Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Win7 64-bit GVU 2.07

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 24.09.2012, 04:43   #1
Anton99
 
Win7 64-bit GVU 2.07 - Standard

Win7 64-bit GVU 2.07



Hallo,
hab mir leider auch den Trojaner eingefangen und benötige Eure Hilfe.
Hab schon ein wenig gelesen und ein Scan mit OTL durchgeführt.
Wäre nett wenn sich jemand finden würde um dieses Problem zu lösen.

OTL File:
Code:
ATTFilter
OTL logfile created on: 23.09.2012 22:45:08 - Run 5
OTL by OldTimer - Version 3.2.66.0     Folder = C:\Users\HANS\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,99 Gb Total Physical Memory | 2,11 Gb Available Physical Memory | 52,87% Memory free
7,98 Gb Paging File | 5,92 Gb Available in Paging File | 74,13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74,43 Gb Total Space | 1,66 Gb Free Space | 2,23% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 79,88 Gb Free Space | 17,15% Space Free | Partition Type: NTFS
Drive E: | 100,00 Mb Total Space | 71,83 Mb Free Space | 71,83% Space Free | Partition Type: NTFS
Drive H: | 1,87 Gb Total Space | 1,87 Gb Free Space | 99,96% Space Free | Partition Type: FAT32
 
Computer Name: HANS-PC | User Name: HANS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\HANS\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\ProgramData\lsass.exe (Microsoft Corporation)
PRC - C:\Users\HANS\AppData\Local\TitanMentorCalculator\TitanMentorCalculatorLauncher.exe (Kessem Holdings Limited)
PRC - C:\Users\HANS\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Users\HANS\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Windows\KMService.exe ()
PRC - C:\Windows\SysWOW64\srvany.exe ()
PRC - C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google)
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exe (Gigabyte Technology CO., LTD.)
PRC - C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe (PostgreSQL Global Development Group)
PRC - C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe (PostgreSQL Global Development Group)
PRC - C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe ()
PRC - C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe ()
PRC - C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe (Gigabyte Technology CO., LTD.)
PRC - C:\Program Files (x86)\gigabyte\EnergySaver2\des2svr.exe ()
PRC - C:\Program Files (x86)\avmwlanstick\WLanGUI.exe (AVM Berlin)
PRC - C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin)
PRC - C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe (Apache Software Foundation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\HANS\AppData\Local\Temp\nsk864F.tmp\System.dll ()
MOD - C:\Users\HANS\AppData\Local\Temp\nsk864F.tmp\ShutdownAllow.dll ()
MOD - C:\Users\HANS\AppData\Local\Temp\wgsdgsdgdsgsd.exe ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\2e16482769fcdf856919e292a968f16c\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\3b2b9f4ec1819e4b95792d92f56d26f9\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.deu ()
MOD - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\AcroTray.FRA ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AppleChargerSrv) -- C:\Windows\SysNative\AppleChargerSrv.exe ()
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_5891ae0.dll ()
SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (LMIMaint) -- D:\Program Files (x86)\LogMeIn\x64\ramaint.exe (LogMeIn, Inc.)
SRV - (LMIGuardianSvc) -- D:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe (LogMeIn, Inc.)
SRV - (NisSrv) -- C:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- C:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (LBTServ) -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (LogMeIn) -- D:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe (LogMeIn, Inc.)
SRV - (KMService) -- C:\Windows\SysWOW64\srvany.exe ()
SRV - (SearchAnonymizer) -- C:\Users\HANS\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe ()
SRV - (Futuremark SystemInfo Service) -- C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe (Futuremark Corporation)
SRV - (FLEXnet Licensing Service 64) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (postgresql-8.4) -- C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe (PostgreSQL Global Development Group)
SRV - (Marvell RAID) -- C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe ()
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (mitsijm2011) -- D:\Program Files\Autodesk\Inventor 2011\Moldflow\bin\mitsijm.exe ()
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose64) -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Smart TimeLock) -- C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe (Gigabyte Technology CO., LTD.)
SRV - (IGDCTRL) -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
SRV - (DES2 Service) -- C:\Program Files (x86)\gigabyte\EnergySaver2\des2svr.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AVM WLAN Connection Service) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin)
SRV - (MRUWebService) -- C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe (Apache Software Foundation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (LMIRfsClientNP) -- C:\Windows\SysNative\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (LMIRfsDriver) -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV:64bit: - (lmimirr) -- C:\Windows\SysNative\drivers\lmimirr.sys (LogMeIn, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LEqdUsb) -- C:\Windows\SysNative\drivers\LEqdUsb.sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidEqd) -- C:\Windows\SysNative\drivers\LHidEqd.sys (Logitech, Inc.)
DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (seehcri) -- C:\Windows\SysNative\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (ggsemc) -- C:\Windows\SysNative\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (ggflt) -- C:\Windows\SysNative\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (AppleCharger) -- C:\Windows\SysNative\drivers\AppleCharger.sys ()
DRV:64bit: - (TEAM) -- C:\Windows\SysNative\drivers\RtTeam60.sys (Realtek Corporation)
DRV:64bit: - (RTTEAMPT) -- C:\Windows\SysNative\drivers\RtTeam60.sys (Realtek Corporation)
DRV:64bit: - (RtNdPt60) -- C:\Windows\SysNative\drivers\RtNdPt60.sys (Realtek                                            )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (FWLANUSB) -- C:\Windows\SysNative\drivers\fwlanusb.sys (AVM GmbH)
DRV:64bit: - (avmeject) -- C:\Windows\SysNative\drivers\avmeject.sys (AVM Berlin)
DRV:64bit: - (VLAN) -- C:\Windows\SysNative\drivers\RtVlan60.sys (Windows (R) Codename Longhorn DDK provider)
DRV:64bit: - (RTVLANPT) -- C:\Windows\SysNative\drivers\RtVlan60.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider)
DRV - (LMIInfo) -- D:\Program Files (x86)\LogMeIn\x64\rainfo.sys (LogMeIn, Inc.)
DRV - (DrvAgent64) -- C:\Windows\SysWOW64\drivers\DrvAgent64.SYS (Phoenix Technologies)
DRV - (cpudrv64) -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (libusb0) -- C:\Windows\SysWOW64\drivers\libusb0.sys (hxxp://libusb-win32.sourceforge.net)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
 
 
IE - HKU\S-1-5-21-2076485501-311499467-1450225029-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\HANS\Desktop
IE - HKU\S-1-5-21-2076485501-311499467-1450225029-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://igoogle.de/
IE - HKU\S-1-5-21-2076485501-311499467-1450225029-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2076485501-311499467-1450225029-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2076485501-311499467-1450225029-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 28 07 72 77 37 C5 CA 01  [binary data]
IE - HKU\S-1-5-21-2076485501-311499467-1450225029-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-2076485501-311499467-1450225029-1000\..\SearchScopes,DefaultScope = {794FC9A6-490B-4685-85CA-921CF298A8D9}
IE - HKU\S-1-5-21-2076485501-311499467-1450225029-1000\..\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}: "URL" = hxxp://vshare.toolbarhome.com.anonymize-me.de/?anonymto=687474703A2F2F7673686172652E746F6F6C626172686F6D652E636F6D2F7365617263682E617370783F713D7B7365617263685465726D737D26737263683D647370&st={searchTerms}&clid=859d900b-a1f2-4ab0-a14d-5d20b8cf244c&pid=icqt&k=0
IE - HKU\S-1-5-21-2076485501-311499467-1450225029-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D494538535243&st={searchTerms}&clid=859d900b-a1f2-4ab0-a14d-5d20b8cf244c&pid=icqt&k=0
IE - HKU\S-1-5-21-2076485501-311499467-1450225029-1000\..\SearchScopes\{0685CAB3-1ED0-425C-9C4F-E054D6D2AEDF}: "URL" = hxxp://de.search.yahoo.com.anonymize-me.de/?anonymto=687474703A2F2F64652E7365617263682E7961686F6F2E636F6D2F7365617263683F66723D6368722D677265656E747265655F69652665693D7574662D3826747970653D33303233393826703D7B7365617263685465726D737D&st={searchTerms}&clid=859d900b-a1f2-4ab0-a14d-5d20b8cf244c&pid=icqt&k=0
IE - HKU\S-1-5-21-2076485501-311499467-1450225029-1000\..\SearchScopes\{0B13EA44-3310-4DB5-B698-934215D3A832}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=859d900b-a1f2-4ab0-a14d-5d20b8cf244c&pid=icqt&mode=bounce&k=0
IE - HKU\S-1-5-21-2076485501-311499467-1450225029-1000\..\SearchScopes\{16087152-F484-41A8-B599-46301C35692A}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=859d900b-a1f2-4ab0-a14d-5d20b8cf244c&pid=icqt&mode=bounce&k=0
IE - HKU\S-1-5-21-2076485501-311499467-1450225029-1000\..\SearchScopes\{48F4AC61-DC3A-400F-A505-A9E5E447FF4E}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=859d900b-a1f2-4ab0-a14d-5d20b8cf244c&pid=icqt&mode=bounce&k=0
IE - HKU\S-1-5-21-2076485501-311499467-1450225029-1000\..\SearchScopes\{6A244A25-D2F8-48F7-A424-6590CE35C657}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=859d900b-a1f2-4ab0-a14d-5d20b8cf244c&pid=icqt&mode=bounce&k=0
IE - HKU\S-1-5-21-2076485501-311499467-1450225029-1000\..\SearchScopes\{794FC9A6-490B-4685-85CA-921CF298A8D9}: "URL" = hxxp://www.google.de.anonymize-me.de/?anonymto=687474703A2F2F7777772E676F6F676C652E64652F7365617263683F713D7B7365617263685465726D737D&st={searchTerms}&clid=859d900b-a1f2-4ab0-a14d-5d20b8cf244c&pid=icqt&k=0
IE - HKU\S-1-5-21-2076485501-311499467-1450225029-1000\..\SearchScopes\{D8714B38-AB16-4933-8124-C0684013A564}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=859d900b-a1f2-4ab0-a14d-5d20b8cf244c&pid=icqt&mode=bounce&k=0
IE - HKU\S-1-5-21-2076485501-311499467-1450225029-1000\..\SearchScopes\{E0253F8E-ED6E-41B7-8DBF-80D1260B4192}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=859d900b-a1f2-4ab0-a14d-5d20b8cf244c&pid=icqt&mode=bounce&k=0
IE - HKU\S-1-5-21-2076485501-311499467-1450225029-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2076485501-311499467-1450225029-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-2076485501-311499467-1450225029-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=198.7.242.41:3124
 
