Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Was habe ich mir da eingefangen?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 29.06.2012, 11:01   #1
olli_
 
Was habe ich mir da eingefangen? - Standard

Was habe ich mir da eingefangen?



Danke für dieses Forum und die Beteiligung:

Hier ein OTL.Txt
Und die Extras.Txt


Danke
Olli





OTL logfile created on: 29.06.2012 11:34:30 - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = Y:\downloads
64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,86 Gb Total Physical Memory | 2,01 Gb Available Physical Memory | 52,00% Memory free
7,72 Gb Paging File | 5,74 Gb Available in Paging File | 74,37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48,73 Gb Total Space | 6,07 Gb Free Space | 12,46% Space Free | Partition Type: NTFS
Drive N: | 1848,39 Gb Total Space | 1235,95 Gb Free Space | 66,87% Space Free | Partition Type: NTFS
Drive O: | 1848,39 Gb Total Space | 1235,95 Gb Free Space | 66,87% Space Free | Partition Type: NTFS
Drive S: | 1848,39 Gb Total Space | 1235,95 Gb Free Space | 66,87% Space Free | Partition Type: NTFS
Drive Y: | 249,26 Gb Total Space | 51,74 Gb Free Space | 20,76% Space Free | Partition Type: NTFS
Drive Z: | 48,73 Gb Total Space | 6,07 Gb Free Space | 12,46% Space Free | Partition Type: CSC-CACHE

Computer Name: myPCName| User Name: myName | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.06.29 11:34:04 | 000,596,992 | ---- | M] (OldTimer Tools) -- Y:\Downloads\OTL (1).exe
PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\myName\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.02.01 15:51:19 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.02.01 15:51:18 | 000,428,200 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2012.02.01 15:51:18 | 000,340,136 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
PRC - [2012.02.01 15:51:18 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.12.01 15:53:44 | 001,083,137 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\Avira Security Management Center Agent\agent.exe
PRC - [2011.11.07 09:17:56 | 000,857,600 | ---- | M] (WebGear Ltd, New Zealand + Create Software + Stru.be + saller.NET) -- Y:\prg\GO Contact Sync\GOContactSync.exe
PRC - [2010.12.03 10:45:58 | 000,365,704 | ---- | M] (NovaStor) -- C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\nsService.exe
PRC - [2010.11.03 13:00:37 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.10.28 11:11:36 | 000,251,256 | R--- | M] (BUFFALO INC.) -- C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe
PRC - [2010.01.22 23:23:00 | 000,395,824 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2010.01.22 23:22:04 | 000,129,584 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\vmware\vmware-tray.exe
PRC - [2010.01.22 23:21:58 | 000,334,384 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2010.01.22 23:21:44 | 000,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\vmware\vmware-authd.exe
PRC - [2010.01.22 22:00:48 | 000,563,760 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2010.01.20 17:49:04 | 000,308,640 | ---- | M] (Panasonic Corporation) -- C:\Program Files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe
PRC - [2010.01.18 16:41:50 | 000,063,928 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
PRC - [2009.12.21 19:49:44 | 000,069,568 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2009.12.18 19:03:12 | 000,331,512 | ---- | M] (QUALCOMM, Inc.) -- C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kLenovo.exe
PRC - [2009.12.12 01:48:34 | 000,104,696 | ---- | M] () -- C:\Program Files (x86)\OpenVPN\bin\openvpn-gui-1.0.3.exe
PRC - [2009.11.24 14:51:18 | 000,176,056 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2009.11.09 14:48:34 | 000,054,632 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\LENOVO\HOTKEY\CAMMUTE.exe
PRC - [2009.10.01 17:14:30 | 000,144,752 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Zoom\TpScrex.exe
PRC - [2009.07.20 05:00:00 | 000,077,824 | ---- | M] () -- Y:\prg\Logitech\SetPoint\x86\SetPoint32.exe
PRC - [2009.05.15 12:37:00 | 000,206,128 | R--- | M] (BUFFALO INC.) -- C:\Program Files (x86)\BUFFALO\NASNAVI\nassche.exe
PRC - [2009.03.05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- Y:\prg\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2005.02.17 18:39:56 | 000,070,920 | ---- | M] (Micro Eye, Inc.) -- y:\prg\SpeedFiler\AddInMon.exe


========== Modules (No Company Name) ==========

MOD - [2012.06.14 06:19:45 | 012,079,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web\0fd7cd0503cdde3598c52680e7b1d36f\System.Web.ni.dll
MOD - [2012.06.14 06:19:17 | 000,708,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\a4eededc9f387dcf28a46a0a9ba4f8e8\Microsoft.VisualStudio.Tools.Office.Runtime.ni.dl l
MOD - [2012.06.14 06:18:35 | 000,312,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Office.To#\58a88bea16ee9a238264175e964535f2\Microsoft.Office.Tools.Outlook.Implementation.ni. dll
MOD - [2012.06.14 06:18:34 | 000,152,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Office.To#\2babd1e90c77c752c29731ac15df85d6\Microsoft.Office.Tools.Outlook.ni.dll
MOD - [2012.06.14 06:18:33 | 000,864,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Office.To#\e4dd83a34db1c7d0f4b3c79f02e52ee4\Microsoft.Office.Tools.Common.Implementation.ni.d ll
MOD - [2012.06.14 06:18:32 | 000,336,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Office.To#\879d2f2c48ac25c13e9ef20ba33fc47d\Microsoft.Office.Tools.Common.ni.dll
MOD - [2012.06.14 06:18:17 | 001,880,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\e642f8e9415d53aa2bc08fc3af938236\System.Deployment.ni.dll
MOD - [2012.06.14 06:05:29 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012.06.14 06:05:25 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012.06.13 23:31:34 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\c06946b464ae8dd22151e0a6f310c976\System.Windows.Forms.ni.dll
MOD - [2012.06.13 23:31:27 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\29e48cb144e24a7b4335d1360cc06642\System.Drawing.ni.dll
MOD - [2012.05.11 10:31:51 | 001,925,632 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\9d1558dc7461282dca5d16909b245476\System.Web.Services.ni.dll
MOD - [2012.05.11 10:24:18 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\8f0cf05d2b1e46a772312143227cb6ed\System.Xml.Linq.ni.dll
MOD - [2012.05.11 10:23:49 | 000,738,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\ce16b70193871e2b88d1ea784e5d57c0\Microsoft.VisualStudio.Tools.Applications.ServerD ocument.ni.dll
MOD - [2012.05.11 10:23:49 | 000,364,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\878fd78d38f29bafbe239b7bf45bf6d9\Microsoft.VisualStudio.Tools.Applications.Hosting .ni.dll
MOD - [2012.05.11 10:23:49 | 000,135,680 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\33fb305b8e4f61e1cd1a13584e91dce2\Microsoft.VisualStudio.Tools.Applications.Runtime .ni.dll
MOD - [2012.05.11 10:22:57 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Office.To#\14d064f179f910a8ce4df6004934aabc\Microsoft.Office.Tools.v4.0.Framework.ni.dll
MOD - [2012.05.11 10:22:54 | 000,021,504 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Office.To#\aa25ff5580e60cd15a13e83980d35583\Microsoft.Office.Tools.ni.dll
MOD - [2012.05.11 07:54:55 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.05.11 07:54:51 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.05.11 07:54:50 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.05.11 07:54:34 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012.05.10 17:35:00 | 001,616,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.CSharp\4bacbc23cd4c0841cf4c18399b30b63c\Microsoft.CSharp.ni.dll
MOD - [2012.05.10 17:34:59 | 006,815,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\67065dc691dbf9574b3c8e5ac6ec5246\System.Data.ni.dll
MOD - [2012.05.10 17:34:54 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\3e4f9b3b78f0f13b7469a14e69d756ef\System.Core.ni.dll
MOD - [2012.05.10 17:34:54 | 000,377,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Dynamic\559594e862b578f3040446d7d4498cb7\System.Dynamic.ni.dll
MOD - [2012.05.10 17:34:50 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bd2433e160ce2f19acc8ebe10babae8d\System.Xml.ni.dll
MOD - [2012.05.10 17:34:48 | 000,736,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Security\4278bedb3086448c94c1e7f563325052\System.Security.ni.dll
MOD - [2012.05.10 17:34:47 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\6711765f90c0082ec393943b924ed277\System.Configuration.ni.dll
MOD - [2012.05.10 17:34:46 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\9cf67ed1b743fbc3dd6b78fbc0595236\System.ni.dll
MOD - [2012.05.10 17:34:42 | 014,413,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\1bdf7de454340e0ea9fc455aeaec49d9\mscorlib.ni.dll
MOD - [2011.12.27 18:11:00 | 000,094,208 | ---- | M] () -- y:\prg\PhoneSuite_CTI_Client\ml_res.dll
MOD - [2011.09.30 17:12:40 | 000,412,728 | ---- | M] () -- C:\Users\myName\AppData\Local\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll
MOD - [2011.09.30 17:12:39 | 003,696,184 | ---- | M] () -- C:\Users\myName\AppData\Local\Google\Chrome\Application\14.0.835.202\pdf.dll
MOD - [2011.09.30 17:11:13 | 000,142,568 | ---- | M] () -- C:\Users\myName\AppData\Local\Google\Chrome\Application\14.0.835.202\avutil-51.dll
MOD - [2011.09.30 17:11:12 | 000,253,320 | ---- | M] () -- C:\Users\myName\AppData\Local\Google\Chrome\Application\14.0.835.202\avformat-53.dll
MOD - [2011.09.30 17:11:10 | 002,403,240 | ---- | M] () -- C:\Users\myName\AppData\Local\Google\Chrome\Application\14.0.835.202\avcodec-53.dll
MOD - [2011.07.01 17:02:46 | 000,972,664 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.Office.Interop.Outlook\14.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Outlook.dll
MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.03.25 14:19:52 | 000,277,504 | ---- | M] () -- Y:\prg\SugarCRM\SugarOutlook\SQLite.dll
MOD - [2011.03.17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010.12.21 02:15:30 | 001,041,248 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.02.21 18:33:46 | 000,094,208 | ---- | M] () -- y:\prg\FileZilla FTP Client\fzshellext.dll
MOD - [2009.12.12 01:48:34 | 001,206,784 | ---- | M] () -- C:\Program Files (x86)\OpenVPN\bin\libeay32.dll
MOD - [2009.12.12 01:48:34 | 000,104,696 | ---- | M] () -- C:\Program Files (x86)\OpenVPN\bin\openvpn-gui-1.0.3.exe
MOD - [2009.07.20 05:00:00 | 000,077,824 | ---- | M] () -- Y:\prg\Logitech\SetPoint\x86\SetPoint32.exe
MOD - [2009.02.26 19:18:08 | 000,099,160 | ---- | M] () -- Y:\prg\Microsoft Office\Office12\cpaoaddin.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012.02.02 18:14:36 | 000,336,248 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files\FRITZ!Fernzugang\avmike.exe -- (avmike)
SRV:64bit: - [2011.10.31 18:39:56 | 000,189,304 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe -- (nwtsrv)
SRV:64bit: - [2011.10.31 18:39:42 | 000,143,736 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files\FRITZ!Fernzugang\certsrv.exe -- (certsrv)
SRV:64bit: - [2010.01.18 16:41:50 | 000,063,928 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV:64bit: - [2009.11.17 19:06:02 | 000,044,984 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe -- (LENOVO.MICMUTE)
SRV:64bit: - [2009.11.09 14:48:34 | 000,054,632 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\LENOVO\HOTKEY\CAMMUTE.exe -- (LENOVO.CAMMUTE)
SRV:64bit: - [2009.07.20 13:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2007.06.01 03:02:16 | 000,043,568 | ---- | M] (Lenovo) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)
SRV - [2012.06.29 09:40:40 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.06.19 14:48:23 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.02.01 15:51:19 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.02.01 15:51:18 | 000,428,200 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012.02.01 15:51:18 | 000,340,136 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2012.02.01 15:51:18 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.12.01 15:53:44 | 001,083,137 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\Avira Security Management Center Agent\agent.exe -- (AntiVir Security Management Center Agent)
SRV - [2011.08.30 18:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- y:\prg\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010.12.03 10:45:58 | 000,365,704 | ---- | M] (NovaStor) [Auto | Running] -- C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\nsService.exe -- (nsService)
SRV - [2010.11.14 14:27:28 | 000,179,200 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\ManagementServer.Agent.Service.exe -- (Backup Client Agent Service)
SRV - [2010.10.28 11:11:36 | 000,251,256 | R--- | M] (BUFFALO INC.) [Auto | Running] -- C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe -- (NasPmService)
SRV - [2010.05.14 16:14:32 | 000,161,144 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist Express Customer\223\g2ax_service.exe -- (GoToAssist Express Customer)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.22 23:23:00 | 000,395,824 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2010.01.22 23:21:58 | 000,334,384 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2010.01.22 23:21:44 | 000,113,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\vmware\vmware-authd.exe -- (VMAuthdService)
SRV - [2010.01.22 22:00:48 | 000,563,760 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2009.12.18 19:03:12 | 000,331,512 | ---- | M] (QUALCOMM, Inc.) [Auto | Running] -- C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kLenovo.exe -- (QDLService2kLenovo) Qualcomm Gobi 2000 Download Service (Lenovo)
SRV - [2009.12.12 01:47:44 | 000,036,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2009.10.12 15:32:24 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\vmware\vmware-ufad.exe -- (ufad-ws60)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.06.15 13:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\bgsvcgen.exe -- (bgsvcgen)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.02.01 15:51:19 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.02.01 15:51:19 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.10.22 13:48:07 | 000,230,864 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2011.07.05 21:44:42 | 000,412,024 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avmnwim.sys -- (NWIM)
DRV:64bit: - [2011.05.10 08:06:14 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.08.11 15:39:24 | 000,034,880 | ---- | M] (Connectify) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\connctfy.sys -- (connctfyMP)
DRV:64bit: - [2010.08.11 15:39:24 | 000,034,880 | ---- | M] (Connectify) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\connctfy.sys -- (connctfy)
DRV:64bit: - [2010.07.06 20:52:52 | 000,168,544 | ---- | M] (SysProgs.org) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\BazisVirtualCDBus.sys -- (BazisVirtualCDBus)
DRV:64bit: - [2010.06.22 04:37:38 | 000,131,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010.06.10 08:04:50 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.02.26 16:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010.02.12 21:30:26 | 000,145,360 | ---- | M] (Sun Microsystems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2010.01.22 23:24:32 | 000,068,656 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2010.01.22 23:24:28 | 000,029,744 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd2)
DRV:64bit: - [2010.01.22 23:24:26 | 000,080,944 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2010.01.22 23:24:26 | 000,030,256 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2010.01.22 22:00:44 | 000,038,960 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2010.01.22 18:13:00 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb)
DRV:64bit: - [2010.01.22 18:12:58 | 000,045,104 | R--- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2010.01.22 18:12:58 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2010.01.20 14:14:06 | 000,682,040 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009.12.18 17:40:24 | 000,240,640 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\qcusbnetlno2k.sys -- (qcusbnetlno2k) Gobi 2000 USB-NDIS miniport(05C6-9205)
DRV:64bit: - [2009.12.18 17:40:22 | 000,121,216 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\qcusbserlno2k.sys -- (qcusbserlno2k) Gobi 2000 USB Device for Legacy Serial Communication(05C6-9205)
DRV:64bit: - [2009.12.18 17:40:22 | 000,006,400 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\qcfilterlno2k.sys -- (qcfilterlno2k) Gobi 2000 USB Composite Device Filter Driver(05C6-9205)
DRV:64bit: - [2009.12.18 00:25:17 | 000,034,472 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2009.12.14 18:09:08 | 000,163,072 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\5U877.sys -- (5U877)
DRV:64bit: - [2009.12.12 01:48:04 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2009.12.10 10:37:56 | 000,294,064 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress) Intel(R)
DRV:64bit: - [2009.12.03 18:45:22 | 000,300,080 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.10.26 15:52:00 | 000,061,952 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspe64.sys -- (rimspci)
DRV:64bit: - [2009.10.22 09:10:30 | 000,069,320 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2009.10.22 09:09:12 | 000,084,808 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
DRV:64bit: - [2009.09.17 13:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009.09.15 12:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R)
DRV:64bit: - [2009.08.09 23:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.07.14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.07.14 01:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009.06.17 18:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009.06.17 18:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009.06.17 18:54:14 | 000,013,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
DRV:64bit: - [2009.06.17 18:54:06 | 000,074,256 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2009.06.10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009.06.10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009.06.10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008.05.12 19:04:24 | 000,015,400 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi)
DRV:64bit: - [2008.02.21 03:10:36 | 000,196,992 | ---- | M] (Omnivision Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ov550ivx.sys -- (OV550I)
DRV:64bit: - [2007.06.01 03:01:52 | 000,026,928 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV:64bit: - [2006.08.25 15:36:52 | 000,039,208 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cdrbsdrv.sys -- (cdrbsdrv)
DRV - [2009.10.12 15:31:04 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\vmware\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2854375698-3784374130-2371189389-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-2854375698-3784374130-2371189389-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2854375698-3784374130-2371189389-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2854375698-3784374130-2371189389-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 16 0A 2B BD 7E 4E CB 01 [binary data]
IE - HKU\S-1-5-21-2854375698-3784374130-2371189389-1000\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
IE - HKU\S-1-5-21-2854375698-3784374130-2371189389-1000\..\SearchScopes,DefaultScope = {E7D5A77F-3742-43AB-B506-1C328142AB57}
IE - HKU\S-1-5-21-2854375698-3784374130-2371189389-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2854375698-3784374130-2371189389-1000\..\SearchScopes\{6B7D5A67-CA6F-4505-98E2-2E8118C10CD2}: "URL" = hxxp://go.web.de/suchbox/ebay?query={searchTerms}
IE - HKU\S-1-5-21-2854375698-3784374130-2371189389-1000\..\SearchScopes\{7943EFEA-FE26-45B2-B12E-23E715EF85F6}: "URL" = hxxp://go.web.de/suchbox/google?q={searchTerms}
IE - HKU\S-1-5-21-2854375698-3784374130-2371189389-1000\..\SearchScopes\{E2750994-1EA2-497A-82BE-4437E022ADEA}: "URL" = hxxp://go.1und1.de/suchbox/amazon?tag=1und1icon-21&field-keywords={searchTerms}
IE - HKU\S-1-5-21-2854375698-3784374130-2371189389-1000\..\SearchScopes\{E7D5A77F-3742-43AB-B506-1C328142AB57}: "URL" = hxxp://go.1und1.de/suchbox/1und1suche?su={searchTerms}
IE - HKU\S-1-5-21-2854375698-3784374130-2371189389-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2854375698-3784374130-2371189389-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://www.startpage.com/"
FF - prefs.js..extensions.enabledItems: {71328583-3CA7-4809-B4BA-570A85818FBB}:0.6.3
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.2.3
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: IncredibleBookmarks@visibotech.com:0.7.3
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.3.42
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: artur.dubovoy@gmail.com:2.0.26
FF - prefs.js..extensions.enabledItems: netviewero2o@netviewero2o:1.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: Y:\prg\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@fluxdvd.com/NPWMDRMWrapper: C:\Program Files (x86)\Videoload Manager\NPWMDRMWrapper.dll ( )
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPMPDRM: C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.5: y:\prg\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\myName\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\myName\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010.10.28 22:19:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: Y:\prg\Mozilla Firefox\components [2012.06.19 14:48:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: Y:\prg\Mozilla Firefox\plugins [2012.06.28 00:03:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.10\extensions\\Components: y:\prg\SeaMonkey\components [2012.06.09 10:45:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.10\extensions\\Plugins: y:\prg\SeaMonkey\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010.10.28 22:19:35 | 000,000,000 | ---D | M]

