Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   avast - PC-Neustart bei überprüfung "starten" button klick, virusbefall? (https://www.trojaner-board.de/103410-avast-pc-neustart-ueberpruefung-starten-button-klick-virusbefall.html)

21stparanoid 15.09.2011 04:13
avast - PC-Neustart bei überprüfung "starten" button klick, virusbefall?
 
Guten Morgen,
hier die Chronologie der Ereignisse:

1. mein laptop (inzwischen mit neuer festplatte versehen) hatte einen malware-befall (mein homeverzeichnis war betroffen, PC machte Notabschaltung und blue screen kurz nach benutzeranmeldung). Nachdem ein neuer Benutzer eingerichtet wurde in den wichtige dateien (auch anwendungen :/ ) kopiert werden konnten, wurde die Festplatte ausgebaut und sollte zur datensicherung an den jetzt betroffenen PC angeschlossen werden.

2.Ich schloss also die verseuchte festplatte als external device an den PC an und führte eine "vollständige überprüfung" mit avast durch (ich überprüfte also sowohl PC als auch externes) und siehe da es fanden sich verschiedene bedrohungen in den verzeichnissen

in "C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\10\"
6 Java:Agent-UK [Expl] mit namen:
"C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\10\7bc15c8a-1c847196"

"C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\10\7bc15c8a-3964e369"

"C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\10\7bc15c8a-616d23c3"

"C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\10\7bc15c8a-629fa3f1"

"C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\10\7bc15c8a-6b65511a"

"C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\10\7bc15c8a-79f54efc"

in dem bereich auch ein Win32:Malware-gen mit name:
"C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\44\1ca3d4ac-6d866008"

(weitere info zu dem problem: hxxp://www.java.com/en/download/help/cache_virus.xml)

in "C:\Documents and Settings\Administrator"
ein Win32:Malware-gen mit name:
"C:\Documents and Settings\Administrator\0.09012543475195989.exe"

in "C:\Documents and Setting\Administrator\Local Settings\Temp\
ein Win32:Malware-gen mit Name:
C:\Documents and Setting\Administrator\Local Settings\Temp\jar_cache46754221171660111.tmp

ein Trojaner mit name:
C:\Documents and Setting\Administrator\Local Settings\Temp\jar_cache4931301801747041631.tmp

ein Rootkit mit name:
C:\Documents and Setting\Administrator\Local Settings\Temp\nswcremxao.tmp

in "C:SystemData\
zwei Win32:Malware-gen mit namen:
"C:SystemData\217FA966995"
(komischer weise 2mal dasselbe)

in allen Fällen empfahl avast "in Container verschieben, was ich gemacht habe. Allerdings bin ich hier ein wenig verunsichert, da
(a) alle diese bedrohungen auf dem PC gefunden wurden und nicht auf der verseuchten "externen" festplatte.
(b) ich meine mich zu erinnern, dass es auch eine malware gab, bei der avast löschen empfohlen hatte, diese taucht im Protokoll (das Protokoll, welches über die avast-oberfläche anzusehen ist) allerdings nicht mehr auf.

3. Ich koppelte dann die verseuchte externe Festplatte ab und führte eine erneute "vollständige Überprüfung durch", welche keine Virus finden konnte. Die zu sichernden Daten habe ich vorsichtshalber nicht kopiert, weil es mir nicht ganz geheuer war, das avast auf der externen platte nichts gefunden hat.
Außerdem führte ich ein update durch.

4. Am Nächsten morgen war der PC neu gestartet. (scheinbar ohne Fremdwinwirkung)
Ich wollte dann eine weitere überprüfung durchführen (wegen des updates). Dabei gab es allerdings ein Problem: Der Computer startet neu, sobald ich den "starten" button drücke.
5. Das hat mich dann sehr beunruhigt, also versuchte ich etwas anderes, ich wählte "Überprüfung des gewählten Ordners" und wählte dabei den gesamten Arbeitsplatz aus. Das hat funktioniert, allerdings wurde nichts gefunden.
Das wunderte mich, da es ja ganz offensichtlich ein Problem gibt (computer-neustart).
6. Also Reset und PC-Start im abgesicherten modus, wieder "vollständige Überprüfung". Hier ist das möglich, aber ebenfalls ohne befund.
7. Daraufhin hab ich nach dem Problem im Internet gesucht und bin auf "Trojaner board gestoßen". Mein Problem habe ich allerdings nicht finden können, allerdings wurde dort häufiger eine Startzeit-Überprüfung empfohlen.
Ich führte dann eine Startzeitprüfung mit avast durch. Dabei wurden dann plötzlich wieder bedrohungen gefunden. 14 im Verzeichnis:

"C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\" mit Namen:

"C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\1\798d9401-2b79f58d|>buildService\Cid.class"
Java:Agent-UM [expl]

"C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\1\798d9401-2b79f58d|>buildService\ClassId.class"
Java:Agent-US [expl]

"C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\1\798d9401-2b79f58d|>buildService\ClassType.class"
Java:Agent-UN [expl]

"C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\1\798d9401-2b79f58d|>buildService\MailAgent.class"
Java:Agent-UL [expl]

"C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\1\798d9401-2b79f58d|>buildService\Virtual Table.class"
Java:Agent-UP [expl]

"C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\30\134325e-7ca0d59a|>FAQ\Checklist.class"
Java:Agent-IF [expl]

"C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\30\134325e-7ca0d59a|>FAQ\constant.class"
Java:Agent-IJ [expl]

"C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\30\134325e-7ca0d59a|>FAQ\J2EE.class"
Java:Agent-IG [expl]

"C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\30\134325e-7ca0d59a|>FAQ\Template.class"
Java:Agent-IM [expl]

"C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\30\134325e-7ca0d59a|>tools\Commander.class
Java:Agent-LF [expl]

"C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\30\134325e-7ca0d59a|Syntax.class"
Java:Agent-RR [expl]

"C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\30\134325e-7ca0d59a|XmlStandard.class"
Java:Agent-RV [expl]

"C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\47\42cc9baf-2d521695|>vload.class"
Java:Jade-C [heur]

"C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\47\42cc9baf-2d521695|>vmain.class"
Java:CVE-2010-0094-C [expl]

und 1 weitere in

"C:\Documents and Settings\Administrator\My Documents\Downloads\u95.exe
Win32.PUP-gen [PUP]

Also nochmal reichlich Beute im Java cache, trotz einiger Kontrollen.
8. Deshalb jetzt ein Check mit der Boot-CD von G-Data eines Freundes.
Die führte ein Update durch, durchsuchte den PC SEHR LANGSAM und fand wieder was in
"C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\30\ mit der Bezeichnung "virus".
Der Scan blieb allerdings hängen und ich konnte nicht reagieren. Ärgerlich.
9. Ich wusste ja jetzt, dass es weitere Bedrohungen gibt und weil ich ja wusste, dass immer Java betroffen war hab ich mal gegoogelt und diesen link gefunden:
hxxp://www.java.com/en/download/help/cache_virus.xml

Ich habe dann die Anweisungen befolgt, die dort aufgeführt sind zur Säuberung per Hand.

Das avast Problem löste sich dadurch leider nicht (also beim klicken des "starten"-buttons bei "vollständige Überprüfung" und "schnelle "überprüfung" wird der PC weiterhin neu gestartet)
10. Ich führte dann allerdings einen boot scan mit der G-Data CD durch, wieder updates. Diesmal ging er allerdings schneller und war auch vollständig. Dabei wurde nichts gefunden.

Das war komisch, denn das avast problem war noch nicht behoben. Im Gegenteil, der Computer startete nun auch gelegentlich ohne "starten" button klick neu, also von ganz allein.
Ich war ratlos genug, um mich (reichlich spät) bei trojaner board anzumelden und nun bin ich hier.
11. habe sowohl defogger als auch OTL angewendet (die logs kommen gleich). Interessant dabei ist: ich hatte den PC solange ich OTL und defogger benutzte vom internet abgehängt und avast deaktiviert. Seit dem funktioniert avast wieder, also kein neustart mit "starten"-button-click.
Trotzdem fände ich es gut, wenn das Problem besprochen werden könnte.

Könnt ihr mir sagen, wie ich an die avast logs rankomme? (also als txt oder so). Die würde ich dann auch hochladen.
Meint ihr auch, wir sollten die Passwörter unserer email-postfächer ändern?

Zu guter letzt noch so ein paar randnotizen:
Der PC wird hauptsächlich von mir und meinem Bruder, aber generell von der ganzen Familie benutzt. Ich habe also keinen besonders guten Überblick darüber, was hier alles passiert und außerdem kann ich nicht einfach den PC platt machen.
Ich verfüge über recht rudimentäre programmierfähigkeiten und user-mündigkeit, also überfordert mich bitte nicht,

Ich danke euch schonmal für eure Hilfe und freundliche Grüße

PS: mich interessiert, ob ich von der verseuchten festplatte lieber die finger lassen sollte.
PPS: Ich bin politisch aktiv und habe schon erfahren müssen, wie der Staat in meine Privatsphäre auf ziemlich krasse Weise eindringt. Wenn sowas passiert, werde ich also ein wenig paranoid und würde gerne hören, dass ich mir in der Hinsicht zumindest in diesem Fall keine Sorgen machen muss...

HIER DIE OTL.TXT:OTL Logfile:
Code:
OTL logfile created on: 15.09.2011 02:30:06 - Run 1
OTL by OldTimer - Version 3.2.28.0    Folder = C:\Documents and Settings\Administrator\Desktop\fight the virus
64bit-Windows Server 2003  Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,44 Gb Available Physical Memory | 71,90% Memory free
3,87 Gb Paging File | 3,53 Gb Available in Paging File | 91,11% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48,83 Gb Total Space | 1,95 Gb Free Space | 3,99% Space Free | Partition Type: NTFS
Drive D: | 184,05 Gb Total Space | 23,68 Gb Free Space | 12,87% Space Free | Partition Type: NTFS
 
Computer Name: XYJLT4GFLO6VZAN | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.09.15 02:06:47 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\fight the virus\OTL.exe
PRC - [2011.09.06 22:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011.09.06 22:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010.09.29 15:20:46 | 000,190,928 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\QipGuard\QipGuard.exe
PRC - [2010.08.05 02:35:30 | 000,066,872 | ---- | M] () -- C:\WINDOWS\SysWOW64\PnkBstrA.exe
PRC - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Documents and Settings\Administrator\Desktop\Malte Malte\uni\vpn client\vpn client 4\cvpnd.exe
PRC - [2008.04.17 14:14:00 | 000,102,712 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2008.04.17 14:14:00 | 000,098,616 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.09.14 21:17:31 | 001,562,112 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\11091401\algo.dll
MOD - [2011.09.14 14:44:51 | 000,208,544 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\11091401\aswRep.dll
MOD - [2010.09.29 15:20:46 | 000,190,928 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\QipGuard\QipGuard.exe
MOD - [2010.08.05 02:35:30 | 000,066,872 | ---- | M] () -- C:\WINDOWS\SysWOW64\PnkBstrA.exe
MOD - [2010.03.23 13:26:48 | 000,201,512 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\***\uni\vpn client\vpn client 4\vpnapi.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.09.06 22:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011.02.11 23:23:34 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2011.08.04 14:34:48 | 002,329,480 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2010.08.05 02:35:30 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\WINDOWS\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Documents and Settings\Administrator\Desktop\***\uni\vpn client\vpn client 4\cvpnd.exe -- (CVPND)
SRV - [2008.07.25 11:17:02 | 000,069,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.04.17 14:14:00 | 000,102,712 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008.03.28 21:05:00 | 000,663,552 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\SysWOW64\ati2saag.exe -- (ATI Smart)
SRV - [2007.02.17 00:44:20 | 000,077,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchsvc.dll -- (helpsvc)
SRV - [2006.12.14 18:00:00 | 000,544,768 | ---- | M] (Magix AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService)
SRV - [2006.10.18 20:05:24 | 000,913,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)
SRV - [2005.11.17 15:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2009.07.13 13:09:44 | 000,073,312 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\windows\SysWow64\drivers\adfs.sys -- (adfs)
DRV - [2006.04.04 14:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\windows\SysWow64\mnmdd.dll -- (mnmdd)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.qip.ru/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://vshare.toolbarhome.com/?hp=df
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.qip.ru/ie
IE - HKCU\..\URLSearchHook:  - Reg Error: CLSID key missing. File not found
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official"
FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19.1
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2
FF - prefs.js..extensions.enabledItems: es-es@dictionaries.addons.mozilla.org:1.5
FF - prefs.js..extensions.enabledItems: dictionary-switcher@design-noir.de:1.3.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:5.0.1
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110704
FF - prefs.js..extensions.enabledItems: radiobar@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.2.6
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.7
FF - prefs.js..extensions.enabledItems: {43c35458-c907-439b-bcfd-07d373834689}:2.2.1
FF - prefs.js..extensions.enabledItems: QipCounter@qip.ru:1.0
FF - prefs.js..extensions.enabledItems: {32a1fd71-835e-4b11-8e54-886fda0b4c89}:1.1
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.2
FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.1.3
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.4
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: wrc@avast.com:6.0.1289
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=bc843d900000000000007a7900000002&tlver=1.4.19.19&instlRef=sst&ss=1&affID=17395&q="
 
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Administrator\Application Data\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: D:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: D:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: D:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Administrator\Application Data\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Administrator\Application Data\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011.09.08 01:36:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.03.12 18:18:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.04.30 14:28:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.22\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2009.08.03 17:05:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.22\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011.03.12 18:18:27 | 000,000,000 | ---D | M]
 
