snap.do wie deinstalieren

tom_123 · 04.05.2013, 23:19

Hallo,

jetzt habe ich schon viel gelesen, aber komme selber doch nicht wirklich weiter.

Unter Programme habe ich den Eintag Snap.Do Engine ! welchen ich nicht los bekomme, deinstallieren klappt einfach nicht.

adwcleaner schreibt zwar jedes mal:

Datei : C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gelöscht [l.2061] : homepage = "hxxp://feed.snap.do/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=DE&userid=db187f10-[...]

Das hilft vermutlich nichts solange das Programm noch installiert ist?

Wie werde ich das Mistding wieder los, in den Webbrowsern ist es zumindest nicht mehr als Startseite drin.

Danke schon mal für die Hilfe.

adwcleaner

Code:

ATTFilter

# AdwCleaner v2.300 - Datei am 04/05/2013 um 23:04:05 erstellt
# Aktualisiert am 28/04/2013 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzer : Thomas - xxxxxxx
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Thomas\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Gelöscht mit Neustart : C:\Program Files (x86)\DeviceVM

***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16476

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v21.0 (de)

Datei : C:\Users\thomas.TT\AppData\Roaming\Mozilla\Firefox\Profiles\df3buwm8.default\prefs.js

[OK] Die Datei ist sauber.

Datei : C:\Users\thomas.TT\AppData\Roaming\Mozilla\Firefox\Profiles\jewn20nv.default\prefs.js

[OK] Die Datei ist sauber.

Datei : C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\jewn20nv.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v26.0.1410.64

Datei : C:\Users\thomas.TT\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

Datei : C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gelöscht [l.2061] : homepage = "hxxp://feed.snap.do/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=DE&userid=db187f10-[...]

*************************

AdwCleaner[R1].txt - [13984 octets] - [04/05/2013 02:13:25]
AdwCleaner[R2].txt - [14070 octets] - [04/05/2013 03:08:43]
AdwCleaner[R3].txt - [1942 octets] - [04/05/2013 03:15:36]
AdwCleaner[R4].txt - [2062 octets] - [04/05/2013 09:29:27]
AdwCleaner[R5].txt - [2182 octets] - [04/05/2013 23:03:53]
AdwCleaner[S1].txt - [375 octets] - [04/05/2013 02:13:53]
AdwCleaner[S2].txt - [14078 octets] - [04/05/2013 03:08:54]
AdwCleaner[S3].txt - [1949 octets] - [04/05/2013 03:16:22]
AdwCleaner[S4].txt - [2069 octets] - [04/05/2013 09:30:02]
AdwCleaner[S5].txt - [2060 octets] - [04/05/2013 23:04:05]

########## EOF - C:\AdwCleaner[S5].txt - [2120 octets] ##########

Security Check

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.62  
 Windows 7 Service Pack 1 x64   
 Internet Explorer 9  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Desktop   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 TuneUp Companion 2.0.9   
 Java 7 Update 21  
 Java version out of Date! 
 Adobe Flash Player 10 Flash Player out of Date! 
 Adobe Flash Player 11.7.700.169  
 Adobe Reader XI  
 Mozilla Firefox (4.0.1) 
 Mozilla Thunderbird (17.0.5) 
 Google Chrome 26.0.1410.43  
 Google Chrome 26.0.1410.64  
 Google Chrome Plugins...  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
 Malwarebytes' Anti-Malware mbamscheduler.exe   
 StarMoney 8.0 ouservice StarMoneyOnlineUpdate.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

Malwarebytes Ersterlauf

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.05.03.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Thomas :: xxxxxxxx [Administrator]

Schutz: Aktiviert

04.05.2013 00:59:20
mbam-log-2013-05-04 (00-59-20).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 628949
Laufzeit: 1 Stunde(n), 56 Minute(n), 53 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 2
C:\Program Files (x86)\Setup Wizard (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Setup Wizard\Image (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 19
C:\$Recycle.Bin\S-1-5-21-915812183-1053917599-1125579299-1000\$R4K2JGS.part (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt.
C:\Users\Thomas\Downloads\SoftonicDownloader_fuer_windows-7-pdc-icons.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt.
C:\Users\thomas.TT\AppData\Local\Temp\Y+kAZdMX.exe.part (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt.
C:\Users\thomas.TT\Downloads\SoftonicDownloader_fuer_windows-7-pdc-icons.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt.
C:\Users\Thomas\Downloads\coordiSetup_1_2_3.exe (Adware.GabPath) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Setup Wizard\Config.ini (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Setup Wizard\Setup Wizard.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Setup Wizard\Image\btn_Back.jpg (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Setup Wizard\Image\btn_Exit.jpg (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Setup Wizard\Image\btn_M_About.jpg (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Setup Wizard\Image\btn_M_Exit.jpg (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Setup Wizard\Image\btn_M_Link.jpg (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Setup Wizard\Image\btn_M_Search.jpg (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Setup Wizard\Image\btn_M_Wizard.jpg (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Setup Wizard\Image\btn_Next.jpg (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Setup Wizard\Image\btn_OK.jpg (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Setup Wizard\Image\btn_Restart.jpg (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Setup Wizard\Image\Install Screen1.jpg (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Setup Wizard\Image\SetupWizard.ico (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
(Ende)