[2010.03.01 17:39:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\myName\AppData\Roaming\mozilla\Extensions
[2012.06.29 09:59:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\myName\AppData\Roaming\mozilla\Firefox\Profiles\f81ynegu.default\extensions
[2012.06.11 07:57:51 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Users\myName\AppData\Roaming\mozilla\Firefox\Profiles\f81ynegu.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2010.03.19 09:24:30 | 000,000,000 | ---D | M] (CacheViewer) -- C:\Users\myName\AppData\Roaming\mozilla\Firefox\Profiles\f81ynegu.default\extensions\{71328583-3CA7-4809-B4BA-570A85818FBB}
[2010.10.27 08:58:53 | 000,000,000 | ---D | M] (Incredible Bookmarks) -- C:\Users\myName\AppData\Roaming\mozilla\Firefox\Profiles\f81ynegu.default\extensions\IncredibleBookmarks@visibotech.com
[2012.06.29 09:59:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\myName\AppData\Roaming\mozilla\Firefox\Profiles\f81ynegu.default\extensions\staged
[2012.06.22 17:35:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\myName\AppData\Roaming\mozilla\SeaMonkey\Profiles\qke3iag9.default\extensions
[2012.06.22 17:35:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\myName\AppData\Roaming\mozilla\SeaMonkey\Profiles\qke3iag9.default\extensions\staged
[2012.06.25 15:35:47 | 000,081,156 | ---- | M] () (No name found) -- C:\USERS\myName\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F81YNEGU.DEFAULT\EXTENSIONS\{6D96BB5E-1175-4EBF-8AB5-5F56F1C79F65}.XPI
[2012.06.13 11:37:36 | 000,525,301 | ---- | M] () (No name found) -- C:\USERS\myName\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F81YNEGU.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
[2012.02.21 15:49:40 | 000,015,392 | ---- | M] () (No name found) -- C:\USERS\myName\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F81YNEGU.DEFAULT\EXTENSIONS\{966762EB-7132-4081-AC70-20D20161AD96}.XPI
[2012.04.16 11:11:26 | 000,340,198 | ---- | M] () (No name found) -- C:\USERS\myName\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F81YNEGU.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI
[2012.01.06 15:04:44 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\myName\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F81YNEGU.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011.10.29 10:51:27 | 000,434,392 | ---- | M] () (No name found) -- C:\USERS\myName\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F81YNEGU.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
[2012.06.12 09:25:19 | 000,185,600 | ---- | M] () (No name found) -- C:\USERS\myName\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F81YNEGU.DEFAULT\EXTENSIONS\ARTUR.DUBOVOY@GMAIL.COM.XPI

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFiel dTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\myName\AppData\Local\Google\Chrome\Application\14.0.835.202\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60129.0\npctrl.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = Y:\prg\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = Y:\prg\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\myName\AppData\Local\Google\Chrome\Application\14.0.835.202\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Users\myName\AppData\Local\Google\Chrome\Application\14.0.835.202\gears.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = Y:\prg\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
CHR - plugin: fluxDVD Browser Plugin (Enabled) = C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.2.183.29\npGoogleOneClick8.dll
CHR - plugin: fluxDVD Placeholder Plugin (Enabled) = C:\Program Files (x86)\Videoload Manager\NPWMDRMWrapper.dll
CHR - plugin: iTunes Application Detector (Enabled) = Y:\prg\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = y:\prg\VideoLAN\VLC\npvlc.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Users\myName\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: Google Analytics Opt-out Add-on (by Google) = C:\Users\myName\AppData\Local\Google\Chrome\User Data\Default\Extensions\fllaojicojecljbmefodhfapmkghcbnh\0.9.0_0\
CHR - Extension: Poppit = C:\Users\myName\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