IE - HKU\S-1-5-21-2076485501-311499467-1450225029-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\postgres\Desktop
IE - HKU\S-1-5-21-2076485501-311499467-1450225029-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/
IE - HKU\S-1-5-21-2076485501-311499467-1450225029-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2076485501-311499467-1450225029-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2076485501-311499467-1450225029-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 28 07 72 77 37 C5 CA 01  [binary data]
IE - HKU\S-1-5-21-2076485501-311499467-1450225029-1001\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-2076485501-311499467-1450225029-1001\..\SearchScopes,DefaultScope = {794FC9A6-490B-4685-85CA-921CF298A8D9}
IE - HKU\S-1-5-21-2076485501-311499467-1450225029-1001\..\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}: "URL" = hxxp://vshare.toolbarhome.com/search.aspx?q={searchTerms}&srch=dsp
IE - HKU\S-1-5-21-2076485501-311499467-1450225029-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2076485501-311499467-1450225029-1001\..\SearchScopes\{0685CAB3-1ED0-425C-9C4F-E054D6D2AEDF}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms}
IE - HKU\S-1-5-21-2076485501-311499467-1450225029-1001\..\SearchScopes\{0B13EA44-3310-4DB5-B698-934215D3A832}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=859d900b-a1f2-4ab0-a14d-5d20b8cf244c&pid=icqt&mode=bounce&k=0
IE - HKU\S-1-5-21-2076485501-311499467-1450225029-1001\..\SearchScopes\{16087152-F484-41A8-B599-46301C35692A}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=859d900b-a1f2-4ab0-a14d-5d20b8cf244c&pid=icqt&mode=bounce&k=0
IE - HKU\S-1-5-21-2076485501-311499467-1450225029-1001\..\SearchScopes\{48F4AC61-DC3A-400F-A505-A9E5E447FF4E}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=859d900b-a1f2-4ab0-a14d-5d20b8cf244c&pid=icqt&mode=bounce&k=0
IE - HKU\S-1-5-21-2076485501-311499467-1450225029-1001\..\SearchScopes\{6A244A25-D2F8-48F7-A424-6590CE35C657}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=859d900b-a1f2-4ab0-a14d-5d20b8cf244c&pid=icqt&mode=bounce&k=0
IE - HKU\S-1-5-21-2076485501-311499467-1450225029-1001\..\SearchScopes\{794FC9A6-490B-4685-85CA-921CF298A8D9}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-2076485501-311499467-1450225029-1001\..\SearchScopes\{D8714B38-AB16-4933-8124-C0684013A564}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=859d900b-a1f2-4ab0-a14d-5d20b8cf244c&pid=icqt&mode=bounce&k=0
IE - HKU\S-1-5-21-2076485501-311499467-1450225029-1001\..\SearchScopes\{E0253F8E-ED6E-41B7-8DBF-80D1260B4192}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=859d900b-a1f2-4ab0-a14d-5d20b8cf244c&pid=icqt&mode=bounce&k=0
IE - HKU\S-1-5-21-2076485501-311499467-1450225029-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2076485501-311499467-1450225029-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-2076485501-311499467-1450225029-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=198.7.242.41:3124
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: D:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: D:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.26 21:18:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.20\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.07.05 22:18:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.20\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.07.05 22:18:48 | 000,000,000 | ---D | M]
 
[2011.06.22 13:00:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HANS\AppData\Roaming\mozilla\Extensions
[2010.03.16 22:34:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HANS\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.06.22 13:00:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.11.11 17:46:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.09.15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
 
