| |
| |||||||
Log-Analyse und Auswertung: Virus 368o0qiuym.exe, Avast lässt sich nicht löschenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
25.08.2012, 21:52
| #1 |
 |  Virus 368o0qiuym.exe, Avast lässt sich nicht löschen Nabend zusammen, mein PC fährt sehr lange hoch, es werden prötzlich ungewollte Seiten geöffnet und der Prozess 368o0qiuym.exe läuft und wird von Security Task Manager als gefährlich anzeigt, zudem lässt sich Avast und Antivir nicht richtig bedienen und auch nicht löschen. Malwarebytes wurde schon durchgeführt. Gruß Chris |
|
25.08.2012, 23:58
| #2 |
| /// Helfer-Team  | Virus 368o0qiuym.exe, Avast lässt sich nicht löschen Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist. Vista und Win7 User Alle Tools mit Rechtsklick "als Administrator ausführen" starten. 1. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten. 2. Schritt Systemscan mit OTL (bebilderte Anleitung)
__________________ |
|
26.08.2012, 16:15
| #3 |
| | Virus 368o0qiuym.exe, Avast lässt sich nicht löschen Logfile OTL.txt:
__________________OTL Logfile: Code:
ATTFilter OTL logfile created on: 26.08.2012 10:58:04 - Run 2 OTL by OldTimer - Version 3.2.58.1 Folder = C:\Users\Christian\Desktop 64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,09 Gb Available Physical Memory | 52,18% Memory free 8,00 Gb Paging File | 5,75 Gb Available in Paging File | 71,88% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 59,53 Gb Total Space | 17,01 Gb Free Space | 28,57% Space Free | Partition Type: NTFS Drive D: | 232,80 Gb Total Space | 136,44 Gb Free Space | 58,61% Space Free | Partition Type: NTFS Drive K: | 931,51 Gb Total Space | 636,37 Gb Free Space | 68,32% Space Free | Partition Type: NTFS Drive L: | 931,40 Gb Total Space | 251,97 Gb Free Space | 27,05% Space Free | Partition Type: NTFS Computer Name: CHRISTIAN-PC | User Name: Christian | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Christian\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe (Adobe Systems, Inc.) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () PRC - D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Users\Christian\368o0qiuym.exe () PRC - C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe (BUFFALO INC.) PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) PRC - D:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE (Microsoft Corporation) PRC - C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG) PRC - C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG) PRC - C:\Program Files (x86)\G Data\InternetSecurity\GUI\GDSC.exe (G Data Software AG) PRC - C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG) PRC - C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG) PRC - C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe (G Data Software AG) PRC - D:\Tobit Radio.fx\Server\rfx-server.exe () PRC - D:\Tobit Radio.fx\Client\rfx-tray.exe (Tobit.Software) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software) PRC - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe () PRC - C:\Program Files (x86)\Verbindungsassistent\WTGService.exe () PRC - D:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) ========== Modules (No Company Name) ========== MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () MOD - D:\Tobit Radio.fx\Client\tobitclt.dll () MOD - D:\Tobit Radio.fx\Client\rfx-client$.ger () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll () MOD - C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf () MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf () ========== Win32 Services (SafeList) ========== SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software) SRV:64bit: - (4ae83266a54908f8) -- C:\Windows\SysNative\drivers\4ae83266a54908f8.sys () SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (TuneUp.UtilitiesSvc) -- D:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software) SRV - (NasPmService) -- C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe (BUFFALO INC.) SRV - (AVKProxy) -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG) SRV - (KMService) -- C:\Windows\SysWOW64\srvany.exe () SRV - (GDScan) -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG) SRV - (GDFwSvc) -- C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe (G Data Software AG) SRV - (AVKWCtl) -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe (G Data Software AG) SRV - (AVKService) -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe (G Data Software AG) SRV - (Radio.fx) -- D:\Tobit Radio.fx\Server\rfx-server.exe () SRV - (EPSON_EB_RPCV4_04) -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE (SEIKO EPSON CORPORATION) SRV - (EPSON_PM_RPCV4_04) -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE (SEIKO EPSON CORPORATION) SRV - (Futuremark SystemInfo Service) -- C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe (Futuremark Corporation) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) SRV - (NGDatBckpSrv) -- D:\Program Files\NETGATE\Data Backup\DataBackupSrv.exe (NETGATE Technologies s.r.o.) SRV - (Microsoft SharePoint Workspace Audit Service) -- D:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (MSCamSvc) -- C:\Programme\Microsoft LifeCam\MSCamS64.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (AsSysCtrlService) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe () SRV - (WTGService) -- C:\Program Files (x86)\Verbindungsassistent\WTGService.exe () ========== Driver Services (SafeList) ========== DRV:64bit: - (GDPkIcpt) -- C:\Windows\SysNative\drivers\PktIcpt.sys (G Data Software AG) DRV:64bit: - (HookCentre) -- C:\Windows\SysNative\drivers\HookCentre.sys (G Data Software AG) DRV:64bit: - (GDMnIcpt) -- C:\Windows\SysNative\drivers\MiniIcpt.sys (G Data Software AG) DRV:64bit: - (GDBehave) -- C:\Windows\SysNative\drivers\GDBehave.sys (G Data Software AG) DRV:64bit: - (gdwfpcd) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys (G Data Software AG) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (4ae83266a54908f8) -- C:\Windows\SysNative\drivers\4ae83266a54908f8.sys () DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (cpuz135) -- C:\Windows\SysNative\drivers\cpuz135_x64.sys (CPUID) DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software) DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software) DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software) DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr.sys (AVAST Software) DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software) DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software) DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (VUSB3HUB) -- C:\Windows\SysNative\drivers\ViaHub3.sys (VIA Technologies, Inc.) DRV:64bit: - (xhcdrv) -- C:\Windows\SysNative\DRIVERS\xhcdrv.sys () DRV:64bit: - (ivusb) -- C:\Windows\SysNative\drivers\ivusb.sys (Initio Corporation) DRV:64bit: - (VX1000) -- C:\Windows\SysNative\drivers\VX1000.sys (Microsoft Corporation) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation) DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation) DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation) DRV:64bit: - (vpcuxd) -- C:\Windows\SysNative\drivers\vpcuxd.sys (Microsoft Corporation) DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys () DRV - (TuneUpUtilitiesDrv) -- D:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys (TuneUp Software) DRV - (UnlockerDriver5) -- D:\Program Files\Unlocker\UnlockerDriver5.sys () DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (NPF_devolo) -- C:\Windows\SysWOW64\drivers\npf_devolo.sys (CACE Technologies) DRV - (hwdatacard) -- C:\Windows\SysWOW64\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes\{33524C00-63FB-43DB-A6BF-0A4E14B24649}: "URL" = hxxp://www.basicscan.com/?prt=BASICSCAN115&keywords={searchTerms} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes\{33524C00-63FB-43DB-A6BF-0A4E14B24649}: "URL" = hxxp://www.basicscan.com/?prt=BASICSCAN115&keywords={searchTerms} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3541593995-219577290-479996347-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-3541593995-219577290-479996347-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-3541593995-219577290-479996347-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 14 C0 DC F0 D2 82 CD 01 [binary data] IE - HKU\S-1-5-21-3541593995-219577290-479996347-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3541593995-219577290-479996347-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12" FF - prefs.js..browser.search.selectedEngine: "Yahoo" FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: D:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Christian\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Christian\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.02.25 19:52:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.08.03 19:24:49 | 000,000,000 | ---D | M] [2012.06.09 16:01:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Extensions [2012.04.05 18:55:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\15o52gaq.default\extensions [2012.01.22 00:09:43 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\15o52gaq.