O1 HOSTS File: ([2012.06.28 06:09:48 | 000,442,922 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 www.123fporn.info
O1 - Hosts: 15215 more lines...
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - y:\prg\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Deaktivierungs-Add-on für Browser von Google Analytics) - {75EF13CE-B59E-41ba-8A5A-A944031BD8B4} - C:\Program Files (x86)\Google\Google Analytics Opt-Out\gaoptout.dll (Google, Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKU\S-1-5-21-2854375698-3784374130-2371189389-1000\..\Toolbar\WebBrowser: (no name) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No CLSID value found.
O3 - HKU\S-1-5-21-2854375698-3784374130-2371189389-1000\..\Toolbar\WebBrowser: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [SpywareTerminatorShield] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe File not found
O4:64bit: - HKLM..\Run: [SpywareTerminatorUpdater] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe File not found
O4:64bit: - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [vmware-tray] C:\Program Files (x86)\vmware\vmware-tray.exe (VMware, Inc.)
O4 - HKU\S-1-5-21-2854375698-3784374130-2371189389-1000..\Run: [GoogleContactSync] Y:\prg\GO Contact Sync\GOContactSync.exe (WebGear Ltd, New Zealand + Create Software + Stru.be + saller.NET)
O4 - HKU\S-1-5-21-2854375698-3784374130-2371189389-1000..\Run: [SpybotSD TeaTimer] y:\prg\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\myName\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2012.04.23 17:09:01 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\myName\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\myName\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\myName\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NAS Scheduler.lnk = C:\Program Files (x86)\BUFFALO\NASNAVI\nassche.exe (BUFFALO INC.)
O4 - Startup: C:\Users\myName\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenVPN GUI.lnk = C:\Program Files (x86)\OpenVPN\bin\openvpn-gui-1.0.3.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-2854375698-3784374130-2371189389-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://Y:\prg\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Open with XmlPad - Y:\prg\WMHelp XmlPad\WmhASPP.dll (WMHelp Software)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://Y:\prg\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Open with XmlPad - Y:\prg\WMHelp XmlPad\WmhASPP.dll (WMHelp Software)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - Y:\prg\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - y:\prg\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira GmbH)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira GmbH)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira GmbH)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000014 - C:\Program Files (x86)\vmware\x64\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Program Files (x86)\vmware\x64\vsocklib.dll (VMware, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files (x86)\vmware\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\vmware\vsocklib.dll (VMware, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2854375698-3784374130-2371189389-1000\..Trusted Domains: cleverreach.com ([novastor] http in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-2854375698-3784374130-2371189389-1000\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKU\S-1-5-21-2854375698-3784374130-2371189389-1000\..Trusted Domains: google-analytics.com ([]http in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-2854375698-3784374130-2371189389-1000\..Trusted Domains: novastor.com ([]http in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-2854375698-3784374130-2371189389-1000\..Trusted Domains: novastor.com ([]https in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-2854375698-3784374130-2371189389-1000\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {00191E4B-49C2-48E2-A548-8F702D75622A} https://strtc.oracle.com/imtapp/res/jar/cnsload.cab (Reg Error: Key error.)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab (DLM Control)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab (DLC Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5620FB50-84B1-4E75-BDF5-E524F6F52475}: DhcpNameServer = 192.168.242.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59559E20-243E-4F64-96DF-88DE86944D9E}: DhcpNameServer = 10.129.32.1 10.111.81.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6819F6FE-25D7-4314-93CD-044A5F63494C}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{77ABF940-6D36-4CD8-95E2-D85AE6393E3F}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D1193CDA-4318-4DAB-9092-627F9AB45E75}: NameServer = 10.129.32.1 10.111.81.129
O18:64bit: - Protocol\Handler\fluxhttp - No CLSID value found
O18:64bit: - Protocol\Handler\fluxhttp\0x00000007 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\wmh - No CLSID value found
O18 - Protocol\Handler\fluxhttp {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files (x86)\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax ()
O18 - Protocol\Handler\fluxhttp\0x00000007 {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files (x86)\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax ()
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wmh {A1428E78-2D00-4590-A071-0CC9700A7768} - Y:\prg\WMHelp XmlPad\WmhASPP.dll (WMHelp Software)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\AutorunsDisabled: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{81ea7844-b780-11df-ac19-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{81ea7844-b780-11df-ac19-005056c00008}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{de78e5be-bcf3-11df-b101-de8d43c7e0c5}\Shell - "" = AutoRun
O33 - MountPoints2\{de78e5be-bcf3-11df-b101-de8d43c7e0c5}\Shell\AutoRun\command - "" = E:\SETUP.EXE /AUTORUN
O33 - MountPoints2\{de78e5be-bcf3-11df-b101-de8d43c7e0c5}\Shell\configure\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{de78e5be-bcf3-11df-b101-de8d43c7e0c5}\Shell\install\command - "" = E:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.06.29 11:38:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.29 11:38:27 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.29 11:38:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.06.28 07:11:13 | 000,000,000 | ---D | C] -- C:\Users\myName\AppData\Roaming\Malwarebytes
[2012.06.28 07:11:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.28 06:07:48 | 000,051,496 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys
[2012.06.28 06:04:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012.06.28 06:04:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012.06.28 00:35:15 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012.06.28 00:28:56 | 000,000,000 | ---D | C] -- Y:\data\Documents\Simply Super Software
[2012.06.28 00:03:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.06.21 16:00:06 | 000,000,000 | ---D | C] -- C:\Users\myName\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\openAnalyzer
[2012.06.20 13:47:38 | 000,000,000 | R--D | C] -- Y:\data\Desktop\Seaburg-8590
[2012.06.19 12:51:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraCompare
[2012.06.19 12:50:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IDM Computer Solutions
[2012.06.19 12:50:28 | 000,000,000 | ---D | C] -- C:\ProgramData\IDMComp
[2012.06.19 12:50:22 | 000,000,000 | ---D | C] -- C:\Users\myName\AppData\Roaming\IDMComp
[2012.06.19 10:51:55 | 004,034,048 | ---- | C] (SAP AG) -- C:\Windows\SysNative\librfc32.dll
[2012.06.15 11:30:59 | 000,000,000 | ---D | C] -- C:\Users\myName\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CheckAud Archiv-Viewer
[2012.06.13 19:31:40 | 000,000,000 | ---D | C] -- C:\Users\myName\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CheckAud for Data Analysis
[2012.06.12 10:47:25 | 000,000,000 | ---D | C] -- C:\Users\myName\AppData\Local\Macromedia
[2012.06.11 11:57:36 | 000,000,000 | ---D | C] -- C:\Users\myName\IBS Schreiber GmbH
[2012.06.11 11:57:36 | 000,000,000 | ---D | C] -- C:\Users\myName\AppData\Roaming\IBS Schreiber GmbH
[2012.06.09 10:45:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SeaMonkey
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.06.29 11:38:29 | 000,001,097 | ---- | M] () -- C:\Users\myName\Application Data\Microsoft\Internet Explorer\Quick Launch\ Malwarebytes Anti-Malware .lnk
[2012.06.29 11:38:29 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.29 11:35:39 | 000,015,360 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.29 11:35:39 | 000,015,360 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.29 11:29:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.29 11:27:07 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.29 11:26:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.29 09:56:00 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.28 06:09:48 | 000,442,922 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.06.28 06:07:48 | 000,051,496 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys
[2012.06.28 06:04:37 | 000,000,946 | ---- | M] () -- Y:\data\Desktop\Spybot - Search & Destroy.lnk
[2012.06.28 06:04:37 | 000,000,848 | ---- | M] () -- C:\Users\myName\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012.06.27 16:12:20 | 001,771,252 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.27 16:12:20 | 000,751,378 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.27 16:12:20 | 000,708,210 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.27 16:12:20 | 000,168,832 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.27 16:12:20 | 000,141,944 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.25 15:40:52 | 000,001,304 | ---- | M] () -- C:\Users\myName\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
[2012.06.25 14:32:20 | 000,002,032 | -H-- | M] () -- Y:\data\Documents\Default.rdp
[2012.06.19 12:51:02 | 000,002,030 | ---- | M] () -- C:\Users\myName\Application Data\Microsoft\Internet Explorer\Quick Launch\UltraCompare.lnk
[2012.06.19 12:51:02 | 000,002,006 | ---- | M] () -- C:\Users\Public\Desktop\UltraCompare.lnk
[2012.06.19 12:40:18 | 000,000,757 | ---- | M] () -- C:\Users\myName\_viminfo
[2012.06.15 11:30:59 | 000,001,018 | ---- | M] () -- Y:\data\Desktop\CheckAud Archiv-Viewer.lnk
[2012.06.15 11:22:26 | 000,001,050 | ---- | M] () -- C:\Users\myName\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.06.15 08:04:11 | 000,004,235 | ---- | M] () -- Y:\data\Documents\Application.png
[2012.06.14 06:00:47 | 000,461,328 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.06.13 19:31:40 | 000,000,917 | ---- | M] () -- Y:\data\Desktop\CheckAud for Data Analysis.lnk
[2012.06.13 19:31:40 | 000,000,917 | ---- | M] () -- Y:\data\Desktop\CheckAud for Data Analysis.lnk
[2012.06.13 18:16:26 | 000,000,126 | ---- | M] () -- Y:\data\Desktop\Theme Builder Anomalies- Themes Incompatible with PowerPoint 2010 and 2011 - PowerPoint, Presentations.url
[2012.06.13 14:10:48 | 005,365,186 | ---- | M] () -- Y:\data\Desktop\Theme Creation Guide.pdf
[2012.06.13 11:27:42 | 000,000,442 | ---- | M] () -- Y:\data\Desktop\TODO _ Analysis
[2012.06.09 10:45:14 | 000,000,766 | ---- | M] () -- C:\Users\Public\Desktop\SeaMonkey.lnk
[2012.06.09 10:45:14 | 000,000,766 | ---- | M] () -- C:\Users\myName\Application Data\Microsoft\Internet Explorer\Quick Launch\SeaMonkey.lnk
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.06.29 11:38:29 | 000,001,097 | ---- | C] () -- C:\Users\myName\Application Data\Microsoft\Internet Explorer\Quick Launch\ Malwarebytes Anti-Malware .lnk
[2012.06.29 11:38:29 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.28 06:04:37 | 000,000,946 | ---- | C] () -- Y:\data\Desktop\Spybot - Search & Destroy.lnk
[2012.06.28 06:04:37 | 000,000,848 | ---- | C] () -- C:\Users\myName\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012.06.27 23:58:00 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.25 13:46:46 | 000,001,114 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.25 13:46:44 | 000,001,110 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.21 16:00:06 | 000,000,908 | ---- | C] () -- Y:\data\Desktop\openAnalyzer.lnk
[2012.06.19 12:51:02 | 000,002,030 | ---- | C] () -- C:\Users\myName\Application Data\Microsoft\Internet Explorer\Quick Launch\UltraCompare.lnk
[2012.06.19 12:51:02 | 000,002,006 | ---- | C] () -- C:\Users\Public\Desktop\UltraCompare.lnk
[2012.06.19 12:40:18 | 000,000,757 | ---- | C] () -- C:\Users\myName\_viminfo
[2012.06.15 11:30:59 | 000,001,018 | ---- | C] () -- Y:\data\Desktop\CheckAud Archiv-Viewer.lnk
[2012.06.15 11:28:48 | 000,000,917 | ---- | C] () -- Y:\data\Desktop\CheckAud for Data Analysis.lnk
[2012.06.15 08:04:11 | 000,004,235 | ---- | C] () -- Y:\data\Documents\Application.png
[2012.06.13 19:31:40 | 000,000,917 | ---- | C] () -- Y:\data\Desktop\CheckAud for Data Analysis.lnk
[2012.06.13 18:16:26 | 000,000,126 | ---- | C] () -- Y:\data\Desktop\Theme Builder Anomalies- Themes Incompatible with PowerPoint 2010 and 2011 - PowerPoint, Presentations.url
[2012.06.13 14:10:48 | 005,365,186 | ---- | C] () -- Y:\data\Desktop\Theme Creation Guide.pdf
[2012.06.12 12:52:43 | 000,045,958 | ---- | C] () -- Y:\data\Documents\hps_am_theme_saveFromPP.thmx
[2012.06.12 12:50:50 | 000,016,417 | ---- | C] () -- Y:\data\Documents\hps_oa_theme.thmx
[2012.06.12 12:47:42 | 000,016,417 | ---- | C] () -- Y:\data\Documents\hps_am_theme.thmx
[2012.06.09 10:45:14 | 000,000,766 | ---- | C] () -- C:\Users\Public\Desktop\SeaMonkey.lnk
[2012.06.09 10:45:14 | 000,000,766 | ---- | C] () -- C:\Users\myName\Application Data\Microsoft\Internet Explorer\Quick Launch\SeaMonkey.lnk
[2012.01.05 10:05:29 | 000,000,097 | RHS- | C] () -- C:\ProgramData\1.12.0.lic
[2011.11.05 21:52:17 | 000,036,864 | ---- | C] () -- C:\Windows\unslive.exe
[2011.09.24 18:27:23 | 000,000,017 | ---- | C] () -- C:\Users\myName\AppData\Local\resmon.resmoncfg
[2011.08.26 17:50:40 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.07.12 12:49:54 | 000,004,096 | -H-- | C] () -- C:\Users\myName\AppData\Local\keyfile3.drm
[2011.06.15 13:06:55 | 000,000,232 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011.04.27 11:16:16 | 000,000,030 | ---- | C] () -- C:\Windows\itps.ini
[2010.12.22 18:36:27 | 000,000,092 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2010.11.23 23:36:11 | 000,145,192 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010.10.15 21:15:13 | 000,084,480 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010.08.06 23:17:30 | 000,000,099 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010.05.25 20:41:56 | 000,017,408 | ---- | C] () -- C:\Users\myName\AppData\Local\WebpageIcons.db
[2010.05.10 13:38:08 | 000,038,453 | ---- | C] () -- C:\Users\myName\AppData\Roaming\Microsoft Excel 97-2003.ADR
[2010.04.09 09:27:24 | 000,013,015 | ---- | C] () -- C:\Users\myName\AppData\Roaming\Microsoft Excel 97-2003.CAL
[2010.03.04 00:13:00 | 000,031,232 | ---- | C] () -- C:\Users\myName\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2012.02.28 18:10:20 | 000,000,000 | ---D | M] -- C:\Users\myName\AppData\Roaming\.purple
[2011.05.27 07:54:18 | 000,000,000 | ---D | M] -- C:\Users\myName\AppData\Roaming\1&1
[2010.10.12 07:50:27 | 000,000,000 | ---D | M] -- C:\Users\myName\AppData\Roaming\AllDup
[2010.12.18 15:42:19 | 000,000,000 | ---D | M] -- C:\Users\myName\AppData\Roaming\Amazon
[2011.04.18 07:01:36 | 000,000,000 | ---D | M] -- C:\Users\myName\AppData\Roaming\Audacity
[2012.03.13 22:41:16 | 000,000,000 | ---D | M] -- C:\Users\myName\AppData\Roaming\AVM
[2010.03.02 12:46:53 | 000,000,000 | ---D | M] -- C:\Users\myName\AppData\Roaming\Axialis
[2011.10.29 12:57:14 | 000,000,000 | ---D | M] -- C:\Users\myName\AppData\Roaming\Azureus
[2011.10.29 12:57:14 | 000,000,000 | ---D | M] -- C:\Users\myName\AppData\Roaming\DAEMON Tools Lite
[2011.05.09 13:27:32 | 000,000,000 | ---D | M] -- C:\Users\myName\AppData\Roaming\Dexpot
[2012.06.29 11:30:17 | 000,000,000 | ---D | M] -- C:\Users\myName\AppData\Roaming\Dropbox
[2012.04.11 08:50:36 | 000,000,000 | ---D | M] -- C:\Users\myName\AppData\Roaming\EXIF Date Changer
[2011.04.14 08:33:31 | 000,000,000 | ---D | M] -- C:\Users\myName\AppData\Roaming\FileZilla
[2010.04.09 12:25:42 | 000,000,000 | ---D | M] -- C:\Users\myName\AppData\Roaming\Foxit Software
[2012.05.29 09:10:37 | 000,000,000 | ---D | M] -- C:\Users\myName\AppData\Roaming\GHISLER
[2012.01.21 15:09:41 | 000,000,000 | ---D | M] -- C:\Users\myName\AppData\Roaming\GoContactSyncMOD
[2012.01.10 15:37:52 | 000,000,000 | ---D | M] -- C:\Users\myName\AppData\Roaming\gtk-2.0
[2010.09.01 07:54:00 | 000,000,000 | ---D | M] -- C:\Users\myName\AppData\Roaming\IObit
[2012.05.29 09:10:37 | 000,000,000 | ---D | M] -- C:\Users\myName\AppData\Roaming\IrfanView
[2010.03.05 09:12:38 | 000,000,000 | ---D | M] -- C:\Users\myName\AppData\Roaming\JAM Software
[2010.08.23 10:39:58 | 000,000,000 | ---D | M] -- C:\Users\myName\AppData\Roaming\JGsoft
[2011.11.21 09:13:24 | 000,000,000 | ---D | M] -- C:\Users\myName\AppData\Roaming\Leadertech
[2010.09.16 15:22:52 | 000,000,000 | ---D | M] -- C:\Users\myName\AppData\Roaming\Lutum+Tappert
[2010.03.03 17:20:02 | 000,000,000 | ---D | M] -- C:\Users\myName\AppData\Roaming\MZTools Software
[2011.12.21 19:08:53 | 000,000,000 | ---D | M] -- C:\Users\myName\AppData\Roaming\NASNaviator2
[2010.10.28 22:26:00 | 000,000,000 | ---D | M] -- C:\Users\myName\AppData\Roaming\Nokia
[2012.05.29 09:10:36 | 000,000,000 | ---D | M] -- C:\Users\myName\AppData\Roaming\Notepad++
[2010.07.28 16:27:28 | 000,000,000 | ---D | M] -- C:\Users\myName\AppData\Roaming\Participatory Culture Foundation
[2010.10.28 22:22:36 | 000,000,000 | ---D | M] -- C:\Users\myName\AppData\Roaming\PC Suite
[2012.03.14 10:50:32 | 000,000,000 | ---D | M] -- C:\Users\myName\AppData\Roaming\PCF-VLC
[2010.09.01 07:43:35 | 000,000,000 | ---D | M] -- C:\Users\myName\AppData\Roaming\PersonalBrain
[2011.08.24 08:11:23 | 000,000,000 | ---D | M] -- C:\Users\myName\AppData\Roaming\PLANOUT
[2011.01.02 11:56:59 | 000,000,000 | ---D | M] -- C:\Users\myName\AppData\Roaming\Publish Providers
[2010.10.26 12:40:34 | 000,000,000 | ---D | M] -- C:\Users\myName\AppData\Roaming\Red Gate
[2010.09.03 22:41:03 | 000,000,000 | ---D | M] -- C:\Users\myName\AppData\Roaming\SongBeamer
[2011.02.06 21:58:37 | 000,000,000 | ---D | M] -- C:\Users\myName\AppData\Roaming\Sony
[2011.02.06 22:06:49 | 000,000,000 | ---D | M] -- C:\Users\myName\AppData\Roaming\Sony Creative Software Inc
[2011.12.14 16:21:06 | 000,000,000 | ---D | M] -- C:\Users\myName\AppData\Roaming\SpeedFiler
[2011.04.12 10:00:04 | 000,000,000 | ---D | M] -- C:\Users\myName\AppData\Roaming\SugarCRM
[2010.05.25 14:34:53 | 000,000,000 | ---D | M] -- C:\Users\myName\AppData\Roaming\Swissrisk
[2011.10.26 09:07:42 | 000,000,000 | ---D | M] -- C:\Users\myName\AppData\Roaming\TeamViewer
[2012.06.21 09:38:42 | 000,000,000 | ---D | M] -- C:\Users\myName\AppData\Roaming\TeraCopy
[2011.10.22 13:48:10 | 000,000,000 | ---D | M] -- C:\Users\myName\AppData\Roaming\TrueCrypt
[2010.10.19 10:03:01 | 000,000,000 | ---D | M] -- C:\Users\myName\AppData\Roaming\WMHelp
[2010.03.01 16:11:28 | 000,000,000 | ---D | M] -- C:\Users\myName\AppData\Roaming\Xerox
[2012.05.02 07:52:24 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:CB0AACC9

