | 000,000,296 | ---- | M] () -- C:\windows\tasks\AppleSoftwareUpdate.job [2011.08.26 13:07:18 | 000,099,328 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [4 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] [2 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ] [1 C:\Documents and Settings\Administrator\My Documents\*.tmp files -> C:\Documents and Settings\Administrator\My Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.09.15 02:11:47 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\Administrator\defogger_reenable [2011.08.28 23:42:46 | 001,549,781 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\eBookReaderKompatibilitaetsliste_Onleihe[6].pdf [2011.08.28 23:41:23 | 001,549,781 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\eBookReaderKompatibilitaetsliste_Onleihe[5].pdf [2011.08.28 23:36:53 | 001,549,781 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\eBookReaderKompatibilitaetsliste_Onleihe[4].pdf [2011.08.28 23:30:42 | 001,526,924 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\eBookReaderKompatibilitaetsliste_Onleihe[3].pdf [2011.08.28 23:28:16 | 001,549,781 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\eBookReaderKompatibilitaetsliste_Onleihe[2].pdf [2011.06.25 20:57:10 | 006,904,040 | ---- | C] () -- C:\windows\SysWow64\SpoonUninstall.exe [2011.06.25 20:57:10 | 000,017,838 | ---- | C] () -- C:\windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat [2011.02.11 23:23:34 | 000,053,299 | ---- | C] () -- C:\windows\SysWow64\pthreadVC.dll [2010.12.26 00:07:35 | 000,158,544 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [2010.08.04 00:45:46 | 000,066,872 | ---- | C] () -- C:\windows\SysWow64\PnkBstrA.exe [2010.08.04 00:45:41 | 000,103,736 | ---- | C] () -- C:\windows\SysWow64\PnkBstrB.exe [2010.05.12 15:43:50 | 000,043,520 | ---- | C] () -- C:\windows\SysWow64\CmdLineExt03.dll [2010.04.19 22:54:07 | 000,000,280 | ---- | C] () -- C:\Program Files (x86)\Verknüpfung mit Daten (D).lnk [2010.04.17 19:09:10 | 000,000,035 | ---- | C] () -- C:\windows\WorldBuilder.INI [2010.02.18 03:23:44 | 000,001,180 | ---- | C] () -- C:\windows\eReg.dat [2010.01.04 11:21:28 | 000,001,723 | ---- | C] () -- C:\windows\TSearch.INI [2009.12.25 14:25:58 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\$_hpcst$.hpc [2009.11.05 04:33:15 | 000,000,020 | ---- | C] () -- C:\windows\powerplayer.ini [2009.11.05 04:32:03 | 000,000,149 | ---- | C] () -- C:\windows\psnetwork.ini [2009.08.02 01:12:22 | 000,000,000 | ---- | C] () -- C:\windows\EEventManager.INI [2009.08.01 18:14:28 | 000,000,025 | ---- | C] () -- C:\windows\CDE V30V300DEFGIPSRUk.ini [2009.05.28 01:46:16 | 000,000,016 | -H-- | C] () -- C:\Documents and Settings\Administrator\Application Data\mxfilerelatedcache.mxc2 [2009.05.07 00:19:26 | 000,000,029 | ---- | C] () -- C:\windows\DEBUGSM.INI [2009.05.06 20:14:15 | 000,111,932 | ---- | C] () -- C:\windows\SysWow64\EPPICPrinterDB.dat [2009.05.06 20:14:15 | 000,031,053 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern131.dat [2009.05.06 20:14:15 | 000,027,417 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern121.dat [2009.05.06 20:14:15 | 000,026,154 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern1.dat [2009.05.06 20:14:15 | 000,024,903 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern3.dat [2009.05.06 20:14:15 | 000,021,390 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern5.dat [2009.05.06 20:14:15 | 000,020,148 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern2.dat [2009.05.06 20:14:15 | 000,011,811 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern4.dat [2009.05.06 20:14:15 | 000,004,943 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern6.dat [2009.05.06 20:14:15 | 000,001,146 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_DU.dat [2009.05.06 20:14:15 | 000,001,139 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_PT.dat [2009.05.06 20:14:15 | 000,001,139 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_BP.dat [2009.05.06 20:14:15 | 000,001,136 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_ES.dat [2009.05.06 20:14:15 | 000,001,129 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_FR.dat [2009.05.06 20:14:15 | 000,001,129 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_CF.dat [2009.05.06 20:14:15 | 000,001,120 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_IT.dat [2009.05.06 20:14:15 | 000,001,107 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_GE.dat [2009.05.06 20:14:15 | 000,001,104 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_EN.dat [2009.05.06 20:14:15 | 000,000,097 | ---- | C] () -- C:\windows\SysWow64\PICSDK.ini [2009.05.06 20:08:46 | 000,000,025 | ---- | C] () -- C:\windows\CDE ESP1400Euro.ini [2009.04.18 19:00:48 | 000,000,013 | ---- | C] () -- C:\windows\msgtn.ini [2009.03.03 14:06:48 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat [2009.01.14 17:11:57 | 000,314,427 | ---- | C] () -- C:\windows\War3Unin.dat [2008.12.21 05:48:24 | 001,278,464 | ---- | C] () -- C:\windows\SysWow64\quartz.dll [2008.10.09 22:13:00 | 000,000,016 | -H-- | C] () -- C:\Program Files (x86)\Common Files\mxfilerelatedcache.mxc2 [2008.10.09 11:53:03 | 000,000,046 | ---- | C] () -- C:\windows\Goya.INI [2008.09.07 18:49:02 | 000,000,016 | -H-- | C] () -- C:\Program Files\mxfilerelatedcache.mxc2 [2008.09.07 18:49:02 | 000,000,016 | -H-- | C] () -- C:\Program Files (x86)\mxfilerelatedcache.mxc2 [2008.06.18 18:24:46 | 000,000,116 | ---- | C] () -- C:\windows\NeroDigital.ini [2008.06.14 00:24:12 | 000,089,312 | ---- | C] () -- C:\windows\SysWow64\acedrv09.dll [2008.06.14 00:17:06 | 000,010,240 | ---- | C] () -- C:\windows\SysWow64\vidx16.dll [2008.06.14 00:02:00 | 000,006,768 | ---- | C] () -- C:\windows\mgxoschk.ini [2008.06.13 23:58:11 | 000,000,400 | ---- | C] () -- C:\windows\ODBC.INI [2008.06.02 22:52:00 | 000,000,034 | ---- | C] () -- C:\windows\cdplayer.ini [2008.05.23 05:15:09 | 000,002,048 | --S- | C] () -- C:\windows\bootstat.dat [2008.05.22 21:58:17 | 000,004,161 | ---- | C] () -- C:\windows\ODBCINST.INI [2008.05.22 20:42:39 | 000,010,288 | ---- | C] () -- C:\windows\SysWow64\drivers\ASUSHWIO.SYS [2008.05.22 20:42:25 | 000,765,952 | ---- | C] () -- C:\windows\SysWow64\xvidcore.dll [2008.05.22 20:42:25 | 000,180,224 | ---- | C] () -- C:\windows\SysWow64\xvidvfw.dll [2008.05.22 20:42:11 | 003,596,288 | ---- | C] () -- C:\windows\SysWow64\qt-dx331.dll [2008.05.22 20:42:10 | 000,198,656 | ---- | C] () -- C:\windows\SysWow64\psisdecd.dll [2008.05.22 20:42:09 | 001,150,342 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI [2008.05.22 20:41:48 | 000,831,488 | ---- | C] () -- C:\windows\SysWow64\divx_xx0a.dll [2008.05.22 20:41:48 | 000,012,288 | ---- | C] () -- C:\windows\SysWow64\DivXWMPExtType.dll [2008.05.22 20:41:41 | 000,663,552 | ---- | C] () -- C:\windows\SysWow64\ati2saag.exe [2008.05.22 20:41:30 | 000,000,166 | ---- | C] () -- C:\windows\wininit.ini [2008.05.22 20:41:26 | 000,000,000 | ---- | C] () -- C:\windows\nsreg.dat [2008.05.22 20:41:23 | 000,007,867 | ---- | C] () -- C:\windows\Irremote.ini [2008.05.22 20:41:21 | 000,021,209 | ---- | C] () -- C:\windows\Ascd_tmp.ini [2008.05.22 20:41:21 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin [2008.05.22 20:35:24 | 000,022,040 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\addon.dat [2008.05.22 20:33:00 | 000,099,328 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.05.22 20:29:12 | 000,004,886 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\amjmwaey.gaf [2008.05.22 20:29:12 | 000,001,767 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache [2007.10.25 18:26:10 | 000,005,632 | ---- | C] () -- C:\windows\SysWow64\drivers\StarOpen.sys [2007.06.19 08:59:36 | 000,070,400 | ---- | C] () -- C:\windows\SysWow64\PhysXLoader.dll [2007.04.20 07:57:30 | 000,053,248 | ---- | C] () -- C:\windows\SysWow64\AgCPanelTraditionalChinese.dll [2007.04.20 07:57:28 | 000,053,248 | ---- | C] () -- C:\windows\SysWow64\AgCPanelSwedish.dll [2007.04.20 07:57:28 | 000,053,248 | ---- | C] () -- C:\windows\SysWow64\AgCPanelSpanish.dll [2007.04.20 07:57:28 | 000,053,248 | ---- | C] () -- C:\windows\SysWow64\AgCPanelSimplifiedChinese.dll [2007.04.20 07:57:28 | 000,053,248 | ---- | C] () -- C:\windows\SysWow64\AgCPanelPortugese.dll [2007.04.20 07:57:28 | 000,053,248 | ---- | C] () -- C:\windows\SysWow64\AgCPanelKorean.dll [2007.04.20 07:57:28 | 000,053,248 | ---- | C] () -- C:\windows\SysWow64\AgCPanelJapanese.dll [2007.04.20 07:57:28 | 000,053,248 | ---- | C] () -- C:\windows\SysWow64\AgCPanelGerman.dll [2007.04.20 07:57:28 | 000,053,248 | ---- | C] () -- C:\windows\SysWow64\AgCPanelFrench.dll [2006.04.04 14:00:00 | 000,733,696 | ---- | C] () -- C:\windows\SysWow64\qedwipes.dll [2006.04.04 14:00:00 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat [2006.04.04 14:00:00 | 000,512,512 | ---- | C] () -- C:\windows\SysWow64\qedit.dll [2006.04.04 14:00:00 | 000,498,742 | ---- | C] () -- C:\windows\SysWow64\dxmasf.dll [2006.04.04 14:00:00 | 000,396,288 | ---- | C] () -- C:\windows\SysWow64\encdec.dll [2006.04.04 14:00:00 | 000,385,536 | ---- | C] () -- C:\windows\SysWow64\qdvd.dll [2006.04.04 14:00:00 | 000,355,112 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll [2006.04.04 14:00:00 | 000,279,040 | ---- | C] () -- C:\windows\SysWow64\qdv.dll [2006.04.04 14:00:00 | 000,276,992 | ---- | C] () -- C:\windows\SysWow64\sbe.dll [2006.04.04 14:00:00 | 000,199,168 | ---- | C] () -- C:\windows\SysWow64\ir32_32.dll [2006.04.04 14:00:00 | 000,192,512 | ---- | C] () -- C:\windows\SysWow64\qcap.dll [2006.04.04 14:00:00 | 000,114,688 | ---- | C] () -- C:\windows\SysWow64\msencode.dll [2006.04.04 14:00:00 | 000,072,704 | ---- | C] () -- C:\windows\SysWow64\amstream.dll [2006.04.04 14:00:00 | 000,062,464 | ---- | C] () -- C:\windows\SysWow64\mciqtz32.dll [2006.04.04 14:00:00 | 000,061,440 | ---- | C] () -- C:\windows\SysWow64\devenum.dll [2006.04.04 14:00:00 | 000,055,808 | ---- | C] () -- C:\windows\SysWow64\dvdplay.exe [2006.04.04 14:00:00 | 000,046,907 | ---- | C] () -- C:\windows\mib.bin [2006.04.04 14:00:00 | 000,016,896 | ---- | C] () -- C:\windows\SysWow64\tsd32.dll [2006.04.04 14:00:00 | 000,014,336 | ---- | C] () -- C:\windows\SysWow64\msdmo.dll [2006.04.04 14:00:00 | 000,012,498 | ---- | C] () -- C:\windows\SysWow64\append.exe [2006.04.04 14:00:00 | 000,004,126 | ---- | C] () -- C:\windows\SysWow64\msdxmlc.dll [2006.04.04 14:00:00 | 000,001,129 | ---- | C] () -- C:\windows\SysWow64\vwipxspx.exe [2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\windows\SysWow64\OUTLPERF.INI ========== LOP Check ========== [2010.10.19 20:25:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\2K Sports [2011.03.29 15:46:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BabylonToolbar [2011.06.25 21:28:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\dBpoweramp [2011.01.20 18:38:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DVDVideoSoftIEHelpers [2008.05.22 20:35:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Easy Thumbnails [2009.08.16 14:07:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\EPSON [2010.05.29 21:58:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Facebook [2009.05.26 20:20:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Gamelab [2008.05.22 20:35:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GetRightToGo [2011.07.08 13:19:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\gtk-2.0 [2008.12.27 01:21:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Helios [2008.05.22 20:35:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ICQ Toolbar [2008.05.22 20:35:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ICQLite [2011.02.12 17:13:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ID3-TagIT 3 [2010.10.07 13:29:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Leadertech [2008.10.31 19:30:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MAGIX [2008.05.22 20:35:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Miranda [2009.12.26 14:48:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\NCH Swift Sound [2009.02.15 01:29:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OpenOffice.org [2009.11.05 04:16:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ppstream [2011.07.31 20:26:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PriceGong [2009.12.25 14:10:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\QIP [2010.10.12 13:37:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\QipGuard [2009.12.25 14:25:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Samsung [2011.01.03 05:12:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Teeworlds [2009.07.13 12:38:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Thunderbird [2008.05.22 20:35:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Tobit [2008.05.22 20:35:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Ulead Systems [2011.07.09 02:30:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent [2010.03.26 17:32:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Vivox [2011.02.05 19:59:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\wargaming.net [2008.05.22 20:35:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Xilisoft Corporation [2010.02.28 23:21:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software [2010.08.07 13:57:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess [2009.05.06 20:07:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON [2008.05.22 20:30:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FREEDB [2008.12.04 17:39:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICQ [2008.05.22 21:16:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ID3-TagIT 3 [2010.09.29 18:01:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\KONAMI [2009.01.01 18:04:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Last.fm [2008.10.31 19:30:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MAGIX [2010.04.25 10:36:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound [2008.05.22 20:29:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap [2011.07.25 15:45:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Redirected [2009.05.26 20:32:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2009.05.06 20:16:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL [2008.05.22 20:29:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems [2011.09.15 02:12:11 | 000,032,604 | ---- | M] () -- C:\windows\Tasks\SchedLgU.Txt ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2009.09.08 12:08:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings [2008.10.08 13:58:47 | 000,000,000 | ---D | M] -- C:\DVDVideoSoft [2011.06.06 20:45:32 | 000,000,000 | R--D | M] -- C:\Program Files [2011.08.10 10:32:40 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2011.05.24 10:49:49 | 000,000,000 | -H-D | M] -- C:\Recycle.Bin [2009.07.13 13:00:38 | 000,000,000 | -HSD | M] -- C:\RECYCLER [2011.03.16 17:34:34 | 000,000,000 | ---D | M] -- C:\spoolerlogs [2011.09.15 02:31:26 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.09.07 20:50:19 | 000,000,000 | -H-D | M] -- C:\SystemData [2011.09.15 02:14:27 | 000,000,000 | ---D | M] -- C:\WINDOWS < %PROGRAMFILES%\*.exe > Invalid Environment Variable: LOCALAPPDATA < %systemroot%\*. /mp /s > < %systemroot%\system32\*.manifest /3 > [2 C:\windows\system32\*.tmp files -> C:\windows\system32\*.tmp -> ] < MD5 for: EXPLORER.EXE > [2007.02.18 11:05:28 | 001,053,184 | ---- | M] (Microsoft Corporation) MD5=A26C39540F8BE3729846E360E2C57344 -- C:\WINDOWS\SysWOW64\explorer.exe [2007.02.17 00:20:36 | 001,364,480 | ---- | M] (Microsoft Corporation) MD5=AE7A08C05F72A9242734C03230A5CD7F -- C:\WINDOWS\explorer.exe [2007.02.17 00:20:36 | 001,364,480 | ---- | M] (Microsoft Corporation) MD5=AE7A08C05F72A9242734C03230A5CD7F -- C:\WINDOWS\ServicePackFiles\amd64\explorer.exe < MD5 for: REGEDIT.EXE > [2007.02.18 10:59:54 | 000,224,768 | ---- | M] (Microsoft Corporation) MD5=0F4DB85E5FF5E203A94FDC5059E89297 -- C:\WINDOWS\regedit.exe [2007.02.18 11:05:48 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=0F4DB85E5FF5E203A94FDC5059E89297 -- C:\WINDOWS\SysWOW64\regedit.exe [2007.02.18 10:59:54 | 000,224,768 | ---- | M] (Microsoft Corporation) MD5=872A60B75CE6A09033FBE2461D44E696 -- C:\WINDOWS\ServicePackFiles\amd64\regedit.exe < MD5 for: USERINIT.EXE > [2007.02.17 01:00:56 | 000,039,424 | ---- | M] (Microsoft Corporation) MD5=438393CC0B5122B5D988BD7BA05FE3C9 -- C:\WINDOWS\ServicePackFiles\amd64\userinit.exe [2007.02.18 11:05:56 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=B5FEB3B971A8B8C81CE9DE65031A87E5 -- C:\WINDOWS\SysWOW64\userinit.exe < MD5 for: WINLOGON.EXE > [2007.02.17 01:02:56 | 000,944,128 | ---- | M] (Microsoft Corporation) MD5=901C7E44D11C00CA9D48BA1A866FDC4B -- C:\WINDOWS\ServicePackFiles\amd64\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > ========== Alternate Data Streams ========== @Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F50F1555 < End of report > Geändert von 21stparanoid (15.09.2011 um 04:30 Uhr) |
|
15.09.2011, 07:48
| #2 | ||
| /// Helfer-Team    | avast - PC-Neustart bei überprüfung "starten" button klick, virusbefall? Hallo und Herzlich Willkommen!
__________________ Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]: Zitat:
 Für Vista und Win7: Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen! 1. läuft unter XP, Vista mit (32Bit) und Windows 7 (32Bit) Achtung!: WENN GMER NICHT AUSGEFÜHRT WERDEN KANN ODER PROBMLEME VERURSACHT, fahre mit dem nächsten Punkt fort! Um einen tieferen Einblick in dein System, um eine mögliche Infektion mit einem Rootkit/Info v.wikipedia.org) aufzuspüren, werden wir ein Tool - Gmer - einsetzen :
** keine Verbindung zu einem Netzwerk und Internet - WLAN nicht vergessen Wenn der Scan beendet ist, bitte alle Programme und Tools wieder aktivieren! ** kannst Du das Log bei File-Upload.net/kostenlos hochladen und den Link mir hier posten. Anleitung:-> GMER - Rootkit Scanner 2. Lade Dir Malwarebytes Anti-Malware von→ malwarebytes.org
3. erneut einen Scan mit OTL:
4. Ich würde gerne noch all deine installierten Programme sehen: Lade dir das Tool Ccleaner herunter → Download installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ falls nötig - unter Options settings-> "german" einstellen dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..." wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein Zitat:
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw grußkira
__________________ |
|
16.09.2011, 13:54
| #3 |
| | avast - PC-Neustart bei überprüfung "starten" button klick, virusbefall? Moin,
__________________Ich habe ein 64 bit XP Betriebssystem (SP3), GMER fällt also weg oder? ccleaner und MBAM hab ich runtergeladen, jetzt anwenden? Grüße, Moltay |
|
16.09.2011, 20:13
| #4 |
| /// Helfer-Team | avast - PC-Neustart bei überprüfung "starten" button klick, virusbefall? Ich habe ein 64 bit XP Betriebssystem (SP3), GMER fällt also weg oder? Ja... ccleaner und MBAM hab ich runtergeladen, jetzt anwenden? Ja...
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
17.09.2011, 02:15
| #5 |
| | avast - PC-Neustart bei überprüfung "starten" button klick, virusbefall? moin, MBAM hat noch gut was gefunden... 1. MBAM scan Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Datenbank Version: 7728
Windows 5.2.3790 Service Pack 2
Internet Explorer 8.0.6001.18702
16.09.2011 20:54:01
mbam-log-2011-09-16 (20-54-01).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|I:\|J:\|K:\|L:\|M:\|)
Durchsuchte Objekte: 333208
Laufzeit: 57 Minute(n), 49 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 4
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 1
Infizierte Dateien: 4
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\M5T8QL3YW3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SSHNAS (Trojan.Renos) -> Quarantined and deleted successfully.
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\4E3E0230AEBB4E96 (Trojan.SpyEyes) -> Value: 4E3E0230AEBB4E96 -> Quarantined and deleted successfully.
Infizierte Dateiobjekte der Registrierung:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.
Infizierte Verzeichnisse:
c:\Recycle.Bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.
Infizierte Dateien:
c:\documents and settings\administrator\local settings\Temp\comver.dll (Adware.GameSpyArcade) -> Quarantined and deleted successfully.
d:\***\CAD\autodesk inventor series r10 keygen.exe (Malware.Gen) -> Not selected for removal.
c:\documents and settings\administrator\application data\addon.dat (Malware.Trace) -> Quarantined and deleted successfully.
c:\Recycle.Bin\config.bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.
Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Datenbank Version: 7728
Windows 5.2.3790 Service Pack 2
Internet Explorer 8.0.6001.18702
16.09.2011 22:43:44
mbam-log-2011-09-16 (22-43-44).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|I:\|J:\|K:\|L:\|M:\|)
Durchsuchte Objekte: 333170
Laufzeit: 54 Minute(n), 25 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
d:\***\CAD\autodesk inventor series r10 keygen.exe (Malware.Gen) -> Quarantined and deleted successfully.