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.06.10 18:57:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\sqcnk3tq.default\extensions [2012.08.25 23:24:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.08.25 23:24:15 | 000,000,000 | ---D | M] (G Data BankGuard) -- C:\Program Files (x86)\mozilla firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad} File not found (No name found) -- C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM File not found (No name found) -- C:\PROGRAM FILES (X86)\YOUTUBE DOWNLOADER TOOLBAR\FF [2012.02.25 19:52:55 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF [2012.07.25 14:40:08 | 000,000,000 | ---D | M] (No name found) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT [2011.12.11 03:08:03 | 000,627,675 | ---- | M] () (No name found) -- C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\15O52GAQ.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2012.08.03 19:24:49 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.01 18:33:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.01 18:33:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.01 18:33:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.01 18:33:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.01 18:33:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.01 18:33:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - default_search_provider: BasicScan (Enabled) CHR - default_search_provider: search_url = hxxp://www.basicscan.com/?tmp=redir_bho_bing&dist=0&prt=BscscnPB&keywords={searchTerms} CHR - default_search_provider: suggest_url = CHR - homepage: hxxp://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Christian\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Christian\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Christian\AppData\Local\Google\Chrome\Application\21.0.1180.83\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Christian\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll CHR - plugin: Wajam (Enabled) = C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.23_0\plugins/PriamNPAPI.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Adobe Acrobat (Enabled) = D:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = D:\Program Files (x86)\Java\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = D:\Program Files (x86)\Java\bin\new_plugin\npjp2.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = D:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = D:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll CHR - plugin: Google Update (Enabled) = C:\Users\Christian\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll CHR - plugin: Microsoft Office 2010 (Enabled) = D:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = D:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: RealJukebox NS Plugin (Enabled) = D:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll CHR - plugin: iTunes Application Detector (Enabled) = D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - Extension: YouTube = C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: avast! WebRep = C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1289_0\ CHR - Extension: Google Mail = C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012.05.19 21:28:12 | 000,001,392 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 69.10.57.36 www.google-analytics.com. O1 - Hosts: 69.10.57.36 ad-emea.doubleclick.net. O1 - Hosts: 69.10.57.36 www.statcounter.com. O1 - Hosts: 108.163.215.51 www.google-analytics.com. O1 - Hosts: 108.163.215.51 ad-emea.doubleclick.net. O1 - Hosts: 108.163.215.51 www.statcounter.com. O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found. O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\BanksafeBHO.dll (G Data Software AG) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG) O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG) O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Regedit32] C:\Windows\system32\regedit.exe File not found O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3541593995-219577290-479996347-1000..\Run: [368o0qiuym] C:\Users\Christian\368o0qiuym.exe () O4 - HKU\S-1-5-21-3541593995-219577290-479996347-1000..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) O4 - HKU\S-1-5-21-3541593995-219577290-479996347-1000..\Run: [NETGATEDataBackup] D:\Program Files\NETGATE\Data Backup\DataBackup.exe (NETGATE Technologies s.r.o.) O4 - HKU\S-1-5-21-3541593995-219577290-479996347-1000..\Run: [RfxSrvTray] D:\Tobit Radio.fx\Client\rfx-tray.exe (Tobit.Software) O4 - HKU\S-1-5-21-3541593995-219577290-479996347-1000..\Run: [Spotify Web Helper] C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () O4 - HKU\S-1-5-21-3541593995-219577290-479996347-1000..\Run: [SpybotSD TeaTimer] D:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) O4 - HKU\S-1-5-21-3541593995-219577290-479996347-1004..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-3541593995-219577290-479996347-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-3541593995-219577290-479996347-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: An OneNote s&enden - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Christian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - D:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: An OneNote s&enden - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Free YouTube Download - C:\Users\Christian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - D:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - D:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - D:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4B12DEB4-65C8-40EF-8C6C-7EF2D9D30D3A}: NameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{02dfb4cc-481d-11e1-800e-20cf30c199e4}\Shell - "" = AutoRun O33 - MountPoints2\{02dfb4cc-481d-11e1-800e-20cf30c199e4}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a O33 - MountPoints2\{09c02549-a8af-11e1-90cc-20cf30c199e4}\Shell - "" = AutoRun O33 - MountPoints2\{09c02549-a8af-11e1-90cc-20cf30c199e4}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{8194746d-a8ad-11e1-978c-20cf30c199e4}\Shell - "" = AutoRun O33 - MountPoints2\{8194746d-a8ad-11e1-978c-20cf30c199e4}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{81947482-a8ad-11e1-978c-20cf30c199e4}\Shell - "" = AutoRun O33 - MountPoints2\{81947482-a8ad-11e1-978c-20cf30c199e4}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{819474b9-a8ad-11e1-978c-20cf30c199e4}\Shell - "" = AutoRun O33 - MountPoints2\{819474b9-a8ad-11e1-978c-20cf30c199e4}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\L\Shell - "" = AutoRun O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.08.26 10:58:27 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\G DATA [2012.08.26 00:03:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Security Task Manager [2012.08.25 23:49:58 | 000,000,000 | ---D | C] -- C:\Users\Christian\Desktop\122776-virus-368o0qiuym-exe-avast-laesst-loeschen-Dateien [2012.08.25 23:24:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G Data InternetSecurity 2013 [2012.08.25 23:24:15 | 000,059,768 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\PktIcpt.sys [2012.08.25 23:23:24 | 000,064,376 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\HookCentre.sys [2012.08.25 23:23:23 | 000,122,744 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\MiniIcpt.sys [2012.08.25 23:23:15 | 000,054,136 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\GDBehave.sys [2012.08.25 23:22:53 | 000,065,912 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys [2012.08.25 23:20:41 | 000,000,000 | ---D | C] -- C:\ProgramData\G DATA [2012.08.25 23:20:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\G Data [2012.08.25 23:20:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\G Data [2012.08.25 22:42:24 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe [2012.08.25 22:23:51 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan [2012.08.25 22:23:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager [2012.08.18 21:23:55 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\Paint.NET [2012.08.18 21:21:31 | 000,000,000 | -H-D | C] -- C:\Users\Christian\Desktop\[Originaldateien] [2012.08.18 16:47:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft LifeCam [2012.08.18 16:47:36 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft LifeCam [2012.08.18 16:47:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft LifeCam [2012.08.16 16:22:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle [2012.08.16 16:21:28 | 000,227,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2012.08.16 16:20:49 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2012.08.16 16:20:49 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2012.08.05 17:37:36 | 000,173,360 | ---- | C] (BUFFALO INC.) -- C:\Windows\UN060501.EXE [2012.08.03 21:30:45 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Klever Group [2012.08.03 21:30:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Klever Group [2012.08.03 21:30:45 | 000,000,000 | ---D | C] -- C:\Program Files\Klever ========== Files - Modified Within 30 Days ========== [2012.08.26 10:44:00 | 000,001,136 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3541593995-219577290-479996347-1000UA.job [2012.08.26 10:33:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.08.26 00:14:56 | 000,014,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.26 00:14:56 | 000,014,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.26 