Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
GVU Trojaner 2.07 Anti Malware und OTL Dateien

GVU Trojaner 2.07 Anti Malware und OTL Dateien


Log-Analyse und Auswertung: GVU Trojaner 2.07 Anti Malware und OTL Dateien

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 22.07.2012, 12:50   #1
hanno96
 
GVU Trojaner 2.07 Anti Malware und OTL Dateien - Standard

GVU Trojaner 2.07 Anti Malware und OTL Dateien


Hallo zusammen,
habe mir gestern besagten Trojaner eingefangen.
Im abgesicherten Modus konnte ich eine Systemwiederherstellung machen, so dass der Bildschirm entsperrt war. Damit ist es aber noch nicht getan oder?

Hier mal das Ergebnis von Anti-Malware und die OTL Logfiles:

Anti Malware:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
 
Datenbank Version: v2012.07.22.04
 
Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Malte :: MALTE-PC [Administrator]
 
22.07.2012 12:53:39
mbam-log-2012-07-22 (13-35-19).txt
 
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 405092
Laufzeit: 38 Minute(n), 32 Sekunde(n)
 
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
 
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
 
Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)
 
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
 
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
 
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
 
Infizierte Dateien: 2
C:\Users\Malte\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IR5DXHC2\calc[1].exe (Spyware.Zbot.DG) -> Keine Aktion durchgeführt.
C:\Users\Malte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Keine Aktion durchgeführt.
 
(Ende)
OTL:

Extras:
Code:
ATTFilter
OTL Extras logfile created on: 22.07.2012 13:40:04 - Run 1
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\Malte\Desktop
64bit- Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 1,80 Gb Available Physical Memory | 45,01% Memory free
8,00 Gb Paging File | 5,62 Gb Available in Paging File | 70,32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 244,14 Gb Total Space | 17,45 Gb Free Space | 7,15% Space Free | Partition Type: NTFS
Drive D: | 488,28 Gb Total Space | 105,54 Gb Free Space | 21,61% Space Free | Partition Type: NTFS
Drive E: | 198,99 Gb Total Space | 138,67 Gb Free Space | 69,69% Space Free | Partition Type: NTFS
 