Malwarebytes Aktueller Lauf

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.05.04.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Thomas :: xxxxxxxxx [Administrator]

Schutz: Aktiviert

05.05.2013 00:05:53
mbam-log-2013-05-05 (00-05-53).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM | P2P
Deaktivierte Suchlaufeinstellungen: 
Durchsuchte Objekte: 325578
Laufzeit: 6 Minute(n), 32 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Habe jetzt noch den entsprechenden Eintrag in der reg gefunden:

Schlüsselname: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{0427d521-705d-45a6-a05e-e3a49d10a8b8}
Klassenname: <KEINE KLASSE>
Letzter Schreibzugriff: 01.05.2013 - 19:21
Wert 0
Name: DisplayName
Typ: REG_SZ
Daten: Snap.Do Engine

Wert 1
Name: Publisher
Typ: REG_SZ
Daten: ReSoft Ltd.

Wert 2
Name: DisplayVersion
Typ: REG_SZ
Daten: 1.6.1.921

Wert 3
Name: DisplayIcon
Typ: REG_SZ
Daten: C:\Users\Thomas\AppData\Local\Smartbar\Application\SmartbarInstallationIcon.ico

Wert 4
Name: UninstallString
Typ: REG_SZ
Daten: MsiExec.exe /X{B3A13FF1-8857-4219-A1F5-99BC570CB11C} /quiet ENGINE=1

cosinus · 06.05.2013, 11:15

Hallo und

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.

Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.
Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!
Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!
Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!
Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.

Erstmal eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in CODE-Tags in den Thread.

tom_123 · 06.05.2013, 22:34

Hi cosinus,

Danke erst mal für diene Hilfe, hier die erste Datei von OTL

Code:

ATTFilter

OTL logfile created on: 06.05.2013 22:46:39 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Thomas\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
11,80 Gb Total Physical Memory | 8,78 Gb Available Physical Memory | 74,37% Memory free
23,61 Gb Paging File | 20,27 Gb Available in Paging File | 85,88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 248,46 Gb Free Space | 53,36% Space Free | Partition Type: NTFS
 