00:14:33 | 001,507,406 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.08.26 00:14:33 | 000,659,554 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.08.26 00:14:33 | 000,619,494 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.08.26 00:14:33 | 000,131,686 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.08.26 00:14:33 | 000,107,814 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.08.26 00:08:07 | 000,000,208 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job [2012.08.26 00:08:07 | 000,000,202 | ---- | M] () -- C:\Windows\tasks\AutoKMSDaily.job [2012.08.26 00:08:01 | 000,078,848 | ---- | M] () -- C:\Windows\KMSEmulator.exe [2012.08.26 00:07:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.26 00:07:45 | 3220,529,152 | -HS- | M] () -- C:\hiberfil.sys [2012.08.25 23:49:59 | 000,075,411 | ---- | M] () -- C:\Users\Christian\Desktop\122776-virus-368o0qiuym-exe-avast-laesst-loeschen.html [2012.08.25 23:24:15 | 000,059,768 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\PktIcpt.sys [2012.08.25 23:23:24 | 000,064,376 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\HookCentre.sys [2012.08.25 23:23:23 | 000,122,744 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\MiniIcpt.sys [2012.08.25 23:23:15 | 000,054,136 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\GDBehave.sys [2012.08.25 23:22:53 | 000,065,912 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys [2012.08.25 23:22:07 | 000,002,134 | ---- | M] () -- C:\Users\Public\Desktop\G Data InternetSecurity.lnk [2012.08.25 22:45:03 | 000,001,084 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3541593995-219577290-479996347-1000Core.job [2012.08.25 22:42:27 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe [2012.08.25 16:47:05 | 000,002,431 | ---- | M] () -- C:\Users\Christian\Desktop\Google Chrome.lnk [2012.08.18 23:41:36 | 000,348,983 | ---- | M] () -- C:\Users\Christian\Desktop\Centro.jpg [2012.08.18 21:24:08 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\Paint.NET.lnk [2012.08.18 21:21:32 | 002,509,824 | ---- | M] () -- C:\Users\Christian\Desktop\DSC_0006trjt.jpg [2012.08.18 16:47:41 | 000,002,043 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft LifeCam.lnk [2012.08.16 17:33:35 | 000,008,704 | ---- | M] () -- C:\Users\Christian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.08.16 17:33:22 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.08.16 17:33:22 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.08.14 19:02:35 | 000,000,000 | -H-- | M] () -- C:\Users\Christian\Documents\Default.rdp [2012.08.05 17:47:32 | 000,001,113 | ---- | M] () -- C:\Users\Christian\Desktop\BUFFALO NAS Navigator2.lnk [2012.08.03 21:29:01 | 000,001,806 | ---- | M] () -- C:\Windows\checkip.dat [2012.08.03 21:28:47 | 000,000,279 | ---- | M] () -- C:\Windows\WRT54GS Setup Wizard.INI [2012.08.03 21:26:48 | 000,003,580 | ---- | M] () -- C:\Windows\ipconfig.dat ========== Files Created - No Company Name ========== [2012.08.26 00:08:01 | 000,078,848 | ---- | C] () -- C:\Windows\KMSEmulator.exe [2012.08.25 23:49:58 | 000,075,411 | ---- | C] () -- C:\Users\Christian\Desktop\122776-virus-368o0qiuym-exe-avast-laesst-loeschen.html [2012.08.25 23:22:07 | 000,002,134 | ---- | C] () -- C:\Users\Public\Desktop\G Data InternetSecurity.lnk [2012.08.25 15:23:24 | 3220,529,152 | -HS- | C] () -- C:\hiberfil.sys [2012.08.18 23:41:27 | 000,348,983 | ---- | C] () -- C:\Users\Christian\Desktop\Centro.jpg [2012.08.18 21:24:08 | 000,001,077 | ---- | C] () -- C:\Users\Public\Desktop\Paint.NET.lnk [2012.08.18 21:24:08 | 000,001,077 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk [2012.08.18 21:20:56 | 002,509,824 | ---- | C] () -- C:\Users\Christian\Desktop\DSC_0006trjt.jpg [2012.08.18 16:47:41 | 000,002,043 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft LifeCam.lnk [2012.08.14 19:02:35 | 000,000,000 | -H-- | C] () -- C:\Users\Christian\Documents\Default.rdp [2012.08.05 17:37:44 | 000,001,113 | ---- | C] () -- C:\Users\Christian\Desktop\BUFFALO NAS Navigator2.lnk [2012.08.05 17:37:36 | 000,015,022 | ---- | C] () -- C:\Windows\UN060501.INI [2012.08.03 21:27:34 | 000,000,279 | ---- | C] () -- C:\Windows\WRT54GS Setup Wizard.INI [2012.08.03 20:44:53 | 000,001,806 | ---- | C] () -- C:\Windows\checkip.dat [2012.08.03 20:41:45 | 000,003,580 | ---- | C] () -- C:\Windows\ipconfig.dat [2012.05.19 21:28:04 | 000,039,424 | ---- | C] () -- C:\Users\Christian\368o0qiuym.exe [2012.04.10 23:48:50 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\hpspmins.dll [2012.04.10 23:48:50 | 000,000,991 | ---- | C] () -- C:\Windows\SysWow64\hpipxmon.ini [2012.04.05 19:12:21 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2012.04.05 19:12:21 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2012.04.05 18:55:36 | 000,000,000 | ---- | C] () -- C:\ProgramData\93933d5bcd5f5389b7c369a8efe0ae8e_c [2012.02.27 00:27:24 | 000,004,366 | ---- | C] () -- C:\Windows\UN090415.INI [2012.02.26 04:47:38 | 000,000,293 | ---- | C] () -- C:\Windows\game.ini [2012.02.25 21:50:18 | 000,000,535 | ---- | C] () -- C:\Windows\eReg.dat [2012.01.30 19:32:11 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe [2012.01.27 23:27:34 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.01.22 15:18:47 | 001,503,220 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.01.22 01:21:21 | 000,006,800 | ---- | C] () -- C:\Windows\PSPICEEV.INI [2012.01.22 01:21:20 | 000,176,128 | ---- | C] () -- C:\Windows\SysWow64\lffax60n.dll [2012.01.22 01:21:20 | 000,141,824 | ---- | C] () -- C:\Windows\SysWow64\lfcmp60n.dll [2012.01.22 01:21:20 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\lfpng60n.dll [2012.01.22 01:21:20 | 000,046,080 | ---- | C] () -- C:\Windows\SysWow64\lftif60n.dll [2012.01.22 01:21:20 | 000,043,008 | ---- | C] () -- C:\Windows\SysWow64\ltfil60n.dll [2012.01.22 01:21:20 | 000,023,552 | ---- | C] () -- C:\Windows\SysWow64\lfpcx60n.dll [2012.01.22 01:21:20 | 000,022,528 | ---- | C] () -- C:\Windows\SysWow64\lfpct60n.dll [2012.01.22 01:21:20 | 000,022,528 | ---- | C] () -- C:\Windows\SysWow64\lfeps60n.dll [2012.01.22 01:21:20 | 000,022,016 | ---- | C] () -- C:\Windows\SysWow64\lfbmp60n.dll [2012.01.22 01:21:20 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\lfpsd60n.dll [2012.01.22 01:21:20 | 000,019,968 | ---- | C] () -- C:\Windows\SysWow64\lftga60n.dll [2012.01.22 01:21:20 | 000,019,456 | ---- | C] () -- C:\Windows\SysWow64\lfwpg60n.dll [2012.01.22 01:21:20 | 000,019,456 | ---- | C] () -- C:\Windows\SysWow64\lfwmf60n.dll [2012.01.22 01:21:20 | 000,018,432 | ---- | C] () -- C:\Windows\SysWow64\lfmsp60n.dll [2012.01.22 01:21:20 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\lfmac60n.dll [2012.01.22 01:21:20 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\implode.dll [2012.01.22 00:25:48 | 000,647,168 | ---- | C] () -- C:\Windows\AutoKMS.exe [2012.01.22 00:25:48 | 000,000,184 | ---- | C] () -- C:\Windows\AutoKMS.ini [2012.01.22 00:22:50 | 000,554,496 | ---- | C] () -- C:\Windows\SysWow64\dvmsg.dll [2012.01.21 23:52:40 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll [2012.01.21 23:52:40 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys [2012.01.21 22:34:36 | 000,000,040 | ---- | C] () -- C:\ProgramData\.zreglib [2012.01.21 21:24:28 | 000,008,704 | ---- | C] () -- C:\Users\Christian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.10.15 01:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2011.03.18 18:08:56 | 000,029,592 | ---- | C] () -- C:\Windows\SysWow64\speedfan.sys [2002.01.01 05:25:01 | 000,000,017 | ---- | C] () -- C:\Users\Christian\AppData\Local\resmon.resmoncfg < End of report > Logfile Extras.txt OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 26.08.2012 10:58:04 - Run 2
OTL by OldTimer - Version 3.2.58.1 Folder = C:\Users\Christian\Desktop
64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,09 Gb Available Physical Memory | 52,18% Memory free
8,00 Gb Paging File | 5,75 Gb Available in Paging File | 71,88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 59,53 Gb Total Space | 17,01 Gb Free Space | 28,57% Space Free | Partition Type: NTFS
Drive D: | 232,80 Gb Total Space | 136,44 Gb Free Space | 58,61% Space Free | Partition Type: NTFS
Drive K: | 931,51 Gb Total Space | 636,37 Gb Free Space | 68,32% Space Free | Partition Type: NTFS
Drive L: | 931,40 Gb Total Space | 251,97 Gb Free Space | 27,05% Space Free | Partition Type: NTFS
Computer Name: CHRISTIAN-PC | User Name: Christian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe ()
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\Windows\regedit.exe ()
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1" ()
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Pro 4.Manage] -- "D:\Program Files (x86)\ACD Systems\ACDSee Pro\4.0\ACDSeeQVPro4.exe" "%1" (ACD Systems International Inc.)
Directory [AddToPlaylistVLC] -- "D:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "D:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "D:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "D:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [PlayWithVLC] -- "D:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1" ()
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Pro 4.Manage] -- "D:\Program Files (x86)\ACD Systems\ACDSee Pro\4.0\ACDSeeQVPro4.exe" "%1" (ACD Systems International Inc.)