Computer Name: MALTE-PC | User Name: Malte | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee 14.Manage] -- "C:\Program Files (x86)\ACD Systems\ACDSee\14.0\ACDSeeQV14.exe" "%1" (ACD Systems International Inc.)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee 14.Manage] -- "C:\Program Files (x86)\ACD Systems\ACDSee\14.0\ACDSeeQV14.exe" "%1" (ACD Systems International Inc.)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\PPStream\PPStream.exe" = C:\Program Files (x86)\PPStream\PPStream.exe:*:Enabled:PPStream -- (PPStream.com)
"C:\Program Files (x86)\Free Music Zilla\FMZilla.exe" = C:\Program Files (x86)\Free Music Zilla\FMZilla.exe:*:Enabled:FMZilla -- ()
"C:\Program Files (x86)\PPStream\PPStream.exe" = C:\Program Files (x86)\PPStream\PPStream.exe:*:Enabled:PPStream -- (PPStream.com)
"C:\Program Files (x86)\Free Music Zilla\FMZilla.exe" = C:\Program Files (x86)\Free Music Zilla\FMZilla.exe:*:Enabled:FMZilla -- ()
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{171071F6-E83A-40BE-8BF1-19816C316B51}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{19738B6A-DB7F-488F-AF5C-8218039238BE}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{29AC1C33-B01A-4B50-9EF3-8B13608FA9BC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{2CB9502B-9754-4234-B569-4E59F5BBBBB6}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{3021FE33-9574-48C4-B2EC-7399E9B46473}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{35C496A5-11DC-47B3-8C04-63F2EF8C7EB5}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{446DD20C-C1A5-4CC4-8D8F-C9F8543E2077}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{49A58512-EBFD-4C8E-B018-439FD8E9AD09}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{4CC1976E-B527-4D8A-97D1-26CCE81FD750}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{5269FD8E-44B6-42E1-9A14-31802778E010}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5907306A-1567-4A34-B806-20DF441A2A75}" = lport=445 | protocol=6 | dir=in | app=system | 
"{5AF05E63-ABD0-4C21-A98E-EAD4E0567CCF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{5F2770CB-B381-4A9C-A26D-6956E4FC186D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{658D3CC0-71CF-4234-A7BE-80CDDB7696DE}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{705E408A-0DF7-43CA-B797-FCA8D9318051}" = rport=445 | protocol=6 | dir=out | app=system | 
"{7270C047-1373-4DCC-9998-88DDFA1896BF}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{7A9EDFE0-E9AF-49E8-B3EC-202B18203BD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7ECDA641-457A-4A6D-92AC-B907376E8A26}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{893219D0-AEEC-461A-AE58-B8BF6DFF53E7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{8EA305FC-1E0B-4F06-81A1-7DC09A560CCF}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{93735F2A-823D-4599-8BE4-FAAE3DECE364}" = rport=137 | protocol=17 | dir=out | app=system | 
"{93AA338C-43FB-4A38-94A7-1553AF714543}" = lport=137 | protocol=17 | dir=in | app=system | 
"{95F7034B-6E16-4581-A4CF-AED8CB83D4AE}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{9F0C7EB3-D889-4E3B-8BE5-FAF52951F166}" = lport=139 | protocol=6 | dir=in | app=system | 
"{A6CD32B0-C03D-4FA8-A454-C96FD6EC0D3B}" = lport=138 | protocol=17 | dir=in | app=system | 
"{A704A2A2-608A-4DA4-976E-23E68FF3F7D6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{A95E4740-AFBD-4BD4-A359-9AE0FF849302}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{A96504B2-46F0-41B0-A62D-1956F88A8353}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B8BEFA59-ADF4-4BE0-876C-53C69527E39E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B8D831F5-D3A9-40DB-BEC4-B4A858466A02}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{BEB9145C-C33F-4325-AB30-18649222FC2C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C2AF9A6A-9F94-4FCF-BA71-3995CB65DF73}" = rport=139 | protocol=6 | dir=out | app=system | 
"{CB063258-CBAB-484A-BCF6-B9EBC4480895}" = rport=138 | protocol=17 | dir=out | app=system | 
