Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: "hermes_v01" - Email von web.de

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 15.08.2012, 16:43   #1
kamitesti
 
"hermes_v01" - Email von web.de - Standard

"hermes_v01" - Email von web.de



Hallo!

Neulich bekam ich eine Email von web.de, dass das Passwort für meinen Email-Account vom Virus "hermes_v01" ausgespäht wurde.

Daraufhin habe ich sofort mein Passwort mit einem vermeintlich sicheren Rechner geändert, was allerdings nichts brachte, denn zwei Tage später wurde mein Email-Konto gesperrt.

Nun konnte ich über google kaum etwas über diesen Virus herausfinden. Man landet eigentlich immer in diesem Forum hier, da schon mehrere Benutzer dieses Problem hatten. Allerdings konnte ich nicht herausfinden wie ich diesen Virus bei mir erkenne bzw. entferne. Darum möchte ich nun euch um Hilfe bitten.

Am Ende dieses Textes befinden sich die OTL-Log-files von meinem vermeintlich sicheren Rechner. Nennen wir ihn Rechner 1. Ich wäre euch sehr verbunden, wenn wir, nachdem wir Rechner 1 abgearbeitet haben, die Bereinigungsprozedur auch für den anderen Rechner (nennen wir ihn Rechner 2) durchexerzieren können.

Vielleicht noch etwas interessantes: Ich habe mich zusätzlich mit meinem neuen iPhone zu besagter Zeit in meinen Email-Account eingeloggt. Ich kann dies also nicht als Quelle für den Virus ausschließen. Zudem habe ich nachdem ich die Meldung bekommen habe ein neues Emailkonto erstellt um herauszufinden ob dieses dann auch von dem Virus angegriffen wird. Ich habe mich mit beiden Rechnern und mit dem iPhone in größeren Zeitabständen dort eingeloggt, aber es wurde bisher nicht durch Fremde darauf zugegriffen.

Hier nun erstmal die Log-files für Rechner 1:

OTL.txt
Zitat:
OTL logfile created on: 15.08.2012 17:12:09 - Run 3
OTL by OldTimer - Version 3.2.57.0 Folder = S:\My Data\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,99 Gb Total Physical Memory | 2,28 Gb Available Physical Memory | 57,03% Memory free
11,94 Gb Paging File | 9,95 Gb Available in Paging File | 83,31% Paging File free
Paging file location(s): e:\pagefile.sys 8230 8230 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 58,79 Gb Total Space | 14,54 Gb Free Space | 24,73% Space Free | Partition Type: NTFS
Drive E: | 14,65 Gb Total Space | 6,52 Gb Free Space | 44,52% Space Free | Partition Type: NTFS
Drive G: | 68,36 Gb Total Space | 13,46 Gb Free Space | 19,69% Space Free | Partition Type: NTFS
Drive S: | 107,46 Gb Total Space | 23,67 Gb Free Space | 22,03% Space Free | Partition Type: NTFS
Drive Z: | 633,42 Gb Total Space | 250,49 Gb Free Space | 39,55% Space Free | Partition Type: NTFS

Computer Name: DANIEL-PC | User Name: Daniel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe (Adobe Systems, Inc.)
PRC - S:\My Data\Downloads\OTL.exe (OldTimer Tools)
PRC - A:\Programme\Vista\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - A:\Programme\Vista\Firefox\firefox.exe (Mozilla Corporation)
PRC - A:\Programme\Vista\Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - A:\Programme\Vista\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - A:\Programme\Vista\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\SysWOW64\PnkBstrB.exe ()
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - A:\Programme\Vista\SpybotSD\TeaTimer.exe (Safer-Networking Ltd.)
PRC - A:\Programme\Vista\SpybotSD\SDWinSec.exe (Safer Networking Ltd.)
PRC - A:\Programme\Vista\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
PRC - C:\Program Files (x86)\Hotkey\Hotkey.exe ()
PRC - C:\Windows\BisonCam\BisonHK.exe (mychat)
PRC - C:\Windows\BisonCam\DeLay.exe (Bison Inc.)
PRC - A:\Programme\Vista\Razer\razerhid.exe ()
PRC - A:\Programme\Vista\Razer\razerofa.exe (Razer Inc.)
PRC - A:\Programme\Vista\Razer\razertra.exe ()


========== Modules (No Company Name) ==========

MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
MOD - A:\Programme\Vista\Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\3c92d4b3ec56936eab8e17ed81940c10\Microsoft.VisualBasic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\675632907c226b0c67a2407f2ddd4bf7\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e4d54640bacd18e047a4573cb4611bd3\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5d8696f15e49aedf883dd945806a7049\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files (x86)\Hotkey\Hotkey.exe ()
MOD - C:\Windows\BisonCam\KBHookDLL.dll ()
MOD - A:\Programme\Vista\Razer\razerhid.exe ()
MOD - A:\Programme\Vista\Razer\razertra.exe ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (hasplms) -- C:\Windows\SysNative\hasplms.exe (SafeNet Inc.)
SRV - (SkypeUpdate) -- A:\Programme\Vista\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (FLEXnet Licensing Service 64) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Flexera Software, Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (AntiVirService) -- A:\Programme\Vista\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- A:\Programme\Vista\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (vpnagent) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (PnkBstrB) -- C:\Windows\SysWOW64\PnkBstrB.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (SBSDWSCService) -- A:\Programme\Vista\SpybotSD\SDWinSec.exe (Safer Networking Ltd.)
SRV - (PowerBiosServer) -- C:\Program Files (x86)\Hotkey\PowerBiosServer.exe ()
SRV - (GtDetectSc) -- C:\Programme\Option\GlobeTrotter Connect\GtDetectSc.exe (OptionNV)
SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (rpcapd) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies)
SRV - (Nero BackItUp Scheduler 3) -- A:\Programme\Vista\Nero 8\Nero BackItUp\NBService.exe (Nero AG)


