| |
| |||||||
Log-Analyse und Auswertung: GVU-Virus, Rechner als Standardnutzer nicht mehr nutzbar, Rechner funktioniert nur als Admin oder im Abgesicherten Modus als StandardnutzerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
13.01.2013, 21:29
| #1 |
 |  GVU-Virus, Rechner als Standardnutzer nicht mehr nutzbar, Rechner funktioniert nur als Admin oder im Abgesicherten Modus als Standardnutzer Hallo zusammen, ich habe mir in dieser Woche den GVU-Virus oder GVU-Trojaner eingefangen. Als Antivirensoftware benutze ich Sophos, welche mir durch meinen Arbeitgeber zur Verfügung gestellt wird. Bei Google bin ich auf eure Seite gestoßen. Da ihr gepostet habt, dass jedes Problem einer eigenen Behandlung bedarf, habe ich heute Morgen Defogger und OTL durchlaufen lassen als ich den Rechner im abgesicherten Modus benutzt habe. Die Ergebnisse seht ihr unten. Beim Programm Defogger wurde ich zum Neustart des Rechners aufgefordert. Meinen Rechner nutze ich mit einem Konto als Standardnutzer. Auf diesem Konto habe ich mir den GVU-Virus oder GVU-Trojaner eingefangen. Wenn ich den Rechner als Standardnutzer starte, erscheint nach kurzer Zeit der Bildschirm mit der GVU-Warnung und der Aufforderung 100 EUR zu überweisen, da sonst der Rechner in 48 Stunden gesperrt würde. Diese Meldung kommt jedes Mal wenn der Rechner mit dem Standardkonto gestartet wird und die Zeit beginnt jedes Mal neu bei 48 Stunden. Es ist kein weiterer Zugriff auf die Programme des Rechners möglich. Wenn ich meinen Rechner als Administrator nutze, steht mir der Rechner uneingeschränkt zur Verfügung. Als Standardnutzer im Abgesicherten Modus kann ich den Rechner mit den entsprechenden Treibereinschränkungen nutzen. Ich erbitte eure Hilfe und möchte mich schon einmal im Voraus für eure Bemühungen bedanken. Da die Dateien, die durch die Programme Defrogger und OTL erstellt wurden, mehr als 120000 Zeichen enthalten, wurde ich dazu aufgefordert, diese als Archiv anhängen. Mit freundlichen Grüßen ratz9 |
|
13.01.2013, 22:40
| #2 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™   | GVU-Virus, Rechner als Standardnutzer nicht mehr nutzbar, Rechner funktioniert nur als Admin oder im Abgesicherten Modus als Standardnutzer Hallo und
__________________ Zitat:
Siehe => http://www.trojaner-board.de/108422-...-anfragen.html Zitat:
__________________ |
|
14.01.2013, 01:57
| #3 |
| | GVU-Virus, Rechner als Standardnutzer nicht mehr nutzbar, Rechner funktioniert nur als Admin oder im Abgesicherten Modus als Standardnutzer Dies ist mein privater Rechner. Die Antivierensoftware wird allen Mitarbeitern der Universität zur privaten Nutzung zur Verfügung gestellt.
__________________Ich hoffe sie können mir weiterhelfen. "Antivirensoftware SOPHOS Die SOPHOS-Antivirensoftware wird vom ZIM allen Einrichtungen der Universität Duisburg-Essen kostenlos zur Verfügung gestellt. Es ist den Mitarbeiter/Innen und Studierenden auch erlaubt, Sophos Anti-Virus für den Heimgebrauch zu installieren." hxxp://www.uni-due.de/zim/services/software/#antiviren Geändert von ratz9 (14.01.2013 um 02:13 Uhr) |
|
14.01.2013, 09:11
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU-Virus, Rechner als Standardnutzer nicht mehr nutzbar, Rechner funktioniert nur als Admin oder im Abgesicherten Modus als Standardnutzer Ok. Mal eine kurze Frage, das ist jetzt nichts speziell gegen dich, ich hätte auch jeden anderen fragen können der die Logs so postet - wo bitte steht, dass die Logs in den Anhang gelegt werden sollen bzw. wo genau hast du das herausgelesen? Logfiles im Anhang erschweren die Auswertung massivst Bitte um Erläuterung damit man die Textstelle in der Anleitung für alle Neulinge mal gezielt ändern/verbessern kann. Danke.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
14.01.2013, 20:37
| #5 |
| | GVU-Virus, Rechner als Standardnutzer nicht mehr nutzbar, Rechner funktioniert nur als Admin oder im Abgesicherten Modus als Standardnutzer Hallo Cosinus, als ich den Text der Logfiles eingestellt habe, hat mir das Forum folgende automatische Antwort angezeigt: "vBulletin-Systemmitteilung Der Text, den Sie eingegeben haben, besteht aus 125000 Zeichen und ist damit zu lang. Bitte kürzen Sie den Text auf die maximale Länge von 120000 Zeichen. Logs bitte als Archiv an den Beitrag anhängen!" Ein Post wird nicht angenommen, deshalb habe ich die drei Dateien als ZIP-File angehängt. Mit freundlichen Grüßen ratz9 Hallo cosinus, ich werde die Logfiles in drei Post einstellen. Code:
ATTFilter OTL Extras logfile created on: 13.01.2013 00:03:34 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\R\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,99 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 75,30% Memory free
8,15 Gb Paging File | 7,27 Gb Available in Paging File | 89,30% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,29 Gb Total Space | 35,66 Gb Free Space | 29,90% Space Free | Partition Type: NTFS
Drive D: | 119,18 Gb Total Space | 40,03 Gb Free Space | 33,58% Space Free | Partition Type: NTFS
Drive E: | 465,69 Gb Total Space | 30,78 Gb Free Space | 6,61% Space Free | Partition Type: NTFS
Drive F: | 465,69 Gb Total Space | 132,64 Gb Free Space | 28,48% Space Free | Partition Type: NTFS
Computer Name: R-LAPTOP02 | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "C:\Program Files (x86)\ACD Systems\ACDSee\9.0\ACDSeeQV.exe" "%1" (ACD Systems Ltd.)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "C:\Program Files (x86)\ACD Systems\ACDSee\9.0\ACDSeeQV.exe" "%1" (ACD Systems Ltd.)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = C2 FE 8D 6A DC 5B C8 01 [binary data]
"VistaSp2" = C2 5E 86 26 A1 8F CA 01 [binary data]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"" =
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{004AB794-F8E9-4AAB-8B97-35C3A14F097E}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{04126AAF-91EE-4010-95A0-90F631986FCB}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{047F1E3E-EE7E-41BC-9396-A15EC30A51D9}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{0521E506-192C-458B-AF1B-6667EBD3E4C8}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{08C26E95-7CEA-408A-A9B9-BE87F810C83C}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{0BE92E92-4D9E-4123-88CF-56AB1F24C74C}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{166ED1C2-872F-42AC-B961-59AE21387DE4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{18C08F8A-02CA-47BF-9BC3-DAD8C2D523C7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{24268A7C-519F-4AB9-846B-7B97497132CA}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{24E8650D-79E8-4E54-802B-D9458D69622A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{31CE7EEF-8682-48EE-8D48-2E1AD3DF8F18}" = rport=138 | protocol=17 | dir=out | app=system |
"{37227A37-5752-4DFA-B6CA-CE3B931B721E}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{3D8C1889-C585-4398-BBC5-11050228AE8B}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{4AF6B861-35CE-4278-89B7-824A578B672D}" = lport=139 | protocol=6 | dir=in | app=system |
"{512ED9E5-84C6-41CE-8B53-4B3F6F8572D3}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{5757AB46-0F42-4492-856C-DDA67094D60C}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{59B4C024-4F63-4120-8B4F-324D954E47F3}" = rport=137 | protocol=17 | dir=out | app=system |
"{5C491A72-243F-44C8-B0C3-B5476C340D02}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{5CEB26A6-E7D0-4BD8-8999-96E5D3625AC1}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{5D3A01AD-5C38-40D9-93BD-17232EF2C22C}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{5DA145B7-C056-452A-BF45-DA669A633078}" = rport=445 | protocol=6 | dir=out | app=system |
"{607F81B9-891B-4849-901C-9B92FBD2AF1E}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{633839B5-F419-4093-9A6D-611A268093C6}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{6D8AAAA8-95F8-432B-87BE-0582651E312A}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{7889D493-C310-44F2-8B62-EBFEFEC9D35A}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{815E43CD-9660-4A2C-85D5-BC3F3DCA5BDB}" = lport=445 | protocol=6 | dir=in | app=system |
"{8279D5F3-F4D2-403E-B774-9DCE8BAFBF81}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{932D1FB5-93D6-4D69-8E53-302B06ECC4A7}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9938D337-74C1-42E3-9529-8764302CBBD8}" = rport=139 | protocol=6 | dir=out | app=system |
"{AF5D60D2-B578-4438-9F18-C1A1E534B07D}" = lport=138 | protocol=17 | dir=in | app=system |
"{B62D4EAE-57A4-4CD6-9F87-A0BCF5866410}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{B7D637A9-7064-4AAB-9AEE-E11462F8D986}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{B9E9B3E7-238D-4D24-A340-5D82F9779A58}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{BB0D48EC-A03E-4A83-A98E-C84ADEF67146}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BFF39277-4F23-42FE-BA43-C2893A1DF780}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{C67598F1-A7A0-42E2-8B24-23CA282835DA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{CF018C33-F138-407C-91C2-8809D3A44421}" = lport=137 | protocol=17 | dir=in | app=system |
"{EAA7234A-CEB3-4B4A-B0A4-0647B96F2648}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{EBCD8012-EDFF-4772-AEDD-C1F35859D152}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F1DAB002-FB09-4471-96C9-D6E16A40FE0E}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{F364A4CD-FE46-4F1E-B406-767273E251DD}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02EFDA34-51E3-435C-B256-9E2A09856712}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{03C8063B-944B-41E3-99CB-CEA6407F98EC}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe |
"{085A2682-E90A-4ED2-8F0C-40E220FAD01D}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{087898C0-02A1-464F-908B-D9DC05E6E7A9}" = protocol=17 | dir=in | app=c:\program files (x86)\bethesda softworks\hunted\binaries\win32\p4dftre.dll |
"{0AFA640F-0C73-47D4-B4D6-4D2742E8B3CE}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{0D005777-5B81-4F80-B094-2D3774026857}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoupdateservice.exe |
"{0DF16DA4-ABBE-4CB9-8298-832FAAA01FB7}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{10C2289D-7A33-4355-B832-39C30DE63F4D}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoservice.exe |
"{155AD8BF-963F-48B5-BAB2-91BC30434F5C}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{17FE4F11-C98A-41AD-9652-DA70F35A0524}" = protocol=6 | dir=in | app=c:\program files (x86)\bethesda softworks\hunted\binaries\win32\p4dftre.dll |
"{1B71991F-1AF6-44A7-B81D-9C28C728D5A4}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoupdateservice.exe |
"{1FF409BA-B636-4852-8D9F-B86DCF666F46}" = protocol=6 | dir=in | app=c:\users\r\appdata\roaming\dropbox\bin\dropbox.exe |
"{2246F11E-021D-495C-ADE1-7DC7AA5E0390}" = protocol=17 | dir=in | app=c:\program files\soluto\soluto.exe |
"{26285B89-4895-43D0-AC44-74DCE22F80C8}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreedii.exe |
"{2A36BA5C-B879-44BF-844E-E7E815A35EF3}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe |
"{2AE037D0-55A6-4CCC-8604-8EBD263604FC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{30958F18-EF7F-4A13-81C6-2C21ECAF2D90}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{3209F2EC-60B5-485B-82BF-499FB531F7BB}" = protocol=17 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe |
"{326A816C-F39A-4420-B6F1-199401824C6C}" = protocol=17 | dir=in | app=c:\users\r\appdata\local\apps\2.0\cnjphykb.7q5\lle3peln.w1c\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"{3298E8BB-8C84-42F2-8AED-062D08A4D586}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{351D93DD-17DF-409C-9AEC-39E195ED2B79}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreedii.exe |
"{3643249D-34C8-463C-BCE4-B9C1DB629F2C}" = protocol=6 | dir=in | app=c:\program files\soluto\soluto.exe |
"{3ABC9B81-3EEC-472C-9040-9F2A4528A774}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{3AD20172-D481-40E5-AB74-0561350BF930}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{3E6889C1-0EF0-4509-B0EB-0DB38C7F5264}" = protocol=6 | dir=in | app=c:\program files\soluto\solutocleanup.exe |
"{40353085-2744-4239-A29A-D2A742D9DDCC}" = protocol=17 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe |
"{4C5DC25A-C668-424E-B2B1-F8326FD9868F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{4DC7054C-8DF2-41B8-B13B-15FE3FE3FFBB}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{591C0DB5-CAFA-4829-B17F-49871B6258F4}" = protocol=17 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\cinergydvr.exe |