"{CFA785BB-3C3D-4F87-8326-F8D1F0BECBAE}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{D528C51A-B565-4B7B-9161-2D6EED384087}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{D5FDBA0C-A4FE-4820-9757-F74377D18E2D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{DF09950E-83B8-41CA-94D6-D878767C4654}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{EE5069CF-6418-4AEE-823C-A84E9803F9A6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F66B0200-87B4-4CAF-8BC3-270B33011EA6}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F86BC5D2-9CEB-473F-8D97-647227B01866}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F8E8087F-5433-4EC9-80DB-F9F949B212FF}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 | 
"{FEE8E290-F677-4E28-9E84-21CED3D03911}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{024B721E-FA55-48F5-AEF0-3A9A3F7164D9}" = protocol=6 | dir=in | app=d:\spiele\gta\rockstar games social club\rgsclauncher.exe | 
"{095CE691-1B9A-42DA-9DE2-4CCE3BCC6B64}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{0A6E3E4E-4DED-4956-98DA-5C9F971C7088}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
"{0EB599E8-D6B6-4476-8866-B8FE4B15E052}" = dir=in | app=c:\windows\syswow64\mpk\mpkview.exe | 
"{1235400A-D796-4E9E-BFFE-1F23F816236E}" = protocol=6 | dir=out | app=system | 
"{183242B7-379C-49C7-A335-285616C2D9B5}" = protocol=6 | dir=in | app=c:\program files (x86)\netspot device installer\nsdi.exe | 
"{20DE62A9-6C13-4D8D-BEC8-88D00B9B495D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{21CD5E32-99A8-468F-A191-7CDB158428E8}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{2506D09A-7BDF-4DD2-89EB-5E22FB32946B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{2F1C5C9F-E8C3-4710-A64E-0811D2906665}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
"{3072D4D3-1454-447B-8C90-F91E9F4CA89F}" = protocol=17 | dir=in | app=d:\spiele\rockstar games\grand theft auto iv\launchgtaiv.exe | 
"{31EE38B1-EEE9-4668-935E-5B20C8658402}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{388083A0-117A-4BAE-9D3A-1C2F6A2A8EA3}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{3B4A3324-F3EA-421B-81A5-BCFE080D2E30}" = dir=in | app=c:\windows\syswow64\mpk\mpk.exe | 
"{41A3D42E-C5B7-4AB6-BEB4-B3E474363B59}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4756B46A-94EF-42E3-B5F8-6809F884E6C0}" = protocol=17 | dir=in | app=c:\program files (x86)\icqlite\icq.exe | 
"{4E843F7F-E14F-4B64-8F44-F365C48A7F8B}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{4FCB3922-5307-4587-AB9E-C3F3512DF7CB}" = protocol=6 | dir=in | app=d:\pps.tv\ppstream\ppsap.exe | 
"{52E34D11-EB3B-4507-8E9C-902621D38512}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{53700BC0-FD1D-4623-9A6C-EBF11717D197}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"{54B11294-14CA-4249-AE7F-7FCDDF6A61B3}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{56D0F265-38CA-44D6-B560-8455ACD1011F}" = protocol=6 | dir=in | app=d:\pps.tv\ppstream\ppstream.exe | 
"{57FC683C-6E63-4E25-8391-A403FAD1857B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{5B233C83-57BE-437A-AAF4-599A902DFF68}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{65486EA4-B3F4-4741-8504-0367C677FE33}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6B00304E-C4D3-4EDB-9E14-B847AE0DA5D8}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
"{6BF12513-5C75-4C3D-A638-5B61D1496B97}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{7090A403-3901-4FE0-A591-9858FA15F687}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{735377AF-A542-4858-B5B2-AF81E2979601}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{737FBD03-3E06-4BF4-8082-36D9CDA707C2}" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | 
"{76D9D70D-C920-419E-9892-BC13A1E8E7C6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{7F4AAE25-E465-4F75-8613-5ED683986A07}" = protocol=17 | dir=in | app=c:\program files (x86)\icqlite\icq.exe | 
"{8524B2A9-B151-49BD-8747-3115633A12AE}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{957C8E3E-0222-408C-9E47-FA7BF265D8E7}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
"{97BFF816-31BF-4B15-99F4-B0983C34C616}" = protocol=17 | dir=in | app=d:\spiele\gta\rockstar games social club\rgsclauncher.exe | 
