Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

"hermes_v012" - mail account virus?


  • Please log in to reply

#1
kamitesti

kamitesti

    New Member

  • Member
  • Pip
  • 2 posts
Hello!

Lately I got a message from my email provider that the password for my account has been captured by the virus "hermes_v01". I immediately changed the password and nothing bad happened since then. Anyway I would like to make sure that my computers are clean.
There are two possible computers I use which could be infected. I am posting all necessary logs for the first computer now.

Thanks in advance for your help!

Please excuse that the extras.txt log file contains some german language. I couldn't figure out how to switch OTL to english, but I think the german parts are in unimportant entries of the log file.

OTL.txt

OTL logfile created on: 18.08.2012 13:47:37 - Run 4
OTL by OldTimer - Version 3.2.57.0 Folder = A:\Programme\Tools\Sicherheit
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,99 Gb Total Physical Memory | 2,10 Gb Available Physical Memory | 52,50% Memory free
11,94 Gb Paging File | 9,78 Gb Available in Paging File | 81,84% Paging File free
Paging file location(s): e:\pagefile.sys 8230 8230 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 58,79 Gb Total Space | 14,39 Gb Free Space | 24,47% Space Free | Partition Type: NTFS
Drive E: | 14,65 Gb Total Space | 6,52 Gb Free Space | 44,52% Space Free | Partition Type: NTFS
Drive G: | 68,36 Gb Total Space | 13,29 Gb Free Space | 19,45% Space Free | Partition Type: NTFS
Drive S: | 107,46 Gb Total Space | 23,66 Gb Free Space | 22,02% Space Free | Partition Type: NTFS
Drive Z: | 633,42 Gb Total Space | 249,92 Gb Free Space | 39,46% Space Free | Partition Type: NTFS

Computer Name: DANIEL-PC | User Name: Daniel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe (Adobe Systems, Inc.)
PRC - A:\Programme\Tools\Sicherheit\OTL.exe (OldTimer Tools)
PRC - A:\Programme\Vista\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - A:\Programme\Vista\Firefox\firefox.exe (Mozilla Corporation)
PRC - A:\Programme\Vista\Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - A:\Programme\Vista\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - A:\Programme\Vista\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\SysWOW64\PnkBstrB.exe ()
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - A:\Programme\Vista\SpybotSD\TeaTimer.exe (Safer-Networking Ltd.)
PRC - A:\Programme\Vista\SpybotSD\SDWinSec.exe (Safer Networking Ltd.)
PRC - A:\Programme\Vista\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
PRC - C:\Program Files (x86)\Hotkey\Hotkey.exe ()
PRC - C:\Windows\BisonCam\BisonHK.exe (mychat)
PRC - C:\Windows\BisonCam\DeLay.exe (Bison Inc.)
PRC - A:\Programme\Vista\Razer\razerhid.exe ()
PRC - A:\Programme\Vista\Razer\razerofa.exe (Razer Inc.)
PRC - A:\Programme\Vista\Razer\razertra.exe ()


========== Modules (No Company Name) ==========

MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
MOD - A:\Programme\Vista\Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\3c92d4b3ec56936eab8e17ed81940c10\Microsoft.VisualBasic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\675632907c226b0c67a2407f2ddd4bf7\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e4d54640bacd18e047a4573cb4611bd3\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5d8696f15e49aedf883dd945806a7049\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files (x86)\Hotkey\Hotkey.exe ()
MOD - C:\Windows\BisonCam\KBHookDLL.dll ()
MOD - A:\Programme\Vista\Razer\razerhid.exe ()
MOD - A:\Programme\Vista\Razer\razertra.exe ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (hasplms) -- C:\Windows\SysNative\hasplms.exe (SafeNet Inc.)
SRV - (SkypeUpdate) -- A:\Programme\Vista\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (FLEXnet Licensing Service 64) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Flexera Software, Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (AntiVirService) -- A:\Programme\Vista\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- A:\Programme\Vista\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (vpnagent) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (PnkBstrB) -- C:\Windows\SysWOW64\PnkBstrB.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (SBSDWSCService) -- A:\Programme\Vista\SpybotSD\SDWinSec.exe (Safer Networking Ltd.)
SRV - (PowerBiosServer) -- C:\Program Files (x86)\Hotkey\PowerBiosServer.exe ()
SRV - (GtDetectSc) -- C:\Programme\Option\GlobeTrotter Connect\GtDetectSc.exe (OptionNV)
SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
SRV - (rpcapd) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies)
SRV - (Nero BackItUp Scheduler 3) -- A:\Programme\Vista\Nero 8\Nero BackItUp\NBService.exe (Nero AG)


========== Driver Services (SafeList) ==========

DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira GmbH)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (acsmux) -- C:\Windows\SysNative\DRIVERS\acsmux64.sys (Cisco Systems, Inc.)
DRV:64bit: - (acsint) -- C:\Windows\SysNative\DRIVERS\acsint64.sys (Cisco Systems, Inc.)
DRV:64bit: - (Uim_IM) -- C:\Windows\SysNative\Drivers\Uim_IMx64.sys (Paragon)
DRV:64bit: - (UimBus) -- C:\Windows\SysNative\DRIVERS\uimx64.sys (Windows ® 2000 DDK provider)
DRV:64bit: - (Uim_VIM) -- C:\Windows\SysNative\Drivers\uim_vimx64.sys (Paragon)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\DRIVERS\avkmgr.sys (Avira GmbH)
DRV:64bit: - (vpnva) -- C:\Windows\SysNative\DRIVERS\vpnva64.sys (Cisco Systems, Inc.)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek )
DRV:64bit: - (nm3) -- C:\Windows\SysNative\DRIVERS\nm3.sys (Microsoft Corporation)
DRV:64bit: - (aksdf) -- C:\Windows\SysNative\drivers\aksdf.sys (Aladdin Knowledge Systems Ltd.)
DRV:64bit: - (aksfridge) -- C:\Windows\SysNative\drivers\aksfridge.sys (Aladdin Knowledge Systems Ltd.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (hardlock) -- C:\Windows\SysNative\drivers\hardlock.sys (Aladdin Knowledge Systems Ltd.)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\DRIVERS\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\DRIVERS\lirsgt.sys ()
DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys ()
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\Drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\DRIVERS\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (adfs) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.)
DRV:64bit: - (Cam5607) -- C:\Windows\SysNative\Drivers\BisonC07.sys (Bison Electronics. Inc. )
DRV:64bit: - (NETw5v64) -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys (Intel Corporation)
DRV:64bit: - (smserial) -- C:\Windows\SysNative\DRIVERS\smserial.sys (Motorola Inc.)
DRV:64bit: - (GT72NDISIPXP) -- C:\Windows\SysNative\DRIVERS\Gt51Ip.sys (Option N.V.)
DRV:64bit: - (GT72UBUS) -- C:\Windows\SysNative\DRIVERS\gt72ubus.sys (Option N.V.)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies)
DRV:64bit: - (sscdmdm) -- C:\Windows\SysNative\DRIVERS\sscdmdm.sys (MCCI Corporation)
DRV:64bit: - (sscdmdfl) -- C:\Windows\SysNative\DRIVERS\sscdmdfl.sys (MCCI Corporation)
DRV:64bit: - (sscdbus) -- C:\Windows\SysNative\DRIVERS\sscdbus.sys (MCCI Corporation)
DRV:64bit: - (GTPTSER) -- C:\Windows\SysNative\DRIVERS\gtptser.sys (Option N.V.)
DRV:64bit: - (ElbyCDFL) -- C:\Windows\SysNative\Drivers\ElbyCDFL.sys (SlySoft, Inc.)
DRV:64bit: - (Razerlow) -- C:\Windows\SysNative\drivers\DB3G.sys (Razer (Asia-Pacific) Pte Ltd)
DRV - (adfs) -- C:\Windows\SysWow64\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (ElbyCDFL) -- C:\Windows\SysWOW64\drivers\ElbyCDFL.sys (SlySoft, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2661488324-2594523016-1501765560-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
IE - HKU\S-1-5-21-2661488324-2594523016-1501765560-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKU\S-1-5-21-2661488324-2594523016-1501765560-1000\..\SearchScopes,DefaultScope = {6CA6AB68-41B1-4F7F-BC1F-B1E0F86F91AB}
IE - HKU\S-1-5-21-2661488324-2594523016-1501765560-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-2661488324-2594523016-1501765560-1000\..\SearchScopes\{6CA6AB68-41B1-4F7F-BC1F-B1E0F86F91AB}: "URL" = http://www.google.de...q={searchTerms}
IE - HKU\S-1-5-21-2661488324-2594523016-1501765560-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2661488324-2594523016-1501765560-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: A:\Programme\Vista\iPhone\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: A:\Programme\Vista\Canon Pixma\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: A:\Programme\Vista\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: A:\Programme\Vista\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: A:\Programme\Vista\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: A:\Programme\Vista\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: A:\Programme\Vista\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: A:\Programme\Vista\Realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.732: A:\Programme\Vista\Realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: A:\Programme\Vista\Realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: A:\Programme\Vista\Adobe\Reader 10\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.06.04 10:34:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: A:\Programme\Vista\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.03.01 13:51:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.2\extensions\\Components: A:\Programme\Vista\Firefox\components [2012.07.18 12:41:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.2\extensions\\Plugins: A:\Programme\Vista\Firefox\plugins [2012.07.05 21:10:05 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: A:\Programme\Vista\Firefox\components [2012.07.18 12:41:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: A:\Programme\Vista\Firefox\plugins [2012.07.05 21:10:05 | 000,000,000 | ---D | M]

[2010.09.26 22:35:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\Extensions
[2010.09.26 22:35:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\Extensions\[email protected]
[2012.08.14 11:12:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\if9fk0cu.default\extensions
[2010.04.28 13:05:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\if9fk0cu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.03.29 19:49:22 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\if9fk0cu.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

O1 HOSTS File: ([2012.04.13 17:00:47 | 000,000,835 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - A:\Programme\Vista\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [BisonHK] C:\Windows\BisonCam\BisonHK.exe (mychat)
O4:64bit: - HKLM..\Run: [DeLay] C:\Windows\BisonCam\DeLay.exe (Bison Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] A:\Programme\Vista\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Diamondback] A:\Programme\Vista\Razer\razerhid.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [VirtualCloneDrive] A:\Programme\Vista\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2661488324-2594523016-1501765560-1000..\Run: [SpybotSD TeaTimer] A:\Programme\Vista\SpybotSD\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-2661488324-2594523016-1501765560-1004..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2661488324-2594523016-1501765560-1004..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - A:\Programme\Vista\MS Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - A:\Programme\Vista\MS Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - A:\Programme\Vista\ICQ\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - A:\Programme\Vista\ICQ\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - A:\Programme\Vista\MS Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://static.pe.stu...ache=1222095909 (Image Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.0.43.81 217.0.43.65
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1764FA82-2AAD-48AC-AD19-1AAF123D0AEC}: DhcpNameServer = 193.254.160.1 193.254.160.130
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{435FDF61-F9B2-460D-BF4F-E9C93379F1C9}: NameServer = 8.8.4.4,8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9394D44A-938C-4448-84A3-437A7541EA7E}: DhcpNameServer = 217.0.43.81 217.0.43.65
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{07d406fd-bdc9-11df-9391-0090f58b0237}\Shell - "" = AutoRun
O33 - MountPoints2\{07d406fd-bdc9-11df-9391-0090f58b0237}\Shell\AutoRun\command - "" = I:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{3037157a-aaa6-11dd-a788-0090f58b0237}\Shell - "" = AutoRun
O33 - MountPoints2\{3037157a-aaa6-11dd-a788-0090f58b0237}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\{525fbdcc-8fe6-11df-af14-0090f58b0237}\Shell\AutoRun\command - "" = I:\mirk\\okitab.exe
O33 - MountPoints2\{525fbdcc-8fe6-11df-af14-0090f58b0237}\Shell\explore\command - "" = I:\mirk\\\okitab.exe
O33 - MountPoints2\{525fbdcc-8fe6-11df-af14-0090f58b0237}\Shell\open\command - "" = I:\mirk\\\okitab.exe
O33 - MountPoints2\{54d9649d-f0c6-11df-bca2-0090f58b0237}\Shell - "" = AutoRun
O33 - MountPoints2\{54d9649d-f0c6-11df-bca2-0090f58b0237}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{c76754d1-52fb-11e1-bba0-a883fb90f49d}\Shell - "" = AutoRun
O33 - MountPoints2\{c76754d1-52fb-11e1-bba0-a883fb90f49d}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{c76754d2-52fb-11e1-bba0-9b6e40a9e24a}\Shell - "" = AutoRun
O33 - MountPoints2\{c76754d2-52fb-11e1-bba0-9b6e40a9e24a}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{c76754e9-52fb-11e1-bba0-9b6e40a9e24a}\Shell - "" = AutoRun
O33 - MountPoints2\{c76754e9-52fb-11e1-bba0-9b6e40a9e24a}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{e27ffdf8-f3bc-11df-a03a-0090f58b0237}\Shell - "" = AutoRun
O33 - MountPoints2\{e27ffdf8-f3bc-11df-a03a-0090f58b0237}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\{f02c40f0-56a2-11de-bfde-0090f58b0237}\Shell - "" = AutoRun
O33 - MountPoints2\{f02c40f0-56a2-11de-bfde-0090f58b0237}\Shell\AutoRun\command - "" = I:\setup.exe AUTORUN=1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)


MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GlobeTrotter Connect.lnk - C:\Programme\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe - (Option)
MsConfig:64bit - StartUpReg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
MsConfig:64bit - StartUpReg: CanonMyPrinter - hkey= - key= - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
MsConfig:64bit - StartUpReg: CanonSolutionMenu - hkey= - key= - C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
MsConfig:64bit - StartUpReg: Cisco AnyConnect Secure Mobility Agent for Windows - hkey= - key= - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
MsConfig:64bit - StartUpReg: CloneCDTray - hkey= - key= - A:\Programme\Vista\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
MsConfig:64bit - StartUpReg: Messenger (Yahoo!) - hkey= - key= - A:\Programme\Vista\Yahoo Messenger\Messenger\YahooMessenger.exe (Yahoo! Inc.)
MsConfig:64bit - StartUpReg: MsnMsgr - hkey= - key= - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: NBKeyScan - hkey= - key= - A:\Programme\Vista\Nero 8\Nero BackItUp\NBKeyScan.exe (Nero AG)
MsConfig:64bit - StartUpReg: Pando Media Booster - hkey= - key= - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - A:\Programme\Vista\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: RegistryBooster - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: RGSC - hkey= - key= - G:\Games\Vista\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe (Take-Two Interactive Software, Inc.)
MsConfig:64bit - StartUpReg: SMSERIAL - hkey= - key= - C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
MsConfig:64bit - StartUpReg: Steam - hkey= - key= - G:\Games\Vista\Steam\Steam.exe (Valve Corporation)
MsConfig:64bit - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
MsConfig:64bit - StartUpReg: WinampAgent - hkey= - key= - File not found
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.
MsConfig:64bit - State: "bootini" - Reg Error: Key error.