Directory [AddToPlaylistVLC] -- "D:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "D:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "D:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "D:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [PlayWithVLC] -- "D:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00B2C6DC-AA1A-4E56-92C5-7B77CF18C518}" = lport=137 | protocol=17 | dir=in | app=system |
"{0389E2AF-5D42-43A7-ABEF-45C59C33162B}" = lport=139 | protocol=6 | dir=in | app=system |
"{0E6DA717-78A9-445F-8D50-27F4684A01F9}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{11AA1337-95A7-4210-A0B1-1F4BD5813EC2}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1AAA5B9F-52FF-4336-8CFE-ABCE6A39AEFC}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{25006F75-E6A7-4889-BFC2-93E2CAC074AF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2A0F9AA0-19FD-4FCA-8EC7-33076980FB1F}" = rport=10243 | protocol=6 | dir=out | app=system |
"{2BCD0D10-4CA1-4E2B-AA70-4C1818CA4E3F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{306911BF-DD42-4296-AFF1-83C4C135F6C3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{39CA26E6-ABFF-4D2F-9D1D-C3B8D7EF1B50}" = lport=10300 | protocol=6 | dir=in | app=d:\program files (x86)\devolo\informer\devinf.exe |
"{444E630D-C36C-4C96-8F00-8D01427AFB55}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{462979B3-799A-4BD3-B2D3-164C4DAE47E7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{491B9517-C45A-4B01-8F76-E36F540923EF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{56FEB0EF-9AC1-4BCA-BEF4-2381476A3EBD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=c:\windows\system32\spoolsv.exe |
"{59C292B1-F46B-4B3E-B14E-0091B830EDA5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=datei- und druckerfreigabe (spoolerdienst - rpc-epmap) |
"{5F7D3C5A-138B-411D-8948-7A374F5F0654}" = rport=138 | protocol=17 | dir=out | app=system |
"{60E3B6D2-75EB-478D-9170-2076B136F1BB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{74A79F08-12D0-4AEA-AD45-1BB4B3B8373F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{79E1F7D2-4862-4CD9-B982-33FF954D3979}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8281FF08-AA58-4F7A-AF6C-479EA675C73D}" = lport=445 | protocol=6 | dir=in | app=system |
"{9084CABF-F475-4ED5-BA82-1B844526D956}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{9280C333-83F0-456E-9794-1B6785D19405}" = lport=6004 | protocol=17 | dir=in | app=d:\program files (x86)\microsoft office\office14\outlook.exe |
"{96EC4D13-0D9C-4DFE-ABDD-0CA2091F4514}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{978DEE6E-8BFC-40B8-A278-55DF4C43F132}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{9A4F79DC-FD16-4BBB-A2EA-D838A0CE33A2}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{A3F26A45-F854-467F-AB05-F81539F7B7A4}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{AA873F61-DFE4-4F8C-ABBB-EF12DD83A413}" = rport=137 | protocol=17 | dir=out | app=system |
"{B1F49AF6-A5D2-4707-B853-5AAED680D8CD}" = lport=10301 | protocol=17 | dir=in | app=d:\program files (x86)\devolo\informer\devinf.exe |
"{BA6FE378-20B7-4340-A6EF-09FD4AE51487}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D0238B17-5E4F-4684-99C5-80E39BA14CA7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DACCEA6C-DF9E-4598-B7DC-5AF708AEF32D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{DF853283-1E68-4904-BDDA-A7D03722F89F}" = lport=138 | protocol=17 | dir=in | app=system |
"{E0E67E90-B93A-4C6D-9DE7-F80BA55E3240}" = rport=445 | protocol=6 | dir=out | app=system |
"{EB1E67F1-87E0-4CC3-9377-6BE45A585616}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{ED5CE219-1E73-489F-850A-555A2B5E2055}" = rport=139 | protocol=6 | dir=out | app=system |
"{FA131E31-8BDC-4A4F-997A-CEB8BA8E418F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{075EEFDB-A290-4C7A-B069-5AA468D31717}" = protocol=17 | dir=in | app=c:\program files (x86)\buffalo\nasnavi\nasnavi.exe |
"{07B8B03F-96E0-4E89-9EAB-460ACFB883E7}" = protocol=17 | dir=in | app=c:\users\christian\appdata\roaming\spotify\spotify.exe |
"{0E670B6F-F568-4410-B0CA-F03F1FA814B7}" = protocol=17 | dir=in | app=c:\program files (x86)\buffalo\nasnavi\nasinst.exe |
"{1181E590-5B1A-4219-9539-A4FB770B1C9F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{12372010-6CF4-4145-9765-66B20610DEC6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{18120A62-5F40-415F-9386-87C5D84FA93A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1E420379-87F6-41E2-B32A-51E90A094E92}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{203D3D9C-FBDD-4EA2-9F6A-8A1F04D16A7A}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steam.exe |
"{23004282-F0D3-46A0-AC4D-E829C1297C88}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2395BBA8-966D-4732-A57B-416DE45C4F71}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{253AB1A7-EEB3-469C-AD09-B4A4FEE61FBC}" = protocol=17 | dir=in | app=d:\program files (x86)\icq7.7\icq.exe |
"{25A24F97-021B-4AF9-AB76-0FC3A3A0E4A0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{277803C2-03E4-451E-8E5E-33D536A1221D}" = protocol=6 | dir=in | app=d:\program files (x86)\microsoft office\office14\groove.exe |
"{2D3DF76C-417C-4603-939D-594595D9ED92}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{2DC24E41-9E2A-4FF4-BC87-4B402E9AE9C9}" = protocol=58 | dir=out | name=datei- und druckerfreigabe (echoanforderung - icmpv6 ausgehend) |
"{31CC0A7D-5285-4AEB-AD87-9294C1A23961}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{332E8607-1AE6-4B18-85DC-11366354EAF8}" = dir=in | app=d:\program files (x86)\itunes\itunes.exe |
"{33CA73B3-B4D6-4BF3-9FF1-A1BDDE70D951}" = protocol=17 | dir=in | app=d:\program files (x86)\microsoft office\office14\onenote.exe |
"{33E2A1B6-9992-43B7-B4BC-1C6FA94A0EC2}" = protocol=6 | dir=in | app=d:\program files (x86)\icq7.7\icq.exe |
"{39E93FD8-E8DA-4687-8BC5-68040445CF09}" = protocol=6 | dir=in | app=d:\tobit radio.fx\server\rfx-server.exe |
"{3AD175A2-11E6-4EE0-9426-1E746ACA7F65}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3C0200D8-FAB1-477A-9136-3B15FDFF2DD8}" = protocol=1 | dir=in | name=datei- und druckerfreigabe (echoanforderung - icmpv4 eingehend) |
"{3E7B5B9F-F5EC-4CD7-901E-E11F625B0359}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{44B4139D-367A-4D14-A967-5630D16844AD}" = protocol=6 | dir=in | app=d:\tobit radio.fx\client\rfx-client.exe |
"{4DDD6D0E-DA09-4516-B036-FB4B3CE0D54E}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{50DF2060-B266-48EC-A135-BFE6E7B83A7F}" = protocol=6 | dir=in | app=c:\users\christian\appdata\roaming\spotify\spotify.exe |
"{5535724C-418D-4CB0-BCF5-E74A7EEA44AE}" = protocol=6 | dir=in | app=c:\program files (x86)\buffalo\nasnavi\nasnavi.exe |
"{5F213AB3-53BA-473F-A822-00299B119DAD}" = protocol=6 | dir=in | app=d:\program files (x86)\icq7.7\icq.exe |
"{6580357F-392A-4298-8A36-AE48E913DAAB}" = protocol=17 | dir=in | app=d:\tobit radio.fx\client\rfx-client.exe |
"{67413233-2F8C-48E4-BE9F-1BC7D53EFD3C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{6BCFB9E0-5875-4FCF-916E-DD965DF4A293}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{727957A8-865A-4D8E-A195-B1234B08C977}" = protocol=17 | dir=in | app=d:\tobit radio.fx\server\rfx-server.exe |
"{72DCB19D-2477-449C-8056-A91225384F63}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{7B5CB2C7-2389-4E49-98DB-D48A143A7FB3}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7D2605D4-0B5C-43FF-9EF7-751D64D9F25E}" = protocol=6 | dir=in | app=c:\program files (x86)\buffalo\nasnavi\nasinst.exe |
"{8173F9D4-04A5-4A88-A20F-B75C90E7DE5C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{895E2739-638C-48AB-8A1F-814D0DC15253}" = protocol=17 | dir=in | app=d:\program files (x86)\icq7.7\icq.exe |
"{8A2B35EF-98E9-4FA9-94DE-3F89EC7FA0B6}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8E2200A4-D500-4B20-9E8E-D92CFC07475F}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{93262874-9581-4055-BCC7-0EFBFC0663DB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9D3ACC19-E1F6-4B86-AF1D-03162B56C1C3}" = protocol=6 | dir=in | app=c:\users\christian\appdata\roaming\spotify\spotify.exe |
"{A22FEE8C-CA68-46E6-815A-912703ACA328}" = protocol=17 | dir=in | app=c:\users\christian\appdata\roaming\spotify\spotify.exe |
"{A927F664-E56D-45D6-9757-5B191F98D021}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{AE62999A-4E36-4922-B595-5658488F1A20}" = protocol=58 | dir=in | name=datei- und druckerfreigabe (echoanforderung - icmpv6 eingehend) |