O1 HOSTS File: ([2012.07.14 00:23:14 | 000,000,884 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-2076485501-311499467-1450225029-1000\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
O3 - HKU\S-1-5-21-2076485501-311499467-1450225029-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-2076485501-311499467-1450225029-1001\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
O3 - HKU\S-1-5-21-2076485501-311499467-1450225029-1001\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [LogMeIn GUI] D:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Users\HANS\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [MRUTray] C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe ()
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2076485501-311499467-1450225029-1000..\Run: [Akamai NetSession Interface] C:\Users\HANS\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-2076485501-311499467-1450225029-1000..\Run: [ICQ] C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O4 - HKU\S-1-5-21-2076485501-311499467-1450225029-1000..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup File not found
O4 - HKU\S-1-5-21-2076485501-311499467-1450225029-1000..\Run: [TitanMentorCalculator] C:\Users\HANS\AppData\Local\TitanMentorCalculator\TitanMentorCalculatorLauncher.exe (Kessem Holdings Limited)
O4 - HKU\S-1-5-21-2076485501-311499467-1450225029-1001..\Run: [Akamai NetSession Interface] C:\Users\HANS\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-2076485501-311499467-1450225029-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2076485501-311499467-1450225029-1001..\Run: [ICQ] "C:\Program Files (x86)\ICQ7.4\ICQ.exe" silent loginmode=4 File not found
O4 - HKU\S-1-5-21-2076485501-311499467-1450225029-1001..\Run: [iPhone Explorer Launcher] "D:\Program Files (x86)\Software4u\iPhone Explorer\Software4u.IPELauncher.exe" /run File not found
O4 - HKU\S-1-5-21-2076485501-311499467-1450225029-1001..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup File not found
O4 - HKU\S-1-5-21-2076485501-311499467-1450225029-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2076485501-311499467-1450225029-1001..\Run: [TitanCalculator] "C:\Poker\Titan Poker\TitanCalculator\TitanCalculatorLauncher.exe" File not found
O4 - HKLM..\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll] C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2076485501-311499467-1450225029-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\HANS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk = C:\ProgramData\lsass.exe (Microsoft Corporation)
O4 - Startup: C:\Users\HANS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\HANS\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\HANS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Touch Mouse Server.lnk = C:\Program Files (x86)\Logitech Touch Mouse Server\iTouch-Server-Win.exe (Logitech, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-2076485501-311499467-1450225029-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2076485501-311499467-1450225029-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files (x86)\Bodog Poker\BPGame.exe File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2076485501-311499467-1450225029-1000\..Trusted Ranges: Range1 ([http] in Trusted sites)
O15 - HKU\S-1-5-21-2076485501-311499467-1450225029-1000\..Trusted Ranges: Range1 ([https] in Trusted sites)
O15 - HKU\S-1-5-21-2076485501-311499467-1450225029-1001\..Trusted Ranges: Range1 ([http] in Trusted sites)
O15 - HKU\S-1-5-21-2076485501-311499467-1450225029-1001\..Trusted Ranges: Range1 ([https] in Trusted sites)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} hxxp://download.gigabyte.com.tw/object/Dldrv.ocx (Dldrv2 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.1.66.0.cab (SysInfo Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3FF3FBF5-0E35-4B67-98E8-9FD20A5C635F}: DhcpNameServer = 212.23.97.2 212.23.97.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DC4D1487-534A-4220-904B-FE944A5F0339}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\vsharechrome - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (acaptuser64.dll) - C:\Windows\SysNative\acaptuser64.dll (Adobe Systems, Inc.)
O20 - AppInit_DLLs: (acaptuser32.dll) - C:\Windows\SysWow64\acaptuser32.dll (Adobe Systems Incorporated)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.11.11 18:12:21 | 000,000,000 | ---D | M] - D:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2010.08.20 11:15:04 | 000,000,020 | ---- | M] () - H:\autoexec.bat -- [ FAT32 ]
O33 - MountPoints2\{52fe26ad-c2ab-11df-b298-00040ecdef10}\Shell - "" = AutoRun
O33 - MountPoints2\{52fe26ad-c2ab-11df-b298-00040ecdef10}\Shell\AutoRun\command - "" = G:\SETUP.EXE
O33 - MountPoints2\{52fe26ad-c2ab-11df-b298-00040ecdef10}\Shell\configure\command - "" = G:\SETUP.EXE
O33 - MountPoints2\{52fe26ad-c2ab-11df-b298-00040ecdef10}\Shell\install\command - "" = G:\SETUP.EXE
O33 - MountPoints2\{b4497f83-3128-11df-bea7-6cf0490910ec}\Shell - "" = AutoRun
O33 - MountPoints2\{b4497f83-3128-11df-bea7-6cf0490910ec}\Shell\AutoRun\command - "" = H:\pushinst.exe
O33 - MountPoints2\{cf93422d-3127-11df-93ea-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{cf93422d-3127-11df-93ea-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Setupx.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.23 21:32:39 | 000,601,600 | ---- | C] (OldTimer Tools) -- C:\Users\HANS\Desktop\OTL.exe
[2012.09.20 21:00:14 | 000,000,000 | -HSD | C] -- C:\found.000
[2012.09.20 18:46:21 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2012.09.20 16:00:59 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\lsass.exe
[2012.09.20 14:32:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.09.20 14:32:53 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2012.09.20 14:32:32 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.09.20 14:32:32 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.09.20 14:32:32 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012.09.20 14:31:06 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.09.14 20:01:35 | 000,000,000 | ---D | C] -- C:\Users\HANS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerEdge
[2012.09.12 17:37:23 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys
[2012.09.12 17:37:22 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2012.09.12 17:37:20 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2012.09.12 17:37:20 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2012.09.09 17:41:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RedKings Poker
[2012.09.09 17:41:21 | 000,000,000 | ---D | C] -- C:\RedKings
[2012.09.09 17:33:28 | 000,000,000 | ---D | C] -- C:\Users\HANS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Titan Mentor Calculator
[2012.09.05 02:04:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.23 22:36:10 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.23 21:38:44 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.23 21:38:44 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.23 21:38:35 | 001,513,998 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.09.23 21:38:35 | 000,659,760 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.09.23 21:38:35 | 000,621,036 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.09.23 21:38:35 | 000,132,032 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.09.23 21:38:35 | 000,108,256 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.09.23 21:31:58 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.23 21:31:41 | 000,000,008 | ---- | M] () -- C:\Windows\mvraidver.dat
[2012.09.23 21:31:37 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\Windows\gdrv.sys
[2012.09.23 21:31:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.23 21:31:31 | 3214,479,360 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.23 19:56:11 | 000,000,188 | ---- | M] () -- C:\Users\HANS\defogger_reenable
[2012.09.23 19:48:42 | 000,601,600 | ---- | M] (OldTimer Tools) -- C:\Users\HANS\Desktop\OTL.exe
[2012.09.23 19:48:14 | 000,050,477 | ---- | M] () -- C:\Users\HANS\Desktop\Defogger.exe
[2012.09.20 22:15:52 | 083,023,306 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.09.20 16:01:08 | 000,000,824 | ---- | M] () -- C:\Users\HANS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.09.20 16:00:59 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\lsass.exe
[2012.09.20 14:32:55 | 000,001,574 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.09.05 02:04:30 | 000,001,066 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.08.31 19:44:26 | 000,000,132 | ---- | M] () -- C:\Users\HANS\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2012.08.31 19:34:44 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.08.26 17:47:42 | 000,000,644 | ---- | M] () -- C:\Users\HANS\Desktop\PMCTool.lnk
[2012.08.25 16:32:46 | 005,086,648 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2012.09.23 19:56:11 | 000,000,188 | ---- | C] () -- C:\Users\HANS\defogger_reenable
[2012.09.23 19:53:15 | 000,050,477 | ---- | C] () -- C:\Users\HANS\Desktop\Defogger.exe
[2012.09.20 16:01:08 | 000,000,824 | ---- | C] () -- C:\Users\HANS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.09.20 16:01:06 | 083,023,306 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.09.20 14:32:55 | 000,001,574 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.09.05 02:04:30 | 000,001,066 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.08.25 16:32:35 | 005,086,648 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.11 18:24:54 | 000,000,008 | ---- | C] () -- C:\Windows\mvraidver.dat
[2012.05.30 06:32:38 | 000,000,132 | ---- | C] () -- C:\Users\HANS\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2012.05.09 04:05:10 | 000,000,132 | ---- | C] () -- C:\Users\HANS\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2012.03.09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.02.15 04:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.02.15 04:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011.09.26 22:47:16 | 000,000,132 | ---- | C] () -- C:\Users\HANS\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.05.15 17:19:50 | 000,151,552 | ---- | C] () -- C:\Windows\KMService.exe
[2011.02.12 02:46:27 | 000,203,716 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011.02.10 17:57:09 | 000,000,600 | ---- | C] () -- C:\Users\HANS\AppData\Roaming\winscp.rnd
[2011.02.04 22:26:07 | 000,005,120 | ---- | C] () -- C:\Users\HANS\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.11.14 20:25:53 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2010.11.12 17:48:01 | 000,000,043 | ---- | C] () -- C:\Windows\festo.ini
[2010.11.03 00:34:33 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010.03.22 15:01:56 | 000,000,029 | ---- | C] () -- C:\Users\HANS\AppData\Roaming\default.rss
[2010.03.22 15:01:56 | 000,000,000 | ---- | C] () -- C:\Users\HANS\AppData\Roaming\downloads.m3u
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.01.28 12:41:50 | 000,000,000 | ---D | M] -- C:\Users\HANS\AppData\Roaming\Absolute Poker
[2012.01.17 03:23:28 | 000,000,000 | ---D | M] -- C:\Users\HANS\AppData\Roaming\ACTPrinter
[2010.03.24 02:14:05 | 000,000,000 | ---D | M] -- C:\Users\HANS\AppData\Roaming\Ashampoo
[2012.07.16 00:18:09 | 000,000,000 | ---D | M] -- C:\Users\HANS\AppData\Roaming\Autodesk
[2010.03.24 01:26:15 | 000,000,000 | ---D | M] -- C:\Users\HANS\AppData\Roaming\Canneverbe Limited
[2011.08.14 02:40:45 | 000,000,000 | ---D | M] -- C:\Users\HANS\AppData\Roaming\DAEMON Tools Lite
[2010.08.05 16:49:55 | 000,000,000 | ---D | M] -- C:\Users\HANS\AppData\Roaming\DeepBurner
[2012.09.23 21:32:33 | 000,000,000 | ---D | M] -- C:\Users\HANS\AppData\Roaming\Dropbox
[2010.03.16 21:31:48 | 000,000,000 | ---D | M] -- C:\Users\HANS\AppData\Roaming\FRITZ!
[2011.05.30 16:07:32 | 000,000,000 | ---D | M] -- C:\Users\HANS\AppData\Roaming\go
[2010.12.22 19:16:25 | 000,000,000 | ---D | M] -- C:\Users\HANS\AppData\Roaming\HEM Data
[2012.07.13 13:03:31 | 000,000,000 | ---D | M] -- C:\Users\HANS\AppData\Roaming\ICQ
[2010.05.19 13:14:57 | 000,000,000 | ---D | M] -- C:\Users\HANS\AppData\Roaming\Leadertech
[2011.12.12 23:16:16 | 000,000,000 | ---D | M] -- C:\Users\HANS\AppData\Roaming\Microgaming
[2011.01.11 01:10:15 | 000,000,000 | ---D | M] -- C:\Users\HANS\AppData\Roaming\Miranda
[2011.01.29 20:01:24 | 000,000,000 | ---D | M] -- C:\Users\HANS\AppData\Roaming\OCS
[2011.01.29 20:01:25 | 000,000,000 | ---D | M] -- C:\Users\HANS\AppData\Roaming\Opera
[2010.08.25 15:22:29 | 000,000,000 | ---D | M] -- C:\Users\HANS\AppData\Roaming\Orbit
[2012.07.19 17:55:16 | 000,000,000 | ---D | M] -- C:\Users\HANS\AppData\Roaming\PacificPoker
[2012.08.09 01:02:40 | 000,000,000 | ---D | M] -- C:\Users\HANS\AppData\Roaming\Party
[2011.09.26 21:35:10 | 000,000,000 | ---D | M] -- C:\Users\HANS\AppData\Roaming\pdfforge
[2010.08.24 21:45:30 | 000,000,000 | ---D | M] -- C:\Users\HANS\AppData\Roaming\ProgSense
[2012.07.14 00:33:09 | 000,000,000 | ---D | M] -- C:\Users\HANS\AppData\Roaming\redsn0w
[2010.12.29 03:52:42 | 000,000,000 | ---D | M] -- C:\Users\HANS\AppData\Roaming\Roaming
[2012.01.12 18:50:35 | 000,000,000 | ---D | M] -- C:\Users\HANS\AppData\Roaming\Software4u
[2010.07.23 00:13:45 | 000,000,000 | ---D | M] -- C:\Users\HANS\AppData\Roaming\Thunderbird
[2010.12.24 17:34:15 | 000,000,000 | ---D | M] -- C:\Users\HANS\AppData\Roaming\TuneUp Software
[2012.01.28 12:39:46 | 000,000,000 | ---D | M] -- C:\Users\HANS\AppData\Roaming\UB
[2012.09.23 20:13:47 | 000,000,000 | ---D | M] -- C:\Users\HANS\AppData\Roaming\uTorrent
[2012.06.06 21:53:07 | 000,000,000 | ---D | M] -- C:\Users\HANS\AppData\Roaming\WindSolutions
 