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012.08.18 13:48:06 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Daniel\Desktop\aswMBR.exe
[2012.08.15 12:00:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.08.15 11:59:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012.08.13 16:08:27 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.08.13 14:59:33 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Malwarebytes
[2012.08.13 14:59:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.11 18:16:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2012.08.11 18:16:08 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\NPE
[2012.08.07 13:30:38 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\redsn0w
[2012.07.30 17:43:34 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Documents\Network Monitor 3
[2012.07.30 17:42:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Network Monitor 3.4
[2012.07.24 12:13:30 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\iPhone
[2012.07.21 20:39:25 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Apple Computer
[2012.07.21 20:39:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.07.21 20:39:07 | 000,126,312 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\GEARAspi64.dll
[2012.07.21 20:39:07 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysWow64\GEARAspi.dll
[2012.07.21 20:39:07 | 000,034,152 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2012.07.21 20:38:47 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.07.21 20:38:46 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.07.21 20:38:46 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2012.07.21 20:38:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2012.07.21 20:37:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012.07.21 20:37:34 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012.07.21 20:37:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2012.07.21 16:29:51 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CopyTrans Suite
[2012.07.21 16:29:46 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\WindSolutions
[2012.07.21 16:29:46 | 000,000,000 | ---D | C] -- C:\ProgramData\WindSolutions
[2012.07.21 16:27:19 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Software4u
[2012.07.21 16:26:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iPhone Explorer
[2012.07.21 16:24:14 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\DiskAid
[2012.07.21 16:24:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DiskAid

========== Files - Modified Within 30 Days ==========

[2012.08.18 12:59:22 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.18 12:59:18 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.18 12:59:07 | 008,405,015 | ---- | M] () -- C:\Windows\TmpFile1
[2012.08.18 12:59:00 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.18 12:59:00 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.18 12:58:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.18 12:58:04 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.08.16 14:58:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012.08.15 11:59:29 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012.08.15 11:59:29 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012.08.15 11:26:05 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.08.15 11:26:05 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.08.14 10:27:53 | 000,227,904 | ---- | M] () -- C:\Users\Daniel\Desktop\Europa-Unfallbericht_Deutsch_Schwedisch.pdf
[2012.08.14 10:27:39 | 000,231,515 | ---- | M] () -- C:\Users\Daniel\Desktop\Europa-Unfallbericht_Deutsch_Englisch.pdf
[2012.08.14 10:26:52 | 000,546,813 | ---- | M] () -- C:\Users\Daniel\Desktop\Europaeischer_Unfallbericht_04.pdf
[2012.08.06 19:39:41 | 001,588,952 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.08.06 19:39:41 | 000,682,142 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.08.06 19:39:41 | 000,641,132 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.08.06 19:39:41 | 000,149,574 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.08.06 19:39:41 | 000,123,016 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.08.06 19:39:28 | 000,144,384 | ---- | M] () -- C:\Users\Daniel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.07.24 10:52:35 | 003,140,283 | ---- | M] () -- C:\Users\Daniel\Desktop\Voegel_03-07_Spektivtest_70-75_low.pdf

========== Files Created - No Company Name ==========

[2012.08.14 10:27:53 | 000,227,904 | ---- | C] () -- C:\Users\Daniel\Desktop\Europa-Unfallbericht_Deutsch_Schwedisch.pdf
[2012.08.14 10:27:39 | 000,231,515 | ---- | C] () -- C:\Users\Daniel\Desktop\Europa-Unfallbericht_Deutsch_Englisch.pdf
[2012.08.14 10:26:52 | 000,546,813 | ---- | C] () -- C:\Users\Daniel\Desktop\Europaeischer_Unfallbericht_04.pdf
[2012.07.24 10:52:33 | 003,140,283 | ---- | C] () -- C:\Users\Daniel\Desktop\Voegel_03-07_Spektivtest_70-75_low.pdf
[2012.06.20 11:25:39 | 000,000,250 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.06.20 11:25:39 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2012.05.15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.12.14 17:25:41 | 000,000,079 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\.ettercap_gtk
[2011.09.20 11:42:37 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll
[2011.09.20 11:42:37 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll
[2011.04.28 13:31:37 | 000,000,094 | ---- | C] () -- C:\Users\Daniel\AppData\Local\fusioncache.dat
[2011.04.28 13:29:22 | 001,568,958 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.04.04 22:22:11 | 000,002,976 | ---- | C] () -- C:\Users\Daniel\.recently-used.xbel
[2011.04.04 22:15:53 | 000,000,882 | ---- | C] () -- C:\Users\Daniel\.ufrawrc
[2010.09.16 13:50:33 | 000,090,416 | ---- | C] () -- C:\Windows\AKDeInstall.exe
[2010.09.08 17:00:33 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin
[2010.06.03 21:06:18 | 000,017,408 | ---- | C] () -- C:\Users\Daniel\AppData\Local\WebpageIcons.db
[2010.04.10 20:12:50 | 000,000,680 | ---- | C] () -- C:\Users\Daniel\AppData\Local\d3d9caps.dat
[2009.02.08 16:37:59 | 000,000,552 | ---- | C] () -- C:\Users\Daniel\AppData\Local\d3d8caps.dat
[2008.12.18 11:18:53 | 000,000,126 | -HS- | C] () -- C:\ProgramData\.zreglib
[2008.09.27 21:09:45 | 000,001,033 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\ShiftN.ini
[2008.09.15 23:42:21 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.09.10 18:48:34 | 000,144,384 | ---- | C] () -- C:\Users\Daniel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.09.10 16:18:35 | 000,001,460 | ---- | C] () -- C:\Users\Daniel\AppData\Local\d3d9caps64.dat

========== LOP Check ==========

[2008.09.17 19:37:35 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Anthropics
[2011.11.03 11:43:55 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Audacity
[2011.09.06 16:16:44 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Bio-Rad
[2011.10.04 11:37:16 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Bitcoin
[2012.06.23 17:18:47 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Canon
[2009.10.25 15:10:56 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\CD-LabelPrint
[2008.09.10 22:53:29 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\DAEMON Tools
[2012.07.22 16:09:02 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\DiskAid
[2009.03.13 22:03:36 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\DxO Labs
[2009.03.13 22:04:00 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\DxO_Labs
[2010.09.26 22:35:41 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Flickr
[2010.09.15 00:00:42 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\GetRightToGo
[2011.04.04 22:22:11 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\gtk-2.0
[2012.06.16 02:35:23 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\ICQ
[2008.12.18 15:01:36 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\ImgBurn
[2011.10.26 18:17:51 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\LibreOffice
[2010.09.12 01:40:26 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\LolClient
[2010.09.14 16:14:51 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\ManyCam
[2012.05.25 04:33:16 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\ooVoo Details
[2009.06.11 18:28:15 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\OpenOffice.org
[2009.03.13 21:59:18 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\PACE Anti-Piracy
[2011.06.16 23:24:51 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\poclbm
[2012.04.18 23:03:07 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\PTGui
[2011.04.03 10:55:55 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\RawTherapeeAlpha
[2012.08.07 14:37:19 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\redsn0w
[2011.11.05 00:48:25 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\RStudio
[2012.07.21 16:27:19 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Software4u
[2011.11.17 13:10:20 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Tinn-R
[2010.09.13 14:11:00 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Uniblue
[2012.07.21 21:01:18 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\WindSolutions
[2012.08.18 12:58:05 | 000,032,602 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2012.08.18 12:55:17 | 000,001,546 | ---- | M] () -- C:\AdwCleaner[R1].txt
[2012.08.18 12:56:33 | 000,001,665 | ---- | M] () -- C:\AdwCleaner[R2].txt
[2012.08.18 12:56:11 | 000,000,286 | ---- | M] () -- C:\AdwCleaner[S1].txt
[2012.08.18 12:57:23 | 000,001,482 | ---- | M] () -- C:\AdwCleaner[S2].txt
[2009.12.13 22:21:49 | 000,000,678 | ---- | M] () -- C:\BnetLog.txt
[2009.04.11 08:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008.09.10 17:03:25 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.sys /90 >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\*.exe /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\* >
[2008.01.21 05:21:59 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "A:\Programme\Vista\Firefox\uninstall\helper.exe" /HideShortcuts [2012.07.18 12:41:15 | 000,867,736 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "A:\Programme\Vista\Firefox\uninstall\helper.exe" /ShowShortcuts [2012.07.18 12:41:15 | 000,867,736 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "A:\Programme\Vista\Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012.07.18 12:41:15 | 000,867,736 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: A:\Programme\Vista\Firefox\firefox.exe [2012.07.18 12:41:15 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "A:\Programme\Vista\Firefox\firefox.exe" -preferences [2012.07.18 12:41:15 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "A:\Programme\Vista\Firefox\firefox.exe" -safe-mode [2012.07.18 12:41:15 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -hide [2011.05.19 14:18:24 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -show [2011.05.19 14:18:24 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -reinstall [2011.05.19 14:18:24 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2011.05.19 14:18:25 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2011.05.19 14:18:25 | 000,748,336 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011.05.19 14:18:21 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011.05.19 14:18:21 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011.05.19 14:18:21 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2011.05.19 14:18:25 | 000,748,336 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2011.05.19 14:18:25 | 000,748,336 | ---- | M] (Microsoft Corporation)

========== Alternate Data Streams ==========

@Alternate Data Stream - 72 bytes -> C:\Windows:5F0592099A32DCC0
@Alternate Data Stream - 523 bytes -> C:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 1376 bytes -> C:\ProgramData\Microsoft:2aFCTYIauh49VL3a6T3hn1x
@Alternate Data Stream - 1339 bytes -> C:\Users\Daniel\AppData\Local\pgz9ZkDlY8W:uJVY4whjdMSVr0HoJctvFpH
@Alternate Data Stream - 1334 bytes -> C:\ProgramData\Microsoft:yZvVHxMnho9TrFuHvzEft1

< End of report >


Extras.txt

OTL Extras logfile created on: 18.08.2012 13:47:37 - Run 4
OTL by OldTimer - Version 3.2.57.0 Folder = A:\Programme\Tools\Sicherheit
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,99 Gb Total Physical Memory | 2,10 Gb Available Physical Memory | 52,50% Memory free
11,94 Gb Paging File | 9,78 Gb Available in Paging File | 81,84% Paging File free
Paging file location(s): e:\pagefile.sys 8230 8230 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 58,79 Gb Total Space | 14,39 Gb Free Space | 24,47% Space Free | Partition Type: NTFS
Drive E: | 14,65 Gb Total Space | 6,52 Gb Free Space | 44,52% Space Free | Partition Type: NTFS
Drive G: | 68,36 Gb Total Space | 13,29 Gb Free Space | 19,45% Space Free | Partition Type: NTFS
Drive S: | 107,46 Gb Total Space | 23,66 Gb Free Space | 22,02% Space Free | Partition Type: NTFS
Drive Z: | 633,42 Gb Total Space | 249,92 Gb Free Space | 39,46% Space Free | Partition Type: NTFS