"{B04BE6B0-3943-4598-8AA2-DE2CFF8089EA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B3602894-CE11-4352-A08C-21F8E966319C}" = protocol=1 | dir=out | name=datei- und druckerfreigabe (echoanforderung - icmpv4 ausgehend) |
"{B8FAE344-102B-41F9-8AA3-D828060CB36F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C325ABC5-B9C6-4DE7-AFE6-58FDE57E669F}" = protocol=17 | dir=in | app=d:\program files (x86)\microsoft office\office14\groove.exe |
"{C901CFD6-7DAE-4E17-BB8A-10771B9CA3BE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D17710A2-B7E1-42C5-B62D-0E2DA666ADF9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D99422DC-7409-4569-B5A9-B568BA1EC979}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DAAA4AC6-33A4-4877-8D06-69C197F43DCC}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{DD541CEB-D180-429D-A969-768C0E57805B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E28A7479-D865-460C-BF8F-0C6DB2791FC8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E416071D-408A-409E-9D2B-B25020DCE96D}" = protocol=6 | dir=out | app=system |
"{EE6190AA-8082-41D0-8F10-65276A889FD9}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steam.exe |
"{F64B1308-89C9-42DB-8EB9-C44519D419D0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{F78121FC-20C0-49E7-8E7A-02E1009B3A50}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{F87F5466-C8DF-4D72-B621-790858C10FD9}" = protocol=6 | dir=in | app=d:\program files (x86)\microsoft office\office14\onenote.exe |
"TCP Query User{2337F27C-4B66-4435-9241-594E32B56B52}D:\program files (x86)\java\bin\javaw.exe" = protocol=6 | dir=in | app=d:\program files (x86)\java\bin\javaw.exe |
"TCP Query User{38554713-72C1-4E82-B477-2BAD986FA451}C:\program files\klever\nothings\pumpkin.exe" = protocol=6 | dir=in | app=c:\program files\klever\nothings\pumpkin.exe |
"TCP Query User{394B02AB-2E83-4E71-83CC-24F0426755C4}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=6 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe |
"TCP Query User{44F45971-4150-49D2-8F81-3AAAB118C907}D:\program files (x86)\mediamonkey\mediamonkey.exe" = protocol=6 | dir=in | app=d:\program files (x86)\mediamonkey\mediamonkey.exe |
"TCP Query User{695654EC-E80A-418D-9667-B5D3031E7A70}\\ls-chl-v2a54\share\pogramme\iphone 3gs\zum wiederherstellen\tinyumbrella-5.00.11.exe" = protocol=6 | dir=in | app=\\ls-chl-v2a54\share\pogramme\iphone 3gs\zum wiederherstellen\tinyumbrella-5.00.11.exe |
"TCP Query User{7B724837-F1DF-4BD2-93A4-DDDC3C565C14}C:\program files (x86)\buffalo\nasnavi\nasnavi.exe" = protocol=6 | dir=in | app=c:\program files (x86)\buffalo\nasnavi\nasnavi.exe |
"TCP Query User{8296F721-6C6F-42B6-B007-1597BC985C1E}D:\program files (x86)\activision\call of duty 2\cod2mp_s.exe" = protocol=6 | dir=in | app=d:\program files (x86)\activision\call of duty 2\cod2mp_s.exe |
"TCP Query User{88621B63-5625-48D7-9F12-70030AE4454A}D:\program files (x86)\java\bin\java.exe" = protocol=6 | dir=in | app=d:\program files (x86)\java\bin\java.exe |
"TCP Query User{B44EA742-3059-4FB2-AA88-6B60F1364E13}D:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=d:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |
"TCP Query User{BE994AAE-9F08-4F0A-81A9-3621C9D8A53F}C:\windows\kmsemulator.exe" = protocol=6 | dir=in | app=c:\windows\kmsemulator.exe |
"TCP Query User{C0D8AB26-8AE9-4915-9F4F-835AD9564891}D:\program files (x86)\disney interactive studios\split second velocity\splitsecond.exe" = protocol=6 | dir=in | app=d:\program files (x86)\disney interactive studios\split second velocity\splitsecond.exe |
"TCP Query User{C9B64C99-8B73-411A-A530-BBEA0AC32262}D:\program files (x86)\festo\robotinosim\bin\robotinosim.exe" = protocol=6 | dir=in | app=d:\program files (x86)\festo\robotinosim\bin\robotinosim.exe |
"UDP Query User{17D67E89-8E81-42FF-963E-F58B807B85AD}D:\program files (x86)\java\bin\java.exe" = protocol=17 | dir=in | app=d:\program files (x86)\java\bin\java.exe |
"UDP Query User{1FDF5A2D-F5F3-4914-B18E-653A6C7D7684}D:\program files (x86)\activision\call of duty 2\cod2mp_s.exe" = protocol=17 | dir=in | app=d:\program files (x86)\activision\call of duty 2\cod2mp_s.exe |
"UDP Query User{3A1FE814-677C-4E12-9F3E-C21DED19A263}C:\program files\klever\nothings\pumpkin.exe" = protocol=17 | dir=in | app=c:\program files\klever\nothings\pumpkin.exe |
"UDP Query User{486267C3-1876-42F0-9F54-21C2AFE6AB21}C:\windows\kmsemulator.exe" = protocol=17 | dir=in | app=c:\windows\kmsemulator.exe |
"UDP Query User{4D014551-E85C-40A1-A4A0-A1408C9DE2DA}C:\program files (x86)\buffalo\nasnavi\nasnavi.exe" = protocol=17 | dir=in | app=c:\program files (x86)\buffalo\nasnavi\nasnavi.exe |
"UDP Query User{5134B570-0639-4FA5-9373-EACA30B8D444}D:\program files (x86)\java\bin\javaw.exe" = protocol=17 | dir=in | app=d:\program files (x86)\java\bin\javaw.exe |
"UDP Query User{5BAAEE0E-FC60-436D-AFBF-454B6015D5A6}D:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=d:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |
"UDP Query User{5CC177A0-F1FC-465F-B083-A7533CB2B201}D:\program files (x86)\disney interactive studios\split second velocity\splitsecond.exe" = protocol=17 | dir=in | app=d:\program files (x86)\disney interactive studios\split second velocity\splitsecond.exe |
"UDP Query User{6A830694-ECA6-4CF8-918F-2014D9D40F11}\\ls-chl-v2a54\share\pogramme\iphone 3gs\zum wiederherstellen\tinyumbrella-5.00.11.exe" = protocol=17 | dir=in | app=\\ls-chl-v2a54\share\pogramme\iphone 3gs\zum wiederherstellen\tinyumbrella-5.00.11.exe |
"UDP Query User{902C3A4F-D2DE-4232-B1C0-BF906270A075}D:\program files (x86)\mediamonkey\mediamonkey.exe" = protocol=17 | dir=in | app=d:\program files (x86)\mediamonkey\mediamonkey.exe |
"UDP Query User{AAFDDC2B-85C9-48A7-9A06-0989C1CED0D4}D:\program files (x86)\festo\robotinosim\bin\robotinosim.exe" = protocol=17 | dir=in | app=d:\program files (x86)\festo\robotinosim\bin\robotinosim.exe |
"UDP Query User{B9E773D0-960D-4354-8CD5-7969404FE0D6}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=17 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86417004FF}" = Java(TM) 7 Update 4 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5CE7E3F5-9803-4F32-AA89-2D8848A80109}" = Microsoft LifeCam
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{9F560BEB-021F-43AC-825F-AA60442D8DE4}" = 64 Bit HP CIO Components Installer
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{ED49426D-A15D-D7E0-DF56-3AC844CEDF8E}" = ATI Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.59
"EPSON SX125 Series" = EPSON SX125 Series Printer Uninstall
"EPSON SX130 Series" = EPSON SX130 Series Printer Uninstall
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NETGATE Data Backup_is1" = NETGATE Data Backup
"Unlocker" = Unlocker 1.9.1-x64
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinRAR archiver" = WinRAR 4.10 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 5
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3DF12C94-8D3D-43D4-AF3C-754F51CB89CD}" = HP Install Network Printer Wizard
"{46EDCFA5-7EDB-46A9-B093-1C6237470CEC}" = 3DMark 11
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942
"{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}" = ICQ7.7
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{789C43A9-4FD7-456B-8E27-5CE442FF3005}_is1" = Split Second Velocity 1.0
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86107E2D-DFB9-46BC-99ED-07EACAEE0923}" = G Data InternetSecurity 2013
"{86CE1746-9EFF-3C9C-8755-81EA8903AC34}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{88D4FE78-6EA6-4DFB-9FC2-8BC316F0C2FD}" = ACDSee Pro 4
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0000-0000-0000000FF1CE}" = Microsoft Office Access 2007
"{90120000-0015-0000-0000-0000000FF1CE}_Access_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_Access_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_Access_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_Access_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_Access_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_Access_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_Access_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_Access_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_Access_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