========== Purity Check ==========
 
 

< End of report >
         
und das Extra File:
Code:
ATTFilter
OTL Extras logfile created on: 23.09.2012 22:45:08 - Run 5
OTL by OldTimer - Version 3.2.66.0     Folder = C:\Users\HANS\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,99 Gb Total Physical Memory | 2,11 Gb Available Physical Memory | 52,87% Memory free
7,98 Gb Paging File | 5,92 Gb Available in Paging File | 74,13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74,43 Gb Total Space | 1,66 Gb Free Space | 2,23% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 79,88 Gb Free Space | 17,15% Space Free | Partition Type: NTFS
Drive E: | 100,00 Mb Total Space | 71,83 Mb Free Space | 71,83% Space Free | Partition Type: NTFS
Drive H: | 1,87 Gb Total Space | 1,87 Gb Free Space | 99,96% Space Free | Partition Type: FAT32
 
Computer Name: HANS-PC | User Name: HANS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12179CB3-826A-467E-B46B-4354F4F680C6}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1924CA4F-8069-4A31-B33D-AD4E680D64AD}" = lport=445 | protocol=6 | dir=in | app=system | 
"{1AF45B46-4921-47F8-AF58-262083D617DA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{1BD6C190-17F8-438D-B4B9-875B6AEF6C34}" = lport=138 | protocol=17 | dir=in | app=system | 
"{1E6C316E-0983-4DD1-A501-5BDD63B8BE5D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 
"{2555E8CA-41EB-4277-87C6-E4DAEC3AD7B5}" = lport=139 | protocol=6 | dir=in | app=system | 
"{281EBC91-C967-4A7D-BF78-399C5E4B0136}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{32676BB3-D393-4A9C-A6E1-73D2290CA40D}" = rport=445 | protocol=6 | dir=out | app=system | 
"{3949ECB4-CCA6-4A17-96EA-A339C9F55A94}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{42B83273-0364-434C-9ABA-FC8089FE6AEE}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{4DB715C4-6D2E-4995-9F85-EBDB402781F6}" = lport=137 | protocol=17 | dir=in | app=system | 
"{6082F214-7D6A-436B-929A-A22468DCA608}" = lport=5432 | protocol=6 | dir=in | name=postgres | 
"{75472C3E-CC2D-4FDC-9A18-548FCAF3A1CE}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{7D1A479B-7998-4953-8268-2505CFB8E37C}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{8A2F32D1-C669-4FBB-92F3-BA09C1D2F7A5}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{A253B6D7-06F0-4378-AB8F-B346F7D203B2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B3F4EBB5-8A27-4E4A-AD0F-D55F300BBFBE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B52226C1-0782-49AC-B41D-61511A116D87}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{B78F701C-9C8F-46EC-9F8D-50F3682E6BD8}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{B8A496F9-63CE-48DC-9DC7-38BB368495F4}" = rport=138 | protocol=17 | dir=out | app=system | 
"{DAD3C8DF-E09B-4294-B075-8106B3955A17}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{EBE1C943-A1E4-4D2D-AAFE-1E38C4205274}" = rport=137 | protocol=17 | dir=out | app=system | 
"{ECDB15F9-D2D0-4356-849D-1FF08939BE65}" = lport=49203 | protocol=6 | dir=in | name=akamai netsession interface | 
"{ECEF0F2D-C235-4476-B677-F1EF721B6E6B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{EE9FCBEF-AD7B-41EF-8D27-EEAC7DE77FF1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F45F6C2D-9758-41BB-800C-AC4688EF283C}" = rport=139 | protocol=6 | dir=out | app=system | 
"{FF7AB0DB-37B0-43E8-A458-ECDA3ADDDC3B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00345A3A-E202-4E3A-B0C0-312FD90CC44D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{007D1D30-6190-4879-A150-EA93185904D2}" = protocol=6 | dir=in | app=c:\program files (x86)\software4u\idevice manager\software4u.idevicemanager.exe | 
"{03671EE5-C53D-4E79-A5A4-0576FB2ADF64}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{09EAD878-B220-43D9-A994-2191675E499F}" = protocol=17 | dir=in | app=c:\program files (x86)\software4u\idevice manager\software4u.idevicemanager.exe | 
"{0D35E0F1-A24C-42C7-B3AE-AFA4A5B5887C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{10179873-5A1B-4D95-BDE0-C19D079FCDB5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1107B3AA-645E-4446-8932-AE5C40AB7C97}" = protocol=6 | dir=in | app=c:\program files (x86)\tournament indicator\indicator.exe | 
"{15B7F359-328A-4853-A933-FABFADF94058}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe | 
"{17EF99CD-1AC0-4D4B-880B-2ADB5EBD1D38}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{1901B5DC-BC47-461F-9C2E-A4B2CBFEEE0D}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{2064B997-69C4-4B99-BAE1-30D6A882E38C}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{20E78C4F-3E62-49DD-B6FC-E0AB16961758}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{212438F8-95F4-4C0C-9F10-48221968C97F}" = protocol=17 | dir=in | app=c:\program files (x86)\pokerstars\pokerstarsupdate.exe | 
"{239B01D5-3FE0-4665-B6B1-F90403E2151B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{24DFAA52-C56A-4482-BFE4-C97DD099C345}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{2582E28D-DAFC-40B0-9C1B-809D851A053A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{30DA1E5B-8976-424E-906C-90AD08E90678}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\devicesetup.exe | 
"{34093027-C38D-439E-BC8B-175C679F11AE}" = protocol=17 | dir=in | app=c:\users\HANS\appdata\roaming\dropbox\bin\dropbox.exe | 
"{3771C3E0-34DB-484E-A177-F5A724540237}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{3F44AAA2-0D50-4D3B-B4E8-5A56B6BE3CCF}" = dir=in | app=d:\program files (x86)\itunes\itunes.exe | 
"{3FF21F23-043F-41CD-9F9A-CFE31E009902}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{41E8D8E3-7090-4F4D-B8F6-351F4638D33F}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech touch mouse server\itouch-server-win.exe | 
"{43E2D550-23D0-4DC3-A05E-4FAC4B9B4577}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{51A81DBE-B411-437B-BAC7-1BD3545EDE07}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\igdctrl.exe | 
"{532FF1BE-843C-43FC-A88D-E1FEBC1C8AC6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{5633834B-62BB-4547-8441-5CF5B418C652}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe | 
"{58240488-6229-45DB-8845-C80F8FF0381B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5B6FA5A0-2246-48F3-8162-92E606F26D8F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{68AD9DCA-22D9-4A28-825B-4166CD91F6DF}" = protocol=6 | dir=in | app=d:\program files (x86)\veetle\player\veetlenet.exe | 
"{68C85511-97CA-432B-8A6D-68BA1F03ADCC}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{719700BD-B05D-4983-B06B-0D3AD4CF7CB9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{727A4740-181E-47FC-9BF2-DCD3C025D8A6}" = protocol=17 | dir=in | app=c:\program files (x86)\tournament indicator\indicator.exe | 
"{72A6C24B-FBEF-4DDA-9D13-BEF34FE10C73}" = protocol=17 | dir=in | app=c:\program files (x86)\marvell\raid\apache2\bin\httpd.exe | 
"{7E012AF1-B0B4-45AD-B377-E2A4A7A98833}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{7F50FE63-45C4-4F70-AD69-A80725FDC4D5}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{8599D478-5BD8-471D-AD04-B4BE553F40AC}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{88472B50-0861-43D9-A68A-59AAF71EA017}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{89A1FF33-543E-4A09-935A-82680B8E46F0}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\devicesetup.exe | 
"{8BC06CCC-77D0-488D-8DE3-1E2D78BE581B}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe | 
"{8F1C57E3-5DB8-47BE-A50A-5CA7F550C15D}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{9478A558-D53E-4E36-B12C-F2EE136D3B35}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{9BB18A4C-0B8C-4628-AB33-77C60BB9AC9B}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{9BC6F853-8E50-4AEC-B7FD-9EB8EA95984B}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech touch mouse server\itouch-server-win.exe | 
"{9D028A1E-E82D-44B8-A834-3CB38FFDD3FC}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{A4615C2B-57BA-4777-9DD0-B28360AEC896}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\igdctrl.exe | 
"{A528DA85-F326-44E0-8008-A56A2C1D27A8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{AB4D27F0-CE10-4189-B9FE-D168D524DA93}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe | 
"{AFC6089F-5718-4A27-BBCD-E885DD859CF5}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{B3618647-9938-4D66-9B60-7AF3EF031FAB}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{B4475231-C97D-4D4E-94E1-BFD62538B143}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe | 
"{B5547591-6670-4C99-ACEC-3524549384CE}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{B9D494A9-DFDC-4A37-82D3-4D160B85093D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{BC278BA4-BF6E-42B2-B617-9170820A13F7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{BDA4A31A-FD54-43DB-901E-C507DA7DD724}" = protocol=6 | dir=in | app=c:\program files (x86)\pokerstars\pokerstarsupdate.exe | 
"{BE8845DC-F219-4B55-8BBD-B16170A4E020}" = protocol=17 | dir=in | app=c:\program files (x86)\tournament indicator\indicator.exe | 
"{BF3C36D9-4B1A-488D-85C4-627BB83F227C}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{C2D00347-4A72-49EB-A410-E3302C45AAFE}" = protocol=6 | dir=in | app=c:\users\HANS\appdata\roaming\dropbox\bin\dropbox.exe | 
"{C8001D8E-F5A9-4FE9-AA70-175DD8EFFA97}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C871E924-4A60-4326-8267-43A4544D196F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{D210839C-875B-4697-8631-3CC9391045FB}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