OTL Logfile: Code:
ATTFilter OTL logfile created on: 17.09.2011 00:27:14 - Run 2 OTL by OldTimer - Version 3.2.28.0 Folder = C:\Documents and Settings\Administrator\Desktop\fight the virus 64bit-Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,31 Gb Available Physical Memory | 65,31% Memory free 3,87 Gb Paging File | 3,42 Gb Available in Paging File | 88,42% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 48,83 Gb Total Space | 1,62 Gb Free Space | 3,32% Space Free | Partition Type: NTFS Drive D: | 184,05 Gb Total Space | 23,68 Gb Free Space | 12,87% Space Free | Partition Type: NTFS Computer Name: XYJLT4GFLO6VZAN | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.09.15 02:06:47 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\fight the virus\OTL.exe PRC - [2011.09.06 22:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe PRC - [2011.09.06 22:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe PRC - [2011.08.31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2010.09.29 15:20:46 | 000,190,928 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\QipGuard\QipGuard.exe PRC - [2010.08.05 02:35:30 | 000,066,872 | ---- | M] () -- C:\WINDOWS\SysWOW64\PnkBstrA.exe PRC - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Documents and Settings\Administrator\Desktop\***\uni\vpn client\vpn client 4\cvpnd.exe PRC - [2008.04.17 14:14:00 | 000,102,712 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe PRC - [2008.04.17 14:14:00 | 000,098,616 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe ========== Modules (No Company Name) ========== MOD - [2011.09.16 09:13:35 | 001,567,744 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\11091600\algo.dll MOD - [2011.09.16 01:02:37 | 000,208,544 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\11091600\aswRep.dll MOD - [2010.09.29 15:20:46 | 000,190,928 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\QipGuard\QipGuard.exe MOD - [2010.08.05 02:35:30 | 000,066,872 | ---- | M] () -- C:\WINDOWS\SysWOW64\PnkBstrA.exe MOD - [2010.03.23 13:26:48 | 000,201,512 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\***\uni\vpn client\vpn client 4\vpnapi.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011.09.06 22:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) SRV:64bit: - [2011.02.11 23:23:34 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.08.04 14:34:48 | 002,329,480 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2010.08.05 02:35:30 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\WINDOWS\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Documents and Settings\Administrator\Desktop\***\uni\vpn client\vpn client 4\cvpnd.exe -- (CVPND) SRV - [2008.07.25 11:17:02 | 000,069,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.04.17 14:14:00 | 000,102,712 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2008.03.28 21:05:00 | 000,663,552 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\SysWOW64\ati2saag.exe -- (ATI Smart) SRV - [2007.02.17 00:44:20 | 000,077,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchsvc.dll -- (helpsvc) SRV - [2006.12.14 18:00:00 | 000,544,768 | ---- | M] (Magix AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService) SRV - [2006.10.18 20:05:24 | 000,913,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc) SRV - [2005.11.17 15:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) ========== Driver Services (SafeList) ========== DRV - [2009.07.13 13:09:44 | 000,073,312 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\windows\SysWow64\drivers\adfs.sys -- (adfs) DRV - [2006.04.04 14:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\windows\SysWow64\mnmdd.dll -- (mnmdd) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://qip.ru IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.qip.ru IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.qip.ru/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.qip.ru IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://vshare.toolbarhome.com/?hp=df IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.qip.ru/ie IE - HKCU\..\URLSearchHook: - Reg Error: CLSID key missing. File not found IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official" FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19.1 FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2 FF - prefs.js..extensions.enabledItems: es-es@dictionaries.addons.mozilla.org:1.5 FF - prefs.js..extensions.enabledItems: dictionary-switcher@design-noir.de:1.3.1 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:5.0.1 FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110704 FF - prefs.js..extensions.enabledItems: radiobar@toolbar:1.0.0 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.2.6 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.7 FF - prefs.js..extensions.enabledItems: {43c35458-c907-439b-bcfd-07d373834689}:2.2.1 FF - prefs.js..extensions.enabledItems: QipCounter@qip.ru:1.0 FF - prefs.js..extensions.enabledItems: {32a1fd71-835e-4b11-8e54-886fda0b4c89}:1.1 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.3.2 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.2 FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.1.3 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.4 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2 FF - prefs.js..extensions.enabledItems: wrc@avast.com:6.0.1289 FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=bc843d900000000000007a7900000002&tlver=1.4.19.19&instlRef=sst&ss=1&affID=17395&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Administrator\Application Data\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks) FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: D:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: D:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: D:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Administrator\Application Data\Facebook\npfbplugin_1_0_3.dll ( ) FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Administrator\Application Data\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011.09.08 01:36:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.03.12 18:18:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.04.30 14:28:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.22\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2009.08.03 17:05:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.22\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011.03.12 18:18:27 | 000,000,000 | ---D | M] [2010.07.24 12:41:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Extensions [2010.03.26 17:31:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Extensions\IMVUClientXUL@imvu.com [2010.07.24 12:41:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Extensions\mozswing@mozswing.org [2011.09.16 19:39:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ii23qwue.default\extensions [2010.06.28 23:58:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ii23qwue.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.10.11 20:20:51 | 000,000,000 | ---D | M] (QipAuthorizer) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ii23qwue.default\extensions\{32a1fd71-835e-4b11-8e54-886fda0b4c89} [2010.08.26 17:17:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ii23qwue.default\extensions\{43c35458-c907-439b-bcfd-07d373834689} [2011.08.03 09:05:39 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ii23qwue.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2011.08.03 09:05:36 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ii23qwue.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2011.08.03 09:05:39 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ii23qwue.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2011.01.20 18:38:25 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ii23qwue.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.08.03 09:05:36 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ii23qwue.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.08.03 09:05:39 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ii23qwue.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2011.08.03 09:05:32 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ii23qwue.default\extensions\de-DE@dictionaries.addons.mozilla.org [2011.08.03 09:05:33 | 000,000,000 | ---D | M] (Dictionary Switcher) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ii23qwue.default\extensions\dictionary-switcher@design-noir.de [2011.08.03 09:05:32 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ii23qwue.default\extensions\en-GB@dictionaries.addons.mozilla.org [2011.08.03 09:05:35 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ii23qwue.default\extensions\engine@conduit.com [2011.08.03 09:07:07 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ii23qwue.default\extensions\en-US@dictionaries.addons.mozilla.org [2011.08.03 09:05:33 | 000,000,000 | ---D | M] (Diccionario de Español/España) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ii23qwue.default\extensions\es-es@dictionaries.addons.mozilla.org [2010.10.11 20:21:01 | 000,000,000 | ---D | M] ("QipCounter") -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ii23qwue.default\extensions\QipCounter@qip.ru [2010.05.05 13:30:54 | 000,000,000 | ---D | M] (RadioBar Toolbar) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ii23qwue.default\extensions\radiobar@toolbar [2011.01.23 23:49:41 | 000,000,000 | ---D | M] (vShare) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ii23qwue.default\extensions\vshare@toolbar [2011.01.20 18:44:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\wc0vcnln.default\extensions [2011.01.20 18:44:29 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\wc0vcnln.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2011.01.20 18:38:25 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\wc0vcnln.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.09.15 05:26:00 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-1.xml [2008.04.17 22:13:19 | 000,000,949 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-10.xml [2008.07.04 11:41:42 | 000,000,949 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-11.xml [2008.07.17 07:27:03 | 000,000,949 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-12.xml [2008.07.17 22:58:47 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-13.xml [2008.12.04 17:39:50 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-14.xml [2008.12.14 04:41:39 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-15.xml [2008.12.17 22:55:43 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-16.xml [2009.02.05 18:02:33 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-17.xml [2009.03.07 03:06:34 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-18.xml [2009.03.28 21:40:03 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-19.xml [2007.08.01 15:09:59 | 000,000,949 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-2.xml [2009.04.13 00:08:48 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-20.xml [2009.04.22 17:42:34 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-21.xml [2009.05.06 18:17:43 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-22.xml [2009.07.13 12:38:07 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-23.xml [2009.07.17 19:51:58 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-24.xml [2009.08.04 22:16:54 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-25.xml [2009.09.11 16:27:43 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-26.xml [2009.11.21 23:34:54 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-27.xml [2009.12.16 14:49:16 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-28.xml [2009.12.25 14:13:53 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-29.xml [2007.09.19 22:45:12 | 000,000,949 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-3.xml [2010.02.18 22:19:30 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-30.xml [2010.03.13 02:59:59 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-31.xml [2010.03.24 11:25:25 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-32.xml [2010.04.02 19:48:43 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-33.xml [2010.06.23 18:01:50 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-34.xml [2010.07.21 20:32:23 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-35.xml [2010.07.25 14:29:33 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-36.xml [2010.10.11 20:24:20 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-37.xml [2007.10.20 10:49:43 | 000,000,949 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-4.xml [2007.11.02 12:46:20 | 000,000,949 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-5.xml [2007.11.30 21:18:05 | 000,000,949 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-6.xml [2007.12.02 12:28:59 | 000,000,949 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-7.xml [2008.02.09 23:10:24 | 000,000,949 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-8.xml [2008.03.27 02:20:53 | 000,000,949 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-9.xml [2011.06.20 10:45:18 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin.gif [2011.06.20 10:45:18 | 000,000,618 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin.src [2008.11.18 14:56:02 | 000,000,944 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin.xml [2010.10.12 13:37:08 | 000,002,062 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\qip-search.xml [2011.01.23 23:49:49 | 000,001,583 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\web-search.xml [2011.09.15 05:25:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2008.12.04 17:39:45 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files (x86)\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2011.03.28 19:30:03 | 000,000,000 | ---D | M] (Babylon) -- C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com [2009.07.13 11:45:14 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES (X86)\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2011.09.08 01:36:27 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF [2008.05.13 03:50:42 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\msvcm80.dll [2008.05.13 03:50:42 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\msvcp80.dll [2008.05.13 03:50:42 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\msvcr80.dll [2011.04.12 09:55:08 | 000,167,704 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2010.03.13 02:59:41 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.03.13 02:59:41 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.03.13 02:59:41 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.03.13 02:59:41 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.03.13 02:59:41 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml Hosts file not found O2 - BHO: (CescrtHlpr Object) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (QipLI Class) - {6B5863A0-C43F-4C0A-982B-CC0E9125783F} - C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\qstatsrv.dll (TODO: <Company name>) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) O2 - BHO: (QIPBHO Class) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll (Babylon Ltd.) O3:64bit: - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - %SystemRoot%\system32\browseui.dll File not found O3:64bit: - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - %SystemRoot%\system32\browseui.dll File not found O3:64bit: - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - %SystemRoot%\system32\SHELL32.dll File not found O3:64bit: - HKCU\..\Toolbar\WebBrowser - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKCU..\Run: [QIP Internet Guardian] C:\Documents and Settings\Administrator\Application Data\QipGuard\QipGuard.exe () O4 - HKCU..