Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Virus 368o0qiuym.exe, Avast lässt sich nicht löschen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 25.08.2012, 22:52   #1
chris90123
 
Virus 368o0qiuym.exe, Avast lässt sich nicht löschen - Standard

Virus 368o0qiuym.exe, Avast lässt sich nicht löschen



Nabend zusammen,
mein PC fährt sehr lange hoch, es werden prötzlich ungewollte Seiten geöffnet und der Prozess 368o0qiuym.exe läuft und wird von Security Task Manager als gefährlich anzeigt, zudem lässt sich Avast und Antivir nicht richtig bedienen und auch nicht löschen. Malwarebytes wurde schon durchgeführt.

Gruß Chris

Alt 26.08.2012, 00:58   #2
t'john
/// Helfer-Team
 
Virus 368o0qiuym.exe, Avast lässt sich nicht löschen - Standard

Virus 368o0qiuym.exe, Avast lässt sich nicht löschen





Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
  • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
  • Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
  • Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.


Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

1. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

2. Schritt
Systemscan mit OTL (bebilderte Anleitung)

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe

  • Vista und Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Wähle Scanne Alle Benuzer
  • Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimale Ausgabe
  • Unter Extra Registrierung, wähle bitte Benutze SafeList
  • Klicke nun auf Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 26.08.2012, 17:15   #3
chris90123
 
Virus 368o0qiuym.exe, Avast lässt sich nicht löschen - Standard

Virus 368o0qiuym.exe, Avast lässt sich nicht löschen



Logfile OTL.txt:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 26.08.2012 10:58:04 - Run 2
OTL by OldTimer - Version 3.2.58.1     Folder = C:\Users\Christian\Desktop
64bit- Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,09 Gb Available Physical Memory | 52,18% Memory free
8,00 Gb Paging File | 5,75 Gb Available in Paging File | 71,88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 59,53 Gb Total Space | 17,01 Gb Free Space | 28,57% Space Free | Partition Type: NTFS
Drive D: | 232,80 Gb Total Space | 136,44 Gb Free Space | 58,61% Space Free | Partition Type: NTFS
Drive K: | 931,51 Gb Total Space | 636,37 Gb Free Space | 68,32% Space Free | Partition Type: NTFS
Drive L: | 931,40 Gb Total Space | 251,97 Gb Free Space | 27,05% Space Free | Partition Type: NTFS
 
Computer Name: CHRISTIAN-PC | User Name: Christian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Christian\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
PRC - D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Users\Christian\368o0qiuym.exe ()
PRC - C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe (BUFFALO INC.)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
PRC - D:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG)
PRC - C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG)
PRC - C:\Program Files (x86)\G Data\InternetSecurity\GUI\GDSC.exe (G Data Software AG)
PRC - C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG)
PRC - C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG)
PRC - C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe (G Data Software AG)
PRC - D:\Tobit Radio.fx\Server\rfx-server.exe ()
PRC - D:\Tobit Radio.fx\Client\rfx-tray.exe (Tobit.Software)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe ()
PRC - C:\Program Files (x86)\Verbindungsassistent\WTGService.exe ()
PRC - D:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
MOD - D:\Tobit Radio.fx\Client\tobitclt.dll ()
MOD - D:\Tobit Radio.fx\Client\rfx-client$.ger ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ()
MOD - C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf ()
MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
SRV:64bit: - (4ae83266a54908f8) -- C:\Windows\SysNative\drivers\4ae83266a54908f8.sys ()
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (TuneUp.UtilitiesSvc) -- D:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software)
SRV - (NasPmService) -- C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe (BUFFALO INC.)
SRV - (AVKProxy) -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG)
SRV - (KMService) -- C:\Windows\SysWOW64\srvany.exe ()
SRV - (GDScan) -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG)
SRV - (GDFwSvc) -- C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe (G Data Software AG)
SRV - (AVKWCtl) -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe (G Data Software AG)
SRV - (AVKService) -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe (G Data Software AG)
SRV - (Radio.fx) -- D:\Tobit Radio.fx\Server\rfx-server.exe ()
SRV - (EPSON_EB_RPCV4_04) -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE (SEIKO EPSON CORPORATION)
SRV - (EPSON_PM_RPCV4_04) -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE (SEIKO EPSON CORPORATION)
SRV - (Futuremark SystemInfo Service) -- C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe (Futuremark Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (NGDatBckpSrv) -- D:\Program Files\NETGATE\Data Backup\DataBackupSrv.exe (NETGATE Technologies s.r.o.)
SRV - (Microsoft SharePoint Workspace Audit Service) -- D:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (MSCamSvc) -- C:\Programme\Microsoft LifeCam\MSCamS64.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AsSysCtrlService) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe ()
SRV - (WTGService) -- C:\Program Files (x86)\Verbindungsassistent\WTGService.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (GDPkIcpt) -- C:\Windows\SysNative\drivers\PktIcpt.sys (G Data Software AG)
DRV:64bit: - (HookCentre) -- C:\Windows\SysNative\drivers\HookCentre.sys (G Data Software AG)
DRV:64bit: - (GDMnIcpt) -- C:\Windows\SysNative\drivers\MiniIcpt.sys (G Data Software AG)
DRV:64bit: - (GDBehave) -- C:\Windows\SysNative\drivers\GDBehave.sys (G Data Software AG)
DRV:64bit: - (gdwfpcd) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys (G Data Software AG)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (4ae83266a54908f8) -- C:\Windows\SysNative\drivers\4ae83266a54908f8.sys ()
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (cpuz135) -- C:\Windows\SysNative\drivers\cpuz135_x64.sys (CPUID)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (VUSB3HUB) -- C:\Windows\SysNative\drivers\ViaHub3.sys (VIA Technologies, Inc.)
DRV:64bit: - (xhcdrv) -- C:\Windows\SysNative\DRIVERS\xhcdrv.sys ()
DRV:64bit: - (ivusb) -- C:\Windows\SysNative\drivers\ivusb.sys (Initio Corporation)
DRV:64bit: - (VX1000) -- C:\Windows\SysNative\drivers\VX1000.sys (Microsoft Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (vpcuxd) -- C:\Windows\SysNative\drivers\vpcuxd.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV - (TuneUpUtilitiesDrv) -- D:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (UnlockerDriver5) -- D:\Program Files\Unlocker\UnlockerDriver5.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (NPF_devolo) -- C:\Windows\SysWOW64\drivers\npf_devolo.sys (CACE Technologies)
DRV - (hwdatacard) -- C:\Windows\SysWOW64\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes\{33524C00-63FB-43DB-A6BF-0A4E14B24649}: "URL" = hxxp://www.basicscan.com/?prt=BASICSCAN115&keywords={searchTerms}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes\{33524C00-63FB-43DB-A6BF-0A4E14B24649}: "URL" = hxxp://www.basicscan.com/?prt=BASICSCAN115&keywords={searchTerms}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3541593995-219577290-479996347-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3541593995-219577290-479996347-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-3541593995-219577290-479996347-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 14 C0 DC F0 D2 82 CD 01  [binary data]
IE - HKU\S-1-5-21-3541593995-219577290-479996347-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3541593995-219577290-479996347-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: D:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Christian\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Christian\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.02.25 19:52:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.08.03 19:24:49 | 000,000,000 | ---D | M]
 