"{D5005EFC-5152-4F56-B217-DDDA031A0FCF}" = protocol=6 | dir=in | app=d:\program files (x86)\veetle\player\veetlenet.exe | 
"{D7DE84CD-E82C-415A-9C38-17E9ED09A112}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{DB84516E-13D5-435E-9958-D7EE8D1CCF1D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{DFCCB9F0-C86D-43B6-AE57-29E64AB80009}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{E399F428-BE6C-487F-AB6B-862700D09797}" = protocol=6 | dir=out | app=system | 
"{E4FC26DC-EDC0-4EBD-9C2E-83DE46EF67A2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E73CC2C8-EEDB-40BE-9D0C-759D6CBA747E}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{E8F62B88-C6C0-4954-A0FD-E0E6E5D846BE}" = protocol=6 | dir=in | app=c:\program files (x86)\tournament indicator\indicator.exe | 
"{EA096ADE-630A-44BB-87F3-821080339676}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{EC38BA36-801E-41C2-AA9C-F862041D3C76}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{F5DEFE32-FC18-4628-8834-1847A00F3800}" = protocol=6 | dir=in | app=c:\program files (x86)\marvell\raid\apache2\bin\httpd.exe | 
"{FE82328C-07C7-4B83-B316-3C9520CA807C}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe | 
"TCP Query User{1AB7372F-C8E1-4270-A1BA-F4FA91F7170A}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{3C3B91AA-335D-408C-98F5-08B5B82649CD}C:\program files (x86)\marvell\raid\apache2\bin\httpd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\marvell\raid\apache2\bin\httpd.exe | 
"TCP Query User{4A91DB0F-6EE4-47D9-822D-A13B3822D8BB}C:\program files (x86)\pacificpoker\bin\poker.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pacificpoker\bin\poker.exe | 
"TCP Query User{5083BF37-01CA-4051-B646-2982CA1B454E}C:\users\HANS\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\HANS\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{5153CB79-F52F-4238-A6F7-BD8BE7C464CE}C:\users\HANS\desktop\humax 5400...[sharebox and plugins].upd.1...01.09.2010\humax sbcl {start.2].exe" = protocol=6 | dir=in | app=c:\users\HANS\desktop\humax 5400...[sharebox and plugins].upd.1...01.09.2010\humax sbcl {start.2].exe | 
"TCP Query User{599D2853-27BC-49C3-B5C0-42301BEEDE96}C:\users\HANS\desktop\tinyumbrella-5.11.01.exe" = protocol=6 | dir=in | app=c:\users\HANS\desktop\tinyumbrella-5.11.01.exe | 
"TCP Query User{5B0B260D-F53F-4390-A172-E93B0DEB476E}C:\users\HANS\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\HANS\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{853AAC65-0B11-4658-96F0-CD1D196514F3}C:\program files (x86)\logitech touch mouse server\itouch-server-win.exe" = protocol=6 | dir=in | app=c:\program files (x86)\logitech touch mouse server\itouch-server-win.exe | 
"TCP Query User{8E0931AC-CF07-4FF5-B47B-517B50B1FB15}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"TCP Query User{9C731DAC-131B-4C06-B1AF-8E0034CC949A}C:\users\HANS\desktop\redsn0w_win_0.9.14b2\tinyumbrella-5.11.01.exe" = protocol=6 | dir=in | app=c:\users\HANS\desktop\redsn0w_win_0.9.14b2\tinyumbrella-5.11.01.exe | 
"TCP Query User{B1835058-D444-4D7F-82B8-D912B9746964}D:\fritz!box fon wlan 7141 64bit\fritz.box_fon_wlan_7170.04.80.recover-image.exe" = protocol=6 | dir=in | app=d:\fritz!box fon wlan 7141 64bit\fritz.box_fon_wlan_7170.04.80.recover-image.exe | 
"TCP Query User{EC919468-497D-4675-A842-6122C2949DB3}C:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe | 
"UDP Query User{072185CA-0289-481A-B6DE-C7315D9C38F6}C:\users\HANS\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\HANS\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{27F428B5-30F7-4819-B287-318260A30D26}C:\users\HANS\desktop\humax 5400...[sharebox and plugins].upd.1...01.09.2010\humax sbcl {start.2].exe" = protocol=17 | dir=in | app=c:\users\HANS\desktop\humax 5400...[sharebox and plugins].upd.1...01.09.2010\humax sbcl {start.2].exe | 
"UDP Query User{2F03D550-CE96-4DF3-9BC6-4803A6B46E9B}C:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe | 
"UDP Query User{3AB07792-B437-4C64-985A-BE830E6BFF24}C:\users\HANS\desktop\redsn0w_win_0.9.14b2\tinyumbrella-5.11.01.exe" = protocol=17 | dir=in | app=c:\users\HANS\desktop\redsn0w_win_0.9.14b2\tinyumbrella-5.11.01.exe | 
"UDP Query User{519685AD-5987-4984-B715-8CC32E88F357}C:\program files (x86)\marvell\raid\apache2\bin\httpd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\marvell\raid\apache2\bin\httpd.exe | 
"UDP Query User{63718884-30DE-400F-B7DA-A8889967F01F}C:\program files (x86)\pacificpoker\bin\poker.exe" = protocol=17 | dir=in | app=c:\program files (x86)\pacificpoker\bin\poker.exe | 
"UDP Query User{6746254F-BFF9-497B-BF46-70547C2B802D}C:\users\HANS\desktop\tinyumbrella-5.11.01.exe" = protocol=17 | dir=in | app=c:\users\HANS\desktop\tinyumbrella-5.11.01.exe | 
"UDP Query User{7DA4265A-572B-4F61-B2EE-8169D07BCC50}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"UDP Query User{85516B91-8E5F-4009-B420-47BE8A853677}C:\program files (x86)\logitech touch mouse server\itouch-server-win.exe" = protocol=17 | dir=in | app=c:\program files (x86)\logitech touch mouse server\itouch-server-win.exe | 
"UDP Query User{8BF9F311-A303-4810-ABAE-E050F8E42E87}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{954D8100-5113-4803-B049-420B96307967}C:\users\HANS\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\HANS\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{E511E3C0-7366-47D7-97F4-6A3EEAA90584}D:\fritz!box fon wlan 7141 64bit\fritz.box_fon_wlan_7170.04.80.recover-image.exe" = protocol=17 | dir=in | app=d:\fritz!box fon wlan 7141 64bit\fritz.box_fon_wlan_7170.04.80.recover-image.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{119B2F5A-2A06-DB96-FF28-992EC2A10BDF}" = AMD Accelerated Video Transcoding
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{26A24AE4-039D-4CA4-87B4-2F86416029FF}" = Java(TM) 6 Update 29 (64-bit)
"{2D5D9603-22CF-4B99-83F6-0CD20330F62E}" = FRITZ!DSL64
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{47F9B7C3-F172-940F-D0C4-203C7914E5D2}" = AMD Catalyst Install Manager
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4E021D2A-16ED-4FFF-87CB-774F4F62A1A1}" = ccc-utility64
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{572788F2-0AB7-FA0E-6E91-B98044F4B7E6}" = AMD Media Foundation Decoders
"{5783F2D7-9005-0407-1102-0060B0CE6BBA}" = AutoCAD Mechanical 2011 Language Pack - Deutsch
"{5783F2D7-9005-0409-0102-0060B0CE6BBA}" = AutoCAD Mechanical 2011
"{5783F2D7-9028-0409-0100-0060B0CE6BBA}" = DWG TrueView 2011
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7244B345-B413-408B-9D04-F55BE1CC93FA}" = Autodesk Inventor Content Center Libraries 2011 (Desktop Content)
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{7F4DD591-1564-0409-0000-7107D70F3DB4}" = Autodesk Inventor Professional 2011
"{7F4DD591-1564-0409-0001-7107D70F3DB4}" = Autodesk Inventor Professional 2011 Language Pack - Deutsch
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}_Office14.PRJPROR_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUS_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-1000-0000000FF1CE}_Office14.VISIOR_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PRJPROR_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.VISIOR_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PRJPROR_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.VISIOR_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-1000-0000000FF1CE}_Office14.PRJPROR_{3013A793-10A7-4D1F-B8B4-2FAA82F4D259}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-1000-0000000FF1CE}_Office14.PROPLUS_{3013A793-10A7-4D1F-B8B4-2FAA82F4D259}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-1000-0000000FF1CE}_Office14.VISIOR_{3013A793-10A7-4D1F-B8B4-2FAA82F4D259}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-1000-0000000FF1CE}_Office14.PRJPROR_{98782D5D-A9EE-43C6-88AD-B50AD8530E78}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-1000-0000000FF1CE}_Office14.PROPLUS_{98782D5D-A9EE-43C6-88AD-B50AD8530E78}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-1000-0000000FF1CE}_Office14.VISIOR_{98782D5D-A9EE-43C6-88AD-B50AD8530E78}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PRJPROR_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.VISIOR_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0043-0407-1000-0000000FF1CE}_Office14.PRJPROR_{8DFD91C7-66AE-4E54-9901-5D5F401AD329}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8DFD91C7-66AE-4E54-9901-5D5F401AD329}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0407-1000-0000000FF1CE}_Office14.VISIOR_{8DFD91C7-66AE-4E54-9901-5D5F401AD329}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0054-0407-1000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2010
"{90140000-0054-0407-1000-0000000FF1CE}_Office14.VISIOR_{1F29ED16-958F-4278-B8DD-5F421E1166DA}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-1000-0000000FF1CE}_Office14.PRJPROR_{8299B64F-1537-4081-974C-033EAB8F098E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8299B64F-1537-4081-974C-033EAB8F098E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-1000-0000000FF1CE}_Office14.VISIOR_{8299B64F-1537-4081-974C-033EAB8F098E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00B4-0407-1000-0000000FF1CE}" = Microsoft Office Project MUI (German) 2010