Computer Name: DANIEL-PC | User Name: Daniel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2661488324-2594523016-1501765560-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- A:\Programme\Vista\Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "A:\Programme\Vista\MS Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "A:\Programme\Vista\MS Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "A:\Programme\Vista\VLC\vlc-1.0.5\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- A:\Programme\Vista\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "A:\Programme\Vista\VLC\vlc-1.0.5\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "A:\Programme\Vista\MS Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "A:\Programme\Vista\MS Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "A:\Programme\Vista\VLC\vlc-1.0.5\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- A:\Programme\Vista\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "A:\Programme\Vista\VLC\vlc-1.0.5\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 3E 1C B0 6A A9 51 CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2661488324-2594523016-1501765560-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03A9D8F9-727F-40B5-A1C8-137D549EE2F5}" = lport=137 | protocol=17 | dir=in | app=system |
"{1FDC75A7-3678-42B5-8C77-7215A3AB3D70}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected]rewallapi.dll,-28539 |
"{2000FCCE-56E9-47B3-9603-0B0A2118132C}" = lport=138 | protocol=17 | dir=in | app=system |
"{25F3B178-0433-4ECD-86AD-D4C071873DC4}" = lport=445 | protocol=6 | dir=in | app=system |
"{27F0BBE8-E77B-4644-ADC1-32439D041379}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2F0BEDCE-4BEF-49F3-BFEC-7BF115414BFB}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher |
"{3B2C05E6-F7C2-4DE2-971B-0338BC64589C}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{3E5F873E-1594-4ABE-BE8E-5A42516FC4F0}" = rport=138 | protocol=17 | dir=out | app=system |
"{524FF324-190E-4503-8697-BCEC983ACBF5}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{6F9A149F-1E12-4443-89F7-00E48737657F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{70284FBE-7A2E-4227-934B-7BD84123AFD0}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{77896EB8-D669-4D03-B975-EFD4306C13C1}" = rport=139 | protocol=6 | dir=out | app=system |
"{98126AF1-83C9-400F-9304-D799B9546A23}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{9B8101E1-00CD-4640-B49B-6CEE6F30E948}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{9DD04AD7-FBA1-40C5-9493-4D0B478FCDF6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9F408C4A-981D-420E-BE0A-6588B47A34B4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{9FF9B398-A7C7-4EDF-802F-93D7301EAB7C}" = rport=445 | protocol=6 | dir=out | app=system |
"{9FFE290F-9123-4377-9D76-33A92FC0204D}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher |
"{BF7F3FF4-055E-4654-9B43-8136ED845F55}" = rport=137 | protocol=17 | dir=out | app=system |
"{C03CF2ED-101F-43BB-8B62-7426734A3CDE}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{D8BF147E-7D53-45FA-A3FE-5B93306E9376}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D96DD8B1-5AA9-443C-BC5E-6C2329B9C9C3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EBCF9561-9AB4-4232-B3CF-3E9FD323F479}" = lport=139 | protocol=6 | dir=in | app=system |
"{FDE2FA16-3EFA-4BAF-B7F6-62C09C4B75D3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09DDC764-E218-40F5-B696-7B133421B7F6}" = protocol=1 | dir=in | [email protected],-28543 |
"{0B03262E-6968-44C4-90D1-AACBBBFC45C1}" = protocol=17 | dir=in | app=g:\games\vista\steam\steamapps\common\dota 2 beta\dota.exe |
"{1078D3BB-3A27-4923-84E7-A4E8EE0B7F0A}" = protocol=6 | dir=in | app=g:\games\vista\crysis\bin32\crysisdedicatedserver.exe |
"{11F834EF-62A8-42DB-835D-AF510DA44920}" = protocol=17 | dir=in | app=g:\games\vista\league of legends\air\lolclient.exe |
"{1A64B0AC-0FC5-45CF-9EAB-23AA981121B4}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{1B92EE72-0EBF-4DD7-8D04-90B36DA4E806}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{1C790510-A155-4D1C-AFB1-7C97BD74F5B3}" = protocol=17 | dir=in | app=a:\programme\vista\icq\icq7.2\icq.exe |
"{1FC7DBF4-2E2B-4AE7-828D-309A0C76FC18}" = protocol=6 | dir=in | app=g:\games\vista\steam\steamapps\kamikasse\counter-strike\hl.exe |
"{20E2A033-6409-4925-B1CA-3F504BDEB694}" = protocol=17 | dir=in | app=g:\games\vista\crysis\bin32\crysis.exe |
"{26613B22-3198-4406-A8F5-7D8191C97C08}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{2A108E73-0147-4E4F-8C35-DA1F684BFA8B}" = protocol=17 | dir=in | app=g:\games\vista\steam\steam.exe |
"{2D6DC1CE-A4EB-49AF-8BBE-00567B0083A5}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{30703650-CAF3-4885-AF29-971BFB83D740}" = protocol=6 | dir=in | app=a:\programme\vista\yahoo messenger\messenger\yahoomessenger.exe |
"{31966044-CF10-473F-B9EF-C26464BF2415}" = dir=in | app=a:\programme\vista\iphone\itunes\itunes.exe |
"{360D7458-167C-49B6-9EE7-11F1C0047412}" = protocol=17 | dir=in | app=a:\programme\vista\yahoo messenger\messenger\yahoomessenger.exe |
"{382CB011-1ED4-4424-87F0-A0F8B6D5072D}" = protocol=17 | dir=in | app=a:\programme\vista\icq\icq7.2\aolload.exe |
"{3993FF3D-4A5A-4626-8B31-2AA03B31FE4C}" = dir=in | app=a:\programme\vista\skype\phone\skype.exe |
"{412439BA-C36B-49B9-8EFD-53A35853121E}" = protocol=6 | dir=in | app=a:\programme\vista\icq\icq7.2\aolload.exe |
"{4322B004-2B5F-42B2-A41F-3DD04B8A3A92}" = protocol=6 | dir=in | app=g:\games\vista\rockstar games\rockstar games social club\rgsclauncher.exe |
"{49EBE3C1-3B14-4E5D-A0AB-D8D2750165C1}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{4AFB02F4-9FF5-46CB-9BB3-0D0DB99476D7}" = protocol=6 | dir=in | app=a:\programme\vista\icq\icq7.2\icq.exe |
"{517B5C67-A172-4E21-B4BC-5A844C3E50DB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{58B4E94D-8588-4EC9-BE0B-41F48747A24A}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{5DC5928C-BEE6-4B54-8AA1-54D01EB30961}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{6050A661-9EA2-4921-95E2-AD93CB5AD355}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{6418A616-FA10-442E-8577-B6E1DF2E383B}" = protocol=6 | dir=in | app=a:\programme\vista\icq\icq7.2\icq.exe |
"{67F04552-42DD-4B41-BB13-A28941A6BD57}" = protocol=17 | dir=in | app=g:\games\vista\rockstar games\rockstar games social club\rgsclauncher.exe |
"{69A5BF7D-E0B9-4953-A92D-98BE1EE946EB}" = protocol=17 | dir=in | app=g:\games\vista\rockstar games\gta iv\grand theft auto iv\launchgtaiv.exe |
"{6E247E8F-BF3F-4AE6-8208-DB733AB4640C}" = protocol=17 | dir=in | app=a:\programme\vista\iphone\iphone explorer\software4u.iphoneexplorer.exe |
"{730F4B70-CF5B-42AB-8431-B07EFA18FF9C}" = protocol=6 | dir=in | app=a:\programme\vista\iphone\iphone explorer\software4u.iphoneexplorer.exe |
"{758FF5F4-B039-4F9A-B561-13586821B039}" = protocol=1 | dir=out | [email protected],-28544 |
"{75CE771B-4E20-4040-93DF-E9AC6392DFA5}" = protocol=6 | dir=in | app=g:\games\vista\crysis\bin32\crysis.exe |
"{79057D84-01F0-468F-ABF8-8C0C996F43DE}" = protocol=17 | dir=in | app=a:\programme\vista\icq\icq7.2\aolload.exe |
"{7BE3683F-5FE0-4021-BC9D-318D46426C07}" = protocol=6 | dir=in | app=g:\games\vista\steam\steam.exe |
"{7C3C64C1-92CA-453D-A1A6-AD15199F9A58}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7CE9F49E-B0DB-440D-ABDA-0968E746FA6E}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{80AC9C10-8CE9-467A-A1DA-DE7B82DDCDE2}" = protocol=6 | dir=in | app=g:\games\vista\league of legends\game\league of legends.exe |
"{8152E850-656F-417F-9510-EE65EBF66730}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{831E3C9D-CFDA-48CD-97E5-A7D851D11394}" = protocol=17 | dir=in | app=a:\programme\vista\icq\icq7.2\icq.exe |
"{8606AE1F-B8B6-4E72-9790-9FB6E182CC7F}" = protocol=17 | dir=in | app=g:\games\vista\steam\steam.exe |
"{862618BF-ABD0-4E8C-B1F9-EADCB8093E0F}" = protocol=6 | dir=in | app=c:\windows\system32\hasplms.exe |
"{8861A561-9378-42FE-9264-9E259B211533}" = protocol=6 | dir=in | app=g:\games\vista\rockstar games\gta iv\grand theft auto iv\launchgtaiv.exe |
"{8FDC12BF-61CA-4245-AB60-A4853F7564AF}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{9332F4AF-F521-421B-82EC-807048E7B15F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{98F2597F-F0E3-4FA0-9184-8F38B431C3D5}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{A271B458-ECB9-4F8B-A814-F05DE0F2D532}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{A5CFD30A-F1DE-469C-9B4C-ED7DAB63F609}" = protocol=6 | dir=in | app=a:\programme\vista\icq\icq7.2\aolload.exe |
"{A6231193-6437-4717-93B6-F6B7B3256B30}" = protocol=6 | dir=in | app=g:\games\vista\kane and lynch\kaneandlynch.exe |
"{B582AA15-4D45-4094-9564-549491F5441A}" = protocol=17 | dir=in | app=g:\games\vista\crysis\bin32\crysisdedicatedserver.exe |
"{B63E08B3-5E27-4CEE-9C3E-90814CF5D63D}" = protocol=6 | dir=in | app=g:\games\vista\crysis\bin64\crysisdedicatedserver.exe |
"{C010C20C-12A2-4E7A-92BA-CAC082888B28}" = protocol=17 | dir=in | app=g:\games\vista\steam\steamapps\common\dota 2 beta\dota.exe |
"{C7D3BB21-9498-4004-81C5-9A7D5A633809}" = protocol=58 | dir=out | [email protected],-28546 |
"{D7894933-AC31-4802-BACA-9EE617916873}" = protocol=58 | dir=in | [email protected],-28545 |
"{D9C40226-6F66-4E21-8931-7967C3538A5D}" = protocol=17 | dir=in | app=g:\games\vista\league of legends\game\league of legends.exe |
"{DD02F313-5F51-4FE6-B334-A88D1B2C8E11}" = protocol=17 | dir=in | app=g:\games\vista\kane and lynch\kaneandlynch.exe |
"{DD68EF71-0E98-46E6-9FC8-9FBF71CA3ADA}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{DE494ABD-9551-43BE-827D-A84C155FDFB0}" = protocol=17 | dir=in | app=g:\games\vista\crysis\bin64\crysisdedicatedserver.exe |
"{DE861B23-9040-474A-9155-F74A1101B252}" = protocol=6 | dir=in | app=g:\games\vista\prototype\prototypef.exe |
"{DEE02FF0-EFD8-45A0-B487-511CBEE35170}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{DF765545-F123-4DBE-8030-6932E785CB47}" = protocol=6 | dir=in | app=g:\games\vista\steam\steamapps\common\dota 2 beta\dota.exe |
"{E17AC1A2-3543-404B-BA76-44365DC09FFA}" = protocol=6 | dir=in | app=g:\games\vista\league of legends\air\lolclient.exe |
"{E2019786-C9C0-4046-BBF8-9311EACCAE2E}" = protocol=17 | dir=in | app=g:\games\vista\prototype\prototypef.exe |
"{E2380AFE-9529-43CA-AA5E-59556FC31DBA}" = protocol=6 | dir=in | app=g:\games\vista\crysis\bin64\crysis.exe |
"{E2BD1FD7-F76E-4AAC-B648-995E7D0C2A08}" = protocol=17 | dir=in | app=g:\games\vista\steam\steamapps\kamikasse\counter-strike\hl.exe |
"{E5573C7C-AA20-4DB1-B414-F493677648E3}" = protocol=6 | dir=in | app=g:\games\vista\steam\steam.exe |
"{F1714522-19F4-48AD-9339-B09DB57E63BB}" = protocol=6 | dir=in | app=g:\games\vista\steam\steamapps\common\dota 2 beta\dota.exe |
"{F8462619-D8FC-474B-AE3B-05AD045EB3FE}" = protocol=17 | dir=in | app=c:\windows\system32\hasplms.exe |
"{F89C17D6-A70E-43BA-98DF-9B1B1EFCD9DA}" = protocol=17 | dir=in | app=g:\games\vista\crysis\bin64\crysis.exe |
"TCP Query User{25C2C271-3445-4F90-A33A-5BDFB663676E}G:\games\vista\warcraft iii\listchecker\pickup.listchecker.exe" = protocol=6 | dir=in | app=g:\games\vista\warcraft iii\listchecker\pickup.listchecker.exe |
"TCP Query User{3B44605F-D5A1-4807-B32E-09BA2D3B00C8}G:\games\vista\soldier of fortune payback\sof3.exe" = protocol=6 | dir=in | app=g:\games\vista\soldier of fortune payback\sof3.exe |
"TCP Query User{5384558F-5AD5-446F-BCCD-D48F824A4DB3}A:\programme\vista\emule\emule.exe" = protocol=6 | dir=in | app=a:\programme\vista\emule\emule.exe |
"TCP Query User{7305552F-FAA1-47D2-B104-BB395863D045}G:\games\vista\sid meier's civilization 4\civilization4.exe" = protocol=6 | dir=in | app=g:\games\vista\sid meier's civilization 4\civilization4.exe |
"TCP Query User{90002CB5-0738-482D-A3D0-97A6DEE2FF32}G:\games\vista\starcraft\starcraft.exe" = protocol=6 | dir=in | app=g:\games\vista\starcraft\starcraft.exe |
"TCP Query User{9043C97D-5F0E-47E9-A79F-61C335C1F4D6}G:\games\vista\warcraft iii\war3.exe" = protocol=6 | dir=in | app=g:\games\vista\warcraft iii\war3.exe |
"TCP Query User{93444569-A651-4408-9579-0BCAF562884B}A:\programme\vista\icq\icq6\icq.exe" = protocol=6 | dir=in | app=a:\programme\vista\icq\icq6\icq.exe |
"TCP Query User{96FF843E-98DE-40D7-9694-4A59F7129202}G:\games\vista\warcraft iii\war3.exe" = protocol=6 | dir=in | app=g:\games\vista\warcraft iii\war3.exe |
"TCP Query User{A183DB00-B3C7-4AEF-BB57-A8F11ACE5828}G:\games\vista\warcraft iii\listchecker\pickup.listchecker.exe" = protocol=6 | dir=in | app=g:\games\vista\warcraft iii\listchecker\pickup.listchecker.exe |
"TCP Query User{A6602194-57F6-4603-8C93-D7C279E8CA0F}A:\programme\vista\emule\emule.exe" = protocol=6 | dir=in | app=a:\programme\vista\emule\emule.exe |
"TCP Query User{BCDB0903-81DB-4142-A63B-8B4583BC775A}A:\programme\vista\icq\icq6.5\icq.exe" = protocol=6 | dir=in | app=a:\programme\vista\icq\icq6.5\icq.exe |
"TCP Query User{CD225332-F4AD-4BE8-8D55-0B56B66279FD}G:\games\vista\starcrafteng\starcraft.exe" = protocol=6 | dir=in | app=g:\games\vista\starcrafteng\starcraft.exe |
"TCP Query User{CE958C00-AC71-4DBA-A68F-16065C154EE8}S:\my data\downloads\downloader_starcraft_combo_enus.exe" = protocol=6 | dir=in | app=s:\my data\downloads\downloader_starcraft_combo_enus.exe |
"TCP Query User{EB12B6F9-01AA-45BA-B0B9-7384C0413FB9}G:\games\vista\russencs\hl.exe" = protocol=6 | dir=in | app=g:\games\vista\russencs\hl.exe |
"TCP Query User{F62EEC69-CD9D-43B8-A0A8-3AF6AFED21B5}G:\games\vista\rockstar games\gta iv\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=g:\games\vista\rockstar games\gta iv\grand theft auto iv\gtaiv.exe |
"TCP Query User{F9923728-1B16-4425-A131-052F0CA786F4}A:\programme\vista\icq\icq6\icq.exe" = protocol=6 | dir=in | app=a:\programme\vista\icq\icq6\icq.exe |
"UDP Query User{02BDEDBE-10DA-43B1-A56A-73FE6CE4DC57}G:\games\vista\warcraft iii\listchecker\pickup.listchecker.exe" = protocol=17 | dir=in | app=g:\games\vista\warcraft iii\listchecker\pickup.listchecker.exe |
"UDP Query User{0350A96B-3808-4411-80FD-9B960FDA2EB5}G:\games\vista\russencs\hl.exe" = protocol=17 | dir=in | app=g:\games\vista\russencs\hl.exe |
"UDP Query User{128A273B-F7AD-4EE9-AA83-4A4CAEED68D5}G:\games\vista\sid meier's civilization 4\civilization4.exe" = protocol=17 | dir=in | app=g:\games\vista\sid meier's civilization 4\civilization4.exe |
"UDP Query User{2B6CB25F-4430-46E5-A750-D5EF0A1F215B}G:\games\vista\rockstar games\gta iv\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=g:\games\vista\rockstar games\gta iv\grand theft auto iv\gtaiv.exe |
"UDP Query User{46920A0C-CB60-427F-97D0-052CD64863E1}G:\games\vista\warcraft iii\war3.exe" = protocol=17 | dir=in | app=g:\games\vista\warcraft iii\war3.exe |
"UDP Query User{4FD0244E-94CE-4A18-B3F4-5DA5839B087D}G:\games\vista\starcrafteng\starcraft.exe" = protocol=17 | dir=in | app=g:\games\vista\starcrafteng\starcraft.exe |
"UDP Query User{5650E9F3-1372-4122-8F9C-32BCEAC4E623}A:\programme\vista\emule\emule.exe" = protocol=17 | dir=in | app=a:\programme\vista\emule\emule.exe |
"UDP Query User{565FD11A-A8BB-40BF-B6CB-AAB2D635E0B2}A:\programme\vista\icq\icq6\icq.exe" = protocol=17 | dir=in | app=a:\programme\vista\icq\icq6\icq.exe |
"UDP Query User{5A17150F-2890-4F89-A668-D2FFFD6A6AD3}A:\programme\vista\icq\icq6.5\icq.exe" = protocol=17 | dir=in | app=a:\programme\vista\icq\icq6.5\icq.exe |
"UDP Query User{6031DD7E-2D38-4FF9-9BA3-E5DE561CF643}S:\my data\downloads\downloader_starcraft_combo_enus.exe" = protocol=17 | dir=in | app=s:\my data\downloads\downloader_starcraft_combo_enus.exe |
"UDP Query User{825CE9D1-B22B-4E12-9C69-B589B3E55143}A:\programme\vista\icq\icq6\icq.exe" = protocol=17 | dir=in | app=a:\programme\vista\icq\icq6\icq.exe |
"UDP Query User{A265DB6F-66E5-4E21-90C4-FCCF2FD336C5}G:\games\vista\warcraft iii\war3.exe" = protocol=17 | dir=in | app=g:\games\vista\warcraft iii\war3.exe |
"UDP Query User{D23220A6-FEB3-49A3-BD2E-4D137CCD1555}A:\programme\vista\emule\emule.exe" = protocol=17 | dir=in | app=a:\programme\vista\emule\emule.exe |
"UDP Query User{E80AAA66-9EBB-4FB2-B384-28AEF9DE6449}G:\games\vista\starcraft\starcraft.exe" = protocol=17 | dir=in | app=g:\games\vista\starcraft\starcraft.exe |
"UDP Query User{FA20537C-F71A-4C13-A3EB-485537F0F592}G:\games\vista\soldier of fortune payback\sof3.exe" = protocol=17 | dir=in | app=g:\games\vista\soldier of fortune payback\sof3.exe |
"UDP Query User{FE3B5E0E-FE5F-4433-A750-C5D2FBD062C7}G:\games\vista\warcraft iii\listchecker\pickup.listchecker.exe" = protocol=17 | dir=in | app=g:\games\vista\warcraft iii\listchecker\pickup.listchecker.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4700_series" = Canon iP4700 series Printer Driver
"{26921B2E-3E62-47F9-A514-1FC4A83BD738}" = Intel® PROSet/Wireless WiFi-Software
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2AF8017B-E503-408F-AACE-8A335452CAD2}" = IBM SPSS Statistics 20
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5C820C43-917F-4A1E-A8CB-F699A73F8AB7}" = AxCrypt 1.7.1878.0
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{60C70D2F-28B7-4654-BBFA-C932BAA4A9E6}" = GlobeTrotter Connect
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{727E94E5-584F-4463-B4F5-93D3779C610B}_x" = GlobeTrotter Connect
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{8C5B5A11-CBF8-451B-B201-77FAB0D0B77D}" = Microsoft Network Monitor 3.4
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{A8BB73DB-199D-4917-B7CB-32FAAC4B820D}" = Topaz Adjust 3 (64-bit)
"{AA45E50C-1447-48CD-9B49-61B82ED1F95C}" = Adobe Photoshop Lightroom 2.3 64-bit
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.16.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BA2B617F-EE1D-4201-9E3C-E3ECD5DEAC39}" = Topaz Adjust (64-bit)
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D21540A9-37AC-40FC-8106-15A4C1A2DD1A}" = Oracle VM VirtualBox 4.1.4
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"4435-7533-6274-7601" = Geneious 5.6.2
"CCleaner" = CCleaner
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"ProInst" = Intel PROSet Wireless
"R for Windows 2.13.2_is1" = R for Windows 2.13.2
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SMSERIAL" = Motorola SM56 Data Fax Modem
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamSpeak 3 Client" = TeamSpeak 3 Client