Computer Name: PC | User Name: Thomas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC -  File not found
PRC - C:\Program Files (x86)\Aurora\firefox.exe (Mozilla Corporation)
PRC - C:\Users\Thomas\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe (Uniblue Systems Ltd)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\AxxonSoft\AxxonSmart\bin\AppHost.exe (AxxonSoft)
PRC - C:\Program Files (x86)\AxxonSoft\AxxonSmart\bin\NetHost.exe (AxxonSoft)
PRC - C:\Program Files (x86)\Common Files\AxxonSoft\LogRotate\LogRotate.exe ()
PRC - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Program Files (x86)\AxxonSoft\AxxonSmart\bin\TAO_NT_Service.exe (OV-Soft)
PRC - C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe (National Instruments Corporation)
PRC - C:\Windows\SysWOW64\lktsrv.exe (National Instruments Corporation)
PRC - C:\Windows\SysWOW64\lkads.exe (National Instruments Corporation)
PRC - C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe (National Instruments Corporation)
PRC - C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe (National Instruments Corporation)
PRC - C:\Program Files (x86)\TightVNC\tvnserver.exe (GlavSoft LLC.)
PRC - C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe (National Instruments Corporation)
PRC - C:\Windows\SysWOW64\lkcitdl.exe (National Instruments, Inc.)
PRC - C:\Program Files (x86)\Hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann)
PRC - C:\Program Files (x86)\Hardcopy\hcdll2_ex_Win32.exe ()
PRC - C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Program Files (x86)\Common Files\PCTV Systems\RemoTerm\remoterm.exe (PCTV Systems S.à r.l.)
PRC - C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exe (Gigabyte Technology CO., LTD.)
PRC - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe (DeviceVM, Inc.)
PRC - C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe (Gigabyte Technology CO., LTD.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Common Files\AxxonSoft\PostgreSQL.NGP\bin\pg_ctl.exe (PostgreSQL Global Development Group)
PRC - C:\Program Files (x86)\Common Files\AxxonSoft\PostgreSQL.NGP\bin\postgres.exe (PostgreSQL Global Development Group)
PRC - C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe ()
PRC - C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Lexware GmbH & Co. KG)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Aurora\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\0116eb86d490dd9ea9fcc53aa7f62422\System.Messaging.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\e818fbdb44667fdf48e69d032ed038a9\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\276a4a9226efbd4e3bfe1cff92acdb51\System.Windows.Forms.ni.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8f045547dc39be38a6c3348b524b5d96\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\39cb017c2a46136cf3ca8a877d4fa741\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f3bcf05501f25211734e003e40c1fc4d\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\35a8c4dd1bd18d6100a4974aa272761c\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\AxxonSoft\AxxonSmart\bin\SecurityManager.dll ()
MOD - C:\Program Files (x86)\AxxonSoft\AxxonSmart\bin\CommonNotificationCpp.dll ()
MOD - C:\Program Files (x86)\AxxonSoft\AxxonSmart\bin\Notification_IDL.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\AxxonSoft\AxxonSmart\bin\TAO_CosTrading.dll ()
MOD - C:\Program Files (x86)\AxxonSoft\AxxonSmart\bin\TAO_PortableServer.dll ()
MOD - C:\Program Files (x86)\AxxonSoft\AxxonSmart\bin\ACEXML.dll ()
MOD - C:\Program Files (x86)\AxxonSoft\AxxonSmart\bin\TAO_Valuetype.dll ()
MOD - C:\Program Files (x86)\AxxonSoft\AxxonSmart\bin\TAO_Codeset.dll ()
MOD - C:\Program Files (x86)\AxxonSoft\AxxonSmart\bin\ACE.dll ()
MOD - C:\Program Files (x86)\AxxonSoft\AxxonSmart\bin\TAO_PI_Server.dll ()
MOD - C:\Program Files (x86)\AxxonSoft\AxxonSmart\bin\TAO_Messaging.dll ()
MOD - C:\Program Files (x86)\AxxonSoft\AxxonSmart\bin\TAO_PI.dll ()
MOD - C:\Program Files (x86)\AxxonSoft\AxxonSmart\bin\ACEXML_XML_Svc_Conf_Parser.dll ()
MOD - C:\Program Files (x86)\AxxonSoft\AxxonSmart\bin\TAO.dll ()
MOD - C:\Program Files (x86)\AxxonSoft\AxxonSmart\bin\TAO_AnyTypeCode.dll ()
MOD - C:\Program Files (x86)\AxxonSoft\AxxonSmart\bin\TAO_CosNaming_Skel.dll ()
MOD - C:\Program Files (x86)\AxxonSoft\AxxonSmart\bin\ACEXML_Parser.dll ()
MOD - C:\Program Files (x86)\AxxonSoft\AxxonSmart\bin\TAO_CodecFactory.dll ()
MOD - C:\Program Files (x86)\AxxonSoft\AxxonSmart\bin\TAO_CosNaming.dll ()
MOD - C:\Program Files (x86)\AxxonSoft\AxxonSmart\bin\boost_unit_test_framework-vc80-mt-1_45.dll ()
MOD - C:\Program Files (x86)\Hardcopy\HcDllS.dll ()
MOD - C:\Program Files (x86)\Hardcopy\hcdll2_ex_Win32.exe ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Program Files (x86)\Hardcopy\hardcopy_03.dll ()
MOD - C:\Program Files (x86)\Hardcopy\HcDLL2_30_Win32.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (nlscc) -- C:\Windows\SysNative\nlsInterface.EXE (Nalpeiron Ltd.)
SRV:64bit: - (AppleChargerSrv) -- C:\Windows\SysNative\AppleChargerSrv.exe ()
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (hasplms) -- C:\Windows\SysNative\hasplms.exe (Aladdin Knowledge Systems Ltd.)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe (McAfee, Inc.)
SRV - (SpyHunter 4 Service) -- C:\Programme\Enigma Software Group\SpyHunter\SH4Service.exe (Enigma Software Group USA, LLC.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (NGP_Host_Service) -- C:\Program Files (x86)\AxxonSoft\AxxonSmart\bin\AppHost.exe (AxxonSoft)
SRV - (LogRotate) -- C:\Program Files (x86)\Common Files\AxxonSoft\LogRotate\LogRotate.exe ()
SRV - (DisplayLinkService) -- C:\Programme\DisplayLink Core Software\DisplayLinkManager.exe (DisplayLink Corp.)
SRV - (TAO_NT_Service) -- C:\Program Files (x86)\AxxonSoft\AxxonSmart\bin\TAO_NT_Service.exe (OV-Soft)
SRV - (w7Svc) -- C:\Program Files (x86)\webcam 7\wService.exe (Moonware Studios)
SRV - (NIDomainService) -- C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe (National Instruments Corporation)
SRV - (lkTimeSync) -- C:\Windows\SysWOW64\lktsrv.exe (National Instruments Corporation)
SRV - (lkClassAds) -- C:\Windows\SysWOW64\lkads.exe (National Instruments Corporation)