[2012.06.09 16:01:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Extensions
[2012.04.05 18:55:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\15o52gaq.default\extensions
[2012.01.22 00:09:43 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\15o52gaq.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.06.10 18:57:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\sqcnk3tq.default\extensions
[2012.08.25 23:24:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.08.25 23:24:15 | 000,000,000 | ---D | M] (G Data BankGuard) -- C:\Program Files (x86)\mozilla firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad}
File not found (No name found) -- C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM
File not found (No name found) -- C:\PROGRAM FILES (X86)\YOUTUBE DOWNLOADER TOOLBAR\FF
[2012.02.25 19:52:55 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012.07.25 14:40:08 | 000,000,000 | ---D | M] (No name found) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2011.12.11 03:08:03 | 000,627,675 | ---- | M] () (No name found) -- C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\15O52GAQ.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.08.03 19:24:49 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.01 18:33:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.01 18:33:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.01 18:33:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.01 18:33:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.01 18:33:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.01 18:33:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: BasicScan (Enabled)
CHR - default_search_provider: search_url = hxxp://www.basicscan.com/?tmp=redir_bho_bing&dist=0&prt=BscscnPB&keywords={searchTerms}
CHR - default_search_provider: suggest_url = 
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Christian\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Christian\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Christian\AppData\Local\Google\Chrome\Application\21.0.1180.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Christian\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Wajam (Enabled) = C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.23_0\plugins/PriamNPAPI.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Adobe Acrobat (Enabled) = D:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = D:\Program Files (x86)\Java\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = D:\Program Files (x86)\Java\bin\new_plugin\npjp2.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = D:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = D:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Christian\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = D:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = D:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: RealJukebox NS Plugin (Enabled) = D:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: iTunes Application Detector (Enabled) = D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - Extension: YouTube = C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1289_0\
CHR - Extension: Google Mail = C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2012.05.19 21:28:12 | 000,001,392 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 69.10.57.36 www.google-analytics.com.
O1 - Hosts: 69.10.57.36 ad-emea.doubleclick.net.
O1 - Hosts: 69.10.57.36 www.statcounter.com.
O1 - Hosts: 108.163.215.51 www.google-analytics.com.
O1 - Hosts: 108.163.215.51 ad-emea.doubleclick.net.
O1 - Hosts: 108.163.215.51 www.statcounter.com.
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\BanksafeBHO.dll (G Data Software AG)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG)
O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG)
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Regedit32] C:\Windows\system32\regedit.exe File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3541593995-219577290-479996347-1000..\Run: [368o0qiuym] C:\Users\Christian\368o0qiuym.exe ()
O4 - HKU\S-1-5-21-3541593995-219577290-479996347-1000..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-21-3541593995-219577290-479996347-1000..\Run: [NETGATEDataBackup] D:\Program Files\NETGATE\Data Backup\DataBackup.exe (NETGATE Technologies s.r.o.)
O4 - HKU\S-1-5-21-3541593995-219577290-479996347-1000..\Run: [RfxSrvTray] D:\Tobit Radio.fx\Client\rfx-tray.exe (Tobit.Software)
O4 - HKU\S-1-5-21-3541593995-219577290-479996347-1000..\Run: [Spotify Web Helper] C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - HKU\S-1-5-21-3541593995-219577290-479996347-1000..\Run: [SpybotSD TeaTimer] D:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKU\S-1-5-21-3541593995-219577290-479996347-1004..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-3541593995-219577290-479996347-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-3541593995-219577290-479996347-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: An OneNote s&enden - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Christian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - D:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: An OneNote s&enden - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Christian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - D:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - D:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - D:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4B12DEB4-65C8-40EF-8C6C-7EF2D9D30D3A}: NameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{02dfb4cc-481d-11e1-800e-20cf30c199e4}\Shell - "" = AutoRun
O33 - MountPoints2\{02dfb4cc-481d-11e1-800e-20cf30c199e4}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
O33 - MountPoints2\{09c02549-a8af-11e1-90cc-20cf30c199e4}\Shell - "" = AutoRun
O33 - MountPoints2\{09c02549-a8af-11e1-90cc-20cf30c199e4}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{8194746d-a8ad-11e1-978c-20cf30c199e4}\Shell - "" = AutoRun
O33 - MountPoints2\{8194746d-a8ad-11e1-978c-20cf30c199e4}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{81947482-a8ad-11e1-978c-20cf30c199e4}\Shell - "" = AutoRun
O33 - MountPoints2\{81947482-a8ad-11e1-978c-20cf30c199e4}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{819474b9-a8ad-11e1-978c-20cf30c199e4}\Shell - "" = AutoRun
O33 - MountPoints2\{819474b9-a8ad-11e1-978c-20cf30c199e4}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\L\Shell - "" = AutoRun
O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.26 10:58:27 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\G DATA
[2012.08.26 00:03:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Security Task Manager
[2012.08.25 23:49:58 | 000,000,000 | ---D | C] -- C:\Users\Christian\Desktop\122776-virus-368o0qiuym-exe-avast-laesst-loeschen-Dateien
[2012.08.25 23:24:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G Data InternetSecurity 2013
[2012.08.25 23:24:15 | 000,059,768 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\PktIcpt.sys
[2012.08.25 23:23:24 | 000,064,376 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\HookCentre.sys
[2012.08.25 23:23:23 | 000,122,744 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\MiniIcpt.sys
[2012.08.25 23:23:15 | 000,054,136 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\GDBehave.sys
[2012.08.25 23:22:53 | 000,065,912 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys
[2012.08.25 23:20:41 | 000,000,000 | ---D | C] -- C:\ProgramData\G DATA
[2012.08.25 23:20:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\G Data
[2012.08.25 23:20:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\G Data
[2012.08.25 22:42:24 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe
[2012.08.25 22:23:51 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2012.08.25 22:23:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager
[2012.08.18 21:23:55 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\Paint.NET
[2012.08.18 21:21:31 | 000,000,000 | -H-D | C] -- C:\Users\Christian\Desktop\[Originaldateien]
[2012.08.18 16:47:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft LifeCam
[2012.08.18 16:47:36 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft LifeCam
[2012.08.18 16:47:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft LifeCam
[2012.08.16 16:22:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012.08.16 16:21:28 | 000,227,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012.08.16 16:20:49 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012.08.16 16:20:49 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012.08.05 17:37:36 | 000,173,360 | ---- | C] (BUFFALO INC.) -- C:\Windows\UN060501.EXE
[2012.08.03 21:30:45 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Klever Group
[2012.08.03 21:30:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Klever Group
[2012.08.03 21:30:45 | 000,000,000 | ---D | C] -- C:\Program Files\Klever
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.26 10:44:00 | 000,001,136 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3541593995-219577290-479996347-1000UA.job
[2012.08.26 10:33:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.26 00:14:56 | 000,014,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.26 00:14:56 | 000,014,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.26 00:14:33 | 001,507,406 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.08.26 00:14:33 | 000,659,554 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.08.26 00:14:33 | 000,619,494 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.08.26 00:14:33 | 000,131,686 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.08.26 00:14:33 | 000,107,814 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.08.26 00:08:07 | 000,000,208 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2012.08.26 00:08:07 | 000,000,202 | ---- | M] () -- C:\Windows\tasks\AutoKMSDaily.job
[2012.08.26 00:08:01 | 000,078,848 | ---- | M] () -- C:\Windows\KMSEmulator.exe
[2012.08.26 00:07:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.26 00:07:45 | 3220,529,152 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.25 23:49:59 | 000,075,411 | ---- | M] () -- C:\Users\Christian\Desktop\122776-virus-368o0qiuym-exe-avast-laesst-loeschen.html
[2012.08.25 23:24:15 | 000,059,768 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\PktIcpt.sys
[2012.08.25 23:23:24 | 000,064,376 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\HookCentre.sys
[2012.08.25 23:23:23 | 000,122,744 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\MiniIcpt.sys
[2012.08.25 23:23:15 | 000,054,136 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\GDBehave.sys
[2012.08.25 23:22:53 | 000,065,912 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys
[2012.08.25 23:22:07 | 000,002,134 | ---- | M] () -- C:\Users\Public\Desktop\G Data InternetSecurity.lnk
[2012.08.25 22:45:03 | 000,001,084 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3541593995-219577290-479996347-1000Core.job
[2012.08.25 22:42:27 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe
[2012.08.25 16:47:05 | 000,002,431 | ---- | M] () -- C:\Users\Christian\Desktop\Google Chrome.lnk
[2012.08.18 23:41:36 | 000,348,983 | ---- | M] () -- C:\Users\Christian\Desktop\Centro.jpg
[2012.08.18 21:24:08 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[2012.08.18 21:21:32 | 002,509,824 | ---- | M] () -- C:\Users\Christian\Desktop\DSC_0006trjt.jpg
[2012.08.18 16:47:41 | 000,002,043 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft LifeCam.lnk
[2012.08.16 17:33:35 | 000,008,704 | ---- | M] () -- C:\Users\Christian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.08.16 17:33:22 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.08.16 17:33:22 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.08.14 19:02:35 | 000,000,000 | -H-- | M] () -- C:\Users\Christian\Documents\Default.rdp
[2012.08.05 17:47:32 | 000,001,113 | ---- | M] () -- C:\Users\Christian\Desktop\BUFFALO NAS Navigator2.lnk
[2012.08.03 21:29:01 | 000,001,806 | ---- | M] () -- C:\Windows\checkip.dat
[2012.08.03 21:28:47 | 000,000,279 | ---- | M] () -- C:\Windows\WRT54GS Setup Wizard.INI
[2012.08.03 21:26:48 | 000,003,580 | ---- | M] () -- C:\Windows\ipconfig.dat
 
========== Files Created - No Company Name ==========
 
[2012.08.26 00:08:01 | 000,078,848 | ---- | C] () -- C:\Windows\KMSEmulator.exe
[2012.08.25 23:49:58 | 000,075,411 | ---- | C] () -- C:\Users\Christian\Desktop\122776-virus-368o0qiuym-exe-avast-laesst-loeschen.html
[2012.08.25 23:22:07 | 000,002,134 | ---- | C] () -- C:\Users\Public\Desktop\G Data InternetSecurity.lnk
[2012.08.25 15:23:24 | 3220,529,152 | -HS- | C] () -- C:\hiberfil.sys
[2012.08.18 23:41:27 | 000,348,983 | ---- | C] () -- C:\Users\Christian\Desktop\Centro.jpg
[2012.08.18 21:24:08 | 000,001,077 | ---- | C] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[2012.08.18 21:24:08 | 000,001,077 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
[2012.08.18 21:20:56 | 002,509,824 | ---- | C] () -- C:\Users\Christian\Desktop\DSC_0006trjt.jpg
[2012.08.18 16:47:41 | 000,002,043 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft LifeCam.lnk
[2012.08.14 19:02:35 | 000,000,000 | -H-- | C] () -- C:\Users\Christian\Documents\Default.rdp
[2012.08.05 17:37:44 | 000,001,113 | ---- | C] () -- C:\Users\Christian\Desktop\BUFFALO NAS Navigator2.lnk
[2012.08.05 17:37:36 | 000,015,022 | ---- | C] () -- C:\Windows\UN060501.INI
[2012.08.03 21:27:34 | 000,000,279 | ---- | C] () -- C:\Windows\WRT54GS Setup Wizard.INI
[2012.08.03 20:44:53 | 000,001,806 | ---- | C] () -- C:\Windows\checkip.dat
[2012.08.03 20:41:45 | 000,003,580 | ---- | C] () -- C:\Windows\ipconfig.dat
[2012.05.19 21:28:04 | 000,039,424 | ---- | C] () -- C:\Users\Christian\368o0qiuym.exe
[2012.04.10 23:48:50 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\hpspmins.dll
[2012.04.10 23:48:50 | 000,000,991 | ---- | C] () -- C:\Windows\SysWow64\hpipxmon.ini
[2012.04.05 19:12:21 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012.04.05 19:12:21 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012.04.05 18:55:36 | 000,000,000 | ---- | C] () -- C:\ProgramData\93933d5bcd5f5389b7c369a8efe0ae8e_c
[2012.02.27 00:27:24 | 000,004,366 | ---- | C] () -- C:\Windows\UN090415.INI
[2012.02.26 04:47:38 | 000,000,293 | ---- | C] () -- C:\Windows\game.ini
[2012.02.25 21:50:18 | 000,000,535 | ---- | C] () -- C:\Windows\eReg.dat
[2012.01.30 19:32:11 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2012.01.27 23:27:34 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.01.22 15:18:47 | 001,503,220 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.01.22 01:21:21 | 000,006,800 | ---- | C] () -- C:\Windows\PSPICEEV.INI
[2012.01.22 01:21:20 | 000,176,128 | ---- | C] () -- C:\Windows\SysWow64\lffax60n.dll
[2012.01.22 01:21:20 | 000,141,824 | ---- | C] () -- C:\Windows\SysWow64\lfcmp60n.dll
[2012.01.22 01:21:20 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\lfpng60n.dll
[2012.01.22 01:21:20 | 000,046,080 | ---- | C] () -- C:\Windows\SysWow64\lftif60n.dll
[2012.01.22 01:21:20 | 000,043,008 | ---- | C] () -- C:\Windows\SysWow64\ltfil60n.dll
[2012.01.22 01:21:20 | 000,023,552 | ---- | C] () -- C:\Windows\SysWow64\lfpcx60n.dll
[2012.01.22 01:21:20 | 000,022,528 | ---- | C] () -- C:\Windows\SysWow64\lfpct60n.dll
[2012.01.22 01:21:20 | 000,022,528 | ---- | C] () -- C:\Windows\SysWow64\lfeps60n.dll
[2012.01.22 01:21:20 | 000,022,016 | ---- | C] () -- C:\Windows\SysWow64\lfbmp60n.dll
[2012.01.22 01:21:20 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\lfpsd60n.dll
[2012.01.22 01:21:20 | 000,019,968 | ---- | C] () -- C:\Windows\SysWow64\lftga60n.dll
[2012.01.22 01:21:20 | 000,019,456 | ---- | C] () -- C:\Windows\SysWow64\lfwpg60n.dll
[2012.01.22 01:21:20 | 000,019,456 | ---- | C] () -- C:\Windows\SysWow64\lfwmf60n.dll
[2012.01.22 01:21:20 | 000,018,432 | ---- | C] () -- C:\Windows\SysWow64\lfmsp60n.dll
[2012.01.22 01:21:20 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\lfmac60n.dll
[2012.01.22 01:21:20 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\implode.dll
[2012.01.22 00:25:48 | 000,647,168 | ---- | C] () -- C:\Windows\AutoKMS.exe
[2012.01.22 00:25:48 | 000,000,184 | ---- | C] () -- C:\Windows\AutoKMS.ini
[2012.01.22 00:22:50 | 000,554,496 | ---- | C] () -- C:\Windows\SysWow64\dvmsg.dll
[2012.01.21 23:52:40 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2012.01.21 23:52:40 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2012.01.21 22:34:36 | 000,000,040 | ---- | C] () -- C:\ProgramData\.zreglib
[2012.01.21 21:24:28 | 000,008,704 | ---- | C] () -- C:\Users\Christian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.10.15 01:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.03.18 18:08:56 | 000,029,592 | ---- | C] () -- C:\Windows\SysWow64\speedfan.sys
[2002.01.01 05:25:01 | 000,000,017 | ---- | C] () -- C:\Users\Christian\AppData\Local\resmon.resmoncfg