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{0215A652-E081-4B09-9333-DC85AAB67FFA}" = Adobe Dreamweaver CS5.5
"{02B244A2-7F6A-42E8-A36F-8C385D7A1625}" = Gothic III
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}" = Microsoft Games for Windows - LIVE Redistributable
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0D801AB5-0CA0-4471-B2B6-B9F4A363EE9F}" = DxO Optics Pro for Photoshop CS
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{13B792AA-C078-43A4-8A3A-8B12D629940D}" = Counter-Strike 1.6
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{164714B6-46BC-4649-9A30-A6ED32F03B5A}" = Hotkey
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java™ 7 Update 5
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BB1DCED-84D3-47F9-B718-5947E904593E}" = BisonCam
"{4D243BA7-9AC4-46D1-90E5-EEB88974F501}" = Microsoft Games for Windows - LIVE
"{4D53090A-CE35-42BD-B377-831000018301}" = Fable III
"{50FC1CE8-FF32-4F3B-B654-050DD6ECD474}" = EXIFeditor
"{53DA6CFE-7CDE-4F72-9E23-39AAC686DE17}" = iPhone Folders
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{59C2E0E4-0859-4EC1-BCD3-53DBCEFE7AFA}" = Topaz Adjust
"{5A0D71BC-3AB0-4BC1-B241-CABE11EEE731}" = DxO Optics Pro 5.3.3
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5B0D20D7-AA12-4FC8-9A4A-AF722F430738}_is1" = EOS Camera Movie Record 0.3.1 Beta
"{5E684419-44E3-46EE-A43C-A60082CBF4EC}" = Topaz Adjust 3
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6B6EF732-A621-4BAB-A695-CEF6C76B46F2}" = Ettercap
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7821C7B2-7E21-4CF3-925B-58B6A8BC6311}" = LibreOffice 3.4
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8726B95C-F494-4C7B-8773-7A1943D69C4E}" = Bio-Rad CFX Manager 2.1
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{89C89156-A70F-4C6D-9CAE-2EA71F1396FE}" = Garena
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AEA4BE2-2B52-41C0-BB7D-9F2D17AF1031}" = Nero 8
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{97937CFF-85CE-4534-A843-1DB5C15CF581}" = ImagingPam
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A10D9B03-AABB-47D7-8A30-2FEA97E70BC7}" = Quake Live Mozilla Plugin
"{A6457851-5EA9-45B0-AF1D-D2A0A4781CFB}" = MIDI-OX
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B047C9CE-1B9B-45A9-89A0-7E6F81C16FEF}" = Camtasia Studio 6
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BA2E30B9-5D7B-46C4-8C04-B1EFA7BBA23E}" = Lucis Pro
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BCD4A059-C381-4548-B4F1-564F21A64415}" = Bio-Rad iQ5 2.1 Standard Edition
"{C0E8FE43-C35B-451D-B35F-D4BD056D70E7}" = Camtasia Studio 7
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C576C82C-EE87-11D6-B031-0000CB597465}" = A.F.7 Merge your files 1.3
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D75B5A39-C686-421C-B2BE-FDF9574662E1}" = Cisco AnyConnect Secure Mobility Client
"{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1
"{D7BF3B76-EEF9-4868-9B2B-42ABF60B279A}" = Microsoft_VC80_CRT_x86
"{DA86503D-AAA4-4AB1-B872-ED1360A0424C}" = A.F.6 Split your files 2.2
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DE4CF159-4AD2-4754-BDA0-5FB088C8B58B}" = Razer Diamondback
"{E4511CEC-2E60-4076-95B6-0E193269EB86}" = MicroMachines V4
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F66B9ED8-DB45-4A0C-BE7B-513BE9E28226}" = ASTERICS 3.3.1
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"AVIcodec" = AVIcodec (remove only)
"Avira AntiVir Desktop" = Avira Free Antivirus
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon iP4700 series Benutzerregistrierung" = Canon iP4700 series Benutzerregistrierung
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Carl Zeiss LSM Image Browser" = LSM Image Browser, Release 4.2
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client
"CloneCD" = CloneCD
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DFX for Winamp" = DFX for Winamp
"Diablo II" = Diablo II
"Diablo III" = Diablo III
"DiskAid_is1" = DiskAid 5.3
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup" = DivX-Setup
"DPP" = Canon Utilities Digital Photo Professional 3.9
"DreamSuite Bonus" = Uninstall DreamSuite Bonus
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"eMule" = eMule
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EOS Utility" = Canon Utilities EOS Utility
"Ettercap 0.7.4" = Ettercap-0.7.4
"Exact Audio Copy" = Exact Audio Copy 0.99pb5
"Exif Tag Remover_is1" = Exif Tag Remover 3.01
"FE5AE7DC-7B01-4263-A94C-B4526C276549_is1" = iPhone Explorer
"Flickr Uploadr" = Flickr Uploadr 3.2.1
"Fraps" = Fraps (remove only)
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"hon" = Heroes of Newerth
"ImagingPam" = ImagingPam
"ImgBurn" = ImgBurn
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"ManpWIN_is1" = ManpWIN version 3.01i
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube
"Mozilla Firefox (3.0.2)" = Mozilla Firefox (3.0.2)
"MyCamera" = Canon Utilities MyCamera
"Neat Image_is1" = Neat Image v5 Demo (with plug-in)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Photomatix Pro_is1" = Photomatix Pro version 2.5.4
"PhotomatixPro3_is1" = Photomatix Pro version 3.0
"PhotoStitch" = Canon Utilities PhotoStitch
"Picasa 3" = Picasa 3
"Picture Style Editor" = Canon Utilities Picture Style Editor
"Portrait Professional Max 6_is1" = Portrait Professional Max 6.3
"PTGui" = PTGui Pro 9.0
"PunkBusterSvc" = PunkBuster Services
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 12.0" = RealPlayer
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"RStudio" = RStudio
"SecureW2 EAP Suite" = SecureW2 EAP Suite 1.1.1 for Windows
"SecureW2 TTLS Client" = SecureW2 TTLS Client 3.2.0 for Windows Vista BETA1
"ShiftN_is1" = ShiftN 3.3
"simple1_is1" = Photomatix Tone Mapping Plug-In version 1.0
"simple2_is1" = Tone Mapping Plug-In 1.2
"SMAC 2.7" = SMAC 2.7
"StarCraft" = StarCraft
"StarCraft II" = StarCraft II
"Steam App 10" = Counter-Strike
"Steam App 570" = Dota 2
"SystemRequirementsLab" = System Requirements Lab
"Tinn-R_is1" = Tinn-R 2.3.7.1
"Totalcmd" = Total Commander (Remove or Repair)
"UFRaw_is1" = UFRaw 0.17
"UnrealTournament" = Unreal Tournament G.O.T.Y. Edition
"VertusFluidMask3" = Vertus Fluid Mask 3 3.0.8
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.1.8
"Warcraft III" = Warcraft III
"Warkeys" = Warkeys 1.13.1.0b
"waterMark V2" = waterMark V2
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.0.2
"WinRAR archiver" = WinRAR
"Wise Disk Cleaner_is1" = Wise Disk Cleaner 5.54
"Wise Registry Cleaner_is1" = Wise Registry Cleaner Free 5.54
"XP Codec Pack" = XP Codec Pack
"Yahoo! Messenger" = Yahoo! Messenger
"Zattoo" = Zattoo 3.2.4 Beta
"Zattoo4" = Zattoo4 4.0.5
"Z-defragRAM" = Z-defragRAM
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2661488324-2594523016-1501765560-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Bitcoin" = Bitcoin
"CopyTrans Suite" = Nur Entfernen der CopyTrans Suite möglich
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"Warcraft III" = Warcraft III: All Products

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 18.08.2012 07:02:16 | Computer Name = Daniel-PC | Source = ESENT | ID = 412
Description = wuaueng.dll (448)SUS20ClientDataStore: Die Kopfzeile der Protokolldatei
C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log konnte nicht gelesen werden.
Fehler -546.

Error - 18.08.2012 07:02:16 | Computer Name = Daniel-PC | Source = ESENT | ID = 412
Description = wuaueng.dll (448)SUS20ClientDataStore: Die Kopfzeile der Protokolldatei
C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log konnte nicht gelesen werden.
Fehler -546.

Error - 18.08.2012 07:02:16 | Computer Name = Daniel-PC | Source = ESENT | ID = 412
Description = wuaueng.dll (448)SUS20ClientDataStore: Die Kopfzeile der Protokolldatei
C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log konnte nicht gelesen werden.
Fehler -546.

Error - 18.08.2012 07:02:16 | Computer Name = Daniel-PC | Source = ESENT | ID = 412
Description = wuaueng.dll (448)SUS20ClientDataStore: Die Kopfzeile der Protokolldatei
C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log konnte nicht gelesen werden.
Fehler -546.

Error - 18.08.2012 07:02:16 | Computer Name = Daniel-PC | Source = ESENT | ID = 412
Description = wuaueng.dll (448)SUS20ClientDataStore: Die Kopfzeile der Protokolldatei
C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log konnte nicht gelesen werden.
Fehler -546.

Error - 18.08.2012 07:02:16 | Computer Name = Daniel-PC | Source = ESENT | ID = 412
Description = wuaueng.dll (448)SUS20ClientDataStore: Die Kopfzeile der Protokolldatei
C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log konnte nicht gelesen werden.
Fehler -546.

Error - 18.08.2012 07:32:15 | Computer Name = Daniel-PC | Source = ESENT | ID = 412
Description = wuaueng.dll (448)SUS20ClientDataStore: Die Kopfzeile der Protokolldatei
C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log konnte nicht gelesen werden.
Fehler -546.

Error - 18.08.2012 07:32:15 | Computer Name = Daniel-PC | Source = ESENT | ID = 412
Description = wuaueng.dll (448)SUS20ClientDataStore: Die Kopfzeile der Protokolldatei
C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log konnte nicht gelesen werden.
Fehler -546.

Error - 18.08.2012 07:32:15 | Computer Name = Daniel-PC | Source = ESENT | ID = 412
Description = wuaueng.dll (448)SUS20ClientDataStore: Die Kopfzeile der Protokolldatei
C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log konnte nicht gelesen werden.
Fehler -546.

Error - 18.08.2012 07:32:15 | Computer Name = Daniel-PC | Source = ESENT | ID = 412
Description = wuaueng.dll (448)SUS20ClientDataStore: Die Kopfzeile der Protokolldatei
C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log konnte nicht gelesen werden.
Fehler -546.

[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 15.08.2012 12:38:25 | Computer Name = Daniel-PC | Source = acvpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.

Error - 16.08.2012 05:17:06 | Computer Name = Daniel-PC | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE


Error - 16.08.2012 12:15:02 | Computer Name = Daniel-PC | Source = acvpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.