[2010.07.24 12:41:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Extensions
[2010.03.26 17:31:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Extensions\IMVUClientXUL@imvu.com
[2010.07.24 12:41:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Extensions\mozswing@mozswing.org
[2011.09.15 02:04:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ii23qwue.default\extensions
[2010.06.28 23:58:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ii23qwue.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.10.11 20:20:51 | 000,000,000 | ---D | M] (QipAuthorizer) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ii23qwue.default\extensions\{32a1fd71-835e-4b11-8e54-886fda0b4c89}
[2010.08.26 17:17:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ii23qwue.default\extensions\{43c35458-c907-439b-bcfd-07d373834689}
[2011.08.03 09:05:39 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ii23qwue.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.08.03 09:05:36 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ii23qwue.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011.08.03 09:05:39 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ii23qwue.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011.01.20 18:38:25 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ii23qwue.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.08.03 09:05:36 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ii23qwue.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.08.03 09:05:39 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ii23qwue.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011.08.03 09:05:32 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ii23qwue.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2011.08.03 09:05:33 | 000,000,000 | ---D | M] (Dictionary Switcher) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ii23qwue.default\extensions\dictionary-switcher@design-noir.de
[2011.08.03 09:05:32 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ii23qwue.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2011.08.03 09:05:35 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ii23qwue.default\extensions\engine@conduit.com
[2011.08.03 09:07:07 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ii23qwue.default\extensions\en-US@dictionaries.addons.mozilla.org
[2011.08.03 09:05:33 | 000,000,000 | ---D | M] (Diccionario de Español/España) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ii23qwue.default\extensions\es-es@dictionaries.addons.mozilla.org
[2010.10.11 20:21:01 | 000,000,000 | ---D | M] ("QipCounter") -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ii23qwue.default\extensions\QipCounter@qip.ru
[2010.05.05 13:30:54 | 000,000,000 | ---D | M] (RadioBar Toolbar) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ii23qwue.default\extensions\radiobar@toolbar
[2011.01.23 23:49:41 | 000,000,000 | ---D | M] (vShare) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ii23qwue.default\extensions\vshare@toolbar
[2011.01.20 18:44:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\wc0vcnln.default\extensions
[2011.01.20 18:44:29 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\wc0vcnln.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011.01.20 18:38:25 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\wc0vcnln.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.09.07 16:03:58 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-1.xml
[2008.04.17 22:13:19 | 000,000,949 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-10.xml
[2008.07.04 11:41:42 | 000,000,949 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-11.xml
[2008.07.17 07:27:03 | 000,000,949 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-12.xml
[2008.07.17 22:58:47 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-13.xml
[2008.12.04 17:39:50 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-14.xml
[2008.12.14 04:41:39 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-15.xml
[2008.12.17 22:55:43 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-16.xml
[2009.02.05 18:02:33 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-17.xml
[2009.03.07 03:06:34 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-18.xml
[2009.03.28 21:40:03 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-19.xml
[2007.08.01 15:09:59 | 000,000,949 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-2.xml
[2009.04.13 00:08:48 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-20.xml
[2009.04.22 17:42:34 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-21.xml
[2009.05.06 18:17:43 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-22.xml
[2009.07.13 12:38:07 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-23.xml
[2009.07.17 19:51:58 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-24.xml
[2009.08.04 22:16:54 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-25.xml
[2009.09.11 16:27:43 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-26.xml
[2009.11.21 23:34:54 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-27.xml
[2009.12.16 14:49:16 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-28.xml
[2009.12.25 14:13:53 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-29.xml
[2007.09.19 22:45:12 | 000,000,949 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-3.xml
[2010.02.18 22:19:30 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-30.xml
[2010.03.13 02:59:59 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-31.xml
[2010.03.24 11:25:25 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-32.xml
[2010.04.02 19:48:43 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-33.xml
[2010.06.23 18:01:50 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-34.xml
[2010.07.21 20:32:23 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-35.xml
[2010.07.25 14:29:33 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-36.xml
[2010.10.11 20:24:20 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-37.xml
[2007.10.20 10:49:43 | 000,000,949 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-4.xml
[2007.11.02 12:46:20 | 000,000,949 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-5.xml
[2007.11.30 21:18:05 | 000,000,949 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-6.xml
[2007.12.02 12:28:59 | 000,000,949 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-7.xml
[2008.02.09 23:10:24 | 000,000,949 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-8.xml
[2008.03.27 02:20:53 | 000,000,949 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-9.xml
[2011.06.20 10:45:18 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin.gif
[2011.06.20 10:45:18 | 000,000,618 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin.src
[2008.11.18 14:56:02 | 000,000,944 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin.xml
[2010.10.12 13:37:08 | 000,002,062 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\qip-search.xml
[2011.01.23 23:49:49 | 000,001,583 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\web-search.xml
[2011.09.12 20:55:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2008.12.04 17:39:45 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files (x86)\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.03.28 19:30:03 | 000,000,000 | ---D | M] (Babylon) -- C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com
[2009.07.13 11:45:14 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES (X86)\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011.09.08 01:36:27 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF
[2008.05.13 03:50:42 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\msvcm80.dll
[2008.05.13 03:50:42 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\msvcp80.dll
[2008.05.13 03:50:42 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\msvcr80.dll
[2011.04.12 09:55:08 | 000,167,704 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2010.03.13 02:59:41 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.03.13 02:59:41 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.03.13 02:59:41 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.03.13 02:59:41 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.03.13 02:59:41 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
Hosts file not found
O2 - BHO: (CescrtHlpr Object) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (QipLI Class) - {6B5863A0-C43F-4C0A-982B-CC0E9125783F} - C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\qstatsrv.dll (TODO: <Company name>)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (QIPBHO Class) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3:64bit: - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - %SystemRoot%\system32\browseui.dll File not found
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - %SystemRoot%\system32\browseui.dll File not found
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - %SystemRoot%\system32\SHELL32.dll File not found
O3:64bit: - HKCU\..\Toolbar\WebBrowser - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKCU..\Run: [4E3E0230AEBB4E96] C:\Recycle.Bin\Recycle.Bin.exe File not found
O4 - HKCU..\Run: [QIP Internet Guardian] C:\Documents and Settings\Administrator\Application Data\QipGuard\QipGuard.exe ()
O4 - HKCU..\Run: [Steam] "h:\anwendungen\steam\steam.exe" -silent File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\vpngui.exe.lnk = C:\WINDOWS\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\Administrator\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\Administrator\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - %SystemRoot%\System32\mswsock.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - %SystemRoot%\System32\winrnr.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - %SystemRoot%\System32\mswsock.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\system32\mswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: //@install.mar@/ ([]msni in My Computer)
O15 - HKCU\..Trusted Domains: //@mail.mar@/ ([]msni in Local intranet)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1211483953078 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E4BE1B4F-485A-4A56-BFC5-6969417BFDC0}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll File not found
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\http\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\http\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\https\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\https\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll File not found
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - %SystemRoot%\system32\inetcomm.dll File not found
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll File not found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - %SystemRoot%\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll File not found
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - %SystemRoot%\system32\SHELL32.dll File not found
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -  File not found
O20:64bit: - HKLM Winlogon: UIHost - (%SystemRoot%\system32\logonui.exe) -  File not found
O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: System - (lsass.exe) - File not found
O20 - HKLM Winlogon: UserInit - (userinit) -C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) -  File not found
O20:64bit: - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) -  File not found
O20:64bit: - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) -  File not found
O20:64bit: - Winlogon\Notify\cscdll: DllName - (cscdll.dll) -  File not found
O20:64bit: - Winlogon\Notify\dimsntfy: DllName - (dimsntfy.dll) -  File not found
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) -  File not found
O20:64bit: - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) -  File not found
O20:64bit: - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) -  File not found
O20:64bit: - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) -  File not found
O20:64bit: - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) -  File not found
O20:64bit: - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) -  File not found
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) -  File not found
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) -  File not found
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) -  File not found
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) -  File not found
O21:64bit: - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll File not found
O21:64bit: - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll File not found
O21:64bit: - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll File not found
O21:64bit: - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll File not found
O22:64bit: - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - %SystemRoot%\system32\browseui.dll File not found
O22:64bit: - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - %SystemRoot%\system32\browseui.dll File not found
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Windows XP.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Windows XP.bmp
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{43c02d6a-9934-11dd-9219-0018f3fd278b}\Shell\AutoRun\command - "" = G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe
O33 - MountPoints2\{43c02d6a-9934-11dd-9219-0018f3fd278b}\Shell\open\command - "" = G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe
O33 - MountPoints2\{52bcf4c7-3176-11dd-ad7c-0018f3fd278b}\Shell\AutoRun\command - "" = RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe
O33 - MountPoints2\{52bcf4c7-3176-11dd-ad7c-0018f3fd278b}\Shell\open\command - "" = RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe
O33 - MountPoints2\{68947b47-4d1b-11dd-a2aa-0018f3fd278b}\Shell\AutoRun\command - "" = G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe
O33 - MountPoints2\{68947b47-4d1b-11dd-a2aa-0018f3fd278b}\Shell\open\command - "" = G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Reg Error: Value error.
ActiveX:64bit: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX:64bit: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX:64bit: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {abcdf74f-9a64-4e6e-b8eb-6e5a41de6550} - Help and Support Center
ActiveX:64bit: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX:64bit: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX:64bit: {B6EC01E7-431D-4D29-B9D4-E1D74CAF0AB0} - .NET Framework
ActiveX:64bit: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX:64bit: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\SysWOW64\Rundll32.exe C:\WINDOWS\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {B6EC01E7-431D-4D29-B9D4-E1D74CAF0AB0} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.09.15 02:04:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\fight the virus
[2011.09.08 01:36:26 | 000,041,184 | ---- | C] (AVAST Software) -- C:\windows\avastSS.scr
[2011.08.30 19:24:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\PAP1
[4 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[2 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
[1 C:\Documents and Settings\Administrator\My Documents\*.tmp files -> C:\Documents and Settings\Administrator\My Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.09.15 02:17:22 | 000,002,576 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\vpngui.exe.lnk
[2011.09.15 02:17:16 | 000,002,048 | --S- | M] () -- C:\windows\bootstat.dat
[2011.09.15 02:11:47 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\Administrator\defogger_reenable
[2011.09.15 02:09:48 | 000,000,970 | ---- | M] () -- C:\windows\imsins.BAK
[2011.09.13 02:31:16 | 000,001,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011.09.13 02:31:16 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\config.nt
[2011.09.06 22:45:29 | 000,199,304 | ---- | M] (AVAST Software) -- C:\windows\SysWow64\aswBoot.exe
[2011.09.06 22:45:29 | 000,041,184 | ---- | M] (AVAST Software) -- C:\windows\avastSS.scr
[2011.09.02 19:28:22 | 000,000,116 | ---- | M] () -- C:\windows\NeroDigital.ini
[2011.08.28 23:43:14 | 001,549,781 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\eBookReaderKompatibilitaetsliste_Onleihe[6].pdf
[2011.08.28 23:41:53 | 001,549,781 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\eBookReaderKompatibilitaetsliste_Onleihe[5].pdf
[2011.08.28 23:37:41 | 001,549,781 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\eBookReaderKompatibilitaetsliste_Onleihe[4].pdf
[2011.08.28 23:34:06 | 001,526,924 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\eBookReaderKompatibilitaetsliste_Onleihe[3].pdf
[2011.08.28 23:29:27 | 001,549,781 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\eBookReaderKompatibilitaetsliste_Onleihe[2].pdf
[2011.08.27 15:47:08 | 000,000,296 | ---- | M] () -- C:\windows\tasks\AppleSoftwareUpdate.job
[2011.08.26 13:07:18 | 000,099,328 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[4 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[2 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
[1 C:\Documents and Settings\Administrator\My Documents\*.tmp files -> C:\Documents and Settings\Administrator\My Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.09.15 02:11:47 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\Administrator\defogger_reenable
[2011.08.28 23:42:46 | 001,549,781 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\eBookReaderKompatibilitaetsliste_Onleihe[6].pdf
[2011.08.28 23:41:23 | 001,549,781 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\eBookReaderKompatibilitaetsliste_Onleihe[5].pdf
[2011.08.28 23:36:53 | 001,549,781 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\eBookReaderKompatibilitaetsliste_Onleihe[4].pdf
[2011.08.28 23:30:42 | 001,526,924 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\eBookReaderKompatibilitaetsliste_Onleihe[3].pdf
[2011.08.28 23:28:16 | 001,549,781 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\eBookReaderKompatibilitaetsliste_Onleihe[2].pdf
[2011.06.25 20:57:10 | 006,904,040 | ---- | C] () -- C:\windows\SysWow64\SpoonUninstall.exe
[2011.06.25 20:57:10 | 000,017,838 | ---- | C] () -- C:\windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat
[2011.02.11 23:23:34 | 000,053,299 | ---- | C] () -- C:\windows\SysWow64\pthreadVC.dll
[2010.12.26 00:07:35 | 000,158,544 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010.08.04 00:45:46 | 000,066,872 | ---- | C] () -- C:\windows\SysWow64\PnkBstrA.exe
[2010.08.04 00:45:41 | 000,103,736 | ---- | C] () -- C:\windows\SysWow64\PnkBstrB.exe
[2010.05.12 15:43:50 | 000,043,520 | ---- | C] () -- C:\windows\SysWow64\CmdLineExt03.dll
[2010.04.19 22:54:07 | 000,000,280 | ---- | C] () -- C:\Program Files (x86)\Verknüpfung mit Daten (D).lnk
[2010.04.17 19:09:10 | 000,000,035 | ---- | C] () -- C:\windows\WorldBuilder.INI
[2010.02.18 03:23:44 | 000,001,180 | ---- | C] () -- C:\windows\eReg.dat
[2010.01.04 11:21:28 | 000,001,723 | ---- | C] () -- C:\windows\TSearch.INI
[2009.12.25 14:25:58 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\$_hpcst$.hpc
[2009.11.05 04:33:15 | 000,000,020 | ---- | C] () -- C:\windows\powerplayer.ini
[2009.11.05 04:32:03 | 000,000,149 | ---- | C] () -- C:\windows\psnetwork.ini
[2009.08.02 01:12:22 | 000,000,000 | ---- | C] () -- C:\windows\EEventManager.INI
[2009.08.01 18:14:28 | 000,000,025 | ---- | C] () -- C:\windows\CDE V30V300DEFGIPSRUk.ini
[2009.05.28 01:46:16 | 000,000,016 | -H-- | C] () -- C:\Documents and Settings\Administrator\Application Data\mxfilerelatedcache.mxc2
[2009.05.07 00:19:26 | 000,000,029 | ---- | C] () -- C:\windows\DEBUGSM.INI
[2009.05.06 20:14:15 | 000,111,932 | ---- | C] () -- C:\windows\SysWow64\EPPICPrinterDB.dat
[2009.05.06 20:14:15 | 000,031,053 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern131.dat
[2009.05.06 20:14:15 | 000,027,417 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern121.dat
[2009.05.06 20:14:15 | 000,026,154 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern1.dat
[2009.05.06 20:14:15 | 000,024,903 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern3.dat
[2009.05.06 20:14:15 | 000,021,390 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern5.dat
[2009.05.06 20:14:15 | 000,020,148 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern2.dat
[2009.05.06 20:14:15 | 000,011,811 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern4.dat
[2009.05.06 20:14:15 | 000,004,943 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern6.dat
[2009.05.06 20:14:15 | 000,001,146 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_DU.dat
[2009.05.06 20:14:15 | 000,001,139 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_PT.dat
[2009.05.06 20:14:15 | 000,001,139 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_BP.dat
[2009.05.06 20:14:15 | 000,001,136 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_ES.dat
[2009.05.06 20:14:15 | 000,001,129 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_FR.dat
[2009.05.06 20:14:15 | 000,001,129 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_CF.dat
[2009.05.06 20:14:15 | 000,001,120 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_IT.dat
[2009.05.06 20:14:15 | 000,001,107 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_GE.dat
[2009.05.06 20:14:15 | 000,001,104 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_EN.dat
[2009.05.06 20:14:15 | 000,000,097 | ---- | C] () -- C:\windows\SysWow64\PICSDK.ini
[2009.05.06 20:08:46 | 000,000,025 | ---- | C] () -- C:\windows\CDE ESP1400Euro.ini
[2009.04.18 19:00:48 | 000,000,013 | ---- | C] () -- C:\windows\msgtn.ini
[2009.03.03 14:06:48 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2009.01.14 17:11:57 | 000,314,427 | ---- | C] () -- C:\windows\War3Unin.dat
[2008.12.21 05:48:24 | 001,278,464 | ---- | C] () -- C:\windows\SysWow64\quartz.dll
[2008.10.09 22:13:00 | 000,000,016 | -H-- | C] () -- C:\Program Files (x86)\Common Files\mxfilerelatedcache.mxc2
[2008.10.09 11:53:03 | 000,000,046 | ---- | C] () -- C:\windows\Goya.INI
[2008.09.07 18:49:02 | 000,000,016 | -H-- | C] () -- C:\Program Files\mxfilerelatedcache.mxc2
[2008.09.07 18:49:02 | 000,000,016 | -H-- | C] () -- C:\Program Files (x86)\mxfilerelatedcache.mxc2
[2008.06.18 18:24:46 | 000,000,116 | ---- | C] () -- C:\windows\NeroDigital.ini
[2008.06.14 00:24:12 | 000,089,312 | ---- | C] () -- C:\windows\SysWow64\acedrv09.dll
[2008.06.14 00:17:06 | 000,010,240 | ---- | C] () -- C:\windows\SysWow64\vidx16.dll
[2008.06.14 00:02:00 | 000,006,768 | ---- | C] () -- C:\windows\mgxoschk.ini
[2008.06.13 23:58:11 | 000,000,400 | ---- | C] () -- C:\windows\ODBC.INI
[2008.06.02 22:52:00 | 000,000,034 | ---- | C] () -- C:\windows\cdplayer.ini
[2008.05.23 05:15:09 | 000,002,048 | --S- | C] () -- C:\windows\bootstat.dat
[2008.05.22 21:58:17 | 000,004,161 | ---- | C] () -- C:\windows\ODBCINST.INI
[2008.05.22 20:42:39 | 000,010,288 | ---- | C] () -- C:\windows\SysWow64\drivers\ASUSHWIO.SYS
[2008.05.22 20:42:25 | 000,765,952 | ---- | C] () -- C:\windows\SysWow64\xvidcore.dll
[2008.05.22 20:42:25 | 000,180,224 | ---- | C] () -- C:\windows\SysWow64\xvidvfw.dll
[2008.05.22 20:42:11 | 003,596,288 | ---- | C] () -- C:\windows\SysWow64\qt-dx331.dll
[2008.05.22 20:42:10 | 000,198,656 | ---- | C] () -- C:\windows\SysWow64\psisdecd.dll
[2008.05.22 20:42:09 | 001,150,342 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2008.05.22 20:41:48 | 000,831,488 | ---- | C] () -- C:\windows\SysWow64\divx_xx0a.dll
[2008.05.22 20:41:48 | 000,012,288 | ---- | C] () -- C:\windows\SysWow64\DivXWMPExtType.dll
[2008.05.22 20:41:41 | 000,663,552 | ---- | C] () -- C:\windows\SysWow64\ati2saag.exe
[2008.05.22 20:41:30 | 000,000,166 | ---- | C] () -- C:\windows\wininit.ini
[2008.05.22 20:41:26 | 000,000,000 | ---- | C] () -- C:\windows\nsreg.dat
[2008.05.22 20:41:23 | 000,007,867 | ---- | C] () -- C:\windows\Irremote.ini
[2008.05.22 20:41:21 | 000,021,209 | ---- | C] () -- C:\windows\Ascd_tmp.ini
[2008.05.22 20:41:21 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2008.05.22 20:35:24 | 000,022,040 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\addon.dat
[2008.05.22 20:33:00 | 000,099,328 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.05.22 20:29:12 | 000,004,886 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\amjmwaey.gaf
[2008.05.22 20:29:12 | 000,001,767 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007.10.25 18:26:10 | 000,005,632 | ---- | C] () -- C:\windows\SysWow64\drivers\StarOpen.sys
[2007.06.19 08:59:36 | 000,070,400 | ---- | C] () -- C:\windows\SysWow64\PhysXLoader.dll
[2007.04.20 07:57:30 | 000,053,248 | ---- | C] () -- C:\windows\SysWow64\AgCPanelTraditionalChinese.dll
[2007.04.20 07:57:28 | 000,053,248 | ---- | C] () -- C:\windows\SysWow64\AgCPanelSwedish.dll
[2007.04.20 07:57:28 | 000,053,248 | ---- | C] () -- C:\windows\SysWow64\AgCPanelSpanish.dll
[2007.04.20 07:57:28 | 000,053,248 | ---- | C] () -- C:\windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2007.04.20 07:57:28 | 000,053,248 | ---- | C] () -- C:\windows\SysWow64\AgCPanelPortugese.dll
[2007.04.20 07:57:28 | 000,053,248 | ---- | C] () -- C:\windows\SysWow64\AgCPanelKorean.dll
[2007.04.20 07:57:28 | 000,053,248 | ---- | C] () -- C:\windows\SysWow64\AgCPanelJapanese.dll
[2007.04.20 07:57:28 | 000,053,248 | ---- | C] () -- C:\windows\SysWow64\AgCPanelGerman.dll
[2007.04.20 07:57:28 | 000,053,248 | ---- | C] () -- C:\windows\SysWow64\AgCPanelFrench.dll
[2006.04.04 14:00:00 | 000,733,696 | ---- | C] () -- C:\windows\SysWow64\qedwipes.dll
[2006.04.04 14:00:00 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat
[2006.04.04 14:00:00 | 000,512,512 | ---- | C] () -- C:\windows\SysWow64\qedit.dll
[2006.04.04 14:00:00 | 000,498,742 | ---- | C] () -- C:\windows\SysWow64\dxmasf.dll
[2006.04.04 14:00:00 | 000,396,288 | ---- | C] () -- C:\windows\SysWow64\encdec.dll
[2006.04.04 14:00:00 | 000,385,536 | ---- | C] () -- C:\windows\SysWow64\qdvd.dll
[2006.04.04 14:00:00 | 000,355,112 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2006.04.04 14:00:00 | 000,279,040 | ---- | C] () -- C:\windows\SysWow64\qdv.dll
[2006.04.04 14:00:00 | 000,276,992 | ---- | C] () -- C:\windows\SysWow64\sbe.dll
[2006.04.04 14:00:00 | 000,199,168 | ---- | C] () -- C:\windows\SysWow64\ir32_32.dll
[2006.04.04 14:00:00 | 000,192,512 | ---- | C] () -- C:\windows\SysWow64\qcap.dll
[2006.04.04 14:00:00 | 000,114,688 | ---- | C] () -- C:\windows\SysWow64\msencode.dll
[2006.04.04 14:00:00 | 000,072,704 | ---- | C] () -- C:\windows\SysWow64\amstream.dll
[2006.04.04 14:00:00 | 000,062,464 | ---- | C] () -- C:\windows\SysWow64\mciqtz32.dll
[2006.04.04 14:00:00 | 000,061,440 | ---- | C] () -- C:\windows\SysWow64\devenum.dll
[2006.04.04 14:00:00 | 000,055,808 | ---- | C] () -- C:\windows\SysWow64\dvdplay.exe
[2006.04.04 14:00:00 | 000,046,907 | ---- | C] () -- C:\windows\mib.bin
[2006.04.04 14:00:00 | 000,016,896 | ---- | C] () -- C:\windows\SysWow64\tsd32.dll
[2006.04.04 14:00:00 | 000,014,336 | ---- | C] () -- C:\windows\SysWow64\msdmo.dll
[2006.04.04 14:00:00 | 000,012,498 | ---- | C] () -- C:\windows\SysWow64\append.exe
[2006.04.04 14:00:00 | 000,004,126 | ---- | C] () -- C:\windows\SysWow64\msdxmlc.dll
[2006.04.04 14:00:00 | 000,001,129 | ---- | C] () -- C:\windows\SysWow64\vwipxspx.exe
[2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\windows\SysWow64\OUTLPERF.INI
 