"{9A0DC08D-0E70-4E93-A147-442200003965}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{9E63EADC-4885-470C-9D71-61AA7BC57C45}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{A4E9171B-8AF0-4C35-B917-69F3C3CB9976}" = protocol=6 | dir=in | app=c:\program files (x86)\icqlite\icq.exe | 
"{A9014D1A-73D4-47A9-BE57-132691F36EBF}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"{ABDAB4D9-FB21-4887-93A1-48B2A723AED1}" = protocol=17 | dir=in | app=d:\pps.tv\ppstream\ppsap.exe | 
"{B39E9DF3-671A-4C90-9B90-2EEEF3FE918F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B6593350-F78A-428F-90CE-4E7EFFDA9B42}" = protocol=17 | dir=in | app=c:\program files (x86)\netspot device installer\nsdi.exe | 
"{B792EF20-020F-4D7C-ADA7-39D9612D04C9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{BC924969-A5B3-46C2-92B2-CEFAB3F6D667}" = protocol=6 | dir=in | app=d:\spiele\rockstar games\grand theft auto iv\launchgtaiv.exe | 
"{C2B24581-6BE7-4EBC-A073-A26D0B0680AE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C6CDDE23-F701-4066-A561-D116DF98C3DD}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{CAB9F172-AF36-471A-9D0E-519194642251}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{CBB45626-90A1-4DA1-B3F0-5464FDDF0994}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"{D0827389-0338-46F2-99B6-3651D17F4C52}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{D0FC55E3-D74D-40C6-BC2E-5DB9FC10F89B}" = protocol=17 | dir=in | app=d:\pps.tv\ppstream\ppstream.exe | 
"{D60CB6B3-C04D-409C-B6DD-8B492972DCE6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D7696E78-BEAC-4D39-9BC0-9E135A80D6CE}" = protocol=6 | dir=in | app=c:\program files (x86)\icqlite\icq.exe | 
"{D7AADECA-6B21-4A90-8E0C-42C226E395EB}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{E07E9881-A246-4C98-8967-ACAAF85BB787}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{E1E66172-6F67-47C0-8610-85F952BB524E}" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | 
"{F56453D7-3D20-42D5-B22A-5C2EFAC91E88}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{F63BD2BE-F790-4020-A965-0C8DA8533881}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{F741A9BA-95B4-4F38-A563-4DFA066737D0}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{F871761C-2A7E-49DE-842B-30019D25FEE2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{FD455615-7E09-4D63-8418-E163F2A8097B}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"{FDA919C4-8B17-45BF-8107-EA73A1D60B03}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"TCP Query User{04D413E6-399A-4337-986E-D3E862CF922E}C:\program files (x86)\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | 
"TCP Query User{056778C6-B53C-4828-AA4A-41F0E017EB8F}C:\program files (x86)\gigabyte\easysaver\updexe.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gigabyte\easysaver\updexe.exe | 
"TCP Query User{05A97B68-2926-4987-B8CB-5111955ACF1E}C:\program files (x86)\icq7.2\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"TCP Query User{0734644D-0247-4027-8A22-73AF9E783178}C:\program files (x86)\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe | 
"TCP Query User{07F64D4E-6462-44F9-8CAF-D34A7A7CA069}C:\program files (x86)\unified remote\remoteserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\unified remote\remoteserver.exe | 
"TCP Query User{173D0C98-A01F-4B53-BFFC-3640DEBC267E}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"TCP Query User{1A889EEC-82B1-4AF0-BD78-7D97F9A29C28}E:\spiele\xiii\system\xiii.exe" = protocol=6 | dir=in | app=e:\spiele\xiii\system\xiii.exe | 
"TCP Query User{22E5A25B-B02F-457A-B56E-742923F77933}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"TCP Query User{2964C58F-4C0C-4FCD-8373-073833D38235}C:\program files (x86)\free music zilla\fmzilla.exe" = protocol=6 | dir=in | app=c:\program files (x86)\free music zilla\fmzilla.exe | 
"TCP Query User{305D4B1B-DB0E-4CFB-98A0-81F5A243C267}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{328D922C-702F-4791-81D5-E5034692C77F}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"TCP Query User{4C27831A-2E13-4F11-A045-74FFD2926E01}D:\spiele\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=d:\spiele\rockstar games\grand theft auto iv\gtaiv.exe | 