SRV - (niSvcLoc) -- C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe (National Instruments Corporation)
SRV - (NIApplicationWebServer64) -- C:\Programme\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe (National Instruments Corporation)
SRV - (NIApplicationWebServer) -- C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe (National Instruments Corporation)
SRV - (tvnserver) -- C:\Program Files (x86)\TightVNC\tvnserver.exe (GlavSoft LLC.)
SRV - (nimDNSResponder) -- C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe (National Instruments Corporation)
SRV - (LkCitadelServer) -- C:\Windows\SysWOW64\lkcitdl.exe (National Instruments, Inc.)
SRV - (LBTServ) -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (MSSQLServerADHelper100) -- C:\Programme\Microsoft SQL Server\100\Shared\sqladhlp.exe (Microsoft Corporation)
SRV - (SQLWriter) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (BCUService) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe (DeviceVM, Inc.)
SRV - (Smart TimeLock) -- C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe (Gigabyte Technology CO., LTD.)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (pgsql-8.3) -- C:\Program Files (x86)\Common Files\AxxonSoft\PostgreSQL.NGP\bin\pg_ctl.exe (PostgreSQL Global Development Group)
SRV - (DES2 Service) -- C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation)
DRV:64bit: - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (dlkmd) -- C:\Windows\SysNative\drivers\dlkmd.sys (DisplayLink Corp.)
DRV:64bit: - (dlkmdldr) -- C:\Windows\SysNative\drivers\dlkmdldr.sys (DisplayLink Corp.)
DRV:64bit: - (DisplayLinkUsbPort) -- C:\Windows\SysNative\drivers\DisplayLinkUsbPort_6.3.40660.0.sys (hxxp://libusb-win32.sourceforge.net)
DRV:64bit: - (Ser2pl) -- C:\Windows\SysNative\drivers\ser2pl64.sys (Prolific Technology Inc.)
DRV:64bit: - (EsgScanner) -- C:\Windows\SysNative\drivers\EsgScanner.sys ()
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (L8042Kbd) -- C:\Windows\SysNative\drivers\L8042Kbd.sys (Logitech, Inc.)
DRV:64bit: - (nm3) -- C:\Windows\SysNative\drivers\nm3.sys (Microsoft Corporation)
DRV:64bit: - (AppleCharger) -- C:\Windows\SysNative\drivers\AppleCharger.sys ()
DRV:64bit: - (RsFx0150) -- C:\Windows\SysNative\drivers\RsFx0150.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (PCTVStargate) -- C:\Windows\SysNative\drivers\Stargate64.sys (Hauppauge Computer Works! )
DRV:64bit: - (IwUSB) -- C:\Windows\SysNative\drivers\iwusb_x64.sys (TDi GmbH  TechnoData - Interware)
DRV:64bit: - (auusb) -- C:\Windows\SysNative\drivers\auusb.sys (Auerswald GmbH & Co.KG                         )
DRV:64bit: - (aumpa) -- C:\Windows\SysNative\drivers\aumpa.sys (Auerswald GmbH & Co.KG                         )
DRV:64bit: - (aucapi) -- C:\Windows\SysNative\drivers\aucapi.sys (Auerswald GmbH & Co.KG                         )
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (aksdf) -- C:\Windows\SysNative\drivers\aksdf.sys (Aladdin Knowledge Systems Ltd.)
DRV:64bit: - (azvusb) -- C:\Windows\SysNative\drivers\azvusb.sys (AzureWave Technologies, Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (ZTEusbnet) -- C:\Windows\SysNative\drivers\ZTEusbnet.sys (ZTE Corporation)
DRV:64bit: - (ZTEusbvoice) -- C:\Windows\SysNative\drivers\zteusbvoice.sys (ZTE Incorporated)
DRV:64bit: - (ZTEusbnmea) -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV:64bit: - (ZTEusbser6k) -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV:64bit: - (ZTEusbmdm6k) -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV:64bit: - (massfilter) -- C:\Windows\SysNative\drivers\massfilter.sys (ZTE Incorporated)
DRV:64bit: - (tbhsd) -- C:\Windows\SysNative\drivers\tbhsd.sys (RapidSolution Software AG)
DRV:64bit: - (hardlock) -- C:\Windows\SysNative\drivers\hardlock.sys (Aladdin Knowledge Systems Ltd.)
DRV:64bit: - (akshasp) -- C:\Windows\SysNative\drivers\akshasp.sys (Aladdin Knowledge Systems Ltd.)
DRV:64bit: - (aksusb) -- C:\Windows\SysNative\drivers\aksusb.sys (Aladdin Knowledge Systems Ltd.)
DRV:64bit: - (aksfridge) -- C:\Windows\SysNative\drivers\aksfridge.sys (Aladdin Knowledge Systems Ltd.)
DRV:64bit: - (akshhl) -- C:\Windows\SysNative\drivers\akshhl.sys (Aladdin Knowledge Systems Ltd.)
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider)
DRV - (FsUsbExDisk) -- C:\Windows\SysWOW64\FsUsbExDisk.Sys ()
DRV - (GVTDrv64) -- C:\Windows\GVTDrv64.sys ()
DRV - (etdrv) -- C:\Windows\etdrv.sys (Windows (R) Server 2003 DDK provider)
DRV - (esgiguard) -- C:\Programme\Enigma Software Group\SpyHunter\esgiguard.sys ()
DRV - (ISODrive) -- C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys (EZB Systems, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (usbscan) -- C:\Windows\SysWOW64\drivers\USBSCAN.SYS (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-915812183-1053917599-1125579299-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com
IE - HKU\S-1-5-21-915812183-1053917599-1125579299-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-915812183-1053917599-1125579299-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-915812183-1053917599-1125579299-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-915812183-1053917599-1125579299-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-915812183-1053917599-1125579299-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 43 7F 68 10 E7 B9 CC 01  [binary data]
IE - HKU\S-1-5-21-915812183-1053917599-1125579299-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com
IE - HKU\S-1-5-21-915812183-1053917599-1125579299-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com
IE - HKU\S-1-5-21-915812183-1053917599-1125579299-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-915812183-1053917599-1125579299-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-915812183-1053917599-1125579299-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-915812183-1053917599-1125579299-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-915812183-1053917599-1125579299-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = file://C:/Users/Thomas/AppData/Local/RapidSolution/Videoraptor/WebRip/profile/rrproxy_ie_4db579dc.pac
 