< End of report >







OTL Extras logfile created on: 29.06.2012 11:34:31 - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = Y:\downloads
64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,86 Gb Total Physical Memory | 2,01 Gb Available Physical Memory | 52,00% Memory free
7,72 Gb Paging File | 5,74 Gb Available in Paging File | 74,37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48,73 Gb Total Space | 6,07 Gb Free Space | 12,46% Space Free | Partition Type: NTFS
Drive N: | 1848,39 Gb Total Space | 1235,95 Gb Free Space | 66,87% Space Free | Partition Type: NTFS
Drive O: | 1848,39 Gb Total Space | 1235,95 Gb Free Space | 66,87% Space Free | Partition Type: NTFS
Drive S: | 1848,39 Gb Total Space | 1235,95 Gb Free Space | 66,87% Space Free | Partition Type: NTFS
Drive Y: | 249,26 Gb Total Space | 51,74 Gb Free Space | 20,76% Space Free | Partition Type: NTFS
Drive Z: | 48,73 Gb Total Space | 6,07 Gb Free Space | 12,46% Space Free | Partition Type: CSC-CACHE

Computer Name: NORDEN | User Name: myUser | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "y:\prg\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mp3tag] -- "y:\prg\Mp3tag\Mp3tag.exe" "/fp:%1" (Florian Heidenreich)
Directory [PlayWithVLC] -- "y:\prg\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "y:\prg\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mp3tag] -- "y:\prg\Mp3tag\Mp3tag.exe" "/fp:%1" (Florian Heidenreich)
Directory [PlayWithVLC] -- "y:\prg\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{102E089B-556E-4C4B-9DCD-1E7C0A4A323B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{27B6ABBE-805B-4D66-BA31-F3943818B2A3}" = rport=139 | protocol=6 | dir=out | app=system |
"{548E7E41-C9EC-4E5F-89B3-2A20795A23D9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6618B9FD-2E6B-4942-B9D5-583ED57A1AE7}" = lport=7030 | protocol=6 | dir=in | name=avira security management center agent (incoming) |
"{903B2C56-31C1-425B-9833-0A55F788EEE1}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{B0B5FC1C-9441-4117-BDD2-6805E9466EE6}" = lport=8081 | protocol=6 | dir=in | name=planout ports |
"{C4D6FF66-0EEB-44F0-9D09-7EB901D9CB94}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01FB46E1-C82C-4293-9F02-703F91242B8B}" = protocol=17 | dir=in | app=y:\prg\hps\planungsmanager\resmgrw.exe |
"{08701768-45A4-412C-8DED-7B4E10F4E04E}" = protocol=17 | dir=in | app=y:\prg\hps\planungsmanager\planoutw.exe |
"{08EEDE8D-86F4-412C-87D5-823E4B3E854E}" = protocol=6 | dir=in | app=c:\program files (x86)\buffalo\nasnavi\nasnavi.exe |
"{0A94CD0C-DC3E-4FF9-83AB-8A4FA4A1DDE3}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{0D4B46F6-62E4-4A1A-9FA3-F8B19A339454}" = protocol=6 | dir=in | app=c:\users\myUser\appdata\roaming\dropbox\bin\dropbox.exe |
"{118A771B-5D13-42F6-B802-C10FF22AEBB5}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\devicesetup.exe |
"{13D8A0DF-2A8D-4D67-94D2-7190AD12B97E}" = protocol=6 | dir=in | app=y:\data\desktop\work\transfer hps\xgen\x-gen_3.5.0.5_prod\x-gen3.5.0.5\bin\windows\tclkit.exe |
"{1ADBF8BF-5CBF-46FE-B5D6-F8D3152AE4CF}" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"{1CF7AE9D-CCCA-45BE-8D95-5968A8A4B363}" = protocol=17 | dir=in | app=y:\prg\netviewer\netviewer_support.exe |
"{20D82F26-A099-4115-93F2-9B6E693BC659}" = protocol=6 | dir=in | app=c:\program files (x86)\avira\avira security management center agent\agent.exe |
"{270DA0D0-39F8-402F-8DAA-06ABA7927EE0}" = protocol=17 | dir=in | app=y:\downloads\netviewer_support(4).exe |
"{2BE85A76-32B7-42C3-BA84-10C3977D187E}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\devicesetup.exe |
"{2BFA7DFF-4A39-4DA5-BFA7-661FEAC008D5}" = protocol=17 | dir=in | app=c:\program files (x86)\vmware\vmware-authd.exe |
"{30FC7810-70B7-45FD-AA34-ADD84A1C5FE1}" = protocol=17 | dir=in | app=c:\program files (x86)\buffalo\nasnavi\nasnavi.exe |
"{392D4492-535E-49B9-9BF3-5BC05F1F7F73}" = protocol=17 | dir=in | app=c:\program files (x86)\totalcmd\totalcmd.exe |
"{3E3E1A2F-89DC-48A7-9080-F6D64D50FD26}" = protocol=6 | dir=in | app=y:\prg\netviewer\netviewer_support.exe |
"{3EEC4AC1-8E13-43AF-81B3-1C8F1D45184F}" = protocol=6 | dir=in | app=y:\prg\hps\planungsmanager\planoutw.exe |
"{3F42C55F-3353-4CC6-8A46-B5A697F8708F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{4C27F916-184A-486E-93E6-795F7FA43E34}" = protocol=6 | dir=in | app=h:\portableapps\portableapps\skypeportable\app\skype\phone\skype.exe |
"{4C7AE787-E46B-4F63-AFA4-48A0614033CD}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{523F5F1F-BC1A-4628-AAA6-E677A1C77EE4}" = protocol=17 | dir=in | app=h:\portableapps\portableapps\skypeportable\app\skype\phone\skype.exe |
"{534931BE-00B3-413E-B00A-41324AA824F6}" = protocol=6 | dir=in | app=f:\portableapps\portableapps\skypeportable\app\skype\phone\skype.exe |
"{5566BA53-94BD-4825-8703-BF8E9C2B0938}" = protocol=6 | dir=in | app=c:\users\myUser\appdata\local\netviewer\netviewer_support.exe |
"{56CF6FA8-96CB-4447-A1EC-8BE09A24C20A}" = protocol=6 | dir=in | app=c:\program files (x86)\totalcmd\totalcmd.exe |
"{5E5F9481-3683-44BD-8C3B-EA95C99B5200}" = dir=in | app=c:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe |
"{5EEC9825-867A-4479-AE29-E51D91798A44}" = protocol=6 | dir=in | app=y:\downloads\netviewer_support(2).exe |
"{60794EBE-7A1A-492A-A5D3-78630196C64D}" = protocol=6 | dir=in | app=y:\prg\netviewer\nv_support_berater_de.exe |
"{64C39FE1-F298-45A9-91E5-A5AADE5A48C0}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{6C0AEC22-F6DB-47C5-91C0-CFEA709506BC}" = protocol=6 | dir=in | app=y:\downloads\netviewer_support.exe |
"{7623E333-6CCA-47CA-A68F-056F7FB8DB1B}" = protocol=17 | dir=in | app=c:\program files (x86)\buffalo\nasnavi\nasnavi.exe |
"{7890A128-4490-495B-8E8F-C842B540A4C4}" = protocol=6 | dir=in | app=y:\prg\teamviewer\version6\teamviewer_service.exe |
"{789A4332-4910-4F66-A234-374D4577A4A6}" = protocol=6 | dir=in | app=y:\downloads\netviewer_support(4).exe |
"{79760BB9-AA7F-4C42-877D-41E3861FDD5E}" = protocol=17 | dir=in | app=y:\downloads\netviewer_support.exe |
"{7C256A16-68A1-4538-984A-0BF4DE850B13}" = protocol=6 | dir=in | app=y:\downloads\netviewer_support(3).exe |
"{7C51FB82-1C8C-4912-9E16-53B505BBE50A}" = protocol=6 | dir=in | app=c:\users\myUser\appdata\local\netviewer\netviewer_support1.exe |
"{81EE7350-7690-45EE-9082-3866D2E898E2}" = protocol=17 | dir=in | app=c:\program files (x86)\avira\avira security management center agent\agent.exe |
"{83EB8E5F-9192-4E2A-B91A-EB32E0E8434F}" = protocol=6 | dir=in | app=y:\prg\mseven software\msecure\msecure.exe |
"{8C7D3E63-856E-429E-A3FE-71FF4B42A09B}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe |
"{9033BEA1-828C-4DA5-86C9-D764FB917541}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{92D12F85-1BDC-44BA-A2F4-49FD966116B6}" = protocol=17 | dir=in | app=y:\downloads\netviewer_support(1).exe |
"{95594378-DDED-486B-8BF5-4F850F40CAA2}" = protocol=17 | dir=in | app=c:\users\myUser\appdata\local\netviewer\netviewer_support.exe |
"{99CF787D-D4FC-40FE-BA8F-55A40CB79311}" = protocol=17 | dir=in | app=y:\prg\teamviewer\version6\teamviewer.exe |
"{9AB42C93-E7B5-4282-96B0-B2402E4911DC}" = protocol=6 | dir=in | app=c:\program files (x86)\buffalo\nasnavi\nasnavi.exe |
"{9B6530EF-3AA6-4414-8BF6-213EC25C7895}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe |
"{9DBA0EEC-D559-4A22-9517-2A591C18E876}" = protocol=17 | dir=in | app=c:\users\myUser\appdata\roaming\dropbox\bin\dropbox.exe |
"{A21113BF-B5A9-4F0F-A8BD-B63215A3B656}" = protocol=6 | dir=in | app=y:\downloads\netviewer_support(1).exe |
"{A2FCF7D3-570B-4D77-A652-27A4F7D9E873}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe |
"{A84CE47F-5A20-4531-AB0A-248D5E6B1C96}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{AD901C93-5B21-4229-A850-F72431CC11C7}" = protocol=17 | dir=in | app=y:\downloads\netviewer_support(2).exe |
"{ADC4EE5B-79AD-4519-92BF-4867E7F52F21}" = protocol=17 | dir=in | app=y:\prg\teamviewer\version6\teamviewer_service.exe |
"{AE64498B-DC95-46C7-ACA1-56C31396CB58}" = protocol=6 | dir=in | app=c:\users\myUser\appdata\roaming\dropbox\bin\dropbox.exe |
"{AF8D7000-6935-4DAB-AC8C-81FDFA87DD0F}" = protocol=17 | dir=in | app=y:\downloads\netviewer_support(3).exe |
"{B50D96D9-E7CB-4485-BDE0-2BAD34567896}" = protocol=17 | dir=in | app=y:\prg\videolan\vlc\vlc.exe |
"{BF5673E3-0759-4CA4-B0D9-909FD8ABE59F}" = protocol=17 | dir=in | app=c:\users\myUser\appdata\local\netviewer\netviewer_support1.exe |
"{C4929E03-A11B-4B93-9CFC-8A452BE1E519}" = protocol=17 | dir=in | app=y:\prg\aoe\empires2.exe |
"{C80D8687-EF69-4BBB-86B3-70DACFDB816B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CA5593B9-E130-43B3-8EE5-6AB704074F6A}" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"{CE1D99CF-028C-48BF-B30F-BF1055681C66}" = protocol=17 | dir=in | app=c:\users\myUser\appdata\roaming\dropbox\bin\dropbox.exe |
"{D3AD9920-C392-4B63-B5FA-0F7CF9A99BF8}" = protocol=17 | dir=in | app=y:\prg\filezilla ftp client\filezilla.exe |
"{D3C3596C-3483-48CE-8232-AF340F32EA72}" = protocol=6 | dir=in | app=c:\program files (x86)\vmware\vmware-authd.exe |
"{D639A8E6-3462-4A44-B1BD-511D9653C051}" = protocol=17 | dir=in | app=y:\prg\netviewer\nv_support_berater_de.exe |
"{D9258EA1-C017-44EA-80C4-FEE9C75600E2}" = protocol=17 | dir=in | app=c:\program files (x86)\vmware\vmware-authd.exe |
"{DC2A9386-4E0A-49E6-8C8E-0E3AF835B8B6}" = protocol=17 | dir=in | app=f:\portableapps\portableapps\skypeportable\app\skype\phone\skype.exe |