"TCP Query User{522C362E-EEE0-48A0-BE58-5804EEB79E22}D:\spiele\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=d:\spiele\rockstar games\grand theft auto iv\gtaiv.exe | 
"TCP Query User{69FF5535-D80B-4385-BFF3-DA4DDC028F3C}C:\program files (x86)\tvants\tvants.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tvants\tvants.exe | 
"TCP Query User{83C14EEA-1DAB-477D-BE16-95732F458241}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"TCP Query User{84A899DD-59C9-4234-B3D7-565CC2E8E4CD}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe | 
"TCP Query User{A405BAC2-1629-43D3-9F1A-AFE26E48E8C9}E:\spiele\fifa11\game\fifa.exe" = protocol=6 | dir=in | app=e:\spiele\fifa11\game\fifa.exe | 
"TCP Query User{A44FA39C-FA73-44BC-8142-2D22964823E0}C:\program files (x86)\qip\qip.exe" = protocol=6 | dir=in | app=c:\program files (x86)\qip\qip.exe | 
"TCP Query User{A5A7605D-3908-40A8-8BAF-10B59608DEDD}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{D3F1BA3E-47DD-40D7-92AD-84EB631D9B2A}D:\spiele\fifa 12\game\fifa.exe" = protocol=6 | dir=in | app=d:\spiele\fifa 12\game\fifa.exe | 
"TCP Query User{DC99FEC9-C333-41AE-81DD-4BEC89474C39}E:\spiele\fifa11\game\fifa.exe" = protocol=6 | dir=in | app=e:\spiele\fifa11\game\fifa.exe | 
"TCP Query User{FA2063E4-E01E-4119-B574-96EF4FFB8B15}C:\program files (x86)\ppstream\ppstream.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ppstream\ppstream.exe | 
"TCP Query User{FF261D61-A04D-427A-9EC5-656A4012DD7E}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"UDP Query User{04FB90AE-D59D-467D-B314-AD646DACC1AA}C:\program files (x86)\gigabyte\easysaver\updexe.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gigabyte\easysaver\updexe.exe | 
"UDP Query User{08543477-FF3D-42A7-91AB-362ADCBC67D5}D:\spiele\fifa 12\game\fifa.exe" = protocol=17 | dir=in | app=d:\spiele\fifa 12\game\fifa.exe | 
"UDP Query User{18D796E7-C177-4479-85DE-749C9EAE672B}D:\spiele\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=d:\spiele\rockstar games\grand theft auto iv\gtaiv.exe | 
"UDP Query User{19E83A68-F416-4D0E-9323-BEF553765090}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"UDP Query User{27A7C2E6-B502-44AB-8E0B-2331B7912AC1}C:\program files (x86)\tvants\tvants.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tvants\tvants.exe | 
"UDP Query User{2CC9F211-CDFE-47A8-9120-BE9C3AB1EEC2}C:\program files (x86)\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | 
"UDP Query User{3E0A1338-740B-4874-897C-173351923032}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{4222672E-2EB4-4C0C-9A98-C85B611CE55C}C:\program files (x86)\icq7.2\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"UDP Query User{472D8410-DDBD-4511-A4EF-A9C93D990A0B}E:\spiele\fifa11\game\fifa.exe" = protocol=17 | dir=in | app=e:\spiele\fifa11\game\fifa.exe | 
"UDP Query User{5FCF7E69-D82C-4961-B980-A7EA7AE635A8}E:\spiele\xiii\system\xiii.exe" = protocol=17 | dir=in | app=e:\spiele\xiii\system\xiii.exe | 
"UDP Query User{689F860F-EDED-49ED-B576-9998E37E2F45}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"UDP Query User{6D95AD8D-BF15-4C78-A34D-C88FDC5C040A}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe | 
"UDP Query User{7E2D428E-A1D8-4C6A-AAF4-F7DEAED454C5}C:\program files (x86)\qip\qip.exe" = protocol=17 | dir=in | app=c:\program files (x86)\qip\qip.exe | 
"UDP Query User{7EAAF046-3B96-425E-9E0A-43B012CA3B03}C:\program files (x86)\ppstream\ppstream.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ppstream\ppstream.exe | 
"UDP Query User{98FEFF16-121A-4B7F-8365-365B12E15253}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"UDP Query User{994D67CB-4DAA-4D01-839F-2B629922B355}C:\program files (x86)\free music zilla\fmzilla.exe" = protocol=17 | dir=in | app=c:\program files (x86)\free music zilla\fmzilla.exe | 
"UDP Query User{9D887A7C-745C-41FB-B096-FA4076BA71D8}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{AAD80224-2DB6-4F08-BB6D-A75336002FD3}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"UDP Query User{B406426D-9C04-4811-9001-8EFF2BB2DF15}D:\spiele\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=d:\spiele\rockstar games\grand theft auto iv\gtaiv.exe | 