"{95140000-0081-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C12A2A3D-0D08-8262-E189-E831A8AC3D37}" = Catalyst Control Center InstallProxy
"{C1868B6B-087E-4239-97B0-87F9418BDF7A}_is1" = Call of Duty 4: Modern Warfare
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C40C3C3D-97CF-44B5-836C-766E374464B3}" = 3DMark Vantage
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D54049D3-256C-4E19-AAE9-861F6B00BF29}" = AGEIA GAME System Software
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Access" = Microsoft Office Access 2007
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"CentraClient" = Centra Client
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"DAEMON Tools Lite" = DAEMON Tools Lite
"dslmon" = devolo Informer
"EPSON Scanner" = EPSON Scan
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FileZilla Client" = FileZilla Client 3.5.3
"Free YouTube Download_is1" = Free YouTube Download version 3.0.20.1228
"HP Standard Port Monitor" = HP Standard Port Monitor
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"MediaMonkey_is1" = MediaMonkey 4.0
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"PricePeep" = PricePeep for FireFox
"PS3 Media Server" = PS3 Media Server
"PSpice Student" = PSpice Student 9.1
"PumpKIN" = Klever PumpKIN 2.7.3
"QuickStores-Toolbar_is1" = QuickStores-Toolbar 1.1.0
"RobotinoSim-1_is1" = RobotinoSim 1.0 20081104 (Uninstall)
"Security Task Manager" = Security Task Manager 1.8d
"SpeedFan" = SpeedFan (remove only)
"Steam App 240" = Counter-Strike: Source
"Steam App 260" = Counter-Strike: Source Beta
"Steam App 80" = Counter-Strike: Condition Zero
"Tobit Radio.fx Server" = Radio.fx
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"UN060501" = BUFFALO NAS Navigator2
"UN090415" = BUFFALO LinkStation(LS-CHL) Setup Guide
"Verbindungsassistent" = Verbindungsassistent
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite" = Windows Live Essentials
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Spotify" = Spotify
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 25.08.2012 17:24:15 | Computer Name = Christian-PC | Source = GDFwSvc | ID = 0
Description = Error loading GDPkIcpt (C:\Windows\system32\drivers\PktIcpt.sys):
31
Error - 25.08.2012 17:36:14 | Computer Name = Christian-PC | Source = Microsoft-Windows-Backup | ID = 517
Description = Fehler bei der um 2012-08-25T20:00:50.954770000Z gestarteten Sicherung.
Fehlercode: "2155348000" (%%2155348000). Suchen Sie in den Ereignisdetails nach
einer Lösung, und führen Sie die Sicherung erneut aus, nachdem das Problem behoben
wurde.
Error - 25.08.2012 17:36:18 | Computer Name = Christian-PC | Source = Windows Backup | ID = 4104
Description =
Error - 25.08.2012 18:02:10 | Computer Name = Christian-PC | Source = GDFwSvc | ID = 0
Description = Error loading GDPkIcpt (C:\Windows\system32\drivers\PktIcpt.sys):
31
Error - 25.08.2012 18:02:13 | Computer Name = Christian-PC | Source = AVKWCtl | ID = 0
Description = Der Filter Treiber konnte aus dem folgenden Grund nicht gestartet
werden: Error loading GDMnIcpt (C:\Windows\system32\drivers\MiniIcpt.sys): 31
Error - 25.08.2012 18:07:54 | Computer Name = Christian-PC | Source = GDFwSvc | ID = 0
Description = Error loading GDPkIcpt (C:\Windows\system32\drivers\PktIcpt.sys):
31
Error - 25.08.2012 18:07:55 | Computer Name = Christian-PC | Source = AVKWCtl | ID = 0
Description = Der Filter Treiber konnte aus dem folgenden Grund nicht gestartet
werden: Error loading GDMnIcpt (C:\Windows\system32\drivers\MiniIcpt.sys): 31
Error - 25.08.2012 18:30:24 | Computer Name = Christian-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4f981ba7 Name des fehlerhaften Moduls: svchost.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4f981ba7 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000119d6 ID des fehlerhaften
Prozesses: 0x440 Startzeit der fehlerhaften Anwendung: 0x01cd830e24d4d4cd Pfad der
fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe Pfad des fehlerhaften Moduls:
C:\Windows\SysWOW64\svchost.exe Berichtskennung: 75a93a23-ef04-11e1-928c-20cf30c199e4
Error - 25.08.2012 22:52:56 | Computer Name = Christian-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 25.08.2012 22:53:25 | Computer Name = Christian-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "d:\program files
(x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
"d:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der
Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
[ System Events ]
Error - 25.08.2012 18:19:50 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "GDMnIcpt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%31
Error - 25.08.2012 18:23:50 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "GDBehave" wurde aufgrund folgenden Fehlers nicht gestartet:
%%31
Error - 25.08.2012 18:23:50 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "GDBehave" wurde aufgrund folgenden Fehlers nicht gestartet:
%%31
Error - 25.08.2012 18:23:50 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "GDBehave" wurde aufgrund folgenden Fehlers nicht gestartet:
%%31
Error - 25.08.2012 18:23:50 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "GDBehave" wurde aufgrund folgenden Fehlers nicht gestartet:
%%31
Error - 25.08.2012 18:23:50 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "GDMnIcpt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%31
Error - 25.08.2012 18:23:50 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "GDMnIcpt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%31
Error - 25.08.2012 18:23:50 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "GDMnIcpt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%31
Error - 25.08.2012 18:23:50 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "GDMnIcpt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%31
Error - 25.08.2012 22:51:30 | Computer Name = Christian-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
< End of report >
|
|
27.08.2012, 01:28
| #4 |
| /// Helfer-Team | Virus 368o0qiuym.exe, Avast lässt sich nicht löschen Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL
SRV:64bit: - (4ae83266a54908f8) -- C:\Windows\SysNative\drivers\4ae83266a54908f8.sys ()
DRV:64bit: - (4ae83266a54908f8) -- C:\Windows\SysNative\drivers\4ae83266a54908f8.sys ()
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\..\SearchScopes\{33524C00-63FB-43DB-A6BF-0A4E14B24649}: "URL" = http://www.basicscan.com/?prt=BASICSCAN115&keywords={searchTerms}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes\{33524C00-63FB-43DB-A6BF-0A4E14B24649}: "URL" = http://www.basicscan.com/?prt=BASICSCAN115&keywords={searchTerms}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3541593995-219577290-479996347-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3541593995-219577290-479996347-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p="
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
File not found (No name found) -- C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM
File not found (No name found) -- C:\PROGRAM FILES (X86)\YOUTUBE DOWNLOADER TOOLBAR\FF
[2012.07.25 14:40:08 | 000,000,000 | ---D | M] (No name found) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
O2 - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Regedit32] C:\Windows\system32\regedit.exe File not found
O4 - HKU\S-1-5-21-3541593995-219577290-479996347-1000..\Run: [368o0qiuym] C:\Users\Christian\368o0qiuym.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-3541593995-219577290-479996347-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-3541593995-219577290-479996347-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Christian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Christian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.5.1)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{02dfb4cc-481d-11e1-800e-20cf30c199e4}\Shell - "" = AutoRun
O33 - MountPoints2\{02dfb4cc-481d-11e1-800e-20cf30c199e4}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
O33 - MountPoints2\{09c02549-a8af-11e1-90cc-20cf30c199e4}\Shell - "" = AutoRun
O33 - MountPoints2\{09c02549-a8af-11e1-90cc-20cf30c199e4}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{8194746d-a8ad-11e1-978c-20cf30c199e4}\Shell - "" = AutoRun
O33 - MountPoints2\{8194746d-a8ad-11e1-978c-20cf30c199e4}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{81947482-a8ad-11e1-978c-20cf30c199e4}\Shell - "" = AutoRun