"{90140000-00B4-0407-1000-0000000FF1CE}_Office14.PRJPROR_{8388E8B0-3DC3-4A7B-9EE0-FCBB1C3363F6}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-1000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-003B-0000-1000-0000000FF1CE}" = Microsoft Office Project Professional 2010
"{91140000-003B-0000-1000-0000000FF1CE}_Office14.PRJPROR_{E6F88893-86F0-4CFB-B7E0-733575D1DEB4}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{91140000-0057-0000-1000-0000000FF1CE}" = Microsoft Office Visio 2010
"{91140000-0057-0000-1000-0000000FF1CE}_Office14.VISIOR_{9081486B-B26D-42DB-8D31-81C525A9526A}" = Microsoft Visio 2010 Service Pack 1 (SP1)
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{9ED333F8-3E6C-4A38-BAFA-728454121CDA}" = PDF-XChange Viewer
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{AC76BA86-1033-0000-0064-0003D0000004}" = Adobe Acrobat 9 Pro Extended 64-bit Add-On
"{ACF9459F-3585-487A-A84E-B1A3A0D12165}" = Autodesk Vault 2011 (Client)
"{ACF9459F-3585-487F-A84E-B1A3A0D12165}" = Autodesk Vault 2011 (Client) German Language Pack
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BE83E4A4-A678-4211-AF2B-2EC8ECC0AC73}" = HP Print View Software
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D285FC5F-3021-32E9-9C59-24CA325BDC5C}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{E0FE1E14-3A7A-4DB0-9FFA-0DD945AE84DB}" = HP Officejet Pro 8500 A910 - Grundlegende Software für das Gerät
"{E6456858-8C0C-35CE-96B8-AFFCD205C9FC}" = AMD Drag and Drop Transcoding
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"320E5A650E531D358621D0E81B35A922E0F32E16" = Windows-Treiberpaket - Sony Ericsson Mobile Communications (ggsemc) USB  (04/01/2009 2.2.0.5)
"AutoCAD Mechanical 2011" = AutoCAD Mechanical 2011
"AutoCAD Mechanical 2011 Version 2" = AutoCAD Mechanical 2011 Version 2
"Autodesk Inventor Professional 2011" = Autodesk Inventor Professional 2011 Deutsch
"Autodesk Inventor Professional 2011 SP1" = Autodesk Inventor Professional 2011 SP1
"CCleaner" = CCleaner
"DriverAgent.exe" = DriverAgent by eSupport.com
"DWG TrueView 2011" = DWG TrueView 2011
"Logitech Unifying" = Logitech Unifying-Software 2.00
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"Office14.PRJPROR" = Microsoft Project Professional 2010
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Office14.VISIOR" = Microsoft Visio Professional 2010
"SearchAnonymizer" = SearchAnonymizer
"SP6" = Logitech SetPoint 6.32
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{14DDF23F-414A-46DB-4762-56569080292C}" = CCC Help Russian
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{21D6A73A-48E6-2195-C408-2158273A914E}" = Catalyst Control Center Localization All
"{224828D6-DCA7-FDF3-3B85-085298AEC919}" = Catalyst Control Center InstallProxy
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{2596DB11-997F-FC5B-F5C2-737623D9D8B6}" = Catalyst Control Center
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{28904D9A-13A6-ECA2-48D8-21542759D998}" = CCC Help Polish
"{2C8BBDA6-79A7-B2DE-3E5B-287E7F667C67}" = CCC Help Danish
"{2E119961-E99B-C147-9AC3-A93683172DC1}" = CCC Help Swedish
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{33E0033D-A617-DA5B-2EAD-CE59947C7365}" = HydraVision
"{3B35725F-C623-4A1E-B5CC-99C0868679E3}" = Smart 6 B10.0422.1
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B10.0427.1
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{401AB74C-74DA-463B-B67A-01F972DD0BBA}" = Intel® Solid-State Drive Toolbox
"{44ED90A1-453B-5C9A-D9ED-80D8AB0258B8}" = CCC Help Thai
"{45E00595-897E-64B6-28F9-5D0927EBA4A5}" = CCC Help Chinese Standard
"{46DE5F4E-BA8B-AC9E-0EED-05B7D93AD215}" = CCC Help Spanish
"{47EA4DDF-FD99-46B3-846C-9F3F315268AD}" = ICM Trainer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5545EEE4-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2701.01)
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5B04E832-4530-B8FF-F742-8BE25ADD43BD}" = CCC Help German
"{5ED93D68-5EAA-9343-9B74-B1E276217264}" = CCC Help Dutch
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{675F86A8-E093-4002-87D5-915CC2C45571}" = DES 2.0
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D0C6BE4-F674-43D2-96BC-3509345108C9}_is1" = PokerStove version 1.24
"{6D185295-DE89-9C39-18E6-310C148836EB}" = CCC Help Chinese Traditional
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71A8F958-D272-E262-7C9A-7B8F713EE0C3}" = CCC Help French
"{7236672F-6430-439E-9B27-27EDEAF1D676}" = Diagnostic Utility
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7513D3F0-55BC-273C-7A53-488394EDBFCC}" = CCC Help Italian
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{79AA9BFA-F962-A1E9-71CE-D0887A92444C}" = CCC Help Portuguese
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7ACEF1BF-9306-5AD7-5F30-ECE72A81E924}" = CCC Help Finnish
"{8013F4EA-D2F6-439A-8444-CDB8D684E267}" = Poker Wingman
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{871B2A9D-0F12-44B3-88C1-E0CB10A232E4}" = HP Officejet Pro 8500 A910 Hilfe
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial 
"{8D20B4D7-3422-4099-9332-39F27E617A6F}" = Autodesk Design Review 2011
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C1EC871-05B9-03B7-96F6-9BD5C0D8F41D}" = Catalyst Control Center Graphics Previews Common
"{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}" = Autodesk Material Library 2011
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}_934" = Adobe Acrobat 9.3.4 - CPSID_83708
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{BC1FA5CF-A36F-4C61-9638-09D0B431B006}" = Smart Recovery 2 B10.0708.1  (x64)
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C12A2A3D-0D08-8262-E189-E831A8AC3D37}" = Catalyst Control Center InstallProxy
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C4129D57-5C83-3BF0-A11A-3798C008C6C7}" = CCC Help Greek
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CD1E078C-A6B9-47DA-B035-6365C85C7832}" = Autodesk Material Library 2011 Base Image library
"{D0BC4101-6C30-ECFF-F693-63408134F29B}" = CCC Help Czech
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D2402DAD-B180-A4A0-261D-4A8933BFBFEE}" = CCC Help Japanese
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA7E8D81-2B14-415B-8FC5-02CE4CF9F839}" = CCC Help Hungarian
"{DB3FBD3C-A061-34C9-0A2B-6CCDD8C96640}" = CCC Help Turkish
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E086E914-2928-48F9-364B-0C715DFF6A45}" = CCC Help Korean
"{E217A3D4-2FF9-4D5F-9C20-1386E0FF9864}" = LogMeIn
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E8F30BD6-ABAB-C24E-E9A7-BF67EB96152C}" = CCC Help Norwegian
"{E9A5B6CD-7ABB-F295-2E11-F25BC322FF80}" = CCC Help English
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F7FC9307-374E-4017-8E9D-DE1154780480}" = System Requirements Lab for Intel
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"888poker" = 888poker
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Akamai" = Akamai NetSession Interface Service
"Autodesk Design Review 2011" = Autodesk Design Review 2011
"Autodesk Vault 2011 (Client)" = Autodesk Vault 2011 (Client)
"AutoHotkey" = AutoHotkey 1.0.48.05
"AVMWLANCLI" = AVM FRITZ!WLAN
"Betfair Poker_is1" = Betfair Poker
"Bouquet Editor Suite_is1" = Bouquet Editor Suite v1.22 Uninstall
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DivX Setup" = DivX-Setup
"FE5AE7DC-7B01-4263-A94C-B4526C276550_is1" = iDevice Manager
"Festo Fluidsim_is1" = Festo FluidSim 3.6
"FoxyTunesForFirefox" = FoxyTunes for Firefox
"Google Calendar Sync" = Google Calendar Sync
"HDFSmart_is1" = HDFSmart 1.8
"HNFSmart_is1" = HNFSmart 2.4fix2
"HoldemManager" = Holdem Manager
"HP Marketing Resources" = HP Print View Software
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"Logitech Touch Mouse Server" = Logitech Touch Mouse Server 1.0
"Mozilla Thunderbird (3.1.20)" = Mozilla Thunderbird (3.1.20)
"mv61xxMRU" = Marvell MRU V4
"PartyPoker" = PartyPoker
"plist Editor for Windows" = plist Editor for Windows 1.0.2
"PMCTool_is1" = PMCTool v 0.1.4.0
"PokerStars" = PokerStars
"PostgreSQL 8.4" = PostgreSQL 8.4
"PSPad editor_is1" = PSPad editor
"RedKings Poker_is1" = RedKings Poker 1.0.0
"Revo Uninstaller" = Revo Uninstaller 1.90
"SetEditEdision2000_is1" = SetEditEdision2000 1.09 (Beta 1)
"TeamViewer 7" = TeamViewer 7
"Tournament Indicator_is1" = Tournament Indicator 1.9.3
"Veetle TV" = Veetle TV
"VLC media player" = VLC media player 2.0.3
"vShare" = vShare Plugin
"William Hill Poker" = William Hill Poker
"WinLiveSuite_Wave3" = Windows Live Essentials
"winscp3_is1" = WinSCP 4.3.6
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2076485501-311499467-1450225029-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"CarbonPoker" = CarbonPoker
"CopyTrans Suite" = Nur Deinstallierung der CopyTrans Suite möglich.
"Dropbox" = Dropbox
"Titan Poker" = Titan Poker
"TitanMentorCalculator" = TitanMentorCalculator
"UB" = UB
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2076485501-311499467-1450225029-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Absolute Poker" = Absolute Poker
"Akamai" = Akamai NetSession Interface
"CarbonPoker" = CarbonPoker
"CopyTrans Suite" = Nur Deinstallierung der CopyTrans Suite möglich.
"Dropbox" = Dropbox
"FreePHG V3.05" = FreePHG V3.05
"Titan Poker" = Titan Poker
"TitanCalculator" = TitanCalculator
"UB" = UB
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 20.09.2012 15:12:32 | Computer Name = HANS-PC | Source = Windows Search Service | ID = 7042
Description = 
 