IE - HKU\S-1-5-21-915812183-1053917599-1125579299-1011\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snap.do/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=DE&userid=db187f10-b1b8-4dd0-861f-57909adc44e1&searchtype=ds&q={searchTerms}&installDate=01/05/2013
IE - HKU\S-1-5-21-915812183-1053917599-1125579299-1011\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=DE&userid=db187f10-b1b8-4dd0-861f-57909adc44e1&searchtype=ds&q={searchTerms}&installDate=01/05/2013
IE - HKU\S-1-5-21-915812183-1053917599-1125579299-1011\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snap.do/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=DE&userid=db187f10-b1b8-4dd0-861f-57909adc44e1&searchtype=hp&installDate=01/05/2013
IE - HKU\S-1-5-21-915812183-1053917599-1125579299-1011\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snap.do/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=DE&userid=db187f10-b1b8-4dd0-861f-57909adc44e1&searchtype=ds&q={searchTerms}&installDate=01/05/2013
IE - HKU\S-1-5-21-915812183-1053917599-1125579299-1011\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=DE&userid=db187f10-b1b8-4dd0-861f-57909adc44e1&searchtype=ds&q={searchTerms}&installDate=01/05/2013
IE - HKU\S-1-5-21-915812183-1053917599-1125579299-1011\..\SearchScopes,DefaultScope = 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: translator%40zoli.bod:2.1.0.3
FF - prefs.js..extensions.enabledAddons: %7B23fcfd51-4958-4f00-80a3-ae97e717ed8b%7D:2.1.2.145
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.6.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0a2
FF - prefs.js..extensions.enabledItems: {db187f10-b1b8-4dd0-861f-57909adc44e1}:1.0
FF - prefs.js..extensions.enabledItems: linkuryfirefoxremoteplugin@linkury.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.7
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.2.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.2.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@fluxdvd.com/NPWMDRMWrapper: C:\Program Files (x86)\Videoload Manager\NPWMDRMWrapper.dll ( )
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPMPDRM: C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10174.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Aurora 22.0a2\extensions\\Components: C:\Program Files (x86)\Aurora\components [2013.05.05 20:05:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Aurora 22.0a2\extensions\\Plugins: C:\Program Files (x86)\Aurora\plugins [2013.05.05 20:05:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\tunebite-firefox-surf-and-catch-extension@audials.com: C:\Program Files (x86)\RapidSolution\AudialsOne\Tunebite\plugins\GeckoBased\tunebite-firefox-surf-and-catch-extension@audials.com\ [2011.02.13 20:42:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\videoraptor-firefox-surf-and-catch-extension@audials.com: C:\Program Files (x86)\RapidSolution\AudialsOne\VideoRaptor\plugins\GeckoBased\videoraptor-firefox-surf-and-catch-extension@audials.com\ [2011.02.13 20:44:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.05.09 00:11:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.04.04 23:45:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Aurora 22.0a2\extensions\\Components: C:\Program Files (x86)\Aurora\components [2013.05.05 20:05:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Aurora 22.0a2\extensions\\Plugins: C:\Program Files (x86)\Aurora\plugins [2013.05.05 20:05:57 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.04.04 23:45:17 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2013.05.05 16:51:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\Extensions
[2013.05.06 00:04:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\jewn20nv.default\extensions
[2013.02.24 22:45:50 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\jewn20nv.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.10.13 23:29:07 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\jewn20nv.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2012.10.28 17:46:00 | 000,060,290 | ---- | M] () (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\firefox\profiles\jewn20nv.default\extensions\translator@zoli.bod.xpi
[2013.05.06 00:04:23 | 000,534,214 | ---- | M] () (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\firefox\profiles\jewn20nv.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013.04.20 00:51:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.04.20 00:51:33 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013.04.20 00:51:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\distribution\extensions
[2012.05.09 00:11:11 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2011.12.14 11:45:24 | 000,170,080 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = hxxp://www.google.com/search?q={searchTerms}&ie=utf-8&oe=utf-8&aq=t
CHR - default_search_provider: suggest_url = hxxp://suggestqueries.google.com/complete/search?q={searchTerms}
CHR - homepage: hxxp://feed.snap.do/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=DE&userid=db187f10-b1b8-4dd0-861f-57909adc44e1&searchtype=hp&installDate=01/05/2013