"UDP Query User{D3D8DEA1-1658-4A79-B1DD-370E15BD7321}C:\program files (x86)\unified remote\remoteserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\unified remote\remoteserver.exe | 
"UDP Query User{D9395135-7048-4876-975C-516A90679B5B}C:\program files (x86)\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe | 
"UDP Query User{FABDBA95-A1AA-466A-B0B9-88E6D56DD287}E:\spiele\fifa11\game\fifa.exe" = protocol=17 | dir=in | app=e:\spiele\fifa11\game\fifa.exe | 
"UDP Query User{FE272BE7-7C83-49F2-BE60-C60D22EDBB54}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C682623-8F66-46A8-B9B3-93FE1E66A001}" = iTunes
"{14E10342-F2B4-41f7-B955-F5C7BE8BC1FF}" = Autodesk Inventor View 2010 Language Pack - Deutsch
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{5783F2D7-8005-0407-0102-0060B0CE6BBA}" = AutoCAD Mechanical 2010
"{5783F2D7-8005-0407-1102-0060B0CE6BBA}" = AutoCAD Mechanical 2010 Language Pack - Deutsch
"{5EC22191-8A56-4e02-8F20-29A9C2EB0771}" = Autodesk Vault 2010 (Client) Language Pack - Deutsch
"{62E86312-9CF7-4A96-9F9E-261C3A4CC20A}" = Autodesk Inventor View 2010
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{8A837C47-2B21-4FDF-8370-41A1EB6A26E8}" = Microsoft Xbox 360 Accessories 1.1
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support
"{98754D03-0B21-4d4a-9B89-93A2828AE26B}" = Autodesk Vault 2010 (Client)
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 280.19
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.4.28
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DC9C8BC1-72CE-B5FE-EA4F-6D9127E51746}" = ATI Catalyst Install Manager
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AutoCAD Mechanical 2010" = AutoCAD Mechanical 2010
"Autodesk Inventor View 2010" = Autodesk Inventor View 2010
"Canon LBP2900" = Canon LBP2900
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"Recuva" = Recuva
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1834A376-697A-43E0-9B3A-54D3A8C09466}" = BlueStacks (beta-1)
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 29
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3B11379A-9196-4228-981A-BB255E13109E}" = Autostart-Manager 2006
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11
"{4925C0C2-E4E2-456B-9791-0F228BDDC428}" = Facebook Messenger 2.1.4570.0
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{55D9E026-DCB0-46FF-B60A-68B972228CF6}" = Autodesk Design Review 2010
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6C13128C-1782-456F-84A4-017CECE259CA}" = ICQ Lite
"{6F5A71BD-9EC9-4A59-BFBD-CA63CFB4885D}" = ACDSee 14
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{75F509C3-5F01-48C1-ACB9-B9B38A952E6C}" = Unified Remote
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{82809116-D1EE-443C-AE31-F19E709DDF7A}" = AMD USB Filter Driver
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Autodesk Design Review 2010" = Autodesk Design Review 2010
"Autodesk Vault 2010 (Client)" = Autodesk Vault 2010 (Client)
"Autostartmanager" = Autostartmanager 1.45
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVMWLANCLI" = AVM FRITZ!WLAN
"ClassicPro" = ClassicPro© v1.13
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"DivX Setup.divx.com" = DivX-Setup
"Fifa 12 (c) Electronic Arts_is1" = Fifa 12 (c) Electronic Arts version 1
"FoxyTunesForFirefox" = FoxyTunes for Firefox
"Free Music Zilla_is1" = Free Music Zilla
"FreePDF_XP" = FreePDF (Remove only)
"GoldWave v5.54" = GoldWave v5.54
"GPL Ghostscript 8.70" = GPL Ghostscript 8.70
"ICQToolbar" = ICQ Toolbar
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Shredder (3.0b4)" = Shredder (3.0b4)
"SpeedFan" = SpeedFan (remove only)
"VLC media player" = VLC media player 1.0.1
"Winamp" = Winamp
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 13.07.2012 12:49:21 | Computer Name = Malte-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 13.07.2012 12:49:21 | Computer Name = Malte-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2757848
 