========== Driver Services (SafeList) ==========

DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira GmbH)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (acsmux) -- C:\Windows\SysNative\DRIVERS\acsmux64.sys (Cisco Systems, Inc.)
DRV:64bit: - (acsint) -- C:\Windows\SysNative\DRIVERS\acsint64.sys (Cisco Systems, Inc.)
DRV:64bit: - (Uim_IM) -- C:\Windows\SysNative\Drivers\Uim_IMx64.sys (Paragon)
DRV:64bit: - (UimBus) -- C:\Windows\SysNative\DRIVERS\uimx64.sys (Windows (R) 2000 DDK provider)
DRV:64bit: - (Uim_VIM) -- C:\Windows\SysNative\Drivers\uim_vimx64.sys (Paragon)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\DRIVERS\avkmgr.sys (Avira GmbH)
DRV:64bit: - (vpnva) -- C:\Windows\SysNative\DRIVERS\vpnva64.sys (Cisco Systems, Inc.)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek )
DRV:64bit: - (nm3) -- C:\Windows\SysNative\DRIVERS\nm3.sys (Microsoft Corporation)
DRV:64bit: - (aksdf) -- C:\Windows\SysNative\drivers\aksdf.sys (Aladdin Knowledge Systems Ltd.)
DRV:64bit: - (aksfridge) -- C:\Windows\SysNative\drivers\aksfridge.sys (Aladdin Knowledge Systems Ltd.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (hardlock) -- C:\Windows\SysNative\drivers\hardlock.sys (Aladdin Knowledge Systems Ltd.)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\DRIVERS\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\DRIVERS\lirsgt.sys ()
DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys ()
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\Drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\DRIVERS\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (adfs) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.)
DRV:64bit: - (Cam5607) -- C:\Windows\SysNative\Drivers\BisonC07.sys (Bison Electronics. Inc. )
DRV:64bit: - (NETw5v64) -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys (Intel Corporation)
DRV:64bit: - (smserial) -- C:\Windows\SysNative\DRIVERS\smserial.sys (Motorola Inc.)
DRV:64bit: - (GT72NDISIPXP) -- C:\Windows\SysNative\DRIVERS\Gt51Ip.sys (Option N.V.)
DRV:64bit: - (GT72UBUS) -- C:\Windows\SysNative\DRIVERS\gt72ubus.sys (Option N.V.)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies)
DRV:64bit: - (sscdmdm) -- C:\Windows\SysNative\DRIVERS\sscdmdm.sys (MCCI Corporation)
DRV:64bit: - (sscdmdfl) -- C:\Windows\SysNative\DRIVERS\sscdmdfl.sys (MCCI Corporation)
DRV:64bit: - (sscdbus) -- C:\Windows\SysNative\DRIVERS\sscdbus.sys (MCCI Corporation)
DRV:64bit: - (GTPTSER) -- C:\Windows\SysNative\DRIVERS\gtptser.sys (Option N.V.)
DRV:64bit: - (ElbyCDFL) -- C:\Windows\SysNative\Drivers\ElbyCDFL.sys (SlySoft, Inc.)
DRV:64bit: - (Razerlow) -- C:\Windows\SysNative\drivers\DB3G.sys (Razer (Asia-Pacific) Pte Ltd)
DRV - (adfs) -- C:\Windows\SysWow64\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (ElbyCDFL) -- C:\Windows\SysWOW64\drivers\ElbyCDFL.sys (SlySoft, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2661488324-2594523016-1501765560-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-2661488324-2594523016-1501765560-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKU\S-1-5-21-2661488324-2594523016-1501765560-1000\..\SearchScopes,DefaultScope = {6CA6AB68-41B1-4F7F-BC1F-B1E0F86F91AB}
IE - HKU\S-1-5-21-2661488324-2594523016-1501765560-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2661488324-2594523016-1501765560-1000\..\SearchScopes\{6CA6AB68-41B1-4F7F-BC1F-B1E0F86F91AB}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-2661488324-2594523016-1501765560-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2661488324-2594523016-1501765560-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: A:\Programme\Vista\iPhone\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: A:\Programme\Vista\Canon Pixma\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: A:\Programme\Vista\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: A:\Programme\Vista\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: A:\Programme\Vista\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: A:\Programme\Vista\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: A:\Programme\Vista\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: A:\Programme\Vista\Realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.732: A:\Programme\Vista\Realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: A:\Programme\Vista\Realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: A:\Programme\Vista\Adobe\Reader 10\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.06.04 10:34:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: A:\Programme\Vista\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.03.01 13:51:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.2\extensions\\Components: A:\Programme\Vista\Firefox\components [2012.07.18 12:41:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.2\extensions\\Plugins: A:\Programme\Vista\Firefox\plugins [2012.07.05 21:10:05 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: A:\Programme\Vista\Firefox\components [2012.07.18 12:41:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: A:\Programme\Vista\Firefox\plugins [2012.07.05 21:10:05 | 000,000,000 | ---D | M]

[2010.09.26 22:35:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\Extensions
[2010.09.26 22:35:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\Extensions\uploadr@flickr.com
[2012.08.14 11:12:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\if9fk0cu.default\extensions
[2010.04.28 13:05:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\if9fk0cu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.03.29 19:49:22 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\if9fk0cu.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

O1 HOSTS File: ([2012.04.13 17:00:47 | 000,000,835 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 ptgui.com
O1 - Hosts: 127.0.0.1 www.ptgui.com
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - A:\Programme\Vista\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [BisonHK] C:\Windows\BisonCam\BisonHK.exe (mychat)
O4:64bit: - HKLM..\Run: [DeLay] C:\Windows\BisonCam\DeLay.exe (Bison Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] A:\Programme\Vista\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Diamondback] A:\Programme\Vista\Razer\razerhid.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [VirtualCloneDrive] A:\Programme\Vista\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2661488324-2594523016-1501765560-1000..\Run: [SpybotSD TeaTimer] A:\Programme\Vista\SpybotSD\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-2661488324-2594523016-1501765560-1004..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2661488324-2594523016-1501765560-1004..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - A:\Programme\Vista\MS Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - A:\Programme\Vista\MS Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - A:\Programme\Vista\ICQ\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - A:\Programme\Vista\ICQ\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - A:\Programme\Vista\MS Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} hxxp://static.pe.studivz.net/photouploader/ImageUploader5.cab?nocache=1222095909 (Image Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.0.43.81 217.0.43.65
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1764FA82-2AAD-48AC-AD19-1AAF123D0AEC}: DhcpNameServer = 193.254.160.1 193.254.160.130
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{435FDF61-F9B2-460D-BF4F-E9C93379F1C9}: NameServer = 8.8.4.4,8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9394D44A-938C-4448-84A3-437A7541EA7E}: DhcpNameServer = 217.0.43.81 217.0.43.65
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{07d406fd-bdc9-11df-9391-0090f58b0237}\Shell - "" = AutoRun
O33 - MountPoints2\{07d406fd-bdc9-11df-9391-0090f58b0237}\Shell\AutoRun\command - "" = I:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{3037157a-aaa6-11dd-a788-0090f58b0237}\Shell - "" = AutoRun
O33 - MountPoints2\{3037157a-aaa6-11dd-a788-0090f58b0237}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\{525fbdcc-8fe6-11df-af14-0090f58b0237}\Shell\AutoRun\command - "" = I:\mirk\\okitab.exe
O33 - MountPoints2\{525fbdcc-8fe6-11df-af14-0090f58b0237}\Shell\explore\command - "" = I:\mirk\\\okitab.exe
O33 - MountPoints2\{525fbdcc-8fe6-11df-af14-0090f58b0237}\Shell\open\command - "" = I:\mirk\\\okitab.exe
O33 - MountPoints2\{54d9649d-f0c6-11df-bca2-0090f58b0237}\Shell - "" = AutoRun
O33 - MountPoints2\{54d9649d-f0c6-11df-bca2-0090f58b0237}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{c76754d1-52fb-11e1-bba0-a883fb90f49d}\Shell - "" = AutoRun
O33 - MountPoints2\{c76754d1-52fb-11e1-bba0-a883fb90f49d}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{c76754d2-52fb-11e1-bba0-9b6e40a9e24a}\Shell - "" = AutoRun
O33 - MountPoints2\{c76754d2-52fb-11e1-bba0-9b6e40a9e24a}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{c76754e9-52fb-11e1-bba0-9b6e40a9e24a}\Shell - "" = AutoRun
O33 - MountPoints2\{c76754e9-52fb-11e1-bba0-9b6e40a9e24a}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{e27ffdf8-f3bc-11df-a03a-0090f58b0237}\Shell - "" = AutoRun
O33 - MountPoints2\{e27ffdf8-f3bc-11df-a03a-0090f58b0237}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\{f02c40f0-56a2-11de-bfde-0090f58b0237}\Shell - "" = AutoRun
O33 - MountPoints2\{f02c40f0-56a2-11de-bfde-0090f58b0237}\Shell\AutoRun\command - "" = I:\setup.exe AUTORUN=1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012.08.15 12:00:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.08.15 11:59:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012.08.13 16:08:27 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.08.13 14:59:33 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Malwarebytes
[2012.08.13 14:59:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.11 18:16:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2012.08.11 18:16:08 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\NPE
[2012.08.07 13:30:38 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\redsn0w
[2012.07.30 17:43:34 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Documents\Network Monitor 3
[2012.07.30 17:42:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Network Monitor 3.4
[2012.07.24 12:13:30 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\iPhone
[2012.07.21 20:39:25 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Apple Computer
[2012.07.21 20:39:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.07.21 20:39:07 | 000,126,312 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\GEARAspi64.dll
[2012.07.21 20:39:07 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysWow64\GEARAspi.dll
[2012.07.21 20:39:07 | 000,034,152 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2012.07.21 20:38:47 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.07.21 20:38:46 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.07.21 20:38:46 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2012.07.21 20:38:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2012.07.21 20:37:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012.07.21 20:37:34 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012.07.21 20:37:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2012.07.21 16:29:51 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CopyTrans Suite
[2012.07.21 16:29:46 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\WindSolutions
[2012.07.21 16:29:46 | 000,000,000 | ---D | C] -- C:\ProgramData\WindSolutions
[2012.07.21 16:27:19 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Software4u
[2012.07.21 16:26:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iPhone Explorer
[2012.07.21 16:24:14 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\DiskAid
[2012.07.21 16:24:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DiskAid