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: PDF-XChange Viewer (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 11\plugins\npPDFXCviewNPPlugin.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Videoraptor_WebRipPlugin Class) - {3C0372C2-04C3-4100-BAB1-1D42C552BC48} - C:\Program Files (x86)\RapidSolution\AudialsOne\VideoRaptor\plugins\IE\VR_WebRipIePlugin.dll (RapidSolution Software)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Tunebite_WebRipPlugin Class) - {AA102584-3B97-47e7-B9BC-75D54C110A7D} - C:\Program Files (x86)\RapidSolution\AudialsOne\Tunebite\plugins\IE\TB_WebRipIePlugin.dll (RapidSolution Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Free Download Manager) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" File not found
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [tvncontrol] C:\Program Files (x86)\TightVNC\tvnserver.exe (GlavSoft LLC.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-915812183-1053917599-1125579299-1000..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKU\S-1-5-21-915812183-1053917599-1125579299-1000..\Run: [AdobeBridge]  File not found
O4 - HKU\S-1-5-21-915812183-1053917599-1125579299-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-915812183-1053917599-1125579299-1000..\Run: [EarthAlerts] C:\Program Files (x86)\Earth Alerts\EarthAlerts.exe File not found
O4 - HKU\S-1-5-21-915812183-1053917599-1125579299-1000..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup File not found
O4 - HKU\S-1-5-21-915812183-1053917599-1125579299-1000..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics)
O4 - HKU\S-1-5-21-915812183-1053917599-1125579299-1000..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKU\S-1-5-21-915812183-1053917599-1125579299-1000..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKU\S-1-5-21-915812183-1053917599-1125579299-1000..\Run: [Personal ID] C:\coolspot AG\Personal ID\pid.exe (coolspot AG, Düsseldorf)
O4 - HKU\S-1-5-21-915812183-1053917599-1125579299-1000..\Run: [RemoTerm.exe] C:\Program Files (x86)\Common Files\PCTV Systems\RemoTerm\RemoTerm.exe (PCTV Systems S.à r.l.)
O4 - HKU\S-1-5-21-915812183-1053917599-1125579299-1011..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-915812183-1053917599-1125579299-1011..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hardcopy.LNK = C:\Program Files (x86)\Hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann)
O4 - Startup: C:\Users\thomas.TT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hardcopy.LNK = C:\Program Files (x86)\Hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O8:64bit: - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8:64bit: - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8:64bit: - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll (National Instruments Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll (National Instruments Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Reg Error: Key error.)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Reg Error: Key error.)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab (DLM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {937FE81C-FECF-4A55-9754-49D6D6550EDC} hxxp://192.168.0.2:8080/cgi-bin/NNVRVMon.cab (NAS NVR(V) Monitor)
O16 - DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 1.7.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 1.7.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.0.43.145 217.0.43.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = tt.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E74A067E-1622-4FBA-8607-2823B98EF3DF}: DhcpNameServer = 217.0.43.145 217.0.43.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F49CFDB7-97CE-4E4F-87C3-798082C48014}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O18:64bit: - Protocol\Handler\fluxhttp - No CLSID value found
O18:64bit: - Protocol\Handler\fluxhttp\0x00000007 - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\fluxhttp {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files (x86)\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax (ACE GmbH)
O18 - Protocol\Handler\fluxhttp\0x00000007 {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files (x86)\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax (ACE GmbH)
O18 - Protocol\Handler\gopher - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013.05.04 02:04:00 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{30d0e25f-fc91-11e0-8c3e-1c6f65431138}\Shell - "" = AutoRun
O33 - MountPoints2\{30d0e25f-fc91-11e0-8c3e-1c6f65431138}\Shell\AutoRun\command - "" = I:\SETUP.EXE
O33 - MountPoints2\{30d0e25f-fc91-11e0-8c3e-1c6f65431138}\Shell\configure\command - "" = I:\SETUP.EXE
O33 - MountPoints2\{30d0e25f-fc91-11e0-8c3e-1c6f65431138}\Shell\install\command - "" = I:\SETUP.EXE
O33 - MountPoints2\{4bd1e240-775c-11e1-a1b6-1c6f65431138}\Shell - "" = AutoRun
O33 - MountPoints2\{4bd1e240-775c-11e1-a1b6-1c6f65431138}\Shell\AutoRun\command - "" = I:\autorun.exe
O33 - MountPoints2\{6332d5fa-dec2-11e0-b407-e4b965e55e7f}\Shell - "" = AutoRun
O33 - MountPoints2\{6332d5fa-dec2-11e0-b407-e4b965e55e7f}\Shell\AutoRun\command - "" = L:\CD_Start.exe
O33 - MountPoints2\{b5316e49-2ce2-11e1-9391-1c6f65431138}\Shell - "" = AutoRun
O33 - MountPoints2\{b5316e49-2ce2-11e1-9391-1c6f65431138}\Shell\AutoRun\command - "" = I:\SETUP.EXE
O33 - MountPoints2\{b5316e49-2ce2-11e1-9391-1c6f65431138}\Shell\configure\command - "" = I:\SETUP.EXE
O33 - MountPoints2\{b5316e49-2ce2-11e1-9391-1c6f65431138}\Shell\install\command - "" = I:\SETUP.EXE