Error - 17.08.2012 06:50:22 | Computer Name = Daniel-PC | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE


Error - 17.08.2012 07:06:34 | Computer Name = Daniel-PC | Source = acvpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.

Error - 17.08.2012 13:45:22 | Computer Name = Daniel-PC | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE


Error - 17.08.2012 15:06:47 | Computer Name = Daniel-PC | Source = acvpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.

Error - 18.08.2012 06:07:05 | Computer Name = Daniel-PC | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE


Error - 18.08.2012 06:58:04 | Computer Name = Daniel-PC | Source = acvpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.

Error - 18.08.2012 06:59:26 | Computer Name = Daniel-PC | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE


[ System Events ]
Error - 17.08.2012 13:45:17 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 17.08.2012 13:45:17 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 17.08.2012 13:45:25 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 18.08.2012 06:06:29 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 18.08.2012 06:06:29 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 18.08.2012 06:06:59 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 18.08.2012 06:06:59 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 18.08.2012 06:59:12 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 18.08.2012 06:59:12 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 18.08.2012 06:59:20 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7026
Description =


< End of report >


aswMBR.txt

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-18 14:09:22
-----------------------------
14:09:22.647 OS Version: Windows x64 6.0.6002 Service Pack 2
14:09:22.647 Number of processors: 2 586 0x1706
14:09:22.647 ComputerName: DANIEL-PC UserName: Daniel
14:09:23.583 Initialize success
14:09:57.829 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
14:09:57.829 Disk 0 Vendor: WDC_WD10JPVT-16A1YT0 01.01A01 Size: 953869MB BusType: 3
14:09:57.845 Disk 0 MBR read successfully
14:09:57.845 Disk 0 MBR scan
14:09:57.845 Disk 0 Windows VISTA default MBR code
14:09:57.845 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 60200 MB offset 2048
14:09:57.876 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15000 MB offset 123291648
14:09:57.876 Disk 0 Partition - 00 0F Extended LBA 230043 MB offset 154011648
14:09:57.892 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 648623 MB offset 625139712
14:09:57.923 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 50000 MB offset 154013696
14:09:57.923 Disk 0 Partition - 00 05 Extended 180042 MB offset 256413696
14:09:57.939 Disk 0 Partition 5 00 07 HPFS/NTFS NTFS 70000 MB offset 256415744
14:09:57.954 Disk 0 Partition - 00 05 Extended 110041 MB offset 502177792
14:09:57.970 Disk 0 Partition 6 00 07 HPFS/NTFS NTFS 110040 MB offset 399777792
14:09:58.032 Disk 0 scanning C:\Windows\system32\drivers
14:10:12.915 Service scanning
14:10:45.285 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
14:10:57.515 Modules scanning
14:10:57.515 Disk 0 trace - called modules:
14:10:57.515 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa80047022c0]<<spuc.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
14:10:57.531 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005515790]
14:10:57.531 3 CLASSPNP.SYS[fffffa6000fd3c33] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80052ee940]
14:10:57.531 \Driver\atapi[0xfffffa80052a2e70] -> IRP_MJ_CREATE -> 0xfffffa80047022c0
14:10:57.531 Scan finished successfully
14:11:51.423 Disk 0 MBR has been saved successfully to "C:\Users\Daniel\Desktop\MBR.dat"
14:11:51.423 The log file has been saved successfully to "C:\Users\Daniel\Desktop\aswMBR.txt"



mbam-log-2012-08-18 (13-29-57).txt

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.13.04

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Daniel :: DANIEL-PC [administrator]

18.08.2012 13:29:57
mbam-log-2012-08-18 (13-29-57).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 219934
Time elapsed: 2 minute(s), 12 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


  • 0

Advertisements


#2
Gammo

Gammo

    Trusted Helper

  • Malware Removal
  • 2,299 posts
Hello and welcome to Geekstogo!

We apologize for the delay in responding to your request for help.
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

If you haven't done so yet, please go to Malware and Spyware Cleaning Guide and follow the steps instructed there. If you have already done this, we still need a new log to see what has changed since you originally posted your problem.

We need to create an OTL Report
Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Check the box that says Scan All Users.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.
  • 0

#3
kamitesti

kamitesti

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Hi,

here is the OTL report:

OTL.txt

OTL logfile created on: 22.08.2012 12:06:47 - Run 5
OTL by OldTimer - Version 3.2.57.0 Folder = A:\Programme\Tools\Sicherheit
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,99 Gb Total Physical Memory | 2,17 Gb Available Physical Memory | 54,26% Memory free
11,93 Gb Paging File | 9,87 Gb Available in Paging File | 82,74% Paging File free
Paging file location(s): e:\pagefile.sys 8230 8230 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 58,79 Gb Total Space | 10,24 Gb Free Space | 17,42% Space Free | Partition Type: NTFS
Drive E: | 14,65 Gb Total Space | 6,52 Gb Free Space | 44,52% Space Free | Partition Type: NTFS
Drive G: | 68,36 Gb Total Space | 13,29 Gb Free Space | 19,45% Space Free | Partition Type: NTFS
Drive S: | 107,46 Gb Total Space | 23,50 Gb Free Space | 21,87% Space Free | Partition Type: NTFS
Drive Z: | 633,42 Gb Total Space | 249,53 Gb Free Space | 39,39% Space Free | Partition Type: NTFS

Computer Name: DANIEL-PC | User Name: Daniel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe (Adobe Systems, Inc.)
PRC - A:\Programme\Tools\Sicherheit\OTL.exe (OldTimer Tools)
PRC - A:\Programme\Vista\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - A:\Programme\Vista\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - A:\Programme\Vista\Firefox\firefox.exe (Mozilla Corporation)
PRC - A:\Programme\Vista\Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - A:\Programme\Vista\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - A:\Programme\Vista\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\SysWOW64\PnkBstrB.exe ()
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - A:\Programme\Vista\SpybotSD\TeaTimer.exe (Safer-Networking Ltd.)
PRC - A:\Programme\Vista\SpybotSD\SDWinSec.exe (Safer Networking Ltd.)
PRC - A:\Programme\Vista\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
PRC - C:\Program Files (x86)\Hotkey\Hotkey.exe ()
PRC - C:\Windows\BisonCam\BisonHK.exe (mychat)
PRC - C:\Windows\BisonCam\DeLay.exe (Bison Inc.)
PRC - A:\Programme\Vista\Razer\razerhid.exe ()
PRC - A:\Programme\Vista\Razer\razerofa.exe (Razer Inc.)
PRC - A:\Programme\Vista\Razer\razertra.exe ()


========== Modules (No Company Name) ==========

MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
MOD - A:\Programme\Vista\Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\3c92d4b3ec56936eab8e17ed81940c10\Microsoft.VisualBasic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\675632907c226b0c67a2407f2ddd4bf7\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e4d54640bacd18e047a4573cb4611bd3\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5d8696f15e49aedf883dd945806a7049\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files (x86)\Hotkey\Hotkey.exe ()
MOD - C:\Windows\BisonCam\KBHookDLL.dll ()
MOD - A:\Programme\Vista\Razer\razerhid.exe ()
MOD - A:\Programme\Vista\Razer\razertra.exe ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (hasplms) -- C:\Windows\SysNative\hasplms.exe (SafeNet Inc.)
SRV - (TomTomHOMEService) -- A:\Programme\Vista\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (SkypeUpdate) -- A:\Programme\Vista\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (FLEXnet Licensing Service 64) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Flexera Software, Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (AntiVirService) -- A:\Programme\Vista\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- A:\Programme\Vista\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (vpnagent) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (PnkBstrB) -- C:\Windows\SysWOW64\PnkBstrB.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (SBSDWSCService) -- A:\Programme\Vista\SpybotSD\SDWinSec.exe (Safer Networking Ltd.)
SRV - (PowerBiosServer) -- C:\Program Files (x86)\Hotkey\PowerBiosServer.exe ()
SRV - (GtDetectSc) -- C:\Programme\Option\GlobeTrotter Connect\GtDetectSc.exe (OptionNV)
SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
SRV - (rpcapd) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies)
SRV - (Nero BackItUp Scheduler 3) -- A:\Programme\Vista\Nero 8\Nero BackItUp\NBService.exe (Nero AG)


========== Driver Services (SafeList) ==========

DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira GmbH)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (acsmux) -- C:\Windows\SysNative\DRIVERS\acsmux64.sys (Cisco Systems, Inc.)
DRV:64bit: - (acsint) -- C:\Windows\SysNative\DRIVERS\acsint64.sys (Cisco Systems, Inc.)
DRV:64bit: - (Uim_IM) -- C:\Windows\SysNative\Drivers\Uim_IMx64.sys (Paragon)
DRV:64bit: - (UimBus) -- C:\Windows\SysNative\DRIVERS\uimx64.sys (Windows ® 2000 DDK provider)
DRV:64bit: - (Uim_VIM) -- C:\Windows\SysNative\Drivers\uim_vimx64.sys (Paragon)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\DRIVERS\avkmgr.sys (Avira GmbH)
DRV:64bit: - (vpnva) -- C:\Windows\SysNative\DRIVERS\vpnva64.sys (Cisco Systems, Inc.)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek )
DRV:64bit: - (nm3) -- C:\Windows\SysNative\DRIVERS\nm3.sys (Microsoft Corporation)
DRV:64bit: - (aksdf) -- C:\Windows\SysNative\drivers\aksdf.sys (Aladdin Knowledge Systems Ltd.)
DRV:64bit: - (aksfridge) -- C:\Windows\SysNative\drivers\aksfridge.sys (Aladdin Knowledge Systems Ltd.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (hardlock) -- C:\Windows\SysNative\drivers\hardlock.sys (Aladdin Knowledge Systems Ltd.)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\DRIVERS\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\DRIVERS\lirsgt.sys ()
DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys ()
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\Drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\DRIVERS\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (adfs) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.)
DRV:64bit: - (Cam5607) -- C:\Windows\SysNative\Drivers\BisonC07.sys (Bison Electronics. Inc. )
DRV:64bit: - (NETw5v64) -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys (Intel Corporation)
DRV:64bit: - (smserial) -- C:\Windows\SysNative\DRIVERS\smserial.sys (Motorola Inc.)
DRV:64bit: - (GT72NDISIPXP) -- C:\Windows\SysNative\DRIVERS\Gt51Ip.sys (Option N.V.)
DRV:64bit: - (GT72UBUS) -- C:\Windows\SysNative\DRIVERS\gt72ubus.sys (Option N.V.)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies)
DRV:64bit: - (sscdmdm) -- C:\Windows\SysNative\DRIVERS\sscdmdm.sys (MCCI Corporation)
DRV:64bit: - (sscdmdfl) -- C:\Windows\SysNative\DRIVERS\sscdmdfl.sys (MCCI Corporation)
DRV:64bit: - (sscdbus) -- C:\Windows\SysNative\DRIVERS\sscdbus.sys (MCCI Corporation)
DRV:64bit: - (GTPTSER) -- C:\Windows\SysNative\DRIVERS\gtptser.sys (Option N.V.)
DRV:64bit: - (ElbyCDFL) -- C:\Windows\SysNative\Drivers\ElbyCDFL.sys (SlySoft, Inc.)
DRV:64bit: - (Razerlow) -- C:\Windows\SysNative\drivers\DB3G.sys (Razer (Asia-Pacific) Pte Ltd)
DRV - (adfs) -- C:\Windows\SysWow64\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (ElbyCDFL) -- C:\Windows\SysWOW64\drivers\ElbyCDFL.sys (SlySoft, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2661488324-2594523016-1501765560-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
IE - HKU\S-1-5-21-2661488324-2594523016-1501765560-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKU\S-1-5-21-2661488324-2594523016-1501765560-1000\..\SearchScopes,DefaultScope = {6CA6AB68-41B1-4F7F-BC1F-B1E0F86F91AB}
IE - HKU\S-1-5-21-2661488324-2594523016-1501765560-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-2661488324-2594523016-1501765560-1000\..\SearchScopes\{6CA6AB68-41B1-4F7F-BC1F-B1E0F86F91AB}: "URL" = http://www.google.de...q={searchTerms}
IE - HKU\S-1-5-21-2661488324-2594523016-1501765560-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2661488324-2594523016-1501765560-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: A:\Programme\Vista\iPhone\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: A:\Programme\Vista\Canon Pixma\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: A:\Programme\Vista\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: A:\Programme\Vista\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: A:\Programme\Vista\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: A:\Programme\Vista\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: A:\Programme\Vista\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: A:\Programme\Vista\Realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.732: A:\Programme\Vista\Realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: A:\Programme\Vista\Realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: A:\Programme\Vista\Adobe\Reader 10\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.06.04 10:34:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: A:\Programme\Vista\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.03.01 13:51:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.2\extensions\\Components: A:\Programme\Vista\Firefox\components [2012.07.18 12:41:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.2\extensions\\Plugins: A:\Programme\Vista\Firefox\plugins [2012.07.05 21:10:05 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: A:\Programme\Vista\Firefox\components [2012.07.18 12:41:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: A:\Programme\Vista\Firefox\plugins [2012.07.05 21:10:05 | 000,000,000 | ---D | M]

[2012.08.20 15:25:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\Extensions
[2012.08.20 15:25:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\Extensions\[email protected]
[2010.09.26 22:35:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\Extensions\[email protected]
[2012.08.14 11:12:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\if9fk0cu.default\extensions
[2010.04.28 13:05:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\if9fk0cu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.03.29 19:49:22 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\if9fk0cu.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