========== LOP Check ==========
 
[2010.10.19 20:25:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\2K Sports
[2011.03.29 15:46:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BabylonToolbar
[2011.06.25 21:28:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\dBpoweramp
[2011.01.20 18:38:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DVDVideoSoftIEHelpers
[2008.05.22 20:35:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Easy Thumbnails
[2009.08.16 14:07:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\EPSON
[2010.05.29 21:58:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Facebook
[2009.05.26 20:20:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Gamelab
[2008.05.22 20:35:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GetRightToGo
[2011.07.08 13:19:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\gtk-2.0
[2008.12.27 01:21:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Helios
[2008.05.22 20:35:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ICQ Toolbar
[2008.05.22 20:35:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ICQLite
[2011.02.12 17:13:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ID3-TagIT 3
[2010.10.07 13:29:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Leadertech
[2008.10.31 19:30:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MAGIX
[2008.05.22 20:35:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Miranda
[2009.12.26 14:48:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\NCH Swift Sound
[2009.02.15 01:29:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OpenOffice.org
[2009.11.05 04:16:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ppstream
[2011.07.31 20:26:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PriceGong
[2009.12.25 14:10:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\QIP
[2010.10.12 13:37:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\QipGuard
[2009.12.25 14:25:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Samsung
[2011.01.03 05:12:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Teeworlds
[2009.07.13 12:38:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Thunderbird
[2008.05.22 20:35:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Tobit
[2008.05.22 20:35:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Ulead Systems
[2011.07.09 02:30:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2010.03.26 17:32:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Vivox
[2011.02.05 19:59:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\wargaming.net
[2008.05.22 20:35:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Xilisoft Corporation
[2010.02.28 23:21:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010.08.07 13:57:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2009.05.06 20:07:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2008.05.22 20:30:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FREEDB
[2008.12.04 17:39:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICQ
[2008.05.22 21:16:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ID3-TagIT 3
[2010.09.29 18:01:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\KONAMI
[2009.01.01 18:04:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Last.fm
[2008.10.31 19:30:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MAGIX
[2010.04.25 10:36:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2008.05.22 20:29:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2011.07.25 15:45:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Redirected
[2009.05.26 20:32:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009.05.06 20:16:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2008.05.22 20:29:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2011.09.15 02:12:11 | 000,032,604 | ---- | M] () -- C:\windows\Tasks\SchedLgU.Txt
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2009.09.08 12:08:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings
[2008.10.08 13:58:47 | 000,000,000 | ---D | M] -- C:\DVDVideoSoft
[2011.06.06 20:45:32 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.08.10 10:32:40 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2011.05.24 10:49:49 | 000,000,000 | -H-D | M] -- C:\Recycle.Bin
[2009.07.13 13:00:38 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2011.03.16 17:34:34 | 000,000,000 | ---D | M] -- C:\spoolerlogs
[2011.09.15 02:31:26 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.09.07 20:50:19 | 000,000,000 | -H-D | M] -- C:\SystemData
[2011.09.15 02:14:27 | 000,000,000 | ---D | M] -- C:\WINDOWS
 
< %PROGRAMFILES%\*.exe >
 
Invalid Environment Variable: LOCALAPPDATA
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.manifest /3 >
[2 C:\windows\system32\*.tmp files -> C:\windows\system32\*.tmp -> ]
 
 
< MD5 for: EXPLORER.EXE  >
[2007.02.18 11:05:28 | 001,053,184 | ---- | M] (Microsoft Corporation) MD5=A26C39540F8BE3729846E360E2C57344 -- C:\WINDOWS\SysWOW64\explorer.exe
[2007.02.17 00:20:36 | 001,364,480 | ---- | M] (Microsoft Corporation) MD5=AE7A08C05F72A9242734C03230A5CD7F -- C:\WINDOWS\explorer.exe
[2007.02.17 00:20:36 | 001,364,480 | ---- | M] (Microsoft Corporation) MD5=AE7A08C05F72A9242734C03230A5CD7F -- C:\WINDOWS\ServicePackFiles\amd64\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2007.02.18 10:59:54 | 000,224,768 | ---- | M] (Microsoft Corporation) MD5=0F4DB85E5FF5E203A94FDC5059E89297 -- C:\WINDOWS\regedit.exe
[2007.02.18 11:05:48 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=0F4DB85E5FF5E203A94FDC5059E89297 -- C:\WINDOWS\SysWOW64\regedit.exe
[2007.02.18 10:59:54 | 000,224,768 | ---- | M] (Microsoft Corporation) MD5=872A60B75CE6A09033FBE2461D44E696 -- C:\WINDOWS\ServicePackFiles\amd64\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2007.02.17 01:00:56 | 000,039,424 | ---- | M] (Microsoft Corporation) MD5=438393CC0B5122B5D988BD7BA05FE3C9 -- C:\WINDOWS\ServicePackFiles\amd64\userinit.exe
[2007.02.18 11:05:56 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=B5FEB3B971A8B8C81CE9DE65031A87E5 -- C:\WINDOWS\SysWOW64\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2007.02.17 01:02:56 | 000,944,128 | ---- | M] (Microsoft Corporation) MD5=901C7E44D11C00CA9D48BA1A866FDC4B -- C:\WINDOWS\ServicePackFiles\amd64\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F50F1555

< End of report >
--- --- ---

kira 15.09.2011 07:48
Hallo und Herzlich Willkommen! :)

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:
Zitat:
  • "Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
    - da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
    - also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
  • Charakteristische Merkmale/Profilinformationen:
    - aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du herauslöschen oder durch [X] ersetzen
  • Die Systemprüfung und Bereinigung:
    - kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
  • Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
  • Innerhalb der Betreuungszeit:
    - ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
  • Die Reihenfolge:
    - genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
  • GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
  • Ansonsten unsere Forumsregeln:
    - Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?
  • Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen:)
- Deine Festplatte scheint mir etwas zugemüllt zu sein.. :o

Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.
läuft unter XP, Vista mit (32Bit) und Windows 7 (32Bit)
Achtung!:
WENN GMER NICHT AUSGEFÜHRT WERDEN KANN ODER PROBMLEME VERURSACHT, fahre mit dem nächsten Punkt fort!
Um einen tieferen Einblick in dein System, um eine mögliche Infektion mit einem Rootkit/Info v.wikipedia.org) aufzuspüren, werden wir ein Tool - Gmer - einsetzen :
  • - also lade Dir Gmer herunter und entpacke es auf deinen Desktop
    - starte gmer.exe
    - [b]schließe alle Programme, ausserdem Antiviren und andere Schutzprogramme usw müssen deaktiviert sein, keine Verbindung zum Internet, WLAN auch trennen)
    - bitte nichts am Pc machen während der Scan läuft!
    - "Show all" soll nicht angehakt sein! dann klicke auf "Scan", um das Tool zu starten
    - wenn der Scan fertig ist klicke auf "Copy" (das Log wird automatisch in die Zwischenablage kopiert) und mit STRG + V musst Du gleich da einfügen
    - mit "Ok" wird Gmer beendet.
    - das Log aus der Zwischenablage hier in Deinem Thread vollständig hineinkopieren

** keine Verbindung zu einem Netzwerk und Internet - WLAN nicht vergessen
Wenn der Scan beendet ist, bitte alle Programme und Tools wieder aktivieren!
** kannst Du das Log bei File-Upload.net/kostenlos hochladen und den Link mir hier posten.
Anleitung:-> GMER - Rootkit Scanner

2.
Lade Dir Malwarebytes Anti-Malware von→ malwarebytes.org
  • Installieren und per Doppelklick starten.
  • Deutsch einstellen und gleich mal die Datenbanken zu aktualisieren - online updaten
  • "Komplett Scan durchführen" wählen (überall Haken setzen)
  • wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
  • Alle Funde - falls MBAM meldet in C:\System Volume Information - den Haken bitte entfernen - markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
  • Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"
eine bebilderte Anleitung findest Du hier: Anleitung

3.
erneut einen Scan mit OTL:
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

4.
Ich würde gerne noch all deine installierten Programme sehen:
Lade dir das Tool Ccleaner herunter
Download
installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ falls nötig - unter Options settings-> "german" einstellen
dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..."
wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein

Zitat:
Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B hjtsanlist o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw
gruß
kira

21stparanoid 16.09.2011 13:54
Moin,
Ich habe ein 64 bit XP Betriebssystem (SP3), GMER fällt also weg oder?

ccleaner und MBAM hab ich runtergeladen, jetzt anwenden?
Grüße,
Moltay

kira 16.09.2011 20:13
Ich habe ein 64 bit XP Betriebssystem (SP3), GMER fällt also weg oder?

Ja...

ccleaner und MBAM hab ich runtergeladen, jetzt anwenden?
Ja...