Error - 20.09.2012 15:12:39 | Computer Name = HANS-PC | Source = Application Error | ID = 1000
Error - 20.09.2012 15:42:24 | Computer Name = HANS-PC | Source = VSS | ID = 8194
 
Description = 
Error - 20.09.2012 15:42:39 | Computer Name = HANS-PC | Source = Application 
Error | ID = 1000
 
Error - 20.09.2012 16:14:50 | Computer Name = HANS-PC | Source = Application Error | ID = 1000
Error - 23.09.2012 13:50:57 | Computer Name = HANS-PC | Source = Application 
Error | ID = 1000
 
Error - 23.09.2012 13:58:11 | Computer Name = HANS-PC | Source = Application Error | ID = 1000
Error - 23.09.2012 14:17:47 | Computer Name = HANS-PC | Source = Application 
Error | ID = 1000
 
Error - 23.09.2012 14:39:24 | Computer Name = HANS-PC | Source = Application Error | ID = 1000
Error - 23.09.2012 15:09:06 | Computer Name = HANS-PC | Source = VSS | ID = 8194
 
Description = 
Error - 23.09.2012 15:09:24 | Computer Name = HANS-PC | Source = Application 
Error | ID = 1000
 
Error - 23.09.2012 15:32:04 | Computer Name = HANS-PC | Source = Application Error | ID = 1000
Error - 23.09.2012 16:01:37 | Computer Name = HANS-PC | Source = VSS | ID = 8194
 
Description = 
Error - 23.09.2012 16:02:03 | Computer Name = HANS-PC | Source = Application 
Error | ID = 1000
 
Error - 23.09.2012 16:32:03 | Computer Name = HANS-PC | Source = Application Error | ID = 1000
 
Error encountered while reading event logs.
 
< End of report >
         
Vielen Dank

Alt 24.09.2012, 12:03   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Win7 64-bit GVU 2.07 - Standard

Win7 64-bit GVU 2.07



Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset




Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________

__________________

Alt 24.09.2012, 18:06   #3
Anton99
 
Win7 64-bit GVU 2.07 - Standard

Win7 64-bit GVU 2.07



Hier die Logs:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.09.24.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
HANS :: HANS-PC [Administrator]

24.09.2012 16:42:09
mbam-log-2012-09-24 (17-13-31).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|H:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 588962
Laufzeit: 30 Minute(n), 14 Sekunde(n)

Infizierte Speicherprozesse: 2
C:\Windows\KMService.exe (RiskWare.Tool.CK) -> 1880 -> Keine Aktion durchgeführt.
C:\ProgramData\lsass.exe (Trojan.Delf) -> 4452 -> Keine Aktion durchgeführt.

Infizierte Speichermodule: 1
C:\Users\HANS\AppData\Local\Temp\wgsdgsdgdsgsd.exe (Trojan.Ransom) -> Keine Aktion durchgeführt.