========== Files - Modified Within 30 Days ==========

[2012.08.15 16:59:02 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.15 15:51:05 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.15 15:50:29 | 008,405,015 | ---- | M] () -- C:\Windows\TmpFile1
[2012.08.15 15:50:22 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.15 15:50:22 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.15 15:50:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.15 13:16:34 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.08.15 11:59:29 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012.08.15 11:59:29 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012.08.15 11:26:05 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.08.15 11:26:05 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.08.14 14:58:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012.08.14 10:27:53 | 000,227,904 | ---- | M] () -- C:\Users\Daniel\Desktop\Europa-Unfallbericht_Deutsch_Schwedisch.pdf
[2012.08.14 10:27:39 | 000,231,515 | ---- | M] () -- C:\Users\Daniel\Desktop\Europa-Unfallbericht_Deutsch_Englisch.pdf
[2012.08.14 10:26:52 | 000,546,813 | ---- | M] () -- C:\Users\Daniel\Desktop\Europaeischer_Unfallbericht_04.pdf
[2012.08.06 19:39:41 | 001,588,952 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.08.06 19:39:41 | 000,682,142 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.08.06 19:39:41 | 000,641,132 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.08.06 19:39:41 | 000,149,574 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.08.06 19:39:41 | 000,123,016 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.08.06 19:39:28 | 000,144,384 | ---- | M] () -- C:\Users\Daniel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.07.24 10:52:35 | 003,140,283 | ---- | M] () -- C:\Users\Daniel\Desktop\Voegel_03-07_Spektivtest_70-75_low.pdf
[2012.07.17 21:05:41 | 000,001,033 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\ShiftN.ini

========== Files Created - No Company Name ==========

[2012.08.14 10:27:53 | 000,227,904 | ---- | C] () -- C:\Users\Daniel\Desktop\Europa-Unfallbericht_Deutsch_Schwedisch.pdf
[2012.08.14 10:27:39 | 000,231,515 | ---- | C] () -- C:\Users\Daniel\Desktop\Europa-Unfallbericht_Deutsch_Englisch.pdf
[2012.08.14 10:26:52 | 000,546,813 | ---- | C] () -- C:\Users\Daniel\Desktop\Europaeischer_Unfallbericht_04.pdf
[2012.07.24 10:52:33 | 003,140,283 | ---- | C] () -- C:\Users\Daniel\Desktop\Voegel_03-07_Spektivtest_70-75_low.pdf
[2012.06.20 11:25:39 | 000,000,250 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.06.20 11:25:39 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2012.05.15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.12.14 17:25:41 | 000,000,079 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\.ettercap_gtk
[2011.09.20 11:42:37 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll
[2011.09.20 11:42:37 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll
[2011.04.28 13:31:37 | 000,000,094 | ---- | C] () -- C:\Users\Daniel\AppData\Local\fusioncache.dat
[2011.04.28 13:29:22 | 001,568,958 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.04.04 22:22:11 | 000,002,976 | ---- | C] () -- C:\Users\Daniel\.recently-used.xbel
[2011.04.04 22:15:53 | 000,000,882 | ---- | C] () -- C:\Users\Daniel\.ufrawrc
[2010.09.16 13:50:33 | 000,090,416 | ---- | C] () -- C:\Windows\AKDeInstall.exe
[2010.09.08 17:00:33 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin
[2010.06.03 21:06:18 | 000,017,408 | ---- | C] () -- C:\Users\Daniel\AppData\Local\WebpageIcons.db
[2010.04.10 20:12:50 | 000,000,680 | ---- | C] () -- C:\Users\Daniel\AppData\Local\d3d9caps.dat
[2009.02.08 16:37:59 | 000,000,552 | ---- | C] () -- C:\Users\Daniel\AppData\Local\d3d8caps.dat
[2008.12.18 11:18:53 | 000,000,126 | -HS- | C] () -- C:\ProgramData\.zreglib
[2008.09.27 21:09:45 | 000,001,033 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\ShiftN.ini
[2008.09.15 23:42:21 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.09.10 18:48:34 | 000,144,384 | ---- | C] () -- C:\Users\Daniel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.09.10 16:18:35 | 000,001,460 | ---- | C] () -- C:\Users\Daniel\AppData\Local\d3d9caps64.dat

========== LOP Check ==========

[2008.09.17 19:37:35 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Anthropics
[2011.11.03 11:43:55 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Audacity
[2011.09.06 16:16:44 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Bio-Rad
[2011.10.04 11:37:16 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Bitcoin
[2012.06.23 17:18:47 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Canon
[2009.10.25 15:10:56 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\CD-LabelPrint
[2008.09.10 22:53:29 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\DAEMON Tools
[2012.07.22 16:09:02 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\DiskAid
[2009.03.13 22:03:36 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\DxO Labs
[2009.03.13 22:04:00 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\DxO_Labs
[2010.09.26 22:35:41 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Flickr
[2010.09.15 00:00:42 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\GetRightToGo
[2011.04.04 22:22:11 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\gtk-2.0
[2012.06.16 02:35:23 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\ICQ
[2008.12.18 15:01:36 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\ImgBurn
[2011.10.26 18:17:51 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\LibreOffice
[2010.09.12 01:40:26 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\LolClient
[2010.09.14 16:14:51 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\ManyCam
[2012.05.25 04:33:16 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\ooVoo Details
[2009.06.11 18:28:15 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\OpenOffice.org
[2009.03.13 21:59:18 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\PACE Anti-Piracy
[2011.06.16 23:24:51 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\poclbm
[2012.04.18 23:03:07 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\PTGui
[2011.04.03 10:55:55 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\RawTherapeeAlpha
[2012.08.07 14:37:19 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\redsn0w
[2011.11.05 00:48:25 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\RStudio
[2012.07.21 16:27:19 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Software4u
[2011.11.17 13:10:20 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Tinn-R
[2010.09.13 14:11:00 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Uniblue
[2012.07.21 21:01:18 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\WindSolutions
[2012.08.15 13:16:34 | 000,032,602 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 72 bytes -> C:\Windows:5F0592099A32DCC0
@Alternate Data Stream - 523 bytes -> C:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 1376 bytes -> C:\ProgramData\Microsoft:2aFCTYIauh49VL3a6T3hn1x
@Alternate Data Stream - 1339 bytes -> C:\Users\Daniel\AppData\Local\pgz9ZkDlY8W:uJVY4whjdMSVr0HoJctvFpH
@Alternate Data Stream - 1334 bytes -> C:\ProgramData\Microsoft:yZvVHxMnho9TrFuHvzEft1

< End of report >
Extras.txt

Zitat:
OTL Extras logfile created on: 15.08.2012 17:12:09 - Run 3
OTL by OldTimer - Version 3.2.57.0 Folder = S:\My Data\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,99 Gb Total Physical Memory | 2,28 Gb Available Physical Memory | 57,03% Memory free
11,94 Gb Paging File | 9,95 Gb Available in Paging File | 83,31% Paging File free
Paging file location(s): e:\pagefile.sys 8230 8230 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 58,79 Gb Total Space | 14,54 Gb Free Space | 24,73% Space Free | Partition Type: NTFS
Drive E: | 14,65 Gb Total Space | 6,52 Gb Free Space | 44,52% Space Free | Partition Type: NTFS
Drive G: | 68,36 Gb Total Space | 13,46 Gb Free Space | 19,69% Space Free | Partition Type: NTFS
Drive S: | 107,46 Gb Total Space | 23,67 Gb Free Space | 22,03% Space Free | Partition Type: NTFS
Drive Z: | 633,42 Gb Total Space | 250,49 Gb Free Space | 39,55% Space Free | Partition Type: NTFS