21stparanoid 17.09.2011 02:15
moin,
MBAM hat noch gut was gefunden...
1. MBAM scan
Code:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 7728

Windows 5.2.3790 Service Pack 2
Internet Explorer 8.0.6001.18702

16.09.2011 20:54:01
mbam-log-2011-09-16 (20-54-01).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|I:\|J:\|K:\|L:\|M:\|)
Durchsuchte Objekte: 333208
Laufzeit: 57 Minute(n), 49 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 4
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 1
Infizierte Dateien: 4

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\M5T8QL3YW3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SSHNAS (Trojan.Renos) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\4E3E0230AEBB4E96 (Trojan.SpyEyes) -> Value: 4E3E0230AEBB4E96 -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
c:\Recycle.Bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\documents and settings\administrator\local settings\Temp\comver.dll (Adware.GameSpyArcade) -> Quarantined and deleted successfully.
d:\***\CAD\autodesk inventor series r10 keygen.exe (Malware.Gen) -> Not selected for removal.
c:\documents and settings\administrator\application data\addon.dat (Malware.Trace) -> Quarantined and deleted successfully.
c:\Recycle.Bin\config.bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.
2. MBAM scan
Code:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 7728

Windows 5.2.3790 Service Pack 2
Internet Explorer 8.0.6001.18702

16.09.2011 22:43:44
mbam-log-2011-09-16 (22-43-44).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|I:\|J:\|K:\|L:\|M:\|)
Durchsuchte Objekte: 333170
Laufzeit: 54 Minute(n), 25 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
d:\***\CAD\autodesk inventor series r10 keygen.exe (Malware.Gen) -> Quarantined and deleted successfully.
OTL log:
OTL Logfile:
Code:
OTL logfile created on: 17.09.2011 00:27:14 - Run 2
OTL by OldTimer - Version 3.2.28.0    Folder = C:\Documents and Settings\Administrator\Desktop\fight the virus
64bit-Windows Server 2003  Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,31 Gb Available Physical Memory | 65,31% Memory free
3,87 Gb Paging File | 3,42 Gb Available in Paging File | 88,42% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48,83 Gb Total Space | 1,62 Gb Free Space | 3,32% Space Free | Partition Type: NTFS
Drive D: | 184,05 Gb Total Space | 23,68 Gb Free Space | 12,87% Space Free | Partition Type: NTFS
 
Computer Name: XYJLT4GFLO6VZAN | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.09.15 02:06:47 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\fight the virus\OTL.exe
PRC - [2011.09.06 22:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011.09.06 22:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011.08.31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010.09.29 15:20:46 | 000,190,928 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\QipGuard\QipGuard.exe
PRC - [2010.08.05 02:35:30 | 000,066,872 | ---- | M] () -- C:\WINDOWS\SysWOW64\PnkBstrA.exe
PRC - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Documents and Settings\Administrator\Desktop\***\uni\vpn client\vpn client 4\cvpnd.exe
PRC - [2008.04.17 14:14:00 | 000,102,712 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2008.04.17 14:14:00 | 000,098,616 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.09.16 09:13:35 | 001,567,744 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\11091600\algo.dll
MOD - [2011.09.16 01:02:37 | 000,208,544 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\11091600\aswRep.dll
MOD - [2010.09.29 15:20:46 | 000,190,928 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\QipGuard\QipGuard.exe
MOD - [2010.08.05 02:35:30 | 000,066,872 | ---- | M] () -- C:\WINDOWS\SysWOW64\PnkBstrA.exe
MOD - [2010.03.23 13:26:48 | 000,201,512 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\***\uni\vpn client\vpn client 4\vpnapi.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.09.06 22:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011.02.11 23:23:34 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.08.04 14:34:48 | 002,329,480 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2010.08.05 02:35:30 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\WINDOWS\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Documents and Settings\Administrator\Desktop\***\uni\vpn client\vpn client 4\cvpnd.exe -- (CVPND)
SRV - [2008.07.25 11:17:02 | 000,069,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.04.17 14:14:00 | 000,102,712 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008.03.28 21:05:00 | 000,663,552 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\SysWOW64\ati2saag.exe -- (ATI Smart)
SRV - [2007.02.17 00:44:20 | 000,077,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchsvc.dll -- (helpsvc)
SRV - [2006.12.14 18:00:00 | 000,544,768 | ---- | M] (Magix AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService)
SRV - [2006.10.18 20:05:24 | 000,913,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)
SRV - [2005.11.17 15:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2009.07.13 13:09:44 | 000,073,312 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\windows\SysWow64\drivers\adfs.sys -- (adfs)
DRV - [2006.04.04 14:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\windows\SysWow64\mnmdd.dll -- (mnmdd)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.qip.ru/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://vshare.toolbarhome.com/?hp=df
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.qip.ru/ie
IE - HKCU\..\URLSearchHook:  - Reg Error: CLSID key missing. File not found
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official"
FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19.1
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2
FF - prefs.js..extensions.enabledItems: es-es@dictionaries.addons.mozilla.org:1.5
FF - prefs.js..extensions.enabledItems: dictionary-switcher@design-noir.de:1.3.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:5.0.1
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110704
FF - prefs.js..extensions.enabledItems: radiobar@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.2.6
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.7
FF - prefs.js..extensions.enabledItems: {43c35458-c907-439b-bcfd-07d373834689}:2.2.1
FF - prefs.js..extensions.enabledItems: QipCounter@qip.ru:1.0
FF - prefs.js..extensions.enabledItems: {32a1fd71-835e-4b11-8e54-886fda0b4c89}:1.1
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.2
FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.1.3
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.4
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: wrc@avast.com:6.0.1289
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=bc843d900000000000007a7900000002&tlver=1.4.19.19&instlRef=sst&ss=1&affID=17395&q="
 
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Administrator\Application Data\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: D:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: D:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: D:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Administrator\Application Data\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Administrator\Application Data\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011.09.08 01:36:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.03.12 18:18:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.04.30 14:28:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.22\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2009.08.03 17:05:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.22\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011.03.12 18:18:27 | 000,000,000 | ---D | M]
 