< End of report >
         
--- --- ---


Logfile Extras.txt
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 26.08.2012 10:58:04 - Run 2
OTL by OldTimer - Version 3.2.58.1     Folder = C:\Users\Christian\Desktop
64bit- Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,09 Gb Available Physical Memory | 52,18% Memory free
8,00 Gb Paging File | 5,75 Gb Available in Paging File | 71,88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 59,53 Gb Total Space | 17,01 Gb Free Space | 28,57% Space Free | Partition Type: NTFS
Drive D: | 232,80 Gb Total Space | 136,44 Gb Free Space | 58,61% Space Free | Partition Type: NTFS
Drive K: | 931,51 Gb Total Space | 636,37 Gb Free Space | 68,32% Space Free | Partition Type: NTFS
Drive L: | 931,40 Gb Total Space | 251,97 Gb Free Space | 27,05% Space Free | Partition Type: NTFS
 
Computer Name: CHRISTIAN-PC | User Name: Christian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe ()
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\Windows\regedit.exe ()
 
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1" ()
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Pro 4.Manage] -- "D:\Program Files (x86)\ACD Systems\ACDSee Pro\4.0\ACDSeeQVPro4.exe" "%1" (ACD Systems International Inc.)
Directory [AddToPlaylistVLC] -- "D:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "D:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "D:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "D:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [PlayWithVLC] -- "D:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1" ()
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Pro 4.Manage] -- "D:\Program Files (x86)\ACD Systems\ACDSee Pro\4.0\ACDSeeQVPro4.exe" "%1" (ACD Systems International Inc.)
Directory [AddToPlaylistVLC] -- "D:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "D:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "D:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "D:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [PlayWithVLC] -- "D:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00B2C6DC-AA1A-4E56-92C5-7B77CF18C518}" = lport=137 | protocol=17 | dir=in | app=system | 
"{0389E2AF-5D42-43A7-ABEF-45C59C33162B}" = lport=139 | protocol=6 | dir=in | app=system | 
"{0E6DA717-78A9-445F-8D50-27F4684A01F9}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{11AA1337-95A7-4210-A0B1-1F4BD5813EC2}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1AAA5B9F-52FF-4336-8CFE-ABCE6A39AEFC}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{25006F75-E6A7-4889-BFC2-93E2CAC074AF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{2A0F9AA0-19FD-4FCA-8EC7-33076980FB1F}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{2BCD0D10-4CA1-4E2B-AA70-4C1818CA4E3F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{306911BF-DD42-4296-AFF1-83C4C135F6C3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{39CA26E6-ABFF-4D2F-9D1D-C3B8D7EF1B50}" = lport=10300 | protocol=6 | dir=in | app=d:\program files (x86)\devolo\informer\devinf.exe | 
"{444E630D-C36C-4C96-8F00-8D01427AFB55}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe | 
"{462979B3-799A-4BD3-B2D3-164C4DAE47E7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{491B9517-C45A-4B01-8F76-E36F540923EF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{56FEB0EF-9AC1-4BCA-BEF4-2381476A3EBD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=c:\windows\system32\spoolsv.exe | 
"{59C292B1-F46B-4B3E-B14E-0091B830EDA5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=datei- und druckerfreigabe (spoolerdienst - rpc-epmap) | 
"{5F7D3C5A-138B-411D-8948-7A374F5F0654}" = rport=138 | protocol=17 | dir=out | app=system | 
"{60E3B6D2-75EB-478D-9170-2076B136F1BB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{74A79F08-12D0-4AEA-AD45-1BB4B3B8373F}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{79E1F7D2-4862-4CD9-B982-33FF954D3979}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{8281FF08-AA58-4F7A-AF6C-479EA675C73D}" = lport=445 | protocol=6 | dir=in | app=system | 
"{9084CABF-F475-4ED5-BA82-1B844526D956}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{9280C333-83F0-456E-9794-1B6785D19405}" = lport=6004 | protocol=17 | dir=in | app=d:\program files (x86)\microsoft office\office14\outlook.exe | 
"{96EC4D13-0D9C-4DFE-ABDD-0CA2091F4514}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{978DEE6E-8BFC-40B8-A278-55DF4C43F132}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{9A4F79DC-FD16-4BBB-A2EA-D838A0CE33A2}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{A3F26A45-F854-467F-AB05-F81539F7B7A4}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{AA873F61-DFE4-4F8C-ABBB-EF12DD83A413}" = rport=137 | protocol=17 | dir=out | app=system | 
"{B1F49AF6-A5D2-4707-B853-5AAED680D8CD}" = lport=10301 | protocol=17 | dir=in | app=d:\program files (x86)\devolo\informer\devinf.exe | 
"{BA6FE378-20B7-4340-A6EF-09FD4AE51487}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{D0238B17-5E4F-4684-99C5-80E39BA14CA7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{DACCEA6C-DF9E-4598-B7DC-5AF708AEF32D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe | 
"{DF853283-1E68-4904-BDDA-A7D03722F89F}" = lport=138 | protocol=17 | dir=in | app=system | 
"{E0E67E90-B93A-4C6D-9DE7-F80BA55E3240}" = rport=445 | protocol=6 | dir=out | app=system | 
"{EB1E67F1-87E0-4CC3-9377-6BE45A585616}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{ED5CE219-1E73-489F-850A-555A2B5E2055}" = rport=139 | protocol=6 | dir=out | app=system | 
"{FA131E31-8BDC-4A4F-997A-CEB8BA8E418F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{075EEFDB-A290-4C7A-B069-5AA468D31717}" = protocol=17 | dir=in | app=c:\program files (x86)\buffalo\nasnavi\nasnavi.exe | 
"{07B8B03F-96E0-4E89-9EAB-460ACFB883E7}" = protocol=17 | dir=in | app=c:\users\christian\appdata\roaming\spotify\spotify.exe | 
"{0E670B6F-F568-4410-B0CA-F03F1FA814B7}" = protocol=17 | dir=in | app=c:\program files (x86)\buffalo\nasnavi\nasinst.exe | 
"{1181E590-5B1A-4219-9539-A4FB770B1C9F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe | 
"{12372010-6CF4-4145-9765-66B20610DEC6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{18120A62-5F40-415F-9386-87C5D84FA93A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{1E420379-87F6-41E2-B32A-51E90A094E92}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{203D3D9C-FBDD-4EA2-9F6A-8A1F04D16A7A}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steam.exe | 
"{23004282-F0D3-46A0-AC4D-E829C1297C88}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{2395BBA8-966D-4732-A57B-416DE45C4F71}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe | 
"{253AB1A7-EEB3-469C-AD09-B4A4FEE61FBC}" = protocol=17 | dir=in | app=d:\program files (x86)\icq7.7\icq.exe | 
"{25A24F97-021B-4AF9-AB76-0FC3A3A0E4A0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe | 
"{277803C2-03E4-451E-8E5E-33D536A1221D}" = protocol=6 | dir=in | app=d:\program files (x86)\microsoft office\office14\groove.exe | 
"{2D3DF76C-417C-4603-939D-594595D9ED92}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{2DC24E41-9E2A-4FF4-BC87-4B402E9AE9C9}" = protocol=58 | dir=out | name=datei- und druckerfreigabe (echoanforderung - icmpv6 ausgehend) | 
"{31CC0A7D-5285-4AEB-AD87-9294C1A23961}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{332E8607-1AE6-4B18-85DC-11366354EAF8}" = dir=in | app=d:\program files (x86)\itunes\itunes.exe | 
"{33CA73B3-B4D6-4BF3-9FF1-A1BDDE70D951}" = protocol=17 | dir=in | app=d:\program files (x86)\microsoft office\office14\onenote.exe | 
"{33E2A1B6-9992-43B7-B4BC-1C6FA94A0EC2}" = protocol=6 | dir=in | app=d:\program files (x86)\icq7.7\icq.exe | 
"{39E93FD8-E8DA-4687-8BC5-68040445CF09}" = protocol=6 | dir=in | app=d:\tobit radio.fx\server\rfx-server.exe | 
"{3AD175A2-11E6-4EE0-9426-1E746ACA7F65}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3C0200D8-FAB1-477A-9136-3B15FDFF2DD8}" = protocol=1 | dir=in | name=datei- und druckerfreigabe (echoanforderung - icmpv4 eingehend) | 
"{3E7B5B9F-F5EC-4CD7-901E-E11F625B0359}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe | 
"{44B4139D-367A-4D14-A967-5630D16844AD}" = protocol=6 | dir=in | app=d:\tobit radio.fx\client\rfx-client.exe | 
"{4DDD6D0E-DA09-4516-B036-FB4B3CE0D54E}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{50DF2060-B266-48EC-A135-BFE6E7B83A7F}" = protocol=6 | dir=in | app=c:\users\christian\appdata\roaming\spotify\spotify.exe | 
"{5535724C-418D-4CB0-BCF5-E74A7EEA44AE}" = protocol=6 | dir=in | app=c:\program files (x86)\buffalo\nasnavi\nasnavi.exe | 
"{5F213AB3-53BA-473F-A822-00299B119DAD}" = protocol=6 | dir=in | app=d:\program files (x86)\icq7.7\icq.exe | 
"{6580357F-392A-4298-8A36-AE48E913DAAB}" = protocol=17 | dir=in | app=d:\tobit radio.fx\client\rfx-client.exe | 
"{67413233-2F8C-48E4-BE9F-1BC7D53EFD3C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe | 
"{6BCFB9E0-5875-4FCF-916E-DD965DF4A293}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{727957A8-865A-4D8E-A195-B1234B08C977}" = protocol=17 | dir=in | app=d:\tobit radio.fx\server\rfx-server.exe | 
"{72DCB19D-2477-449C-8056-A91225384F63}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe | 
"{7B5CB2C7-2389-4E49-98DB-D48A143A7FB3}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7D2605D4-0B5C-43FF-9EF7-751D64D9F25E}" = protocol=6 | dir=in | app=c:\program files (x86)\buffalo\nasnavi\nasinst.exe | 
"{8173F9D4-04A5-4A88-A20F-B75C90E7DE5C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{895E2739-638C-48AB-8A1F-814D0DC15253}" = protocol=17 | dir=in | app=d:\program files (x86)\icq7.7\icq.exe | 
"{8A2B35EF-98E9-4FA9-94DE-3F89EC7FA0B6}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{8E2200A4-D500-4B20-9E8E-D92CFC07475F}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{93262874-9581-4055-BCC7-0EFBFC0663DB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9D3ACC19-E1F6-4B86-AF1D-03162B56C1C3}" = protocol=6 | dir=in | app=c:\users\christian\appdata\roaming\spotify\spotify.exe | 
"{A22FEE8C-CA68-46E6-815A-912703ACA328}" = protocol=17 | dir=in | app=c:\users\christian\appdata\roaming\spotify\spotify.exe | 
"{A927F664-E56D-45D6-9757-5B191F98D021}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{AE62999A-4E36-4922-B595-5658488F1A20}" = protocol=58 | dir=in | name=datei- und druckerfreigabe (echoanforderung - icmpv6 eingehend) | 