O33 - MountPoints2\{81947482-a8ad-11e1-978c-20cf30c199e4}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{819474b9-a8ad-11e1-978c-20cf30c199e4}\Shell - "" = AutoRun
O33 - MountPoints2\{819474b9-a8ad-11e1-978c-20cf30c199e4}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\L\Shell - "" = AutoRun
O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
[2012.08.26 00:08:01 | 000,078,848 | ---- | M] () -- C:\Windows\KMSEmulator.exe
:Files
C:\Users\Christian\AppData\Local\{*}
C:\ProgramData\*.exe
C:\ProgramData\TEMP
C:\Users\Christian\AppData\Local\Temp\*.exe
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! |
|
27.08.2012, 15:44
| #5 | |
| | Virus 368o0qiuym.exe, Avast lässt sich nicht löschen Der Logfile: Zitat:
|
|
27.08.2012, 19:54
| #6 |
| /// Helfer-Team | Virus 368o0qiuym.exe, Avast lässt sich nicht löschen Sehr gut!  Wie laeuft der Rechner? 1. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.danach: 2. Schritt Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ --> Virus 368o0qiuym.exe, Avast lässt sich nicht löschen |
|
27.08.2012, 21:46
| #7 | |
| | Virus 368o0qiuym.exe, Avast lässt sich nicht löschen So, erstmal herzlichen Dank, System läuft schon besser  Zitat:
|
|
28.08.2012, 17:33
| #8 |
| /// Helfer-Team | Virus 368o0qiuym.exe, Avast lässt sich nicht löschen Bitte das Malwarebytes Logfile posten! (Reiter Logberichte) |
|
28.08.2012, 20:49
| #9 | |
| | Virus 368o0qiuym.exe, Avast lässt sich nicht löschen Kein Problem. Der Dienst 368o0qiuym.exe läuft leider immer noch. Zitat:
|
|
29.08.2012, 02:42
| #10 |
| /// Helfer-Team | Virus 368o0qiuym.exe, Avast lässt sich nicht löschen Datei-Überprüfung Folgende Datei/en (siehe Codebox) bei VirusTotal online überprüfen lassen. Dafür musst Du jede Datei einzeln über den Button "Durchsuchen" und "Send file" nach VirusTotal hochladen und prüfen lassen. Sollte die Datei bereits einmal geprüft sein, bitte auf Reanalyze klicken. Code:
ATTFilter C:\_OTL\Movedfiles\C_Users\Christian\368o0qiuym.exe
Beim Firefox mit installiertem NoScript bitte VirusTotal erlauben. Wenn VirusTotal die Datei empfangen hat, wird sie diese mit mehreren Anti-Virus-Scannern prüfen und die Ergebnisse anzeigen. Sollte VirusTotal melden, dass die Datei bereits überpüft wurde, lasse sie trotzdem über den Button "Reanalyse" erneut prüfen. Wenn das Ergebnis vorliegt, kopiere mir den Ergebnis-Link (aus der Adresszeile des Browsers) hier in den Thread. Auch wenn sich herausstellt, dass die Datei/en infiziert ist/sind, bitte nicht ohne Absprache löschen! |
|
29.08.2012, 15:52
| #11 |
| | Virus 368o0qiuym.exe, Avast lässt sich nicht löschen Hi, in diesem Ordner lässt sich nichts finden, ich habe diese Datei jedoch in den Benutzer Daten drin, lässt sich aber nicht überprüfen, da keine Berechtigung etc.. ich kann da nicht mit machen. |
|
29.08.2012, 18:13
| #12 |
| /// Helfer-Team | Virus 368o0qiuym.exe, Avast lässt sich nicht löschen Malware mit Combofix beseitigen Lade Combofix von einem der folgenden Download-Spiegel herunter: BleepingComputer.com - ForoSpyware.com und speichere das Programm auf den Desktop, nicht woanders hin, das ist wichtig! Beachte die ausführliche Original-Anleitung. Zurzeit ist Combofix auf folgenden Windows-Versionen lauffähig:
Vorbereitung und wichtige Hinweise
Combofix nicht auf eigene Faust einsetzen. Wenn keine entsprechende Infektion vorliegt, kann das den Rechner lahmlegen und/oder nachhaltig schädigen! |
|
31.08.2012, 15:44
| #13 |
| | Virus 368o0qiuym.exe, Avast lässt sich nicht löschen Das Logfile: Combofix Logfile: Code:
ATTFilter ComboFix 12-08-30.05 - Christian 31.08.2012 16:33:42.1.4 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1252.49.1031.18.4095.2532 [GMT 2:00]
ausgeführt von:: c:\users\Christian\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: G Data InternetSecurity 2013 *Enabled/Outdated* {39B780B4-63C2-05B0-3B40-8F7A21E4F496}
FW: G Data Personal Firewall *Enabled* {018C0191-29AD-04E8-101F-264FDF37B3ED}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: G Data InternetSecurity 2013 *Enabled/Outdated* {82D66150-45F8-0A3E-01F0-B4085A63BE2B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\BasicScan
c:\program files (x86)\BasicScan\uninstall.exe
c:\programdata\93933d5bcd5f5389b7c369a8efe0ae8e_c
c:\programdata\BasicScan
c:\users\Christian\368o0qiuym.exe . . . . Nicht in der Lage zu löschen
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-07-28 bis 2012-08-31 ))))))))))))))))))))))))))))))
.
.
2012-08-31 14:21 . 2012-08-31 14:38 78848 ----a-w- c:\windows\KMSEmulator.exe
2012-08-27 14:36 . 2012-08-27 14:36 -------- d-----w- C:\_OTL
2012-08-26 09:40 . 2012-08-31 14:27 783044 ----a-w- c:\windows\SysWow64\sig.bin
2012-08-26 08:58 . 2012-08-26 08:58 -------- d-----w- c:\users\Christian\AppData\Local\G DATA
2012-08-25 22:03 . 2012-08-25 22:03 -------- d-----w- c:\program files (x86)\Security Task Manager
2012-08-25 21:24 . 2012-08-25 21:24 59768 ----a-w- c:\windows\system32\drivers\PktIcpt.sys
2012-08-25 21:24 . 2012-02-02 09:38 51192 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad}\Components\BanksafeXPCOM.dll
2012-08-25 21:23 . 2012-08-25 21:23 64376 ----a-w- c:\windows\system32\drivers\HookCentre.sys
2012-08-25 21:23 . 2012-08-25 21:23 122744 ----a-w- c:\windows\system32\drivers\MiniIcpt.sys
2012-08-25 21:23 . 2012-08-25 21:23 54136 ----a-w- c:\windows\system32\drivers\GDBehave.sys
2012-08-25 21:22 . 2012-08-25 21:22 65912 ----a-w- c:\windows\system32\drivers\gdwfpcd64.sys
2012-08-25 21:20 . 2012-08-25 21:27 -------- d-----w- c:\programdata\G DATA
2012-08-25 21:20 . 2012-08-25 21:20 -------- d-----w- c:\program files (x86)\Common Files\G Data
2012-08-25 21:20 . 2012-08-25 21:20 -------- d-----w- c:\program files (x86)\G Data
2012-08-25 20:23 . 2012-08-25 22:04 -------- d-----w- c:\programdata\SecTaskMan
2012-08-25 19:59 . 2012-08-19 23:53 9309624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BAF15128-AC52-4C56-BB9B-CED7A6C14896}\mpengine.dll
2012-08-18 19:23 . 2012-08-18 22:56 -------- d-----w- c:\users\Christian\AppData\Local\Paint.NET
2012-08-18 14:47 . 2012-08-18 14:47 -------- d-----w- c:\program files\Microsoft LifeCam
2012-08-18 14:47 . 2012-08-18 14:47 -------- d-----w- c:\program files (x86)\Microsoft LifeCam
2012-08-16 14:22 . 2012-08-16 14:22 -------- d-----w- c:\program files (x86)\Oracle
2012-08-05 15:37 . 2009-05-15 17:36 173360 ----a-w- c:\windows\UN060501.EXE
2012-08-03 19:30 . 2012-08-03 19:30 -------- d-----w- c:\program files\Klever
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-16 15:33 . 2012-03-29 17:43 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-16 15:33 . 2012-01-21 20:04 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-05 20:06 . 2012-06-11 15:32 772544 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-07-05 20:06 . 2012-01-21 23:38 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-07-03 11:46 . 2012-01-21 22:20 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-07 20:47 . 2012-06-07 20:47 268744 ----a-w- c:\windows\system32\javaws.exe
2012-06-07 20:47 . 2012-01-21 21:47 955848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-06-07 20:47 . 2012-01-21 21:47 839112 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-07 20:47 . 2012-01-21 21:47 189384 ----a-w- c:\windows\system32\javaw.exe
2012-06-07 20:47 . 2012-01-21 21:47 188872 ----a-w- c:\windows\system32\java.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NETGATEDataBackup"="d:\program files\NETGATE\Data Backup\DataBackup.exe" [2011-07-25 2281320]
"RfxSrvTray"="d:\tobit radio.fx\Client\rfx-tray.exe" [2012-01-18 2057048]
"SpybotSD TeaTimer"="d:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-02-23 59240]
"Spotify Web Helper"="c:\users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-07-25 1193176]
"368o0qiuym"="c:\users\Christian\368o0qiuym.exe" [1601-01-01 0]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"Malwarebytes' Anti-Malware"="d:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]
"G Data AntiVirus Tray Application"="c:\program files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe" [2012-01-27 985080]
"GDFirewallTray"="c:\program files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe" [2012-01-27 1470968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"iTunesHelper"="d:\program files (x86)\iTunes\iTunesHelper.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"BCSSync"="d:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" /nogui
.