"{5C4B847A-BD61-4063-A10F-08E53199D182}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe |
"{5CD21628-0A32-4F3A-8AD2-39888D42C744}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe |
"{5DBAF38A-9C23-4174-87F2-25DA64C8BCF0}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe |
"{60C921EA-5DB7-4170-BE54-FD56096F5725}" = protocol=6 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\cinergydvr.exe |
"{61A305ED-2261-4CE2-B4A6-BEC96C063DA1}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{63C887B4-1C14-45AD-80E1-527506A16035}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.4\icq.exe |
"{66265A86-188D-48E2-9703-4CB444BE0798}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe |
"{6D0BF4EF-A7DA-4B1F-B443-9697EEAD5D02}" = protocol=6 | dir=in | app=c:\program files\soluto\solutocleanup.exe |
"{6F3CA072-E5A2-460D-B8DB-6D65DEFA4A55}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{6F996556-100C-41F9-A934-C8FA8DF3102D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{718249AB-6A20-4C15-A835-67C6158FED96}" = protocol=6 | dir=in | app=c:\program files (x86)\tobit radio.fx\server\rfx-server.exe |
"{733825D8-605E-4CFF-AB50-EB36C9A59B69}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe |
"{73D6C0D3-7650-4BBA-89EB-8449AB392E56}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{73F5F9DF-1506-4970-892F-463FD32F7A50}" = protocol=6 | dir=in | app=c:\users\r\appdata\local\temp\{5ed8315d-3e87-4622-967c-3234a017efa0}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\insttool.exe |
"{743C974D-19EA-41CF-B214-99452621447F}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoservice.exe |
"{7841BE0C-155F-4146-8696-CB567ACE6900}" = protocol=6 | dir=in | app=c:\program files (x86)\tobit radio.fx\client\rfx-client.exe |
"{7B958CAD-DFA4-4727-827F-D143D0129E9A}" = protocol=17 | dir=in | app=c:\program files (x86)\tobit radio.fx\server\rfx-server.exe |
"{7CD321F7-C197-40AF-9CDC-4339720FF702}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoservice.exe |
"{7E7E645E-175A-4140-BA49-82744155120B}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoupdateservice.exe |
"{814C3C81-F911-40CC-91AE-C8A2A8E10DB7}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoconsole.exe |
"{819696DE-A2A0-44D7-AB46-5BE14AF30770}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{8586A832-089B-4B46-BD3E-051079499086}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoconsole.exe |
"{870E4E06-E546-4F3E-881B-15E696C515E0}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe |
"{87B98076-E0BF-4967-B96C-F89292FB6E2B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{8A7324A4-D4AF-4D54-84FA-D4DF0288230C}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe |
"{8CE52618-D161-4B36-AC59-3352998F6BB3}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe |
"{8D1CA9CB-DF48-48A6-A9DB-052922DA50A7}" = protocol=17 | dir=in | app=c:\program files (x86)\tobit radio.fx\client\rfx-client.exe |
"{8DEAA701-4875-4F18-B65F-3F349BC29C0E}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe |
"{8E69E61D-75BE-4800-B757-810803546628}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoconsole.exe |
"{93645458-5796-41F8-B3A3-53E12C08B104}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{94403B60-C306-462C-8007-CCAF839EC9A9}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{97976F18-12C7-4142-AE52-402DCA6E9A83}" = protocol=17 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\cinergydvr.exe |
"{9A3CBFE2-DCA6-4A06-86FE-B934B598365A}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9AC7665D-8979-42BB-9284-171E64E593F9}" = protocol=17 | dir=in | app=c:\users\r\appdata\roaming\dropbox\bin\dropbox.exe |
"{9C6FAF94-0259-488F-BEB0-A9C6955BCF43}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{9CF29FA5-A78B-4CD0-964C-249DEA10D674}" = protocol=6 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\insttool.exe |
"{9D283717-87D7-4AC5-B7BA-207CBD1A31F7}" = protocol=6 | dir=in | app=c:\program files\soluto\soluto.exe |
"{9DB47AA2-CDC6-401E-9568-CE746F7DD0D1}" = protocol=6 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\cinergydvr.exe |
"{A1B79FB2-F57E-4D30-9EBF-24CE296EA503}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{A4B577E0-126C-407F-8BA6-3D01DF75CCC5}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{A8618E98-F4F6-44F4-9C9C-DE25D35842E4}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{A9904A47-CC06-4BA2-BEE3-9B9781AAE79E}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{ACE1F1C5-97CC-446C-9C46-5D8F9F4C3038}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B054E907-DE09-4905-94A3-73BCE57D1C35}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.4\icq.exe |
"{B2A7CC22-665B-4F7E-AA32-097D2D2688A5}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{B628B788-E2C1-4F3A-B5BC-9DD1853AF651}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe |
"{B657B423-85CD-42E8-AB19-264CB3FA8B2D}" = protocol=17 | dir=in | app=c:\program files\soluto\solutocleanup.exe |
"{B7F3FE4C-F2D6-4B16-92A1-E3D3FA29E886}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe |
"{B9307BFE-746B-415F-A76E-9D36C9B84D25}" = protocol=17 | dir=in | app=c:\program files\soluto\soluto.exe |
"{BB699662-56C5-4786-8172-A92294FF5C3B}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe |
"{BF886810-2C18-4420-A41A-892A7835326F}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.4\icq.exe |
"{C1851709-F356-42F3-92CB-7BFCA52088FB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C1D6117C-7861-4F64-98AF-F03B5B545EB4}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C270F552-4FA2-461E-8C7E-EA29C523C26F}" = protocol=6 | dir=in | app=f:\dummie\solutoinstaller.exe |
"{C4C32767-0577-4533-83CC-6DF8DA1BF367}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\uplaybrowser.exe |
"{C708B084-338F-49EE-846E-4D9127489F31}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe |
"{CCC05EBB-D6D7-4451-A6EA-5E7190886405}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoconsole.exe |
"{D28C396E-55DE-439C-AA52-4ABCBA2D636B}" = protocol=6 | dir=in | app=c:\users\r\appdata\local\apps\2.0\cnjphykb.7q5\lle3peln.w1c\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"{D3ED3147-4A6A-4341-80AE-3BDE64F3381F}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoservice.exe |
"{DA6E6CD7-E335-4669-B149-D7637E1EF988}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoupdateservice.exe |
"{DAAE65BE-6159-40AD-9F50-78EBB62E9A32}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe |
"{DADBBA94-29D7-4B52-9936-9BB4C56843F5}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\uplaybrowser.exe |
"{E7761B1F-5EA8-4501-9FE5-BF1B96FCE511}" = protocol=17 | dir=in | app=c:\program files\soluto\solutocleanup.exe |
"{E910AF4C-AE2F-4818-8715-00D38A1D58E7}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{EA4D3C34-F80B-495D-B5EE-7A4FEC45524A}" = protocol=17 | dir=in | app=f:\dummie\solutoinstaller.exe |
"{EA632EE9-E206-4AD4-83B3-FFB8BC586A6C}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{EC95EC23-D7A6-4DD9-B3F5-B9B219221766}" = protocol=6 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe |
"{F1977FEF-88C3-4734-8FEF-BBD669D52FE0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{F1A843A7-E47D-4301-9D47-C0B16B0038D9}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.4\icq.exe |
"{F3366ACE-BA77-4652-A755-B8EA7715C073}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe |
"{F36EF739-0BE7-4F29-A530-7CB969565E24}" = protocol=17 | dir=in | app=c:\users\r\appdata\local\temp\{5ed8315d-3e87-4622-967c-3234a017efa0}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\insttool.exe |
"{F40FFE66-3094-4534-B11C-CB653B32EB36}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{F7671D30-9CF2-4862-B4AC-3F718FB2F083}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{F8ADE1F3-7CD5-4DDF-AAD9-94897858C5E7}" = protocol=17 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\insttool.exe |
"{FB5A84CD-6DEB-46B9-93CA-4422D46D0DE6}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{FF620D17-B817-4392-84D2-B6C285D0B219}" = protocol=6 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe |
"TCP Query User{01ED3EA8-9B8A-47B0-BB3E-D3621E5A1CC1}C:\users\r\appdata\local\jdownloader 2.0\jdownloader2.exe" = protocol=6 | dir=in | app=c:\users\r\appdata\local\jdownloader 2.0\jdownloader2.exe |
"TCP Query User{03178976-5CC9-44D6-A200-159C26AFAC9A}C:\program files (x86)\jdownloader 2.0\jdownloader2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\jdownloader 2.0\jdownloader2.exe |
"TCP Query User{0B99D92A-919B-4EA7-9C44-D56D97D785A9}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"TCP Query User{0D7A08CD-CDE0-4F59-AAF5-4CEB16183875}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{12D81733-D86D-4464-B31E-706BA4B6D78A}C:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe |
"TCP Query User{15E150DA-43C3-4F01-9418-92AE2E11027F}C:\program files (x86)\codemasters\operation flashpoint red river\redriver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\codemasters\operation flashpoint red river\redriver.exe |
"TCP Query User{18BC1E09-0A7F-4B0F-85D1-1DC841528CBD}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"TCP Query User{1AF47DF9-73B3-407B-86E2-BB40F47BBE8A}C:\program files (x86)\terratec\terratec home cinema\versioncheck\versioncheck.exe" = protocol=6 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\versioncheck\versioncheck.exe |
"TCP Query User{1DF3300B-43E1-4760-A823-F1382599EE73}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"TCP Query User{2518BD93-A4EF-4996-911F-39358109F53A}C:\program files (x86)\terratec\terratec home cinema\versioncheck\versioncheck.exe" = protocol=6 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\versioncheck\versioncheck.exe |
"TCP Query User{27F500A9-8BE9-46F4-B6DB-0DDC79342375}C:\program files (x86)\graphisoft\archicad 12\archicad.exe" = protocol=6 | dir=in | app=c:\program files (x86)\graphisoft\archicad 12\archicad.exe |
"TCP Query User{46D0ED4E-4BE6-4B3B-B6D0-58F1ECF9A1AF}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{4B1F6EB3-58B2-4151-AD91-C4A65F7E24A9}C:\program files (x86)\graphisoft\archicad 12\archicad.exe" = protocol=6 | dir=in | app=c:\program files (x86)\graphisoft\archicad 12\archicad.exe |
"TCP Query User{5456FF82-75BD-4091-B66E-E6A0F91A91C7}C:\windows\syswow64\dllhost.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dllhost.exe |
"TCP Query User{58C7AEC3-C572-400E-945F-350818A701FC}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{5AD8EC2B-BC8E-4483-956C-B100C2CEB1F5}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{5E7A5CDA-4EA7-4C4F-8202-DCC2CB6824C8}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{630D0EB8-D412-4056-9FAF-A09A314349BE}C:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe |
"TCP Query User{68E50DDE-851A-4055-975B-6373FB3FE583}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{69B2B139-4B2D-43A2-81FC-5F68C7F57FE5}C:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe |
"TCP Query User{70DCACC0-625A-4C7A-BB01-37DAAD7A49A7}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{82933F9C-09FD-4C56-8E49-356772A838AC}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"TCP Query User{8BE6F9FB-577F-421B-A76E-AEEC8432DFD9}C:\program files (x86)\bethesda softworks\hunted\binaries\win32\p4dftre.dll" = protocol=6 | dir=in | app=c:\program files (x86)\bethesda softworks\hunted\binaries\win32\p4dftre.dll |
"TCP Query User{933908A2-C868-4B73-9361-704E57198723}C:\program files (x86)\fritz!box monitor\fritzboxmonitor.exe" = protocol=6 | dir=in | app=c:\program files (x86)\fritz!box monitor\fritzboxmonitor.exe |
"TCP Query User{A736F789-7A90-44E0-822F-F96413ABA171}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{A825E474-D263-448F-BDC6-9A9512BCCAAA}C:\program files (x86)\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"TCP Query User{B1F99871-7056-4447-8648-9A180D2F9466}C:\users\r\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\r\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{B5FDDFB1-F5B5-4DC1-B7BA-D78FE3C54521}C:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe |
"TCP Query User{BF825E28-6954-4A8D-ADCC-FA06E110DD57}C:\windows\syswow64\dllhost.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dllhost.exe |
"TCP Query User{C94EA6AC-0BB8-4C5F-B006-438227B316AC}C:\program files (x86)\jdownloader 2.0\jdownloader2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\jdownloader 2.0\jdownloader2.exe |
"TCP Query User{CB6C5993-C813-4585-B8D6-7A0C0043BAAD}C:\users\r\appdata\local\jdownloader 2.0\jdownloader2.exe" = protocol=6 | dir=in | app=c:\users\r\appdata\local\jdownloader 2.0\jdownloader2.exe |