\Run: [Steam] "h:\anwendungen\steam\steam.exe" -silent File not found O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\vpngui.exe.lnk = C:\WINDOWS\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\Administrator\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\Administrator\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000 File not found O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk () O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - %SystemRoot%\System32\mswsock.dll File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - %SystemRoot%\System32\winrnr.dll File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - %SystemRoot%\System32\mswsock.dll File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\system32\mswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\system32\mswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\system32\mswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\system32\mswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\system32\mswsock.dll File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKCU\..Trusted Domains: //@install.mar@/ ([]msni in My Computer) O15 - HKCU\..Trusted Domains: //@mail.mar@/ ([]msni in Local intranet) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1211483953078 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E4BE1B4F-485A-4A56-BFC5-6969417BFDC0}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll File not found O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll File not found O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found O18:64bit: - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found O18:64bit: - Protocol\Handler\http\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\http\oledb - No CLSID value found O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found O18:64bit: - Protocol\Handler\https\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\https\oledb - No CLSID value found O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll File not found O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - %SystemRoot%\system32\inetcomm.dll File not found O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll File not found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - %SystemRoot%\system32\mshtml.dll File not found O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll File not found O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found O18:64bit: - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll File not found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found O18:64bit: - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll File not found O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found O18:64bit: - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found O18:64bit: - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - %SystemRoot%\system32\SHELL32.dll File not found O18:64bit: - Protocol\Filter\text/xml - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - File not found O20:64bit: - HKLM Winlogon: UIHost - (%SystemRoot%\system32\logonui.exe) - File not found O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: System - (lsass.exe) - File not found O20 - HKLM Winlogon: UserInit - (userinit) -C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - File not found O20:64bit: - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - File not found O20:64bit: - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - File not found O20:64bit: - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - File not found O20:64bit: - Winlogon\Notify\dimsntfy: DllName - (dimsntfy.dll) - File not found O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found O20:64bit: - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - File not found O20:64bit: - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - File not found O20:64bit: - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - File not found O20:64bit: - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - File not found O20:64bit: - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - File not found O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - File not found O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - File not found O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - File not found O21:64bit: - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll File not found O21:64bit: - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll File not found O21:64bit: - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll File not found O21:64bit: - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll File not found O22:64bit: - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - %SystemRoot%\system32\browseui.dll File not found O22:64bit: - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - %SystemRoot%\system32\browseui.dll File not found O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Windows XP.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Windows XP.bmp O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll File not found O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{43c02d6a-9934-11dd-9219-0018f3fd278b}\Shell\AutoRun\command - "" = G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe O33 - MountPoints2\{43c02d6a-9934-11dd-9219-0018f3fd278b}\Shell\open\command - "" = G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe O33 - MountPoints2\{52bcf4c7-3176-11dd-ad7c-0018f3fd278b}\Shell\AutoRun\command - "" = RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe O33 - MountPoints2\{52bcf4c7-3176-11dd-ad7c-0018f3fd278b}\Shell\open\command - "" = RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe O33 - MountPoints2\{68947b47-4d1b-11dd-a2aa-0018f3fd278b}\Shell\AutoRun\command - "" = G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe O33 - MountPoints2\{68947b47-4d1b-11dd-a2aa-0018f3fd278b}\Shell\open\command - "" = G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.09.16 19:39:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes [2011.09.16 19:37:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.09.16 19:37:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2011.09.16 19:37:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.09.15 02:04:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\fight the virus [2011.09.08 01:36:26 | 000,041,184 | ---- | C] (AVAST Software) -- C:\windows\avastSS.scr [2011.08.30 19:24:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\PAP1 [4 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] [2 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ] [1 C:\Documents and Settings\Administrator\My Documents\*.tmp files -> C:\Documents and Settings\Administrator\My Documents\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.09.17 00:24:40 | 000,002,576 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\vpngui.exe.lnk [2011.09.17 00:24:31 | 000,002,048 | --S- | M] () -- C:\windows\bootstat.dat [2011.09.16 19:37:39 | 000,000,832 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011.09.16 17:08:28 | 000,099,328 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.09.15 02:11:47 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\Administrator\defogger_reenable [2011.09.15 02:09:48 | 000,000,970 | ---- | M] () -- C:\windows\imsins.BAK [2011.09.13 02:31:16 | 000,001,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk [2011.09.13 02:31:16 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\config.nt [2011.09.06 22:45:29 | 000,199,304 | ---- | M] (AVAST Software) -- C:\windows\SysWow64\aswBoot.exe [2011.09.06 22:45:29 | 000,041,184 | ---- | M] (AVAST Software) -- C:\windows\avastSS.scr [2011.09.02 19:28:22 | 000,000,116 | ---- | M] () -- C:\windows\NeroDigital.ini [2011.08.28 23:43:14 | 001,549,781 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\eBookReaderKompatibilitaetsliste_Onleihe[6].pdf [2011.08.28 23:41:53 | 001,549,781 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\eBookReaderKompatibilitaetsliste_Onleihe[5].pdf [2011.08.28 23:37:41 | 001,549,781 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\eBookReaderKompatibilitaetsliste_Onleihe[4].pdf [2011.08.28 23:34:06 | 001,526,924 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\eBookReaderKompatibilitaetsliste_Onleihe[3].pdf [2011.08.28 23:29:27 | 001,549,781 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\eBookReaderKompatibilitaetsliste_Onleihe[2].pdf [2011.08.27 15:47:08 | 000,000,296 | ---- | M] () -- C:\windows\tasks\AppleSoftwareUpdate.job [4 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] [2 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ] [1 C:\Documents and Settings\Administrator\My Documents\*.tmp files -> C:\Documents and Settings\Administrator\My Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.09.16 19:37:39 | 000,000,832 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011.09.15 02:11:47 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\Administrator\defogger_reenable [2011.08.28 23:42:46 | 001,549,781 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\eBookReaderKompatibilitaetsliste_Onleihe[6].pdf [2011.08.28 23:41:23 | 001,549,781 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\eBookReaderKompatibilitaetsliste_Onleihe[5].pdf [2011.08.28 23:36:53 | 001,549,781 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\eBookReaderKompatibilitaetsliste_Onleihe[4].pdf [2011.08.28 23:30:42 | 001,526,924 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\eBookReaderKompatibilitaetsliste_Onleihe[3].pdf [2011.08.28 23:28:16 | 001,549,781 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\eBookReaderKompatibilitaetsliste_Onleihe[2].pdf [2011.06.25 20:57:10 | 006,904,040 | ---- | C] () -- C:\windows\SysWow64\SpoonUninstall.exe [2011.06.25 20:57:10 | 000,017,838 | ---- | C] () -- C:\windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat [2011.02.11 23:23:34 | 000,053,299 | ---- | C] () -- C:\windows\SysWow64\pthreadVC.dll [2010.12.26 00:07:35 | 000,158,544 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [2010.08.04 00:45:46 | 000,066,872 | ---- | C] () -- C:\windows\SysWow64\PnkBstrA.exe [2010.08.04 00:45:41 | 000,103,736 | ---- | C] () -- C:\windows\SysWow64\PnkBstrB.exe [2010.05.12 15:43:50 | 000,043,520 | ---- | C] () -- C:\windows\SysWow64\CmdLineExt03.dll [2010.04.19 22:54:07 | 000,000,280 | ---- | C] () -- C:\Program Files (x86)\Verknüpfung mit Daten (D).lnk [2010.04.17 19:09:10 | 000,000,035 | ---- | C] () -- C:\windows\WorldBuilder.INI [2010.02.18 03:23:44 | 000,001,180 | ---- | C] () -- C:\windows\eReg.dat [2010.01.04 11:21:28 | 000,001,723 | ---- | C] () -- C:\windows\TSearch.INI [2009.12.25 14:25:58 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\$_hpcst$.hpc [2009.11.05 04:33:15 | 000,000,020 | ---- | C] () -- C:\windows\powerplayer.ini [2009.11.05 04:32:03 | 000,000,149 | ---- | C] () -- C:\windows\psnetwork.ini [2009.08.02 01:12:22 | 000,000,000 | ---- | C] () -- C:\windows\EEventManager.INI [2009.08.01 18:14:28 | 000,000,025 | ---- | C] () -- C:\windows\CDE V30V300DEFGIPSRUk.ini [2009.05.28 01:46:16 | 000,000,016 | -H-- | C] () -- C:\Documents and Settings\Administrator\Application Data\mxfilerelatedcache.mxc2 [2009.05.07 00:19:26 | 000,000,029 | ---- | C] () -- C:\windows\DEBUGSM.INI [2009.05.06 20:14:15 | 000,111,932 | ---- | C] () -- C:\windows\SysWow64\EPPICPrinterDB.dat [2009.05.06 20:14:15 | 000,031,053 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern131.dat [2009.05.06 20:14:15 | 000,027,417 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern121.dat [2009.05.06 20:14:15 | 000,026,154 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern1.dat [2009.05.06 20:14:15 | 000,024,903 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern3.dat [2009.05.06 20:14:15 | 000,021,390 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern5.dat [2009.05.06 20:14:15 | 000,020,148 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern2.dat [2009.05.06 20:14:15 | 000,011,811 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern4.dat [2009.05.06 20:14:15 | 000,004,943 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern6.dat [2009.05.06 20:14:15 | 000,001,146 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_DU.dat [2009.05.06 20:14:15 | 000,001,139 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_PT.dat [2009.05.06 20:14:15 | 000,001,139 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_BP.dat [2009.05.06 20:14:15 | 000,001,136 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_ES.dat [2009.05.06 20:14:15 | 000,001,129 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_FR.dat [2009.05.06 20:14:15 | 000,001,129 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_CF.dat [2009.05.06 20:14:15 | 000,001,120 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_IT.dat [2009.05.06 20:14:15 | 000,001,107 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_GE.dat [2009.05.06 20:14:15 | 000,001,104 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_EN.dat [2009.05.06 20:14:15 | 000,000,097 | ---- | C] () -- C:\windows\SysWow64\PICSDK.ini [2009.05.06 20:08:46 | 000,000,025 | ---- | C] () -- C:\windows\CDE ESP1400Euro.ini [2009.04.18 19:00:48 | 000,000,013 | ---- | C] () -- C:\windows\msgtn.ini [2009.03.03 14:06:48 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat [2009.01.14 17:11:57 | 000,314,427 | ---- | C] () -- C:\windows\War3Unin.dat [2008.12.21 05:48:24 | 001,278,464 | ---- | C] () -- C:\windows\SysWow64\quartz.dll [2008.10.09 22:13:00 | 000,000,016 | -H-- | C] () -- C:\Program Files (x86)\Common Files\mxfilerelatedcache.mxc2 [2008.10.09 11:53:03 | 000,000,046 | ---- | C] () -- C:\windows\Goya.INI [2008.09.07 18:49:02 | 000,000,016 | -H-- | C] () -- C:\Program Files\mxfilerelatedcache.mxc2 [2008.09.07 18:49:02 | 000,000,016 | -H-- | C] () -- C:\Program Files (x86)\mxfilerelatedcache.mxc2 [2008.06.18 18:24:46 | 000,000,116 | ---- | C] () -- C:\windows\NeroDigital.ini [2008.06.14 00:24:12 | 000,089,312 | ---- | C] () -- C:\windows\SysWow64\acedrv09.dll [2008.06.14 00:17:06 | 000,010,240 | ---- | C] () -- C:\windows\SysWow64\vidx16.dll [2008.06.14 00:02:00 | 000,006,768 | ---- | C] () -- C:\windows\mgxoschk.ini [2008.06.13 23:58:11 | 000,000,400 | ---- | C] () -- C:\windows\ODBC.INI [2008.06.02 22:52:00 | 000,000,034 | ---- | C] () -- C:\windows\cdplayer.ini [2008.05.23 05:15:09 | 000,002,048 | --S- | C] () -- C:\windows\bootstat.dat [2008.05.22 21:58:17 | 000,004,161 | ---- | C] () -- C:\windows\ODBCINST.INI [2008.05.22 20:42:39 | 000,010,288 | ---- | C] () -- C:\windows\SysWow64\drivers\ASUSHWIO.SYS [2008.05.22 20:42:25 | 000,765,952 | ---- | C] () -- C:\windows\SysWow64\xvidcore.dll [2008.05.22 20:42:25 | 000,180,224 | ---- | C] () -- C:\windows\SysWow64\xvidvfw.dll [2008.05.22 20:42:11 | 003,596,288 | ---- | C] () -- C:\windows\SysWow64\qt-dx331.dll [2008.05.22 20:42:10 | 000,198,656 | ---- | C] () -- C:\windows\SysWow64\psisdecd.dll [2008.05.22 20:42:09 | 001,150,342 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI [2008.05.22 20:41:48 | 000,831,488 | ---- | C] () -- C:\windows\SysWow64\divx_xx0a.dll [2008.05.22 20:41:48 | 000,012,288 | ---- | C] () -- C:\windows\SysWow64\DivXWMPExtType.dll [2008.05.22 20:41:41 | 000,663,552 | ---- | C] () -- C:\windows\SysWow64\ati2saag.exe [2008.05.22 20:41:30 | 000,000,166 | ---- | C] () -- C:\windows\wininit.ini [2008.05.22 20:41:26 | 000,000,000 | ---- | C] () -- C:\windows\nsreg.dat [2008.05.22 20:41:23 | 000,007,867 | ---- | C] () -- C:\windows\Irremote.ini [2008.05.22 20:41:21 | 000,021,209 | ---- | C] () -- C:\windows\Ascd_tmp.ini [2008.05.22 20:41:21 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin [2008.05.22 20:33:00 | 000,099,328 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.05.22 20:29:12 | 000,004,886 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\amjmwaey.gaf [2008.05.22 20:29:12 | 000,001,767 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache [2007.10.25 18:26:10 | 000,005,632 | ---- | C] () -- C:\windows\SysWow64\drivers\StarOpen.sys [2007.06.19 08:59:36 | 000,070,400 | ---- | C] () -- C:\windows\SysWow64\PhysXLoader.dll [2007.04.20 07:57:30 | 000,053,248 | ---- | C] () -- C:\windows\SysWow64\AgCPanelTraditionalChinese.dll [2007.04.20 07:57:28 | 000,053,248 | ---- | C] () -- C:\windows\SysWow64\AgCPanelSwedish.dll [2007.04.20 07:57:28 | 000,053,248 | ---- | C] () -- C:\windows\SysWow64\AgCPanelSpanish.dll [2007.04.20 07:57:28 | 000,053,248 | ---- | C] () -- C:\windows\SysWow64\AgCPanelSimplifiedChinese.dll [2007.04.20 07:57:28 | 000,053,248 | ---- | C] () -- C:\windows\SysWow64\AgCPanelPortugese.dll [2007.04.20 07:57:28 | 000,053,248 | ---- | C] () -- C:\windows\SysWow64\AgCPanelKorean.dll [2007.04.20 07:57:28 | 000,053,248 | ---- | C] () -- C:\windows\SysWow64\AgCPanelJapanese.dll [2007.04.20 07:57:28 | 000,053,248 | ---- | C] () -- C:\windows\SysWow64\AgCPanelGerman.dll [2007.04.20 07:57:28 | 000,053,248 | ---- | C] () -- C:\windows\SysWow64\AgCPanelFrench.dll [2006.04.04 14:00:00 | 000,733,696 | ---- | C] () -- C:\windows\SysWow64\qedwipes.dll [2006.04.04 14:00:00 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat [2006.04.04 14:00:00 | 000,512,512 | ---- | C] () -- C:\windows\SysWow64\qedit.dll [2006.04.04 14:00:00 | 000,498,742 | ---- | C] () -- C:\windows\SysWow64\dxmasf.dll [2006.04.04 14:00:00 | 000,396,288 | ---- | C] () -- C:\windows\SysWow64\encdec.dll [2006.04.04 14:00:00 | 000,385,536 | ---- | C] () -- C:\windows\SysWow64\qdvd.dll [2006.04.04 14:00:00 | 000,355,112 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll [2006.04.04 14:00:00 | 000,279,040 | ---- | C] () -- C:\windows\SysWow64\qdv.dll [2006.04.04 14:00:00 | 000,276,992 | ---- | C] () -- C:\windows\SysWow64\sbe.dll [2006.04.04 14:00:00 | 000,199,168 | ---- | C] () -- C:\windows\SysWow64\ir32_32.dll [2006.04.04 14:00:00 | 000,192,512 | ---- | C] () -- C:\windows\SysWow64\qcap.dll [2006.04.04 14:00:00 | 000,114,688 | ---- | C] () -- C:\windows\SysWow64\msencode.dll [2006.04.04 14:00:00 | 000,072,704 | ---- | C] () -- C:\windows\SysWow64\amstream.dll [2006.04.04 14:00:00 | 000,062,464 | ---- | C] () -- C:\windows\SysWow64\mciqtz32.dll [2006.04.04 14:00:00 | 000,061,440 | ---- | C] () -- C:\windows\SysWow64\devenum.dll [2006.04.04 14:00:00 | 000,055,808 | ---- | C] () -- C:\windows\SysWow64\dvdplay.exe [2006.04.04 14:00:00 | 000,046,907 | ---- | C] () -- C:\windows\mib.bin [2006.04.04 14:00:00 | 000,016,896 | ---- | C] () -- C:\windows\SysWow64\tsd32.dll [2006.04.04 14:00:00 | 000,014,336 | ---- | C] () -- C:\windows\SysWow64\msdmo.dll [2006.04.04 14:00:00 | 000,012,498 | ---- | C] () -- C:\windows\SysWow64\append.exe [2006.04.04 14:00:00 | 000,004,126 | ---- | C] () -- C:\windows\SysWow64\msdxmlc.dll [2006.04.04 14:00:00 | 000,001,129 | ---- | C] () -- C:\windows\SysWow64\vwipxspx.exe [2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\windows\SysWow64\OUTLPERF.INI ========== LOP Check ========== [2010.10.19 20:25:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\2K Sports [2011.03.29 15:46:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BabylonToolbar [2011.06.25 21:28:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\dBpoweramp [2011.01.20 18:38:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DVDVideoSoftIEHelpers [2008.05.22 20:35:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Easy Thumbnails [2009.08.16 14:07:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\EPSON [2010.05.29 21:58:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Facebook [2009.05.26 20:20:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Gamelab [2008.05.22 20:35:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GetRightToGo [2011.07.08 13:19:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\gtk-2.0 [2008.12.27 01:21:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Helios [2008.05.22 20:35:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ICQ Toolbar [2008.05.22 20:35:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ICQLite [2011.02.12 17:13:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ID3-TagIT 3 [2010.10.07 13:29:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Leadertech [2008.10.31 19:30:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MAGIX [2008.05.22 20:35:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Miranda [2009.12.26 14:48:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\NCH Swift Sound [2009.02.15 01:29:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OpenOffice.org [2009.11.05 04:16:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ppstream [2011.07.31 20:26:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PriceGong [2009.12.25 14:10:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\QIP [2010.10.12 13:37:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\QipGuard [2009.12.25 14:25:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Samsung [2011.01.03 05:12:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Teeworlds [2009.07.13 12:38:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Thunderbird [2008.05.22 20:35:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Tobit [2008.05.22 20:35:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Ulead Systems [2011.07.09 02:30:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent [2010.03.26 17:32:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Vivox [2011.02.05 19:59:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\wargaming.net [2008.05.22 20:35:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Xilisoft Corporation [2010.02.28 23:21:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software [2010.08.07 13:57:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess [2009.05.06 20:07:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON [2008.05.22 20:30:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FREEDB [2008.12.04 17:39:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICQ [2008.05.22 21:16:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ID3-TagIT 3 [2010.09.29 18:01:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\KONAMI [2009.01.01 18:04:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Last.fm [2008.10.31 19:30:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MAGIX [2010.04.25 10:36:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound [2008.05.22 20:29:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap [2011.07.25 15:45:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Redirected [2009.05.26 20:32:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2009.05.06 20:16:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL [2008.05.22 20:29:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems [2011.09.16 22:44:03 | 000,032,604 | ---- | M] () -- C:\windows\Tasks\SchedLgU.Txt ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F50F1555 < End of report > 2. teil kommt gleich... |
|
17.09.2011, 02:17
| #6 |
| | avast - PC-Neustart bei überprüfung "starten" button klick, virusbefall? OTL extras OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 17.09.2011 00:27:14 - Run 2
OTL by OldTimer - Version 3.2.28.0 Folder = C:\Documents and Settings\Administrator\Desktop\fight the virus
64bit-Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,31 Gb Available Physical Memory | 65,31% Memory free
3,87 Gb Paging File | 3,42 Gb Available in Paging File | 88,42% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48,83 Gb Total Space | 1,62 Gb Free Space | 3,32% Space Free | Partition Type: NTFS
Drive D: | 184,05 Gb Total Space | 23,68 Gb Free Space | 12,87% Space Free | Partition Type: NTFS
Computer Name: XYJLT4GFLO6VZAN | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.inf [@ = inffile] -- %SystemRoot%\System32\NOTEPAD.EXE %1
.ini [@ = inifile] -- %SystemRoot%\System32\NOTEPAD.EXE %1
.js [@ = JSFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.jse [@ = JSEFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.txt [@ = txtfile] -- %SystemRoot%\system32\NOTEPAD.EXE %1
.vbe [@ = VBEFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.vbs [@ = VBSFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.wsf [@ = WSFFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.wsh [@ = WSHFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1"
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4"
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "G:\Anwendungen\vlc\vlc.exe" --started-from-file --playlist-enqueue "%1"
Directory [compress] -- N:\Anwendungen\KGB Archiver\kgb_arch_compress.exe "%1\"
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [ID3-TagIT] -- "C:\Program Files (x86)\ID3-TagIT 3\ID3-TagIT.exe" "/P=%1" ( )
Directory [PlayWithVLC] -- "G:\Anwendungen\vlc\vlc.exe" --started-from-file --no-playlist-enqueue "%1"
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "G:\Anwendungen\vlc\vlc.exe" --started-from-file --playlist-enqueue "%1"
Directory [compress] -- N:\Anwendungen\KGB Archiver\kgb_arch_compress.exe "%1\"
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [ID3-TagIT] -- "C:\Program Files (x86)\ID3-TagIT 3\ID3-TagIT.exe" "/P=%1" ( )
Directory [PlayWithVLC] -- "G:\Anwendungen\vlc\vlc.exe" --started-from-file --no-playlist-enqueue "%1"
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
========== System Restore Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"C:\Program Files (x86)\ICQ6\ICQ.exe" = C:\Program Files (x86)\ICQ6\ICQ.exe:*:Enabled:ICQ6
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" = C:\Program Files (x86)\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files (x86)\TVUPlayer\TVUPlayer.exe" = C:\Program Files (x86)\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component -- (TVU networks)
"C:\Program Files (x86)\Nero\Nero 7\Nero Home\NeroHome.exe" = C:\Program Files (x86)\Nero\Nero 7\Nero Home\NeroHome.exe:*:Enabled:Nero Home -- (Nero AG)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files (x86)\KONAMI\Pro Evolution Soccer 2009\pes2009.exe" = C:\Program Files (x86)\KONAMI\Pro Evolution Soccer 2009\pes2009.exe:*:Enabled:Pro Evolution Soccer 2009
"C:\Program Files (x86)\SopCast\adv\SopAdver.exe" = C:\Program Files (x86)\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
"C:\Program Files (x86)\SopCast\SopCast.exe" = C:\Program Files (x86)\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
"C:\Program Files (x86)\TVAnts\Tvants.exe" = C:\Program Files (x86)\TVAnts\Tvants.exe:*:Enabled:TVAnts -- (Zhejiang University)
"C:\Program Files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe" = C:\Program Files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe:LocalSubNet:Enabled:Magix UPnP Service -- (Magix AG)
"D:\Program Files (x86)\Warcraft III\Frozen Throne.exe" = D:\Program Files (x86)\Warcraft III\Frozen Throne.exe:*:Enabled:Frozen Throne.exe -- (Blizzard Entertainment)
"C:\Program Files (x86)\Garena\Garena.exe" = C:\Program Files (x86)\Garena\Garena.exe:*:Enabled:Garena
"C:\Program Files\Adobe\Adobe Photoshop CS4 (64 Bit)\Photoshop.exe" = C:\Program Files\Adobe\Adobe Photoshop CS4 (64 Bit)\Photoshop.exe:*:Enabled:Photoshop.exe
"D:\***\Steam\steamapps\common\nba 2k9\nba2k9.exe" = D:\***\Steam\steamapps\common\nba 2k9\nba2k9.exe:*:Enabled:NBA 2K9
"C:\Program Files (x86)\PPStream\PPStream.exe" = C:\Program Files (x86)\PPStream\PPStream.exe:*:Enabled:PPStream -- (PPStream Inc.)
"C:\Program Files (x86)\PPStream\PPSAP.exe" = C:\Program Files (x86)\PPStream\PPSAP.exe:*:Enabled:PPS ÍøÂç¼ÓËÙÆ÷
"H:\N-Bombe!\pro evo\pes2009.exe" = H:\N-Bombe!\pro evo\pes2009.exe:*:Enabled:Pro Evolution Soccer 2009
"C:\Documents and Settings\Administrator\Desktop\pes2009.exe" = C:\Documents and Settings\Administrator\Desktop\pes2009.exe:*:Enabled:Pro Evolution Soccer 2009
"H:\N-Bombe!\Cyanide GameCenter\GameCenter\GameCenter.exe" = H:\N-Bombe!\Cyanide GameCenter\GameCenter\GameCenter.exe:*:Enabled:GameCenter
"H:\N-Bombe!\Medal of Honor\Airborne\UnrealEngine3\Binaries\MOHA.exe" = H:\N-Bombe!\Medal of Honor\Airborne\UnrealEngine3\Binaries\MOHA.exe:*:Enabled:Medal of Honor Airborne
"H:\Anwendungen\gamecenter\GameCenter\GameCenter.exe" = H:\Anwendungen\gamecenter\GameCenter\GameCenter.exe:*:Enabled:GameCenter
"H:\Anwendungen\Steam\SteamApps\bushmesser\pirates, vikings, and knights ii\hl2.exe" = H:\Anwendungen\Steam\SteamApps\bushmesser\pirates, vikings, and knights ii\hl2.exe:*:Enabled:Pirates, Vikings, & Knights II
"H:\Shortcuts\pes2009.exe" = H:\Shortcuts\pes2009.exe:*:Enabled:Pro Evolution Soccer 2009
"H:\Anwendungen\Steam\SteamApps\bushmesser\day of defeat source\hl2.exe" = H:\Anwendungen\Steam\SteamApps\bushmesser\day of defeat source\hl2.exe:*:Enabled:Day of Defeat: Source
"H:\Anwendungen\Steam\SteamApps\bushmesser\counter-strike source\hl2.exe" = H:\Anwendungen\Steam\SteamApps\bushmesser\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source
"C:0\N-Bombe!\pro evo\pes2009.exe" = C:0\N-Bombe!\pro evo\pes2009.exe:*:Enabled:Pro Evolution Soccer 2009
"L:\N-Bombe!\pro evo\pes2009.exe" = L:\N-Bombe!\pro evo\pes2009.exe:*:Enabled:Pro Evolution Soccer 2009
"C:0\Anwendungen\Steam\SteamApps\bushmesser\day of defeat source\hl2.exe" = C:0\Anwendungen\Steam\SteamApps\bushmesser\day of defeat source\hl2.exe:*:Enabled:Day of Defeat: Source
"C:0\Anwendungen\Steam\SteamApps\bushmesser\counter-strike source\hl2.exe" = C:0\Anwendungen\Steam\SteamApps\bushmesser\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source
"L:\N-Bombe!\Pro Evo 2011\pes2011.exe" = L:\N-Bombe!\Pro Evo 2011\pes2011.exe:*:Enabled:Pro Evolution Soccer 2011
"L:\N-Bombe!\NBA 2k11\nba2k11.exe" = L:\N-Bombe!\NBA 2k11\nba2k11.exe:*:Enabled:NBA 2K11
"L:\Anwendungen\Steam\SteamApps\bushmesser\pirates, vikings, and knights ii\hl2.exe" = L:\Anwendungen\Steam\SteamApps\bushmesser\pirates, vikings, and knights ii\hl2.exe:*:Enabled:Pirates, Vikings, & Knights II
"L:\Anwendungen\Steam\SteamApps\common\alien swarm\swarm.exe" = L:\Anwendungen\Steam\SteamApps\common\alien swarm\swarm.exe:*:Enabled:Alien Swarm
"L:\Anwendungen\Steam\SteamApps\bushmesser\day of defeat source\hl2.exe" = L:\Anwendungen\Steam\SteamApps\bushmesser\day of defeat source\hl2.exe:*:Enabled:Day of Defeat: Source
"L:\Anwendungen\Steam\SteamApps\bushmesser\counter-strike source\hl2.exe" = L:\Anwendungen\Steam\SteamApps\bushmesser\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source
"N:\N-Bombe!\Pro Evo 2011\pes2011.exe" = N:\N-Bombe!\Pro Evo 2011\pes2011.exe:*:Enabled:Pro Evolution Soccer 2011
"N:\Anwendungen\Steam\SteamApps\common\alien swarm\swarm.exe" = N:\Anwendungen\Steam\SteamApps\common\alien swarm\swarm.exe:*:Enabled:Alien Swarm
"N:\Anwendungen\Steam\SteamApps\bushmesser\counter-strike source\hl2.exe" = N:\Anwendungen\Steam\SteamApps\bushmesser\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source
"N:\Anwendungen\Steam\SteamApps\bushmesser\day of defeat source\hl2.exe" = N:\Anwendungen\Steam\SteamApps\bushmesser\day of defeat source\hl2.exe:*:Enabled:Day of Defeat: Source
"N:\Anwendungen\gamecenter\GameCenter(neu)\GameCenter.exe" = N:\Anwendungen\gamecenter\GameCenter(neu)\GameCenter.exe:*:Enabled:GameCenter
"N:\N-Bombe!\company of heroes\RelicCOH.exe" = N:\N-Bombe!\company of heroes\RelicCOH.exe:*:Enabled:Company of Heroes
"N:\N-Bombe!\company of heroes\RelicDownloader\RelicDownloader.exe" = N:\N-Bombe!\company of heroes\RelicDownloader\RelicDownloader.exe:*:Enabled:Relic Downloader
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"C:\Program Files (x86)\ICQ6\ICQ.exe" = C:\Program Files (x86)\ICQ6\ICQ.exe:*:Enabled:ICQ6
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" = C:\Program Files (x86)\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files (x86)\TVUPlayer\TVUPlayer.exe" = C:\Program Files (x86)\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component -- (TVU networks)
"C:\Program Files (x86)\Nero\Nero 7\Nero Home\NeroHome.exe" = C:\Program Files (x86)\Nero\Nero 7\Nero Home\NeroHome.exe:*:Enabled:Nero Home -- (Nero AG)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files (x86)\KONAMI\Pro Evolution Soccer 2009\pes2009.exe" = C:\Program Files (x86)\KONAMI\Pro Evolution Soccer 2009\pes2009.exe:*:Enabled:Pro Evolution Soccer 2009
"C:\Program Files (x86)\SopCast\adv\SopAdver.exe" = C:\Program Files (x86)\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
"C:\Program Files (x86)\SopCast\SopCast.exe" = C:\Program Files (x86)\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
"C:\Program Files (x86)\TVAnts\Tvants.exe" = C:\Program Files (x86)\TVAnts\Tvants.exe:*:Enabled:TVAnts -- (Zhejiang University)
"C:\Program Files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe" = C:\Program Files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe:LocalSubNet:Enabled:Magix UPnP Service -- (Magix AG)
"D:\Program Files (x86)\Warcraft III\Frozen Throne.exe" = D:\Program Files (x86)\Warcraft III\Frozen Throne.exe:*:Enabled:Frozen Throne.exe -- (Blizzard Entertainment)
"C:\Program Files (x86)\Garena\Garena.exe" = C:\Program Files (x86)\Garena\Garena.exe:*:Enabled:Garena
"C:\Program Files\Adobe\Adobe Photoshop CS4 (64 Bit)\Photoshop.exe" = C:\Program Files\Adobe\Adobe Photoshop CS4 (64 Bit)\Photoshop.exe:*:Enabled:Photoshop.exe
"D:\***\Steam\steamapps\common\nba 2k9\nba2k9.exe" = D:\***\Steam\steamapps\common\nba 2k9\nba2k9.exe:*:Enabled:NBA 2K9
"C:\Program Files (x86)\PPStream\PPStream.exe" = C:\Program Files (x86)\PPStream\PPStream.exe:*:Enabled:PPStream -- (PPStream Inc.)