O1 HOSTS File: ([2012.04.13 17:00:47 | 000,000,835 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - A:\Programme\Vista\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [BisonHK] C:\Windows\BisonCam\BisonHK.exe (mychat)
O4:64bit: - HKLM..\Run: [DeLay] C:\Windows\BisonCam\DeLay.exe (Bison Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] A:\Programme\Vista\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Diamondback] A:\Programme\Vista\Razer\razerhid.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [VirtualCloneDrive] A:\Programme\Vista\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2661488324-2594523016-1501765560-1000..\Run: [SpybotSD TeaTimer] A:\Programme\Vista\SpybotSD\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-2661488324-2594523016-1501765560-1004..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2661488324-2594523016-1501765560-1004..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2661488324-2594523016-1501765560-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_271_Plugin.exe (Adobe Systems Incorporated)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - A:\Programme\Vista\MS Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - A:\Programme\Vista\MS Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - A:\Programme\Vista\ICQ\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - A:\Programme\Vista\ICQ\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - A:\Programme\Vista\MS Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://static.pe.stu...ache=1222095909 (Image Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.0.43.81 217.0.43.65
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1764FA82-2AAD-48AC-AD19-1AAF123D0AEC}: DhcpNameServer = 193.254.160.1 193.254.160.130
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{435FDF61-F9B2-460D-BF4F-E9C93379F1C9}: NameServer = 8.8.4.4,8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9394D44A-938C-4448-84A3-437A7541EA7E}: DhcpNameServer = 217.0.43.81 217.0.43.65
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{07d406fd-bdc9-11df-9391-0090f58b0237}\Shell - "" = AutoRun
O33 - MountPoints2\{07d406fd-bdc9-11df-9391-0090f58b0237}\Shell\AutoRun\command - "" = I:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{3037157a-aaa6-11dd-a788-0090f58b0237}\Shell - "" = AutoRun
O33 - MountPoints2\{3037157a-aaa6-11dd-a788-0090f58b0237}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\{525fbdcc-8fe6-11df-af14-0090f58b0237}\Shell\AutoRun\command - "" = I:\mirk\\okitab.exe
O33 - MountPoints2\{525fbdcc-8fe6-11df-af14-0090f58b0237}\Shell\explore\command - "" = I:\mirk\\\okitab.exe
O33 - MountPoints2\{525fbdcc-8fe6-11df-af14-0090f58b0237}\Shell\open\command - "" = I:\mirk\\\okitab.exe
O33 - MountPoints2\{54d9649d-f0c6-11df-bca2-0090f58b0237}\Shell - "" = AutoRun
O33 - MountPoints2\{54d9649d-f0c6-11df-bca2-0090f58b0237}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{c76754d1-52fb-11e1-bba0-a883fb90f49d}\Shell - "" = AutoRun
O33 - MountPoints2\{c76754d1-52fb-11e1-bba0-a883fb90f49d}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{c76754d2-52fb-11e1-bba0-9b6e40a9e24a}\Shell - "" = AutoRun
O33 - MountPoints2\{c76754d2-52fb-11e1-bba0-9b6e40a9e24a}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{c76754e9-52fb-11e1-bba0-9b6e40a9e24a}\Shell - "" = AutoRun
O33 - MountPoints2\{c76754e9-52fb-11e1-bba0-9b6e40a9e24a}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{e27ffdf8-f3bc-11df-a03a-0090f58b0237}\Shell - "" = AutoRun
O33 - MountPoints2\{e27ffdf8-f3bc-11df-a03a-0090f58b0237}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\{f02c40f0-56a2-11de-bfde-0090f58b0237}\Shell - "" = AutoRun
O33 - MountPoints2\{f02c40f0-56a2-11de-bfde-0090f58b0237}\Shell\AutoRun\command - "" = I:\setup.exe AUTORUN=1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012.08.21 22:20:10 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\reise
[2012.08.20 15:28:06 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\Downloaded Installations
[2012.08.20 15:26:19 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Documents\TomTom
[2012.08.20 15:26:15 | 000,000,000 | ---D | C] -- C:\ProgramData\TomTom
[2012.08.20 15:25:57 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\TomTom
[2012.08.20 15:25:57 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\TomTom
[2012.08.20 15:25:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom
[2012.08.20 15:25:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TomTom International B.V
[2012.08.20 15:25:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TomTom DesktopSuite
[2012.08.19 18:30:46 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\Belegarbeit
[2012.08.15 12:00:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.08.15 11:59:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012.08.13 16:08:27 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.08.13 14:59:33 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Malwarebytes
[2012.08.13 14:59:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.11 18:16:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2012.08.11 18:16:08 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\NPE
[2012.08.07 13:30:38 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\redsn0w
[2012.07.30 17:43:34 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Documents\Network Monitor 3
[2012.07.30 17:42:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Network Monitor 3.4
[2012.07.24 12:13:30 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\iPhone

========== Files - Modified Within 30 Days ==========

[2012.08.22 12:01:53 | 008,405,015 | ---- | M] () -- C:\Windows\TmpFile1
[2012.08.22 12:01:26 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.22 12:01:19 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.22 12:01:19 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.22 12:01:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.22 01:30:23 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.08.22 00:59:03 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.21 14:58:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012.08.21 14:39:22 | 001,588,952 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.08.21 14:39:22 | 000,682,142 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.08.21 14:39:22 | 000,641,132 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.08.21 14:39:22 | 000,149,574 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.08.21 14:39:22 | 000,123,016 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.08.20 14:00:57 | 007,369,144 | ---- | M] () -- C:\Users\Daniel\Desktop\Gangs_of_New_York_Soundtrack_-_New_York_Girls.flv
[2012.08.06 19:39:28 | 000,144,384 | ---- | M] () -- C:\Users\Daniel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.07.24 10:52:35 | 003,140,283 | ---- | M] () -- C:\Users\Daniel\Desktop\Voegel_03-07_Spektivtest_70-75_low.pdf

========== Files Created - No Company Name ==========

[2012.08.20 13:57:29 | 007,369,144 | ---- | C] () -- C:\Users\Daniel\Desktop\Gangs_of_New_York_Soundtrack_-_New_York_Girls.flv
[2012.07.24 10:52:33 | 003,140,283 | ---- | C] () -- C:\Users\Daniel\Desktop\Voegel_03-07_Spektivtest_70-75_low.pdf
[2012.06.20 11:25:39 | 000,000,250 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.06.20 11:25:39 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2012.05.15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.12.14 17:25:41 | 000,000,079 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\.ettercap_gtk
[2011.09.20 11:42:37 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll
[2011.09.20 11:42:37 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll
[2011.04.28 13:31:37 | 000,000,094 | ---- | C] () -- C:\Users\Daniel\AppData\Local\fusioncache.dat
[2011.04.28 13:29:22 | 001,568,958 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.04.04 22:22:11 | 000,002,976 | ---- | C] () -- C:\Users\Daniel\.recently-used.xbel
[2011.04.04 22:15:53 | 000,000,882 | ---- | C] () -- C:\Users\Daniel\.ufrawrc
[2010.09.16 13:50:33 | 000,090,416 | ---- | C] () -- C:\Windows\AKDeInstall.exe
[2010.09.08 17:00:33 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin
[2010.06.03 21:06:18 | 000,017,408 | ---- | C] () -- C:\Users\Daniel\AppData\Local\WebpageIcons.db
[2010.04.10 20:12:50 | 000,000,680 | ---- | C] () -- C:\Users\Daniel\AppData\Local\d3d9caps.dat
[2009.02.08 16:37:59 | 000,000,552 | ---- | C] () -- C:\Users\Daniel\AppData\Local\d3d8caps.dat
[2008.12.18 11:18:53 | 000,000,126 | -HS- | C] () -- C:\ProgramData\.zreglib
[2008.09.27 21:09:45 | 000,001,033 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\ShiftN.ini
[2008.09.15 23:42:21 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.09.10 18:48:34 | 000,144,384 | ---- | C] () -- C:\Users\Daniel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.09.10 16:18:35 | 000,001,460 | ---- | C] () -- C:\Users\Daniel\AppData\Local\d3d9caps64.dat

========== LOP Check ==========

[2008.09.17 19:37:35 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Anthropics
[2012.08.21 11:07:48 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Audacity
[2011.09.06 16:16:44 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Bio-Rad
[2011.10.04 11:37:16 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Bitcoin
[2012.06.23 17:18:47 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Canon
[2009.10.25 15:10:56 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\CD-LabelPrint
[2008.09.10 22:53:29 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\DAEMON Tools
[2012.07.22 16:09:02 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\DiskAid
[2009.03.13 22:03:36 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\DxO Labs
[2009.03.13 22:04:00 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\DxO_Labs
[2010.09.26 22:35:41 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Flickr
[2010.09.15 00:00:42 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\GetRightToGo
[2011.04.04 22:22:11 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\gtk-2.0
[2012.06.16 02:35:23 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\ICQ
[2008.12.18 15:01:36 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\ImgBurn
[2011.10.26 18:17:51 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\LibreOffice
[2010.09.12 01:40:26 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\LolClient
[2010.09.14 16:14:51 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\ManyCam
[2012.05.25 04:33:16 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\ooVoo Details
[2009.06.11 18:28:15 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\OpenOffice.org
[2009.03.13 21:59:18 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\PACE Anti-Piracy
[2011.06.16 23:24:51 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\poclbm
[2012.04.18 23:03:07 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\PTGui
[2011.04.03 10:55:55 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\RawTherapeeAlpha
[2012.08.07 14:37:19 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\redsn0w
[2011.11.05 00:48:25 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\RStudio
[2012.07.21 16:27:19 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Software4u
[2011.11.17 13:10:20 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Tinn-R
[2012.08.20 15:25:57 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\TomTom
[2010.09.13 14:11:00 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Uniblue
[2012.07.21 21:01:18 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\WindSolutions
[2012.08.22 01:30:24 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 72 bytes -> C:\Windows:5F0592099A32DCC0
@Alternate Data Stream - 523 bytes -> C:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 1376 bytes -> C:\ProgramData\Microsoft:2aFCTYIauh49VL3a6T3hn1x
@Alternate Data Stream - 1339 bytes -> C:\Users\Daniel\AppData\Local\pgz9ZkDlY8W:uJVY4whjdMSVr0HoJctvFpH
@Alternate Data Stream - 1334 bytes -> C:\ProgramData\Microsoft:yZvVHxMnho9TrFuHvzEft1

< End of report >


Extras.txt

OTL Extras logfile created on: 18.08.2012 13:47:37 - Run 4
OTL by OldTimer - Version 3.2.57.0 Folder = A:\Programme\Tools\Sicherheit
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,99 Gb Total Physical Memory | 2,10 Gb Available Physical Memory | 52,50% Memory free
11,94 Gb Paging File | 9,78 Gb Available in Paging File | 81,84% Paging File free
Paging file location(s): e:\pagefile.sys 8230 8230 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 58,79 Gb Total Space | 14,39 Gb Free Space | 24,47% Space Free | Partition Type: NTFS
Drive E: | 14,65 Gb Total Space | 6,52 Gb Free Space | 44,52% Space Free | Partition Type: NTFS
Drive G: | 68,36 Gb Total Space | 13,29 Gb Free Space | 19,45% Space Free | Partition Type: NTFS
Drive S: | 107,46 Gb Total Space | 23,66 Gb Free Space | 22,02% Space Free | Partition Type: NTFS
Drive Z: | 633,42 Gb Total Space | 249,92 Gb Free Space | 39,46% Space Free | Partition Type: NTFS