"TCP Query User{D6C957E0-9652-4924-8ADC-0DE9327E70B8}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"TCP Query User{DDC577DD-A79D-41D6-B03C-77B98F48915F}C:\users\administrator\appdata\local\jdownloader 2.0\jdownloader2.exe" = protocol=6 | dir=in | app=c:\users\administrator\appdata\local\jdownloader 2.0\jdownloader2.exe |
"TCP Query User{EC8AA220-6E06-4BC1-922E-22DB33275D39}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{F71D3BEE-B3BB-4E00-BA3E-46CBC408191B}C:\program files (x86)\fritz!box monitor\fritzboxmonitor.exe" = protocol=6 | dir=in | app=c:\program files (x86)\fritz!box monitor\fritzboxmonitor.exe |
"UDP Query User{04708614-D000-4BE3-8F24-AA236B5B1793}C:\users\r\appdata\local\jdownloader 2.0\jdownloader2.exe" = protocol=17 | dir=in | app=c:\users\r\appdata\local\jdownloader 2.0\jdownloader2.exe |
"UDP Query User{131FF0D6-DC35-494D-82F4-D29F14C2CD1F}C:\program files (x86)\graphisoft\archicad 12\archicad.exe" = protocol=17 | dir=in | app=c:\program files (x86)\graphisoft\archicad 12\archicad.exe |
"UDP Query User{299D3748-C8B5-4C8B-B381-E97960A43FF3}C:\program files (x86)\codemasters\operation flashpoint red river\redriver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\codemasters\operation flashpoint red river\redriver.exe |
"UDP Query User{29DF9CAC-45AD-43F0-8D85-B077B9425A59}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{2FDC4ACC-F1FF-4CED-A4B1-CBCB019A9353}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"UDP Query User{3A09AC9B-F6FE-4DC0-926D-A88F2E751FC1}C:\program files (x86)\fritz!box monitor\fritzboxmonitor.exe" = protocol=17 | dir=in | app=c:\program files (x86)\fritz!box monitor\fritzboxmonitor.exe |
"UDP Query User{3C628545-3AD4-464D-B8CB-476B8CB37993}C:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe |
"UDP Query User{41644C6B-D48A-4D2C-9D02-B1FA6F90E6F2}C:\users\r\appdata\local\jdownloader 2.0\jdownloader2.exe" = protocol=17 | dir=in | app=c:\users\r\appdata\local\jdownloader 2.0\jdownloader2.exe |
"UDP Query User{47D95A4D-5CC9-4FCA-A03D-720363217297}C:\program files (x86)\jdownloader 2.0\jdownloader2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\jdownloader 2.0\jdownloader2.exe |
"UDP Query User{4BB5B14E-AD1F-4D3B-8334-9931084E1377}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{53CFC851-FCE6-475D-A67B-6BE65BE3DD7F}C:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe |
"UDP Query User{5BAC89A2-85D3-4DB4-9651-05D11EE9FEB3}C:\windows\syswow64\dllhost.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dllhost.exe |
"UDP Query User{6D0CB095-3DB3-406A-BD92-9F2E14583DC9}C:\program files (x86)\bethesda softworks\hunted\binaries\win32\p4dftre.dll" = protocol=17 | dir=in | app=c:\program files (x86)\bethesda softworks\hunted\binaries\win32\p4dftre.dll |
"UDP Query User{6F8BE57D-F25F-400E-8A86-097D3F5B851D}C:\program files (x86)\graphisoft\archicad 12\archicad.exe" = protocol=17 | dir=in | app=c:\program files (x86)\graphisoft\archicad 12\archicad.exe |
"UDP Query User{72AEBF62-F255-4745-A64D-9AB348E6A65C}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{74A7F2DD-0EFF-4DD3-8E1B-C1F677B9B7D1}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{788F8B31-B94E-43F9-B9BA-566BFF9A7970}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{78C33F25-D5C1-4B22-8609-C8C473BA1A44}C:\program files (x86)\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"UDP Query User{7EA9D499-C76C-4895-8FD5-6F099D0B141D}C:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe |
"UDP Query User{7F7F7E47-9AA7-4B2B-AFAB-143056C7B6D6}C:\users\administrator\appdata\local\jdownloader 2.0\jdownloader2.exe" = protocol=17 | dir=in | app=c:\users\administrator\appdata\local\jdownloader 2.0\jdownloader2.exe |
"UDP Query User{8C40F6A7-5344-4818-A983-96364A062AEA}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"UDP Query User{9A50A13D-C530-4600-99E9-2DA546199E42}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"UDP Query User{9F2A2FC3-0098-4ED4-8F9C-C4995DF7B4B8}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{A1A1EFF4-F03D-4A2C-B144-74B6DF48904E}C:\program files (x86)\fritz!box monitor\fritzboxmonitor.exe" = protocol=17 | dir=in | app=c:\program files (x86)\fritz!box monitor\fritzboxmonitor.exe |
"UDP Query User{A2F34F26-D41A-4A20-82CA-CC95DBC49CB4}C:\program files (x86)\jdownloader 2.0\jdownloader2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\jdownloader 2.0\jdownloader2.exe |
"UDP Query User{AEBA58E5-42C2-4FAA-AF46-166D4468A76C}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{B73CC98E-24BE-4D4E-A5DF-A907C1C67F4E}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{C07CA024-925B-45B2-B9EF-D967254A3D94}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{C573D57A-1276-496E-A236-22C61530BEDB}C:\users\r\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\r\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{D0F3612F-BBE7-4DD4-8C6F-A974B47CFC1B}C:\program files (x86)\terratec\terratec home cinema\versioncheck\versioncheck.exe" = protocol=17 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\versioncheck\versioncheck.exe |
"UDP Query User{DADD4AD6-BB93-4755-A11F-6BBDB373E525}C:\windows\syswow64\dllhost.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dllhost.exe |
"UDP Query User{F1C1711F-E529-4E89-BC09-6E5924B5DA78}C:\program files (x86)\terratec\terratec home cinema\versioncheck\versioncheck.exe" = protocol=17 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\versioncheck\versioncheck.exe |
"UDP Query User{F1C19121-1A1F-49F5-8D36-2F5F9EFF5219}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{F81612F5-FF60-4D90-8033-308DBA0C3A09}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{FEEB672A-BA9B-421D-962B-876147C69183}C:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{131A2659-99A9-4A89-B012-22A898EAE9DA}" = EMBASSY Security Center Lite
"{167F594F-8A62-48A9-B6EC-97B853464808}" = Dell ControlPoint System Manager
"{16B452B6-828D-4E93-A97E-B92C76E8E0DD}" = SO64MMWrapper
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{2128559D-BBCD-4744-87F0-7C0CD5CFB464}" = Windows Live Family Safety
"{27753668-8F35-4FEE-BE5D-ADCD615D334A}" = Dell ControlPoint Connection Manager 64
"{2B7F5983-7076-4D6E-9207-D9D05722502F}" = Smart Technology Programming Software 7.0.2.7
"{2C3393DE-8A93-43A0-9983-ACE9CB9EDCBA}" = BS64MMWrapper
"{3110A3AD-9890-42DF-8CE5-FBFE4E633ED2}" = Wave Infrastructure Installer
"{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4C0A8D65-4286-4B58-87FE-18AD24289285}" = NVIDIA Performance Drivers
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"{5783F2D7-9007-0407-0102-0060B0CE6BBA}" = AutoCAD Electrical 2011
"{5783F2D7-9007-0407-1102-0060B0CE6BBA}" = AutoCAD Electrical 2011 Language Pack - Deutsch
"{5783F2D7-9028-0409-0100-0060B0CE6BBA}" = DWG TrueView 2011
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{76D6189D-1564-0400-0000-DFC2EE337EAC}" = Autodesk Inventor View 2011
"{76D6189D-1564-0400-0001-DFC2EE337EAC}" = Autodesk Inventor View 2011 Language Pack - Deutsch
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{87508272-99AC-47AA-9F65-5F8C09930CA6}" = Dell Control Point 64
"{8F79E264-B252-464F-979B-181903811220}" = Aastra - OpenCom1000 Service Tools (x64)
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{A093D83F-429A-4AB2-A0CD-1F7E9C7B764A}" = Trusted Drive Manager
"{A4F53D2C-1FED-4CDF-9D83-4AED82CD0436}" = Gemalto
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave Systems
"{ACF9459F-3585-487A-A84E-B1A3A0D12165}" = Autodesk Vault 2011 (Client)
"{ACF9459F-3585-487F-A84E-B1A3A0D12165}" = Autodesk Vault 2011 (Client) German Language Pack
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{AF7E4468-E364-4991-BC2A-6E8293E1055B}" = BioAPI Framework
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.53
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BB93D30B-B395-44BB-A9ED-A0E057F07E53}" = NTRU TCG Software Stack
"{C3B66206-54AC-4A76-8CCF-7FE5670C3581}" = DCP64MMWrapper
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"{F161E795-1A75-4DBD-AFAE-4980BA7EABDB}" = Dell ControlVault Host Components Installer 64Bit
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FDA5AFC5-DAE3-4DB0-810F-B5FA858E5233}" = Soluto
"{FEF64966-7F5E-48A6-8A87-C12533BEE519}" = ATMinInstall64
"62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F" = Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0)
"72A50F48CC5601190B9C4E74D81161693133E7F7" = Windows-Treiberpaket - Nokia Modem (02/25/2011 7.01.0.9)
"7C3B20D7A6E59F324247FCFEDEFA94CB3339BA1C" = Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000)
"9D57DE505B6D8C710EF3B74BE638DBB936EED8A3" = Windows-Treiberpaket - Dell Inc. PBADRV System (01/07/2008 1.0.1.5)
"AutoCAD Electrical 2011" = AutoCAD Electrical 2011
"Autodesk Inventor View 2011" = Autodesk Inventor View 2011 Deutsch
"Creative OA001" = Integrated Webcam Driver (1.06.03.0309)
"DWG TrueView 2011" = DWG TrueView 2011
"E0AC723A3DE3A04256288CADBBB011B112AED454" = Windows-Treiberpaket - Nokia Modem (02/25/2011 4.7)
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Autodesk AutoCAD 2009 Performance Driver" = NVIDIA Performance Driver for Autodesk AutoCAD 2009
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SynTPDeinstKey" = Dell Touchpad
"Totalcmd64" = Total Commander 64-bit (Remove or Repair)
"UltSounds" = Windows-Soundschemas
"UltSounds2" = Ultimate Extras sounds from Microsoft® Tinker™
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{105CFC7C-6992-11D5-BD9D-000102C10FD8}" = Lizardtech DjVu Control
"{13702021-43FB-480C-912F-D9B74A538288}" = OpenProj
"{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 26
"{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 10
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1" = Samsung SSD Magician
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39316EDC-804F-4081-9974-0A13BA77E5EF}" = Windows Internet Explorer Platform Preview
"{3E8A20E1-223F-11E2-9116-B8AC6F98CCE3}" = Google Earth
"{414A373B-59DF-4102-94CA-9FE9A74CBDDA}" = Garmin Trip and Waypoint Manager v5
"{419CF344-3D94-4DAD-99C8-EA7B00E5EA8B}" = Acronis*True*Image*Home
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{434D083E-A4CC-401A-9E74-621000038101}" = OF: Red River
"{434D083E-A4CC-401A-9E74-621000038102}" = OF: Red River
"{434D083E-A4CC-401A-9E74-621000038103}" = OF: Red River
"{434D083E-A4CC-401A-9E74-621000038104}" = OF: Red River
"{434D083E-A4CC-401A-9E74-621000038105}" = OF: Red River
"{434D083E-A4CC-401A-9E74-621000038106}" = OF: Red River
"{434D083E-A4CC-401A-9E74-621000038107}" = OF: Red River
"{449CE12D-E2C7-4B97-B19E-55D163EA9435}" = Bing Bar
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5545EEE4-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2701.01)
"{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1" = iolo technologies' System Mechanic
"{562D0D31-FBAF-4505-8B27-4EC92EEA91D6}" = DIAL Communication Framework
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5BA43E5C-66FD-48D2-AB40-B807D457EF83}" = ElsterFormular 2007/2008
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5FCCD531-1B38-4A94-924C-127F722F1031}" = Nero 8
"{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema
"{644F4910-E812-49AD-93EC-86828CB81A0D}" = PC Connectivity Solution
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7AE25201-3E12-4FA2-9E65-67CD475D9263}" = ACDSee 9 Foto-Manager
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{866C4563-ED53-43F3-A29D-8BEE2BD1BA3C}" = Nokia PC Suite
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D20B4D7-3422-4099-9332-39F27E617A6F}" = Autodesk Design Review 2011
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90A455A7-0FC8-4508-B7FA-8F135B8F041A}" = DSL-Manager
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}" = Sophos Anti-Virus
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}" = Autodesk Material Library 2011
"{A06F5ACB-AF59-4DC0-B22E-1F6F47FC7004}" = Microsoft Reader Text-to-Speech deutsch
"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A79408B0-345D-42E8-8EB6-00597320B9E0}" = FRITZ!Box-Fernzugang einrichten
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C5E7BF75-007E-44AD-8962-627ED44CB63B}" = NaturalReaderFree
"{CBBCBE04-EA5E-4201-A924-E7ED3E8686AE}" = ElsterFormular 2006/2007
"{CD1E078C-A6B9-47DA-B035-6365C85C7832}" = Autodesk Material Library 2011 Base Image library
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{DDA3C325-47B2-4730-9672-BF3771C08799}_is1" = XMedia Recode Version 3.1.2.5