Error - 13.07.2012 12:49:21 | Computer Name = Malte-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2757848
 
Error - 13.07.2012 12:49:37 | Computer Name = Malte-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 13.07.2012 12:49:38 | Computer Name = Malte-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2774010
 
Error - 13.07.2012 12:49:38 | Computer Name = Malte-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2774010
 
Error - 17.07.2012 12:24:50 | Computer Name = Malte-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: EXCEL.EXE, Version: 14.0.4756.1000,
 Zeitstempel: 0x4b9c08e8  Name des fehlerhaften Moduls: EXCEL.EXE, Version: 14.0.4756.1000,
 Zeitstempel: 0x4b9c08e8  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00025c80  ID des fehlerhaften
 Prozesses: 0x13b0  Startzeit der fehlerhaften Anwendung: 0x01cd642d09315d10  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
Berichtskennung:
 ee348693-d02b-11e1-978a-c36abb51b6f5
 
Error - 19.07.2012 06:06:17 | Computer Name = Malte-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: EQNEDT32.EXE, Version: 2000.11.9.0,
 Zeitstempel: 0x3a0acebf  Name des fehlerhaften Moduls: EQNEDT32.EXE, Version: 2000.11.9.0,
 Zeitstempel: 0x3a0acebf  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00025ef1  ID des fehlerhaften
 Prozesses: 0x1390  Startzeit der fehlerhaften Anwendung: 0x01cd65936a328f12  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
Berichtskennung:
 60d0cec0-d189-11e1-8ca6-b19bb9bbd0fa
 
Error - 22.07.2012 05:07:22 | Computer Name = Malte-PC | Source = System Restore | ID = 8206
Description = 
 
Error - 22.07.2012 05:28:07 | Computer Name = Malte-PC | Source = Google Update | ID = 20
Description = 
 
[ System Events ]
Error - 22.07.2012 05:03:34 | Computer Name = Malte-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 22.07.2012 05:03:34 | Computer Name = Malte-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 22.07.2012 05:03:34 | Computer Name = Malte-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 22.07.2012 05:04:13 | Computer Name = Malte-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 22.07.2012 05:06:00 | Computer Name = Malte-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 22.07.2012 05:07:54 | Computer Name = Malte-PC | Source = VDS Basic Provider | ID = 33554433
Description = 
 
Error - 22.07.2012 05:07:54 | Computer Name = Malte-PC | Source = VDS Basic Provider | ID = 33554433
Description = 
 
Error - 22.07.2012 05:08:03 | Computer Name = Malte-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 22.07.2012 05:08:42 | Computer Name = Malte-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0"
 wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen
 werden in 0 Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 22.07.2012 05:08:46 | Computer Name = Malte-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0" wurde
 unerwartet beendet. Dies ist bereits 2 Mal passiert.
 
 
< End of report >


Vielen Dank für die Hilfe!