[2010.07.24 12:41:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Extensions
[2010.03.26 17:31:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Extensions\IMVUClientXUL@imvu.com
[2010.07.24 12:41:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Extensions\mozswing@mozswing.org
[2011.09.16 19:39:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ii23qwue.default\extensions
[2010.06.28 23:58:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ii23qwue.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.10.11 20:20:51 | 000,000,000 | ---D | M] (QipAuthorizer) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ii23qwue.default\extensions\{32a1fd71-835e-4b11-8e54-886fda0b4c89}
[2010.08.26 17:17:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ii23qwue.default\extensions\{43c35458-c907-439b-bcfd-07d373834689}
[2011.08.03 09:05:39 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ii23qwue.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.08.03 09:05:36 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ii23qwue.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011.08.03 09:05:39 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ii23qwue.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011.01.20 18:38:25 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ii23qwue.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.08.03 09:05:36 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ii23qwue.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.08.03 09:05:39 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ii23qwue.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011.08.03 09:05:32 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ii23qwue.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2011.08.03 09:05:33 | 000,000,000 | ---D | M] (Dictionary Switcher) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ii23qwue.default\extensions\dictionary-switcher@design-noir.de
[2011.08.03 09:05:32 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ii23qwue.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2011.08.03 09:05:35 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ii23qwue.default\extensions\engine@conduit.com
[2011.08.03 09:07:07 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ii23qwue.default\extensions\en-US@dictionaries.addons.mozilla.org
[2011.08.03 09:05:33 | 000,000,000 | ---D | M] (Diccionario de Español/España) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ii23qwue.default\extensions\es-es@dictionaries.addons.mozilla.org
[2010.10.11 20:21:01 | 000,000,000 | ---D | M] ("QipCounter") -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ii23qwue.default\extensions\QipCounter@qip.ru
[2010.05.05 13:30:54 | 000,000,000 | ---D | M] (RadioBar Toolbar) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ii23qwue.default\extensions\radiobar@toolbar
[2011.01.23 23:49:41 | 000,000,000 | ---D | M] (vShare) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ii23qwue.default\extensions\vshare@toolbar
[2011.01.20 18:44:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\wc0vcnln.default\extensions
[2011.01.20 18:44:29 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\wc0vcnln.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011.01.20 18:38:25 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\wc0vcnln.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.09.15 05:26:00 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-1.xml
[2008.04.17 22:13:19 | 000,000,949 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-10.xml
[2008.07.04 11:41:42 | 000,000,949 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-11.xml
[2008.07.17 07:27:03 | 000,000,949 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-12.xml
[2008.07.17 22:58:47 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-13.xml
[2008.12.04 17:39:50 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-14.xml
[2008.12.14 04:41:39 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-15.xml
[2008.12.17 22:55:43 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-16.xml
[2009.02.05 18:02:33 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-17.xml
[2009.03.07 03:06:34 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-18.xml
[2009.03.28 21:40:03 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-19.xml
[2007.08.01 15:09:59 | 000,000,949 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-2.xml
[2009.04.13 00:08:48 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-20.xml
[2009.04.22 17:42:34 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-21.xml
[2009.05.06 18:17:43 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-22.xml
[2009.07.13 12:38:07 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-23.xml
[2009.07.17 19:51:58 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-24.xml
[2009.08.04 22:16:54 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-25.xml
[2009.09.11 16:27:43 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-26.xml
[2009.11.21 23:34:54 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-27.xml
[2009.12.16 14:49:16 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-28.xml
[2009.12.25 14:13:53 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-29.xml
[2007.09.19 22:45:12 | 000,000,949 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-3.xml
[2010.02.18 22:19:30 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-30.xml
[2010.03.13 02:59:59 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-31.xml
[2010.03.24 11:25:25 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-32.xml
[2010.04.02 19:48:43 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-33.xml
[2010.06.23 18:01:50 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-34.xml
[2010.07.21 20:32:23 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-35.xml
[2010.07.25 14:29:33 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-36.xml
[2010.10.11 20:24:20 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-37.xml
[2007.10.20 10:49:43 | 000,000,949 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-4.xml
[2007.11.02 12:46:20 | 000,000,949 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-5.xml
[2007.11.30 21:18:05 | 000,000,949 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-6.xml
[2007.12.02 12:28:59 | 000,000,949 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-7.xml
[2008.02.09 23:10:24 | 000,000,949 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-8.xml
[2008.03.27 02:20:53 | 000,000,949 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin-9.xml
[2011.06.20 10:45:18 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin.gif
[2011.06.20 10:45:18 | 000,000,618 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin.src
[2008.11.18 14:56:02 | 000,000,944 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\icqplugin.xml
[2010.10.12 13:37:08 | 000,002,062 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\qip-search.xml
[2011.01.23 23:49:49 | 000,001,583 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ii23qwue.default\searchplugins\web-search.xml
[2011.09.15 05:25:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2008.12.04 17:39:45 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files (x86)\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.03.28 19:30:03 | 000,000,000 | ---D | M] (Babylon) -- C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com
[2009.07.13 11:45:14 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES (X86)\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011.09.08 01:36:27 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF
[2008.05.13 03:50:42 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\msvcm80.dll
[2008.05.13 03:50:42 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\msvcp80.dll
[2008.05.13 03:50:42 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\msvcr80.dll
[2011.04.12 09:55:08 | 000,167,704 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2010.03.13 02:59:41 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.03.13 02:59:41 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.03.13 02:59:41 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.03.13 02:59:41 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.03.13 02:59:41 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
Hosts file not found
O2 - BHO: (CescrtHlpr Object) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (QipLI Class) - {6B5863A0-C43F-4C0A-982B-CC0E9125783F} - C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\qstatsrv.dll (TODO: <Company name>)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (QIPBHO Class) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3:64bit: - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - %SystemRoot%\system32\browseui.dll File not found
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - %SystemRoot%\system32\browseui.dll File not found
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - %SystemRoot%\system32\SHELL32.dll File not found
O3:64bit: - HKCU\..\Toolbar\WebBrowser - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [QIP Internet Guardian] C:\Documents and Settings\Administrator\Application Data\QipGuard\QipGuard.exe ()
O4 - HKCU..\Run: [Steam] "h:\anwendungen\steam\steam.exe" -silent File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\vpngui.exe.lnk = C:\WINDOWS\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\Administrator\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\Administrator\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - %SystemRoot%\System32\mswsock.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - %SystemRoot%\System32\winrnr.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - %SystemRoot%\System32\mswsock.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\system32\mswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: //@install.mar@/ ([]msni in My Computer)
O15 - HKCU\..Trusted Domains: //@mail.mar@/ ([]msni in Local intranet)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1211483953078 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E4BE1B4F-485A-4A56-BFC5-6969417BFDC0}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll File not found
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\http\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\http\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\https\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\https\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll File not found
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - %SystemRoot%\system32\inetcomm.dll File not found
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll File not found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - %SystemRoot%\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll File not found
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - %SystemRoot%\system32\SHELL32.dll File not found
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -  File not found
O20:64bit: - HKLM Winlogon: UIHost - (%SystemRoot%\system32\logonui.exe) -  File not found
O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: System - (lsass.exe) - File not found
O20 - HKLM Winlogon: UserInit - (userinit) -C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) -  File not found
O20:64bit: - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) -  File not found
O20:64bit: - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) -  File not found
O20:64bit: - Winlogon\Notify\cscdll: DllName - (cscdll.dll) -  File not found
O20:64bit: - Winlogon\Notify\dimsntfy: DllName - (dimsntfy.dll) -  File not found
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) -  File not found
O20:64bit: - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) -  File not found
O20:64bit: - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) -  File not found
O20:64bit: - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) -  File not found
O20:64bit: - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) -  File not found
O20:64bit: - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) -  File not found
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) -  File not found
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) -  File not found
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) -  File not found
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) -  File not found
O21:64bit: - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll File not found
O21:64bit: - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll File not found
O21:64bit: - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll File not found
O21:64bit: - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll File not found
O22:64bit: - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - %SystemRoot%\system32\browseui.dll File not found
O22:64bit: - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - %SystemRoot%\system32\browseui.dll File not found
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Windows XP.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Windows XP.bmp
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{43c02d6a-9934-11dd-9219-0018f3fd278b}\Shell\AutoRun\command - "" = G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe
O33 - MountPoints2\{43c02d6a-9934-11dd-9219-0018f3fd278b}\Shell\open\command - "" = G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe
O33 - MountPoints2\{52bcf4c7-3176-11dd-ad7c-0018f3fd278b}\Shell\AutoRun\command - "" = RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe
O33 - MountPoints2\{52bcf4c7-3176-11dd-ad7c-0018f3fd278b}\Shell\open\command - "" = RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe
O33 - MountPoints2\{68947b47-4d1b-11dd-a2aa-0018f3fd278b}\Shell\AutoRun\command - "" = G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe
O33 - MountPoints2\{68947b47-4d1b-11dd-a2aa-0018f3fd278b}\Shell\open\command - "" = G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.09.16 19:39:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2011.09.16 19:37:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.09.16 19:37:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011.09.16 19:37:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.09.15 02:04:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\fight the virus
[2011.09.08 01:36:26 | 000,041,184 | ---- | C] (AVAST Software) -- C:\windows\avastSS.scr
[2011.08.30 19:24:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\PAP1
[4 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[2 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
[1 C:\Documents and Settings\Administrator\My Documents\*.tmp files -> C:\Documents and Settings\Administrator\My Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.09.17 00:24:40 | 000,002,576 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\vpngui.exe.lnk
[2011.09.17 00:24:31 | 000,002,048 | --S- | M] () -- C:\windows\bootstat.dat
[2011.09.16 19:37:39 | 000,000,832 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.09.16 17:08:28 | 000,099,328 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.09.15 02:11:47 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\Administrator\defogger_reenable
[2011.09.15 02:09:48 | 000,000,970 | ---- | M] () -- C:\windows\imsins.BAK
[2011.09.13 02:31:16 | 000,001,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011.09.13 02:31:16 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\config.nt
[2011.09.06 22:45:29 | 000,199,304 | ---- | M] (AVAST Software) -- C:\windows\SysWow64\aswBoot.exe
[2011.09.06 22:45:29 | 000,041,184 | ---- | M] (AVAST Software) -- C:\windows\avastSS.scr
[2011.09.02 19:28:22 | 000,000,116 | ---- | M] () -- C:\windows\NeroDigital.ini
[2011.08.28 23:43:14 | 001,549,781 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\eBookReaderKompatibilitaetsliste_Onleihe[6].pdf
[2011.08.28 23:41:53 | 001,549,781 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\eBookReaderKompatibilitaetsliste_Onleihe[5].pdf
[2011.08.28 23:37:41 | 001,549,781 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\eBookReaderKompatibilitaetsliste_Onleihe[4].pdf
[2011.08.28 23:34:06 | 001,526,924 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\eBookReaderKompatibilitaetsliste_Onleihe[3].pdf
[2011.08.28 23:29:27 | 001,549,781 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\eBookReaderKompatibilitaetsliste_Onleihe[2].pdf
[2011.08.27 15:47:08 | 000,000,296 | ---- | M] () -- C:\windows\tasks\AppleSoftwareUpdate.job
[4 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[2 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
[1 C:\Documents and Settings\Administrator\My Documents\*.tmp files -> C:\Documents and Settings\Administrator\My Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.09.16 19:37:39 | 000,000,832 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.09.15 02:11:47 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\Administrator\defogger_reenable
[2011.08.28 23:42:46 | 001,549,781 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\eBookReaderKompatibilitaetsliste_Onleihe[6].pdf
[2011.08.28 23:41:23 | 001,549,781 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\eBookReaderKompatibilitaetsliste_Onleihe[5].pdf
[2011.08.28 23:36:53 | 001,549,781 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\eBookReaderKompatibilitaetsliste_Onleihe[4].pdf
[2011.08.28 23:30:42 | 001,526,924 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\eBookReaderKompatibilitaetsliste_Onleihe[3].pdf
[2011.08.28 23:28:16 | 001,549,781 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\eBookReaderKompatibilitaetsliste_Onleihe[2].pdf
[2011.06.25 20:57:10 | 006,904,040 | ---- | C] () -- C:\windows\SysWow64\SpoonUninstall.exe
[2011.06.25 20:57:10 | 000,017,838 | ---- | C] () -- C:\windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat
[2011.02.11 23:23:34 | 000,053,299 | ---- | C] () -- C:\windows\SysWow64\pthreadVC.dll
[2010.12.26 00:07:35 | 000,158,544 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010.08.04 00:45:46 | 000,066,872 | ---- | C] () -- C:\windows\SysWow64\PnkBstrA.exe
[2010.08.04 00:45:41 | 000,103,736 | ---- | C] () -- C:\windows\SysWow64\PnkBstrB.exe
[2010.05.12 15:43:50 | 000,043,520 | ---- | C] () -- C:\windows\SysWow64\CmdLineExt03.dll
[2010.04.19 22:54:07 | 000,000,280 | ---- | C] () -- C:\Program Files (x86)\Verknüpfung mit Daten (D).lnk
[2010.04.17 19:09:10 | 000,000,035 | ---- | C] () -- C:\windows\WorldBuilder.INI
[2010.02.18 03:23:44 | 000,001,180 | ---- | C] () -- C:\windows\eReg.dat
[2010.01.04 11:21:28 | 000,001,723 | ---- | C] () -- C:\windows\TSearch.INI
[2009.12.25 14:25:58 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\$_hpcst$.hpc
[2009.11.05 04:33:15 | 000,000,020 | ---- | C] () -- C:\windows\powerplayer.ini
[2009.11.05 04:32:03 | 000,000,149 | ---- | C] () -- C:\windows\psnetwork.ini
[2009.08.02 01:12:22 | 000,000,000 | ---- | C] () -- C:\windows\EEventManager.INI
[2009.08.01 18:14:28 | 000,000,025 | ---- | C] () -- C:\windows\CDE V30V300DEFGIPSRUk.ini
[2009.05.28 01:46:16 | 000,000,016 | -H-- | C] () -- C:\Documents and Settings\Administrator\Application Data\mxfilerelatedcache.mxc2
[2009.05.07 00:19:26 | 000,000,029 | ---- | C] () -- C:\windows\DEBUGSM.INI
[2009.05.06 20:14:15 | 000,111,932 | ---- | C] () -- C:\windows\SysWow64\EPPICPrinterDB.dat
[2009.05.06 20:14:15 | 000,031,053 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern131.dat
[2009.05.06 20:14:15 | 000,027,417 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern121.dat
[2009.05.06 20:14:15 | 000,026,154 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern1.dat
[2009.05.06 20:14:15 | 000,024,903 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern3.dat
[2009.05.06 20:14:15 | 000,021,390 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern5.dat
[2009.05.06 20:14:15 | 000,020,148 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern2.dat
[2009.05.06 20:14:15 | 000,011,811 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern4.dat
[2009.05.06 20:14:15 | 000,004,943 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern6.dat
[2009.05.06 20:14:15 | 000,001,146 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_DU.dat
[2009.05.06 20:14:15 | 000,001,139 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_PT.dat
[2009.05.06 20:14:15 | 000,001,139 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_BP.dat
[2009.05.06 20:14:15 | 000,001,136 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_ES.dat
[2009.05.06 20:14:15 | 000,001,129 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_FR.dat
[2009.05.06 20:14:15 | 000,001,129 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_CF.dat
[2009.05.06 20:14:15 | 000,001,120 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_IT.dat
[2009.05.06 20:14:15 | 000,001,107 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_GE.dat
[2009.05.06 20:14:15 | 000,001,104 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_EN.dat
[2009.05.06 20:14:15 | 000,000,097 | ---- | C] () -- C:\windows\SysWow64\PICSDK.ini
[2009.05.06 20:08:46 | 000,000,025 | ---- | C] () -- C:\windows\CDE ESP1400Euro.ini
[2009.04.18 19:00:48 | 000,000,013 | ---- | C] () -- C:\windows\msgtn.ini
[2009.03.03 14:06:48 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2009.01.14 17:11:57 | 000,314,427 | ---- | C] () -- C:\windows\War3Unin.dat
[2008.12.21 05:48:24 | 001,278,464 | ---- | C] () -- C:\windows\SysWow64\quartz.dll
[2008.10.09 22:13:00 | 000,000,016 | -H-- | C] () -- C:\Program Files (x86)\Common Files\mxfilerelatedcache.mxc2
[2008.10.09 11:53:03 | 000,000,046 | ---- | C] () -- C:\windows\Goya.INI
[2008.09.07 18:49:02 | 000,000,016 | -H-- | C] () -- C:\Program Files\mxfilerelatedcache.mxc2
[2008.09.07 18:49:02 | 000,000,016 | -H-- | C] () -- C:\Program Files (x86)\mxfilerelatedcache.mxc2
[2008.06.18 18:24:46 | 000,000,116 | ---- | C] () -- C:\windows\NeroDigital.ini
[2008.06.14 00:24:12 | 000,089,312 | ---- | C] () -- C:\windows\SysWow64\acedrv09.dll
[2008.06.14 00:17:06 | 000,010,240 | ---- | C] () -- C:\windows\SysWow64\vidx16.dll
[2008.06.14 00:02:00 | 000,006,768 | ---- | C] () -- C:\windows\mgxoschk.ini
[2008.06.13 23:58:11 | 000,000,400 | ---- | C] () -- C:\windows\ODBC.INI
[2008.06.02 22:52:00 | 000,000,034 | ---- | C] () -- C:\windows\cdplayer.ini
[2008.05.23 05:15:09 | 000,002,048 | --S- | C] () -- C:\windows\bootstat.dat
[2008.05.22 21:58:17 | 000,004,161 | ---- | C] () -- C:\windows\ODBCINST.INI
[2008.05.22 20:42:39 | 000,010,288 | ---- | C] () -- C:\windows\SysWow64\drivers\ASUSHWIO.SYS
[2008.05.22 20:42:25 | 000,765,952 | ---- | C] () -- C:\windows\SysWow64\xvidcore.dll
[2008.05.22 20:42:25 | 000,180,224 | ---- | C] () -- C:\windows\SysWow64\xvidvfw.dll
[2008.05.22 20:42:11 | 003,596,288 | ---- | C] () -- C:\windows\SysWow64\qt-dx331.dll
[2008.05.22 20:42:10 | 000,198,656 | ---- | C] () -- C:\windows\SysWow64\psisdecd.dll
[2008.05.22 20:42:09 | 001,150,342 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2008.05.22 20:41:48 | 000,831,488 | ---- | C] () -- C:\windows\SysWow64\divx_xx0a.dll
[2008.05.22 20:41:48 | 000,012,288 | ---- | C] () -- C:\windows\SysWow64\DivXWMPExtType.dll
[2008.05.22 20:41:41 | 000,663,552 | ---- | C] () -- C:\windows\SysWow64\ati2saag.exe
[2008.05.22 20:41:30 | 000,000,166 | ---- | C] () -- C:\windows\wininit.ini
[2008.05.22 20:41:26 | 000,000,000 | ---- | C] () -- C:\windows\nsreg.dat
[2008.05.22 20:41:23 | 000,007,867 | ---- | C] () -- C:\windows\Irremote.ini
[2008.05.22 20:41:21 | 000,021,209 | ---- | C] () -- C:\windows\Ascd_tmp.ini
[2008.05.22 20:41:21 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2008.05.22 20:33:00 | 000,099,328 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.05.22 20:29:12 | 000,004,886 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\amjmwaey.gaf
[2008.05.22 20:29:12 | 000,001,767 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007.10.25 18:26:10 | 000,005,632 | ---- | C] () -- C:\windows\SysWow64\drivers\StarOpen.sys
[2007.06.19 08:59:36 | 000,070,400 | ---- | C] () -- C:\windows\SysWow64\PhysXLoader.dll
[2007.04.20 07:57:30 | 000,053,248 | ---- | C] () -- C:\windows\SysWow64\AgCPanelTraditionalChinese.dll
[2007.04.20 07:57:28 | 000,053,248 | ---- | C] () -- C:\windows\SysWow64\AgCPanelSwedish.dll
[2007.04.20 07:57:28 | 000,053,248 | ---- | C] () -- C:\windows\SysWow64\AgCPanelSpanish.dll
[2007.04.20 07:57:28 | 000,053,248 | ---- | C] () -- C:\windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2007.04.20 07:57:28 | 000,053,248 | ---- | C] () -- C:\windows\SysWow64\AgCPanelPortugese.dll
[2007.04.20 07:57:28 | 000,053,248 | ---- | C] () -- C:\windows\SysWow64\AgCPanelKorean.dll
[2007.04.20 07:57:28 | 000,053,248 | ---- | C] () -- C:\windows\SysWow64\AgCPanelJapanese.dll
[2007.04.20 07:57:28 | 000,053,248 | ---- | C] () -- C:\windows\SysWow64\AgCPanelGerman.dll
[2007.04.20 07:57:28 | 000,053,248 | ---- | C] () -- C:\windows\SysWow64\AgCPanelFrench.dll
[2006.04.04 14:00:00 | 000,733,696 | ---- | C] () -- C:\windows\SysWow64\qedwipes.dll
[2006.04.04 14:00:00 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat
[2006.04.04 14:00:00 | 000,512,512 | ---- | C] () -- C:\windows\SysWow64\qedit.dll
[2006.04.04 14:00:00 | 000,498,742 | ---- | C] () -- C:\windows\SysWow64\dxmasf.dll
[2006.04.04 14:00:00 | 000,396,288 | ---- | C] () -- C:\windows\SysWow64\encdec.dll
[2006.04.04 14:00:00 | 000,385,536 | ---- | C] () -- C:\windows\SysWow64\qdvd.dll
[2006.04.04 14:00:00 | 000,355,112 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2006.04.04 14:00:00 | 000,279,040 | ---- | C] () -- C:\windows\SysWow64\qdv.dll
[2006.04.04 14:00:00 | 000,276,992 | ---- | C] () -- C:\windows\SysWow64\sbe.dll
[2006.04.04 14:00:00 | 000,199,168 | ---- | C] () -- C:\windows\SysWow64\ir32_32.dll
[2006.04.04 14:00:00 | 000,192,512 | ---- | C] () -- C:\windows\SysWow64\qcap.dll
[2006.04.04 14:00:00 | 000,114,688 | ---- | C] () -- C:\windows\SysWow64\msencode.dll
[2006.04.04 14:00:00 | 000,072,704 | ---- | C] () -- C:\windows\SysWow64\amstream.dll
[2006.04.04 14:00:00 | 000,062,464 | ---- | C] () -- C:\windows\SysWow64\mciqtz32.dll
[2006.04.04 14:00:00 | 000,061,440 | ---- | C] () -- C:\windows\SysWow64\devenum.dll
[2006.04.04 14:00:00 | 000,055,808 | ---- | C] () -- C:\windows\SysWow64\dvdplay.exe
[2006.04.04 14:00:00 | 000,046,907 | ---- | C] () -- C:\windows\mib.bin
[2006.04.04 14:00:00 | 000,016,896 | ---- | C] () -- C:\windows\SysWow64\tsd32.dll
[2006.04.04 14:00:00 | 000,014,336 | ---- | C] () -- C:\windows\SysWow64\msdmo.dll
[2006.04.04 14:00:00 | 000,012,498 | ---- | C] () -- C:\windows\SysWow64\append.exe
[2006.04.04 14:00:00 | 000,004,126 | ---- | C] () -- C:\windows\SysWow64\msdxmlc.dll
[2006.04.04 14:00:00 | 000,001,129 | ---- | C] () -- C:\windows\SysWow64\vwipxspx.exe
[2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\windows\SysWow64\OUTLPERF.INI
 
========== LOP Check ==========
 
[2010.10.19 20:25:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\2K Sports
[2011.03.29 15:46:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BabylonToolbar
[2011.06.25 21:28:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\dBpoweramp
[2011.01.20 18:38:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DVDVideoSoftIEHelpers
[2008.05.22 20:35:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Easy Thumbnails
[2009.08.16 14:07:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\EPSON
[2010.05.29 21:58:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Facebook
[2009.05.26 20:20:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Gamelab
[2008.05.22 20:35:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GetRightToGo
[2011.07.08 13:19:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\gtk-2.0
[2008.12.27 01:21:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Helios
[2008.05.22 20:35:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ICQ Toolbar
[2008.05.22 20:35:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ICQLite
[2011.02.12 17:13:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ID3-TagIT 3
[2010.10.07 13:29:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Leadertech
[2008.10.31 19:30:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MAGIX
[2008.05.22 20:35:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Miranda
[2009.12.26 14:48:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\NCH Swift Sound
[2009.02.15 01:29:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OpenOffice.org
[2009.11.05 04:16:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ppstream
[2011.07.31 20:26:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PriceGong
[2009.12.25 14:10:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\QIP
[2010.10.12 13:37:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\QipGuard
[2009.12.25 14:25:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Samsung
[2011.01.03 05:12:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Teeworlds
[2009.07.13 12:38:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Thunderbird
[2008.05.22 20:35:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Tobit
[2008.05.22 20:35:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Ulead Systems
[2011.07.09 02:30:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2010.03.26 17:32:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Vivox
[2011.02.05 19:59:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\wargaming.net
[2008.05.22 20:35:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Xilisoft Corporation
[2010.02.28 23:21:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010.08.07 13:57:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2009.05.06 20:07:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2008.05.22 20:30:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FREEDB
[2008.12.04 17:39:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICQ
[2008.05.22 21:16:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ID3-TagIT 3
[2010.09.29 18:01:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\KONAMI
[2009.01.01 18:04:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Last.fm
[2008.10.31 19:30:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MAGIX
[2010.04.25 10:36:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2008.05.22 20:29:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2011.07.25 15:45:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Redirected
[2009.05.26 20:32:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009.05.06 20:16:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2008.05.22 20:29:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2011.09.16 22:44:03 | 000,032,604 | ---- | M] () -- C:\windows\Tasks\SchedLgU.Txt
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F50F1555

< End of report >
--- --- ---


2. teil kommt gleich...