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EFC0BA9B-F472-4559-B655-9C47281F9483}" = WD Security
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4487649-7368-4217-AEA3-1E04DB3E2C5C}" = Dell ControlPoint Security Manager
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{F9B37992-968C-4264-8449-489032FC28DE}" = Wolfenstein
"{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}" = Dell Security Device Driver Pack
"001FFFFFFF12FF00FF0201F05F02F000-R1" = ArchiCAD 12 GER
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audiograbber" = Audiograbber 1.83 SE
"Audiograbber-Lame" = Audiograbber Lame-MP3-Plugin
"Autodesk Design Review 2011" = Autodesk Design Review 2011
"Autodesk Vault 2011 (Client)" = Autodesk Vault 2011 (Client)
"AVAPLAN Studio 2010_is1" = AVAPLAN Studio 2010 Version 3.5.0
"AVMFBoxMonitor" = AVM FRITZ!Box Monitor
"Cinergy HTC USB XS" = Cinergy HTC USB XS V5.09.1202.00
"ClearProg" = ClearProg 1.6.0 Final
"DIALux" = DIALux 4.10
"DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch (DeCSS-frei)
"ElsterFormular 12.4.1.7699p" = ElsterFormular
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free DVD Decrypter_is1" = Free DVD Decrypter version 1.5
"FreePDF_XP" = FreePDF (Remove only)
"Google Calendar Sync" = Google Calendar Sync
"GPL Ghostscript 9.04" = GPL Ghostscript
"InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"InstallShield_{131A2659-99A9-4A89-B012-22A898EAE9DA}" = EMBASSY Security Center Lite
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"jdownloader2" = JDownloader 2.0
"KaloMa_is1" = KaloMa 4.9
"MKVToolNix" = MKVToolNix 5.9.0
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"Mozilla Thunderbird 13.0.1 (x86 de)" = Mozilla Thunderbird 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.52
"NAVIGON Fresh" = NAVIGON Fresh 3.4.1
"NAVIGON Sync" = NAVIGON Sync 2.0.0
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenFietsMap (BNL)" = OpenFietsMap
"OpenFietsMap(Germany)" = OpenFietsMap(Germany)
"RealPlayer 12.0" = RealPlayer
"SecureW2 EAP Suite" = SecureW2 EAP Suite 1.1.3 for Windows
"Simple Sudoku_is1" = Simple Sudoku 4.2
"SpeedFan" = SpeedFan (remove only)
"SystemRequirementsLab" = System Requirements Lab
"TeamViewer 5" = TeamViewer 5
"The Elder Scrolls V - Skyrim_is1" = The Elder Scrolls V - Skyrim
"TVgenial" = TVgenial 5.00
"VAG-COM311_DE" = VAG-COM 311 Deutsch
"VLC media player" = VLC media player 2.0.4
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR Archivierer
"WinX HD Video Converter Deluxe_is1" = WinX HD Video Converter Deluxe 3.10.3
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MyFreeCodec" = MyFreeCodec
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 12.01.2013 18:53:51 | Computer Name = R-Laptop02 | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Nero\Nero8\Nero Toolkit\DiscSpeed.exe". Fehler in Manifest- oder Richtliniendatei
"" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten
sind: Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
Error - 12.01.2013 18:53:51 | Computer Name = R-Laptop02 | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Nero\Nero8\Nero Toolkit\DiscSpeed.exe". Fehler in Manifest- oder Richtliniendatei
"" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten
sind: Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
Error - 12.01.2013 18:55:24 | Computer Name = R-Laptop02 | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 9.0.8112.16457, Zeitstempel
0x50a2f9e3, fehlerhaftes Modul USER32.dll, Version 6.0.6002.18541, Zeitstempel
0x4ec3e39f, Ausnahmecode 0xc0000142, Fehleroffset 0x0006f52f, Prozess-ID 0x1924,
Anwendungsstartzeit 01cdf117e85550bc.
Error - 12.01.2013 18:55:33 | Computer Name = R-Laptop02 | Source = Windows Search Service | ID = 3013
Description =
Error - 12.01.2013 18:55:33 | Computer Name = R-Laptop02 | Source = Windows Search Service | ID = 3013
Description =
Error - 12.01.2013 18:55:33 | Computer Name = R-Laptop02 | Source = Windows Search Service | ID = 3013
Description =
Error - 12.01.2013 18:58:30 | Computer Name = R-Laptop02 | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Nero\Nero8\Nero Toolkit\DiscSpeed.exe". Fehler in Manifest- oder Richtliniendatei
"" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten
sind: Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
Error - 12.01.2013 18:58:30 | Computer Name = R-Laptop02 | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Nero\Nero8\Nero Toolkit\DiscSpeed.exe". Fehler in Manifest- oder Richtliniendatei
"" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten
sind: Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
Error - 12.01.2013 18:58:33 | Computer Name = R-Laptop02 | Source = EventSystem | ID = 4609
Description =
Error - 12.01.2013 18:58:33 | Computer Name = R-Laptop02 | Source = WinMgmt | ID = 10
Description =
[ OSession Events ]
Error - 15.04.2010 16:50:12 | Computer Name = R-Laptop02 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1005
seconds with 840 seconds of active time. This session ended with a crash.
Error - 25.04.2010 12:59:37 | Computer Name = R-Laptop02 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 4399
seconds with 4020 seconds of active time. This session ended with a crash.
Error - 04.02.2011 08:47:58 | Computer Name = R-Laptop02 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.
Error - 02.07.2011 07:39:56 | Computer Name = R-Laptop02 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 26
seconds with 0 seconds of active time. This session ended with a crash.
Error - 03.01.2013 14:51:26 | Computer Name = R-Laptop02 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 25
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 12.01.2013 18:53:30 | Computer Name = R-Laptop02 | Source = Service Control Manager | ID = 7009
Description =
Error - 12.01.2013 18:53:30 | Computer Name = R-Laptop02 | Source = Service Control Manager | ID = 7000
Description =
Error - 12.01.2013 18:57:37 | Computer Name = R-Laptop02 | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\pfc.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 12.01.2013 18:57:58 | Computer Name = R-Laptop02 | Source = DCOM | ID = 10005
Description =
Error - 12.01.2013 18:58:28 | Computer Name = R-Laptop02 | Source = DCOM | ID = 10005
Description =
Error - 12.01.2013 18:58:33 | Computer Name = R-Laptop02 | Source = DCOM | ID = 10005
Description =
Error - 12.01.2013 18:58:33 | Computer Name = R-Laptop02 | Source = DCOM | ID = 10005
Description =
Error - 12.01.2013 18:58:33 | Computer Name = R-Laptop02 | Source = DCOM | ID = 10005
Description =
Error - 12.01.2013 18:58:34 | Computer Name = R-Laptop02 | Source = Service Control Manager | ID = 7001
Description =
Error - 12.01.2013 18:58:34 | Computer Name = R-Laptop02 | Source = Service Control Manager | ID = 7026
Description =
< End of report >
Log created at 00:00 on 13/01/2013 (Administrator) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... SPTD -> Already disabled -=E.O.F=- Geändert von ratz9 (14.01.2013 um 21:03 Uhr) |
|
14.01.2013, 21:12
| #6 |
| | GVU-Virus, Rechner als Standardnutzer nicht mehr nutzbar, Rechner funktioniert nur als Admin oder im Abgesicherten Modus als Standardnutzer OTL Logfile: Code:
ATTFilter OTL logfile created on: 13.01.2013 00:03:34 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\R\Desktop 64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,99 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 75,30% Memory free 8,15 Gb Paging File | 7,27 Gb Available in Paging File | 89,30% Paging File free Paging file location(s): c:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 119,29 Gb Total Space | 35,66 Gb Free Space | 29,90% Space Free | Partition Type: NTFS Drive D: | 119,18 Gb Total Space | 40,03 Gb Free Space | 33,58% Space Free | Partition Type: NTFS Drive E: | 465,69 Gb Total Space | 30,78 Gb Free Space | 6,61% Space Free | Partition Type: NTFS Drive F: | 465,69 Gb Total Space | 132,64 Gb Free Space | 28,48% Space Free | Partition Type: NTFS Computer Name: R-LAPTOP02 | User Name: Administrator | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.01.13 00:01:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\R\Desktop\OTL.exe PRC - [2012.12.17 08:25:10 | 000,159,296 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - [2008.01.21 03:50:23 | 000,195,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013.01.10 23:37:46 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.01.09 14:53:16 | 000,217,744 | ---- | M] (Sophos Limited) [Auto | Stopped] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService) SRV - [2012.12.29 02:53:20 | 000,383,416 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.12.20 19:34:28 | 000,183,432 | ---- | M] (Soluto) [Auto | Stopped] -- C:\Programme\Soluto\SolutoLauncherService.exe -- (SolutoLauncherService) SRV - [2012.12.20 19:34:26 | 000,542,344 | ---- | M] (Soluto) [Auto | Running] -- C:\Programme\Soluto\SolutoService.exe -- (SolutoService) SRV - [2012.12.20 19:27:04 | 001,246,344 | ---- | M] (Soluto) [On_Demand | Stopped] -- C:\Programme\Soluto\SolutoRemoteService.exe -- (SolutoRemoteService) SRV - [2012.12.17 08:28:57 | 000,236,608 | ---- | M] (Sophos Limited) [Auto | Stopped] -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service) SRV - [2012.12.17 08:26:09 | 000,357,400 | ---- | M] (Sophos Limited) [Auto | Stopped] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe -- (Sophos Web Control Service) SRV - [2012.12.17 08:25:10 | 000,159,296 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService) SRV - [2012.12.17 08:24:50 | 002,878,016 | ---- | M] (Sophos Limited) [Auto | Stopped] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe -- (swi_service) SRV - [2012.12.17 08:23:38 | 002,010,688 | ---- | M] (Sophos Limited) [Auto | Stopped] -- C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe -- (swi_update_64) SRV - [2012.12.04 21:20:42 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.09.23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.06.17 09:08:44 | 000,246,112 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe -- (Mobile Partner. RunOuc) SRV - [2012.06.11 10:33:26 | 000,724,376 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2012.06.07 18:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.04.05 12:42:12 | 001,685,808 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\DIAL GmbH\DIAL Communication Framework\DialComService.exe -- (DialComService) SRV - [2011.12.16 12:21:12 | 000,246,688 | R--- | M] (Western Digital) [Auto | Stopped] -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe -- (WDDriveService) SRV - [2011.09.12 08:28:56 | 000,722,616 | ---- | M] (iolo technologies, LLC) [On_Demand | Stopped] -- C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService) SRV - [2011.05.19 21:27:19 | 001,436,424 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64) SRV - [2011.04.01 10:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011.03.28 20:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2011.03.28 10:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort) SRV - [2011.03.14 16:27:34 | 000,346,976 | ---- | M] () [Auto | Stopped] -- C:\ProgramData\DatacardService\HWDeviceService64.exe -- (HWDeviceService64.exe) SRV - [2010.09.22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.12.17 17:04:18 | 000,185,640 | ---- | M] (TeamViewer GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5) SRV - [2009.12.08 07:14:26 | 006,810,728 | ---- | M] () [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe -- (NVIDIA Performance Driver Service) SRV - [2009.10.05 18:54:10 | 000,076,288 | ---- | M] (Smith Micro Software, Inc.) [Auto | Stopped] -- C:\Programme\Dell\Dell ControlPoint\Connection Manager\SMManager.exe -- (SMManager) SRV - [2009.08.11 15:59:38 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Stopped] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2009.07.16 11:26:04 | 000,510,752 | ---- | M] (Dell Inc.) [Auto | Stopped] -- C:\Programme\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe -- (dcpsysmgrsvc) SRV - [2009.06.26 08:24:42 | 001,040,232 | ---- | M] (Broadcom Corporation) [Auto | Stopped] -- C:\Programme\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe -- (Credential Vault Host Control Service) SRV - [2009.06.26 08:24:42 | 000,031,080 | ---- | M] (Broadcom Corporation) [Auto | Stopped] -- C:\Programme\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe -- (Credential Vault Host Storage) SRV - [2009.06.11 19:07:18 | 002,515,968 | ---- | M] (Wave Systems Corp.) [Auto | Stopped] -- C:\Programme\Wave Systems Corp\Trusted Drive