"{DCC87AA3-7DD8-4C06-A5EC-4130941F35DE}" = protocol=6 | dir=in | app=y:\prg\aoe\empires2.exe |
"{DF8648A2-1CB4-48E1-845C-55495B0B53C3}" = protocol=6 | dir=in | app=y:\prg\videolan\vlc\vlc.exe |
"{EA5773D5-0BE7-42B6-B9F5-077F6FD86C0F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{EAFD8585-1263-47E1-A1BD-61D74BD08560}" = protocol=17 | dir=in | app=y:\prg\mseven software\msecure\msecure.exe |
"{F10C9539-3E08-4B19-9481-45941249BDC1}" = protocol=17 | dir=in | app=y:\data\desktop\work\transfer hps\xgen\x-gen_3.5.0.5_prod\x-gen3.5.0.5\bin\windows\tclkit.exe |
"{F328FDA7-B9D3-4802-AFAB-5F1C8F181D7D}" = protocol=6 | dir=in | app=y:\prg\filezilla ftp client\filezilla.exe |
"{F49895E4-E16C-4DED-A97B-4F279D0F01F9}" = dir=in | app=y:\prg\itunes\itunes.exe |
"{F82A3638-AA79-48CB-9E95-AB08CEE4950D}" = protocol=6 | dir=in | app=y:\prg\teamviewer\version6\teamviewer.exe |
"{F89C764E-DE7A-4BA4-957F-1E34117DCE77}" = protocol=6 | dir=in | app=y:\prg\hps\planungsmanager\resmgrw.exe |
"{F90D554B-FC1F-4B63-BEAA-9FD9F8C2464E}" = protocol=6 | dir=in | app=c:\program files (x86)\vmware\vmware-authd.exe |
"{FE4B48DF-3E66-4C16-A072-173AB1694A0C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"TCP Query User{01E69705-EAA1-4410-A055-56D7C8D5CA73}Y:\data\desktop\work\transfer hps\xgen\x-gen_3.5.0.5_prod\x-gen3.5.0.5\bin\windows\tclkit.exe" = protocol=6 | dir=in | app=y:\data\desktop\work\transfer hps\xgen\x-gen_3.5.0.5_prod\x-gen3.5.0.5\bin\windows\tclkit.exe |
"TCP Query User{064953DB-7DC8-41BA-B26C-598DB9D47D96}F:\portableapps\portableapps\skypeportable\app\skype\phone\skype.exe" = protocol=6 | dir=in | app=f:\portableapps\portableapps\skypeportable\app\skype\phone\skype.exe |
"TCP Query User{0A477924-471E-40C4-9270-E4308064E828}Y:\prg\hps\planungsmanager\resmgrw.exe" = protocol=6 | dir=in | app=y:\prg\hps\planungsmanager\resmgrw.exe |
"TCP Query User{1D84477C-3359-4F92-BFD3-D2DECA5E425E}Y:\prg\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=y:\prg\videolan\vlc\vlc.exe |
"TCP Query User{21EB13AC-2728-4644-89B3-DA7FB06C7780}Y:\downloads\netviewer_support(3).exe" = protocol=6 | dir=in | app=y:\downloads\netviewer_support(3).exe |
"TCP Query User{33FF4FC3-588B-421A-8124-7919D9C33131}Y:\downloads\netviewer_support.exe" = protocol=6 | dir=in | app=y:\downloads\netviewer_support.exe |
"TCP Query User{3BE3978E-4A52-4941-8F0C-95778C7DA874}Y:\prg\netviewer\netviewer_support.exe" = protocol=6 | dir=in | app=y:\prg\netviewer\netviewer_support.exe |
"TCP Query User{46990C63-8B4B-4C5D-9EE3-44AEE1CD711D}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"TCP Query User{4C3A9BC9-07B0-4299-9E97-DC7F5B172FD5}Y:\prg\filezilla ftp client\filezilla.exe" = protocol=6 | dir=in | app=y:\prg\filezilla ftp client\filezilla.exe |
"TCP Query User{5B373330-059D-4E65-97EE-AD6F39636CBA}H:\portableapps\portableapps\skypeportable\app\skype\phone\skype.exe" = protocol=6 | dir=in | app=h:\portableapps\portableapps\skypeportable\app\skype\phone\skype.exe |
"TCP Query User{7675C748-B84D-412E-B2F7-9C4E22205018}Y:\prg\aoe\empires2.exe" = protocol=6 | dir=in | app=y:\prg\aoe\empires2.exe |
"TCP Query User{802E3A5E-6968-480D-8C7C-4EAE0E4295B2}C:\users\myUser\appdata\local\netviewer\netviewer_support.exe" = protocol=6 | dir=in | app=c:\users\myUser\appdata\local\netviewer\netviewer_support.exe |
"TCP Query User{803D250E-D833-4729-A35D-FB49315AB0B1}C:\users\myUser\appdata\local\netviewer\netviewer_support1.exe" = protocol=6 | dir=in | app=c:\users\myUser\appdata\local\netviewer\netviewer_support1.exe |
"TCP Query User{9B9F9C4B-2F62-44DB-A4BC-CE1EB47E9C87}Y:\prg\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=y:\prg\mozilla firefox\firefox.exe |
"TCP Query User{A2F8C943-A4F8-4AC5-9D55-2A4D5D5C5226}Y:\downloads\netviewer_support(2).exe" = protocol=6 | dir=in | app=y:\downloads\netviewer_support(2).exe |
"TCP Query User{AC4F4ACF-AB81-4E18-8655-5CC741E2DF95}C:\windows\syswow64\xrsslm12.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\xrsslm12.exe |
"TCP Query User{B76D8671-688E-4279-A14C-73BF698693E2}Y:\downloads\netviewer_support(1).exe" = protocol=6 | dir=in | app=y:\downloads\netviewer_support(1).exe |
"TCP Query User{C41692AB-20E4-4B2D-8333-E26E0A714666}C:\program files (x86)\totalcmd\totalcmd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\totalcmd\totalcmd.exe |
"TCP Query User{C938D83F-16C1-4695-8252-8B16A2063330}Y:\prg\netviewer\nv_support_berater_de.exe" = protocol=6 | dir=in | app=y:\prg\netviewer\nv_support_berater_de.exe |
"TCP Query User{CCBDDB30-7233-471D-A9CA-CBEE10C66E16}Y:\prg\mseven software\msecure\msecure.exe" = protocol=6 | dir=in | app=y:\prg\mseven software\msecure\msecure.exe |
"TCP Query User{E9FBD102-91EE-4957-B21C-8ED672BA9BBD}Y:\downloads\netviewer_support(4).exe" = protocol=6 | dir=in | app=y:\downloads\netviewer_support(4).exe |
"TCP Query User{F0D34B02-6B97-42B6-B696-0FE5009FFD72}Y:\prg\hps\planungsmanager\planoutw.exe" = protocol=6 | dir=in | app=y:\prg\hps\planungsmanager\planoutw.exe |
"UDP Query User{0D6914E0-C5BD-49FD-80F5-4273997F0FDF}Y:\prg\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=y:\prg\mozilla firefox\firefox.exe |
"UDP Query User{1654950D-8826-4635-8D75-D3098E36F968}Y:\prg\hps\planungsmanager\planoutw.exe" = protocol=17 | dir=in | app=y:\prg\hps\planungsmanager\planoutw.exe |
"UDP Query User{17D86112-CB1A-4E97-8CBC-E01B515FAF25}Y:\downloads\netviewer_support(2).exe" = protocol=17 | dir=in | app=y:\downloads\netviewer_support(2).exe |
"UDP Query User{402C8ADF-3F91-4393-B431-77FD48852E67}Y:\downloads\netviewer_support(3).exe" = protocol=17 | dir=in | app=y:\downloads\netviewer_support(3).exe |
"UDP Query User{4F55A872-3BED-4153-A672-E117C821AB20}Y:\downloads\netviewer_support(1).exe" = protocol=17 | dir=in | app=y:\downloads\netviewer_support(1).exe |
"UDP Query User{69CD4741-8BC7-4348-B934-938356272BB4}H:\portableapps\portableapps\skypeportable\app\skype\phone\skype.exe" = protocol=17 | dir=in | app=h:\portableapps\portableapps\skypeportable\app\skype\phone\skype.exe |
"UDP Query User{75FA66C5-F109-4DEA-8AB8-A89BBFAF4F18}C:\program files (x86)\totalcmd\totalcmd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\totalcmd\totalcmd.exe |
"UDP Query User{7A5EF9ED-588E-4869-A01B-27B963FA3810}Y:\prg\hps\planungsmanager\resmgrw.exe" = protocol=17 | dir=in | app=y:\prg\hps\planungsmanager\resmgrw.exe |
"UDP Query User{7A751DE6-65ED-47D8-97CC-F5D1BDAEF257}Y:\downloads\netviewer_support(4).exe" = protocol=17 | dir=in | app=y:\downloads\netviewer_support(4).exe |
"UDP Query User{7B124A46-6D35-452D-BC89-FC001059E908}Y:\prg\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=y:\prg\videolan\vlc\vlc.exe |
"UDP Query User{892007A8-CBD7-4CFC-A80C-1A8131D62675}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"UDP Query User{9BBA1CB6-E643-4FFF-8E68-40A8F7254A54}Y:\prg\mseven software\msecure\msecure.exe" = protocol=17 | dir=in | app=y:\prg\mseven software\msecure\msecure.exe |
"UDP Query User{A5FF4F17-F2DF-4193-9DA1-34F0E246549A}C:\users\myUser\appdata\local\netviewer\netviewer_support1.exe" = protocol=17 | dir=in | app=c:\users\myUser\appdata\local\netviewer\netviewer_support1.exe |
"UDP Query User{B1FD11D4-D877-47C8-97C4-27BEE4819AE1}Y:\data\desktop\work\transfer hps\xgen\x-gen_3.5.0.5_prod\x-gen3.5.0.5\bin\windows\tclkit.exe" = protocol=17 | dir=in | app=y:\data\desktop\work\transfer hps\xgen\x-gen_3.5.0.5_prod\x-gen3.5.0.5\bin\windows\tclkit.exe |
"UDP Query User{BCE2206A-5962-4BE8-B5DC-A57E827FF797}Y:\prg\filezilla ftp client\filezilla.exe" = protocol=17 | dir=in | app=y:\prg\filezilla ftp client\filezilla.exe |
"UDP Query User{D5C82903-43F2-4F8F-AD0B-E1328BDF841B}C:\users\myUser\appdata\local\netviewer\netviewer_support.exe" = protocol=17 | dir=in | app=c:\users\myUser\appdata\local\netviewer\netviewer_support.exe |
"UDP Query User{D7EB8597-6112-4348-811B-2BB46F725082}Y:\prg\netviewer\nv_support_berater_de.exe" = protocol=17 | dir=in | app=y:\prg\netviewer\nv_support_berater_de.exe |
"UDP Query User{DF06E282-214B-4262-8F90-26A64C4A4644}F:\portableapps\portableapps\skypeportable\app\skype\phone\skype.exe" = protocol=17 | dir=in | app=f:\portableapps\portableapps\skypeportable\app\skype\phone\skype.exe |
"UDP Query User{DF8047CF-834B-4E3D-9902-8F991FEE8BC5}Y:\prg\netviewer\netviewer_support.exe" = protocol=17 | dir=in | app=y:\prg\netviewer\netviewer_support.exe |
"UDP Query User{E63A7EF7-2BF4-40FF-A789-1E4AD0DB5D4D}C:\windows\syswow64\xrsslm12.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\xrsslm12.exe |
"UDP Query User{F4B96ABB-C34D-43C6-8365-90F46097F497}Y:\downloads\netviewer_support.exe" = protocol=17 | dir=in | app=y:\downloads\netviewer_support.exe |
"UDP Query User{FBF6D70C-6A34-4792-B9C5-3A8EFE80342B}Y:\prg\aoe\empires2.exe" = protocol=17 | dir=in | app=y:\prg\aoe\empires2.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1280B35E-22D6-4172-813A-8FF566456DEE}" = Microsoft SQL Server 2005 Tools (64-bit)
"{18C5A65B-0A39-40B5-B958-63055AFAB65C}" = Microsoft SQL Server Setup Support Files (English)
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416022FF}" = Java(TM) 6 Update 22 (64-bit)
"{26F1A218-3158-4107-B3A6-37FD61CEE969}" = Microsoft SQL Server 2005 (64-bit)
"{28D06854-572C-4A65-83E5-F8CAF26B9FDC}" = Microsoft SQL Server VSS Writer
"{2DF4C5DD-7417-301D-935D-939D3B7B5997}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{3C983A67-DFB2-3D3D-AD9E-CA1A5A09FD18}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{5001E5BC-C9BF-4598-AB89-E7318C76C5F4}" = FRITZ!Fernzugang