"{B04BE6B0-3943-4598-8AA2-DE2CFF8089EA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{B3602894-CE11-4352-A08C-21F8E966319C}" = protocol=1 | dir=out | name=datei- und druckerfreigabe (echoanforderung - icmpv4 ausgehend) | 
"{B8FAE344-102B-41F9-8AA3-D828060CB36F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{C325ABC5-B9C6-4DE7-AFE6-58FDE57E669F}" = protocol=17 | dir=in | app=d:\program files (x86)\microsoft office\office14\groove.exe | 
"{C901CFD6-7DAE-4E17-BB8A-10771B9CA3BE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D17710A2-B7E1-42C5-B62D-0E2DA666ADF9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D99422DC-7409-4569-B5A9-B568BA1EC979}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{DAAA4AC6-33A4-4877-8D06-69C197F43DCC}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{DD541CEB-D180-429D-A969-768C0E57805B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{E28A7479-D865-460C-BF8F-0C6DB2791FC8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{E416071D-408A-409E-9D2B-B25020DCE96D}" = protocol=6 | dir=out | app=system | 
"{EE6190AA-8082-41D0-8F10-65276A889FD9}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steam.exe | 
"{F64B1308-89C9-42DB-8EB9-C44519D419D0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe | 
"{F78121FC-20C0-49E7-8E7A-02E1009B3A50}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe | 
"{F87F5466-C8DF-4D72-B621-790858C10FD9}" = protocol=6 | dir=in | app=d:\program files (x86)\microsoft office\office14\onenote.exe | 
"TCP Query User{2337F27C-4B66-4435-9241-594E32B56B52}D:\program files (x86)\java\bin\javaw.exe" = protocol=6 | dir=in | app=d:\program files (x86)\java\bin\javaw.exe | 
"TCP Query User{38554713-72C1-4E82-B477-2BAD986FA451}C:\program files\klever\nothings\pumpkin.exe" = protocol=6 | dir=in | app=c:\program files\klever\nothings\pumpkin.exe | 
"TCP Query User{394B02AB-2E83-4E71-83CC-24F0426755C4}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=6 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe | 
"TCP Query User{44F45971-4150-49D2-8F81-3AAAB118C907}D:\program files (x86)\mediamonkey\mediamonkey.exe" = protocol=6 | dir=in | app=d:\program files (x86)\mediamonkey\mediamonkey.exe | 
"TCP Query User{695654EC-E80A-418D-9667-B5D3031E7A70}\\ls-chl-v2a54\share\pogramme\iphone 3gs\zum wiederherstellen\tinyumbrella-5.00.11.exe" = protocol=6 | dir=in | app=\\ls-chl-v2a54\share\pogramme\iphone 3gs\zum wiederherstellen\tinyumbrella-5.00.11.exe | 
"TCP Query User{7B724837-F1DF-4BD2-93A4-DDDC3C565C14}C:\program files (x86)\buffalo\nasnavi\nasnavi.exe" = protocol=6 | dir=in | app=c:\program files (x86)\buffalo\nasnavi\nasnavi.exe | 
"TCP Query User{8296F721-6C6F-42B6-B007-1597BC985C1E}D:\program files (x86)\activision\call of duty 2\cod2mp_s.exe" = protocol=6 | dir=in | app=d:\program files (x86)\activision\call of duty 2\cod2mp_s.exe | 
"TCP Query User{88621B63-5625-48D7-9F12-70030AE4454A}D:\program files (x86)\java\bin\java.exe" = protocol=6 | dir=in | app=d:\program files (x86)\java\bin\java.exe | 
"TCP Query User{B44EA742-3059-4FB2-AA88-6B60F1364E13}D:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=d:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"TCP Query User{BE994AAE-9F08-4F0A-81A9-3621C9D8A53F}C:\windows\kmsemulator.exe" = protocol=6 | dir=in | app=c:\windows\kmsemulator.exe | 
"TCP Query User{C0D8AB26-8AE9-4915-9F4F-835AD9564891}D:\program files (x86)\disney interactive studios\split second velocity\splitsecond.exe" = protocol=6 | dir=in | app=d:\program files (x86)\disney interactive studios\split second velocity\splitsecond.exe | 
"TCP Query User{C9B64C99-8B73-411A-A530-BBEA0AC32262}D:\program files (x86)\festo\robotinosim\bin\robotinosim.exe" = protocol=6 | dir=in | app=d:\program files (x86)\festo\robotinosim\bin\robotinosim.exe | 
"UDP Query User{17D67E89-8E81-42FF-963E-F58B807B85AD}D:\program files (x86)\java\bin\java.exe" = protocol=17 | dir=in | app=d:\program files (x86)\java\bin\java.exe | 
"UDP Query User{1FDF5A2D-F5F3-4914-B18E-653A6C7D7684}D:\program files (x86)\activision\call of duty 2\cod2mp_s.exe" = protocol=17 | dir=in | app=d:\program files (x86)\activision\call of duty 2\cod2mp_s.exe | 
"UDP Query User{3A1FE814-677C-4E12-9F3E-C21DED19A263}C:\program files\klever\nothings\pumpkin.exe" = protocol=17 | dir=in | app=c:\program files\klever\nothings\pumpkin.exe | 
"UDP Query User{486267C3-1876-42F0-9F54-21C2AFE6AB21}C:\windows\kmsemulator.exe" = protocol=17 | dir=in | app=c:\windows\kmsemulator.exe | 
"UDP Query User{4D014551-E85C-40A1-A4A0-A1408C9DE2DA}C:\program files (x86)\buffalo\nasnavi\nasnavi.exe" = protocol=17 | dir=in | app=c:\program files (x86)\buffalo\nasnavi\nasnavi.exe | 
"UDP Query User{5134B570-0639-4FA5-9373-EACA30B8D444}D:\program files (x86)\java\bin\javaw.exe" = protocol=17 | dir=in | app=d:\program files (x86)\java\bin\javaw.exe | 
"UDP Query User{5BAAEE0E-FC60-436D-AFBF-454B6015D5A6}D:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=d:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"UDP Query User{5CC177A0-F1FC-465F-B083-A7533CB2B201}D:\program files (x86)\disney interactive studios\split second velocity\splitsecond.exe" = protocol=17 | dir=in | app=d:\program files (x86)\disney interactive studios\split second velocity\splitsecond.exe | 
"UDP Query User{6A830694-ECA6-4CF8-918F-2014D9D40F11}\\ls-chl-v2a54\share\pogramme\iphone 3gs\zum wiederherstellen\tinyumbrella-5.00.11.exe" = protocol=17 | dir=in | app=\\ls-chl-v2a54\share\pogramme\iphone 3gs\zum wiederherstellen\tinyumbrella-5.00.11.exe | 
"UDP Query User{902C3A4F-D2DE-4232-B1C0-BF906270A075}D:\program files (x86)\mediamonkey\mediamonkey.exe" = protocol=17 | dir=in | app=d:\program files (x86)\mediamonkey\mediamonkey.exe | 
"UDP Query User{AAFDDC2B-85C9-48A7-9A06-0989C1CED0D4}D:\program files (x86)\festo\robotinosim\bin\robotinosim.exe" = protocol=17 | dir=in | app=d:\program files (x86)\festo\robotinosim\bin\robotinosim.exe | 
"UDP Query User{B9E773D0-960D-4354-8CD5-7969404FE0D6}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=17 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86417004FF}" = Java(TM) 7 Update 4 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5CE7E3F5-9803-4F32-AA89-2D8848A80109}" = Microsoft LifeCam
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{9F560BEB-021F-43AC-825F-AA60442D8DE4}" = 64 Bit HP CIO Components Installer
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{ED49426D-A15D-D7E0-DF56-3AC844CEDF8E}" = ATI Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.59
"EPSON SX125 Series" = EPSON SX125 Series Printer Uninstall
"EPSON SX130 Series" = EPSON SX130 Series Printer Uninstall
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NETGATE Data Backup_is1" = NETGATE Data Backup
"Unlocker" = Unlocker 1.9.1-x64
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinRAR archiver" = WinRAR 4.10 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 5
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3DF12C94-8D3D-43D4-AF3C-754F51CB89CD}" = HP Install Network Printer Wizard
"{46EDCFA5-7EDB-46A9-B093-1C6237470CEC}" = 3DMark 11
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942
"{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}" = ICQ7.7
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{789C43A9-4FD7-456B-8E27-5CE442FF3005}_is1" = Split Second Velocity 1.0
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86107E2D-DFB9-46BC-99ED-07EACAEE0923}" = G Data InternetSecurity 2013
"{86CE1746-9EFF-3C9C-8755-81EA8903AC34}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{88D4FE78-6EA6-4DFB-9FC2-8BC316F0C2FD}" = ACDSee Pro 4
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0000-0000-0000000FF1CE}" = Microsoft Office Access 2007
"{90120000-0015-0000-0000-0000000FF1CE}_Access_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_Access_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_Access_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_Access_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_Access_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_Access_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_Access_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_Access_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_Access_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
"{95140000-0081-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C12A2A3D-0D08-8262-E189-E831A8AC3D37}" = Catalyst Control Center InstallProxy
"{C1868B6B-087E-4239-97B0-87F9418BDF7A}_is1" = Call of Duty 4: Modern Warfare
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C40C3C3D-97CF-44B5-836C-766E374464B3}" = 3DMark Vantage
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D54049D3-256C-4E19-AAE9-861F6B00BF29}" = AGEIA GAME System Software
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Access" = Microsoft Office Access 2007
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"CentraClient" = Centra Client
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"DAEMON Tools Lite" = DAEMON Tools Lite
"dslmon" = devolo Informer
"EPSON Scanner" = EPSON Scan
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FileZilla Client" = FileZilla Client 3.5.3
"Free YouTube Download_is1" = Free YouTube Download version 3.0.20.1228
"HP Standard Port Monitor" = HP Standard Port Monitor
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"MediaMonkey_is1" = MediaMonkey 4.0
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"PricePeep" = PricePeep for FireFox
"PS3 Media Server" = PS3 Media Server
"PSpice Student" = PSpice Student 9.1
"PumpKIN" = Klever PumpKIN 2.7.3
"QuickStores-Toolbar_is1" = QuickStores-Toolbar 1.1.0
"RobotinoSim-1_is1" = RobotinoSim 1.0 20081104 (Uninstall)
"Security Task Manager" = Security Task Manager 1.8d
"SpeedFan" = SpeedFan (remove only)
"Steam App 240" = Counter-Strike: Source
"Steam App 260" = Counter-Strike: Source Beta
"Steam App 80" = Counter-Strike: Condition Zero
"Tobit Radio.fx Server" = Radio.fx
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"UN060501" = BUFFALO NAS Navigator2
"UN090415" = BUFFALO LinkStation(LS-CHL) Setup Guide
"Verbindungsassistent" = Verbindungsassistent
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Spotify" = Spotify
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 25.08.2012 17:24:15 | Computer Name = Christian-PC | Source = GDFwSvc | ID = 0
Description = Error loading GDPkIcpt (C:\Windows\system32\drivers\PktIcpt.sys): 
31
 