Manager\TdmService.exe -- (TdmService) SRV - [2009.06.03 12:10:20 | 001,555,456 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Programme\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService) SRV - [2009.04.27 12:43:56 | 000,420,432 | ---- | M] (Dell Inc.) [Auto | Stopped] -- C:\Programme\Dell\Dell ControlPoint\DCPButtonSvc.exe -- (buttonsvc64) SRV - [2009.03.30 05:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.02.11 17:38:40 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) SRV - [2008.11.12 12:25:48 | 001,273,856 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe) SRV - [2008.10.23 17:45:14 | 000,307,200 | ---- | M] (T-Systems Enterprise Services GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\DSL-Manager\DslMgrSvc.exe -- (TDslMgrService) SRV - [2007.05.31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2007.05.28 17:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Stopped] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE) SRV - [2006.10.18 15:26:16 | 000,285,216 | ---- | M] (Acronis) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.12.20 19:19:42 | 000,054,728 | ---- | M] (Soluto LTD.) [File_System | Boot | Stopped] -- C:\Windows\SysNative\DRIVERS\Soluto.sys -- (Soluto) DRV:64bit: - [2012.12.17 08:27:45 | 000,154,952 | ---- | M] (Sophos Limited) [File_System | System | Stopped] -- C:\Windows\SysNative\DRIVERS\savonaccess.sys -- (SAVOnAccess) DRV:64bit: - [2012.09.20 05:35:36 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssudmdm.sys -- (ssudmdm) DRV:64bit: - [2012.09.20 05:35:36 | 000,102,368 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssudbus.sys -- (dg_ssudbus) DRV:64bit: - [2012.06.17 09:08:46 | 000,271,360 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ewusbnet.sys -- (ewusbnet) DRV:64bit: - [2012.06.17 09:08:46 | 000,222,464 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ewusbmdm.sys -- (hwdatacard) DRV:64bit: - [2012.06.17 09:08:46 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ew_hwusbdev.sys -- (ew_hwusbdev) DRV:64bit: - [2012.06.17 09:08:46 | 000,086,016 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ew_jubusenum.sys -- (huawei_enumerator) DRV:64bit: - [2012.06.11 10:33:46 | 000,026,112 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys -- (pccsmcfd) DRV:64bit: - [2012.03.08 17:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr) DRV:64bit: - [2012.02.29 14:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.01.09 16:28:20 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd) DRV:64bit: - [2012.01.09 16:28:20 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usbser_lowerfltjx64.sys -- (UsbserFilt) DRV:64bit: - [2012.01.09 16:28:20 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usbser_lowerfltx64.sys -- (upperdev) DRV:64bit: - [2012.01.09 16:28:18 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc) DRV:64bit: - [2011.10.01 10:47:53 | 000,036,640 | ---- | M] (Sophos Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sdcfilter.sys -- (sdcfilter) DRV:64bit: - [2011.08.25 03:47:22 | 000,025,608 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\SophosBootDriver.sys -- (SophosBootDriver) DRV:64bit: - [2011.08.14 20:17:35 | 000,116,096 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\avmaudio.sys -- (avmaudio) DRV:64bit: - [2011.05.24 12:47:56 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2011.05.24 12:47:56 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2011.05.24 12:47:56 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2011.05.24 12:47:56 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\btwrchid.sys -- (btwrchid) DRV:64bit: - [2010.08.10 08:43:14 | 000,050,056 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SaiBus.sys -- (SaiNtBus) DRV:64bit: - [2010.08.10 08:43:14 | 000,022,792 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\SaiMini.sys -- (SaiMini) DRV:64bit: - [2010.01.18 08:55:58 | 000,655,680 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\emBDA64.sys -- (USB28xxBGA) DRV:64bit: - [2010.01.18 08:55:58 | 000,623,424 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\emOEM64.sys -- (USB28xxOEM) DRV:64bit: - [2010.01.10 12:23:43 | 000,868,848 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd) DRV:64bit: - [2010.01.07 02:14:53 | 000,629,536 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\timntr.sys -- (timounter) DRV:64bit: - [2010.01.07 02:14:53 | 000,198,944 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\snapman.sys -- (snapman) DRV:64bit: - [2010.01.07 02:14:53 | 000,065,312 | ---- | M] (Acronis) [File_System | Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\tifsfilt.sys -- (tifsfilter) DRV:64bit: - [2009.10.22 15:10:30 | 000,069,320 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS) DRV:64bit: - [2009.10.22 15:09:12 | 000,084,808 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K) DRV:64bit: - [2009.10.01 01:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb) DRV:64bit: - [2009.06.26 08:23:46 | 000,038,440 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\cvusbdrv.sys -- (cvusbdrv) DRV:64bit: - [2009.06.26 08:23:42 | 000,013,864 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ccidflt.SYS -- (CCIDFILTER) DRV:64bit: - [2009.05.31 01:43:44 | 000,305,192 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.04.11 06:43:06 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2009.04.11 06:39:37 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usbser.sys -- (usbser) DRV:64bit: - [2009.04.11 06:34:05 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\usbccid.sys -- (USBCCID) DRV:64bit: - [2009.04.11 06:03:32 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus) DRV:64bit: - [2009.03.20 02:02:00 | 000,460,800 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fwlanusb.sys -- (FWLANUSB) DRV:64bit: - [2009.03.08 17:06:00 | 000,319,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\OA001Vid.sys -- (OA001Vid) DRV:64bit: - [2009.03.06 07:33:58 | 000,159,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\OA001Ufd.sys -- (OA001Ufd) DRV:64bit: - [2009.02.13 20:02:52 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wdcsam64.sys -- (WDC_SAM) DRV:64bit: - [2009.02.11 17:26:18 | 000,407,576 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor) DRV:64bit: - [2008.12.09 09:59:28 | 000,023,464 | ---- | M] (EldoS Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\ElRawDsk.sys -- (ElRawDisk) DRV:64bit: - [2008.08.07 07:45:52 | 004,735,488 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64) DRV:64bit: - [2008.08.05 10:48:04 | 000,326,192 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP) DRV:64bit: - [2008.07.21 11:31:16 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk) DRV:64bit: - [2008.06.04 13:14:00 | 000,032,240 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\PBADRV64.sys -- (PBADRV) DRV:64bit: - [2008.01.21 03:46:06 | 000,054,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM) DRV:64bit: - [2007.09.12 17:24:00 | 000,041,024 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dsltestSp5a64.sys -- (dsltestSp5a64) DRV:64bit: - [2007.08.01 14:49:02 | 000,019,008 | ---- | M] (T-Systems Enterprise Services GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\dslmnlwf.sys -- (DslMNLwf) DRV:64bit: - [2007.05.01 15:48:54 | 000,171,144 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\SaiHFF0D.sys -- (SaiHFF0D) DRV:64bit: - [2007.05.01 15:48:54 | 000,034,304 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\SaiUFF0D.sys -- (SaiUFF0D) DRV:64bit: - [2007.03.08 23:19:00 | 000,012,800 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\grmnusb.sys -- (grmnusb) DRV:64bit: - [2006.11.18 13:07:48 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp) DRV:64bit: - [2006.11.17 17:49:52 | 000,052,224 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk) DRV - [2012.09.26 19:57:12 | 000,020,032 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\dgderdrv.sys -- (dgderdrv) DRV - [2010.01.07 21:12:14 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\pfc.sys -- (pfc) DRV - [2001.01.26 13:43:20 | 000,002,144 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\T-Com\DSLCheck\PciDumpr.sys -- (PciDumpr) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.funmoods.com/?f=1&a=ddrnw&chnl=ddrnw&cd=2XzuyEtN2Y1L1QzutDtDtBtByD0FtD0ByB0Ezz0FyB0EyE0FtN0D0Tzu0CtByEyEtN1L2XzutBtFtCtFtCtFtAtCtB&cr=835934769 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=ddrnw&chnl=ddrnw&cd=2XzuyEtN2Y1L1QzutDtDtBtByD0FtD0ByB0Ezz0FyB0EyE0FtN0D0Tzu0CtBtAtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1376788125 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.funmoods.com/?f=1&a=ddrnw&chnl=ddrnw&cd=2XzuyEtN2Y1L1QzutDtDtBtByD0FtD0ByB0Ezz0FyB0EyE0FtN0D0Tzu0CtByEyEtN1L2XzutBtFtCtFtCtFtAtCtB&cr=835934769 IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{031049F5-E23F-B009-29B1-5DBFB4AA5E85}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=ddrnw&chnl=ddrnw&cd=2XzuyEtN2Y1L1QzutDtDtBtByD0FtD0ByB0Ezz0FyB0EyE0FtN0D0Tzu0CtBtAtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1376788125 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.funmoods.com/?f=1&a=ddrnw&chnl=ddrnw&cd=2XzuyEtN2Y1L1QzutDtDtBtByD0FtD0ByB0Ezz0FyB0EyE0FtN0D0Tzu0CtByEyEtN1L2XzutBtFtCtFtCtFtAtCtB&cr=835934769 IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {031049F5-E23F-B009-29B1-5DBFB4AA5E85} IE - HKCU\..\SearchScopes,DefaultScope = {031049F5-E23F-B009-29B1-5DBFB4AA5E85} IE - HKCU\..\SearchScopes\{031049F5-E23F-B009-29B1-5DBFB4AA5E85}: "URL" = hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=ddrnw&chnl=ddrnw&cd=2XzuyEtN2Y1L1QzutDtDtBtByD0FtD0ByB0Ezz0FyB0EyE0FtN0D0Tzu0CtBtAtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1376788125 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll File not found FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: File not found FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: File not found FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: File not found FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: File not found FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: File not found FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.04 21:20:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.11.23 14:47:17 | 000,000,000 | ---D | M] [2012.10.05 20:07:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Extensions [2012.12.04 21:20:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.12.04 21:20:43 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.10.11 03:10:32 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.10.11 03:10:32 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.10.11 03:10:32 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.10.11 03:10:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.10.11 03:10:32 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.10.11 03:10:32 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.09.09 16:16:15 | 000,444,208 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 15258 more lines... O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (no name) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - No CLSID value found. O2 - BHO: (DIALux 3.1 ULDBrowserHelper Class) - {69AB812A-8CE4-4BF3-B49B-3B60A9F31FB2} - C:\Program Files (x86)\DIALux\DLXShellExtension.dll (DIAL GmbH, Germany) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\PROGRA~2\TerraTec\TERRAT~1\THCDES~1.DLL (TerraTec Electronic GmbH) O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4:64bit: - HKLM..\Run: [DellConnectionManager] C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe (Smith Micro Software, Inc.) O4:64bit: - HKLM..\Run: [DellControlPoint] C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe (Dell Inc.) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe () O4:64bit: - HKLM..\Run: [ProfilerU] C:\Programme\Saitek\SD6\Software\ProfilerU.exe (Saitek) O4:64bit: - HKLM..\Run: [SaiMfd] C:\Programme\Saitek\SD6\Software\SaiMfd.exe (Saitek) O4:64bit: - HKLM..\Run: [USCService] C:\Programme\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe (Broadcom Corporation) O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [iolo Startup] C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe (iolo technologies, LLC) O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe () O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe (Sophos Limited) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) O4 - HKLM..\Run: [WD Drive Unlocker] C:\Program Files (x86)\Western Digital\WD Apps\WDDriveAutoUnlock.exe (Western Digital) O4 - HKCU..