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{62D2F823-0EAA-496D-B0F9-A869BFC51550}" = Microsoft SQL Server 2005 Backward compatibility
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{79BF7CB8-1E09-489F-9547-DB3EE8EA3F16}" = Microsoft SQL Server Native Client
"{8219EDCB-CE5A-4348-B056-AAC0FE4E99D0}" = Microsoft IntelliType Pro 8.2
"{8325FD0C-2FDB-46C3-921A-3A78385EA972}" = Microsoft SQL Server 2008 Native Client
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{BBBE35B2-9349-3C48-BD3D-F574B17C7924}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022.218
"{C3600AE6-93A0-3DB7-B7AA-45BD58F133B5}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{C3EAE456-7E7A-451F-80EF-F34C7A13C558}" = Microsoft SQL Server Compact 3.5 SP2 x64 DEU
"{C44218B2-EC4D-4EB9-A3E3-F8F4A46927EC}" = MySQL Connector/ODBC 5.1
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{E0FE1E14-3A7A-4DB0-9FFA-0DD945AE84DB}" = HP Officejet Pro 8500 A910 - Grundlegende Software für das Gerät
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"3932CA781A7894D20116FDF60F878301800EA8AB" = Windows Driver Package - Broadcom Bluetooth (09/11/2009 6.2.0.9407)
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1" = Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
"A5B98551C6BA1C24D2FDDFB2E1764339D449F74D" = Windows Driver Package - Intel (NETw5v64) net (09/15/2009 13.0.0.107)
"B540836D57069F83653778772EE56C5408F1B192" = Windows Driver Package - Intel (NETw5s64) net (09/15/2009 13.0.0.107)
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant 20585 SmartAudio HD
"LENOVO.SMIIF" = Lenovo System Interface Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Microsoft IntelliType Pro 8.2" = Microsoft IntelliType Pro 8.2
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005 (64-bit)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"MyDefrag v4.2.8_is1" = MyDefrag v4.2.8
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"OnScreenDisplay" = On Screen Display
"Power Management Driver" = ThinkPad Power Management Driver
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"TeraCopy_is1" = TeraCopy 2.12
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"Totalcmd64" = Total Commander 64-bit (Remove or Repair)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}" = RICOH R5U230 Media Driver ver.2.06.02.02
"{08F32589-5E39-42B8-8BC5-6A8126ED2A70}" = Microsoft Visual C++ 2008 Redistributable Package
"{091FACEE-A240-42D4-AD71-26E8DFB38F43}" = GO Contact Sync Mod
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{11EF223E-CCCB-4BCC-918D-EA4E59FD05EF}" = UltraCompare
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{26CA1B07-BC53-4196-B9C2-A11C6F6F3E08}_is1" = EXIF Date Changer v2.62
"{2AC9E096-C0EF-48B6-8347-C9520457BC58}" = SQL Prompt 4
"{2B69AD59-FA30-47fc-B950-FA27E7D16A73}_is1" = MZ-Tools 3.0 für VBA
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{40AE01BE-A290-4FFB-8DAB-C624C17DC87E}" = Vegas Movie Studio HD Platinum 10.0
"{47253CA3-91F3-474B-9EF0-0B64EBBA9FEE}" = NovaBACKUP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008 Browser
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}" = Microsoft SQL Server System CLR Types
"{5C47C8B6-77FF-4FC7-A388-66FCF9CFC24C}" = Snagit 9.1.3
"{5C8A48CD-A931-48CE-89BF-944F19AFE0AD}" = SQL Search 1
"{5D2C47DC-3441-4438-84B4-4FE422C64EC5}" = SugarCRM Plug-in for Microsoft Excel
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{68BA90DE-424A-493E-B069-4EB33590C96C}" = Deaktivierungs-Add-on für Browser von Google Analytics
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{718CCDCB-A709-4781-8D64-27ADFB25827A}" = WMHelp XmlPad
"{7238391B-4BF4-41D9-B13A-3592DA160FFC}" = SQL Packager 6
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74480BA5-D91E-45E5-8DF7-0E5799CE8B48}" = mSecure
"{749A1EDD-16C2-4C63-B013-D38F0F953973}" = OviMPlatform
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1" = iPhone Explorer 2.1.2.3
"{8112C6B3-91E1-4560-8AB9-876DADFA37C5}" = Ovi Desktop Sync Engine
"{81C9205D-3BC2-4059-A303-61405032A482}" = Xerox Network Scanner Utility2
"{8292F88E-2DB7-456B-A8F1-9079B7432A1E}" = DVD Architect Studio 5.0
"{84639CB3-04D4-4758-B1D0-82E531D21F59}" = HD Writer AE 2.0
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{871B2A9D-0F12-44B3-88C1-E0CB10A232E4}" = HP Officejet Pro 8500 A910 Hilfe
"{88EDDB8C-68A0-4C28-B89A-35A33A6E3FBE}" = SQL Backup 6
"{8944ED10-DBF2-4FA9-8B5D-D7E1B046C761}_is1" = ColdCut
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
"{90120000-00A7-0407-0000-0000000FF1CE}" = Kalenderdruck-Assistent für Microsoft Office Outlook 2007
"{90120000-00D1-0409-0000-0000000FF1CE}" = Microsoft Office Access database engine 2007 (English)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97F81AF1-0E47-DC99-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 ATL (x86) WinSXS MSM
"{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AD6E95E-ACA4-49C1-B7C5-84C7749EC1F1}" = NMath 5.1
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A05C0671-4A6F-4219-9039-C5C60A702BA3}" = SQL Doc 2
"{A106D33E-6B43-42C0-9BFC-D03303261FA7}" = Microsoft SQL Server 2008 R2 Management Objects
"{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AE09704D-9051-4C25-B940-77F889F0C93F}" = OVTScanner_Vista64
"{AE75AF6A-22AC-4497-AE20-9FA4F4B10050}" = Netviewer Support
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B8B4446F-87E1-4423-A47A-16832C24A199}" = Nokia Ovi Suite
"{BC77989B-4A2A-44CB-8E61-89FB0B71B98B}" = NMath Stats 3.4
"{C0FCA07F-AC31-4261-AFFD-A746F737ECD1}" = L+T EasyMap 9.3
"{C28F2126-8655-49BA-BA5E-0131404EA7C8}" = SugarOutlook
"{C3CD17B4-08B0-492D-8A4C-81716D33E520}" = Integrated Camera Driver Installer Package Ver.1.1.0.19
"{CAE714C6-8EF2-4EDD-A244-C41AAA873944}" = SQL Dependency Tracker 2
"{CCAC7E52-ECCE-3C4D-B1BE-BC2ACF1C1C0E}" = Microsoft Visual Basic 2010 Express - DEU
"{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{D812E24D-4BD2-4140-93DD-7783B9162A36}" = SQL Multi Script 1
"{DD0B73DF-3B16-4729-9381-E5319A0B2875}" = Qualcomm Gobi 2000 Package for Lenovo
"{DF2035BE-5820-4965-BD97-7FAF8D4A7879}" = Microsoft_VC90_CRT_x86
"{E38294D0-DF92-49A3-B36C-BFC1979CE782}" = SQL Compare 8
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E69BB189-4B20-46AE-93CF-59099F05FC3F}" = OutlookTools 2
"{EA73B482-3C8E-4FA7-B6A6-9D8E48E27920}" = SQL Data Compare 8
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EC1399E4-A960-4101-B346-34A2A088633F}" = Theme Builder
"{EE5B5B24-EEFC-4C8B-BF8B-256D705BAD89}" = Nokia Ovi Suite Software Updater
"{EFADD989-D9F2-49F6-A280-675951CC78D3}" = FRITZ!Box-Fernzugang einrichten
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F3493E2F-B147-4EDD-9AE2-5DEDB8776232}" = Avira Security Management Center Agent
"{FBDCDFA2-6950-46A1-B31E-B1B3DF08242B}" = Miro Video Converter
"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Age of Empires 2.0" = Microsoft Age of Empires II
"AllDup_is1" = AllDup 1.7.13
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"AnyPassword Pro_is1" = AnyPassword Pro 1.04
"Audacity_is1" = Audacity 1.2.6
"AudibleDownloadManager" = Audible Download Manager
"Avira AntiVir Desktop" = Avira AntiVir Professional
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"Chapter Master_is1" = Chapter Master 1.2.5
"CheckAud Archiv-Viewer1.1" = CheckAud Archiv-Viewer
"CheckAud for Data Analysis2.4" = CheckAud for Data Analysis
"DivX Setup.divx.com" = DivX-Setup
"DreamCoder for MySQL Enterprise Freeware Edition_is1" = DreamCoder for MySQL 6.0
"EditPad Pro 6" = Just Great Software EditPad Pro 6 v.6.5.2
"EURACOM 3D02" = EURACOM 3D02
"EURACOM 3D10.2F" = EURACOM 3D10.2F
"ffdshow_is1" = ffdshow [rev 2946] [2009-05-15]
"FileZilla Client" = FileZilla Client 3.3.2
"Foxit Reader" = Foxit Reader
"GoToAssist Express Customer" = GoToAssist Express Customer 1.4.0.223
"hps mySoftware1.4" = hps mySoftware
"hps mySoftware2.2" = hps mySoftware
"hps mySoftware2.3" = hps mySoftware
"hps mySoftware2.4" = hps mySoftware
"hps Prüfungsmanager" = hps Prüfungsmanager
"HotKeyz_is1" = HotKeyz 2.8.3
"IconWorkshop" = Axialis IconWorkshop 6.33
"InstallShield_{11EF223E-CCCB-4BCC-918D-EA4E59FD05EF}" = UltraCompare
"IrfanView" = IrfanView (remove only)
"JkDefragGUI 1.16" = JkDefragGUI 1.16
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"LKontoLb Kontonummernprüfung Entwickler" = LKontoLb Kontonummernprüfung Entwickler
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"MarkAble2_is1" = MarkAble 2.2.8
"Microsoft Visual Basic 2010 Express - DEU" = Microsoft Visual Basic 2010 Express - DEU
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.45a
"Nokia Ovi Suite" = Nokia Ovi Suite
"Notepad++" = Notepad++
"NovaBACKUP" = NovaBACKUP
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"OpenVPN" = OpenVPN 2.1.1
"PhoneSuite_CTI_Client (y|_prg_)" = PhoneSuite_CTI_Client (y:\prg\)
"PowerGREP 3" = JGsoft PowerGREP 3 v.3.5.2
"RegexBuddy 3" = JGsoft RegexBuddy 3 v.3.3.0
"ScenalyzerLive" = ScenalyzerLive (entfernen)
"SEABURG - 8590" = SEABURG - 8590
"SeaMonkey (2.10)" = SeaMonkey (2.10)
"SpeedFiler" = SpeedFiler 2.0.0
"SyncBack_is1" = SyncBack
"TeamViewer 6" = TeamViewer 6
"Totalcmd" = Total Commander (Remove or Repair)
"TrueCrypt" = TrueCrypt
"UltraSearch_is1" = UltraSearch V1.2
"UN060501" = BUFFALO NAS Navigator2
"Videoload Manager" = Videoload Manager 2.0.2192
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.1.5
"VMware_Workstation" = VMware Workstation
"WinCDEmu" = WinCDEmu
"WinMerge_is1" = WinMerge 2.12.4
"Zattoo4" = Zattoo4 4.0.5