Computer Name: DANIEL-PC | User Name: Daniel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2661488324-2594523016-1501765560-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- A:\Programme\Vista\Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "A:\Programme\Vista\MS Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "A:\Programme\Vista\MS Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "A:\Programme\Vista\VLC\vlc-1.0.5\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- A:\Programme\Vista\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "A:\Programme\Vista\VLC\vlc-1.0.5\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "A:\Programme\Vista\MS Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "A:\Programme\Vista\MS Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "A:\Programme\Vista\VLC\vlc-1.0.5\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- A:\Programme\Vista\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "A:\Programme\Vista\VLC\vlc-1.0.5\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 3E 1C B0 6A A9 51 CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2661488324-2594523016-1501765560-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03A9D8F9-727F-40B5-A1C8-137D549EE2F5}" = lport=137 | protocol=17 | dir=in | app=system |
"{1FDC75A7-3678-42B5-8C77-7215A3AB3D70}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{2000FCCE-56E9-47B3-9603-0B0A2118132C}" = lport=138 | protocol=17 | dir=in | app=system |
"{25F3B178-0433-4ECD-86AD-D4C071873DC4}" = lport=445 | protocol=6 | dir=in | app=system |
"{27F0BBE8-E77B-4644-ADC1-32439D041379}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2F0BEDCE-4BEF-49F3-BFEC-7BF115414BFB}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher |
"{3B2C05E6-F7C2-4DE2-971B-0338BC64589C}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{3E5F873E-1594-4ABE-BE8E-5A42516FC4F0}" = rport=138 | protocol=17 | dir=out | app=system |
"{524FF324-190E-4503-8697-BCEC983ACBF5}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{6F9A149F-1E12-4443-89F7-00E48737657F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{70284FBE-7A2E-4227-934B-7BD84123AFD0}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{77896EB8-D669-4D03-B975-EFD4306C13C1}" = rport=139 | protocol=6 | dir=out | app=system |
"{98126AF1-83C9-400F-9304-D799B9546A23}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{9B8101E1-00CD-4640-B49B-6CEE6F30E948}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{9DD04AD7-FBA1-40C5-9493-4D0B478FCDF6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9F408C4A-981D-420E-BE0A-6588B47A34B4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{9FF9B398-A7C7-4EDF-802F-93D7301EAB7C}" = rport=445 | protocol=6 | dir=out | app=system |
"{9FFE290F-9123-4377-9D76-33A92FC0204D}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher |
"{BF7F3FF4-055E-4654-9B43-8136ED845F55}" = rport=137 | protocol=17 | dir=out | app=system |
"{C03CF2ED-101F-43BB-8B62-7426734A3CDE}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{D8BF147E-7D53-45FA-A3FE-5B93306E9376}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D96DD8B1-5AA9-443C-BC5E-6C2329B9C9C3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EBCF9561-9AB4-4232-B3CF-3E9FD323F479}" = lport=139 | protocol=6 | dir=in | app=system |
"{FDE2FA16-3EFA-4BAF-B7F6-62C09C4B75D3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09DDC764-E218-40F5-B696-7B133421B7F6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{0B03262E-6968-44C4-90D1-AACBBBFC45C1}" = protocol=17 | dir=in | app=g:\games\vista\steam\steamapps\common\dota 2 beta\dota.exe |
"{1078D3BB-3A27-4923-84E7-A4E8EE0B7F0A}" = protocol=6 | dir=in | app=g:\games\vista\crysis\bin32\crysisdedicatedserver.exe |
"{11F834EF-62A8-42DB-835D-AF510DA44920}" = protocol=17 | dir=in | app=g:\games\vista\league of legends\air\lolclient.exe |
"{1A64B0AC-0FC5-45CF-9EAB-23AA981121B4}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{1B92EE72-0EBF-4DD7-8D04-90B36DA4E806}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{1C790510-A155-4D1C-AFB1-7C97BD74F5B3}" = protocol=17 | dir=in | app=a:\programme\vista\icq\icq7.2\icq.exe |
"{1FC7DBF4-2E2B-4AE7-828D-309A0C76FC18}" = protocol=6 | dir=in | app=g:\games\vista\steam\steamapps\kamikasse\counter-strike\hl.exe |
"{20E2A033-6409-4925-B1CA-3F504BDEB694}" = protocol=17 | dir=in | app=g:\games\vista\crysis\bin32\crysis.exe |
"{26613B22-3198-4406-A8F5-7D8191C97C08}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{2A108E73-0147-4E4F-8C35-DA1F684BFA8B}" = protocol=17 | dir=in | app=g:\games\vista\steam\steam.exe |
"{2D6DC1CE-A4EB-49AF-8BBE-00567B0083A5}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{30703650-CAF3-4885-AF29-971BFB83D740}" = protocol=6 | dir=in | app=a:\programme\vista\yahoo messenger\messenger\yahoomessenger.exe |
"{31966044-CF10-473F-B9EF-C26464BF2415}" = dir=in | app=a:\programme\vista\iphone\itunes\itunes.exe |
"{360D7458-167C-49B6-9EE7-11F1C0047412}" = protocol=17 | dir=in | app=a:\programme\vista\yahoo messenger\messenger\yahoomessenger.exe |
"{382CB011-1ED4-4424-87F0-A0F8B6D5072D}" = protocol=17 | dir=in | app=a:\programme\vista\icq\icq7.2\aolload.exe |
"{3993FF3D-4A5A-4626-8B31-2AA03B31FE4C}" = dir=in | app=a:\programme\vista\skype\phone\skype.exe |
"{412439BA-C36B-49B9-8EFD-53A35853121E}" = protocol=6 | dir=in | app=a:\programme\vista\icq\icq7.2\aolload.exe |
"{4322B004-2B5F-42B2-A41F-3DD04B8A3A92}" = protocol=6 | dir=in | app=g:\games\vista\rockstar games\rockstar games social club\rgsclauncher.exe |
"{49EBE3C1-3B14-4E5D-A0AB-D8D2750165C1}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{4AFB02F4-9FF5-46CB-9BB3-0D0DB99476D7}" = protocol=6 | dir=in | app=a:\programme\vista\icq\icq7.2\icq.exe |
"{517B5C67-A172-4E21-B4BC-5A844C3E50DB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{58B4E94D-8588-4EC9-BE0B-41F48747A24A}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{5DC5928C-BEE6-4B54-8AA1-54D01EB30961}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{6050A661-9EA2-4921-95E2-AD93CB5AD355}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{6418A616-FA10-442E-8577-B6E1DF2E383B}" = protocol=6 | dir=in | app=a:\programme\vista\icq\icq7.2\icq.exe |