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics) O4 - HKCU..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia) O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk = C:\Program Files (x86)\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: Backup_DisableCAD = undefined O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (Reg Error: Key error.) O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{64870F7E-99F4-4B3E-9C20-2A5983970A2C}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{88E0E51C-7ADC-4AD7-80AE-6813A2B2B992}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{92FFCC75-D228-4DD0-9E54-783C4D26F355}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B7141A1A-A804-48E4-9314-45E46D740950}: DhcpNameServer = 193.189.244.206 193.189.244.225 O18:64bit: - Protocol\Handler\dialux - No CLSID value found O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\dialux {8352FA4C-39C6-11D3-ADBA-00A0244FB1A2} - C:\Program Files (x86)\DIALux\DLXToolBox.dll (DIAL GmbH, Germany) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL) - C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL (Sophos Limited) O20 - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Limited) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (c:\program files\soluto\soluto.exe /userinit) - c:\program files\soluto\soluto.exe (Soluto) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O30:64bit: - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysNative\relog_ap.dll (Acronis) O30:64bit: - LSA: Authentication Packages - (wvauth) - C:\Windows\SysNative\wvauth.dll (Wave Systems Corp.) O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysWow64\relog_ap.dll (Acronis) O30 - LSA: Authentication Packages - (wvauth) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.10.06 15:15:54 | 000,000,000 | ---D | M] - D:\AutoCAD_2009 -- [ NTFS ] O32 - AutoRun File - [2012.12.18 13:08:09 | 000,000,000 | ---D | M] - D:\AutoCAD_2011 -- [ NTFS ] O32 - AutoRun File - [2012.01.29 01:46:45 | 000,000,000 | ---D | M] - E:\AutoCAD -- [ NTFS ] O32 - AutoRun File - [2012.01.29 01:47:17 | 000,000,000 | ---D | M] - E:\AutoCAD_2002 -- [ NTFS ] O33 - MountPoints2\{2dece9a8-01d3-11e2-8688-00225f0b7e8f}\Shell - "" = AutoRun O33 - MountPoints2\{2dece9a8-01d3-11e2-8688-00225f0b7e8f}\Shell\AutoRun\command - "" = "H:\WD Drive Unlock.exe" autoplay=true O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (sdnclean64.exe) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.01.08 20:52:05 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Skyrim [2013.01.08 20:52:05 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\My Games [2013.01.03 17:12:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TVgenial 5 [2013.01.03 17:12:58 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\TVgenial [2013.01.03 17:12:58 | 000,000,000 | ---D | C] -- C:\ProgramData\TVgenial [2013.01.03 17:12:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TVgenial5 [2012.12.31 08:38:36 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\elsterformular [2012.12.28 19:37:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dropbox [2012.12.27 20:50:49 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump [2012.12.27 20:50:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec [2012.12.27 20:50:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyFree Codec [2012.12.26 02:43:00 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\NVIDIA [2012.12.26 02:41:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2012.12.26 02:38:21 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8 [2012.12.26 02:18:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2012.12.25 21:25:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Soluto [2012.12.25 21:25:07 | 000,000,000 | ---D | C] -- C:\Program Files\Soluto [2012.12.17 08:14:12 | 000,183,024 | ---- | C] (Sophos Plc) -- C:\Windows\SysNative\sdccoinstaller.dll [2012.12.17 08:14:12 | 000,036,640 | ---- | C] (Sophos Limited) -- C:\Windows\SysNative\drivers\sdcfilter.sys [2012.12.17 08:13:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos [2012.12.17 08:13:31 | 000,037,440 | ---- | C] (Sophos Limited) -- C:\Windows\SysNative\SophosBootTasks.exe [2012.12.17 08:13:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Cisco Systems [2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.01.13 00:02:59 | 001,454,210 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.01.13 00:02:59 | 000,631,488 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.01.13 00:02:59 | 000,598,512 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.01.13 00:02:59 | 000,127,102 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.01.13 00:02:59 | 000,104,526 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.01.12 23:57:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.12 23:56:22 | 000,002,140 | ---- | M] () -- C:\Windows\bthservsdp.dat [2013.01.12 23:56:09 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2013.01.12 23:53:01 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.12 23:53:01 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.12 23:41:34 | 000,000,020 | ---- | M] () -- C:\Users\Administrator\defogger_reenable [2013.01.11 00:49:47 | 000,000,159 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.reg [2013.01.11 00:49:47 | 000,000,062 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.bat [2013.01.11 00:37:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.01.10 23:59:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.01.09 07:47:03 | 000,496,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.01.03 17:12:58 | 000,000,855 | ---- | M] () -- C:\Users\Public\Desktop\TVgenial.lnk [2012.12.29 11:34:47 | 000,017,266 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb [2012.12.29 08:00:43 | 000,001,703 | ---- | M] () -- C:\Users\Public\Desktop\mkvmerge GUI.lnk [2012.12.27 20:49:41 | 000,001,839 | ---- | M] () -- C:\Users\Administrator\Desktop\Samsung Kies (Lite).lnk [2012.12.26 02:43:36 | 000,000,823 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk [2012.12.26 02:41:53 | 000,002,117 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk [2012.12.26 02:18:09 | 000,001,924 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2012.12.25 21:49:21 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.12.20 19:19:42 | 000,054,728 | ---- | M] (Soluto LTD.) -- C:\Windows\SysNative\drivers\Soluto.sys [2012.12.17 08:27:45 | 000,154,952 | ---- | M] (Sophos Limited) -- C:\Windows\SysNative\drivers\savonaccess.sys [2012.12.17 08:24:20 | 000,037,440 | ---- | M] (Sophos Limited) -- C:\Windows\SysNative\SophosBootTasks.exe [2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.01.12 23:41:34 | 000,000,020 | ---- | C] () -- C:\Users\Administrator\defogger_reenable [2013.01.11 00:49:47 | 000,000,159 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.reg [2013.01.11 00:49:47 | 000,000,062 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.bat [2013.01.11 00:49:46 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2012.12.27 20:49:41 | 000,001,839 | ---- | C] () -- C:\Users\Administrator\Desktop\Samsung Kies (Lite).lnk [2012.12.26 02:41:53 | 000,002,117 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk [2012.12.26 02:18:09 | 000,001,924 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2012.12.26 02:18:09 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2012.09.26 19:57:16 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012.09.26 19:57:14 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2012.09.26 19:57:14 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2012.09.26 19:57:14 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2012.09.26 19:57:14 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2012.09.21 02:19:02 | 000,377,168 | ---- | C] () -- C:\Windows\SysWow64\brcmbsp.dll [2012.09.21 02:16:27 | 000,080,368 | ---- | C] () -- C:\Windows\SysWow64\pbadrvdll.dll [2012.08.19 16:15:45 | 000,384,844 | ---- | C] () -- C:\Users\Administrator\AppData\Local\funmoods-speeddial.crx [2012.08.19 16:15:45 | 000,031,465 | ---- | C] () -- C:\Users\Administrator\AppData\Local\funmoods.crx [2012.02.01 04:58:22 | 002,681,344 | ---- | C] () -- C:\Windows\SysWow64\dvmsg.dll [2011.10.31 11:55:50 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc [2011.10.06 13:34:12 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dll [2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.05.24 12:50:08 | 000,002,140 | ---- | C] () -- C:\Windows\bthservsdp.dat [2011.05.13 10:24:36 | 000,000,102 | ---- | C] () -- C:\Windows\Dialux.ini [2011.01.24 12:10:47 | 000,000,000 | -H-- | C] () -- C:\Windows\msds.dat [2010.01.11 13:07:42 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== ZeroAccess Check ========== [2006.11.02 16:29:43 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.08 18:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.04.11 08:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 03:50:01 | 000,513,024 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.06.17 10:29:54 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Broadcom [2012.10.16 11:24:13 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Dropbox [2012.12.31 08:38:36 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\elsterformular [2012.07.02 13:41:50 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\FreePDF [2012.10.08 20:21:22 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\GHISLER [2012.07.13 20:37:47 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\iolo [2012.07.26 22:13:33 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Naturalsoft [2012.12.04 15:29:45 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Nokia [2012.12.04 15:29:27 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PC Suite [2012.10.11 15:04:10 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Samsung [2013.01.03 17:12:58 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TVgenial [2012.09.20 21:02:35 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Wave Systems Corp ========== Purity Check ========== < End of report > |
|
14.01.2013, 22:16
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU-Virus, Rechner als Standardnutzer nicht mehr nutzbar, Rechner funktioniert nur als Admin oder im Abgesicherten Modus als Standardnutzer Bevor wir uns an die weitere Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Malwarebytes Anti-Rootkit  Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.01.2013, 23:56
| #8 |
| | GVU-Virus, Rechner als Standardnutzer nicht mehr nutzbar, Rechner funktioniert nur als Admin oder im Abgesicherten Modus als StandardnutzerCode:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1016
www.malwarebytes.org
Database version: v2013.01.14.10
Windows Vista Service Pack 2 x64 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Administrator :: R-LAPTOP02 [administrator]
14.01.2013 23:36:07
mbar-log-2013-01-14 (23-36-07).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 31774
Time elapsed: 4 minute(s), 25 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 6
HKCU\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Delete on reboot.
HKCU\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\cjpglkicenollcignonpgiafdgfeehoj (PUP.FunMoods) -> Delete on reboot.
HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Delete on reboot.
HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\cjpglkicenollcignonpgiafdgfeehoj (PUP.FunMoods) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\cjpglkicenollcignonpgiafdgfeehoj (PUP.FunMoods) -> Delete on reboot.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 2
HKCR\scrfile\shell\open\command| (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Delete on reboot.
HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Delete on reboot.
Folders Detected: 6
c:\Program Files (x86)\Funmoods (PUP.FunMoods) -> Delete on reboot.
c:\Program Files (x86)\Funmoods\1.5.23.22 (PUP.FunMoods) -> Delete on reboot.
c:\Program Files (x86)\Funmoods\1.5.23.22\bh (PUP.FunMoods) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-21-1537932054-3061199544-2405855936-1000\$3dbeb7bbd2538c56c1a196c83a15a298\U (Trojan.Siredef.C) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-21-1537932054-3061199544-2405855936-1000\$3dbeb7bbd2538c56c1a196c83a15a298\L (Trojan.Siredef.C) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-21-1537932054-3061199544-2405855936-1000\$3dbeb7bbd2538c56c1a196c83a15a298 (Trojan.Siredef.C) -> Delete on reboot.