21stparanoid 17.09.2011 02:17
OTL extras
OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 17.09.2011 00:27:14 - Run 2
OTL by OldTimer - Version 3.2.28.0    Folder = C:\Documents and Settings\Administrator\Desktop\fight the virus
64bit-Windows Server 2003  Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,31 Gb Available Physical Memory | 65,31% Memory free
3,87 Gb Paging File | 3,42 Gb Available in Paging File | 88,42% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48,83 Gb Total Space | 1,62 Gb Free Space | 3,32% Space Free | Partition Type: NTFS
Drive D: | 184,05 Gb Total Space | 23,68 Gb Free Space | 12,87% Space Free | Partition Type: NTFS
 
Computer Name: XYJLT4GFLO6VZAN | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.inf [@ = inffile] -- %SystemRoot%\System32\NOTEPAD.EXE %1
.ini [@ = inifile] -- %SystemRoot%\System32\NOTEPAD.EXE %1
.js [@ = JSFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.jse [@ = JSEFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.txt [@ = txtfile] -- %SystemRoot%\system32\NOTEPAD.EXE %1
.vbe [@ = VBEFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.vbs [@ = VBSFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.wsf [@ = WSFFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.wsh [@ = WSHFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1"
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4"
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "G:\Anwendungen\vlc\vlc.exe" --started-from-file --playlist-enqueue "%1"
Directory [compress] -- N:\Anwendungen\KGB Archiver\kgb_arch_compress.exe "%1\"
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [ID3-TagIT] -- "C:\Program Files (x86)\ID3-TagIT 3\ID3-TagIT.exe" "/P=%1" ( )
Directory [PlayWithVLC] -- "G:\Anwendungen\vlc\vlc.exe" --started-from-file --no-playlist-enqueue "%1"
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "G:\Anwendungen\vlc\vlc.exe" --started-from-file --playlist-enqueue "%1"
Directory [compress] -- N:\Anwendungen\KGB Archiver\kgb_arch_compress.exe "%1\"
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [ID3-TagIT] -- "C:\Program Files (x86)\ID3-TagIT 3\ID3-TagIT.exe" "/P=%1" ( )
Directory [PlayWithVLC] -- "G:\Anwendungen\vlc\vlc.exe" --started-from-file --no-playlist-enqueue "%1"
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
 
========== System Restore Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"C:\Program Files (x86)\ICQ6\ICQ.exe" = C:\Program Files (x86)\ICQ6\ICQ.exe:*:Enabled:ICQ6
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" = C:\Program Files (x86)\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files (x86)\TVUPlayer\TVUPlayer.exe" = C:\Program Files (x86)\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component -- (TVU networks)
"C:\Program Files (x86)\Nero\Nero 7\Nero Home\NeroHome.exe" = C:\Program Files (x86)\Nero\Nero 7\Nero Home\NeroHome.exe:*:Enabled:Nero Home -- (Nero AG)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files (x86)\KONAMI\Pro Evolution Soccer 2009\pes2009.exe" = C:\Program Files (x86)\KONAMI\Pro Evolution Soccer 2009\pes2009.exe:*:Enabled:Pro Evolution Soccer 2009
"C:\Program Files (x86)\SopCast\adv\SopAdver.exe" = C:\Program Files (x86)\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
"C:\Program Files (x86)\SopCast\SopCast.exe" = C:\Program Files (x86)\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
"C:\Program Files (x86)\TVAnts\Tvants.exe" = C:\Program Files (x86)\TVAnts\Tvants.exe:*:Enabled:TVAnts -- (Zhejiang University)
"C:\Program Files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe" = C:\Program Files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe:LocalSubNet:Enabled:Magix UPnP Service -- (Magix AG)
"D:\Program Files (x86)\Warcraft III\Frozen Throne.exe" = D:\Program Files (x86)\Warcraft III\Frozen Throne.exe:*:Enabled:Frozen Throne.exe -- (Blizzard Entertainment)
"C:\Program Files (x86)\Garena\Garena.exe" = C:\Program Files (x86)\Garena\Garena.exe:*:Enabled:Garena
"C:\Program Files\Adobe\Adobe Photoshop CS4 (64 Bit)\Photoshop.exe" = C:\Program Files\Adobe\Adobe Photoshop CS4 (64 Bit)\Photoshop.exe:*:Enabled:Photoshop.exe
"D:\***\Steam\steamapps\common\nba 2k9\nba2k9.exe" = D:\***\Steam\steamapps\common\nba 2k9\nba2k9.exe:*:Enabled:NBA 2K9
"C:\Program Files (x86)\PPStream\PPStream.exe" = C:\Program Files (x86)\PPStream\PPStream.exe:*:Enabled:PPStream -- (PPStream Inc.)
"C:\Program Files (x86)\PPStream\PPSAP.exe" = C:\Program Files (x86)\PPStream\PPSAP.exe:*:Enabled:PPS ÍøÂç¼ÓËÙÆ÷
"H:\N-Bombe!\pro evo\pes2009.exe" = H:\N-Bombe!\pro evo\pes2009.exe:*:Enabled:Pro Evolution Soccer 2009
"C:\Documents and Settings\Administrator\Desktop\pes2009.exe" = C:\Documents and Settings\Administrator\Desktop\pes2009.exe:*:Enabled:Pro Evolution Soccer 2009
"H:\N-Bombe!\Cyanide GameCenter\GameCenter\GameCenter.exe" = H:\N-Bombe!\Cyanide GameCenter\GameCenter\GameCenter.exe:*:Enabled:GameCenter
"H:\N-Bombe!\Medal of Honor\Airborne\UnrealEngine3\Binaries\MOHA.exe" = H:\N-Bombe!\Medal of Honor\Airborne\UnrealEngine3\Binaries\MOHA.exe:*:Enabled:Medal of Honor Airborne
"H:\Anwendungen\gamecenter\GameCenter\GameCenter.exe" = H:\Anwendungen\gamecenter\GameCenter\GameCenter.exe:*:Enabled:GameCenter
"H:\Anwendungen\Steam\SteamApps\bushmesser\pirates, vikings, and knights ii\hl2.exe" = H:\Anwendungen\Steam\SteamApps\bushmesser\pirates, vikings, and knights ii\hl2.exe:*:Enabled:Pirates, Vikings, & Knights II
"H:\Shortcuts\pes2009.exe" = H:\Shortcuts\pes2009.exe:*:Enabled:Pro Evolution Soccer 2009
"H:\Anwendungen\Steam\SteamApps\bushmesser\day of defeat source\hl2.exe" = H:\Anwendungen\Steam\SteamApps\bushmesser\day of defeat source\hl2.exe:*:Enabled:Day of Defeat: Source
"H:\Anwendungen\Steam\SteamApps\bushmesser\counter-strike source\hl2.exe" = H:\Anwendungen\Steam\SteamApps\bushmesser\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source
"C:0\N-Bombe!\pro evo\pes2009.exe" = C:0\N-Bombe!\pro evo\pes2009.exe:*:Enabled:Pro Evolution Soccer 2009
"L:\N-Bombe!\pro evo\pes2009.exe" = L:\N-Bombe!\pro evo\pes2009.exe:*:Enabled:Pro Evolution Soccer 2009
"C:0\Anwendungen\Steam\SteamApps\bushmesser\day of defeat source\hl2.exe" = C:0\Anwendungen\Steam\SteamApps\bushmesser\day of defeat source\hl2.exe:*:Enabled:Day of Defeat: Source
"C:0\Anwendungen\Steam\SteamApps\bushmesser\counter-strike source\hl2.exe" = C:0\Anwendungen\Steam\SteamApps\bushmesser\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source
"L:\N-Bombe!\Pro Evo 2011\pes2011.exe" = L:\N-Bombe!\Pro Evo 2011\pes2011.exe:*:Enabled:Pro Evolution Soccer 2011
"L:\N-Bombe!\NBA 2k11\nba2k11.exe" = L:\N-Bombe!\NBA 2k11\nba2k11.exe:*:Enabled:NBA 2K11
"L:\Anwendungen\Steam\SteamApps\bushmesser\pirates, vikings, and knights ii\hl2.exe" = L:\Anwendungen\Steam\SteamApps\bushmesser\pirates, vikings, and knights ii\hl2.exe:*:Enabled:Pirates, Vikings, & Knights II
"L:\Anwendungen\Steam\SteamApps\common\alien swarm\swarm.exe" = L:\Anwendungen\Steam\SteamApps\common\alien swarm\swarm.exe:*:Enabled:Alien Swarm
"L:\Anwendungen\Steam\SteamApps\bushmesser\day of defeat source\hl2.exe" = L:\Anwendungen\Steam\SteamApps\bushmesser\day of defeat source\hl2.exe:*:Enabled:Day of Defeat: Source
"L:\Anwendungen\Steam\SteamApps\bushmesser\counter-strike source\hl2.exe" = L:\Anwendungen\Steam\SteamApps\bushmesser\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source
"N:\N-Bombe!\Pro Evo 2011\pes2011.exe" = N:\N-Bombe!\Pro Evo 2011\pes2011.exe:*:Enabled:Pro Evolution Soccer 2011
"N:\Anwendungen\Steam\SteamApps\common\alien swarm\swarm.exe" = N:\Anwendungen\Steam\SteamApps\common\alien swarm\swarm.exe:*:Enabled:Alien Swarm
"N:\Anwendungen\Steam\SteamApps\bushmesser\counter-strike source\hl2.exe" = N:\Anwendungen\Steam\SteamApps\bushmesser\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source
"N:\Anwendungen\Steam\SteamApps\bushmesser\day of defeat source\hl2.exe" = N:\Anwendungen\Steam\SteamApps\bushmesser\day of defeat source\hl2.exe:*:Enabled:Day of Defeat: Source
"N:\Anwendungen\gamecenter\GameCenter(neu)\GameCenter.exe" = N:\Anwendungen\gamecenter\GameCenter(neu)\GameCenter.exe:*:Enabled:GameCenter
"N:\N-Bombe!\company of heroes\RelicCOH.exe" = N:\N-Bombe!\company of heroes\RelicCOH.exe:*:Enabled:Company of Heroes
"N:\N-Bombe!\company of heroes\RelicDownloader\RelicDownloader.exe" = N:\N-Bombe!\company of heroes\RelicDownloader\RelicDownloader.exe:*:Enabled:Relic Downloader
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"C:\Program Files (x86)\ICQ6\ICQ.exe" = C:\Program Files (x86)\ICQ6\ICQ.exe:*:Enabled:ICQ6
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" = C:\Program Files (x86)\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files (x86)\TVUPlayer\TVUPlayer.exe" = C:\Program Files (x86)\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component -- (TVU networks)
"C:\Program Files (x86)\Nero\Nero 7\Nero Home\NeroHome.exe" = C:\Program Files (x86)\Nero\Nero 7\Nero Home\NeroHome.exe:*:Enabled:Nero Home -- (Nero AG)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files (x86)\KONAMI\Pro Evolution Soccer 2009\pes2009.exe" = C:\Program Files (x86)\KONAMI\Pro Evolution Soccer 2009\pes2009.exe:*:Enabled:Pro Evolution Soccer 2009
"C:\Program Files (x86)\SopCast\adv\SopAdver.exe" = C:\Program Files (x86)\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
"C:\Program Files (x86)\SopCast\SopCast.exe" = C:\Program Files (x86)\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
"C:\Program Files (x86)\TVAnts\Tvants.exe" = C:\Program Files (x86)\TVAnts\Tvants.exe:*:Enabled:TVAnts -- (Zhejiang University)
"C:\Program Files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe" = C:\Program Files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe:LocalSubNet:Enabled:Magix UPnP Service -- (Magix AG)
"D:\Program Files (x86)\Warcraft III\Frozen Throne.exe" = D:\Program Files (x86)\Warcraft III\Frozen Throne.exe:*:Enabled:Frozen Throne.exe -- (Blizzard Entertainment)
"C:\Program Files (x86)\Garena\Garena.exe" = C:\Program Files (x86)\Garena\Garena.exe:*:Enabled:Garena
"C:\Program Files\Adobe\Adobe Photoshop CS4 (64 Bit)\Photoshop.exe" = C:\Program Files\Adobe\Adobe Photoshop CS4 (64 Bit)\Photoshop.exe:*:Enabled:Photoshop.exe
"D:\***\Steam\steamapps\common\nba 2k9\nba2k9.exe" = D:\***\Steam\steamapps\common\nba 2k9\nba2k9.exe:*:Enabled:NBA 2K9
"C:\Program Files (x86)\PPStream\PPStream.exe" = C:\Program Files (x86)\PPStream\PPStream.exe:*:Enabled:PPStream -- (PPStream Inc.)
"C:\Program Files (x86)\PPStream\PPSAP.exe" = C:\Program Files (x86)\PPStream\PPSAP.exe:*:Enabled:PPS ÍøÂç¼ÓËÙÆ÷
"H:\N-Bombe!\pro evo\pes2009.exe" = H:\N-Bombe!\pro evo\pes2009.exe:*:Enabled:Pro Evolution Soccer 2009
"C:\Documents and Settings\Administrator\Desktop\pes2009.exe" = C:\Documents and Settings\Administrator\Desktop\pes2009.exe:*:Enabled:Pro Evolution Soccer 2009
"H:\N-Bombe!\Cyanide GameCenter\GameCenter\GameCenter.exe" = H:\N-Bombe!\Cyanide GameCenter\GameCenter\GameCenter.exe:*:Enabled:GameCenter
"H:\N-Bombe!\Medal of Honor\Airborne\UnrealEngine3\Binaries\MOHA.exe" = H:\N-Bombe!\Medal of Honor\Airborne\UnrealEngine3\Binaries\MOHA.exe:*:Enabled:Medal of Honor Airborne
"H:\Anwendungen\gamecenter\GameCenter\GameCenter.exe" = H:\Anwendungen\gamecenter\GameCenter\GameCenter.exe:*:Enabled:GameCenter
"H:\Anwendungen\Steam\SteamApps\bushmesser\pirates, vikings, and knights ii\hl2.exe" = H:\Anwendungen\Steam\SteamApps\bushmesser\pirates, vikings, and knights ii\hl2.exe:*:Enabled:Pirates, Vikings, & Knights II
"H:\Shortcuts\pes2009.exe" = H:\Shortcuts\pes2009.exe:*:Enabled:Pro Evolution Soccer 2009
"H:\Anwendungen\Steam\SteamApps\bushmesser\day of defeat source\hl2.exe" = H:\Anwendungen\Steam\SteamApps\bushmesser\day of defeat source\hl2.exe:*:Enabled:Day of Defeat: Source
"H:\Anwendungen\Steam\SteamApps\bushmesser\counter-strike source\hl2.exe" = H:\Anwendungen\Steam\SteamApps\bushmesser\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source
"C:0\N-Bombe!\pro evo\pes2009.exe" = C:0\N-Bombe!\pro evo\pes2009.exe:*:Enabled:Pro Evolution Soccer 2009
"L:\N-Bombe!\pro evo\pes2009.exe" = L:\N-Bombe!\pro evo\pes2009.exe:*:Enabled:Pro Evolution Soccer 2009
"C:0\Anwendungen\Steam\SteamApps\bushmesser\day of defeat source\hl2.exe" = C:0\Anwendungen\Steam\SteamApps\bushmesser\day of defeat source\hl2.exe:*:Enabled:Day of Defeat: Source
"C:0\Anwendungen\Steam\SteamApps\bushmesser\counter-strike source\hl2.exe" = C:0\Anwendungen\Steam\SteamApps\bushmesser\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source
"L:\N-Bombe!\Pro Evo 2011\pes2011.exe" = L:\N-Bombe!\Pro Evo 2011\pes2011.exe:*:Enabled:Pro Evolution Soccer 2011
"L:\N-Bombe!\NBA 2k11\nba2k11.exe" = L:\N-Bombe!\NBA 2k11\nba2k11.exe:*:Enabled:NBA 2K11
"L:\Anwendungen\Steam\SteamApps\bushmesser\pirates, vikings, and knights ii\hl2.exe" = L:\Anwendungen\Steam\SteamApps\bushmesser\pirates, vikings, and knights ii\hl2.exe:*:Enabled:Pirates, Vikings, & Knights II
"L:\Anwendungen\Steam\SteamApps\common\alien swarm\swarm.exe" = L:\Anwendungen\Steam\SteamApps\common\alien swarm\swarm.exe:*:Enabled:Alien Swarm
"L:\Anwendungen\Steam\SteamApps\bushmesser\day of defeat source\hl2.exe" = L:\Anwendungen\Steam\SteamApps\bushmesser\day of defeat source\hl2.exe:*:Enabled:Day of Defeat: Source
"L:\Anwendungen\Steam\SteamApps\bushmesser\counter-strike source\hl2.exe" = L:\Anwendungen\Steam\SteamApps\bushmesser\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source
"N:\N-Bombe!\Pro Evo 2011\pes2011.exe" = N:\N-Bombe!\Pro Evo 2011\pes2011.exe:*:Enabled:Pro Evolution Soccer 2011
"N:\Anwendungen\Steam\SteamApps\common\alien swarm\swarm.exe" = N:\Anwendungen\Steam\SteamApps\common\alien swarm\swarm.exe:*:Enabled:Alien Swarm
"N:\Anwendungen\Steam\SteamApps\bushmesser\counter-strike source\hl2.exe" = N:\Anwendungen\Steam\SteamApps\bushmesser\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source
"N:\Anwendungen\Steam\SteamApps\bushmesser\day of defeat source\hl2.exe" = N:\Anwendungen\Steam\SteamApps\bushmesser\day of defeat source\hl2.exe:*:Enabled:Day of Defeat: Source
"N:\Anwendungen\gamecenter\GameCenter(neu)\GameCenter.exe" = N:\Anwendungen\gamecenter\GameCenter(neu)\GameCenter.exe:*:Enabled:GameCenter
"N:\N-Bombe!\company of heroes\RelicCOH.exe" = N:\N-Bombe!\company of heroes\RelicCOH.exe:*:Enabled:Company of Heroes
"N:\N-Bombe!\company of heroes\RelicDownloader\RelicDownloader.exe" = N:\N-Bombe!\company of heroes\RelicDownloader\RelicDownloader.exe:*:Enabled:Relic Downloader
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290
"{56176A38-C8EE-D502-EB75-E2F67F0B936D}" = ccc-utility64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB3}" = Paint.NET v3.5.8
"{9ED333F8-3E6C-4A38-BAFA-728454121CDA}" = PDF-XChange Viewer
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}" = Microsoft Xbox 360 Accessories 1.2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0300D4E-9907-46B1-BB5D-552FD226F975}" = Microsoft Windows German User Interface Pack
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F7855754-13F5-426B-B090-5875FAFF1B20}" = Windows Presentation Foundation x64
"53F13DB4D9611FD63BE580F06F0729BF236ABE68" = Windows-Treiberpaket - Advanced Micro Devices (AmdK8) Processor  (05/27/2006 1.3.2.0)
"ATI Display Driver" = ATI Display Driver
"CCleaner" = CCleaner
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"IE7-MUI" = Windows Internet Explorer 7 Multilingual User Interface (MUI)
"ie8" = Windows Internet Explorer 8
"IE8-MUI" = Windows Internet Explorer 8 Multilingual User Interface (MUI)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows x64
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows x64 Service Pack" = Windows XP Service Pack 2
"WMFDist11-64" = Windows Media Format 11 runtime
"wmp11-64" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0A9C9BD5-8588-40D4-8A1A-860E3D2ED6EE}" = NBA 2K10
"{0DEA94ED-915A-4834-A87E-388D012C8E02}" = Medal of Honor Allied Assault
"{1148E85C-E1AF-48E0-A29C-68DACE07E054}" = Pro Evolution Soccer 2011
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.6
"{1B0270F4-8A5B-1A7E-3383-F3EE78D88D2C}" = Catalyst Control Center Graphics Full Existing
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks closed Beta v.0.6.2.8
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20533183-D42D-4261-A125-956736FBEA8C}" = Dawn of War - Soulstorm
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{23170F69-40C1-2701-0457-000001000000}" = 7-Zip 4.57
"{2410E4CB-C330-4887-9B15-735D4AF322BF}" = Audiograbber
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{25F28E39-FDBB-11DB-8314-0800200C9A66}" = Medal of Honor Airborne
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 14
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2C33251F-B043-50FE-6CFB-593EDA5D2177}" = CCC Help English
"{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager
"{2F173C40-563E-11D4-89C5-0010ADDAAC33}" = EA.com Matchup
"{311F15FD-612F-448F-CD77-5809C9972D66}" = Catalyst Control Center Graphics Light
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}" = Skype Plugin Manager
"{47E16407-05D3-4D2A-B2B9-C30700B7C2AD}" = LogMeIn Hamachi
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4F65F21E-9487-D78D-B611-F3E3EC19AE0B}" = Catalyst Control Center Graphics Previews Common
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{531F0013-964C-4BE6-B382-4117DC8BCDF9}" = ArcSoft MediaImpression
"{56CFA833-F44F-4199-8C58-7F8B38F2BC7B}" = Medal of Honor Pacific Assault(tm)
"{56F150D4-EA0F-415A-8F08-A4F17B782BCC}" = GlobeDigital
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5D137417-EB27-2854-E333-F101FF3E8618}" = Catalyst Control Center Core Implementation
"{65F1CF63-31E0-450B-96F3-4A88BE7361A6}" = AGEIA PhysX v7.07.09
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B01F925-D711-A60E-4F88-8C510D9A23B6}" = Catalyst Control Center Graphics Full New
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7914BE1E-F186-4790-B8F4-9F63C52A41C1}" = Medal of Honor Allied Assault(tm) Spearhead
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7EC19307-7C22-47A8-922B-3FA965291260}" = OpenOffice.org 3.0
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{81DD0597-29EB-4FA0-8223-4F41362B2E72}" = NBA 2K11
"{823A68CC-3049-4A6B-8F63-7DC85E4BB1C9}" = Medal of Honor Allied Assault(tm) Breakthrough
"{83F12F73-D52E-40C0-93B1-463C311C4E17}" = Dawn Of War
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8DAC1AE4-33D1-4A78-8A42-00E09EDECC3E}" = Camera RAW Plug-In for EPSON Creativity Suite
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{9275FB4D-60D8-A842-C694-F91A0B01E5EC}" = Skins
"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AA761E6-CA51-4FF2-A552-D51638BF0595}" = Battle Realms
"{9AB97F52-512B-43EF-AAEC-4825C17B32ED}" = EA.com Update
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D453713-CB8F-47C8-7BD6-6628B67AFD53}" = ccc-core-static
"{A2B3C27C-1F09-47C6-9A90-9683BEFD7963}" = Dawn of War - Soulstorm
"{A6F7F5A5-89A6-1944-ABCD-51A24D7D0375}" = ccc-core-preinstall
"{A8DB611A-D80E-450D-85F6-3ACDD164BE31}" = Pro Evolution Soccer 2009
"{AA72FB28-73B4-49E5-B6B4-E78F44BBD0AD}" = Epson Copy Utility 3.4
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1.2 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B66E665A-DF96-4C38-9422-C7F74BC1B4E5}" = EPSON Easy Photo Print
"{B6EC7388-E277-4A5B-8C8F-71067A41BA64}" = TextPad 5
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{C4A0C307-053A-4335-8B28-60E901DB1031}" = Nero 7 Essentials
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{DD8408E9-9421-484F-979D-DB6361E3E828}" = Dawn Of War - Winter Assault
"{E3FEE4E7-4488-4A3F-A6BD-13745936EADB}" = iTunes
"{E4961DB6-A3F3-11D3-BE67-0000B4A81FC5}" = Grand Prix 3
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{FF39FC01-819B-42E4-AE49-1968AF12DDD4}" = Dawn of War - Dark Crusade
"{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}" = EPSON Print CD
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"All ATI Software" = ATI - Software Uninstall Utility
"Audacity_is1" = Audacity 1.2.6
"avast" = avast! Free Antivirus
"BabylonToolbar" = Babylon toolbar
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Company of Heroes" = Company of Heroes
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"Digital Editions" = Adobe Digital Editions
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"EPSON PERFECTION V30_V300 PHOTO Benutzerhandbuch" = EPSON PERFECTION V30_V300 PHOTO Handbuch
"EPSON Scanner" = EPSON Scan
"ESP1400_1410 Ben.handbuch" = ESP1400_1410 Ben.handbuch
"ExpressRip" = Express Rip
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)
"FLV Player" = FLV Player 2.0, build 24
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free Window Registry Repair" = Free Window Registry Repair
"Free YouTube Download_is1" = Free YouTube Download 2.3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.32
"GameCenter_is1" = GameCenter 1.3.0.6
"GameSpy Arcade" = GameSpy Arcade
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ID3-TagIT 3_is1" = ID3-TagIT 3
"IL Download Manager" = IL Download Manager
"INsanes Small HUD" = INsanes Small HUD 8 Black
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{56F150D4-EA0F-415A-8F08-A4F17B782BCC}" = GlobeDigital
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"IrfanView" = IrfanView (remove only)
"JDownloader" = JDownloader
"KGB Archiver_is1" = KGB Archiver 1.2.1.24
"LastFM_is1" = Last.fm 1.5.4.24567
"LogMeIn Hamachi" = LogMeIn Hamachi
"MAGIX Foto Manager 2007 D" = MAGIX Foto Manager 2007 4.2.0.42 (D)
"MAGIX Goya burnR D" = MAGIX Goya burnR 2.3.1.3 (D)
"MAGIX Music Manager 2007 D" = MAGIX Music Manager 2007 8.2.0.54 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D)
"MAGIX Video deluxe 2007 2008 D" = MAGIX Video deluxe 2007 2008 7.0.0.26 (D)
"MAGIX Webradio deluxe 3 D" = MAGIX Webradio deluxe 3 3.0.0.76 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Mozilla Thunderbird (2.0.0.22)" = Mozilla Thunderbird (2.0.0.22)
"MSNINST" = MSN
"PPStream_is1" = PPStream
"Pro Cycling Manager 2" = Radsport Manager Pro 2006
"Skype_is1" = Skype 3.0
"SopCast" = SopCast 3.0.3
"Steam App 340" = Half-Life 2: Lost Coast
"Steam App 440" = Team Fortress 2
"Steam App 630" = Alien Swarm
"Switch" = Switch Sound File Converter
"TVAnts 1.0" = TVAnts 1.0
"TVUPlayer" = TVUPlayer 2.3.6.1
"Uninstall_is1" = Uninstall 1.0.0.1
"Veetle TV" = Veetle TV 0.9.18
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.0.5
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinGTK-2_is1" = GTK+ 2.10.6-1 runtime environment
"WinPcapInst" = WinPcap 4.1.2
"WinRAR archiver" = WinRAR
"Xfire" = Xfire (remove only)
"Xvid_is1" = Xvid 1.1.3 final uninstall
"xVideos Video Downloader_is1" = xVideos Video Downloader 3.16
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Move Media Player" = Move Media Player
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"QIP 2010" = QIP 2010 10.9.29.4196
"QIP Infium" = QIP Infium 3.0.9040
"QipGuard" = QIP Internet Guardian
 