"C:\Program Files (x86)\PPStream\PPSAP.exe" = C:\Program Files (x86)\PPStream\PPSAP.exe:*:Enabled:PPS ÍøÂç¼ÓËÙÆ÷
"H:\N-Bombe!\pro evo\pes2009.exe" = H:\N-Bombe!\pro evo\pes2009.exe:*:Enabled:Pro Evolution Soccer 2009
"C:\Documents and Settings\Administrator\Desktop\pes2009.exe" = C:\Documents and Settings\Administrator\Desktop\pes2009.exe:*:Enabled:Pro Evolution Soccer 2009
"H:\N-Bombe!\Cyanide GameCenter\GameCenter\GameCenter.exe" = H:\N-Bombe!\Cyanide GameCenter\GameCenter\GameCenter.exe:*:Enabled:GameCenter
"H:\N-Bombe!\Medal of Honor\Airborne\UnrealEngine3\Binaries\MOHA.exe" = H:\N-Bombe!\Medal of Honor\Airborne\UnrealEngine3\Binaries\MOHA.exe:*:Enabled:Medal of Honor Airborne
"H:\Anwendungen\gamecenter\GameCenter\GameCenter.exe" = H:\Anwendungen\gamecenter\GameCenter\GameCenter.exe:*:Enabled:GameCenter
"H:\Anwendungen\Steam\SteamApps\bushmesser\pirates, vikings, and knights ii\hl2.exe" = H:\Anwendungen\Steam\SteamApps\bushmesser\pirates, vikings, and knights ii\hl2.exe:*:Enabled:Pirates, Vikings, & Knights II
"H:\Shortcuts\pes2009.exe" = H:\Shortcuts\pes2009.exe:*:Enabled:Pro Evolution Soccer 2009
"H:\Anwendungen\Steam\SteamApps\bushmesser\day of defeat source\hl2.exe" = H:\Anwendungen\Steam\SteamApps\bushmesser\day of defeat source\hl2.exe:*:Enabled:Day of Defeat: Source
"H:\Anwendungen\Steam\SteamApps\bushmesser\counter-strike source\hl2.exe" = H:\Anwendungen\Steam\SteamApps\bushmesser\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source
"C:0\N-Bombe!\pro evo\pes2009.exe" = C:0\N-Bombe!\pro evo\pes2009.exe:*:Enabled:Pro Evolution Soccer 2009
"L:\N-Bombe!\pro evo\pes2009.exe" = L:\N-Bombe!\pro evo\pes2009.exe:*:Enabled:Pro Evolution Soccer 2009
"C:0\Anwendungen\Steam\SteamApps\bushmesser\day of defeat source\hl2.exe" = C:0\Anwendungen\Steam\SteamApps\bushmesser\day of defeat source\hl2.exe:*:Enabled:Day of Defeat: Source
"C:0\Anwendungen\Steam\SteamApps\bushmesser\counter-strike source\hl2.exe" = C:0\Anwendungen\Steam\SteamApps\bushmesser\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source
"L:\N-Bombe!\Pro Evo 2011\pes2011.exe" = L:\N-Bombe!\Pro Evo 2011\pes2011.exe:*:Enabled:Pro Evolution Soccer 2011
"L:\N-Bombe!\NBA 2k11\nba2k11.exe" = L:\N-Bombe!\NBA 2k11\nba2k11.exe:*:Enabled:NBA 2K11
"L:\Anwendungen\Steam\SteamApps\bushmesser\pirates, vikings, and knights ii\hl2.exe" = L:\Anwendungen\Steam\SteamApps\bushmesser\pirates, vikings, and knights ii\hl2.exe:*:Enabled:Pirates, Vikings, & Knights II
"L:\Anwendungen\Steam\SteamApps\common\alien swarm\swarm.exe" = L:\Anwendungen\Steam\SteamApps\common\alien swarm\swarm.exe:*:Enabled:Alien Swarm
"L:\Anwendungen\Steam\SteamApps\bushmesser\day of defeat source\hl2.exe" = L:\Anwendungen\Steam\SteamApps\bushmesser\day of defeat source\hl2.exe:*:Enabled:Day of Defeat: Source
"L:\Anwendungen\Steam\SteamApps\bushmesser\counter-strike source\hl2.exe" = L:\Anwendungen\Steam\SteamApps\bushmesser\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source
"N:\N-Bombe!\Pro Evo 2011\pes2011.exe" = N:\N-Bombe!\Pro Evo 2011\pes2011.exe:*:Enabled:Pro Evolution Soccer 2011
"N:\Anwendungen\Steam\SteamApps\common\alien swarm\swarm.exe" = N:\Anwendungen\Steam\SteamApps\common\alien swarm\swarm.exe:*:Enabled:Alien Swarm
"N:\Anwendungen\Steam\SteamApps\bushmesser\counter-strike source\hl2.exe" = N:\Anwendungen\Steam\SteamApps\bushmesser\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source
"N:\Anwendungen\Steam\SteamApps\bushmesser\day of defeat source\hl2.exe" = N:\Anwendungen\Steam\SteamApps\bushmesser\day of defeat source\hl2.exe:*:Enabled:Day of Defeat: Source
"N:\Anwendungen\gamecenter\GameCenter(neu)\GameCenter.exe" = N:\Anwendungen\gamecenter\GameCenter(neu)\GameCenter.exe:*:Enabled:GameCenter
"N:\N-Bombe!\company of heroes\RelicCOH.exe" = N:\N-Bombe!\company of heroes\RelicCOH.exe:*:Enabled:Company of Heroes
"N:\N-Bombe!\company of heroes\RelicDownloader\RelicDownloader.exe" = N:\N-Bombe!\company of heroes\RelicDownloader\RelicDownloader.exe:*:Enabled:Relic Downloader
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290
"{56176A38-C8EE-D502-EB75-E2F67F0B936D}" = ccc-utility64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB3}" = Paint.NET v3.5.8
"{9ED333F8-3E6C-4A38-BAFA-728454121CDA}" = PDF-XChange Viewer
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}" = Microsoft Xbox 360 Accessories 1.2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0300D4E-9907-46B1-BB5D-552FD226F975}" = Microsoft Windows German User Interface Pack
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F7855754-13F5-426B-B090-5875FAFF1B20}" = Windows Presentation Foundation x64
"53F13DB4D9611FD63BE580F06F0729BF236ABE68" = Windows-Treiberpaket - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"ATI Display Driver" = ATI Display Driver
"CCleaner" = CCleaner
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"IE7-MUI" = Windows Internet Explorer 7 Multilingual User Interface (MUI)
"ie8" = Windows Internet Explorer 8
"IE8-MUI" = Windows Internet Explorer 8 Multilingual User Interface (MUI)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows x64
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows x64 Service Pack" = Windows XP Service Pack 2
"WMFDist11-64" = Windows Media Format 11 runtime
"wmp11-64" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0A9C9BD5-8588-40D4-8A1A-860E3D2ED6EE}" = NBA 2K10
"{0DEA94ED-915A-4834-A87E-388D012C8E02}" = Medal of Honor Allied Assault
"{1148E85C-E1AF-48E0-A29C-68DACE07E054}" = Pro Evolution Soccer 2011
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.6
"{1B0270F4-8A5B-1A7E-3383-F3EE78D88D2C}" = Catalyst Control Center Graphics Full Existing
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks closed Beta v.0.6.2.8
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20533183-D42D-4261-A125-956736FBEA8C}" = Dawn of War - Soulstorm
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{23170F69-40C1-2701-0457-000001000000}" = 7-Zip 4.57
"{2410E4CB-C330-4887-9B15-735D4AF322BF}" = Audiograbber
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{25F28E39-FDBB-11DB-8314-0800200C9A66}" = Medal of Honor Airborne
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 14
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2C33251F-B043-50FE-6CFB-593EDA5D2177}" = CCC Help English
"{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager
"{2F173C40-563E-11D4-89C5-0010ADDAAC33}" = EA.com Matchup
"{311F15FD-612F-448F-CD77-5809C9972D66}" = Catalyst Control Center Graphics Light
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}" = Skype Plugin Manager
"{47E16407-05D3-4D2A-B2B9-C30700B7C2AD}" = LogMeIn Hamachi
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4F65F21E-9487-D78D-B611-F3E3EC19AE0B}" = Catalyst Control Center Graphics Previews Common
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{531F0013-964C-4BE6-B382-4117DC8BCDF9}" = ArcSoft MediaImpression
"{56CFA833-F44F-4199-8C58-7F8B38F2BC7B}" = Medal of Honor Pacific Assault(tm)
"{56F150D4-EA0F-415A-8F08-A4F17B782BCC}" = GlobeDigital
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5D137417-EB27-2854-E333-F101FF3E8618}" = Catalyst Control Center Core Implementation
"{65F1CF63-31E0-450B-96F3-4A88BE7361A6}" = AGEIA PhysX v7.07.09
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B01F925-D711-A60E-4F88-8C510D9A23B6}" = Catalyst Control Center Graphics Full New
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7914BE1E-F186-4790-B8F4-9F63C52A41C1}" = Medal of Honor Allied Assault(tm) Spearhead
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7EC19307-7C22-47A8-922B-3FA965291260}" = OpenOffice.org 3.0
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{81DD0597-29EB-4FA0-8223-4F41362B2E72}" = NBA 2K11
"{823A68CC-3049-4A6B-8F63-7DC85E4BB1C9}" = Medal of Honor Allied Assault(tm) Breakthrough
"{83F12F73-D52E-40C0-93B1-463C311C4E17}" = Dawn Of War
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8DAC1AE4-33D1-4A78-8A42-00E09EDECC3E}" = Camera RAW Plug-In for EPSON Creativity Suite
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{9275FB4D-60D8-A842-C694-F91A0B01E5EC}" = Skins
"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AA761E6-CA51-4FF2-A552-D51638BF0595}" = Battle Realms
"{9AB97F52-512B-43EF-AAEC-4825C17B32ED}" = EA.com Update
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D453713-CB8F-47C8-7BD6-6628B67AFD53}" = ccc-core-static
"{A2B3C27C-1F09-47C6-9A90-9683BEFD7963}" = Dawn of War - Soulstorm
"{A6F7F5A5-89A6-1944-ABCD-51A24D7D0375}" = ccc-core-preinstall
"{A8DB611A-D80E-450D-85F6-3ACDD164BE31}" = Pro Evolution Soccer 2009
"{AA72FB28-73B4-49E5-B6B4-E78F44BBD0AD}" = Epson Copy Utility 3.4
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1.2 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B66E665A-DF96-4C38-9422-C7F74BC1B4E5}" = EPSON Easy Photo Print
"{B6EC7388-E277-4A5B-8C8F-71067A41BA64}" = TextPad 5
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{C4A0C307-053A-4335-8B28-60E901DB1031}" = Nero 7 Essentials
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{DD8408E9-9421-484F-979D-DB6361E3E828}" = Dawn Of War - Winter Assault
"{E3FEE4E7-4488-4A3F-A6BD-13745936EADB}" = iTunes
"{E4961DB6-A3F3-11D3-BE67-0000B4A81FC5}" = Grand Prix 3
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{FF39FC01-819B-42E4-AE49-1968AF12DDD4}" = Dawn of War - Dark Crusade
"{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}" = EPSON Print CD
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"All ATI Software" = ATI - Software Uninstall Utility
"Audacity_is1" = Audacity 1.2.6
"avast" = avast! Free Antivirus
"BabylonToolbar" = Babylon toolbar
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Company of Heroes" = Company of Heroes
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"Digital Editions" = Adobe Digital Editions