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2854375698-3784374130-2371189389-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting 4.5.0.457
"hps NAS" = hps NAS
"NumberScan" = NumberScan
"STANLY Track" = STANLY Track
"WinDirStat" = WinDirStat 1.1.2

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 27.06.2012 18:45:59 | Computer Name = NORDEN | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 27.06.2012 18:45:59 | Computer Name = NORDEN | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8065

Error - 27.06.2012 18:45:59 | Computer Name = NORDEN | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8065

Error - 28.06.2012 01:21:37 | Computer Name = NORDEN | Source = MSSQLSERVER | ID = 17207
Description = FCB::Open: Operating system error 3(Das System kann den angegebenen
Pfad nicht finden.) occurred while creating or opening file 'F:\pm_lkstade.mdf'.
Diagnose and correct the operating system error, and retry the operation.

Error - 28.06.2012 01:21:37 | Computer Name = NORDEN | Source = MSSQLSERVER | ID = 17204
Description = FCB::Open failed: Could not open file F:\pm_lkstade.mdf for file number
1. OS error: 3(Das System kann den angegebenen Pfad nicht finden.).

Error - 28.06.2012 01:21:37 | Computer Name = NORDEN | Source = MSSQLSERVER | ID = 17207
Description = FileMgr::StartLogFiles: Operating system error 2(Das System kann die
angegebene Datei nicht finden.) occurred while creating or opening file 'F:\pm_lkstade_2.ldf'.
Diagnose and correct the operating system error, and retry the operation.

Error - 28.06.2012 11:31:07 | Computer Name = NORDEN | Source = MSSQLSERVER | ID = 17207
Description = FCB::Open: Operating system error 3(Das System kann den angegebenen
Pfad nicht finden.) occurred while creating or opening file 'F:\pm_lkstade.mdf'.
Diagnose and correct the operating system error, and retry the operation.

Error - 28.06.2012 11:31:07 | Computer Name = NORDEN | Source = MSSQLSERVER | ID = 17204
Description = FCB::Open failed: Could not open file F:\pm_lkstade.mdf for file number
1. OS error: 3(Das System kann den angegebenen Pfad nicht finden.).

Error - 28.06.2012 11:31:08 | Computer Name = NORDEN | Source = MSSQLSERVER | ID = 17207
Description = FileMgr::StartLogFiles: Operating system error 2(Das System kann die
angegebene Datei nicht finden.) occurred while creating or opening file 'F:\pm_lkstade_2.ldf'.
Diagnose and correct the operating system error, and retry the operation.

Error - 28.06.2012 12:28:33 | Computer Name = NORDEN | Source = MsiInstaller | ID = 11001
Description =

Error - 29.06.2012 05:27:45 | Computer Name = NORDEN | Source = MSSQLSERVER | ID = 17207
Description = FCB::Open: Operating system error 3(Das System kann den angegebenen
Pfad nicht finden.) occurred while creating or opening file 'F:\pm_lkstade.mdf'.
Diagnose and correct the operating system error, and retry the operation.

Error - 29.06.2012 05:27:45 | Computer Name = NORDEN | Source = MSSQLSERVER | ID = 17204
Description = FCB::Open failed: Could not open file F:\pm_lkstade.mdf for file number
1. OS error: 3(Das System kann den angegebenen Pfad nicht finden.).

Error - 29.06.2012 05:27:46 | Computer Name = NORDEN | Source = MSSQLSERVER | ID = 17207
Description = FileMgr::StartLogFiles: Operating system error 2(Das System kann die
angegebene Datei nicht finden.) occurred while creating or opening file 'F:\pm_lkstade_2.ldf'.
Diagnose and correct the operating system error, and retry the operation.