Files Detected: 19
c:\$Recycle.Bin\S-1-5-21-1537932054-3061199544-2405855936-1000\$3dbeb7bbd2538c56c1a196c83a15a298\@ (Trojan.Siredef.C) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-21-1537932054-3061199544-2405855936-1000\$3dbeb7bbd2538c56c1a196c83a15a298\n (Trojan.0Access) -> Delete on reboot.
c:\Users\R\wgsdgsdgdsgsd.exe (Trojan.Ransom) -> Delete on reboot.
c:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Delete on reboot.
c:\Users\Administrator\AppData\Local\funmoods.crx (PUP.Funmoods) -> Delete on reboot.
c:\ProgramData\dsgsdgdsgdsgw.bat (Exploit.Drop.GSA) -> Delete on reboot.
c:\ProgramData\dsgsdgdsgdsgw.pad (Exploit.Drop.GSA) -> Delete on reboot.
c:\ProgramData\dsgsdgdsgdsgw.reg (Exploit.Drop.GSA) -> Delete on reboot.
c:\Users\R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk (Trojan.Ransom.SUGen) -> Delete on reboot.
c:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage (PUP.FunMoods) -> Delete on reboot.
c:\Program Files (x86)\Funmoods\1.5.23.22\escortShld.dll (PUP.FunMoods) -> Delete on reboot.
c:\Program Files (x86)\Funmoods\1.5.23.22\FavIcon.ico (PUP.FunMoods) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-21-1537932054-3061199544-2405855936-1000\$3dbeb7bbd2538c56c1a196c83a15a298\U\00000004.@ (Trojan.Siredef.C) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-21-1537932054-3061199544-2405855936-1000\$3dbeb7bbd2538c56c1a196c83a15a298\U\00000008.@ (Trojan.Siredef.C) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-21-1537932054-3061199544-2405855936-1000\$3dbeb7bbd2538c56c1a196c83a15a298\U\000000cb.@ (Trojan.Siredef.C) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-21-1537932054-3061199544-2405855936-1000\$3dbeb7bbd2538c56c1a196c83a15a298\U\80000000.@ (Trojan.Siredef.C) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-21-1537932054-3061199544-2405855936-1000\$3dbeb7bbd2538c56c1a196c83a15a298\U\80000032.@ (Trojan.Siredef.C) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-21-1537932054-3061199544-2405855936-1000\$3dbeb7bbd2538c56c1a196c83a15a298\U\80000064.@ (Trojan.Siredef.C) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-21-1537932054-3061199544-2405855936-1000\$3dbeb7bbd2538c56c1a196c83a15a298\L\00000004.@ (Trojan.Siredef.C) -> Delete on reboot.
(end)
Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1016
www.malwarebytes.org
Database version: v2013.01.14.10
Windows Vista Service Pack 2 x64 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Administrator :: R-LAPTOP02 [administrator]
14.01.2013 23:52:24
mbar-log-2013-01-14 (23-52-24).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 31697
Time elapsed: 4 minute(s), 13 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
|
|
15.01.2013, 10:32
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU-Virus, Rechner als Standardnutzer nicht mehr nutzbar, Rechner funktioniert nur als Admin oder im Abgesicherten Modus als Standardnutzer Mal ne andere kurze Frage, hast du diesen Strang bewertet? Oben rechts das mit den zwei Sternchen meine ich...
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.01.2013, 11:33
| #10 |
| | GVU-Virus, Rechner als Standardnutzer nicht mehr nutzbar, Rechner funktioniert nur als Admin oder im Abgesicherten Modus als Standardnutzer Hallo cosinus, ich habe jetzt ziemlich lange gesucht bis ich die Sternchen gefunden habe die du meinst. Das Thema habe ich zumindest nicht bewust bewertet. Da es beim Einstellen von Logs bei mir Probleme gegeben hat kann es aber sein das ich das Thema beim Klicken unbewust bewertet habe. Wenn du oder Ihr die Möglichkeit habt diese miserable Bewertung zurückzusetzen würde ich dies sehr begrüßen. Ich finde bis jetzt hast du 150 Prozent von 100 verdient, da ich mich sehr über deine Hilfe freue und finde das dies ein super Angebot von deiner/ eurer Seite ist. MFG ratz9 |
|
15.01.2013, 11:50
| #11 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU-Virus, Rechner als Standardnutzer nicht mehr nutzbar, Rechner funktioniert nur als Admin oder im Abgesicherten Modus als Standardnutzer Ich hab mich nur gewundert...weil dein Strang ist nicht der einzige der hier bewertet wurde und normalerweise wurden nach meinem Eindruck immer äußerst selten die Stränge bewertet....aber nun gut vergessen wir das. Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.01.2013, 12:33
| #12 |
| | GVU-Virus, Rechner als Standardnutzer nicht mehr nutzbar, Rechner funktioniert nur als Admin oder im Abgesicherten Modus als Standardnutzer Ich habe ComboFix ausgeführt. Nach Beendigung des Programms wurde Windows automatisch neu gestartet. Code:
ATTFilter ComboFix 13-01-15.02 - Administrator 15.01.2013 12:16:07.1.2 - x64 NETWORK
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.49.1031.18.4083.2911 [GMT 1:00]
ausgeführt von:: C:\Users\R\Desktop\ComboFix.exe
AV: Sophos Anti-Virus *Disabled/Updated* {65FBD860-96D8-75EF-C7ED-7BE27E6C498A}
SP: Sophos Anti-Virus *Disabled/Updated* {DE9A3984-B0E2-7A61-FD5D-409005EB0337}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
|
|
15.01.2013, 12:52
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU-Virus, Rechner als Standardnutzer nicht mehr nutzbar, Rechner funktioniert nur als Admin oder im Abgesicherten Modus als Standardnutzer Log ist unvollständig
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.01.2013, 19:08
| #14 |
| | GVU-Virus, Rechner als Standardnutzer nicht mehr nutzbar, Rechner funktioniert nur als Admin oder im Abgesicherten Modus als Standardnutzer Das ist alles was in der Datei ComboFix.txt steht. Sie war im Ordner C:\ComboFix\ abgelegt. Soll ich ComboFix noch mal ausführen? Hallo cosinus, die Schritte die ich bis jetzt ausgeführt habe, sind immer im abgesicherten Modus als Standardnutzer durchgeführt worden. Natürlich musste ich die von die empfohlenen Programme als Administrator ausgeführt worden, da sie sonst nicht laufen. Jetzt habe ich mich auf meinem Administratorkonto eingeloggt und dort wurde dann automatisch ComboFix ausgeführt. Die folgende Log-Datei wurde dann erstellt. Ich hoffe diese ist vollständig und hilft dir weiter. Vielen Dank ratz9 Code:
ATTFilter ComboFix 13-01-15.02 - Administrator 15.01.2013 12:16:07.1.2 - x64 NETWORK
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.49.1031.18.4083.2911 [GMT 1:00]
ausgeführt von:: c:\users\R\Desktop\ComboFix.exe
AV: Sophos Anti-Virus *Disabled/Updated* {65FBD860-96D8-75EF-C7ED-7BE27E6C498A}
SP: Sophos Anti-Virus *Disabled/Updated* {DE9A3984-B0E2-7A61-FD5D-409005EB0337}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\SecureW2
c:\program files (x86)\SecureW2\Uninstall.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2
c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2\TTLS Manager.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2\Uninstall.lnk
c:\users\R\AppData\Local\lame_enc.dll
c:\users\R\AppData\Local\no23xwrapper.dll
c:\users\R\AppData\Local\ogg.dll
c:\users\R\AppData\Local\vorbis.dll
c:\users\R\AppData\Local\vorbisenc.dll
c:\users\R\AppData\Local\vorbisfile.dll
c:\users\R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SecureW2
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\SysWow64\muzapp.exe
c:\windows\SysWow64\test
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-12-16 bis 2013-01-16 ))))))))))))))))))))))))))))))
.
.
2013-01-15 11:21 . 2013-01-16 09:13 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2013-01-15 11:21 . 2013-01-15 11:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-14 22:20 . 2013-01-14 22:20 -------- d-----w- c:\programdata\Malwarebytes
2013-01-13 18:15 . 2013-01-13 18:15 -------- d-----w- c:\users\Administrator\AppData\Roaming\Thunderbird
2013-01-13 18:15 . 2013-01-13 18:15 -------- d-----w- c:\users\Administrator\AppData\Local\Thunderbird
2013-01-09 06:34 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7C2B8AD9-300B-4BAC-A552-3C30A3A8E02C}\mpengine.dll
2013-01-09 06:33 . 2012-11-20 04:22 204288 ----a-w- c:\windows\SysWow64\ncrypt.dll
2013-01-09 06:33 . 2012-11-20 04:21 253952 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-09 06:33 . 2012-11-22 04:22 456192 ----a-w- c:\windows\system32\shlwapi.dll
2013-01-09 06:32 . 2012-11-02 10:47 1869824 ----a-w- c:\windows\system32\msxml3.dll
2013-01-09 06:32 . 2012-11-02 10:47 1794560 ----a-w- c:\windows\system32\msxml6.dll
2013-01-09 06:32 . 2012-11-02 10:19 1400832 ----a-w- c:\windows\SysWow64\msxml6.dll
2013-01-09 06:32 . 2012-11-02 10:19 1248768 ----a-w- c:\windows\SysWow64\msxml3.dll
2013-01-09 06:32 . 2012-11-23 01:54 2770432 ----a-w- c:\windows\system32\win32k.sys
2013-01-08 19:52 . 2013-01-08 19:52 -------- d-----w- c:\users\Administrator\AppData\Local\Skyrim
2013-01-03 16:12 . 2013-01-03 16:13 -------- d-----w- c:\programdata\TVgenial
2013-01-03 16:12 . 2013-01-03 16:12 -------- d-----w- c:\users\Administrator\AppData\Roaming\TVgenial
2013-01-03 16:12 . 2013-01-03 16:12 -------- d-----w- c:\program files (x86)\TVgenial5
2012-12-31 08:42 . 2012-12-31 08:42 95184 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-12-31 08:27 . 2012-12-31 08:42 859072 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-12-31 07:38 . 2012-12-31 07:38 -------- d-----w- c:\users\Administrator\AppData\Roaming\elsterformular
2012-12-29 01:54 . 2012-12-29 01:54 550328 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-12-28 18:37 . 2012-12-28 18:37 -------- d-----w- c:\program files (x86)\Dropbox
2012-12-27 19:50 . 2012-12-27 19:50 -------- d-----w- c:\program files (x86)\MyFree Codec
2012-12-26 01:43 . 2012-12-26 01:43 -------- d-----w- c:\users\Administrator\AppData\Roaming\NVIDIA
2012-12-25 20:25 . 2012-12-25 20:25 -------- d-----w- c:\program files\Soluto
2012-12-21 06:56 . 2012-12-16 13:31 48128 ----a-w- c:\windows\system32\atmlib.dll
2012-12-21 06:56 . 2012-12-16 13:12 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-21 06:56 . 2012-12-16 11:08 368128 ----a-w- c:\windows\system32\atmfd.dll
2012-12-21 06:56 . 2012-12-16 10:50 293376 ----a-w- c:\windows\SysWow64\atmfd.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-10 22:37 . 2012-06-17 09:44 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-10 22:37 . 2011-05-25 21:46 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-09 06:34 . 2006-11-02 12:35 67599240 ----a-w- c:\windows\system32\mrt.exe
2012-12-31 08:42 . 2010-04-17 14:55 779704 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-12-29 10:34 . 2011-11-27 08:54 1813432 ----a-w- c:\windows\system32\nvdispco64.dll
2012-12-29 10:34 . 2011-11-23 17:27 12641120 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-12-29 10:34 . 2011-11-23 17:27 2824656 ----a-w- c:\windows\system32\nvapi64.dll
2012-12-29 10:34 . 2011-11-23 17:27 2504248 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-12-29 08:40 . 2011-11-27 08:56 3455416 ----a-w- c:\windows\system32\nvsvc64.dll
2012-12-29 08:40 . 2011-11-27 08:56 6382008 ----a-w- c:\windows\system32\nvcpl.dll
2012-12-29 08:40 . 2011-11-27 08:56 997816 ----a-w- c:\windows\system32\nv3dappshext.dll
2012-12-29 08:40 . 2011-11-27 08:56 884152 ----a-w- c:\windows\system32\nvvsvc.exe
2012-12-29 08:40 . 2011-11-27 08:56 63928 ----a-w- c:\windows\system32\nvshext.dll
2012-12-29 08:40 . 2011-11-27 08:56 55736 ----a-w- c:\windows\system32\nv3dappshextr.dll
2012-12-29 08:40 . 2011-11-27 08:56 2558392 ----a-w- c:\windows\system32\nvsvcr.dll
2012-12-29 08:40 . 2011-11-27 08:56 118712 ----a-w- c:\windows\system32\nvmctray.dll
2012-12-20 18:19 . 2011-10-31 11:49 54728 ----a-w- c:\windows\system32\drivers\Soluto.sys
2012-12-17 07:27 . 2012-01-22 04:34 154952 ----a-w- c:\windows\system32\drivers\savonaccess.sys
2012-12-17 07:24 . 2012-12-17 07:13 37440 ----a-w- c:\windows\system32\SophosBootTasks.exe
2012-11-14 07:06 . 2012-12-12 08:51 17811968 ----a-w- c:\windows\system32\mshtml.dll
2012-11-14 06:32 . 2012-12-12 08:51 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-11-14 06:11 . 2012-12-12 08:51 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 06:04 . 2012-12-12 08:51 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-11-14 06:04 . 2012-12-12 08:51 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 06:02 . 2012-12-12 08:51 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 06:02 . 2012-12-12 08:52 237056 ----a-w- c:\windows\system32\url.dll
2012-11-14 05:59 . 2012-12-12 08:52 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-11-14 05:58 . 2012-12-12 08:51 816640 ----a-w- c:\windows\system32\jscript.dll
2012-11-14 05:57 . 2012-12-12 08:51 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 05:57 . 2012-12-12 08:52 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 05:55 . 2012-12-12 08:51 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-11-14 05:55 . 2012-12-12 08:51 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-11-14 05:53 . 2012-12-12 08:52 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-11-14 05:52 . 2012-12-12 08:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-14 05:46 . 2012-12-12 08:52 248320 ----a-w- c:\windows\system32\ieui.dll
2012-11-14 02:09 . 2012-12-12 08:51 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-11-14 01:58 . 2012-12-12 08:51 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57 . 2012-12-12 08:51 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-11-14 01:49 . 2012-12-12 08:52 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48 . 2012-12-12 08:52 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-11-14 01:44 . 2012-12-12 08:52 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-11-13 01:45 . 2012-12-12 08:49 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-13 01:29 . 2012-12-12 08:49 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-11-08 10:29 . 2012-11-08 10:29 1402312 ----a-w- c:\windows\SysWow64\msxml4.dll