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"EPSON PERFECTION V30_V300 PHOTO Benutzerhandbuch" = EPSON PERFECTION V30_V300 PHOTO Handbuch
"EPSON Scanner" = EPSON Scan
"ESP1400_1410 Ben.handbuch" = ESP1400_1410 Ben.handbuch
"ExpressRip" = Express Rip
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)
"FLV Player" = FLV Player 2.0, build 24
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free Window Registry Repair" = Free Window Registry Repair
"Free YouTube Download_is1" = Free YouTube Download 2.3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.32
"GameCenter_is1" = GameCenter 1.3.0.6
"GameSpy Arcade" = GameSpy Arcade
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ID3-TagIT 3_is1" = ID3-TagIT 3
"IL Download Manager" = IL Download Manager
"INsanes Small HUD" = INsanes Small HUD 8 Black
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{56F150D4-EA0F-415A-8F08-A4F17B782BCC}" = GlobeDigital
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"IrfanView" = IrfanView (remove only)
"JDownloader" = JDownloader
"KGB Archiver_is1" = KGB Archiver 1.2.1.24
"LastFM_is1" = Last.fm 1.5.4.24567
"LogMeIn Hamachi" = LogMeIn Hamachi
"MAGIX Foto Manager 2007 D" = MAGIX Foto Manager 2007 4.2.0.42 (D)
"MAGIX Goya burnR D" = MAGIX Goya burnR 2.3.1.3 (D)
"MAGIX Music Manager 2007 D" = MAGIX Music Manager 2007 8.2.0.54 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D)
"MAGIX Video deluxe 2007 2008 D" = MAGIX Video deluxe 2007 2008 7.0.0.26 (D)
"MAGIX Webradio deluxe 3 D" = MAGIX Webradio deluxe 3 3.0.0.76 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Mozilla Thunderbird (2.0.0.22)" = Mozilla Thunderbird (2.0.0.22)
"MSNINST" = MSN
"PPStream_is1" = PPStream
"Pro Cycling Manager 2" = Radsport Manager Pro 2006
"Skype_is1" = Skype 3.0
"SopCast" = SopCast 3.0.3
"Steam App 340" = Half-Life 2: Lost Coast
"Steam App 440" = Team Fortress 2
"Steam App 630" = Alien Swarm
"Switch" = Switch Sound File Converter
"TVAnts 1.0" = TVAnts 1.0
"TVUPlayer" = TVUPlayer 2.3.6.1
"Uninstall_is1" = Uninstall 1.0.0.1
"Veetle TV" = Veetle TV 0.9.18
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.0.5
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinGTK-2_is1" = GTK+ 2.10.6-1 runtime environment
"WinPcapInst" = WinPcap 4.1.2
"WinRAR archiver" = WinRAR
"Xfire" = Xfire (remove only)
"Xvid_is1" = Xvid 1.1.3 final uninstall
"xVideos Video Downloader_is1" = xVideos Video Downloader 3.16
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Move Media Player" = Move Media Player
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"QIP 2010" = QIP 2010 10.9.29.4196
"QIP Infium" = QIP Infium 3.0.9040
"QipGuard" = QIP Internet Guardian
========== Last 10 Event Log Errors ==========
[ Antivirus Events ]
Error - 09.01.2009 18:47:09 | Computer Name = XYJLT4GFLO6VZAN | Source = avast! | ID = 33554522
Description =
Error - 09.01.2009 19:04:55 | Computer Name = XYJLT4GFLO6VZAN | Source = avast! | ID = 33554522
Description =
Error - 08.02.2009 16:45:34 | Computer Name = XYJLT4GFLO6VZAN | Source = avast! | ID = 33554522
Description =
Error - 17.10.2009 01:17:16 | Computer Name = XYJLT4GFLO6VZAN | Source = avast! | ID = 33554522
Description =
Error - 04.11.2009 22:56:33 | Computer Name = XYJLT4GFLO6VZAN | Source = avast! | ID = 33554522
Description =
Error - 05.11.2009 12:34:13 | Computer Name = XYJLT4GFLO6VZAN | Source = avast! | ID = 33554522
Description =
Error - 05.11.2009 12:43:09 | Computer Name = XYJLT4GFLO6VZAN | Source = avast! | ID = 33554522
Description =
[ Application Events ]
Error - 28.03.2011 14:10:21 | Computer Name = XYJLT4GFLO6VZAN | Source = MsiInstaller | ID = 11327
Description = Product: LogMeIn Hamachi -- Error 1327. Invalid Drive: H:\
Error - 28.03.2011 14:11:25 | Computer Name = XYJLT4GFLO6VZAN | Source = MsiInstaller | ID = 11327
Description = Product: LogMeIn Hamachi -- Error 1327. Invalid Drive: H:\
Error - 28.03.2011 14:18:31 | Computer Name = XYJLT4GFLO6VZAN | Source = MsiInstaller | ID = 11327
Description = Product: LogMeIn Hamachi -- Error 1327. Invalid Drive: H:\
Error - 01.04.2011 08:02:00 | Computer Name = XYJLT4GFLO6VZAN | Source = MsiInstaller | ID = 11327
Description = Product: LogMeIn Hamachi -- Error 1327. Invalid Drive: H:\
Error - 30.04.2011 08:17:12 | Computer Name = XYJLT4GFLO6VZAN | Source = MsiInstaller | ID = 10005
Description = Product: PDF-XChange Viewer -- This installation can be installed
only on 32-bit Windows.
Error - 08.07.2011 20:21:12 | Computer Name = XYJLT4GFLO6VZAN | Source = MsiInstaller | ID = 11324
Description = Produkt: FIFA 11 -- Error 1324. Kann nicht im angegebenen Pfad installieren.
Das angegebene Laufwerk ist entweder ungültig oder nicht vorhanden, oder ein Verzeichnis
innerhalb des Pfads enthält mindestens eines der folgenden ungültigen Zeichen: /
: * ? " < > | ;
Error - 08.07.2011 20:32:33 | Computer Name = XYJLT4GFLO6VZAN | Source = MsiInstaller | ID = 11324
Description = Produkt: FIFA 11 -- Error 1324. Kann nicht im angegebenen Pfad installieren.
Das angegebene Laufwerk ist entweder ungültig oder nicht vorhanden, oder ein Verzeichnis
innerhalb des Pfads enthält mindestens eines der folgenden ungültigen Zeichen: /
: * ? " < > | ;
Error - 09.07.2011 10:45:07 | Computer Name = XYJLT4GFLO6VZAN | Source = MsiInstaller | ID = 11324
Description = Produkt: FIFA 11 -- Error 1324. Kann nicht im angegebenen Pfad installieren.
Das angegebene Laufwerk ist entweder ungültig oder nicht vorhanden, oder ein Verzeichnis
innerhalb des Pfads enthält mindestens eines der folgenden ungültigen Zeichen: /
: * ? " < > | ;
Error - 05.08.2011 20:03:28 | Computer Name = XYJLT4GFLO6VZAN | Source = MsiInstaller | ID = 1013
Description = Product: Adobe Reader 8.1.0 -- Setup has detected that you already
have a more functional product installed. Setup will now terminate.
Error - 08.09.2011 08:52:50 | Computer Name = XYJLT4GFLO6VZAN | Source = VSS | ID = 8211
Description =
[ System Events ]
Error - 15.09.2011 14:37:50 | Computer Name = XYJLT4GFLO6VZAN | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computer Browser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 15.09.2011 14:37:50 | Computer Name = XYJLT4GFLO6VZAN | Source = Service Control Manager | ID = 7023
Description = Der Dienst "SSHNAS" wurde mit folgendem Fehler beendet: %%126
Error - 15.09.2011 15:47:54 | Computer Name = XYJLT4GFLO6VZAN | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computer Browser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 15.09.2011 15:47:54 | Computer Name = XYJLT4GFLO6VZAN | Source = Service Control Manager | ID = 7023
Description = Der Dienst "SSHNAS" wurde mit folgendem Fehler beendet: %%126
Error - 16.09.2011 10:40:19 | Computer Name = XYJLT4GFLO6VZAN | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computer Browser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 16.09.2011 10:40:19 | Computer Name = XYJLT4GFLO6VZAN | Source = Service Control Manager | ID = 7023
Description = Der Dienst "SSHNAS" wurde mit folgendem Fehler beendet: %%126
Error - 16.09.2011 14:59:13 | Computer Name = XYJLT4GFLO6VZAN | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computer Browser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 16.09.2011 15:06:10 | Computer Name = XYJLT4GFLO6VZAN | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computer Browser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 16.09.2011 16:48:32 | Computer Name = XYJLT4GFLO6VZAN | Source = DCOM | ID = 10010
Description = Der Server "{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error - 16.09.2011 18:26:09 | Computer Name = XYJLT4GFLO6VZAN | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computer Browser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
< End of report >
ccleaner programm liste Code:
ATTFilter 7-Zip 4.57 Igor Pavlov 21.05.2008 2,77MB 4.57.00.0
ABBYY FineReader 6.0 Sprint ABBYY Software House 01.08.2009 119,5MB 6.00.1395.4512
Adobe AIR Adobe Systems Inc. 27.01.2009 1.1.0.5790
Adobe Digital Editions 16.09.2011
Adobe Flash Player 10 Plugin Adobe Systems Incorporated 16.09.2011 10.3.181.26
Adobe Flash Player ActiveX Adobe Systems Incorporated 16.09.2011 9.0.124.0
Adobe Media Player Adobe Systems Incorporated 27.01.2009 1.1
Adobe Reader 9.1.2 - Deutsch Adobe Systems Incorporated 13.07.2009 242MB 9.1.2
Adobe Shockwave Player Adobe Systems, Inc. 21.05.2008 10,6MB 10.2.0.023
Adobe Shockwave Player 11.5 Adobe Systems, Inc. 16.09.2011 11.5
AGEIA PhysX v7.07.09 AGEIA Technologies, Inc. 29.07.2010 92,7MB 7.07.09
Alien Swarm Valve
Apple Application Support Apple Inc. 12.03.2011 54,5MB 1.4.1
Apple Software Update Apple Inc. 05.02.2009 2,16MB 2.1.1.116
ArcSoft MediaImpression ArcSoft 16.09.2011
ATI - Software Uninstall Utility 16.09.2011 6.14.10.1021
ATI Catalyst Control Center 2.008.0328.2321
ATI Display Driver 15.09.2011 8.476-080328a-061003C-ATI
Audacity 1.2.6
Audiograbber Default Manufacturer 22.05.2008 3,67MB 1.0
avast! Free Antivirus AVAST Software 17.09.2011 6.0.1289.0
Babylon toolbar 16.09.2011
Battle Realms Liquid Entertainment 05.07.2011 625MB 0.10.000
Bonjour Apple Inc. 03.08.2009 0,49MB 1.0.106
Camera RAW Plug-In for EPSON Creativity Suite 16.09.2011 2.1.0.0
CCleaner Piriform 17.09.2011 3.10
Cisco Systems VPN Client 5.0.07.0290 Cisco Systems, Inc. 12.10.2010 21,8MB 5.0.7
Command & Conquer Generals Electronic Arts 19.04.2010 0.50.0000
Company of Heroes THQ Inc. 2.602.0
Counter-Strike: Source Valve 06.08.2010 4.597MB 1.0.0.0
Dawn Of War THQ 25.04.2010 1.672MB 1.40
Dawn of War - Dark Crusade THQ 25.04.2010 1.00.0000
Dawn of War - Soulstorm THQ 25.04.2010 1.00.0000
Dawn Of War - Winter Assault THQ 25.04.2010 1.023MB 1.4
dBpoweramp Music Converter Illustrate Release 14.1
DivX Codec DivX, Inc. 16.09.2011 6.8.2
DivX Converter DivX, Inc. 16.09.2011 6.6.0
DivX Player 16.09.2011 6.8.1