R0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys [2012-08-25 54136]
R1 bbrzpelp;bbrzpelp;c:\windows\system32\drivers\bbrzpelp.sys [x]
R1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [2012-08-25 122744]
R1 gdwfpcd;G Data WFP CD;c:\windows\system32\drivers\gdwfpcd64.sys [2012-08-25 65912]
R1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [2012-08-25 64376]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-09-06 65368]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 KMService;KMService;c:\windows\system32\srvany.exe [x]
R2 MBAMService;MBAMService;d:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
R2 NPF_devolo;NetGroup Packet Filter Driver (devolo);c:\windows\sysWOW64\drivers\npf_devolo.sys [2008-11-28 34048]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-16 250056]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-02-03 6366720]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-02-03 186880]
R3 cpuz130;cpuz130;c:\users\CHRIST~1\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2011-12-09 135584]
R3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys [2012-08-25 59768]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-28 29720]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;d:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-03 113120]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-08-02 22528]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 vpcuxd;USB-Virtualisierungsstubdienst;c:\windows\system32\DRIVERS\vpcuxd.sys [2009-09-23 16384]
R3 VUSB3HUB;VIA USB 3.0 Root Hub Service;c:\windows\system32\DRIVERS\ViaHub3.sys [2011-01-04 75776]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-28 1255736]
R3 xhcdrv;VIA USB eXtensible Host Controller Service;c:\windows\system32\DRIVERS\xhcdrv.sys [2011-01-04 167936]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-01-21 283200]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-02-03 202752]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-04-02 90112]
S2 aswFsBlk;aswFsBlk; [x]
S2 AVKProxy;G Data AntiVirus Proxy;c:\program files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2012-02-02 1524728]
S2 AVKService;G Data Scheduler;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [2012-01-27 468472]
S2 AVKWCtl;G Data Dateisystem Wächter;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe [2012-01-27 2006872]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2011-09-21 21992]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2012-01-21 166400]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2012-01-21 128512]
S2 NasPmService;NAS PM Service;c:\program files (x86)\BUFFALO\NASNAVI\nassvc.exe [2012-03-29 251760]
S2 NGDatBckpSrv;NETGATE Data Backup Service;d:\program files\NETGATE\Data Backup\DataBackupSrv.exe [2011-06-27 461160]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S2 Radio.fx;Radio.fx Server;d:\tobit radio.fx\Server\rfx-server.exe [2012-01-26 3665752]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;d:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2012-05-29 2143072]
S2 WTGService;WTGService;c:\program files (x86)\Verbindungsassistent\WTGService.exe [2009-03-03 296400]
S3 GDFwSvc;G Data Personal Firewall;c:\program files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [2012-01-27 1765352]
S3 GDScan;G Data Scanner;c:\program files (x86)\Common Files\G Data\GDScan\GDScan.exe [2012-01-27 471048]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-22 215040]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;d:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-12-12 11856]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - 4ae83266a54908f8
.
Inhalt des "geplante Tasks" Ordners
.
2012-08-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 15:33]
.
2012-08-31 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS.exe [2012-01-21 22:25]
.
2012-08-31 c:\windows\Tasks\AutoKMSDaily.job
- c:\windows\AutoKMS.exe [2012-01-21 22:25]
.
2012-08-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3541593995-219577290-479996347-1000Core.job
- c:\users\Christian\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-21 20:24]
.
2012-08-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3541593995-219577290-479996347-1000UA.job
- c:\users\Christian\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-21 20:24]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 21:45 134384 ------w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - d:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - d:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - d:\program files (x86)\ICQ7.7\ICQ.exe
TCP: Interfaces\{4B12DEB4-65C8-40EF-8C6C-7EF2D9D30D3A}: NameServer = 192.168.1.1
FF - ProfilePath - c:\users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\sqcnk3tq.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-Regedit32 - c:\windows\system32\regedit.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\4ae83266a54908f8]
"ImagePath"="\SystemRoot\System32\Drivers\4ae83266a54908f8.sys"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.032"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.abr"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.ani"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.apd"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.arw"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.bay"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.bmp"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.bw"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.cr2"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.crw"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.cs1"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.cur"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.dcr"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.dcx"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.dib"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.djv"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.djvu"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.dng"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.emf"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.eps"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.erf"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.fff"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.fpx"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.gif"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.hdr"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.icl"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.icn"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.iff"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.ilbm"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.int"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.inta"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.iw4"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.j2c"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.j2k"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.jbr"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.jfif"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.jif"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.jp2"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.jpc"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.jpe"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.jpeg"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.jpg"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.jpk"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.jpx"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.kdc"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.lbm"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.mef"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.mos"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (S-1-5-21-3541593995-219577290-479996347-1000)
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.mrw"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.nef"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.nrw"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.orf"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.pbm"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.pbr"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.pcd"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.pct"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.pcx"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.pef"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.pgm"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.pic"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.pict"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.pix"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PNG\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.png"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.ppm"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.psd"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.psp"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.pspbrush"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.pspimage"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.raf"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.ras"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.raw"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.rgb"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.rgba"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.rle"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.rsb"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.rw2"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.rwl"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.sgi"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.sr2"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.srf"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.srw"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.tga"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.thm"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.tif"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.tiff"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.ttc"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.ttf"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v40po\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.v40po"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v40pp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.v40pp"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v40ppf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.v40ppf"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.wbm"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.wbmp"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.wmf"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.xbm"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.xif"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.xmp"
.
[HKEY_USERS\S-1-5-21-3541593995-219577290-479996347-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.xpm"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-08-31 16:42:21 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-08-31 14:42
.
Vor Suchlauf: 9 Verzeichnis(se), 15.138.377.728 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 14.808.354.816 Bytes frei
.
- - End Of File - - A073F08BF210CC457947AE49920E36B5
|
|
31.08.2012, 20:26
| #14 | |
| /// Helfer-Team | Virus 368o0qiuym.exe, Avast lässt sich nicht löschenZitat:
|
|
31.08.2012, 22:29
| #15 |
| | Virus 368o0qiuym.exe, Avast lässt sich nicht löschen Avast lässt sich leider nicht deinstallieren. Errot reading product data from C:Pogramm Files/Avast Software/Avast/setup/Setup cannot continue. |
|
| Themen zu Virus 368o0qiuym.exe, Avast lässt sich nicht löschen |
| abend, antivir, avast, chris, gefährlich, lange, löschen, malwarebytes, manager, nicht löschen, prozess, richtig, security, seite, seiten, seiten geöffnet, task manager, ungewollte, virus, zusammen |
Linear-Darstellung