2012-11-02 10:45 . 2012-12-12 08:49 477696 ----a-w- c:\windows\system32\dpnet.dll
2012-11-02 10:45 . 2012-12-12 08:49 68096 ----a-w- c:\windows\system32\dpnathlp.dll
2012-11-02 10:18 . 2012-12-12 08:49 376320 ----a-w- c:\windows\SysWow64\dpnet.dll
2012-11-02 08:59 . 2012-12-12 08:49 26112 ----a-w- c:\windows\system32\dpnsvr.exe
2012-11-02 08:26 . 2012-12-12 08:49 23040 ----a-w- c:\windows\SysWow64\dpnsvr.exe
2012-10-25 02:12 . 2012-10-25 02:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-10-25 02:12 . 2012-10-25 02:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2012-12-20 1476104]
"KiesAirMessage"="c:\program files (x86)\Samsung\Kies\KiesAirMessage.exe" [2012-12-18 578560]
"PC Suite Tray"="c:\program files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" [2012-06-26 1516632]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2006-10-18 1189920]
"AcronisTimounterMonitor"="c:\program files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe" [2006-10-18 1962896]
"Sophos AutoUpdate Monitor"="c:\program files (x86)\Sophos\AutoUpdate\almon.exe" [2012-12-17 928832]
"PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"FreePDF Assistant"="c:\program files (x86)\FreePDF_XP\fpassist.exe" [2011-02-23 371200]
"WD Drive Unlocker"="c:\program files (x86)\Western Digital\WD Apps\WDDriveAutoUnlock.exe" [2011-12-16 1687968]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"iolo Startup"="c:\program files (x86)\iolo\Common\Lib\ioloLManager.exe" [2011-09-12 606392]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe [N/A]
DSL-Manager.lnk - c:\program files (x86)\DSL-Manager\DslMgr.exe [2011-11-11 1085440]
Samsung SSD Magician.lnk - c:\program files (x86)\Samsung SSD Magician\Samsung SSD Magician.exe [2012-1-22 2056192]
.
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
DSL-Manager.lnk - c:\program files (x86)\DSL-Manager\DslMgr.exe [2011-11-11 1085440]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-11 1080608]
Dell ControlPoint System Manager.lnk - c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe [2009-7-16 1333024]
Google Calendar Sync.lnk - c:\program files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
DSL-Manager.lnk - c:\program files (x86)\DSL-Manager\DslMgr.exe [2011-11-11 1085440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\Sophos\SOPHOS~1\SOPHOS~1.DLL
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 relog_ap wvauth
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-17 22:37]
.
2012-12-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-11 12:25]
.
2013-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-11 12:25]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\R\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\R\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\R\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\R\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2009-06-11 18:06 40960 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2009-06-11 18:06 40960 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2006-10-17 87584]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-05 1560360]
"DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2009-06-11 656384]
"DellConnectionManager"="c:\program files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe" [2009-10-05 1826816]
"USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2009-07-05 15872]
"ProfilerU"="c:\program files\Saitek\SD6\Software\ProfilerU.exe" [2010-07-29 310272]
"SaiMfd"="c:\program files\Saitek\SD6\Software\SaiMfd.exe" [2010-07-29 158208]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-12-29 2041192]
"Soluto"="c:\program files\soluto\soluto.exe" [2012-12-20 1229448]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.funmoods.com/?f=1&a=ddrnw&chnl=ddrnw&cd=2XzuyEtN2Y1L1QzutDtDtBtByD0FtD0ByB0Ezz0FyB0EyE0FtN0D0Tzu0CtByEyEtN1L2XzutBtFtCtFtCtFtAtCtB&cr=835934769
mStart Page = hxxp://start.funmoods.com/?f=1&a=ddrnw&chnl=ddrnw&cd=2XzuyEtN2Y1L1QzutDtDtBtByD0FtD0ByB0Ezz0FyB0EyE0FtN0D0Tzu0CtByEyEtN1L2XzutBtFtCtFtCtFtAtCtB&cr=835934769
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\programdata\Sophos\Web Intelligence\swi_ifslsp.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ovmgs244.default\
.
.
------- Dateityp-Verknüpfung -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-SecureW2 EAP Suite - c:\program files (x86)\SecureW2\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,3b,1b,74,cb,27,
8a,32,16,d3,05,92,c2,17,24,75,4b,20,db
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,3b,1b,10,6e,dc,
97,b6,85,e8,0c,94,4c,c9,e8,47,6a,38,22
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,3b,1b,10,21,d9,
c8,7a,a3,2c,08,84,80,45,9c,2c,7b,80,52
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,3b,1b,ab,88,03,
6c,c0,8c,40,09,aa,e5,92,9a,f2,9a,6e,5e
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1f,df,
c1,75,fe,37,0c,a0,7a,da,65,c2,86,cb,b4
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,3b,1b,7b,fe,ca,
85,5f,d9,6a,07,b7,11,52,15,c8,ac,b1,94
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (Administrator)
"Timestamp"=hex:b0,05,71,3c,81,97,cd,01
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5d,87,4e,3f,7b,d3,8b,46,b3,55,34,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5d,87,4e,3f,7b,d3,8b,46,b3,55,34,\
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.669\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.669"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.AAC"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.amf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.amf"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avr\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.avr"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.B4S\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.PlayList"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.caf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.caf"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.far\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.far"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.FLAC\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.FLAC"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hol\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Outlook.File.hol"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htk\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.htk"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ibc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Outlook.File.ibc"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ics\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Outlook.File.ics"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.iff"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.it\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.it"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.itz"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.KAR\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.KAR"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M3U8\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.PlayList"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M4A\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.M4A"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mat\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.mat"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mdz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.mdz"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MIZ\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.MIZ"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MP1\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.MP1"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.MP3"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.MP4"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.msg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Outlook.File.msg"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mtm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.mtm"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nst\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.nst"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.OGG\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.OGG"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.okt\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.okt"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.paf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.paf"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PLS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.PlayList"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ptm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.ptm"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pvf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.pvf"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.raw"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rf64\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.rf64"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.s3m\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.s3m"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.s3z\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.s3z"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sd2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.sd2"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sds\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.sds"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.sf"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.stm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.stm"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.stz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.stz"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ult\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.ult"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (Administrator)
@Denied: (2) (LocalSystem)
"Progid"="Outlook.File.vcf"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcs\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Outlook.File.vcs"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.VLB\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.VLB"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.voc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.voc"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.w64\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.w64"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wve\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.wve"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.xi"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.xm"
.
[HKEY_USERS\S-1-5-21-1537932054-3061199544-2405855936-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.xmz"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
"CurrentPartnershipProtocol"=dword:00000003
"MinimumPartnershipProtocol"=dword:00000002
@=""
"EulaRequired"=dword:06010000
"DTPTNetworkType"="{0}"
"Dual-Home"=dword:00000001
"DisableCredentialSave"=dword:00000000
"RasTimeoutResponseWait"=dword:00000032
"RasTimeoutPause"=dword:00000005
"ConnectTypesAllowed"=dword:00000008
"CheckPasswordTimeoutSeconds"=dword:00000014
"WaitV2TimeoutSeconds"=dword:00000004
"SerialPort"="Bluetooth"
"HasUsbDevice"=dword:00000000
"SerialBaudRate"=dword:0001c200
"DeviceType"=""
"DeviceOemInfo"=""
"DeviceVersion"=dword:04401504
"DeviceProcessorType"=dword:00000000
"DeviceProcessor"=""
"DisableIr"=dword:00000000
"GuestOnly"=dword:00000000
"MajorVersion"=dword:00000006
"MinorVersion"=dword:00000000
"InstalledDir"="c:\\Windows\\WindowsMobile"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\program files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
c:\program files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
c:\program files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\programdata\Mobile Partner\OnlineUpdate\ouc.exe
c:\program files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
c:\program files (x86)\Sophos\AutoUpdate\ALsvc.exe
c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
c:\program files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
c:\program files (x86)\DSL-Manager\DslMgrSvc.exe
c:\program files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
c:\program files (x86)\PC Connectivity Solution\ServiceLayer.exe
c:\program files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-01-16 10:16:16 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-01-16 09:16
.
Vor Suchlauf: 14 Verzeichnis(se), 37.961.367.552 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 38.891.700.224 Bytes frei
.
- - End Of File - - E8DDB8F87983F262DF4AD32099CA402F
|
|
16.01.2013, 13:50
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU-Virus, Rechner als Standardnutzer nicht mehr nutzbar, Rechner funktioniert nur als Admin oder im Abgesicherten Modus als Standardnutzer adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu GVU-Virus, Rechner als Standardnutzer nicht mehr nutzbar, Rechner funktioniert nur als Admin oder im Abgesicherten Modus als Standardnutzer |
| abgesicherten, administrator, behandlung, bildschirm, dateien, eingeschränkt, entfernen, erstellt, funktioniert, gesperrt, google, gvu-trojaner?, gvu-virus?, hallo zusammen, meldung, modus, neustart, nicht mehr, problem, programm, programme, rechner, seite, software, sophos, standard, zeichen, zugriff |
Linear-Darstellung