DivX Web Player DivX,Inc. 17.09.2011 1.4.0
DVDVideoSoftTB Toolbar 16.09.2011
EA.com Matchup 16.09.2011
EA.com Update
EPSON Attach To Email SEIKO EPSON 06.05.2009 1.01.0000
Epson Copy Utility 3.4 16.09.2011 3.4.0.0
EPSON Easy Photo Print 16.09.2011 1.4.2.0
Epson Event Manager SEIKO EPSON Corporation 16.09.2011 2.01.00
EPSON File Manager 16.09.2011 1.3.0.0
EPSON PERFECTION V30_V300 PHOTO Handbuch 16.09.2011
EPSON Print CD 16.09.2011 1.50.000
EPSON Scan 16.09.2011
EPSON Scan Assistant 16.09.2011 1.10.00
EPSON-Drucker-Software SEIKO EPSON Corporation 16.09.2011
ESP1400_1410 Ben.handbuch 16.09.2011
Express Rip NCH Software 16.09.2011
Facebook Plug-In Facebook, Inc. 16.09.2011
Firebird SQL Server - MAGIX Edition 2.0.0.1 (D) MAGIX AG 14.06.2008 2.0.0.1
FLV Player 2.0, build 24 Martijn de Visser 16.09.2011 2.0, build 24
Free Audio CD Burner version 1.4.7 DVDVideoSoft Limited. 20.01.2011
Free Window Registry Repair 16.09.2011
Free YouTube Download 2.3 DVDVideoSoft Limited. 03.02.2010
Free YouTube to MP3 Converter version 3.9.32 DVDVideoSoft Limited. 20.01.2011
GameCenter 1.3.0.6 Cyanide 31.07.2010 1.3.0.6
GameSpy Arcade 16.09.2011
GIMP 2.6.11 The GIMP Team 05.01.2011 2.6.11
GlobeDigital ODSoft multimedia 21.05.2008 2.1.1.6.0422
Grand Prix 3 16.09.2011
GTK+ 2.10.6-1 runtime environment Tor Lillqvist 21.05.2008
Half-Life 2: Lost Coast Valve
ID3-TagIT 3 Michael Pluemper 17.09.2011 3
IL Download Manager Image-Line bvba 16.09.2011
INsanes Small HUD 8 Black dodbits 8 Black
IrfanView (remove only) 16.09.2011
iTunes Apple Inc. 10.10.2009 67,2MB 7.5.0.20
Java(TM) 6 Update 14 Sun Microsystems, Inc. 13.07.2009 91,0MB 6.0.140
Java(TM) 6 Update 4 Sun Microsystems, Inc. 22.05.2008 137,7MB 1.6.0.40
Java(TM) 6 Update 5 Sun Microsystems, Inc. 22.05.2008 114,2MB 1.6.0.50
Java(TM) 6 Update 7 Sun Microsystems, Inc. 15.02.2009 138,0MB 1.6.0.70
JDownloader AppWork UG (haftungsbeschränkt) 0.89
KGB Archiver 1.2.1.24 Tomasz Pawlak 14.07.2011
Last.fm 1.5.4.24567 Last.fm 22.12.2009
LogMeIn Hamachi LogMeIn, Inc. 10.08.2011 2.1.0.122
MAGIX Foto Manager 2007 4.2.0.42 (D) MAGIX AG 27.10.2009 4.2.0.42
MAGIX Goya burnR 2.3.1.3 (D) MAGIX AG 14.06.2008 2.3.1.3
MAGIX Music Manager 2007 8.2.0.54 (D) MAGIX AG 27.10.2009 8.2.0.54
MAGIX Online Druck Service 2.3.2.0 (D) MAGIX AG 14.06.2008 2.3.2.0
MAGIX Video deluxe 2007 2008 7.0.0.26 (D) MAGIX AG 14.06.2008 7.0.0.26
MAGIX Webradio deluxe 3 3.0.0.76 (D) MAGIX AG 27.10.2009 3.0.0.76
Malwarebytes' Anti-Malware Version 1.51.2.1300 Malwarebytes Corporation 16.09.2011 1.51.2.1300
Medal of Honor Airborne Electronic Arts 29.07.2010 8.708MB 1.0.1.0
Medal of Honor Allied Assault 16.09.2011
Medal of Honor Allied Assault(tm) Breakthrough 16.09.2011
Medal of Honor Allied Assault(tm) Spearhead 16.09.2011
Medal of Honor Pacific Assault(tm) Electronic Arts 29.07.2010 1.0
Microsoft .NET Framework 1.1 07.10.2010
Microsoft .NET Framework 2.0 Service Pack 2 Microsoft Corporation 10.08.2011 361MB 2.2.30729
Microsoft .NET Framework 3.0 Service Pack 2 Microsoft Corporation 25.06.2010 385MB 3.2.30729
Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 07.10.2010
Microsoft Compression Client Pack 1.0 for Windows x64 Microsoft Corporation 21.05.2008 1
Microsoft Office File Validation Add-In Microsoft Corporation 15.09.2011 11,2MB 14.0.5130.5003
Microsoft Office Home and Student 2007 Microsoft Corporation 15.09.2011 12.0.6425.1000
Microsoft Office Standard Edition 2003 Microsoft Corporation 15.09.2011 916MB 11.0.8173.0
Microsoft Silverlight Microsoft Corporation 16.06.2011 207MB 4.0.60531.0
Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Corporation 21.05.2008
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 29.07.2009 0,11MB 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 18.07.2011 4,61MB 8.0.56336
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 Microsoft Corporation 09.08.2010 0,17MB 9.0.30729.4148
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 29.07.2009 0,15MB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 07.08.2010 13,3MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 16.06.2011 13,2MB 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 21.05.2008 6,68MB 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 19.09.2010 9,65MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 30.01.2011 9,64MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 28.02.2010 10,2MB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 16.06.2011 10,2MB 9.0.30729.6161
Microsoft Windows German User Interface Pack Microsoft Corporation 21.05.2008 148,9MB 1.0.705.0
Microsoft Xbox 360 Accessories 1.2 Microsoft 28.09.2010 7,67MB 1.20.146.0
Move Media Player Move Networks 16.09.2011
Mozilla Firefox (3.6.8) Mozilla 17.09.2011 3.6.8 (de)
Mozilla Thunderbird (2.0.0.22) Mozilla 16.09.2011 2.0.0.22 (de)
MSN 16.09.2011
MSXML 4.0 SP2 (KB936181) Microsoft Corporation 15.06.2008 2,62MB 4.20.9848.0
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 12.11.2008 2,67MB 4.20.9870.0
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 25.11.2009 2,77MB 4.20.9876.0
MSXML 6 Service Pack 2 (KB973686) Microsoft Corporation 25.11.2009 3,39MB 6.20.2003.0
NBA 2K10 2K Sports 05.09.2010 1.1.0
NBA 2K11 2K Sports 14.10.2010 1.0.0
Nero 7 Essentials Nero AG 21.05.2008 459MB 7.01.4237
NVIDIA Drivers 15.09.2011
Octoshape add-in for Adobe Flash Player 16.09.2011
OpenOffice.org 3.0 OpenOffice.org 15.02.2009 350MB 3.0.9379
Paint.NET v3.5.8 dotPDN LLC 11.06.2011 14,3MB 3.58.0
PDF-XChange Viewer Tracker Software Products Ltd. 30.04.2011 44,6MB 2.5.195.0
PowerDVD CyberLink Corporation 16.09.2011 7.0.1815.0
PPStream PPStream.com 17.09.2011
Pro Evolution Soccer 2011 KONAMI 29.09.2010 6.034MB 1.00.0000
QIP 2010 10.9.29.4196 12.10.2010 10.9.29.4196
QIP Infium 3.0.9040 12.10.2010 3.0.9040
QIP Internet Guardian 17.09.2011
QuickTime Apple Inc. 12.03.2011 73,7MB 7.69.80.9
Radsport Manager Pro 2006
SAMSUNG Mobile Modem Driver Set 16.09.2011
Samsung Mobile phone USB driver Software 16.09.2011
SAMSUNG Mobile USB Modem 1.0 Software 16.09.2011
SAMSUNG Mobile USB Modem Software 16.09.2011
Samsung New PC Studio Samsung Electronics Co., Ltd. 25.12.2009 1.00.0000
Skype 3.0 Skype Technologies S.A. 17.09.2011 3.0
SopCast 3.0.3 SopCast.com 17.09.2011 3.0.3
SoundMAX Analog Devices 21.05.2008 5.10.02.6110
Spelling Dictionaries Support For Adobe Reader 9 Adobe Systems Incorporated 13.07.2009 29,7MB 9.0.0
Steam(TM) Valve 06.08.2010 16,7MB 1.0.0.0
Switch Sound File Converter NCH Software 16.09.2011
Team Fortress 2 Valve
TeamSpeak 3 Client TeamSpeak Systems GmbH
TextPad 5 Helios 22.05.2008 6,15MB 5.1.0
TVAnts 1.0 17.09.2011
TVUPlayer 2.3.6.1 TVU networks 17.09.2011 2.3.6.1
Uninstall 1.0.0.1 20.01.2011
Update for Windows Server 2003 (KB943729) Microsoft Corporation 21.05.2008
Veetle TV 0.9.18 Veetle, Inc 16.09.2011 0.9.18
VirtualCloneDrive Elaborate Bytes
VLC media player 1.0.5 VideoLAN Team 16.09.2011 1.0.5
Winamp Nullsoft, Inc 17.09.2011 5.531
Windows Internet Explorer 8 Microsoft Corporation 13.07.2009 20090308.140744
Windows Media Format 11 runtime 16.09.2011
Windows Media Player 11 16.09.2011
Windows Media Player Firefox Plugin Microsoft Corp 19.11.2008 0,29MB 1.0.0.8
Windows XP Service Pack 2 Microsoft Corporation 21.05.2008 20070217.000042
Windows-Treiberpaket - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0) Advanced Micro Devices 16.09.2011 05/27/2006 1.3.2.0
WinPcap 4.1.2 CACE Technologies 16.09.2011 4.1.0.2001
WinRAR 16.09.2011
World of Tanks closed Beta v.0.6.2.8 Wargaming.net 30.01.2011
Xfire (remove only)
Xvid 1.1.3 final uninstall Xvid team (Koepi) 17.09.2011 1.1
YouTube Downloader 2.5.6 BienneSoft
Es kam solange das Internet (nach der ganzen Prozedur) angeschlossen war zu Abstürzen: Bildschirm hing, startmenü ließ sich nicht öffnen, taskmanager ließ sich nicht öffnen. Das passierte während des Aufenthalts im Internet (wollte das hier grade abschicken) oder sobald ich den ordner auf dem desktop öffnete in dem OTL.exe, ccleanersetup und MBAMsetup und alle logdaten enthalten sind. Ich kam nur noch an die logs ran über die windows suchfunktion. Vielen Dank schon mal für die Hilfe, Grüße, Moltay |
|
17.09.2011, 04:34
| #7 | ||
| /// Helfer-Team | avast - PC-Neustart bei überprüfung "starten" button klick, virusbefall? ohje...ohje: - Das Installieren von Raubkopien ist eine ziemlich sichere Methode, ein Rechner zu infizieren  - Ich beführte dass Du Dein Problem nur lösen kannst, wenn du dein System neu installierst, da geht`s um: Code:
ATTFilter autodesk inventor series r10 keygen
Zitat:
** Du solltest in so einem Fall mal dein Konsummuster überdenken  Weil dein Verhalten damit dem deutschen Recht unterliegt, wird den Support an dieser Stelle von unsere Seite aus beendet. Also am besten ist es, Du Sicherst deiner Daten (ohne cracks & Keygens!) und machst eine komplette Neuinstallation des Rechners, das ist der schnellste und sauberste lösung! Aber wenigstens hast Du dann nach einer Neuinstallation wieder ein sauberes System und hoffentlich hast Du was draus gelernt und in Zukunft lässt die Finger von... -> Forumregel! Zitat:
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
| Themen zu avast - PC-Neustart bei überprüfung "starten" button klick, virusbefall? |
| 0x00000001, administrator, alternate, application/pdf, application/pdf:, avast, babylon toolbar, babylontoolbar, boot-cd, c:\windows\system32\rundll32.exe, computer, computer startet neu, conduit, dateien, datensicherung, externe festplatte, festplatte, fontcache, g-data, heur, hängen, internet, intranet, kein neustart, langsam, löschen, mozilla thunderbird, namen, otl.txt, pc sehr langsam, plug-in, problem, ratlos, recycle.bin, rootkit, scan, security update, sehr langsam, shell32.dll, starten, temp, tracker, trojaner, trojaner board, updates, version=1.0, webcheck, ändern |
Linear-Darstellung