Error - 25.08.2012 17:36:14 | Computer Name = Christian-PC | Source = Microsoft-Windows-Backup | ID = 517
Description = Fehler bei der um 2012-08-25T20:00:50.954770000Z gestarteten Sicherung.
 Fehlercode: "2155348000" (%%2155348000). Suchen Sie in den Ereignisdetails nach
 einer Lösung, und führen Sie die Sicherung erneut aus, nachdem das Problem behoben
 wurde.
 
Error - 25.08.2012 17:36:18 | Computer Name = Christian-PC | Source = Windows Backup | ID = 4104
Description = 
 
Error - 25.08.2012 18:02:10 | Computer Name = Christian-PC | Source = GDFwSvc | ID = 0
Description = Error loading GDPkIcpt (C:\Windows\system32\drivers\PktIcpt.sys): 
31
 
Error - 25.08.2012 18:02:13 | Computer Name = Christian-PC | Source = AVKWCtl | ID = 0
Description = Der Filter Treiber konnte aus dem folgenden Grund nicht gestartet 
werden: Error loading GDMnIcpt (C:\Windows\system32\drivers\MiniIcpt.sys): 31
 
Error - 25.08.2012 18:07:54 | Computer Name = Christian-PC | Source = GDFwSvc | ID = 0
Description = Error loading GDPkIcpt (C:\Windows\system32\drivers\PktIcpt.sys): 
31
 
Error - 25.08.2012 18:07:55 | Computer Name = Christian-PC | Source = AVKWCtl | ID = 0
Description = Der Filter Treiber konnte aus dem folgenden Grund nicht gestartet 
werden: Error loading GDMnIcpt (C:\Windows\system32\drivers\MiniIcpt.sys): 31
 
Error - 25.08.2012 18:30:24 | Computer Name = Christian-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4f981ba7  Name des fehlerhaften Moduls: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4f981ba7  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000119d6  ID des fehlerhaften
 Prozesses: 0x440  Startzeit der fehlerhaften Anwendung: 0x01cd830e24d4d4cd  Pfad der
 fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe  Pfad des fehlerhaften Moduls:
 C:\Windows\SysWOW64\svchost.exe  Berichtskennung: 75a93a23-ef04-11e1-928c-20cf30c199e4
 
Error - 25.08.2012 22:52:56 | Computer Name = Christian-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 25.08.2012 22:53:25 | Computer Name = Christian-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "d:\program files
 (x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
 "d:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der
 Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
 
[ System Events ]
Error - 25.08.2012 18:19:50 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "GDMnIcpt" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%31
 
Error - 25.08.2012 18:23:50 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "GDBehave" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%31
 
Error - 25.08.2012 18:23:50 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "GDBehave" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%31
 
Error - 25.08.2012 18:23:50 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "GDBehave" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%31
 
Error - 25.08.2012 18:23:50 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "GDBehave" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%31
 
Error - 25.08.2012 18:23:50 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "GDMnIcpt" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%31
 
Error - 25.08.2012 18:23:50 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "GDMnIcpt" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%31
 
Error - 25.08.2012 18:23:50 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "GDMnIcpt" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%31
 
Error - 25.08.2012 18:23:50 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "GDMnIcpt" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%31
 
Error - 25.08.2012 22:51:30 | Computer Name = Christian-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
 
< End of report >
         
--- --- ---
__________________

Alt 27.08.2012, 02:28   #4
t'john
/// Helfer-Team
 
Virus 368o0qiuym.exe, Avast lässt sich nicht löschen - Standard

Virus 368o0qiuym.exe, Avast lässt sich nicht löschen



Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:
  • Der Fix fängt mit :OTL an. Vergewissere dich, dass du ihn richtig kopiert hast.


Code:
ATTFilter
:OTL
SRV:64bit: - (4ae83266a54908f8) -- C:\Windows\SysNative\drivers\4ae83266a54908f8.sys () 
DRV:64bit: - (4ae83266a54908f8) -- C:\Windows\SysNative\drivers\4ae83266a54908f8.sys () 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE - HKU\.DEFAULT\..\SearchScopes\{33524C00-63FB-43DB-A6BF-0A4E14B24649}: "URL" = http://www.basicscan.com/?prt=BASICSCAN115&keywords={searchTerms} 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-18\..\SearchScopes\{33524C00-63FB-43DB-A6BF-0A4E14B24649}: "URL" = http://www.basicscan.com/?prt=BASICSCAN115&keywords={searchTerms} 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-21-3541593995-219577290-479996347-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKU\S-1-5-21-3541593995-219577290-479996347-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC 
IE - HKU\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local 
FF - prefs.js..browser.search.defaultenginename: "Yahoo" 
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12" 
FF - prefs.js..browser.search.selectedEngine: "Yahoo" 
FF - prefs.js..keyword.URL: "http://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=" 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found 
File not found (No name found) -- C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM 
File not found (No name found) -- C:\PROGRAM FILES (X86)\YOUTUBE DOWNLOADER TOOLBAR\FF 
[2012.07.25 14:40:08 | 000,000,000 | ---D | M] (No name found) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT 
O2 - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found. 
O4 - HKLM..\Run: [] File not found 
O4 - HKLM..\Run: [Regedit32] C:\Windows\system32\regedit.exe File not found 
O4 - HKU\S-1-5-21-3541593995-219577290-479996347-1000..\Run: [368o0qiuym] C:\Users\Christian\368o0qiuym.exe () 
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found 
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found 
O4 - HKU\S-1-5-21-3541593995-219577290-479996347-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 
O7 - HKU\S-1-5-21-3541593995-219577290-479996347-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Christian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found 
O8 - Extra context menu item: Free YouTube Download - C:\Users\Christian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found 
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.5.1) 
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) 
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.5.1) 
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O32 - HKLM CDRom: AutoRun - 1 
O33 - MountPoints2\{02dfb4cc-481d-11e1-800e-20cf30c199e4}\Shell - "" = AutoRun 
O33 - MountPoints2\{02dfb4cc-481d-11e1-800e-20cf30c199e4}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a 
O33 - MountPoints2\{09c02549-a8af-11e1-90cc-20cf30c199e4}\Shell - "" = AutoRun 
O33 - MountPoints2\{09c02549-a8af-11e1-90cc-20cf30c199e4}\Shell\AutoRun\command - "" = F:\AutoRun.exe 
O33 - MountPoints2\{8194746d-a8ad-11e1-978c-20cf30c199e4}\Shell - "" = AutoRun 
O33 - MountPoints2\{8194746d-a8ad-11e1-978c-20cf30c199e4}\Shell\AutoRun\command - "" = F:\AutoRun.exe 
O33 - MountPoints2\{81947482-a8ad-11e1-978c-20cf30c199e4}\Shell - "" = AutoRun 
O33 - MountPoints2\{81947482-a8ad-11e1-978c-20cf30c199e4}\Shell\AutoRun\command - "" = F:\AutoRun.exe 
O33 - MountPoints2\{819474b9-a8ad-11e1-978c-20cf30c199e4}\Shell - "" = AutoRun 
O33 - MountPoints2\{819474b9-a8ad-11e1-978c-20cf30c199e4}\Shell\AutoRun\command - "" = F:\AutoRun.exe 
O33 - MountPoints2\L\Shell - "" = AutoRun 
O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a 
[2012.08.26 00:08:01 | 000,078,848 | ---- | M] () -- C:\Windows\KMSEmulator.exe 