========== Last 10 Event Log Errors ==========
 
[ Antivirus Events ]
Error - 09.01.2009 18:47:09 | Computer Name = XYJLT4GFLO6VZAN | Source = avast! | ID = 33554522
Description =
 
Error - 09.01.2009 19:04:55 | Computer Name = XYJLT4GFLO6VZAN | Source = avast! | ID = 33554522
Description =
 
Error - 08.02.2009 16:45:34 | Computer Name = XYJLT4GFLO6VZAN | Source = avast! | ID = 33554522
Description =
 
Error - 17.10.2009 01:17:16 | Computer Name = XYJLT4GFLO6VZAN | Source = avast! | ID = 33554522
Description =
 
Error - 04.11.2009 22:56:33 | Computer Name = XYJLT4GFLO6VZAN | Source = avast! | ID = 33554522
Description =
 
Error - 05.11.2009 12:34:13 | Computer Name = XYJLT4GFLO6VZAN | Source = avast! | ID = 33554522
Description =
 
Error - 05.11.2009 12:43:09 | Computer Name = XYJLT4GFLO6VZAN | Source = avast! | ID = 33554522
Description =
 
[ Application Events ]
Error - 28.03.2011 14:10:21 | Computer Name = XYJLT4GFLO6VZAN | Source = MsiInstaller | ID = 11327
Description = Product: LogMeIn Hamachi -- Error 1327. Invalid Drive: H:\
 
Error - 28.03.2011 14:11:25 | Computer Name = XYJLT4GFLO6VZAN | Source = MsiInstaller | ID = 11327
Description = Product: LogMeIn Hamachi -- Error 1327. Invalid Drive: H:\
 
Error - 28.03.2011 14:18:31 | Computer Name = XYJLT4GFLO6VZAN | Source = MsiInstaller | ID = 11327
Description = Product: LogMeIn Hamachi -- Error 1327. Invalid Drive: H:\
 
Error - 01.04.2011 08:02:00 | Computer Name = XYJLT4GFLO6VZAN | Source = MsiInstaller | ID = 11327
Description = Product: LogMeIn Hamachi -- Error 1327. Invalid Drive: H:\
 
Error - 30.04.2011 08:17:12 | Computer Name = XYJLT4GFLO6VZAN | Source = MsiInstaller | ID = 10005
Description = Product: PDF-XChange Viewer -- This installation can be installed
only on 32-bit Windows.
 
Error - 08.07.2011 20:21:12 | Computer Name = XYJLT4GFLO6VZAN | Source = MsiInstaller | ID = 11324
Description = Produkt: FIFA 11 -- Error 1324. Kann nicht im angegebenen Pfad installieren.
 Das angegebene Laufwerk ist entweder ungültig oder nicht vorhanden, oder ein Verzeichnis
 innerhalb des Pfads enthält mindestens eines der folgenden ungültigen Zeichen:  /
 : * ? " < > | ;
 
Error - 08.07.2011 20:32:33 | Computer Name = XYJLT4GFLO6VZAN | Source = MsiInstaller | ID = 11324
Description = Produkt: FIFA 11 -- Error 1324. Kann nicht im angegebenen Pfad installieren.
 Das angegebene Laufwerk ist entweder ungültig oder nicht vorhanden, oder ein Verzeichnis
 innerhalb des Pfads enthält mindestens eines der folgenden ungültigen Zeichen:  /
 : * ? " < > | ;
 
Error - 09.07.2011 10:45:07 | Computer Name = XYJLT4GFLO6VZAN | Source = MsiInstaller | ID = 11324
Description = Produkt: FIFA 11 -- Error 1324. Kann nicht im angegebenen Pfad installieren.
 Das angegebene Laufwerk ist entweder ungültig oder nicht vorhanden, oder ein Verzeichnis
 innerhalb des Pfads enthält mindestens eines der folgenden ungültigen Zeichen:  /
 : * ? " < > | ;
 
Error - 05.08.2011 20:03:28 | Computer Name = XYJLT4GFLO6VZAN | Source = MsiInstaller | ID = 1013
Description = Product: Adobe Reader 8.1.0 -- Setup has detected that you already
 have a more functional product installed.  Setup will now terminate.
 
Error - 08.09.2011 08:52:50 | Computer Name = XYJLT4GFLO6VZAN | Source = VSS | ID = 8211
Description =
 
[ System Events ]
Error - 15.09.2011 14:37:50 | Computer Name = XYJLT4GFLO6VZAN | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computer Browser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1058
 
Error - 15.09.2011 14:37:50 | Computer Name = XYJLT4GFLO6VZAN | Source = Service Control Manager | ID = 7023
Description = Der Dienst "SSHNAS" wurde mit folgendem Fehler beendet:  %%126
 
Error - 15.09.2011 15:47:54 | Computer Name = XYJLT4GFLO6VZAN | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computer Browser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1058
 
Error - 15.09.2011 15:47:54 | Computer Name = XYJLT4GFLO6VZAN | Source = Service Control Manager | ID = 7023
Description = Der Dienst "SSHNAS" wurde mit folgendem Fehler beendet:  %%126
 
Error - 16.09.2011 10:40:19 | Computer Name = XYJLT4GFLO6VZAN | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computer Browser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1058
 
Error - 16.09.2011 10:40:19 | Computer Name = XYJLT4GFLO6VZAN | Source = Service Control Manager | ID = 7023
Description = Der Dienst "SSHNAS" wurde mit folgendem Fehler beendet:  %%126
 
Error - 16.09.2011 14:59:13 | Computer Name = XYJLT4GFLO6VZAN | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computer Browser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1058
 
Error - 16.09.2011 15:06:10 | Computer Name = XYJLT4GFLO6VZAN | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computer Browser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1058
 
Error - 16.09.2011 16:48:32 | Computer Name = XYJLT4GFLO6VZAN | Source = DCOM | ID = 10010
Description = Der Server "{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 16.09.2011 18:26:09 | Computer Name = XYJLT4GFLO6VZAN | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computer Browser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1058
 