O33 - MountPoints2\{ed7371b8-1171-11e1-8c6d-1c6f65431138}\Shell - "" = AutoRun
O33 - MountPoints2\{ed7371b8-1171-11e1-8c6d-1c6f65431138}\Shell\AutoRun\command - "" = J:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{ed7371dd-1171-11e1-8c6d-1c6f65431138}\Shell - "" = AutoRun
O33 - MountPoints2\{ed7371dd-1171-11e1-8c6d-1c6f65431138}\Shell\AutoRun\command - "" = J:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.05 20:05:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Aurora
[2013.05.05 16:38:09 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\Foxit Software
[2013.05.05 12:34:46 | 000,000,000 | ---D | C] -- C:\ProgramData\StarMoney 9.0
[2013.05.04 22:27:50 | 000,263,584 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.05.04 10:25:17 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.05.04 10:25:17 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.05.04 10:25:17 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.05.04 10:10:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Thomas\Desktop\OTL.exe
[2013.05.04 09:58:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013.05.04 02:03:23 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
[2013.05.04 02:03:22 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2013.05.04 02:03:22 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013.05.04 00:58:14 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\Malwarebytes
[2013.05.04 00:58:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.05.04 00:58:11 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.05.04 00:58:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.05.04 00:58:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.05.04 00:45:34 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.05.04 00:45:27 | 000,000,000 | ---D | C] -- C:\JRT
[2013.05.01 19:20:53 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\MyPhoneExplorer
[2013.05.01 19:20:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer
[2013.05.01 19:20:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyPhoneExplorer
[2013.05.01 02:07:12 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump
[2013.04.30 00:31:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QNAP
[2013.04.30 00:31:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QNAP
[2013.04.20 21:43:51 | 000,233,472 | ---- | C] (Teruten) -- C:\Windows\SysWow64\FsUsbExService.Exe
[2013.04.20 00:51:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.04.10 00:47:49 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.04.10 00:47:49 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.04.10 00:47:48 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.04.10 00:47:48 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.04.10 00:47:48 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.04.10 00:47:48 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.04.10 00:47:48 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.04.10 00:47:48 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.04.10 00:47:48 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.04.10 00:47:48 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.04.10 00:47:47 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.04.10 00:47:47 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.04.10 00:47:46 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.04.10 00:47:46 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.04.10 00:47:46 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.04.09 22:34:42 | 003,717,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013.04.09 22:34:42 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013.04.09 22:34:41 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2013.04.09 22:34:41 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2013.04.09 22:34:41 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2013.04.09 22:34:41 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2013.04.09 22:29:57 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.04.09 22:29:57 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.04.09 22:29:57 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.04.09 22:29:56 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013.04.09 22:29:56 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013.04.09 22:29:56 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013.04.07 19:21:34 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\logiware_gmbh
[2013.04.07 19:21:15 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\logiware gmbh
[2013.04.07 19:21:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\go1984 Desktop Client
[2013.04.07 19:21:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\go1984 Desktop Client
[2013.04.07 19:17:53 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\Silverlight
[2013.04.07 14:59:31 | 000,000,000 | ---D | C] -- C:\Downloads
[2013.04.07 14:59:04 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\Free Download Manager
[2013.04.07 14:58:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Download Manager
[2013.04.07 14:58:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Download Manager