"{67F04552-42DD-4B41-BB13-A28941A6BD57}" = protocol=17 | dir=in | app=g:\games\vista\rockstar games\rockstar games social club\rgsclauncher.exe |
"{69A5BF7D-E0B9-4953-A92D-98BE1EE946EB}" = protocol=17 | dir=in | app=g:\games\vista\rockstar games\gta iv\grand theft auto iv\launchgtaiv.exe |
"{6E247E8F-BF3F-4AE6-8208-DB733AB4640C}" = protocol=17 | dir=in | app=a:\programme\vista\iphone\iphone explorer\software4u.iphoneexplorer.exe |
"{730F4B70-CF5B-42AB-8431-B07EFA18FF9C}" = protocol=6 | dir=in | app=a:\programme\vista\iphone\iphone explorer\software4u.iphoneexplorer.exe |
"{758FF5F4-B039-4F9A-B561-13586821B039}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{75CE771B-4E20-4040-93DF-E9AC6392DFA5}" = protocol=6 | dir=in | app=g:\games\vista\crysis\bin32\crysis.exe |
"{79057D84-01F0-468F-ABF8-8C0C996F43DE}" = protocol=17 | dir=in | app=a:\programme\vista\icq\icq7.2\aolload.exe |
"{7BE3683F-5FE0-4021-BC9D-318D46426C07}" = protocol=6 | dir=in | app=g:\games\vista\steam\steam.exe |
"{7C3C64C1-92CA-453D-A1A6-AD15199F9A58}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7CE9F49E-B0DB-440D-ABDA-0968E746FA6E}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{80AC9C10-8CE9-467A-A1DA-DE7B82DDCDE2}" = protocol=6 | dir=in | app=g:\games\vista\league of legends\game\league of legends.exe |
"{8152E850-656F-417F-9510-EE65EBF66730}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{831E3C9D-CFDA-48CD-97E5-A7D851D11394}" = protocol=17 | dir=in | app=a:\programme\vista\icq\icq7.2\icq.exe |
"{8606AE1F-B8B6-4E72-9790-9FB6E182CC7F}" = protocol=17 | dir=in | app=g:\games\vista\steam\steam.exe |
"{862618BF-ABD0-4E8C-B1F9-EADCB8093E0F}" = protocol=6 | dir=in | app=c:\windows\system32\hasplms.exe |
"{8861A561-9378-42FE-9264-9E259B211533}" = protocol=6 | dir=in | app=g:\games\vista\rockstar games\gta iv\grand theft auto iv\launchgtaiv.exe |
"{8FDC12BF-61CA-4245-AB60-A4853F7564AF}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{9332F4AF-F521-421B-82EC-807048E7B15F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{98F2597F-F0E3-4FA0-9184-8F38B431C3D5}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{A271B458-ECB9-4F8B-A814-F05DE0F2D532}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{A5CFD30A-F1DE-469C-9B4C-ED7DAB63F609}" = protocol=6 | dir=in | app=a:\programme\vista\icq\icq7.2\aolload.exe |
"{A6231193-6437-4717-93B6-F6B7B3256B30}" = protocol=6 | dir=in | app=g:\games\vista\kane and lynch\kaneandlynch.exe |
"{B582AA15-4D45-4094-9564-549491F5441A}" = protocol=17 | dir=in | app=g:\games\vista\crysis\bin32\crysisdedicatedserver.exe |
"{B63E08B3-5E27-4CEE-9C3E-90814CF5D63D}" = protocol=6 | dir=in | app=g:\games\vista\crysis\bin64\crysisdedicatedserver.exe |
"{C010C20C-12A2-4E7A-92BA-CAC082888B28}" = protocol=17 | dir=in | app=g:\games\vista\steam\steamapps\common\dota 2 beta\dota.exe |
"{C7D3BB21-9498-4004-81C5-9A7D5A633809}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D7894933-AC31-4802-BACA-9EE617916873}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D9C40226-6F66-4E21-8931-7967C3538A5D}" = protocol=17 | dir=in | app=g:\games\vista\league of legends\game\league of legends.exe |
"{DD02F313-5F51-4FE6-B334-A88D1B2C8E11}" = protocol=17 | dir=in | app=g:\games\vista\kane and lynch\kaneandlynch.exe |
"{DD68EF71-0E98-46E6-9FC8-9FBF71CA3ADA}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{DE494ABD-9551-43BE-827D-A84C155FDFB0}" = protocol=17 | dir=in | app=g:\games\vista\crysis\bin64\crysisdedicatedserver.exe |
"{DE861B23-9040-474A-9155-F74A1101B252}" = protocol=6 | dir=in | app=g:\games\vista\prototype\prototypef.exe |
"{DEE02FF0-EFD8-45A0-B487-511CBEE35170}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{DF765545-F123-4DBE-8030-6932E785CB47}" = protocol=6 | dir=in | app=g:\games\vista\steam\steamapps\common\dota 2 beta\dota.exe |
"{E17AC1A2-3543-404B-BA76-44365DC09FFA}" = protocol=6 | dir=in | app=g:\games\vista\league of legends\air\lolclient.exe |
"{E2019786-C9C0-4046-BBF8-9311EACCAE2E}" = protocol=17 | dir=in | app=g:\games\vista\prototype\prototypef.exe |
"{E2380AFE-9529-43CA-AA5E-59556FC31DBA}" = protocol=6 | dir=in | app=g:\games\vista\crysis\bin64\crysis.exe |
"{E2BD1FD7-F76E-4AAC-B648-995E7D0C2A08}" = protocol=17 | dir=in | app=g:\games\vista\steam\steamapps\kamikasse\counter-strike\hl.exe |
"{E5573C7C-AA20-4DB1-B414-F493677648E3}" = protocol=6 | dir=in | app=g:\games\vista\steam\steam.exe |
"{F1714522-19F4-48AD-9339-B09DB57E63BB}" = protocol=6 | dir=in | app=g:\games\vista\steam\steamapps\common\dota 2 beta\dota.exe |
"{F8462619-D8FC-474B-AE3B-05AD045EB3FE}" = protocol=17 | dir=in | app=c:\windows\system32\hasplms.exe |
"{F89C17D6-A70E-43BA-98DF-9B1B1EFCD9DA}" = protocol=17 | dir=in | app=g:\games\vista\crysis\bin64\crysis.exe |
"TCP Query User{25C2C271-3445-4F90-A33A-5BDFB663676E}G:\games\vista\warcraft iii\listchecker\pickup.listchecker.exe" = protocol=6 | dir=in | app=g:\games\vista\warcraft iii\listchecker\pickup.listchecker.exe |
"TCP Query User{3B44605F-D5A1-4807-B32E-09BA2D3B00C8}G:\games\vista\soldier of fortune payback\sof3.exe" = protocol=6 | dir=in | app=g:\games\vista\soldier of fortune payback\sof3.exe |
"TCP Query User{5384558F-5AD5-446F-BCCD-D48F824A4DB3}A:\programme\vista\emule\emule.exe" = protocol=6 | dir=in | app=a:\programme\vista\emule\emule.exe |
"TCP Query User{7305552F-FAA1-47D2-B104-BB395863D045}G:\games\vista\sid meier's civilization 4\civilization4.exe" = protocol=6 | dir=in | app=g:\games\vista\sid meier's civilization 4\civilization4.exe |
"TCP Query User{90002CB5-0738-482D-A3D0-97A6DEE2FF32}G:\games\vista\starcraft\starcraft.exe" = protocol=6 | dir=in | app=g:\games\vista\starcraft\starcraft.exe |
"TCP Query User{9043C97D-5F0E-47E9-A79F-61C335C1F4D6}G:\games\vista\warcraft iii\war3.exe" = protocol=6 | dir=in | app=g:\games\vista\warcraft iii\war3.exe |
"TCP Query User{93444569-A651-4408-9579-0BCAF562884B}A:\programme\vista\icq\icq6\icq.exe" = protocol=6 | dir=in | app=a:\programme\vista\icq\icq6\icq.exe |