 
< End of report >
--- --- ---


ccleaner programm liste
Code:
7-Zip 4.57        Igor Pavlov        21.05.2008        2,77MB        4.57.00.0
ABBYY FineReader 6.0 Sprint        ABBYY Software House        01.08.2009        119,5MB        6.00.1395.4512
Adobe AIR        Adobe Systems Inc.        27.01.2009                1.1.0.5790
Adobe Digital Editions                16.09.2011               
Adobe Flash Player 10 Plugin        Adobe Systems Incorporated        16.09.2011                10.3.181.26
Adobe Flash Player ActiveX        Adobe Systems Incorporated        16.09.2011                9.0.124.0
Adobe Media Player        Adobe Systems Incorporated        27.01.2009                1.1
Adobe Reader 9.1.2 - Deutsch        Adobe Systems Incorporated        13.07.2009        242MB        9.1.2
Adobe Shockwave Player        Adobe Systems, Inc.        21.05.2008        10,6MB        10.2.0.023
Adobe Shockwave Player 11.5        Adobe Systems, Inc.        16.09.2011                11.5
AGEIA PhysX v7.07.09        AGEIA Technologies, Inc.        29.07.2010        92,7MB        7.07.09
Alien Swarm        Valve                       
Apple Application Support        Apple Inc.        12.03.2011        54,5MB        1.4.1
Apple Software Update        Apple Inc.        05.02.2009        2,16MB        2.1.1.116
ArcSoft MediaImpression        ArcSoft        16.09.2011               
ATI - Software Uninstall Utility                16.09.2011                6.14.10.1021
ATI Catalyst Control Center                                2.008.0328.2321
ATI Display Driver                15.09.2011                8.476-080328a-061003C-ATI
Audacity 1.2.6                               
Audiograbber        Default Manufacturer        22.05.2008        3,67MB        1.0
avast! Free Antivirus        AVAST Software        17.09.2011                6.0.1289.0
Babylon toolbar                16.09.2011               
Battle Realms        Liquid Entertainment        05.07.2011        625MB        0.10.000
Bonjour        Apple Inc.        03.08.2009        0,49MB        1.0.106
Camera RAW Plug-In for EPSON Creativity Suite                16.09.2011                2.1.0.0
CCleaner        Piriform        17.09.2011                3.10
Cisco Systems VPN Client 5.0.07.0290        Cisco Systems, Inc.        12.10.2010        21,8MB        5.0.7
Command & Conquer Generals        Electronic Arts        19.04.2010                0.50.0000
Company of Heroes        THQ Inc.                        2.602.0
Counter-Strike: Source        Valve        06.08.2010        4.597MB        1.0.0.0
Dawn Of War        THQ        25.04.2010        1.672MB        1.40
Dawn of War - Dark Crusade        THQ        25.04.2010                1.00.0000
Dawn of War - Soulstorm        THQ        25.04.2010                1.00.0000
Dawn Of War - Winter Assault        THQ        25.04.2010        1.023MB        1.4
dBpoweramp Music Converter        Illustrate                        Release 14.1
DivX Codec        DivX, Inc.        16.09.2011                6.8.2
DivX Converter        DivX, Inc.        16.09.2011                6.6.0
DivX Player                16.09.2011                6.8.1
DivX Web Player        DivX,Inc.        17.09.2011                1.4.0
DVDVideoSoftTB Toolbar                16.09.2011               
EA.com Matchup                16.09.2011               
EA.com Update                               
EPSON Attach To Email        SEIKO EPSON        06.05.2009                1.01.0000
Epson Copy Utility 3.4                16.09.2011                3.4.0.0
EPSON Easy Photo Print                16.09.2011                1.4.2.0
Epson Event Manager        SEIKO EPSON Corporation        16.09.2011                2.01.00
EPSON File Manager                16.09.2011                1.3.0.0
EPSON PERFECTION V30_V300 PHOTO Handbuch                16.09.2011               
EPSON Print CD                16.09.2011                1.50.000
EPSON Scan                16.09.2011               
EPSON Scan Assistant                16.09.2011                1.10.00
EPSON-Drucker-Software        SEIKO EPSON Corporation        16.09.2011               
ESP1400_1410 Ben.handbuch                16.09.2011               
Express Rip        NCH Software        16.09.2011               
Facebook Plug-In        Facebook, Inc.        16.09.2011               
Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)        MAGIX AG        14.06.2008                2.0.0.1
FLV Player 2.0, build 24        Martijn de Visser        16.09.2011                2.0, build 24
Free Audio CD Burner version 1.4.7        DVDVideoSoft Limited.        20.01.2011               
Free Window Registry Repair                16.09.2011               
Free YouTube Download 2.3        DVDVideoSoft Limited.        03.02.2010               
Free YouTube to MP3 Converter version 3.9.32        DVDVideoSoft Limited.        20.01.2011               
GameCenter 1.3.0.6        Cyanide        31.07.2010                1.3.0.6
GameSpy Arcade                16.09.2011               
GIMP 2.6.11        The GIMP Team        05.01.2011                2.6.11
GlobeDigital        ODSoft multimedia        21.05.2008                2.1.1.6.0422
Grand Prix 3                16.09.2011               
GTK+ 2.10.6-1 runtime environment        Tor Lillqvist        21.05.2008               
Half-Life 2: Lost Coast        Valve                       
ID3-TagIT 3        Michael Pluemper        17.09.2011                3
IL Download Manager        Image-Line bvba        16.09.2011               
INsanes Small HUD 8 Black        dodbits                        8 Black
IrfanView (remove only)                16.09.2011               
iTunes        Apple Inc.        10.10.2009        67,2MB        7.5.0.20
Java(TM) 6 Update 14        Sun Microsystems, Inc.        13.07.2009        91,0MB        6.0.140
Java(TM) 6 Update 4        Sun Microsystems, Inc.        22.05.2008        137,7MB        1.6.0.40
Java(TM) 6 Update 5        Sun Microsystems, Inc.        22.05.2008        114,2MB        1.6.0.50
Java(TM) 6 Update 7        Sun Microsystems, Inc.        15.02.2009        138,0MB        1.6.0.70
JDownloader        AppWork UG (haftungsbeschränkt)                        0.89
KGB Archiver 1.2.1.24        Tomasz Pawlak        14.07.2011               
Last.fm 1.5.4.24567        Last.fm        22.12.2009               
LogMeIn Hamachi        LogMeIn, Inc.        10.08.2011                2.1.0.122
MAGIX Foto Manager 2007 4.2.0.42 (D)        MAGIX AG        27.10.2009                4.2.0.42
MAGIX Goya burnR 2.3.1.3 (D)        MAGIX AG        14.06.2008                2.3.1.3
MAGIX Music Manager 2007 8.2.0.54 (D)        MAGIX AG        27.10.2009                8.2.0.54
MAGIX Online Druck Service 2.3.2.0 (D)        MAGIX AG        14.06.2008                2.3.2.0
MAGIX Video deluxe 2007 2008 7.0.0.26 (D)        MAGIX AG        14.06.2008                7.0.0.26
MAGIX Webradio deluxe 3 3.0.0.76 (D)        MAGIX AG        27.10.2009                3.0.0.76
Malwarebytes' Anti-Malware Version 1.51.2.1300        Malwarebytes Corporation        16.09.2011                1.51.2.1300
Medal of Honor Airborne        Electronic Arts        29.07.2010        8.708MB        1.0.1.0
Medal of Honor Allied Assault                16.09.2011               
Medal of Honor Allied Assault(tm) Breakthrough                16.09.2011               
Medal of Honor Allied Assault(tm) Spearhead                16.09.2011               
Medal of Honor Pacific Assault(tm)        Electronic Arts        29.07.2010                1.0
Microsoft .NET Framework 1.1                07.10.2010               
Microsoft .NET Framework 2.0 Service Pack 2        Microsoft Corporation        10.08.2011        361MB        2.2.30729
Microsoft .NET Framework 3.0 Service Pack 2        Microsoft Corporation        25.06.2010        385MB        3.2.30729
Microsoft .NET Framework 3.5 SP1        Microsoft Corporation        07.10.2010               
Microsoft Compression Client Pack 1.0 for Windows x64        Microsoft Corporation        21.05.2008                1
Microsoft Office File Validation Add-In        Microsoft Corporation        15.09.2011        11,2MB        14.0.5130.5003
Microsoft Office Home and Student 2007        Microsoft Corporation        15.09.2011                12.0.6425.1000
Microsoft Office Standard Edition 2003        Microsoft Corporation        15.09.2011        916MB        11.0.8173.0
Microsoft Silverlight        Microsoft Corporation        16.06.2011        207MB        4.0.60531.0
Microsoft User-Mode Driver Framework Feature Pack 1.0        Microsoft Corporation        21.05.2008               
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053        Microsoft Corporation        29.07.2009        0,11MB        8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable        Microsoft Corporation        18.07.2011        4,61MB        8.0.56336
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148        Microsoft Corporation        09.08.2010        0,17MB        9.0.30729.4148
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148        Microsoft Corporation        29.07.2009        0,15MB        9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17        Microsoft Corporation        07.08.2010        13,3MB        9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161        Microsoft Corporation        16.06.2011        13,2MB        9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022        Microsoft Corporation        21.05.2008        6,68MB        9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729        Microsoft Corporation        19.09.2010        9,65MB        9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17        Microsoft Corporation        30.01.2011        9,64MB        9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148        Microsoft Corporation        28.02.2010        10,2MB        9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161        Microsoft Corporation        16.06.2011        10,2MB        9.0.30729.6161
Microsoft Windows German User Interface Pack        Microsoft Corporation        21.05.2008        148,9MB        1.0.705.0
Microsoft Xbox 360 Accessories 1.2        Microsoft        28.09.2010        7,67MB        1.20.146.0
Move Media Player        Move Networks        16.09.2011               
Mozilla Firefox (3.6.8)        Mozilla        17.09.2011                3.6.8 (de)
Mozilla Thunderbird (2.0.0.22)        Mozilla        16.09.2011                2.0.0.22 (de)
MSN                16.09.2011               
MSXML 4.0 SP2 (KB936181)        Microsoft Corporation        15.06.2008        2,62MB        4.20.9848.0
MSXML 4.0 SP2 (KB954430)        Microsoft Corporation        12.11.2008        2,67MB        4.20.9870.0
MSXML 4.0 SP2 (KB973688)        Microsoft Corporation        25.11.2009        2,77MB        4.20.9876.0
MSXML 6 Service Pack 2 (KB973686)        Microsoft Corporation        25.11.2009        3,39MB        6.20.2003.0
NBA 2K10        2K Sports        05.09.2010                1.1.0
NBA 2K11        2K Sports        14.10.2010                1.0.0
Nero 7 Essentials        Nero AG        21.05.2008        459MB        7.01.4237
NVIDIA Drivers                15.09.2011               
Octoshape add-in for Adobe Flash Player                16.09.2011               
OpenOffice.org 3.0        OpenOffice.org        15.02.2009        350MB        3.0.9379
Paint.NET v3.5.8        dotPDN LLC        11.06.2011        14,3MB        3.58.0
PDF-XChange Viewer        Tracker Software Products Ltd.        30.04.2011        44,6MB        2.5.195.0
PowerDVD        CyberLink Corporation        16.09.2011                7.0.1815.0
PPStream        PPStream.com        17.09.2011               
Pro Evolution Soccer 2011        KONAMI        29.09.2010        6.034MB        1.00.0000
QIP 2010 10.9.29.4196                12.10.2010                10.9.29.4196
QIP Infium 3.0.9040                12.10.2010                3.0.9040
QIP Internet Guardian                17.09.2011               
QuickTime        Apple Inc.        12.03.2011        73,7MB        7.69.80.9
Radsport Manager Pro 2006                               
SAMSUNG Mobile Modem Driver Set                16.09.2011               
Samsung Mobile phone USB driver Software                16.09.2011               
SAMSUNG Mobile USB Modem 1.0 Software                16.09.2011               
SAMSUNG Mobile USB Modem Software                16.09.2011               
Samsung New PC Studio        Samsung Electronics Co., Ltd.        25.12.2009                1.00.0000
Skype 3.0        Skype Technologies S.A.        17.09.2011                3.0
SopCast 3.0.3        SopCast.com        17.09.2011                3.0.3
SoundMAX        Analog Devices        21.05.2008                5.10.02.6110
Spelling Dictionaries Support For Adobe Reader 9        Adobe Systems Incorporated        13.07.2009        29,7MB        9.0.0
Steam(TM)        Valve        06.08.2010        16,7MB        1.0.0.0
Switch Sound File Converter        NCH Software        16.09.2011               
Team Fortress 2        Valve                       
TeamSpeak 3 Client        TeamSpeak Systems GmbH                       
TextPad 5        Helios        22.05.2008        6,15MB        5.1.0
TVAnts 1.0                17.09.2011               
TVUPlayer 2.3.6.1        TVU networks        17.09.2011                2.3.6.1
Uninstall 1.0.0.1                20.01.2011               
Update for Windows Server 2003 (KB943729)        Microsoft Corporation        21.05.2008               
Veetle TV 0.9.18        Veetle, Inc        16.09.2011                0.9.18
VirtualCloneDrive        Elaborate Bytes                       
VLC media player 1.0.5        VideoLAN Team        16.09.2011                1.0.5
Winamp        Nullsoft, Inc        17.09.2011                5.531
Windows Internet Explorer 8        Microsoft Corporation        13.07.2009                20090308.140744
Windows Media Format 11 runtime                16.09.2011               
Windows Media Player 11                16.09.2011               
Windows Media Player Firefox Plugin        Microsoft Corp        19.11.2008        0,29MB        1.0.0.8
Windows XP Service Pack 2        Microsoft Corporation        21.05.2008                20070217.000042
Windows-Treiberpaket - Advanced Micro Devices (AmdK8) Processor  (05/27/2006 1.3.2.0)        Advanced Micro Devices        16.09.2011                05/27/2006 1.3.2.0
WinPcap 4.1.2        CACE Technologies        16.09.2011                4.1.0.2001
WinRAR                16.09.2011               
World of Tanks closed Beta v.0.6.2.8        Wargaming.net        30.01.2011               
Xfire (remove only)                               
Xvid 1.1.3 final uninstall        Xvid team (Koepi)        17.09.2011                1.1
YouTube Downloader 2.5.6        BienneSoft
Noch eine Info:
Es kam solange das Internet (nach der ganzen Prozedur) angeschlossen war zu Abstürzen:
Bildschirm hing, startmenü ließ sich nicht öffnen, taskmanager ließ sich nicht öffnen.
Das passierte während des Aufenthalts im Internet (wollte das hier grade abschicken) oder sobald ich den ordner auf dem desktop öffnete in dem OTL.exe, ccleanersetup und MBAMsetup und alle logdaten enthalten sind.
Ich kam nur noch an die logs ran über die windows suchfunktion.

Vielen Dank schon mal für die Hilfe,
Grüße,
Moltay

kira 17.09.2011 04:34
ohje...ohje:
- Das Installieren von Raubkopien ist eine ziemlich sichere Methode, ein Rechner zu infizierenhttp://www.world-of-smilies.com/wos_sonstige/a048.gif
- Ich beführte dass Du Dein Problem nur lösen kannst, wenn du dein System neu installierst, da geht`s um:
Code:
autodesk inventor series r10 keygen
auch noch:
Zitat:
"Not selected for removal" !!
"Solche Programme" enthalten immer besonders viele und gefährliche Schadprogramme, sollte man die Finger davon lassen!
** Du solltest in so einem Fall mal dein Konsummuster überdenken:twak:
Weil dein Verhalten damit dem deutschen Recht unterliegt, wird den Support an dieser Stelle von unsere Seite aus beendet. Also am besten ist es, Du Sicherst deiner Daten (ohne cracks & Keygens!) und machst eine komplette Neuinstallation des Rechners, das ist der schnellste und sauberste lösung!
Aber wenigstens hast Du dann nach einer Neuinstallation wieder ein sauberes System und hoffentlich hast Du was draus gelernt und in Zukunft lässt die Finger von...
-> Forumregel!

Zitat:
Sinn & Zweck der Sache - Viren Trojaner Würmer:
Ein Wurm, der fast als "guter Wurm" bezeichnet werden kann, zieht durch
das Netz und verbeitet sich über die File-Sharing Netzwerke BearShare, KaZaA
eMule & Co
Der Wurm besitzt unzählige verschiedene Namen bekannter Cracks oder
Keygeneratoren zur illegalen Benutzung von kommerzieller Software. Wer gezielt
nach solchen Dateien sucht, könnte also durchaus auch auf eine Wurmkopie
treffen.
http://www.world-of-smilies.com/wos_...eschlossen.gif


Alle Zeitangaben in WEZ +1. Es ist jetzt 07:59 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19