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 7
C:\Windows\KMService.exe (RiskWare.Tool.CK) -> Keine Aktion durchgeführt.
C:\Users\HANS\AppData\Local\Temp\wgsdgsdgdsgsd.exe (Trojan.Ransom) -> Keine Aktion durchgeführt.
C:\Users\HANS\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\292dbae3-7fcc6047 (Trojan.Ransom) -> Keine Aktion durchgeführt.
D:\Adobe.Acrobat.v9.3.4.Pro.Extended.Multi3\MPT-Patcher\adobe.acrobat.9.3.2.pro.extended-mpt.exe (PUP.Hacktool.Patcher) -> Keine Aktion durchgeführt.
D:\USB_Inhalt\Adobe.Acrobat.v9.3.4.Pro.Extended.Multi3\MPT-Patcher\adobe.acrobat.9.3.2.pro.extended-mpt.exe (PUP.Hacktool.Patcher) -> Keine Aktion durchgeführt.
C:\ProgramData\lsass.exe (Trojan.Delf) -> Keine Aktion durchgeführt.
C:\Users\HANS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Keine Aktion durchgeführt.

(Ende)
         
und noch eins von Malware:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.09.24.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
HANS :: HANS-PC [Administrator]

24.09.2012 16:42:09
mbam-log-2012-09-24 (16-42-09).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|H:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 588962
Laufzeit: 30 Minute(n), 14 Sekunde(n)

Infizierte Speicherprozesse: 2
C:\Windows\KMService.exe (RiskWare.Tool.CK) -> 1880 -> Löschen bei Neustart.
C:\ProgramData\lsass.exe (Trojan.Delf) -> 4452 -> Löschen bei Neustart.

Infizierte Speichermodule: 1
C:\Users\HANS\AppData\Local\Temp\wgsdgsdgdsgsd.exe (Trojan.Ransom) -> Löschen bei Neustart.

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 7
D:\Adobe.Acrobat.v9.3.4.Pro.Extended.Multi3\MPT-Patcher\adobe.acrobat.9.3.2.pro.extended-mpt.exe (PUP.Hacktool.Patcher) -> Keine Aktion durchgeführt.
D:\USB_Inhalt\Adobe.Acrobat.v9.3.4.Pro.Extended.Multi3\MPT-Patcher\adobe.acrobat.9.3.2.pro.extended-mpt.exe (PUP.Hacktool.Patcher) -> Keine Aktion durchgeführt.
C:\Windows\KMService.exe (RiskWare.Tool.CK) -> Löschen bei Neustart.
C:\Users\HANS\AppData\Local\Temp\wgsdgsdgdsgsd.exe (Trojan.Ransom) -> Löschen bei Neustart.
C:\Users\HANS\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\292dbae3-7fcc6047 (Trojan.Ransom) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\lsass.exe (Trojan.Delf) -> Löschen bei Neustart.
C:\Users\HANS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
und das von ESET:

Code:
ATTFilter
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-09-24 04:28:07
# local_time=2012-09-24 06:28:07 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 50082616 100130569 0 0
# compatibility_mode=8192 67108863 100 0 146 146 0 0
# scanned=361243
# found=7
# cleaned=0
# scan_time=3388
C:\Program Files (x86)\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe	Win32/Toolbar.Widgi application (unable to clean)	00000000000000000000000000000000	I
C:\Users\HANS\AppData\Local\Temp\jar_cache3867726391856429568.tmp	Java/Exploit.CVE-2012-4681.W trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\HANS\AppData\Local\Temp\jar_cache542941375384987827.tmp	Java/Exploit.CVE-2012-4681.W trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\HANS\Desktop\img_1559.rar	Archbomb.RAR trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\HANS\Desktop\Aktivator 4\mini-KMS_Activator_v1.054_ENG.exe	a variant of Win32/HackKMS.A application (unable to clean)	00000000000000000000000000000000	I
D:\FRITZ!Box Fon WLAN 7141 64bit\FritzRePass+U3\Portable\FritzRePass.exe	Win32/Packed.Autoit.E.Gen application (unable to clean)	00000000000000000000000000000000	I
D:\FRITZ!Box Fon WLAN 7141 64bit\FritzRePass+U3\U3\FritzRePassU3.exe	Win32/Packed.Autoit.E.Gen application (unable to clean)	00000000000000000000000000000000	I
         
Grüße
__________________

Alt 24.09.2012, 20:34   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Win7 64-bit GVU 2.07 - Standard

Win7 64-bit GVU 2.07



Code:
ATTFilter
D:\Adobe.Acrobat.v9.3.4.Pro.Extended.Multi3\MPT-Patcher\adobe.acrobat.9.3.2.pro.extended-mpt.exe (PUP.Hacktool.Patcher) -> Keine Aktion durchgeführt.
D:\USB_Inhalt\Adobe.Acrobat.v9.3.4.Pro.Extended.Multi3\MPT-Patcher\adobe.acrobat.9.3.2.pro.extended-mpt.exe (PUP.Hacktool.Patcher) -> Keine Aktion durchgeführt.
C:\Windows\KMService.exe (RiskWare.Tool.CK) -> Löschen bei Neustart.
C:\Users\HANS\Desktop\Aktivator 4\mini-KMS_Activator_v1.054_ENG.exe
         


Siehe auch => http://www.trojaner-board.de/95393-c...-software.html

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support ohne jegliche Diskussion beenden.

Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!!

Dass illegale Cracks und Keygens im Wesentlichen dazu dienen, Malware zu verbreiten ist kein Geheimnis und muss jedem klar sein!


In Zukunft Finger weg von: Softonic, Registry-Bereinigern und illegalem Zeugs Cracks/Keygens/Serials
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu Win7 64-bit GVU 2.07
akamai, bho, bonjour, browser, c:\windows\kmservice.exe, document, error, firefox, flash player, google, hängen, iexplore.exe, install.exe, kaspersky, libusb0.sys, logfile, officejet, plug-in, problem, realtek, registry, revo uninstaller, scan, security, senden, server, software, stick, svchost.exe, trojaner, usb, usb 3.0, wgsdgsdgdsgsd.exe, windows



Ähnliche Themen: Win7 64-bit GVU 2.07


  1. Win7 Malwareprobleme
    Plagegeister aller Art und deren Bekämpfung - 14.06.2014 (5)
  2. Div. Bluescreens bei Win7 und Win7-Installation nach durchgeb. Netzteil
    Alles rund um Windows - 24.11.2013 (8)
  3. Win7 32 bit auf 64bit win7 updeaten
    Alles rund um Windows - 08.09.2013 (10)
  4. GVU Trojaner Win7
    Log-Analyse und Auswertung - 18.08.2013 (9)
  5. Gvu/bka 2.12 win7
    Log-Analyse und Auswertung - 30.07.2013 (1)
  6. gvu trojaner auf win7
    Plagegeister aller Art und deren Bekämpfung - 29.06.2013 (21)
  7. GVU Win7 64 Bit
    Log-Analyse und Auswertung - 14.05.2013 (15)
  8. Win7 GVU Sperre
    Log-Analyse und Auswertung - 19.02.2013 (10)
  9. GVU Trojaner in Win7
    Plagegeister aller Art und deren Bekämpfung - 21.11.2012 (3)
  10. Win7 32-bit: GVU 2.07 mit Kamera
    Log-Analyse und Auswertung - 05.11.2012 (45)
  11. GVU Trojaner Win7
    Plagegeister aller Art und deren Bekämpfung - 23.10.2012 (11)
  12. und noch ein GVU (Win7)
    Log-Analyse und Auswertung - 25.09.2012 (21)
  13. Win7 GVU 2.07 Trojaner
    Plagegeister aller Art und deren Bekämpfung - 15.09.2012 (13)
  14. BKA Trojaner Win7
    Plagegeister aller Art und deren Bekämpfung - 14.09.2012 (17)
  15. Bundestrojahner und WIN7
    Plagegeister aller Art und deren Bekämpfung - 02.08.2012 (3)
  16. Verschlüsselungstrojaner Win7
    Plagegeister aller Art und deren Bekämpfung - 25.06.2012 (1)
  17. Ist Win7 Starter genau so sicher wie das normale Win7?
    Alles rund um Windows - 28.07.2011 (2)

Zum Thema Win7 64-bit GVU 2.07 - Hallo, hab mir leider auch den Trojaner eingefangen und benötige Eure Hilfe. Hab schon ein wenig gelesen und ein Scan mit OTL durchgeführt. Wäre nett wenn sich jemand finden würde - Win7 64-bit GVU 2.07...
Archiv
Du betrachtest: Win7 64-bit GVU 2.07 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.