"TCP Query User{96FF843E-98DE-40D7-9694-4A59F7129202}G:\games\vista\warcraft iii\war3.exe" = protocol=6 | dir=in | app=g:\games\vista\warcraft iii\war3.exe |
"TCP Query User{A183DB00-B3C7-4AEF-BB57-A8F11ACE5828}G:\games\vista\warcraft iii\listchecker\pickup.listchecker.exe" = protocol=6 | dir=in | app=g:\games\vista\warcraft iii\listchecker\pickup.listchecker.exe |
"TCP Query User{A6602194-57F6-4603-8C93-D7C279E8CA0F}A:\programme\vista\emule\emule.exe" = protocol=6 | dir=in | app=a:\programme\vista\emule\emule.exe |
"TCP Query User{BCDB0903-81DB-4142-A63B-8B4583BC775A}A:\programme\vista\icq\icq6.5\icq.exe" = protocol=6 | dir=in | app=a:\programme\vista\icq\icq6.5\icq.exe |
"TCP Query User{CD225332-F4AD-4BE8-8D55-0B56B66279FD}G:\games\vista\starcrafteng\starcraft.exe" = protocol=6 | dir=in | app=g:\games\vista\starcrafteng\starcraft.exe |
"TCP Query User{CE958C00-AC71-4DBA-A68F-16065C154EE8}S:\my data\downloads\downloader_starcraft_combo_enus.exe" = protocol=6 | dir=in | app=s:\my data\downloads\downloader_starcraft_combo_enus.exe |
"TCP Query User{EB12B6F9-01AA-45BA-B0B9-7384C0413FB9}G:\games\vista\russencs\hl.exe" = protocol=6 | dir=in | app=g:\games\vista\russencs\hl.exe |
"TCP Query User{F62EEC69-CD9D-43B8-A0A8-3AF6AFED21B5}G:\games\vista\rockstar games\gta iv\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=g:\games\vista\rockstar games\gta iv\grand theft auto iv\gtaiv.exe |
"TCP Query User{F9923728-1B16-4425-A131-052F0CA786F4}A:\programme\vista\icq\icq6\icq.exe" = protocol=6 | dir=in | app=a:\programme\vista\icq\icq6\icq.exe |
"UDP Query User{02BDEDBE-10DA-43B1-A56A-73FE6CE4DC57}G:\games\vista\warcraft iii\listchecker\pickup.listchecker.exe" = protocol=17 | dir=in | app=g:\games\vista\warcraft iii\listchecker\pickup.listchecker.exe |
"UDP Query User{0350A96B-3808-4411-80FD-9B960FDA2EB5}G:\games\vista\russencs\hl.exe" = protocol=17 | dir=in | app=g:\games\vista\russencs\hl.exe |
"UDP Query User{128A273B-F7AD-4EE9-AA83-4A4CAEED68D5}G:\games\vista\sid meier's civilization 4\civilization4.exe" = protocol=17 | dir=in | app=g:\games\vista\sid meier's civilization 4\civilization4.exe |
"UDP Query User{2B6CB25F-4430-46E5-A750-D5EF0A1F215B}G:\games\vista\rockstar games\gta iv\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=g:\games\vista\rockstar games\gta iv\grand theft auto iv\gtaiv.exe |
"UDP Query User{46920A0C-CB60-427F-97D0-052CD64863E1}G:\games\vista\warcraft iii\war3.exe" = protocol=17 | dir=in | app=g:\games\vista\warcraft iii\war3.exe |
"UDP Query User{4FD0244E-94CE-4A18-B3F4-5DA5839B087D}G:\games\vista\starcrafteng\starcraft.exe" = protocol=17 | dir=in | app=g:\games\vista\starcrafteng\starcraft.exe |
"UDP Query User{5650E9F3-1372-4122-8F9C-32BCEAC4E623}A:\programme\vista\emule\emule.exe" = protocol=17 | dir=in | app=a:\programme\vista\emule\emule.exe |
"UDP Query User{565FD11A-A8BB-40BF-B6CB-AAB2D635E0B2}A:\programme\vista\icq\icq6\icq.exe" = protocol=17 | dir=in | app=a:\programme\vista\icq\icq6\icq.exe |
"UDP Query User{5A17150F-2890-4F89-A668-D2FFFD6A6AD3}A:\programme\vista\icq\icq6.5\icq.exe" = protocol=17 | dir=in | app=a:\programme\vista\icq\icq6.5\icq.exe |
"UDP Query User{6031DD7E-2D38-4FF9-9BA3-E5DE561CF643}S:\my data\downloads\downloader_starcraft_combo_enus.exe" = protocol=17 | dir=in | app=s:\my data\downloads\downloader_starcraft_combo_enus.exe |
"UDP Query User{825CE9D1-B22B-4E12-9C69-B589B3E55143}A:\programme\vista\icq\icq6\icq.exe" = protocol=17 | dir=in | app=a:\programme\vista\icq\icq6\icq.exe |
"UDP Query User{A265DB6F-66E5-4E21-90C4-FCCF2FD336C5}G:\games\vista\warcraft iii\war3.exe" = protocol=17 | dir=in | app=g:\games\vista\warcraft iii\war3.exe |
"UDP Query User{D23220A6-FEB3-49A3-BD2E-4D137CCD1555}A:\programme\vista\emule\emule.exe" = protocol=17 | dir=in | app=a:\programme\vista\emule\emule.exe |
"UDP Query User{E80AAA66-9EBB-4FB2-B384-28AEF9DE6449}G:\games\vista\starcraft\starcraft.exe" = protocol=17 | dir=in | app=g:\games\vista\starcraft\starcraft.exe |
"UDP Query User{FA20537C-F71A-4C13-A3EB-485537F0F592}G:\games\vista\soldier of fortune payback\sof3.exe" = protocol=17 | dir=in | app=g:\games\vista\soldier of fortune payback\sof3.exe |
"UDP Query User{FE3B5E0E-FE5F-4433-A750-C5D2FBD062C7}G:\games\vista\warcraft iii\listchecker\pickup.listchecker.exe" = protocol=17 | dir=in | app=g:\games\vista\warcraft iii\listchecker\pickup.listchecker.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4700_series" = Canon iP4700 series Printer Driver
"{26921B2E-3E62-47F9-A514-1FC4A83BD738}" = Intel(R) PROSet/Wireless WiFi-Software
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2AF8017B-E503-408F-AACE-8A335452CAD2}" = IBM SPSS Statistics 20
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5C820C43-917F-4A1E-A8CB-F699A73F8AB7}" = AxCrypt 1.7.1878.0
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{60C70D2F-28B7-4654-BBFA-C932BAA4A9E6}" = GlobeTrotter Connect
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{727E94E5-584F-4463-B4F5-93D3779C610B}_x" = GlobeTrotter Connect
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{8C5B5A11-CBF8-451B-B201-77FAB0D0B77D}" = Microsoft Network Monitor 3.4
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{A8BB73DB-199D-4917-B7CB-32FAAC4B820D}" = Topaz Adjust 3 (64-bit)
"{AA45E50C-1447-48CD-9B49-61B82ED1F95C}" = Adobe Photoshop Lightroom 2.3 64-bit
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.16.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BA2B617F-EE1D-4201-9E3C-E3ECD5DEAC39}" = Topaz Adjust (64-bit)
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D21540A9-37AC-40FC-8106-15A4C1A2DD1A}" = Oracle VM VirtualBox 4.1.4
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"4435-7533-6274-7601" = Geneious 5.6.2
"CCleaner" = CCleaner
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"ProInst" = Intel PROSet Wireless
"R for Windows 2.13.2_is1" = R for Windows 2.13.2
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SMSERIAL" = Motorola SM56 Data Fax Modem
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamSpeak 3 Client" = TeamSpeak 3 Client

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{0215A652-E081-4B09-9333-DC85AAB67FFA}" = Adobe Dreamweaver CS5.5
"{02B244A2-7F6A-42E8-A36F-8C385D7A1625}" = Gothic III
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}" = Microsoft Games for Windows - LIVE Redistributable
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0D801AB5-0CA0-4471-B2B6-B9F4A363EE9F}" = DxO Optics Pro for Photoshop CS
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{13B792AA-C078-43A4-8A3A-8B12D629940D}" = Counter-Strike 1.6
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{164714B6-46BC-4649-9A30-A6ED32F03B5A}" = Hotkey
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BB1DCED-84D3-47F9-B718-5947E904593E}" = BisonCam
"{4D243BA7-9AC4-46D1-90E5-EEB88974F501}" = Microsoft Games for Windows - LIVE
"{4D53090A-CE35-42BD-B377-831000018301}" = Fable III
"{50FC1CE8-FF32-4F3B-B654-050DD6ECD474}" = EXIFeditor
"{53DA6CFE-7CDE-4F72-9E23-39AAC686DE17}" = iPhone Folders
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{59C2E0E4-0859-4EC1-BCD3-53DBCEFE7AFA}" = Topaz Adjust
"{5A0D71BC-3AB0-4BC1-B241-CABE11EEE731}" = DxO Optics Pro 5.3.3
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5B0D20D7-AA12-4FC8-9A4A-AF722F430738}_is1" = EOS Camera Movie Record 0.3.1 Beta
"{5E684419-44E3-46EE-A43C-A60082CBF4EC}" = Topaz Adjust 3
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6B6EF732-A621-4BAB-A695-CEF6C76B46F2}" = Ettercap
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7821C7B2-7E21-4CF3-925B-58B6A8BC6311}" = LibreOffice 3.4
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8726B95C-F494-4C7B-8773-7A1943D69C4E}" = Bio-Rad CFX Manager 2.1
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{89C89156-A70F-4C6D-9CAE-2EA71F1396FE}" = Garena
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AEA4BE2-2B52-41C0-BB7D-9F2D17AF1031}" = Nero 8
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{97937CFF-85CE-4534-A843-1DB5C15CF581}" = ImagingPam
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A10D9B03-AABB-47D7-8A30-2FEA97E70BC7}" = Quake Live Mozilla Plugin
"{A6457851-5EA9-45B0-AF1D-D2A0A4781CFB}" = MIDI-OX
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B047C9CE-1B9B-45A9-89A0-7E6F81C16FEF}" = Camtasia Studio 6
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BA2E30B9-5D7B-46C4-8C04-B1EFA7BBA23E}" = Lucis Pro
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BCD4A059-C381-4548-B4F1-564F21A64415}" = Bio-Rad iQ5 2.1 Standard Edition
"{C0E8FE43-C35B-451D-B35F-D4BD056D70E7}" = Camtasia Studio 7
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C576C82C-EE87-11D6-B031-0000CB597465}" = A.F.7 Merge your files 1.3
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D75B5A39-C686-421C-B2BE-FDF9574662E1}" = Cisco AnyConnect Secure Mobility Client
"{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1
"{D7BF3B76-EEF9-4868-9B2B-42ABF60B279A}" = Microsoft_VC80_CRT_x86
"{DA86503D-AAA4-4AB1-B872-ED1360A0424C}" = A.F.6 Split your files 2.2
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DE4CF159-4AD2-4754-BDA0-5FB088C8B58B}" = Razer Diamondback
"{E4511CEC-2E60-4076-95B6-0E193269EB86}" = MicroMachines V4
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F66B9ED8-DB45-4A0C-BE7B-513BE9E28226}" = ASTERICS 3.3.1
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"AVIcodec" = AVIcodec (remove only)
"Avira AntiVir Desktop" = Avira Free Antivirus
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon iP4700 series Benutzerregistrierung" = Canon iP4700 series Benutzerregistrierung
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Carl Zeiss LSM Image Browser" = LSM Image Browser, Release 4.2
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client
"CloneCD" = CloneCD
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DFX for Winamp" = DFX for Winamp
"Diablo II" = Diablo II
"Diablo III" = Diablo III
"DiskAid_is1" = DiskAid 5.3
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup" = DivX-Setup
"DPP" = Canon Utilities Digital Photo Professional 3.9
"DreamSuite Bonus" = Uninstall DreamSuite Bonus
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"eMule" = eMule
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EOS Utility" = Canon Utilities EOS Utility
"Ettercap 0.7.4" = Ettercap-0.7.4
"Exact Audio Copy" = Exact Audio Copy 0.99pb5
"Exif Tag Remover_is1" = Exif Tag Remover 3.01
"FE5AE7DC-7B01-4263-A94C-B4526C276549_is1" = iPhone Explorer
"Flickr Uploadr" = Flickr Uploadr 3.2.1
"Fraps" = Fraps (remove only)
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"hon" = Heroes of Newerth
"ImagingPam" = ImagingPam
"ImgBurn" = ImgBurn
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"ManpWIN_is1" = ManpWIN version 3.01i
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube
"Mozilla Firefox (3.0.2)" = Mozilla Firefox (3.0.2)
"MyCamera" = Canon Utilities MyCamera
"Neat Image_is1" = Neat Image v5 Demo (with plug-in)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Photomatix Pro_is1" = Photomatix Pro version 2.5.4
"PhotomatixPro3_is1" = Photomatix Pro version 3.0
"PhotoStitch" = Canon Utilities PhotoStitch
"Picasa 3" = Picasa 3
"Picture Style Editor" = Canon Utilities Picture Style Editor
"Portrait Professional Max 6_is1" = Portrait Professional Max 6.3
"PTGui" = PTGui Pro 9.0
"PunkBusterSvc" = PunkBuster Services
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 12.0" = RealPlayer
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"RStudio" = RStudio
"SecureW2 EAP Suite" = SecureW2 EAP Suite 1.1.1 for Windows
"SecureW2 TTLS Client" = SecureW2 TTLS Client 3.2.0 for Windows Vista BETA1
"ShiftN_is1" = ShiftN 3.3
"simple1_is1" = Photomatix Tone Mapping Plug-In version 1.0
"simple2_is1" = Tone Mapping Plug-In 1.2
"SMAC 2.7" = SMAC 2.7
"StarCraft" = StarCraft
"StarCraft II" = StarCraft II
"Steam App 10" = Counter-Strike
"Steam App 570" = Dota 2
"SystemRequirementsLab" = System Requirements Lab
"Tinn-R_is1" = Tinn-R 2.3.7.1
"Totalcmd" = Total Commander (Remove or Repair)
"UFRaw_is1" = UFRaw 0.17
"UnrealTournament" = Unreal Tournament G.O.T.Y. Edition
"VertusFluidMask3" = Vertus Fluid Mask 3 3.0.8
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.1.8
"Warcraft III" = Warcraft III
"Warkeys" = Warkeys 1.13.1.0b
"waterMark V2" = waterMark V2
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.0.2
"WinRAR archiver" = WinRAR
"Wise Disk Cleaner_is1" = Wise Disk Cleaner 5.54
"Wise Registry Cleaner_is1" = Wise Registry Cleaner Free 5.54
"XP Codec Pack" = XP Codec Pack
"Yahoo! Messenger" = Yahoo! Messenger
"Zattoo" = Zattoo 3.2.4 Beta
"Zattoo4" = Zattoo4 4.0.5
"Z-defragRAM" = Z-defragRAM
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2661488324-2594523016-1501765560-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Bitcoin" = Bitcoin
"CopyTrans Suite" = Nur Entfernen der CopyTrans Suite möglich
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"Warcraft III" = Warcraft III: All Products

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 15.08.2012 09:53:53 | Computer Name = Daniel-PC | Source = ESENT | ID = 412
Description = wuaueng.dll (828)SUS20ClientDataStore: Die Kopfzeile der Protokolldatei
C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log konnte nicht gelesen werden.
Fehler -546.

Error - 15.08.2012 10:23:55 | Computer Name = Daniel-PC | Source = ESENT | ID = 412
Description = wuaueng.dll (828)SUS20ClientDataStore: Die Kopfzeile der Protokolldatei
C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log konnte nicht gelesen werden.
Fehler -546.

Error - 15.08.2012 10:23:55 | Computer Name = Daniel-PC | Source = ESENT | ID = 412
Description = wuaueng.dll (828)SUS20ClientDataStore: Die Kopfzeile der Protokolldatei
C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log konnte nicht gelesen werden.
Fehler -546.

Error - 15.08.2012 10:23:55 | Computer Name = Daniel-PC | Source = ESENT | ID = 412
Description = wuaueng.dll (828)SUS20ClientDataStore: Die Kopfzeile der Protokolldatei
C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log konnte nicht gelesen werden.
Fehler -546.

Error - 15.08.2012 10:23:55 | Computer Name = Daniel-PC | Source = ESENT | ID = 412
Description = wuaueng.dll (828)SUS20ClientDataStore: Die Kopfzeile der Protokolldatei
C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log konnte nicht gelesen werden.
Fehler -546.

Error - 15.08.2012 10:45:48 | Computer Name = Daniel-PC | Source = System Restore | ID = 8193
Description =

Error - 15.08.2012 10:53:57 | Computer Name = Daniel-PC | Source = ESENT | ID = 412
Description = wuaueng.dll (828)SUS20ClientDataStore: Die Kopfzeile der Protokolldatei
C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log konnte nicht gelesen werden.
Fehler -546.

Error - 15.08.2012 10:53:57 | Computer Name = Daniel-PC | Source = ESENT | ID = 412
Description = wuaueng.dll (828)SUS20ClientDataStore: Die Kopfzeile der Protokolldatei
C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log konnte nicht gelesen werden.
Fehler -546.

Error - 15.08.2012 10:53:57 | Computer Name = Daniel-PC | Source = ESENT | ID = 412
Description = wuaueng.dll (828)SUS20ClientDataStore: Die Kopfzeile der Protokolldatei
C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log konnte nicht gelesen werden.
Fehler -546.

Error - 15.08.2012 10:53:57 | Computer Name = Daniel-PC | Source = ESENT | ID = 412
Description = wuaueng.dll (828)SUS20ClientDataStore: Die Kopfzeile der Protokolldatei
C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log konnte nicht gelesen werden.
Fehler -546.

[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 14.08.2012 09:14:25 | Computer Name = Daniel-PC | Source = acvpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.

Error - 14.08.2012 13:56:39 | Computer Name = Daniel-PC | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE


Error - 14.08.2012 15:52:21 | Computer Name = Daniel-PC | Source = acvpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.

Error - 15.08.2012 03:11:13 | Computer Name = Daniel-PC | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE


Error - 15.08.2012 03:13:59 | Computer Name = Daniel-PC | Source = acvpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.

Error - 15.08.2012 05:25:19 | Computer Name = Daniel-PC | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE


Error - 15.08.2012 06:05:09 | Computer Name = Daniel-PC | Source = acvpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.

Error - 15.08.2012 06:08:06 | Computer Name = Daniel-PC | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE


Error - 15.08.2012 07:16:34 | Computer Name = Daniel-PC | Source = acvpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.

Error - 15.08.2012 09:50:59 | Computer Name = Daniel-PC | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE


[ System Events ]
Error - 15.08.2012 05:25:04 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 15.08.2012 05:25:13 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 15.08.2012 06:06:15 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 15.08.2012 06:06:15 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 15.08.2012 06:06:22 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 15.08.2012 09:50:27 | Computer Name = Daniel-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.2.102 für die Netzwerkkarte mit der Netzwerkadresse
0016EACE5E36 wurde durch den DHCP-Server 192.168.2.1 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).

Error - 15.08.2012 09:50:34 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 15.08.2012 09:50:34 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 15.08.2012 09:50:47 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 15.08.2012 09:50:47 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7026
Description =


< End of report >

Alt 18.08.2012, 10:27   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
"hermes_v01" - Email von web.de - Standard

"hermes_v01" - Email von web.de



Code:
ATTFilter
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 ptgui.com
O1 - Hosts: 127.0.0.1 www.ptgui.com
         
Wenn man Software über illegale Tricks und Cracks/Keygens nutzt, muss man sich auch nicht wundern, dass Passwörter gestohlen und Zugänge geknackt werden

Siehe auch => http://www.trojaner-board.de/95393-c...-software.html

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support ohne jegliche Diskussion beenden.

Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!!

Dass illegale Cracks und Keygens im Wesentlichen dazu dienen, Malware zu verbreiten ist kein Geheimnis und muss jedem klar sein!


In Zukunft Finger weg von: Softonic, Registry-Bereinigern und illegalem Zeugs Cracks/Keygens/Serials
__________________

__________________

Antwort

Themen zu "hermes_v01" - Email von web.de
antivir, avira, bonjour, delay.exe, desktop, downloader, email, entfernen, error, firefox, flash player, google, google earth, grand theft auto, hermes_v01, hijack, hijackthis, home, league of legends, logfile, nvidia update, office 2007, plug-in, problem, realtek, registry cleaner, safer networking, scan, security, software, svchost.exe, teamspeak, total commander, virtualbox, virus, vista, web.de




Ähnliche Themen: "hermes_v01" - Email von web.de


  1. mehrere Kontakte bekommen eine Email "Hey! Important message", "js/js Mahtong"
    Log-Analyse und Auswertung - 20.02.2016 (51)
  2. Email link auf dem Handy angeglichen "alleinerziehende Mutter"... nun einen Virus eingefangen?
    Smartphone, Tablet & Handy Security - 11.06.2015 (6)
  3. Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!
    Plagegeister aller Art und deren Bekämpfung - 11.01.2015 (16)
  4. Windows 7: eBay und eMail "gehackt" - Keine Antivirus Software
    Plagegeister aller Art und deren Bekämpfung - 02.01.2015 (5)
  5. "monstermarketplace.com" Infektion und ihre Folgen; "Anti-Virus-Blocker"," unsichtbare Toolbars" + "Browser-Hijacker" von selbst installiert
    Log-Analyse und Auswertung - 16.11.2013 (21)
  6. Email "Vorsorgliche Sicherheitssperre Ihres Postfachs!" von keineantwortadresse@web.de
    Plagegeister aller Art und deren Bekämpfung - 04.05.2013 (22)
  7. "Deutsche Post(eMail-Anhang)" Alle "EXE(Programme)" werden blockiert "WIN 7 Defender"
    Plagegeister aller Art und deren Bekämpfung - 27.12.2012 (3)
  8. "Stille" email an vorhandenes email-account senden um emails mitzulesen?
    Überwachung, Datenschutz und Spam - 29.08.2012 (2)
  9. "hermes_v01" - mail account virus?
    Log-Analyse und Auswertung - 22.08.2012 (3)
  10. Evtl. Fehlalarme bzgl. "hermes_V01" in Verbindung mit Firefox?
    Diskussionsforum - 07.08.2012 (2)
  11. Trojaner email- "Deine Datingwebseite-Vertragsrechnung NR: 437734395" mit Anhang "Abmelden.zip.
    Plagegeister aller Art und deren Bekämpfung - 25.05.2012 (4)
  12. Neue Email "Lieferschein.zip"; Passwort ändern bei web.de nicht möglich
    Plagegeister aller Art und deren Bekämpfung - 22.05.2012 (1)
  13. Buchungsbestätigung per eMail von booking.com / Trojaner "TR/Injector.qmu" und weitere Malware
    Log-Analyse und Auswertung - 05.05.2012 (19)
  14. "Hotel Loews Regency made wrong transaction" // Email-Spam
    Überwachung, Datenschutz und Spam - 30.07.2011 (2)
  15. "Adware.Virtumonde"/"Downloader.MisleadApp"/"TR/VB.agt.4"/"NewDotNet.A.1350"/"Fakerec
    Plagegeister aller Art und deren Bekämpfung - 22.08.2008 (6)
  16. "Email-Worm.Win32.Warezov.yb" macht Stress
    Plagegeister aller Art und deren Bekämpfung - 18.06.2008 (1)
  17. Problem nach Email: "Betr. Klassentreffen"
    Plagegeister aller Art und deren Bekämpfung - 07.10.2005 (8)

Zum Thema "hermes_v01" - Email von web.de - Hallo! Neulich bekam ich eine Email von web.de, dass das Passwort für meinen Email-Account vom Virus "hermes_v01" ausgespäht wurde. Daraufhin habe ich sofort mein Passwort mit einem vermeintlich sicheren Rechner - "hermes_v01" - Email von web.de...
Archiv
Du betrachtest: "hermes_v01" - Email von web.de auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.