 

Themen zu GVU Trojaner 2.07 Anti Malware und OTL Dateien
administrator, adobe, avira, bildschirm, bluestacks, bonjour, canon, ctfmon.lnk, error, excel, explorer, flash player, format, google, google earth, grand theft auto, heuristiks/extra, heuristiks/shuriken, install.exe, jdownloader, malware, microsoft office word, mozilla, neustart, nvidia update, photoshop, realtek, recuva, registry, rundll, scan, security, software, svchost.exe, trojaner, udp


« BKA Trojaner 1.13 entfernen unter Windows XP | Einheit 5.2 Trojaner (Bundespolizei hat Internet gesperrt)! »


Ähnliche Themen: GVU Trojaner 2.07 Anti Malware und OTL Dateien


  1. Malwarebytes Anti-Malware zeigt Trojaner an (eliminiert?)
    Plagegeister aller Art und deren Bekämpfung - 08.04.2015 (3)
  2. Trojaner-Fund von Anti-Malware nach Blue Screen
    Log-Analyse und Auswertung - 07.07.2014 (9)
  3. Win7 + Malwarebytes Anti-Malware: Trojaner oder nicht?
    Log-Analyse und Auswertung - 29.04.2014 (3)
  4. Malwarebytes Anti-Malware findet infizierte Dateien, was tun?
    Plagegeister aller Art und deren Bekämpfung - 04.02.2014 (9)
  5. Trojaner und Malware auf meinem Laptop! Malwarebytes Anti-Malware hat 733 aufgespuert
    Plagegeister aller Art und deren Bekämpfung - 12.12.2013 (19)
  6. Malwarebytes Anti-Malware findet 9 infizierte Dateien!Bitte um Hilfe
    Log-Analyse und Auswertung - 04.12.2013 (7)
  7. Windows 7: Malwarebytes Anti-Malware meldet hunderte Infizierungen mit diversen PUP.Optional Dateien
    Log-Analyse und Auswertung - 13.09.2013 (7)
  8. GVU Trojaner ! Malwarebytes Anti-Malware Free und OTL schon durchgeführt
    Log-Analyse und Auswertung - 22.01.2013 (3)
  9. GVU-Trojaner, Malwarebytes Anti-Malware ausgeführt, was nun?
    Log-Analyse und Auswertung - 27.09.2012 (1)
  10. GVU-Trojaner,Malwarebytes Anti-Malware,Defogger,OTL
    Log-Analyse und Auswertung - 12.09.2012 (11)
  11. BKA Trojaner wird von Anti Malware nicht gefunden.
    Log-Analyse und Auswertung - 10.08.2012 (14)
  12. GVU Zahlungsaufforderung Trojaner mit Malwarebytes Anti-Malware beseitigt Schritt 2
    Plagegeister aller Art und deren Bekämpfung - 31.07.2012 (2)
  13. Verschlüsselung Trojaner - Anti-Malware und Logfile nicht möglich
    Log-Analyse und Auswertung - 09.07.2012 (9)
  14. (3x) Malwarebytes Anti-Malware findet den Trojaner bei mir leider nicht!
    Mülltonne - 27.04.2012 (2)
  15. termsrv(3).dll: Malwarebytes' Anti-Malware 1.51.1.1800 identifiziert Trojaner
    Log-Analyse und Auswertung - 09.08.2011 (1)
  16. Habe Trojaner, kann exe dateien nicht ausführen, anti-viren programme weg, ... HILFE
    Plagegeister aller Art und deren Bekämpfung - 30.08.2009 (73)
  17. Anti-Malware löscht Trojaner nicht!
    Plagegeister aller Art und deren Bekämpfung - 09.02.2009 (9)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema GVU Trojaner 2.07 Anti Malware und OTL Dateien - Hallo zusammen, habe mir gestern besagten Trojaner eingefangen. Im abgesicherten Modus konnte ich eine Systemwiederherstellung machen, so dass der Bildschirm entsperrt war. Damit ist es aber noch nicht getan oder? - GVU Trojaner 2.07 Anti Malware und OTL Dateien...
Archiv
Du betrachtest: GVU Trojaner 2.07 Anti Malware und OTL Dateien auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131