:Files

C:\Users\Christian\AppData\Local\{*}
C:\ProgramData\*.exe
C:\ProgramData\TEMP
C:\Users\Christian\AppData\Local\Temp\*.exe
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
         
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________
Mfg, t'john
Das TB unterstützen

Alt 27.08.2012, 16:44   #5
chris90123
 
Virus 368o0qiuym.exe, Avast lässt sich nicht löschen - Standard

Virus 368o0qiuym.exe, Avast lässt sich nicht löschen



Der Logfile:

Zitat:
All processes killed
========== OTL ==========
Error: No service named 4ae83266a54908f8 was found to stop!
Service\Driver key 4ae83266a54908f8 not found.
File C:\Windows\SysNative\drivers\4ae83266a54908f8.sys not found.
Error: No service named 4ae83266a54908f8 was found to stop!
Service\Driver key 4ae83266a54908f8 not found.
File C:\Windows\SysNative\drivers\4ae83266a54908f8.sys not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{33524C00-63FB-43DB-A6BF-0A4E14B24649}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33524C00-63FB-43DB-A6BF-0A4E14B24649}\ not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Registry key HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\{33524C00-63FB-43DB-A6BF-0A4E14B24649}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33524C00-63FB-43DB-A6BF-0A4E14B24649}\ not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKU\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "Yahoo" removed from browser.search.defaultenginename
Prefs.js: "chr-greentree_ff&type=937811&ilc=12" removed from browser.search.param.yahoo-fr
Prefs.js: "Yahoo" removed from browser.search.selectedEngine
Prefs.js: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=" removed from keyword.URL
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT\Components folder moved successfully.
C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT\Chrome\Skin folder moved successfully.
C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT\Chrome\Content folder moved successfully.
C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT\Chrome folder moved successfully.
C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Regedit32 not found.
Registry value HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Run\\368o0qiuym deleted successfully.
File C:\Users\Christian\368o0qiuym.exe not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1004\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Free YouTube Download\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Free YouTube Download\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1004\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1004\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1004\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{02dfb4cc-481d-11e1-800e-20cf30c199e4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02dfb4cc-481d-11e1-800e-20cf30c199e4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{02dfb4cc-481d-11e1-800e-20cf30c199e4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02dfb4cc-481d-11e1-800e-20cf30c199e4}\ not found.
File L:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{09c02549-a8af-11e1-90cc-20cf30c199e4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09c02549-a8af-11e1-90cc-20cf30c199e4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{09c02549-a8af-11e1-90cc-20cf30c199e4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09c02549-a8af-11e1-90cc-20cf30c199e4}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8194746d-a8ad-11e1-978c-20cf30c199e4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8194746d-a8ad-11e1-978c-20cf30c199e4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8194746d-a8ad-11e1-978c-20cf30c199e4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8194746d-a8ad-11e1-978c-20cf30c199e4}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{81947482-a8ad-11e1-978c-20cf30c199e4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{81947482-a8ad-11e1-978c-20cf30c199e4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{81947482-a8ad-11e1-978c-20cf30c199e4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{81947482-a8ad-11e1-978c-20cf30c199e4}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{819474b9-a8ad-11e1-978c-20cf30c199e4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{819474b9-a8ad-11e1-978c-20cf30c199e4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{819474b9-a8ad-11e1-978c-20cf30c199e4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{819474b9-a8ad-11e1-978c-20cf30c199e4}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\L\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\L\ not found.
File L:\LaunchU3.exe -a not found.
C:\Windows\KMSEmulator.exe moved successfully.
========== FILES ==========
File\Folder C:\Users\Christian\AppData\Local\{*} not found.
File\Folder C:\ProgramData\*.exe not found.
File\Folder C:\ProgramData\TEMP not found.
File\Folder C:\Users\Christian\AppData\Local\Temp\*.exe not found.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Christian\Desktop\cmd.bat deleted successfully.
C:\Users\Christian\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Christian
->Temp folder emptied: 1674956 bytes
->Temporary Internet Files folder emptied: 22400243 bytes
->FireFox cache emptied: 152982693 bytes
->Google Chrome cache emptied: 35365902 bytes
->Flash cache emptied: 4096 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41620 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 17002 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 39072448 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33237 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 552 bytes
RecycleBin emptied: 4030485802 bytes

Total Files Cleaned = 4.084,00 mb


OTL by OldTimer - Version 3.2.58.1 log created on 08272012_163611

Files\Folders moved on Reboot...
C:\Users\Christian\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Christian\AppData\Local\Mozilla\Firefox\Profiles\sqcnk3tq.default\Cache\_CACHE_001_ moved successfully.
C:\Users\Christian\AppData\Local\Mozilla\Firefox\Profiles\sqcnk3tq.default\Cache\_CACHE_002_ moved successfully.
C:\Users\Christian\AppData\Local\Mozilla\Firefox\Profiles\sqcnk3tq.default\Cache\_CACHE_003_ moved successfully.
C:\Users\Christian\AppData\Local\Mozilla\Firefox\Profiles\sqcnk3tq.default\Cache\_CACHE_MAP_ moved successfully.
C:\Users\Christian\AppData\Local\Mozilla\Firefox\Profiles\sqcnk3tq.default\urlclassifier3.sqlite moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


Alt 27.08.2012, 20:54   #6
t'john
/// Helfer-Team
 
Virus 368o0qiuym.exe, Avast lässt sich nicht löschen - Standard

Virus 368o0qiuym.exe, Avast lässt sich nicht löschen



Sehr gut!

Wie laeuft der Rechner?

1. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
--> Virus 368o0qiuym.exe, Avast lässt sich nicht löschen

Alt 27.08.2012, 22:46   #7
chris90123
 
Virus 368o0qiuym.exe, Avast lässt sich nicht löschen - Standard

Virus 368o0qiuym.exe, Avast lässt sich nicht löschen



So, erstmal herzlichen Dank, System läuft schon besser

Zitat:
# AdwCleaner v1.801 - Logfile created 08/27/2012 at 22:45:06
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Professional (64 bits)
# User : Christian - CHRISTIAN-PC
# Boot Mode : Normal
# Running from : C:\Users\Christian\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\Christian\AppData\Local\Babylon
Folder Found : C:\Users\Christian\AppData\LocalLow\Search Settings
Folder Found : C:\Users\Christian\AppData\Roaming\QuickStoresToolbar
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\BasicScan
Folder Found : C:\ProgramData\boost_interprocess
Folder Found : C:\Program Files (x86)\BasicScan
Folder Found : C:\Program Files (x86)\PricePeep
Folder Found : C:\Program Files (x86)\Wajam
Folder Found : C:\Windows\assembly\GAC_MSIL\QuickStoresToolbar
File Found : C:\Users\Christian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QuickStores.url
File Found : C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\QuickStores.url

***** [Registry] *****

Key Found : HKLM\SOFTWARE\Babylon
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PricePeep
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QuickStores-Toolbar_is1

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\CLSID\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}]
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default
File : C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\sqcnk3tq.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v21.0.1180.83

File : C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found : "keyword": "basicscan.com",
Found : "name": "BasicScan",
Found : "search_url": "hxxp://www.basicscan.com/?tmp=redir_bho_bing&dist=0&prt=BscscnPB&keywords={sear[...]
Found : "name": "Wajam",
Found : "name": "Wajam"

*************************

AdwCleaner[R1].txt - [2915 octets] - [27/08/2012 22:45:06]

########## EOF - C:\AdwCleaner[R1].txt - [3043 octets] ##########

Alt 28.08.2012, 18:33   #8
t'john
/// Helfer-Team
 
Virus 368o0qiuym.exe, Avast lässt sich nicht löschen - Standard

Virus 368o0qiuym.exe, Avast lässt sich nicht löschen



Bitte das Malwarebytes Logfile posten!
(Reiter Logberichte)
__________________
Mfg, t'john
Das TB unterstützen

Alt 28.08.2012, 21:49   #9
chris90123
 
Virus 368o0qiuym.exe, Avast lässt sich nicht löschen - Standard

Virus 368o0qiuym.exe, Avast lässt sich nicht löschen



Kein Problem. Der Dienst 368o0qiuym.exe läuft leider immer noch.

Zitat:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8349

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

11.12.2011 02:01:18
mbam-log-2011-12-11 (02-01-18).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|)
Durchsuchte Objekte: 336058
Laufzeit: 22 Minute(n), 25 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
c:\Windows\kmservice.exe (RiskWare.Tool.CK) -> 2008 -> Unloaded process successfully.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chrome.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\itunes.exe (Security.Hijack) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Windows\kmservice.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
c:\Windows\kmsemulator.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.

Alt 29.08.2012, 03:42   #10
t'john
/// Helfer-Team
 
Virus 368o0qiuym.exe, Avast lässt sich nicht löschen - Standard

Virus 368o0qiuym.exe, Avast lässt sich nicht löschen



Datei-Überprüfung

Folgende Datei/en (siehe Codebox) bei VirusTotal online überprüfen lassen. Dafür musst Du jede Datei einzeln über den Button "Durchsuchen" und "Send file" nach VirusTotal hochladen und prüfen lassen. Sollte die Datei bereits einmal geprüft sein, bitte auf Reanalyze klicken.

Code:
ATTFilter
C:\_OTL\Movedfiles\C_Users\Christian\368o0qiuym.exe
         
Solltest Du die Datei/en auf Deinem Computer nicht finden, überprüfe, ob folgende Einstellungen richtig gesetzt sind.