Computer Name: DANIEL-PC | User Name: Daniel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2661488324-2594523016-1501765560-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- A:\Programme\Vista\Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "A:\Programme\Vista\MS Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "A:\Programme\Vista\MS Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "A:\Programme\Vista\VLC\vlc-1.0.5\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- A:\Programme\Vista\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "A:\Programme\Vista\VLC\vlc-1.0.5\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "A:\Programme\Vista\MS Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "A:\Programme\Vista\MS Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "A:\Programme\Vista\VLC\vlc-1.0.5\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- A:\Programme\Vista\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "A:\Programme\Vista\VLC\vlc-1.0.5\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 3E 1C B0 6A A9 51 CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2661488324-2594523016-1501765560-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03A9D8F9-727F-40B5-A1C8-137D549EE2F5}" = lport=137 | protocol=17 | dir=in | app=system |
"{1FDC75A7-3678-42B5-8C77-7215A3AB3D70}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{2000FCCE-56E9-47B3-9603-0B0A2118132C}" = lport=138 | protocol=17 | dir=in | app=system |
"{25F3B178-0433-4ECD-86AD-D4C071873DC4}" = lport=445 | protocol=6 | dir=in | app=system |
"{27F0BBE8-E77B-4644-ADC1-32439D041379}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2F0BEDCE-4BEF-49F3-BFEC-7BF115414BFB}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher |
"{3B2C05E6-F7C2-4DE2-971B-0338BC64589C}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{3E5F873E-1594-4ABE-BE8E-5A42516FC4F0}" = rport=138 | protocol=17 | dir=out | app=system |
"{524FF324-190E-4503-8697-BCEC983ACBF5}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{6F9A149F-1E12-4443-89F7-00E48737657F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{70284FBE-7A2E-4227-934B-7BD84123AFD0}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{77896EB8-D669-4D03-B975-EFD4306C13C1}" = rport=139 | protocol=6 | dir=out | app=system |
"{98126AF1-83C9-400F-9304-D799B9546A23}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{9B8101E1-00CD-4640-B49B-6CEE6F30E948}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{9DD04AD7-FBA1-40C5-9493-4D0B478FCDF6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9F408C4A-981D-420E-BE0A-6588B47A34B4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{9FF9B398-A7C7-4EDF-802F-93D7301EAB7C}" = rport=445 | protocol=6 | dir=out | app=system |
"{9FFE290F-9123-4377-9D76-33A92FC0204D}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher |
"{BF7F3FF4-055E-4654-9B43-8136ED845F55}" = rport=137 | protocol=17 | dir=out | app=system |
"{C03CF2ED-101F-43BB-8B62-7426734A3CDE}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{D8BF147E-7D53-45FA-A3FE-5B93306E9376}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D96DD8B1-5AA9-443C-BC5E-6C2329B9C9C3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EBCF9561-9AB4-4232-B3CF-3E9FD323F479}" = lport=139 | protocol=6 | dir=in | app=system |
"{FDE2FA16-3EFA-4BAF-B7F6-62C09C4B75D3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09DDC764-E218-40F5-B696-7B133421B7F6}" = protocol=1 | dir=in | [email protected],-28543 |
"{0B03262E-6968-44C4-90D1-AACBBBFC45C1}" = protocol=17 | dir=in | app=g:\games\vista\steam\steamapps\common\dota 2 beta\dota.exe |
"{1078D3BB-3A27-4923-84E7-A4E8EE0B7F0A}" = protocol=6 | dir=in | app=g:\games\vista\crysis\bin32\crysisdedicatedserver.exe |
"{11F834EF-62A8-42DB-835D-AF510DA44920}" = protocol=17 | dir=in | app=g:\games\vista\league of legends\air\lolclient.exe |
"{1A64B0AC-0FC5-45CF-9EAB-23AA981121B4}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{1B92EE72-0EBF-4DD7-8D04-90B36DA4E806}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{1C790510-A155-4D1C-AFB1-7C97BD74F5B3}" = protocol=17 | dir=in | app=a:\programme\vista\icq\icq7.2\icq.exe |
"{1FC7DBF4-2E2B-4AE7-828D-309A0C76FC18}" = protocol=6 | dir=in | app=g:\games\vista\steam\steamapps\kamikasse\counter-strike\hl.exe |
"{20E2A033-6409-4925-B1CA-3F504BDEB694}" = protocol=17 | dir=in | app=g:\games\vista\crysis\bin32\crysis.exe |
"{26613B22-3198-4406-A8F5-7D8191C97C08}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{2A108E73-0147-4E4F-8C35-DA1F684BFA8B}" = protocol=17 | dir=in | app=g:\games\vista\steam\steam.exe |
"{2D6DC1CE-A4EB-49AF-8BBE-00567B0083A5}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{30703650-CAF3-4885-AF29-971BFB83D740}" = protocol=6 | dir=in | app=a:\programme\vista\yahoo messenger\messenger\yahoomessenger.exe |
"{31966044-CF10-473F-B9EF-C26464BF2415}" = dir=in | app=a:\programme\vista\iphone\itunes\itunes.exe |
"{360D7458-167C-49B6-9EE7-11F1C0047412}" = protocol=17 | dir=in | app=a:\programme\vista\yahoo messenger\messenger\yahoomessenger.exe |
"{382CB011-1ED4-4424-87F0-A0F8B6D5072D}" = protocol=17 | dir=in | app=a:\programme\vista\icq\icq7.2\aolload.exe |
"{3993FF3D-4A5A-4626-8B31-2AA03B31FE4C}" = dir=in | app=a:\programme\vista\skype\phone\skype.exe |
"{412439BA-C36B-49B9-8EFD-53A35853121E}" = protocol=6 | dir=in | app=a:\programme\vista\icq\icq7.2\aolload.exe |
"{4322B004-2B5F-42B2-A41F-3DD04B8A3A92}" = protocol=6 | dir=in | app=g:\games\vista\rockstar games\rockstar games social club\rgsclauncher.exe |
"{49EBE3C1-3B14-4E5D-A0AB-D8D2750165C1}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{4AFB02F4-9FF5-46CB-9BB3-0D0DB99476D7}" = protocol=6 | dir=in | app=a:\programme\vista\icq\icq7.2\icq.exe |
"{517B5C67-A172-4E21-B4BC-5A844C3E50DB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{58B4E94D-8588-4EC9-BE0B-41F48747A24A}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{5DC5928C-BEE6-4B54-8AA1-54D01EB30961}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{6050A661-9EA2-4921-95E2-AD93CB5AD355}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{6418A616-FA10-442E-8577-B6E1DF2E383B}" = protocol=6 | dir=in | app=a:\programme\vista\icq\icq7.2\icq.exe |
"{67F04552-42DD-4B41-BB13-A28941A6BD57}" = protocol=17 | dir=in | app=g:\games\vista\rockstar games\rockstar games social club\rgsclauncher.exe |
"{69A5BF7D-E0B9-4953-A92D-98BE1EE946EB}" = protocol=17 | dir=in | app=g:\games\vista\rockstar games\gta iv\grand theft auto iv\launchgtaiv.exe |
"{6E247E8F-BF3F-4AE6-8208-DB733AB4640C}" = protocol=17 | dir=in | app=a:\programme\vista\iphone\iphone explorer\software4u.iphoneexplorer.exe |
"{730F4B70-CF5B-42AB-8431-B07EFA18FF9C}" = protocol=6 | dir=in | app=a:\programme\vista\iphone\iphone explorer\software4u.iphoneexplorer.exe |
"{758FF5F4-B039-4F9A-B561-13586821B039}" = protocol=1 | dir=out | [email protected],-28544 |
"{75CE771B-4E20-4040-93DF-E9AC6392DFA5}" = protocol=6 | dir=in | app=g:\games\vista\crysis\bin32\crysis.exe |
"{79057D84-01F0-468F-ABF8-8C0C996F43DE}" = protocol=17 | dir=in | app=a:\programme\vista\icq\icq7.2\aolload.exe |
"{7BE3683F-5FE0-4021-BC9D-318D46426C07}" = protocol=6 | dir=in | app=g:\games\vista\steam\steam.exe |
"{7C3C64C1-92CA-453D-A1A6-AD15199F9A58}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7CE9F49E-B0DB-440D-ABDA-0968E746FA6E}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{80AC9C10-8CE9-467A-A1DA-DE7B82DDCDE2}" = protocol=6 | dir=in | app=g:\games\vista\league of legends\game\league of legends.exe |
"{8152E850-656F-417F-9510-EE65EBF66730}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{831E3C9D-CFDA-48CD-97E5-A7D851D11394}" = protocol=17 | dir=in | app=a:\programme\vista\icq\icq7.2\icq.exe |
"{8606AE1F-B8B6-4E72-9790-9FB6E182CC7F}" = protocol=17 | dir=in | app=g:\games\vista\steam\steam.exe |
"{862618BF-ABD0-4E8C-B1F9-EADCB8093E0F}" = protocol=6 | dir=in | app=c:\windows\system32\hasplms.exe |
"{8861A561-9378-42FE-9264-9E259B211533}" = protocol=6 | dir=in | app=g:\games\vista\rockstar games\gta iv\grand theft auto iv\launchgtaiv.exe |
"{8FDC12BF-61CA-4245-AB60-A4853F7564AF}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{9332F4AF-F521-421B-82EC-807048E7B15F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{98F2597F-F0E3-4FA0-9184-8F38B431C3D5}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{A271B458-ECB9-4F8B-A814-F05DE0F2D532}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{A5CFD30A-F1DE-469C-9B4C-ED7DAB63F609}" = protocol=6 | dir=in | app=a:\programme\vista\icq\icq7.2\aolload.exe |
"{A6231193-6437-4717-93B6-F6B7B3256B30}" = protocol=6 | dir=in | app=g:\games\vista\kane and lynch\kaneandlynch.exe |
"{B582AA15-4D45-4094-9564-549491F5441A}" = protocol=17 | dir=in | app=g:\games\vista\crysis\bin32\crysisdedicatedserver.exe |
"{B63E08B3-5E27-4CEE-9C3E-90814CF5D63D}" = protocol=6 | dir=in | app=g:\games\vista\crysis\bin64\crysisdedicatedserver.exe |
"{C010C20C-12A2-4E7A-92BA-CAC082888B28}" = protocol=17 | dir=in | app=g:\games\vista\steam\steamapps\common\dota 2 beta\dota.exe |
"{C7D3BB21-9498-4004-81C5-9A7D5A633809}" = protocol=58 | dir=out | [email protected],-28546 |
"{D7894933-AC31-4802-BACA-9EE617916873}" = protocol=58 | dir=in | [email protected],-28545 |
"{D9C40226-6F66-4E21-8931-7967C3538A5D}" = protocol=17 | dir=in | app=g:\games\vista\league of legends\game\league of legends.exe |
"{DD02F313-5F51-4FE6-B334-A88D1B2C8E11}" = protocol=17 | dir=in | app=g:\games\vista\kane and lynch\kaneandlynch.exe |
"{DD68EF71-0E98-46E6-9FC8-9FBF71CA3ADA}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{DE494ABD-9551-43BE-827D-A84C155FDFB0}" = protocol=17 | dir=in | app=g:\games\vista\crysis\bin64\crysisdedicatedserver.exe |
"{DE861B23-9040-474A-9155-F74A1101B252}" = protocol=6 | dir=in | app=g:\games\vista\prototype\prototypef.exe |
"{DEE02FF0-EFD8-45A0-B487-511CBEE35170}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{DF765545-F123-4DBE-8030-6932E785CB47}" = protocol=6 | dir=in | app=g:\games\vista\steam\steamapps\common\dota 2 beta\dota.exe |
"{E17AC1A2-3543-404B-BA76-44365DC09FFA}" = protocol=6 | dir=in | app=g:\games\vista\league of legends\air\lolclient.exe |
"{E2019786-C9C0-4046-BBF8-9311EACCAE2E}" = protocol=17 | dir=in | app=g:\games\vista\prototype\prototypef.exe |
"{E2380AFE-9529-43CA-AA5E-59556FC31DBA}" = protocol=6 | dir=in | app=g:\games\vista\crysis\bin64\crysis.exe |
"{E2BD1FD7-F76E-4AAC-B648-995E7D0C2A08}" = protocol=17 | dir=in | app=g:\games\vista\steam\steamapps\kamikasse\counter-strike\hl.exe |
"{E5573C7C-AA20-4DB1-B414-F493677648E3}" = protocol=6 | dir=in | app=g:\games\vista\steam\steam.exe |
"{F1714522-19F4-48AD-9339-B09DB57E63BB}" = protocol=6 | dir=in | app=g:\games\vista\steam\steamapps\common\dota 2 beta\dota.exe |
"{F8462619-D8FC-474B-AE3B-05AD045EB3FE}" = protocol=17 | dir=in | app=c:\windows\system32\hasplms.exe |
"{F89C17D6-A70E-43BA-98DF-9B1B1EFCD9DA}" = protocol=17 | dir=in | app=g:\games\vista\crysis\bin64\crysis.exe |
"TCP Query User{25C2C271-3445-4F90-A33A-5BDFB663676E}G:\games\vista\warcraft iii\listchecker\pickup.listchecker.exe" = protocol=6 | dir=in | app=g:\games\vista\warcraft iii\listchecker\pickup.listchecker.exe |
"TCP Query User{3B44605F-D5A1-4807-B32E-09BA2D3B00C8}G:\games\vista\soldier of fortune payback\sof3.exe" = protocol=6 | dir=in | app=g:\games\vista\soldier of fortune payback\sof3.exe |
"TCP Query User{5384558F-5AD5-446F-BCCD-D48F824A4DB3}A:\programme\vista\emule\emule.exe" = protocol=6 | dir=in | app=a:\programme\vista\emule\emule.exe |
"TCP Query User{7305552F-FAA1-47D2-B104-BB395863D045}G:\games\vista\sid meier's civilization 4\civilization4.exe" = protocol=6 | dir=in | app=g:\games\vista\sid meier's civilization 4\civilization4.exe |
"TCP Query User{90002CB5-0738-482D-A3D0-97A6DEE2FF32}G:\games\vista\starcraft\starcraft.exe" = protocol=6 | dir=in | app=g:\games\vista\starcraft\starcraft.exe |
"TCP Query User{9043C97D-5F0E-47E9-A79F-61C335C1F4D6}G:\games\vista\warcraft iii\war3.exe" = protocol=6 | dir=in | app=g:\games\vista\warcraft iii\war3.exe |
"TCP Query User{93444569-A651-4408-9579-0BCAF562884B}A:\programme\vista\icq\icq6\icq.exe" = protocol=6 | dir=in | app=a:\programme\vista\icq\icq6\icq.exe |
"TCP Query User{96FF843E-98DE-40D7-9694-4A59F7129202}G:\games\vista\warcraft iii\war3.exe" = protocol=6 | dir=in | app=g:\games\vista\warcraft iii\war3.exe |
"TCP Query User{A183DB00-B3C7-4AEF-BB57-A8F11ACE5828}G:\games\vista\warcraft iii\listchecker\pickup.listchecker.exe" = protocol=6 | dir=in | app=g:\games\vista\warcraft iii\listchecker\pickup.listchecker.exe |
"TCP Query User{A6602194-57F6-4603-8C93-D7C279E8CA0F}A:\programme\vista\emule\emule.exe" = protocol=6 | dir=in | app=a:\programme\vista\emule\emule.exe |
"TCP Query User{BCDB0903-81DB-4142-A63B-8B4583BC775A}A:\programme\vista\icq\icq6.5\icq.exe" = protocol=6 | dir=in | app=a:\programme\vista\icq\icq6.5\icq.exe |
"TCP Query User{CD225332-F4AD-4BE8-8D55-0B56B66279FD}G:\games\vista\starcrafteng\starcraft.exe" = protocol=6 | dir=in | app=g:\games\vista\starcrafteng\starcraft.exe |
"TCP Query User{CE958C00-AC71-4DBA-A68F-16065C154EE8}S:\my data\downloads\downloader_starcraft_combo_enus.exe" = protocol=6 | dir=in | app=s:\my data\downloads\downloader_starcraft_combo_enus.exe |
"TCP Query User{EB12B6F9-01AA-45BA-B0B9-7384C0413FB9}G:\games\vista\russencs\hl.exe" = protocol=6 | dir=in | app=g:\games\vista\russencs\hl.exe |
"TCP Query User{F62EEC69-CD9D-43B8-A0A8-3AF6AFED21B5}G:\games\vista\rockstar games\gta iv\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=g:\games\vista\rockstar games\gta iv\grand theft auto iv\gtaiv.exe |
"TCP Query User{F9923728-1B16-4425-A131-052F0CA786F4}A:\programme\vista\icq\icq6\icq.exe" = protocol=6 | dir=in | app=a:\programme\vista\icq\icq6\icq.exe |
"UDP Query User{02BDEDBE-10DA-43B1-A56A-73FE6CE4DC57}G:\games\vista\warcraft iii\listchecker\pickup.listchecker.exe" = protocol=17 | dir=in | app=g:\games\vista\warcraft iii\listchecker\pickup.listchecker.exe |
"UDP Query User{0350A96B-3808-4411-80FD-9B960FDA2EB5}G:\games\vista\russencs\hl.exe" = protocol=17 | dir=in | app=g:\games\vista\russencs\hl.exe |
"UDP Query User{128A273B-F7AD-4EE9-AA83-4A4CAEED68D5}G:\games\vista\sid meier's civilization 4\civilization4.exe" = protocol=17 | dir=in | app=g:\games\vista\sid meier's civilization 4\civilization4.exe |
"UDP Query User{2B6CB25F-4430-46E5-A750-D5EF0A1F215B}G:\games\vista\rockstar games\gta iv\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=g:\games\vista\rockstar games\gta iv\grand theft auto iv\gtaiv.exe |
"UDP Query User{46920A0C-CB60-427F-97D0-052CD64863E1}G:\games\vista\warcraft iii\war3.exe" = protocol=17 | dir=in | app=g:\games\vista\warcraft iii\war3.exe |
"UDP Query User{4FD0244E-94CE-4A18-B3F4-5DA5839B087D}G:\games\vista\starcrafteng\starcraft.exe" = protocol=17 | dir=in | app=g:\games\vista\starcrafteng\starcraft.exe |
"UDP Query User{5650E9F3-1372-4122-8F9C-32BCEAC4E623}A:\programme\vista\emule\emule.exe" = protocol=17 | dir=in | app=a:\programme\vista\emule\emule.exe |
"UDP Query User{565FD11A-A8BB-40BF-B6CB-AAB2D635E0B2}A:\programme\vista\icq\icq6\icq.exe" = protocol=17 | dir=in | app=a:\programme\vista\icq\icq6\icq.exe |
"UDP Query User{5A17150F-2890-4F89-A668-D2FFFD6A6AD3}A:\programme\vista\icq\icq6.5\icq.exe" = protocol=17 | dir=in | app=a:\programme\vista\icq\icq6.5\icq.exe |
"UDP Query User{6031DD7E-2D38-4FF9-9BA3-E5DE561CF643}S:\my data\downloads\downloader_starcraft_combo_enus.exe" = protocol=17 | dir=in | app=s:\my data\downloads\downloader_starcraft_combo_enus.exe |
"UDP Query User{825CE9D1-B22B-4E12-9C69-B589B3E55143}A:\programme\vista\icq\icq6\icq.exe" = protocol=17 | dir=in | app=a:\programme\vista\icq\icq6\icq.exe |
"UDP Query User{A265DB6F-66E5-4E21-90C4-FCCF2FD336C5}G:\games\vista\warcraft iii\war3.exe" = protocol=17 | dir=in | app=g:\games\vista\warcraft iii\war3.exe |
"UDP Query User{D23220A6-FEB3-49A3-BD2E-4D137CCD1555}A:\programme\vista\emule\emule.exe" = protocol=17 | dir=in | app=a:\programme\vista\emule\emule.exe |
"UDP Query User{E80AAA66-9EBB-4FB2-B384-28AEF9DE6449}G:\games\vista\starcraft\starcraft.exe" = protocol=17 | dir=in | app=g:\games\vista\starcraft\starcraft.exe |
"UDP Query User{FA20537C-F71A-4C13-A3EB-485537F0F592}G:\games\vista\soldier of fortune payback\sof3.exe" = protocol=17 | dir=in | app=g:\games\vista\soldier of fortune payback\sof3.exe |
"UDP Query User{FE3B5E0E-FE5F-4433-A750-C5D2FBD062C7}G:\games\vista\warcraft iii\listchecker\pickup.listchecker.exe" = protocol=17 | dir=in | app=g:\games\vista\warcraft iii\listchecker\pickup.listchecker.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4700_series" = Canon iP4700 series Printer Driver
"{26921B2E-3E62-47F9-A514-1FC4A83BD738}" = Intel® PROSet/Wireless WiFi-Software
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2AF8017B-E503-408F-AACE-8A335452CAD2}" = IBM SPSS Statistics 20
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5C820C43-917F-4A1E-A8CB-F699A73F8AB7}" = AxCrypt 1.7.1878.0
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{60C70D2F-28B7-4654-BBFA-C932BAA4A9E6}" = GlobeTrotter Connect
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{727E94E5-584F-4463-B4F5-93D3779C610B}_x" = GlobeTrotter Connect
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{8C5B5A11-CBF8-451B-B201-77FAB0D0B77D}" = Microsoft Network Monitor 3.4
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{A8BB73DB-199D-4917-B7CB-32FAAC4B820D}" = Topaz Adjust 3 (64-bit)
"{AA45E50C-1447-48CD-9B49-61B82ED1F95C}" = Adobe Photoshop Lightroom 2.3 64-bit
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.16.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BA2B617F-EE1D-4201-9E3C-E3ECD5DEAC39}" = Topaz Adjust (64-bit)
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D21540A9-37AC-40FC-8106-15A4C1A2DD1A}" = Oracle VM VirtualBox 4.1.4
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"4435-7533-6274-7601" = Geneious 5.6.2
"CCleaner" = CCleaner
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"ProInst" = Intel PROSet Wireless
"R for Windows 2.13.2_is1" = R for Windows 2.13.2
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SMSERIAL" = Motorola SM56 Data Fax Modem
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamSpeak 3 Client" = TeamSpeak 3 Client