[ Red Gate Software Events ]
Error - 02.05.2012 02:50:04 | Computer Name = NORDEN | Source = SQL Prompt 4 | ID = 0
Description = 2012-05-02 08:50:04,414 [11] ERROR RedGate.SqlPrompt.Engine.LogService
[(null)] - LogService caught unhandled exception in AppDomain: 'Der Thread wurde
abgebrochen.' System.Threading.ThreadAbortException: Der Thread wurde abgebrochen.

bei RedGate.SQLPrompt.CommonUI.TaskExecuter.Executer.a() bei System.Threading.ThreadHelper.ThreadStart_Context(Object
state) bei System.Threading.ExecutionContext.Run(ExecutionContext executionContext,
ContextCallback callback, Object state) bei System.Threading.ThreadHelper.ThreadStart()


Error - 03.05.2012 10:56:28 | Computer Name = NORDEN | Source = SQL Prompt 4 | ID = 0
Description = 2012-05-03 16:56:28,780 [11] ERROR RedGate.SqlPrompt.Engine.LogService
[(null)] - LogService caught unhandled exception in AppDomain: 'Der Thread wurde
abgebrochen.' System.Threading.ThreadAbortException: Der Thread wurde abgebrochen.

bei RedGate.SQLPrompt.CommonUI.TaskExecuter.Executer.a() bei System.Threading.ThreadHelper.ThreadStart_Context(Object
state) bei System.Threading.ExecutionContext.Run(ExecutionContext executionContext,
ContextCallback callback, Object state) bei System.Threading.ThreadHelper.ThreadStart()


Error - 04.05.2012 07:48:47 | Computer Name = NORDEN | Source = SQL Prompt 4 | ID = 0
Description = 2012-05-04 13:48:47,666 [11] ERROR RedGate.SqlPrompt.Engine.LogService
[(null)] - LogService caught unhandled exception in AppDomain: 'Der Thread wurde
abgebrochen.' System.Threading.ThreadAbortException: Der Thread wurde abgebrochen.

bei RedGate.SQLPrompt.CommonUI.TaskExecuter.Executer.a() bei System.Threading.ThreadHelper.ThreadStart_Context(Object
state) bei System.Threading.ExecutionContext.Run(ExecutionContext executionContext,
ContextCallback callback, Object state) bei System.Threading.ThreadHelper.ThreadStart()


Error - 08.05.2012 05:53:53 | Computer Name = NORDEN | Source = SQL Prompt 4 | ID = 0
Description = 2012-05-08 11:53:53,528 [11] ERROR RedGate.SqlPrompt.Engine.LogService
[(null)] - LogService caught unhandled exception in AppDomain: 'Der Thread wurde
abgebrochen.' System.Threading.ThreadAbortException: Der Thread wurde abgebrochen.

bei RedGate.SQLPrompt.CommonUI.TaskExecuter.Executer.a() bei System.Threading.ThreadHelper.ThreadStart_Context(Object
state) bei System.Threading.ExecutionContext.Run(ExecutionContext executionContext,
ContextCallback callback, Object state) bei System.Threading.ThreadHelper.ThreadStart()


Error - 14.05.2012 15:27:10 | Computer Name = NORDEN | Source = SQL Prompt 4 | ID = 0
Description = 2012-05-14 21:27:10,566 [11] ERROR RedGate.SqlPrompt.Engine.LogService
[(null)] - LogService caught unhandled exception in AppDomain: 'Der Thread wurde
abgebrochen.' System.Threading.ThreadAbortException: Der Thread wurde abgebrochen.

bei RedGate.SQLPrompt.CommonUI.TaskExecuter.Executer.a() bei System.Threading.ThreadHelper.ThreadStart_Context(Object
state) bei System.Threading.ExecutionContext.Run(ExecutionContext executionContext,
ContextCallback callback, Object state) bei System.Threading.ThreadHelper.ThreadStart()


Error - 31.05.2012 11:39:51 | Computer Name = NORDEN | Source = SQL Prompt 4 | ID = 0
Description = 2012-05-31 17:39:51,391 [11] ERROR RedGate.SqlPrompt.Engine.LogService
[(null)] - LogService caught unhandled exception in AppDomain: 'Der Thread wurde
abgebrochen.' System.Threading.ThreadAbortException: Der Thread wurde abgebrochen.

bei RedGate.SQLPrompt.CommonUI.TaskExecuter.Executer.a() bei System.Threading.ThreadHelper.ThreadStart_Context(Object
state) bei System.Threading.ExecutionContext.Run(ExecutionContext executionContext,
ContextCallback callback, Object state) bei System.Threading.ThreadHelper.ThreadStart()


Error - 05.06.2012 10:27:52 | Computer Name = NORDEN | Source = SQL Prompt 4 | ID = 0
Description = 2012-06-05 16:27:52,776 [11] ERROR RedGate.SqlPrompt.Engine.LogService
[(null)] - LogService caught unhandled exception in AppDomain: 'Der Thread wurde
abgebrochen.' System.Threading.ThreadAbortException: Der Thread wurde abgebrochen.

bei RedGate.SQLPrompt.CommonUI.TaskExecuter.Executer.a() bei System.Threading.ThreadHelper.ThreadStart_Context(Object
state) bei System.Threading.ExecutionContext.Run(ExecutionContext executionContext,
ContextCallback callback, Object state) bei System.Threading.ThreadHelper.ThreadStart()


Error - 06.06.2012 04:15:55 | Computer Name = NORDEN | Source = SQL Prompt 4 | ID = 0
Description = 2012-06-06 10:15:55,949 [11] ERROR RedGate.SqlPrompt.Engine.LogService
[(null)] - LogService caught unhandled exception in AppDomain: 'Der Thread wurde
abgebrochen.' System.Threading.ThreadAbortException: Der Thread wurde abgebrochen.

bei RedGate.SQLPrompt.CommonUI.TaskExecuter.Executer.a() bei System.Threading.ThreadHelper.ThreadStart_Context(Object
state) bei System.Threading.ExecutionContext.Run(ExecutionContext executionContext,
ContextCallback callback, Object state) bei System.Threading.ThreadHelper.ThreadStart()


Error - 08.06.2012 08:25:07 | Computer Name = NORDEN | Source = SQL Prompt 4 | ID = 0
Description = 2012-06-08 14:25:07,657 [11] ERROR RedGate.SqlPrompt.Engine.LogService
[(null)] - LogService caught unhandled exception in AppDomain: 'Der Thread wurde
abgebrochen.' System.Threading.ThreadAbortException: Der Thread wurde abgebrochen.

bei RedGate.SQLPrompt.CommonUI.TaskExecuter.Executer.a() bei System.Threading.ThreadHelper.ThreadStart_Context(Object
state) bei System.Threading.ExecutionContext.Run(ExecutionContext executionContext,
ContextCallback callback, Object state) bei System.Threading.ThreadHelper.ThreadStart()


Error - 12.06.2012 11:36:33 | Computer Name = NORDEN | Source = SQL Prompt 4 | ID = 0
Description = 2012-06-12 17:36:33,677 [11] ERROR RedGate.SqlPrompt.Engine.LogService
[(null)] - LogService caught unhandled exception in AppDomain: 'Der Thread wurde
abgebrochen.' System.Threading.ThreadAbortException: Der Thread wurde abgebrochen.

bei RedGate.SQLPrompt.CommonUI.TaskExecuter.Executer.a() bei System.Threading.ThreadHelper.ThreadStart_Context(Object
state) bei System.Threading.ExecutionContext.Run(ExecutionContext executionContext,
ContextCallback callback, Object state) bei System.Threading.ThreadHelper.ThreadStart()


[ System Events ]
Error - 28.06.2012 01:22:16 | Computer Name = NORDEN | Source = DCOM | ID = 10016
Description =

Error - 28.06.2012 11:30:04 | Computer Name = NORDEN | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.

Error - 28.06.2012 11:30:11 | Computer Name = NORDEN | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.

Error - 28.06.2012 11:31:26 | Computer Name = NORDEN | Source = DCOM | ID = 10016
Description =

Error - 29.06.2012 05:26:42 | Computer Name = NORDEN | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.

Error - 29.06.2012 05:27:01 | Computer Name = NORDEN | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?29.?06.?2012 um 10:10:52 unerwartet heruntergefahren.

Error - 29.06.2012 05:26:52 | Computer Name = NORDEN | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.

Error - 29.06.2012 05:28:13 | Computer Name = NORDEN | Source = DCOM | ID = 10016
Description =

Error - 29.06.2012 05:28:27 | Computer Name = NORDEN | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
SBSD Security Center Service erreicht.

Error - 29.06.2012 05:28:27 | Computer Name = NORDEN | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SBSD Security Center Service" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053


< End of report >

Alt 29.06.2012, 20:03   #2
markusg
/// Malware-holic
 
Was habe ich mir da eingefangen? - Standard

Was habe ich mir da eingefangen?



hi
vllt bin ich ja da altmodisch, aber ich dachte immer wenn man ein problem hatt, beschreibt man es erst mal, wie sollen wir sonst arbeiten :-)
__________________

__________________

Antwort

Themen zu Was habe ich mir da eingefangen?
7-zip, alternate, antivir, avira, bho, bonjour, desktop, entfernen, error, failed, firefox, firefox 13.0.1, flash player, google, google analytics, google earth, google-analytics.com, helper, install.exe, intranet, langs, lenovo, logfile, microsoft office 2003, microsoft office word, mozilla, mp3, msiinstaller, object, office 2007, officejet, otl ! was soll ich jetzt tun?, plug-in, registry, safer networking, scan, searchscopes, security, software, spyware, super, svchost.exe, system error, total commander, tracker, usb, version=1.0, visual studio, windows



Ähnliche Themen: Was habe ich mir da eingefangen?


  1. Habe Telekom Rechnung geöffnet! Bin mir nicht sicher, ob ich einen Trjoaner eingefangen habe
    Plagegeister aller Art und deren Bekämpfung - 08.06.2014 (15)
  2. Ich habe 2 DllHost.exe Prozesse, Habe ich mir einen Virus eingefangen?
    Log-Analyse und Auswertung - 29.08.2013 (9)
  3. Ich, (weiblich .und habe eigentlich keine Ahnung ;) habe mir Keylogger und änliches eingefangen
    Plagegeister aller Art und deren Bekämpfung - 01.03.2013 (3)
  4. Habe mir den GVU Trojaner eingefangen :(
    Plagegeister aller Art und deren Bekämpfung - 23.08.2012 (2)
  5. Habe mir BDS eingefangen
    Plagegeister aller Art und deren Bekämpfung - 12.07.2012 (5)
  6. Ich habe mir den 50€ virus eingefangen (habe OTL.txt und Extra.txt
    Log-Analyse und Auswertung - 09.01.2012 (1)
  7. habe mir was eingefangen von wkw
    Mülltonne - 27.11.2008 (8)
  8. Habe ich mir da was eingefangen??
    Plagegeister aller Art und deren Bekämpfung - 16.08.2008 (3)
  9. Was habe ich mir da eingefangen??
    Log-Analyse und Auswertung - 07.05.2008 (17)
  10. Was habe ich mir wohl eingefangen?
    Log-Analyse und Auswertung - 04.05.2008 (5)
  11. Habe mir was eingefangen...
    Log-Analyse und Auswertung - 05.06.2007 (1)
  12. Was habe ich mir da eingefangen?
    Log-Analyse und Auswertung - 07.05.2007 (3)
  13. Ich habe mir was eingefangen
    Plagegeister aller Art und deren Bekämpfung - 11.01.2007 (4)
  14. Was habe ich mir da eingefangen?
    Plagegeister aller Art und deren Bekämpfung - 03.07.2006 (1)
  15. Habe ich mir was eingefangen?
    Log-Analyse und Auswertung - 15.09.2005 (5)
  16. Was habe ich mir denn da eingefangen?
    Log-Analyse und Auswertung - 19.05.2005 (3)
  17. Was habe ich mir da eingefangen ?
    Plagegeister aller Art und deren Bekämpfung - 15.07.2003 (6)

Zum Thema Was habe ich mir da eingefangen? - Danke für dieses Forum und die Beteiligung: Hier ein OTL.Txt Und die Extras.Txt Danke Olli OTL logfile created on: 29.06.2012 11:34:30 - Run 1 OTL by OldTimer - Version 3.2.53.0 - Was habe ich mir da eingefangen?...
Archiv
Du betrachtest: Was habe ich mir da eingefangen? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.