Beim Firefox mit installiertem NoScript bitte VirusTotal erlauben. Wenn VirusTotal die Datei empfangen hat, wird sie diese mit mehreren Anti-Virus-Scannern prüfen und die Ergebnisse anzeigen. Sollte VirusTotal melden, dass die Datei bereits überpüft wurde, lasse sie trotzdem über den Button "Reanalyse" erneut prüfen.

Wenn das Ergebnis vorliegt, kopiere mir den Ergebnis-Link (aus der Adresszeile des Browsers) hier in den Thread.

Auch wenn sich herausstellt, dass die Datei/en infiziert ist/sind, bitte nicht ohne Absprache löschen!
__________________
Mfg, t'john
Das TB unterstützen

Alt 29.08.2012, 16:52   #11
chris90123
 
Virus 368o0qiuym.exe, Avast lässt sich nicht löschen - Standard

Virus 368o0qiuym.exe, Avast lässt sich nicht löschen



Hi,
in diesem Ordner lässt sich nichts finden, ich habe diese Datei jedoch in den Benutzer Daten drin, lässt sich aber nicht überprüfen, da keine Berechtigung etc.. ich kann da nicht mit machen.

Alt 29.08.2012, 19:13   #12
t'john
/// Helfer-Team
 
Virus 368o0qiuym.exe, Avast lässt sich nicht löschen - Standard

Virus 368o0qiuym.exe, Avast lässt sich nicht löschen



Malware mit Combofix beseitigen

Lade Combofix von einem der folgenden Download-Spiegel herunter:

BleepingComputer.com - ForoSpyware.com

und speichere das Programm auf den Desktop, nicht woanders hin, das ist wichtig!
Beachte die ausführliche Original-Anleitung.

Zurzeit ist Combofix auf folgenden Windows-Versionen lauffähig:
  • Windows XP (nur 32-bit)
  • Windows Vista (32-bit/64-bit)
  • Windows 7 (32-bit/64-bit)


Vorbereitung und wichtige Hinweise

  • Bitte während des Scans mit Combofix Antiviren- sowie Antispy-Programme, die Firewall und evtl. vorhandenes Skript-Blocking (Norton) deaktivieren.
  • Liste der zu deaktivierenden Programme.
    Bei Unklarheiten bitte fragen.


  • ComboFix wird Deine Einstellungen in Bezug auf den Bildschirmschoner zurücksetzen.
  • Diese Einstellungen kannst Du nach Beendigung unserer Bereinigung wieder ändern.
  • Mache nichts anderes, wenn es Dir nicht gelungen ist, Combofix laufen zu lassen.
  • Teile uns das mit und warte auf unsere Anweisungen.


  • Starte die Combofix.exe mit Rechtsklick => Als Administrator ausführen und folge den Anweisungen.
  • Während des Laufs von Combofix nichts anderes am Computer machen!
  • Akzeptiere die Bedingungen (Disclaimer) mit "Ja".


  • Sollte Combofix eine aktuellere Version anbieten, Downlaod erlauben.
  • Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren.
  • Es erscheint eine blaue Eingabeaufforderung, Combofix wird für den Suchlauf vorbereitet.
  • Bitte nicht in dieses Combofix-Fenster klicken.
  • Das könnte Dein System einfrieren oder hängen bleiben lassen.
  • Es wird ein Backup Deiner Registry erstellt.
  • Nun werden die einzelnen Stufen des Programms abgearbeitet, das kann eine Weile dauern.


  • Wenn ComboFix fertig ist, wird es ein Log erstellen (bitte warten, das dauert einen Moment).
  • Unbedingt warten, bis sich das Combofix-Fenster geschlossen hat und das Logfile im Editor erscheint.
  • Bitte poste die Log-Dateien C:\ComboFix.txt und C:\Qoobox\Add-Remove Programs.txt in Code-Tags hier in den Thread.


  • Hinweis: Combofix macht aus verschiedenen Gründen den Internet Explorer zum Standard-Browser und erstellt ein IE-Icon auf dem Desktop.
  • Das IE-Desktop-Icon kannst Du nach der Bereinigung wieder löschen und Deinen bevorzugten Browser wieder als Standard-Browser einstellen.



Combofix nicht auf eigene Faust einsetzen. Wenn keine entsprechende Infektion vorliegt, kann das den Rechner lahmlegen und/oder nachhaltig schädigen!
__________________
Mfg, t'john
Das TB unterstützen

Alt 31.08.2012, 16:44   #13
chris90123
 
Virus 368o0qiuym.exe, Avast lässt sich nicht löschen - Standard

Virus 368o0qiuym.exe, Avast lässt sich nicht löschen



Das Logfile:

Combofix Logfile:
Code:
ATTFilter
ComboFix 12-08-30.05 - Christian 31.08.2012  16:33:42.1.4 - x64
Microsoft Windows 7 Professional   6.1.7600.0.1252.49.1031.18.4095.2532 [GMT 2:00]
ausgeführt von:: c:\users\Christian\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: G Data InternetSecurity 2013 *Enabled/Outdated* {39B780B4-63C2-05B0-3B40-8F7A21E4F496}
FW: G Data Personal Firewall *Enabled* {018C0191-29AD-04E8-101F-264FDF37B3ED}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: G Data InternetSecurity 2013 *Enabled/Outdated* {82D66150-45F8-0A3E-01F0-B4085A63BE2B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\BasicScan
c:\program files (x86)\BasicScan\uninstall.exe
c:\programdata\93933d5bcd5f5389b7c369a8efe0ae8e_c
c:\programdata\BasicScan
c:\users\Christian\368o0qiuym.exe . . . . Nicht in der Lage zu löschen
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-07-28 bis 2012-08-31  ))))))))))))))))))))))))))))))
.
.
2012-08-31 14:21 . 2012-08-31 14:38	78848	----a-w-	c:\windows\KMSEmulator.exe
2012-08-27 14:36 . 2012-08-27 14:36	--------	d-----w-	C:\_OTL
2012-08-26 09:40 . 2012-08-31 14:27	783044	----a-w-	c:\windows\SysWow64\sig.bin
2012-08-26 08:58 . 2012-08-26 08:58	--------	d-----w-	c:\users\Christian\AppData\Local\G DATA
2012-08-25 22:03 . 2012-08-25 22:03	--------	d-----w-	c:\program files (x86)\Security Task Manager
2012-08-25 21:24 . 2012-08-25 21:24	59768	----a-w-	c:\windows\system32\drivers\PktIcpt.sys
2012-08-25 21:24 . 2012-02-02 09:38	51192	----a-w-	c:\program files (x86)\Mozilla Firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad}\Components\BanksafeXPCOM.dll
2012-08-25 21:23 . 2012-08-25 21:23	64376	----a-w-	c:\windows\system32\drivers\HookCentre.sys
2012-08-25 21:23 . 2012-08-25 21:23	122744	----a-w-	c:\windows\system32\drivers\MiniIcpt.sys
2012-08-25 21:23 . 2012-08-25 21:23	54136	----a-w-	c:\windows\system32\drivers\GDBehave.sys
2012-08-25 21:22 . 2012-08-25 21:22	65912	----a-w-	c:\windows\system32\drivers\gdwfpcd64.sys
2012-08-25 21:20 . 2012-08-25 21:27	--------	d-----w-	c:\programdata\G DATA
2012-08-25 21:20 . 2012-08-25 21:20	--------	d-----w-	c:\program files (x86)\Common Files\G Data
2012-08-25 21:20 . 2012-08-25 21:20	--------	d-----w-	c:\program files (x86)\G Data
2012-08-25 20:23 . 2012-08-25 22:04	--------	d-----w-	c:\programdata\SecTaskMan
2012-08-25 19:59 . 2012-08-19 23:53	9309624	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{BAF15128-AC52-4C56-BB9B-CED7A6C14896}\mpengine.dll
2012-08-18 19:23 . 2012-08-18 22:56	--------	d-----w-	c:\users\Christian\AppData\Local\Paint.NET
2012-08-18 14:47 . 2012-08-18 14:47	--------	d-----w-	c:\program files\Microsoft LifeCam
2012-08-18 14:47 . 2012-08-18 14:47	--------	d-----w-	c:\program files (x86)\Microsoft LifeCam
2012-08-16 14:22 . 2012-08-16 14:22	--------	d-----w-	c:\program files (x86)\Oracle
2012-08-05 15:37 . 2009-05-15 17:36	173360	----a-w-	c:\windows\UN060501.EXE
2012-08-03 19:30 . 2012-08-03 19:30	--------	d-----w-	c:\program files\Klever
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-16 15:33 . 2012-03-29 17:43	426184	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-16 15:33 . 2012-01-21 20:04	70344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-05 20:06 . 2012-06-11 15:32	772544	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2012-07-05 20:06 . 2012-01-21 23:38	687544	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-07-03 11:46 . 2012-01-21 22:20	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-06-07 20:47 . 2012-06-07 20:47	268744	----a-w-	c:\windows\system32\javaws.exe
2012-06-07 20:47 . 2012-01-21 21:47	955848	----a-w-	c:\windows\system32\npdeployJava1.dll
2012-06-07 20:47 . 2012-01-21 21:47	839112	----a-w-	c:\windows\system32\deployJava1.dll
2012-06-07 20:47 . 2012-01-21 21:47	189384	----a-w-	c:\windows\system32\javaw.exe
2012-06-07 20:47 . 2012-01-21 21:47	188872	----a-w-	c:\windows\system32\java.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NETGATEDataBackup"="d:\program files\NETGATE\Data Backup\DataBackup.exe" [2011-07-25 2281320]
"RfxSrvTray"="d:\tobit radio.fx\Client\rfx-tray.exe" [2012-01-18 2057048]
"SpybotSD TeaTimer"="d:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-02-23 59240]
"Spotify Web Helper"="c:\users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-07-25 1193176]
"368o0qiuym"="c:\users\Christian\368o0qiuym.exe" [1601-01-01 0]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"Malwarebytes' Anti-Malware"="d:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]
"G Data AntiVirus Tray Application"="c:\program files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe" [2012-01-27 985080]
"GDFirewallTray"="c:\program files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe" [2012-01-27 1470968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"iTunesHelper"="d:\program files (x86)\iTunes\iTunesHelper.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"BCSSync"="d:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" /nogui
.
R0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys [2012-08-25 54136]
R1 bbrzpelp;bbrzpelp;c:\windows\system32\drivers\bbrzpelp.sys [x]
R1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [2012-08-25 122744]
R1 gdwfpcd;G Data WFP CD;c:\windows\system32\drivers\gdwfpcd64.sys [2012-08-25 65912]
R1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [2012-08-25 64376]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-09-06 65368]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 KMService;KMService;c:\windows\system32\srvany.exe [x]
R2 MBAMService;MBAMService;d:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
R2 NPF_devolo;NetGroup Packet Filter Driver (devolo);c:\windows\sysWOW64\drivers\npf_devolo.sys [2008-11-28 34048]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-16 250056]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-02-03 6366720]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-02-03 186880]
R3 cpuz130;cpuz130;c:\users\CHRIST~1\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2011-12-09 135584]
R3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys [2012-08-25 59768]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-28 29720]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;d:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-03 113120]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-08-02 22528]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 vpcuxd;USB-Virtualisierungsstubdienst;c:\windows\system32\DRIVERS\vpcuxd.sys [2009-09-23 16384]
R3 VUSB3HUB;VIA USB 3.0 Root Hub Service;c:\windows\system32\DRIVERS\ViaHub3.sys [2011-01-04 75776]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-28 1255736]
R3 xhcdrv;VIA USB eXtensible Host Controller Service;c:\windows\system32\DRIVERS\xhcdrv.sys [2011-01-04 167936]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-01-21 283200]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-02-03 202752]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-04-02 90112]
S2 aswFsBlk;aswFsBlk; [x]
S2 AVKProxy;G Data AntiVirus Proxy;c:\program files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2012-02-02 1524728]
S2 AVKService;G Data Scheduler;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [2012-01-27 468472]
S2 AVKWCtl;G Data Dateisystem Wächter;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe [2012-01-27 2006872]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2011-09-21 21992]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2012-01-21 166400]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2012-01-21 128512]
S2 NasPmService;NAS PM Service;c:\program files (x86)\BUFFALO\NASNAVI\nassvc.exe [2012-03-29 251760]
S2 NGDatBckpSrv;NETGATE Data Backup Service;d:\program files\NETGATE\Data Backup\DataBackupSrv.exe [2011-06-27 461160]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S2 Radio.fx;Radio.fx Server;d:\tobit radio.fx\Server\rfx-server.exe [2012-01-26 3665752]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;d:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2012-05-29 2143072]
S2 WTGService;WTGService;c:\program files (x86)\Verbindungsassistent\WTGService.exe [2009-03-03 296400]
S3 GDFwSvc;G Data Personal Firewall;c:\program files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [2012-01-27 1765352]
S3 GDScan;G Data Scanner;c:\program files (x86)\Common Files\G Data\GDScan\GDScan.exe [2012-01-27 471048]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-22 215040]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;d:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-12-12 11856]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - 4ae83266a54908f8
.
Inhalt des "geplante Tasks" Ordners
.
2012-08-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 15:33]
.
2012-08-31 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS.exe [2012-01-21 22:25]
.
2012-08-31 c:\windows\Tasks\AutoKMSDaily.job
- c:\windows\AutoKMS.exe [2012-01-21 22:25]
.
2012-08-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3541593995-219577290-479996347-1000Core.job
- c:\users\Christian\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-21 20:24]
.
2012-08-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3541593995-219577290-479996347-1000UA.job
- c:\users\Christian\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-21 20:24]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 21:45	134384	------w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - d:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - d:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - d:\program files (x86)\ICQ7.7\ICQ.exe
TCP: Interfaces\{4B12DEB4-65C8-40EF-8C6C-7EF2D9D30D3A}: NameServer = 192.168.1.1
FF - ProfilePath - c:\users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\sqcnk3tq.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-Regedit32 - c:\windows\system32\regedit.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\4ae83266a54908f8]
"ImagePath"="\SystemRoot\System32\Drivers\4ae83266a54908f8.sys"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.032"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.abr"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.ani"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.apd"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.arw"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.bay"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.bmp"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.bw"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.cr2"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.crw"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.cs1"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.cur"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.dcr"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.dcx"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.dib"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.djv"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.djvu"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.dng"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.emf"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.eps"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.erf"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.fff"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.fpx"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.gif"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.hdr"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.icl"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.icn"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.iff"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.ilbm"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.int"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.inta"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.iw4"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.j2c"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.j2k"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.jbr"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.jfif"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.jif"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.jp2"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.jpc"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.jpe"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.jpeg"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.jpg"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.jpk"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.jpx"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.kdc"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.lbm"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.mef"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.mos"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (S-1-5-21-3541593995-219577290-479996347-1000)
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.mrw"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.nef"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.nrw"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.orf"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.pbm"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.pbr"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.pcd"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.pct"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.pcx"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.pef"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.pgm"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.pic"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.pict"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.pix"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PNG\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.png"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.ppm"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.psd"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.psp"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.pspbrush"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.pspimage"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.raf"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.ras"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.raw"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.rgb"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.rgba"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.rle"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.rsb"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.rw2"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.rwl"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.sgi"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.sr2"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.srf"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.srw"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.tga"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.thm"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.tif"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.tiff"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.ttc"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.ttf"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v40po\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.v40po"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v40pp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.v40pp"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v40ppf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.v40ppf"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.wbm"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.wbmp"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.wmf"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.xbm"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.xif"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.xmp"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.xpm"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-08-31  16:42:21 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-08-31 14:42
.
Vor Suchlauf: 9 Verzeichnis(se), 15.138.377.728 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 14.808.354.816 Bytes frei
.
- - End Of File - - A073F08BF210CC457947AE49920E36B5
         
--- --- ---

Alt 31.08.2012, 21:26   #14
t'john
/// Helfer-Team
 
Virus 368o0qiuym.exe, Avast lässt sich nicht löschen - Standard

Virus 368o0qiuym.exe, Avast lässt sich nicht löschen



Zitat:
AV: avast! Antivirus *Disabled/Updated*
AV: G Data InternetSecurity 2013 *Enabled/Outdated*
FW: G Data Personal Firewall *Enabled*
SP: avast! Antivirus *Disabled/Updated*
SP: G Data InternetSecurity 2013 *Enabled/Outdated*
SP: Windows Defender *Enabled/Updated*

TuneUpUtilities
Deinstalliere das alles, danach NEUSTARTEN und nochmal Combofix.
__________________
Mfg, t'john
Das TB unterstützen

Alt 31.08.2012, 23:29   #15
chris90123
 
Virus 368o0qiuym.exe, Avast lässt sich nicht löschen - Standard

Virus 368o0qiuym.exe, Avast lässt sich nicht löschen



Avast lässt sich leider nicht deinstallieren.
Errot reading product data from C:Pogramm Files/Avast Software/Avast/setup/Setup cannot continue.

Antwort

Themen zu Virus 368o0qiuym.exe, Avast lässt sich nicht löschen
abend, antivir, avast, chris, gefährlich, lange, löschen, malwarebytes, manager, nicht löschen, prozess, richtig, security, seite, seiten, seiten geöffnet, task manager, ungewollte, virus, zusammen



Ähnliche Themen: Virus 368o0qiuym.exe, Avast lässt sich nicht löschen


  1. TR/Crypt.EPACK.20167 -- lässt sich nicht löschen -- Echtzeitscanner lässt sich nicht aktivieren
    Plagegeister aller Art und deren Bekämpfung - 14.01.2015 (29)
  2. Laptop ruckelt nur noch, Iminent lässt sich nicht löschen und Radio schaltet sich alleine an und aus und lässt sich ebenfalls nicht löschen
    Plagegeister aller Art und deren Bekämpfung - 27.06.2014 (3)
  3. Meldung Rootkit-Virus von avast! und lässt sich nicht löschen
    Plagegeister aller Art und deren Bekämpfung - 08.04.2014 (5)
  4. GVU Virus 2013 lässt sich nicht löschen
    Plagegeister aller Art und deren Bekämpfung - 28.05.2013 (33)
  5. Der Virus TR/Sirefef.AB.78 lässt sich nicht löschen
    Plagegeister aller Art und deren Bekämpfung - 06.03.2013 (13)
  6. 368o0qiuym lässt sich nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 03.07.2012 (3)
  7. Virus lässt sich nicht löschen
    Log-Analyse und Auswertung - 13.04.2012 (16)
  8. Virus lässt sich nicht löschen. papras.AB
    Plagegeister aller Art und deren Bekämpfung - 05.01.2011 (1)
  9. Datei/virus lässt sich nicht löschen und lässt Explorer crashen!
    Plagegeister aller Art und deren Bekämpfung - 11.04.2010 (2)
  10. avast!-Virenscanner zeigt Virus/Wurm an - dieser lässt sich allerdings nicht löschen!
    Plagegeister aller Art und deren Bekämpfung - 17.02.2010 (1)
  11. rg.exe virus lässt sich nicht löschen
    Plagegeister aller Art und deren Bekämpfung - 18.01.2010 (3)
  12. Virus lässt sich nicht löschen. TR/Vundo.Gen
    Log-Analyse und Auswertung - 10.12.2008 (2)
  13. Virus lässt sich nicht löschen...
    Plagegeister aller Art und deren Bekämpfung - 13.09.2008 (1)
  14. Virus lässt sich nicht löschen =(
    Plagegeister aller Art und deren Bekämpfung - 19.07.2008 (3)
  15. Virus/Programm lässt sich nicht löschen
    Log-Analyse und Auswertung - 25.04.2007 (9)
  16. Virus lässt sich nicht löschen: odtemdt2.exe
    Log-Analyse und Auswertung - 06.04.2007 (2)
  17. Virus lässt sich nicht löschen !
    Plagegeister aller Art und deren Bekämpfung - 03.03.2004 (6)

Zum Thema Virus 368o0qiuym.exe, Avast lässt sich nicht löschen - Nabend zusammen, mein PC fährt sehr lange hoch, es werden prötzlich ungewollte Seiten geöffnet und der Prozess 368o0qiuym.exe läuft und wird von Security Task Manager als gefährlich anzeigt, zudem lässt - Virus 368o0qiuym.exe, Avast lässt sich nicht löschen...
Archiv
Du betrachtest: Virus 368o0qiuym.exe, Avast lässt sich nicht löschen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.