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{0215A652-E081-4B09-9333-DC85AAB67FFA}" = Adobe Dreamweaver CS5.5
"{02B244A2-7F6A-42E8-A36F-8C385D7A1625}" = Gothic III
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}" = Microsoft Games for Windows - LIVE Redistributable
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0D801AB5-0CA0-4471-B2B6-B9F4A363EE9F}" = DxO Optics Pro for Photoshop CS
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{13B792AA-C078-43A4-8A3A-8B12D629940D}" = Counter-Strike 1.6
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{164714B6-46BC-4649-9A30-A6ED32F03B5A}" = Hotkey
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java™ 7 Update 5
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BB1DCED-84D3-47F9-B718-5947E904593E}" = BisonCam
"{4D243BA7-9AC4-46D1-90E5-EEB88974F501}" = Microsoft Games for Windows - LIVE
"{4D53090A-CE35-42BD-B377-831000018301}" = Fable III
"{50FC1CE8-FF32-4F3B-B654-050DD6ECD474}" = EXIFeditor
"{53DA6CFE-7CDE-4F72-9E23-39AAC686DE17}" = iPhone Folders
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{59C2E0E4-0859-4EC1-BCD3-53DBCEFE7AFA}" = Topaz Adjust
"{5A0D71BC-3AB0-4BC1-B241-CABE11EEE731}" = DxO Optics Pro 5.3.3
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5B0D20D7-AA12-4FC8-9A4A-AF722F430738}_is1" = EOS Camera Movie Record 0.3.1 Beta
"{5E684419-44E3-46EE-A43C-A60082CBF4EC}" = Topaz Adjust 3
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6B6EF732-A621-4BAB-A695-CEF6C76B46F2}" = Ettercap
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7821C7B2-7E21-4CF3-925B-58B6A8BC6311}" = LibreOffice 3.4
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8726B95C-F494-4C7B-8773-7A1943D69C4E}" = Bio-Rad CFX Manager 2.1
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{89C89156-A70F-4C6D-9CAE-2EA71F1396FE}" = Garena
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AEA4BE2-2B52-41C0-BB7D-9F2D17AF1031}" = Nero 8
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{97937CFF-85CE-4534-A843-1DB5C15CF581}" = ImagingPam
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A10D9B03-AABB-47D7-8A30-2FEA97E70BC7}" = Quake Live Mozilla Plugin
"{A6457851-5EA9-45B0-AF1D-D2A0A4781CFB}" = MIDI-OX
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B047C9CE-1B9B-45A9-89A0-7E6F81C16FEF}" = Camtasia Studio 6
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BA2E30B9-5D7B-46C4-8C04-B1EFA7BBA23E}" = Lucis Pro
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BCD4A059-C381-4548-B4F1-564F21A64415}" = Bio-Rad iQ5 2.1 Standard Edition
"{C0E8FE43-C35B-451D-B35F-D4BD056D70E7}" = Camtasia Studio 7
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C576C82C-EE87-11D6-B031-0000CB597465}" = A.F.7 Merge your files 1.3
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D75B5A39-C686-421C-B2BE-FDF9574662E1}" = Cisco AnyConnect Secure Mobility Client
"{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1
"{D7BF3B76-EEF9-4868-9B2B-42ABF60B279A}" = Microsoft_VC80_CRT_x86
"{DA86503D-AAA4-4AB1-B872-ED1360A0424C}" = A.F.6 Split your files 2.2
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DE4CF159-4AD2-4754-BDA0-5FB088C8B58B}" = Razer Diamondback
"{E4511CEC-2E60-4076-95B6-0E193269EB86}" = MicroMachines V4
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F66B9ED8-DB45-4A0C-BE7B-513BE9E28226}" = ASTERICS 3.3.1
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"AVIcodec" = AVIcodec (remove only)
"Avira AntiVir Desktop" = Avira Free Antivirus
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon iP4700 series Benutzerregistrierung" = Canon iP4700 series Benutzerregistrierung
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Carl Zeiss LSM Image Browser" = LSM Image Browser, Release 4.2
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client
"CloneCD" = CloneCD
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DFX for Winamp" = DFX for Winamp
"Diablo II" = Diablo II
"Diablo III" = Diablo III
"DiskAid_is1" = DiskAid 5.3
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup" = DivX-Setup
"DPP" = Canon Utilities Digital Photo Professional 3.9
"DreamSuite Bonus" = Uninstall DreamSuite Bonus
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"eMule" = eMule
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EOS Utility" = Canon Utilities EOS Utility
"Ettercap 0.7.4" = Ettercap-0.7.4
"Exact Audio Copy" = Exact Audio Copy 0.99pb5
"Exif Tag Remover_is1" = Exif Tag Remover 3.01
"FE5AE7DC-7B01-4263-A94C-B4526C276549_is1" = iPhone Explorer
"Flickr Uploadr" = Flickr Uploadr 3.2.1
"Fraps" = Fraps (remove only)
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"hon" = Heroes of Newerth
"ImagingPam" = ImagingPam
"ImgBurn" = ImgBurn
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"ManpWIN_is1" = ManpWIN version 3.01i
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube
"Mozilla Firefox (3.0.2)" = Mozilla Firefox (3.0.2)
"MyCamera" = Canon Utilities MyCamera
"Neat Image_is1" = Neat Image v5 Demo (with plug-in)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Photomatix Pro_is1" = Photomatix Pro version 2.5.4
"PhotomatixPro3_is1" = Photomatix Pro version 3.0
"PhotoStitch" = Canon Utilities PhotoStitch
"Picasa 3" = Picasa 3
"Picture Style Editor" = Canon Utilities Picture Style Editor
"Portrait Professional Max 6_is1" = Portrait Professional Max 6.3
"PTGui" = PTGui Pro 9.0
"PunkBusterSvc" = PunkBuster Services
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 12.0" = RealPlayer
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"RStudio" = RStudio
"SecureW2 EAP Suite" = SecureW2 EAP Suite 1.1.1 for Windows
"SecureW2 TTLS Client" = SecureW2 TTLS Client 3.2.0 for Windows Vista BETA1
"ShiftN_is1" = ShiftN 3.3
"simple1_is1" = Photomatix Tone Mapping Plug-In version 1.0
"simple2_is1" = Tone Mapping Plug-In 1.2
"SMAC 2.7" = SMAC 2.7
"StarCraft" = StarCraft
"StarCraft II" = StarCraft II
"Steam App 10" = Counter-Strike
"Steam App 570" = Dota 2
"SystemRequirementsLab" = System Requirements Lab
"Tinn-R_is1" = Tinn-R 2.3.7.1
"Totalcmd" = Total Commander (Remove or Repair)
"UFRaw_is1" = UFRaw 0.17
"UnrealTournament" = Unreal Tournament G.O.T.Y. Edition
"VertusFluidMask3" = Vertus Fluid Mask 3 3.0.8
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.1.8
"Warcraft III" = Warcraft III
"Warkeys" = Warkeys 1.13.1.0b
"waterMark V2" = waterMark V2
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.0.2
"WinRAR archiver" = WinRAR
"Wise Disk Cleaner_is1" = Wise Disk Cleaner 5.54
"Wise Registry Cleaner_is1" = Wise Registry Cleaner Free 5.54
"XP Codec Pack" = XP Codec Pack
"Yahoo! Messenger" = Yahoo! Messenger
"Zattoo" = Zattoo 3.2.4 Beta
"Zattoo4" = Zattoo4 4.0.5
"Z-defragRAM" = Z-defragRAM
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2661488324-2594523016-1501765560-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Bitcoin" = Bitcoin
"CopyTrans Suite" = Nur Entfernen der CopyTrans Suite möglich
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"Warcraft III" = Warcraft III: All Products

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 18.08.2012 07:02:16 | Computer Name = Daniel-PC | Source = ESENT | ID = 412
Description = wuaueng.dll (448)SUS20ClientDataStore: Die Kopfzeile der Protokolldatei
C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log konnte nicht gelesen werden.
Fehler -546.

Error - 18.08.2012 07:02:16 | Computer Name = Daniel-PC | Source = ESENT | ID = 412
Description = wuaueng.dll (448)SUS20ClientDataStore: Die Kopfzeile der Protokolldatei
C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log konnte nicht gelesen werden.
Fehler -546.

Error - 18.08.2012 07:02:16 | Computer Name = Daniel-PC | Source = ESENT | ID = 412
Description = wuaueng.dll (448)SUS20ClientDataStore: Die Kopfzeile der Protokolldatei
C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log konnte nicht gelesen werden.
Fehler -546.

Error - 18.08.2012 07:02:16 | Computer Name = Daniel-PC | Source = ESENT | ID = 412
Description = wuaueng.dll (448)SUS20ClientDataStore: Die Kopfzeile der Protokolldatei
C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log konnte nicht gelesen werden.
Fehler -546.

Error - 18.08.2012 07:02:16 | Computer Name = Daniel-PC | Source = ESENT | ID = 412
Description = wuaueng.dll (448)SUS20ClientDataStore: Die Kopfzeile der Protokolldatei
C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log konnte nicht gelesen werden.
Fehler -546.

Error - 18.08.2012 07:02:16 | Computer Name = Daniel-PC | Source = ESENT | ID = 412
Description = wuaueng.dll (448)SUS20ClientDataStore: Die Kopfzeile der Protokolldatei
C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log konnte nicht gelesen werden.
Fehler -546.

Error - 18.08.2012 07:32:15 | Computer Name = Daniel-PC | Source = ESENT | ID = 412
Description = wuaueng.dll (448)SUS20ClientDataStore: Die Kopfzeile der Protokolldatei
C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log konnte nicht gelesen werden.
Fehler -546.

Error - 18.08.2012 07:32:15 | Computer Name = Daniel-PC | Source = ESENT | ID = 412
Description = wuaueng.dll (448)SUS20ClientDataStore: Die Kopfzeile der Protokolldatei
C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log konnte nicht gelesen werden.
Fehler -546.

Error - 18.08.2012 07:32:15 | Computer Name = Daniel-PC | Source = ESENT | ID = 412
Description = wuaueng.dll (448)SUS20ClientDataStore: Die Kopfzeile der Protokolldatei
C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log konnte nicht gelesen werden.
Fehler -546.

Error - 18.08.2012 07:32:15 | Computer Name = Daniel-PC | Source = ESENT | ID = 412
Description = wuaueng.dll (448)SUS20ClientDataStore: Die Kopfzeile der Protokolldatei
C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log konnte nicht gelesen werden.
Fehler -546.

[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 15.08.2012 12:38:25 | Computer Name = Daniel-PC | Source = acvpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.

Error - 16.08.2012 05:17:06 | Computer Name = Daniel-PC | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE


Error - 16.08.2012 12:15:02 | Computer Name = Daniel-PC | Source = acvpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.

Error - 17.08.2012 06:50:22 | Computer Name = Daniel-PC | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE


Error - 17.08.2012 07:06:34 | Computer Name = Daniel-PC | Source = acvpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.

Error - 17.08.2012 13:45:22 | Computer Name = Daniel-PC | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE


Error - 17.08.2012 15:06:47 | Computer Name = Daniel-PC | Source = acvpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.

Error - 18.08.2012 06:07:05 | Computer Name = Daniel-PC | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE


Error - 18.08.2012 06:58:04 | Computer Name = Daniel-PC | Source = acvpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.

Error - 18.08.2012 06:59:26 | Computer Name = Daniel-PC | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE


[ System Events ]
Error - 17.08.2012 13:45:17 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 17.08.2012 13:45:17 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 17.08.2012 13:45:25 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 18.08.2012 06:06:29 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 18.08.2012 06:06:29 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 18.08.2012 06:06:59 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 18.08.2012 06:06:59 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 18.08.2012 06:59:12 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 18.08.2012 06:59:12 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 18.08.2012 06:59:20 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7026
Description =


< End of report >


  • 0

#4
Gammo

Gammo

    Trusted Helper

  • Malware Removal
  • 2,299 posts
Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.





Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP