Bundespolizei-Ukash Virus

#1 Hallo, ich habe mir heute den Bundespolizei-Ukash Virus eingefangen, der meinen PC gesperrt hat.
Nach zweimaligen Neustart ist er nun komischerweise nicht mehr gesperrt, aber ich denke mal das der Virus noch drauf sein wird. Deshalb habe ich jetzt mal wie in der Forenanleitung OTL ausgeführt. Hier sind die Ergebnisse:

OTL.txt:

Code

OTL logfile created on: 05.05.2012 14:31:09 - Run 1
OTL by OldTimer - Version 3.2.42.2     Folder = C:\Users\Andreas\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,95 Gb Total Physical Memory | 3,82 Gb Available Physical Memory | 64,25% Memory free
11,90 Gb Paging File | 9,39 Gb Available in Paging File | 78,95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 683,16 Gb Total Space | 471,54 Gb Free Space | 69,02% Space Free | Partition Type: NTFS
Drive D: | 15,18 Gb Total Space | 1,65 Gb Free Space | 10,90% Space Free | Partition Type: NTFS
 
Computer Name: ANDREAS-HP | User Name: Andreas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2012.05.05 14:19:51 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Andreas\Downloads\OTL.exe
PRC - [2012.04.25 07:45:19 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.03.28 02:53:14 | 000,404,568 | ---- | M] (LG Electronics) -- C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
PRC - [2012.03.09 01:08:03 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011.11.06 18:34:48 | 003,077,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PRC - [2011.09.04 21:59:09 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2011.09.03 04:29:50 | 000,287,576 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.07.21 12:08:02 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.05.27 01:14:40 | 000,329,544 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
PRC - [2011.05.27 01:14:36 | 000,363,336 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
PRC - [2011.04.21 07:52:51 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.04.21 07:52:36 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.03.28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011.03.08 12:21:10 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2011.02.17 22:48:24 | 000,265,544 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
PRC - [2011.02.17 22:48:12 | 000,642,888 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
PRC - [2011.02.17 22:47:58 | 000,142,664 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
PRC - [2011.02.15 15:48:52 | 001,071,160 | ---- | M] (Hewlett-Packard Development Company L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
PRC - [2011.02.02 14:08:16 | 000,018,656 | ---- | M] () -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
PRC - [2011.01.27 12:38:04 | 000,318,520 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2011.01.25 22:56:34 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe
PRC - [2011.01.13 04:00:42 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011.01.13 04:00:38 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.12.22 22:25:02 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.12.22 22:24:58 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.11.17 19:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010.11.09 15:20:36 | 000,586,296 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2010.11.09 15:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2010.04.23 12:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010.04.23 12:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010.04.23 12:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010.04.23 12:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010.02.03 00:08:56 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
PRC - [2009.12.02 22:23:38 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2009.12.02 22:23:32 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2008.10.14 21:38:56 | 000,623,992 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2012.04.25 07:45:19 | 001,952,696 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012.04.14 18:50:15 | 008,797,344 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
MOD - [2012.04.12 17:36:33 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\00cb077c2bf82c7fe54b6f93af4b6686\IAStorUtil.ni.dll
MOD - [2012.04.12 09:50:36 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\262285b3d0afafc5059f3fe9be69bff5\System.Windows.Forms.ni.dll
MOD - [2012.04.12 09:50:25 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8177623eac8f15cf95b587625439eac7\System.Drawing.ni.dll
MOD - [2012.04.01 10:30:01 | 000,140,800 | ---- | M] () -- C:\ProgramData\Codecv\bhoclass.dll
MOD - [2012.02.16 21:33:39 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll
MOD - [2012.02.16 21:33:02 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll
MOD - [2012.02.16 21:32:58 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012.02.16 21:32:50 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012.02.16 21:32:49 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2011.11.06 18:34:48 | 003,077,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MOD - [2011.11.02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.11.02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.10.25 15:59:14 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\b40ad47b1338dd50c41d2c5571819a09\IAStorCommon.ni.dll
MOD - [2011.10.25 15:58:53 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011.04.10 06:18:40 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV:[b]64bit:[/b] - [2011.12.06 07:11:56 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:[b]64bit:[/b] - [2011.01.26 16:01:00 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV - [2012.04.25 07:45:19 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.04.14 18:50:15 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.03.09 01:08:03 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.02.28 17:38:54 | 002,343,816 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011.10.23 23:35:25 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV - [2011.09.09 18:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011.09.04 21:59:09 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011.09.03 04:32:12 | 000,077,520 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\HSSTrayService.exe -- (HssTrayService)
SRV - [2011.09.03 04:29:50 | 000,287,576 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe -- (hshld)
SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.07.21 12:08:02 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.05.27 01:14:40 | 000,329,544 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2011.05.27 01:14:36 | 000,363,336 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2011.05.20 16:03:06 | 000,038,926 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\FH-Aachen OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2011.04.21 07:52:51 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.03.28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011.03.16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.03.11 12:23:16 | 000,297,984 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\IDT\WDM\stacsv64.exe -- (STacSV)
SRV - [2011.02.17 22:48:24 | 000,265,544 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe -- (FPLService)
SRV - [2011.02.15 15:48:52 | 001,071,160 | ---- | M] (Hewlett-Packard Development Company L.P.) [On_Demand | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv)
SRV - [2011.02.02 14:08:16 | 000,018,656 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service)
SRV - [2011.01.25 13:56:32 | 000,241,648 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe -- (CLKMSVC10_38F51D56)
SRV - [2011.01.13 04:00:42 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010.12.22 22:25:02 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010.12.22 22:24:58 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010.11.29 15:00:56 | 000,149,504 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Programme\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) Intel(R)
SRV - [2010.11.09 15:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010.10.11 02:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.09.21 14:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.12.02 22:23:38 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2009.12.02 22:23:32 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.03.03 12:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\IDT\WDM\AESTSr64.exe -- (AESTFilters)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV:[b]64bit:[/b] - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2012.01.28 16:43:10 | 012,311,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:[b]64bit:[/b] - [2012.01.28 16:43:04 | 000,328,224 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:[b]64bit:[/b] - [2012.01.28 16:42:54 | 010,721,312 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:[b]64bit:[/b] - [2011.09.02 18:12:38 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:[b]64bit:[/b] - [2011.08.31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:[b]64bit:[/b] - [2011.08.30 00:54:28 | 000,117,520 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV:[b]64bit:[/b] - [2011.08.23 06:12:58 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:[b]64bit:[/b] - [2011.07.26 19:49:12 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:[b]64bit:[/b] - [2011.07.21 12:11:10 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:[b]64bit:[/b] - [2011.07.21 12:11:09 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:[b]64bit:[/b] - [2011.06.03 02:08:06 | 003,065,408 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:[b]64bit:[/b] - [2011.05.20 16:03:06 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:[b]64bit:[/b] - [2011.05.10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:[b]64bit:[/b] - [2011.03.11 12:23:16 | 000,521,728 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:[b]64bit:[/b] - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2011.02.28 23:36:54 | 000,056,832 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HssDrv.sys -- (HssDrv)
DRV:[b]64bit:[/b] - [2011.02.17 03:11:08 | 000,428,136 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:[b]64bit:[/b] - [2011.02.14 03:42:36 | 000,028,160 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:[b]64bit:[/b] - [2011.02.14 03:42:36 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64gps.sys -- (UsbGps)
DRV:[b]64bit:[/b] - [2011.02.14 03:42:30 | 000,034,816 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:[b]64bit:[/b] - [2011.02.14 03:42:28 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV:[b]64bit:[/b] - [2011.01.26 16:01:00 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:[b]64bit:[/b] - [2011.01.26 16:01:00 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:[b]64bit:[/b] - [2011.01.13 03:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:[b]64bit:[/b] - [2011.01.13 02:10:44 | 000,333,928 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:[b]64bit:[/b] - [2010.12.17 04:28:38 | 001,403,440 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:[b]64bit:[/b] - [2010.12.10 23:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:[b]64bit:[/b] - [2010.12.10 23:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:[b]64bit:[/b] - [2010.12.07 15:23:02 | 000,034,304 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandmodem64.sys -- (ANDModem)
DRV:[b]64bit:[/b] - [2010.12.07 15:23:00 | 000,027,648 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lganddiag64.sys -- (AndDiag)
DRV:[b]64bit:[/b] - [2010.12.07 15:23:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandgps64.sys -- (AndGps)
DRV:[b]64bit:[/b] - [2010.12.07 15:22:58 | 000,019,456 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandbus64.sys -- (Andbus)
DRV:[b]64bit:[/b] - [2010.11.29 15:00:04 | 000,016,120 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:[b]64bit:[/b] - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2010.11.21 05:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:[b]64bit:[/b] - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:[b]64bit:[/b] - [2010.10.20 02:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:[b]64bit:[/b] - [2010.08.19 19:24:34 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:[b]64bit:[/b] - [2010.08.02 17:19:10 | 000,031,744 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandadb.sys -- (androidusb)
DRV:[b]64bit:[/b] - [2010.07.28 09:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:[b]64bit:[/b] - [2009.12.02 22:23:38 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:[b]64bit:[/b] - [2009.12.02 22:23:34 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:[b]64bit:[/b] - [2009.12.02 22:23:32 | 000,269,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:[b]64bit:[/b] - [2009.12.02 22:23:26 | 000,721,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:[b]64bit:[/b] - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009.06.10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:[b]64bit:[/b] - [2009.06.10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:[b]64bit:[/b] - [2009.06.10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:[b]64bit:[/b] - [2009.06.10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:[b]64bit:[/b] - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:[b]64bit:[/b] - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:[b]64bit:[/b] - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT/4
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPNOT/4
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{00DB204B-7265-4A18-A6E0-7445FEEC4D7B}: "URL" = http://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT/4
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPNOT/4
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{00DB204B-7265-4A18-A6E0-7445FEEC4D7B}: "URL" = http://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT/4
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.hotspotshield.com/g/?c=h
IE - HKCU\..\SearchScopes,DefaultScope = {c99fdc39-a1ae-4b24-8d71-e5274f8d7c54}
IE - HKCU\..\SearchScopes\{00DB204B-7265-4A18-A6E0-7445FEEC4D7B}: "URL" = http://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKCU\..\SearchScopes\{c99fdc39-a1ae-4b24-8d71-e5274f8d7c54}: "URL" = http://search.hotspotshield.com/g/results.php?c=s&q={searchTerms}
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.defaultenginename: "Hotspot Shield Private Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.de/"
FF - prefs.js..keyword.URL: "http://search.hotspotshield.com/g/results.php?c=s&q="
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - user.js - File not found
 
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Andreas\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\electronicarts.com/GameFacePlugin: C:\Users\Andreas\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.11.28 23:25:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.04.25 07:45:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.12.18 16:49:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.02.04 17:11:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2011.09.02 10:01:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas\AppData\Roaming\mozilla\Extensions
[2012.05.02 19:22:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\aqew4gv9.default\extensions
[2012.04.09 14:18:08 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\aqew4gv9.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2012.04.01 20:10:01 | 000,000,000 | ---D | M] (Codecv) -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\aqew4gv9.default\extensions\info@allpremiumplay.info
[2012.01.07 15:28:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011.09.29 16:28:31 | 000,000,000 | ---D | M] (afurladvisor) -- C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com
[2011.09.02 14:53:09 | 000,000,000 | ---D | M] (TrueSuite Website Logon) -- C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com
() (No name found) -- C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AQEW4GV9.DEFAULT\EXTENSIONS\{987311C6-B504-4AA2-90BF-60CC49808D42}.XPI
() (No name found) -- C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AQEW4GV9.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AQEW4GV9.DEFAULT\EXTENSIONS\DIVXWEBPLAYER@DIVX.COM.XPI
() (No name found) -- C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AQEW4GV9.DEFAULT\EXTENSIONS\GROOVESHARKUNLOCKER@OVERLORD1337.XPI
() (No name found) -- C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AQEW4GV9.DEFAULT\EXTENSIONS\STEALTHYEXTENSION@GMAIL.COM.XPI
[2012.04.25 07:45:19 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.10.03 11:14:54 | 000,083,456 | ---- | M] (vShare.tv ) -- C:\Program Files (x86)\mozilla firefox\plugins\npvsharetvplg.dll
[2011.10.02 13:57:04 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.02 13:57:04 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.10.02 13:57:04 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.02 13:57:04 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.06.21 20:12:32 | 000,001,847 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\privatesearch.xml
[2011.10.02 13:57:04 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.02 13:57:04 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:[b]64bit:[/b] - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
O2:[b]64bit:[/b] - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:[b]64bit:[/b] - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll (AnchorFree Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (IE5BarLauncherBHO Class) - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O2 - BHO: (Codecv Class) - {815A7C14-BFD5-42E3-AF91-464085E0EEA4} - C:\ProgramData\Codecv\bhoclass.dll ()
O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:[b]64bit:[/b] - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe (LG Electronics)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe File not found
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O8:[b]64bit:[/b] - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:[b]64bit:[/b] - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:[b]64bit:[/b] - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:[b]64bit:[/b] - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:[b]64bit:[/b] - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:[b]64bit:[/b] - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:[b]64bit:[/b] - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:[b]64bit:[/b] - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:[b]64bit:[/b] - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16:[b]64bit:[/b] - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16:[b]64bit:[/b] - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16:[b]64bit:[/b] - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 10.2.0)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.191.92.86 62.109.123.7
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{742CA0B6-A9ED-44F4-961F-DC8D8258B723}: DhcpNameServer = 213.191.92.86 62.109.123.7
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D50F5143-71EA-4B01-9342-4B5754753946}: NameServer = 137.226.239.220,134.130.5.1
O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.10.23 22:50:38 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O33 - MountPoints2\{35ca63b8-d57c-11e0-a9c3-2c27d7a98689}\Shell - "" = AutoRun
O33 - MountPoints2\{35ca63b8-d57c-11e0-a9c3-2c27d7a98689}\Shell\AutoRun\command - "" = G:\Windows\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:[b]64bit:[/b] {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:[b]64bit:[/b] {1C982ECE-AC61-331F-24AD-10AF89154647} - Themes Setup
ActiveX:[b]64bit:[/b] {1E28A511-119B-7753-7443-E904D044D884} - Microsoft Windows Media Player
ActiveX:[b]64bit:[/b] {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:[b]64bit:[/b] {26EE612F-5955-35F4-2BA0-803EA327C705} - Browser Customizations
ActiveX:[b]64bit:[/b] {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:[b]64bit:[/b] {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:[b]64bit:[/b] {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:[b]64bit:[/b] {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:[b]64bit:[/b] {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:[b]64bit:[/b] {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:[b]64bit:[/b] {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:[b]64bit:[/b] {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:[b]64bit:[/b] {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:[b]64bit:[/b] {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:[b]64bit:[/b] {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:[b]64bit:[/b] {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:[b]64bit:[/b] {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:[b]64bit:[/b] {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:[b]64bit:[/b] {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:[b]64bit:[/b] {A11D1004-8CB2-683E-4079-140F7A08F6F4} - Browser Customizations
ActiveX:[b]64bit:[/b] {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:[b]64bit:[/b] {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:[b]64bit:[/b] {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:[b]64bit:[/b] {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:[b]64bit:[/b] {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:[b]64bit:[/b] {FF8B50E5-C5AE-C7F8-A01B-55A678971B64} - Themes Setup
ActiveX:[b]64bit:[/b] >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:[b]64bit:[/b] >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:[b]64bit:[/b] >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {1844C3FD-FF31-1B7C-64C8-DD1F6194B625} - Browser Customizations
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2012.04.25 14:27:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Realistic Colors and Real Nights 2.1 - HDR Edition -
[2012.04.25 07:45:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.04.25 07:45:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.04.23 16:01:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2012.04.23 16:01:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2012.04.17 21:03:34 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Local\LogMeIn Hamachi
[2012.04.17 21:02:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012.04.17 21:02:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2012.04.17 20:55:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.04.15 16:46:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BrickForce
[2012.04.15 16:46:31 | 000,000,000 | ---D | C] -- C:\BrickForce
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2012.05.05 14:22:46 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForAndreas.job
[2012.05.05 14:16:11 | 000,031,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.05 14:16:11 | 000,031,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.05 14:06:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.05 14:06:41 | 495,865,855 | -HS- | M] () -- C:\hiberfil.sys
[2012.05.05 14:01:14 | 000,001,029 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kitre0.exe.lnk
[2012.05.05 13:54:32 | 000,002,413 | ---- | M] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2012.05.04 17:50:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.04.25 12:10:20 | 001,613,996 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.04.25 12:10:20 | 000,697,314 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.04.25 12:10:20 | 000,652,592 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.04.25 12:10:20 | 000,148,320 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.04.25 12:10:20 | 000,121,266 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.04.23 16:01:41 | 000,000,877 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2012.04.15 16:46:31 | 000,000,630 | ---- | M] () -- C:\Users\Public\Desktop\BrickForce.lnk
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2012.05.05 14:01:14 | 000,001,029 | ---- | C] () -- C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kitre0.exe.lnk
[2012.04.23 16:01:41 | 000,000,877 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2012.04.15 16:46:31 | 000,000,630 | ---- | C] () -- C:\Users\Public\Desktop\BrickForce.lnk
[2012.02.11 22:51:29 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2012.02.11 22:47:39 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.02.11 22:47:36 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012.02.11 22:47:34 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.02.11 22:47:34 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.02.11 22:47:34 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012.02.11 22:47:32 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012.02.11 22:47:32 | 000,217,536 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012.02.11 22:47:32 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012.01.04 15:32:41 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2011.12.09 18:31:46 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll
[2011.12.09 18:31:46 | 000,002,413 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2011.12.07 21:21:21 | 000,912,192 | ---- | C] () -- C:\Users\Andreas\AppData\Local\census.cache
[2011.12.07 21:21:12 | 000,115,689 | ---- | C] () -- C:\Users\Andreas\AppData\Local\ars.cache
[2011.12.07 21:13:47 | 000,000,036 | ---- | C] () -- C:\Users\Andreas\AppData\Local\housecall.guid.cache
[2011.12.05 23:04:00 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011.12.05 23:03:52 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.10.23 23:35:43 | 000,000,153 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011.10.22 20:14:34 | 000,148,868 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011.09.29 18:33:04 | 000,270,408 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.09.29 18:33:02 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.09.12 19:54:28 | 001,591,890 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.09.04 22:04:22 | 002,463,976 | ---- | C] () -- C:\Windows\SysWow64\NPSWF32.dll
[2011.06.03 02:12:29 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.06.03 01:58:10 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011.04.09 20:49:45 | 000,000,068 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2011.02.22 16:40:34 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
[2010.12.17 04:26:22 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2012.04.22 22:23:40 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\.minecraft
[2012.04.24 21:59:38 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\.purple
[2011.11.17 00:00:43 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Ableton
[2011.11.28 16:01:09 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Amazon
[2011.11.17 13:24:58 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Autodesk
[2012.01.04 15:32:42 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Broken Rules
[2011.12.24 00:32:44 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Crayon Physics Deluxe
[2011.09.02 18:15:18 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\DAEMON Tools Lite
[2012.03.04 15:10:10 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Electronic Arts
[2011.11.18 16:17:20 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\gtk-2.0
[2011.09.02 15:24:30 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\IDT
[2011.12.06 22:30:16 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\LG Electronics
[2011.11.06 22:03:56 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\LolClient
[2012.03.12 00:14:38 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\LOVE
[2011.09.02 18:38:37 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\MotioninJoy
[2011.12.14 17:27:47 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Nicalis
[2011.10.19 18:53:00 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\OpenOffice.org
[2011.11.15 19:20:43 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Propellerhead Software
[2012.03.05 21:46:37 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\PunkBuster
[2011.09.18 23:54:37 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Rainmeter
[2012.02.06 04:31:04 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\redsn0w
[2012.03.28 21:17:05 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\SoftGrid Client
[2011.09.15 17:53:37 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Software4u
[2012.03.13 12:41:11 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Spotify
[2011.09.02 09:58:19 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Synaptics
[2011.09.02 15:46:00 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Thunderbird
[2012.01.17 16:32:49 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Titanium
[2011.09.12 19:55:13 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\TP
[2012.03.09 01:07:45 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Ubisoft
[2011.09.12 16:43:34 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\_MDLogs
[2012.04.17 14:26:42 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Custom Scans ==========[/color]
 
[color=#A23BEC]< %SYSTEMDRIVE%\*. >[/color]
[2011.09.02 09:57:41 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2011.09.02 15:27:17 | 000,000,000 | ---D | M] -- C:\AMD
[2011.10.23 22:50:38 | 000,000,000 | ---D | M] -- C:\Autodesk
[2011.04.10 07:00:35 | 000,000,000 | -HSD | M] -- C:\boot
[2012.04.18 14:53:03 | 000,000,000 | ---D | M] -- C:\BrickForce
[2012.04.01 15:23:33 | 000,000,000 | ---D | M] -- C:\codec-info
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011.09.02 09:55:43 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2012.02.11 22:47:32 | 000,000,000 | ---D | M] -- C:\Drivers
[2011.09.03 21:31:19 | 000,000,000 | ---D | M] -- C:\Fraps
[2012.03.27 21:15:07 | 000,000,000 | ---D | M] -- C:\Games
[2011.09.29 16:30:13 | 000,000,000 | ---D | M] -- C:\Hotspot Shield
[2011.06.03 02:22:49 | 000,000,000 | -H-D | M] -- C:\HP
[2011.06.03 02:01:25 | 000,000,000 | ---D | M] -- C:\Intel
[2012.01.31 00:07:23 | 000,000,000 | ---D | M] -- C:\LGP970
[2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.03.27 21:10:28 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.04.25 07:45:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)
[2012.04.25 07:45:24 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011.09.02 09:55:43 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.09.02 09:54:37 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012.02.05 19:58:06 | 000,000,000 | ---D | M] -- C:\SWSetup
[2012.05.05 14:33:23 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.09.02 09:54:43 | 000,000,000 | -H-D | M] -- C:\SYSTEM.SAV
[2011.09.02 09:55:52 | 000,000,000 | R--D | M] -- C:\Users
[2012.04.23 16:01:41 | 000,000,000 | ---D | M] -- C:\Windows
 
[color=#A23BEC]< %PROGRAMFILES%\*.exe >[/color]
 
[color=#A23BEC]< %LOCALAPPDATA%\*.exe >[/color]
 
[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]
 
[color=#A23BEC]< MD5 for: EXPLORER.EXE  >[/color]
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.21 05:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010.11.21 05:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
 
[color=#A23BEC]< MD5 for: REGEDIT.EXE  >[/color]
[2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
[2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe
[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe
 
[color=#A23BEC]< MD5 for: USERINIT.EXE  >[/color]
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
[color=#A23BEC]< MD5 for: WININIT.EXE  >[/color]
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
[color=#A23BEC]< MD5 for: WINLOGON.EXE  >[/color]
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
 
[color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >[/color]
 
[color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >[/color]

< End of report >

extras.txt :

Code

OTL Extras logfile created on: 05.05.2012 14:31:09 - Run 1
OTL by OldTimer - Version 3.2.42.2     Folder = C:\Users\Andreas\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,95 Gb Total Physical Memory | 3,82 Gb Available Physical Memory | 64,25% Memory free
11,90 Gb Paging File | 9,39 Gb Available in Paging File | 78,95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 683,16 Gb Total Space | 471,54 Gb Free Space | 69,02% Space Free | Partition Type: NTFS
Drive D: | 15,18 Gb Total Space | 1,65 Gb Free Space | 10,90% Space Free | Partition Type: NTFS
 
Computer Name: ANDREAS-HP | User Name: Andreas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[color=#E56717]========== Firewall Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
 
[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2381A61F-B758-4D49-910D-71DFBFF630D0}" = rport=445 | protocol=6 | dir=out | app=system | 
"{2EE1260D-F9B5-43D9-BF82-D63ABA872AA0}" = rport=139 | protocol=6 | dir=out | app=system | 
"{5ECB19F5-8BE2-47FB-A264-A570CF750159}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{77AC1A6E-5C31-41B4-9438-FEFE7642615D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{81B23ABD-BFEE-488B-B6C2-72F25E2F82E1}" = lport=445 | protocol=6 | dir=in | app=system | 
"{8316DBF1-754C-4B38-810D-C2A4F7BB1CF7}" = rport=138 | protocol=17 | dir=out | app=system | 
"{9184F2A6-D983-4D6F-A190-156989D4B817}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9D6A465C-88A9-4F15-ABCD-42AE6A813455}" = lport=137 | protocol=17 | dir=in | app=system | 
"{A79CFA9A-E7DE-4F4E-A289-689D11F41C30}" = lport=139 | protocol=6 | dir=in | app=system | 
"{A809C7A2-DCD5-405C-B400-4ABD95B7875B}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{BFC54CDE-FDFE-455C-AD46-DD5F807E2EE9}" = rport=137 | protocol=17 | dir=out | app=system | 
"{DE5AA0DD-39B2-4EBE-8787-95DE0C2C0363}" = lport=138 | protocol=17 | dir=in | app=system | 
"{E0B5FE78-589C-4BD3-A3A2-62FCD861274A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E8600C7A-DC71-44D3-B10B-9B4767C4B2A0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{ED4A05C1-FBEC-45EC-AF8C-DE92AC93D3FE}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
 
[color=#E56717]========== Vista Active Application Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{098BA793-DD4F-4EB3-84E5-D1D426A6C2EA}" = protocol=6 | dir=in | app=c:\program files (x86)\software4u\iphone explorer\software4u.iphoneexplorer.exe | 
"{0CBFDE0A-A774-417B-BE59-0CA5B62B49D6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{0DD76153-2037-413C-8525-B17D3045380A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{0FCF1B45-9133-49B9-A24C-A3D74A821ACA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\toki tori\tokitori.exe | 
"{109E4317-77EB-48DE-8213-1CC15D21E1BD}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{113CB18B-54CF-437F-B465-033768FBE6F9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\osmos\osmos.exe | 
"{15BDB716-E0A0-4464-BDAD-A5719CE98B2A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\medieval ii total war\launcher.exe | 
"{16D7EF9B-0718-4C5D-99B9-E35CB85E1F5C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hammerfight\hammerfight.exe | 
"{17D3D47B-FF6F-4A58-B70F-A3940CE75D63}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{17EAEB46-F623-49D6-AEFD-73BE0BED466A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\world of goo\worldofgoo.exe | 
"{1C0F90EE-E071-44C2-A5D1-1C2F180141B2}" = protocol=17 | dir=in | app=c:\program files\hewlett-packard\hp eprintandshare\instantprinting\hpeprintandshare.exe | 
"{1D9DA23A-4D1F-4405-98AE-3F8616BC26C3}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3 beta\bf3.exe | 
"{21020143-8975-4478-AEA3-234904A82CCF}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\assassinscreedbrotherhood.exe | 
"{24492A7D-4345-4312-9F8C-2DFCFA6B0683}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bit.trip runner\runner.exe | 
"{25A9E892-D090-48C9-A5F4-4C841CD847CF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe | 
"{275C221B-8578-4E18-A7F5-4BEE9398FF8E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\world of goo\worldofgoo.exe | 
"{2C641A80-A6D0-424D-9C3C-CE5EE82B541E}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbsp.exe | 
"{2C8C00C7-78CF-4778-8704-666012D6588F}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbmp.exe | 
"{2D53D8DB-CB4F-4F40-860B-9A680257EDB4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\osmos\osmos.exe | 
"{2F8943B1-7824-42B8-BF61-C57D9F44E9C2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\osmos\osmos.exe | 
"{313F3F04-6F29-40DB-83E7-7C5A74BE6FAE}" = dir=in | app=c:\program files (x86)\easybits for kids\ezdesktop.exe | 
"{325F610F-0959-48B7-8B11-CB10E2787A37}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\r.u.s.e\ruse.exe | 
"{32D71345-1A2A-4DAA-9EEE-A593A8A5B8A5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{37129FA6-5AFB-4D84-A5EC-6B3985F3D4E7}" = dir=in | app=c:\brickforce\bflauncher.exe | 
"{37422224-2C71-4A6D-BC6D-701A58AFFFE8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\nightsky\nightsky.exe | 
"{3AF03F4B-530D-4643-88F8-6ACF50F7D551}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{3C7B5630-A096-4C9A-BD37-333DFD528D5F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cogs\cogs.exe | 
"{3C9056CF-0FAA-4FA3-98F1-AB6193BC3AB7}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.0\sonarhost.exe | 
"{3CDA52FF-EBC7-4082-9CC5-A8F4BE6887B7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{3FBD9D26-279E-4AA2-8E1C-99DD722DD9F3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deus ex - human revolution\dxhr.exe | 
"{3FEB0CA2-3D6B-45C1-AB5C-8D71445017BF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 test\dota.exe | 
"{43C81B54-A784-4DA6-BCD9-F18DB0569AC8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\edge\edge.exe | 
"{4515EB14-2795-4296-A381-4F0C62C1EEC4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{49B647A1-1626-4207-9466-03E60B94EDEB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{4B148F56-B6E0-45F7-A469-441D2BD30B2A}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{4D64D051-D833-46A0-9AE4-535807556CEA}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{4E6A261E-7DE2-4C25-A93A-39EA86D12478}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe | 
"{4EF8B9DB-B773-47CD-A1B2-D77E5E412267}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe | 
"{51A37A93-3DAE-4D9C-B02C-AEC63B027850}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe | 
"{53294B37-60DB-456A-8898-854AA9635C8B}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{53F24304-CC35-45F7-B502-62B611CB09AB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{54146585-C005-4D09-A5D1-3238E1994DC7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\toki tori\tokitori.exe | 
"{54459DEB-EA80-4AC2-B1BD-DDD0339CD3FA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe | 
"{56E45221-C4FC-4623-B8FC-BBCDA1C202C1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bit.trip runner\runner.exe | 
"{57143D83-40C0-4B16-B8B4-17C3DBAF8223}" = protocol=17 | dir=in | app=c:\program files (x86)\software4u\iphone explorer\software4u.iphoneexplorer.exe | 
"{588EAAC9-728F-40DA-BDB1-72084A7FA6C1}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{5E161E58-9E95-467C-9DB4-3DC1355B5ADB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe | 
"{5E632ACD-56F0-49FB-8DB2-E7B6C5136C39}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\r.u.s.e\ruse.exe | 
"{6300C13B-C373-4E3B-BCCB-F8EA96A80235}" = dir=in | app=c:\brickforce\brickforce.exe | 
"{6348879E-D10D-4E32-940F-0D70BF9FD800}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\assassinscreedbrotherhood.exe | 
"{66620BC0-11E4-43A3-A001-3B6EF99450AE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cogs\cogs.exe | 
"{66C6145D-D500-4D2B-A0F2-FD27DDB82431}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\world of goo\worldofgoo.exe | 
"{6BFEBFA9-38EE-4B90-8B5F-D0E1000A16C3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\osmos\osmos.exe | 
"{6FD2BA75-13AC-4B1A-93A6-32946A72C327}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe | 
"{72242FCB-82DE-4A69-8F79-7EFCBFE906EE}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\uplaybrowser.exe | 
"{77075820-0B2E-4BAC-B73B-93C2A5FA563C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{7910BCCF-0629-4735-93EB-898ABC972E80}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{7AFEAE63-E671-4FF8-B61B-3629ED72A774}" = dir=in | app=c:\windows\system32\ezsharedsvchost.exe | 
"{7B574A91-B467-47DB-869F-F22EB0B2E651}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\shank\bin\shank.exe | 
"{7D468A3B-6A92-4D37-A90F-66DFEB7DE953}" = protocol=17 | dir=in | app=c:\users\andreas\appdata\roaming\spotify\spotify.exe | 
"{7DA84939-2405-40A2-92EF-82720581D5A4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{841CAAEC-9DD5-472A-91C2-7EBAA2CDF5A8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war 2\dow2.exe | 
"{84E12895-A854-4C9A-9D28-43D67A1A5F50}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{87E4EB29-36C3-4A8F-88C8-C4BEADE32C64}" = protocol=6 | dir=in | app=c:\users\andreas\appdata\roaming\spotify\spotify.exe | 
"{8982F64F-90F2-458F-92B6-DCA7C0637AC6}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{8C15B24E-5D89-40F3-BCC2-0D491A62C130}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe | 
"{8E3D33BA-409E-4C71-9FBC-18B2389D778B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\toki tori\tokitori.exe | 
"{905BF991-9C3A-45D2-B1BD-A841490FE75C}" = protocol=6 | dir=in | app=c:\program files\hewlett-packard\hp eprintandshare\instantprinting\hpeprintandshare.exe | 
"{90B91AC7-D714-4807-A645-378A1E6939C4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe | 
"{91254951-6E26-4DC0-8D21-88350AF46500}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{91919A67-6616-4EC7-872A-58C96F799DA5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{91FC7A96-8137-4BEF-ADC6-072A58A96AD2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gratuitous space battles\gsb.exe | 
"{96C72ABE-4CD3-46A5-A377-4D4D56345CB6}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{98C0C770-AA1B-4A32-86F0-F85911D9BC6A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war 2\dow2.exe | 
"{9C75AD90-84F7-463B-993C-4DBCFF978289}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe | 
"{9D892986-BA02-4272-BE25-090698645914}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{A97517D0-F65F-4868-AA15-D7D3499509C4}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.0\sonarhost.exe | 
"{A98AE800-7E13-4E50-BFDC-3026105128AC}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3 beta\bf3.exe | 
"{AB868BBB-7C04-404A-BEA6-0CD70A2F03B0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\medieval ii total war\launcher.exe | 
"{ADB542BA-D268-4572-B217-5A317CA19468}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{B08B7847-41F1-401C-A9F9-6566728D1B17}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\edge\edge.exe | 
"{B398C987-90FB-4011-BC33-F6CC261EC04E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{B40F452E-8422-4268-AA26-F9475808BC7E}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbsp.exe | 
"{B684D451-7D9B-4EE1-B4A5-01F9B6E2A715}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{BACA2A57-9FFA-4A38-9C7C-275B4CD92C0F}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{BC754D51-37B5-475E-AD00-9CFEC789E69A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\shank\bin\shank.exe | 
"{BCB8B387-C426-4A47-8EB6-E37E40A0502B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{BF5E6AC1-DDEE-4704-ADA8-6653D6291420}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{C1B8EC18-7DEE-4266-AE05-3FAFF1317D5A}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{C56CC9EC-D443-41C9-83F6-876D44247292}" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe | 
"{C8A39F3A-B5F8-4C31-995C-531BE6E6E15B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\shank\bin\shank.exe | 
"{C8DBC446-4569-4EF9-AED4-0540E353E324}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{C96B567A-B61B-4533-ACF6-0C0977BC1455}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deus ex - human revolution\dxhr.exe | 
"{CC877767-D95E-4E80-8C08-91838202331E}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{D03F5B58-2C6D-40AD-B65A-AE72640FA52E}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbmp.exe | 
"{D387B3D3-CD94-4D09-83C2-9FB3BB1FA4B8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{D8525938-C9AE-4166-94F0-7C55568E73FF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hammerfight\hammerfight.exe | 
"{DBA5599A-962A-4C52-ADF5-38F173731563}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{DC740194-DD95-4D93-A880-F031B01E06C6}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\uplaybrowser.exe | 
"{DCB2E79F-9DB9-4986-8CA7-53A6566ED3C7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\shank\bin\shank.exe | 
"{DF5D0784-5F6F-4876-B272-E6C61293A108}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe | 
"{E2943FE7-57C6-493D-AFD7-1731783590D5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gratuitous space battles\gsb.exe | 
"{E8D3DAD3-D1D3-432B-9EA1-E278AD4685C5}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{EA135AFB-A8F5-46D5-997D-8FBF725AD992}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crayon physics deluxe\launcher.exe | 
"{EA6A1181-F42B-4C70-9065-8E5699E24CC5}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{EE7ED609-CA01-4CBA-8934-1A4B3F274EB5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crayon physics deluxe\launcher.exe | 
"{EF443B6A-0E6B-494A-B997-EC1771A2255C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{F235280C-000A-4ABE-989B-530C69E041AB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\nightsky\nightsky.exe | 
"{F752983F-9488-41A8-A678-A571D454D040}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 test\dota.exe | 
"{F819C00F-AF14-426F-B6DD-49C6529AFFB6}" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe | 
"{F95ED0C2-4188-43B0-B1AD-3A7C16306B99}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{FAEB3D9E-DE55-40AC-A32E-E87CEC1B4F4C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\toki tori\tokitori.exe | 
"{FB09BF9C-A602-4E9B-876B-FF2CC7809D3A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe | 
"{FB1A26F2-32B2-4EA9-A994-C839D61F9DD0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\world of goo\worldofgoo.exe | 
"{FD65F1CE-8A2E-4CA5-9343-D25DB410BF5E}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{FEC35644-42BF-42C7-AB28-F6766A1AD786}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe | 
"TCP Query User{188CC8B8-8B65-4C85-9EFD-D050F7CE195F}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe | 
"TCP Query User{18C3C5AD-8ADA-4F55-9ADB-762826BA4A29}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{8135ABE6-65AD-434B-BAFD-57FA0BFF27BB}C:\program files (x86)\pidgin\pidgin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pidgin\pidgin.exe | 
"TCP Query User{C35BF636-BD83-42AF-AD66-B5BC91E2513C}C:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe | 
"TCP Query User{E121B269-46A0-4BAC-8C64-9042DCE8BB76}F:\spiele\dead space\dead space.exe" = protocol=6 | dir=in | app=f:\spiele\dead space\dead space.exe | 
"UDP Query User{063F3605-B41F-45A7-99DE-BA573DBBC289}C:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe | 
"UDP Query User{68D94550-13BE-4CF1-8082-5E48FB8DB584}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe | 
"UDP Query User{A69347AE-CBE4-4412-AB01-552A5C6125D2}C:\program files (x86)\pidgin\pidgin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\pidgin\pidgin.exe | 
"UDP Query User{A96992E3-9567-4FDD-BF13-2BEA2AA91670}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{E80F8A3B-E417-403E-8EED-B9999733BF38}F:\spiele\dead space\dead space.exe" = protocol=17 | dir=in | app=f:\spiele\dead space\dead space.exe | 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{054EF02F-95D8-48F4-9EEB-2F9CE3072ED8}" = AuthenTec TrueAPI
"{0D98B285-0777-B3B7-7A3D-9C85422203B9}" = ccc-utility64
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java(TM) 6 Update 24 (64-bit)
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy DS3 driver version 0.6.0004
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{418A8D89-B9AA-B872-5927-3D1A052CEAA8}" = AMD Media Foundation Decoders
"{45CB0703-D49C-31B2-0DBD-FDD98D7DEF7A}" = AMD Drag and Drop Transcoding
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5783F2D7-A001-0407-0102-0060B0CE6BBA}" = AutoCAD 2012 - Deutsch
"{5783F2D7-A001-0407-1102-0060B0CE6BBA}" = AutoCAD 2012 Language Pack - Deutsch
"{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{76785052-9E6A-4403-B06A-929B6BF9D742}" = HP 3D DriveGuard
"{7C54D017-21BB-43AE-9746-33E78AF4A425}" = Validity WBF DDK
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8924F1FE-8AC5-C2AE-59EF-C5D65B226933}" = AMD Catalyst Install Manager
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Überwachungstool für die Intel® Turbo-Boost-Technik 2.0
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E552C39C-C70E-464F-9733-8311331BDD90}" = Autodesk Inventor Fusion Plugin Language Pack for AutoCAD 2012
"{EAB3AC1A-68FF-486B-9C6B-E48EBB4B05CC}" = Autodesk Inventor Fusion Plugin for AutoCAD 2012
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FFF5619F-6669-4EC5-A85E-9994F70A9E5D}" = Autodesk Inventor Fusion 2012
"{FFF7F80F-929E-497F-A112-B070DE816128}" = Autodesk Inventor Fusion 2012 Language Pack
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"AutoCAD 2012 - Deutsch" = AutoCAD 2012 - Deutsch
"AutoCAD 2012 - Deutsch SP1" = AutoCAD 2012 - Deutsch SP1
"Autodesk Inventor Fusion 2012" = Autodesk Inventor Fusion 2012
"Autodesk Inventor Fusion Plugin for AutoCAD 2012" = Autodesk Inventor Fusion plug-in for AutoCAD 2012
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{06870F63-4D1C-171F-9552-368D3890D92F}" = CCC Help French
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{086F9A69-CD39-4893-A9FB-D3A0634CE3F7}" = Autodesk Content Service
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{13AD1AFE-F06F-1C29-2D32-B4F60EBFC000}" = HydraVision
"{14CE04AF-0EBC-B865-382F-1FB466CAC301}" = CCC Help English
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1C34B2AF-0D61-1784-8BC8-219F969BEFD6}" = PX Profile Update
"{1DBC5882-96E2-3A01-A32C-9B6F6EF6CF25}" = CCC Help Korean
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F36B20F-7408-EC75-2825-E9FE81B0339D}" = CCC Help Norwegian
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{210A03F5-B2ED-4947-B27E-516F50CBB292}" = HP Setup
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217002FF}" = Java(TM) 7 Update 2
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}" = LG United Mobile Driver
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{2EF17083-57D4-4D64-AE4F-55F32A2C4571}" = Codecv
"{3031A053-DC97-4D03-9179-BF6F98F63FA2}" = Wunderlist
"{30DAAF05-3679-C10C-953C-BB422FCDF557}" = CCC Help Swedish
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3C5AB11A-2DDB-49E6-9FC0-CFD88A7DDFE4}" = HP Documentation
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{411E0CC3-587A-468C-B461-95FAFD05E4DE}" = Adobe InDesign CS3
"{428536FB-25A0-8531-75EF-D7A7C340B0A4}" = Catalyst Control Center
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{485ACF57-F364-440A-8496-E1E81C8FA1AA}" = Adobe Premiere Pro CS3 Third Party Content
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BA6B7C9-65AE-BE8B-687A-6F1A2D7F9705}" = CCC Help Czech
"{4C8E1E1B-175F-AF47-8B21-E12C7C8B5D40}" = CCC Help Thai
"{4EAF46A2-DB90-6B67-F640-5CC876A2B5C4}" = CCC Help Greek
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3
"{5D5B8455-50E0-F94A-4C82-0F9303BB4C0E}" = CCC Help Danish
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65420DC9-306E-4371-905F-F4DC3B418E52}" = Autodesk Material Library Base Resolution Image Library 2012
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6874282F-37D6-4829-8B6F-D2D4FD818AA5}" = Catalyst Control Center - Branding
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{7765BB73-D985-42C9-C7EE-AB434D59429F}" = CCC Help Chinese Traditional
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{795AADBF-58C2-42D0-B779-E730702A247E}" = HP Connection Manager
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
"{7ADFB885-8E98-6AAE-8687-D6EFB5127F6B}" = Catalyst Control Center Graphics Previews Common
"{7F7C616E-6971-77D9-7D59-82DC35DF81AC}" = CCC Help Russian
"{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1" = iExplorer 2.2.1.3
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{872B1C80-38EC-4A31-A25C-980820593900}" = HP Power Manager
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}" = Autodesk Material Library 2012
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B9B8EE4-2EDB-41C2-AF2E-63E75D37CDDF}" = HP On Screen Display
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FA5B08F-9162-BCCB-AFAC-28DF1751BEC3}" = Catalyst Control Center Localization All
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{AF859F36-5F97-F6EC-A617-62771A8B4FDC}" = CCC Help Finnish
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BB095F3E-0A7D-7DD4-B2A8-47CB12E416B0}" = CCC Help Japanese
"{BC71B06F-BFAE-6A73-091C-F18ACF00A04C}" = CCC Help Italian
"{BCFAA37D-A6DB-43BF-A351-43F183E52D07}" = HP SimplePass 2011
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{BDCBA80C-A3BD-9DA5-E43F-EBBBE779C032}" = CCC Help Hungarian
"{BE4BA698-8533-4F77-9559-C7F3F78C0B05}" = Assassin's Creed Brotherhood
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8D7A672-F697-4572-AC62-C856053A8DBC}" = Adobe Illustrator CS3
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CE4551E8-8D09-4126-A39B-B7DF82C5EB83}" = HP Software Framework
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CEEA6219-8792-3E40-D361-4FB5F0FBBB0F}" = CCC Help Portuguese
"{CF053286-7F4C-CAFB-616B-58EC562BB28E}" = CCC Help Chinese Standard
"{D07BB56A-7DB4-4564-A1F9-EBCE75FBE3C6}" = Catalyst Control Center InstallProxy
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D3689EED-3943-9E90-1D65-D2246EB58AD1}" = CCC Help Turkish
"{D3C605D8-3A5E-4BAD-965D-2C61441BF2AC}" = Adobe Photoshop CS3
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{DA896917-C1DA-45B2-B4D2-68162F16C0DD}" = Adobe Creative Suite 3 Master Collection
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DBA5EE42-A143-A658-9F86-C611BFDBEFCA}" = CCC Help Dutch
"{DBCD5E64-7379-4648-9444-8A6558DCB614}" = Recovery Manager
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DFFCDB41-C2DA-47D6-96FF-03C05C0BEA22}" = resident evil 4
"{DFFDDCF5-CB32-4354-8823-1B9E68025953}" = Adobe Setup
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2494AD8-314D-44F8-B39C-4358A60DC184}" = LogMeIn Hamachi
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E635F3DC-E92B-6E68-A2E7-BF77298E8584}" = PX Profile Update
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E712AD02-A7B0-19E2-1BB0-98A83E5631C4}" = Catalyst Control Center Profiles Mobile
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EAF0F475-CFE2-9F4D-F26A-875FF09AD40E}" = CCC Help Spanish
"{EB0202F7-016A-410C-ADE4-40F848CCC661}" = Adobe After Effects CS3
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB58480C-0721-483C-B354-9D35A147999F}" = HP Quick Launch
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Display Audio Driver
"{F1F1CCD6-34FE-81C6-CE0C-F22695E6409F}" = CCC Help German
"{F71A71E1-285C-95CE-A8F7-231E3827138E}" = CCC Help Polish
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.2.2
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8.1.3 Professional
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_67a7fb1e97aa14ee9ef0950eb6fd757" = Adobe Creative Suite 3 Master Collection hinzufügen oder entfernen
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"ASIO4ALL" = ASIO4ALL
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BrickForce" = BrickForce 1.4.40
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Setup" = DivX-Setup
"ESN Sonar-0.70.0" = ESN Sonar
"FH-Aachen OpenVPN" = FH-Aachen OpenVPN 2.2.0
"Fraps" = Fraps
"Guitar Pro 5_is1" = Guitar Pro 5.1
"HotspotShield" = Hotspot Shield 2.07
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"Live 8.2.6" = Live 8.2.6
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"Mozilla Thunderbird 10.0.2 (x86 de)" = Mozilla Thunderbird 10.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"OpenAL" = OpenAL
"Pidgin" = Pidgin
"PokerStars.net" = PokerStars.net
"PS3 Media Server" = PS3 Media Server
"PunkBusterSvc" = PunkBuster Services
"Rainmeter" = Rainmeter
"Realistic Colors and Real Nights 2.1 - HDR Edition -" = Realistic Colors and Real Nights 2.1 - HDR Edition -
"Steam App 15620" = Warhammer® 40,000™: Dawn of War® II
"Steam App 200900" = Cave Story+
"Steam App 205790" = Dota 2 Test
"Steam App 21970" = R.U.S.E
"Steam App 40800" = Super Meat Boy
"Steam App 42910" = Magicka
"Steam App 500" = Left 4 Dead
"Steam App 520" = Team Fortress 2 Beta
"Steam App 570" = Dota 2
"Steam App 6120" = Shank
"Steam App 72850" = The Elder Scrolls V: Skyrim
"VLC media player" = VLC media player 2.0.1
"vShare.tv plugin" = vShare.tv plugin 1.3
"WinLiveSuite" = Windows Live Essentials
 
[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"EA SPORTS Game Face Browser Plugin" = EA SPORTS Game Face Browser Plugin 1.5.3.0
"Minecontrol for Minecraft" = Minecontrol for Minecraft
"Spotify" = Spotify
"UnityWebPlayer" = Unity Web Player
 
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >

Ich hoffe ihr könnt damit was anfangen. Schonmal danke im Voraus!

#2 Herzlich Willkommen auf dem Protecus Forum

Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
• Bitte arbeite alle Schritte der Reihe nach ab.
• Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
• Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
• Bitte kein Crossposting (posten in mehreren Foren).
• Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
• Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
• Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

Schritt 1

Downloade Dir bitte Malwarebytes
• Installiere das Programm in den vorgegebenen Pfad.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
• Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
• Wenn das Update beendet wurde, aktiviere Quick-Scan durchführen und drücke auf Scannen.
• Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
• Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
• Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
• Nachträglich kannst du den Bericht unter "Log Dateien" finden.


Schritt 2

Dowloade Dir bitte TDSS Killer.exe und speichere die Datei am Desktop.
• Schließe alle laufenden Programme.
• Trenne dich von Internet.
• Deaktiviere deine AntiViren Software.
• Starte TDSSkiller.exe mit Doppelklick.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
• Drücke auf Start scan.
Mache während dem Scan nichts am Rechner

• Sollte das Tool keine Funde aufweisen, klicke Close um es zu schließen.
• Wurde etwas gefunden werden die Funde in Scan results - Select action for found objects angezeigt und geben 3 Auswahlmöglichkeiten.
Gehe sicher das Cure ( default ) angehackt ist ! Drücke Continue --> Reboot.

• Die Logfile ist nach dem Neustart auf deinem Systemlaufwerk ( meist C: ) unter TDSSKiller_version_date_time_log.txt zu finden.
• Bitte poste mir den Inhalt hier in deinen Thread.

Bebilderte Anleitung zur Benutzung von TDSSKiller.