[2013.04.02 00:14:47 | 009,204,256 | ---- | C] (Moonware Studios) -- C:\Users\Thomas\w7inst.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.06 22:48:37 | 000,019,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.06 22:48:37 | 000,019,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.06 22:40:45 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.06 22:40:44 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\dsmonitor.job
[2013.05.06 22:39:55 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\Windows\gdrv.sys
[2013.05.06 22:39:45 | 004,986,992 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.06 22:39:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.06 22:39:22 | 916,054,014 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.06 02:27:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.06 02:10:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.05 19:43:26 | 000,017,630 | ---- | M] () -- C:\Users\Thomas\Desktop\Telefonliste Mannschaft.pdf
[2013.05.05 16:54:48 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2013.05.05 12:43:17 | 002,665,106 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.05 12:43:17 | 001,287,602 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.05 12:43:17 | 000,766,990 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.05 12:43:17 | 000,678,104 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.05 12:43:17 | 000,007,036 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.05 00:12:21 | 000,030,724 | ---- | M] () -- C:\Users\Thomas\Desktop\bild.jpg
[2013.05.04 23:05:39 | 000,000,396 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013.05.04 22:34:58 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.05.04 10:10:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Thomas\Desktop\OTL.exe
[2013.05.04 10:04:34 | 000,890,815 | ---- | M] () -- C:\Users\Thomas\Desktop\SecurityCheck.exe
[2013.05.04 02:04:00 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2013.05.04 02:03:23 | 000,002,256 | ---- | M] () -- C:\Users\Thomas\Desktop\SpyHunter.lnk
[2013.05.04 01:43:41 | 000,628,743 | ---- | M] () -- C:\Users\Thomas\Desktop\adwcleaner.exe
[2013.05.04 00:58:12 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.05.02 19:46:55 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\BosMon.lnk
[2013.05.01 23:30:08 | 000,040,735 | ---- | M] () -- C:\Users\Public\Documents\calender.xml
[2013.05.01 19:20:50 | 000,002,057 | ---- | M] () -- C:\Users\Public\Desktop\MyPhoneExplorer.lnk
[2013.05.01 01:47:25 | 000,002,002 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
[2013.04.25 22:27:49 | 000,073,885 | ---- | M] () -- C:\Users\Thomas\Desktop\Antari Z-3000 MK II, Neue Version, DMX on Board.pdf
[2013.04.25 22:26:02 | 000,095,784 | ---- | M] () -- C:\Users\Thomas\Desktop\ANTARI M-10 Stage Fogger mit Controller.pdf
[2013.04.25 22:23:46 | 000,086,200 | ---- | M] () -- C:\Users\Thomas\Desktop\Look Viper 2.6 2,6 kW Nebelmaschine, inkl. 5l Regular-Fog.pdf
[2013.04.25 22:23:37 | 000,081,972 | ---- | M] () -- C:\Users\Thomas\Desktop\Look Viper 2.6 2,6 kW Nebelmaschine, inkl. 5l Regular-Fog (1).pdf
[2013.04.25 22:01:29 | 001,356,804 | ---- | M] () -- C:\Users\Thomas\Desktop\Printing Scan.pdf
[2013.04.25 21:48:19 | 000,443,262 | ---- | M] () -- C:\Users\Thomas\Desktop\Hardcopy.pdf
[2013.04.25 21:46:16 | 000,130,504 | ---- | M] () -- C:\Users\Thomas\Desktop\Google Maps.pdf
[2013.04.23 22:51:25 | 001,208,954 | ---- | M] () -- C:\Users\Thomas\Desktop\besichtigungsprotokoll_inspektion_2013-1.pdf
[2013.04.20 22:45:31 | 000,048,531 | ---- | M] () -- C:\Users\Thomas\.TransferManager.db
[2013.04.20 22:30:19 | 000,002,005 | ---- | M] () -- C:\Users\Thomas\Desktop\Kies Air Discovery Service.lnk
[2013.04.16 21:37:28 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.04.16 21:37:28 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.04.14 15:03:04 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.04.07 14:58:56 | 000,001,067 | ---- | M] () -- C:\Users\Thomas\Desktop\Free Download Manager.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.05.05 19:43:26 | 000,017,630 | ---- | C] () -- C:\Users\Thomas\Desktop\Telefonliste Mannschaft.pdf
[2013.05.05 00:12:21 | 000,030,724 | ---- | C] () -- C:\Users\Thomas\Desktop\bild.jpg
[2013.05.04 22:34:58 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013.05.04 22:34:58 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.05.04 10:04:33 | 000,890,815 | ---- | C] () -- C:\Users\Thomas\Desktop\SecurityCheck.exe
[2013.05.04 03:08:59 | 000,000,396 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013.05.04 02:04:00 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2013.05.04 02:03:31 | 000,022,704 | ---- | C] () -- C:\Windows\SysNative\drivers\EsgScanner.sys
[2013.05.04 02:03:23 | 000,002,256 | ---- | C] () -- C:\Users\Thomas\Desktop\SpyHunter.lnk
[2013.05.04 01:43:39 | 000,628,743 | ---- | C] () -- C:\Users\Thomas\Desktop\adwcleaner.exe
[2013.05.04 00:58:12 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.05.01 23:30:08 | 000,040,735 | ---- | C] () -- C:\Users\Public\Documents\calender.xml
[2013.05.01 19:21:39 | 000,002,398 | ---- | C] () -- C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
[2013.05.01 19:20:50 | 000,002,057 | ---- | C] () -- C:\Users\Public\Desktop\MyPhoneExplorer.lnk
[2013.05.01 01:47:25 | 000,002,002 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
[2013.04.25 22:27:49 | 000,073,885 | ---- | C] () -- C:\Users\Thomas\Desktop\Antari Z-3000 MK II, Neue Version, DMX on Board.pdf
[2013.04.25 22:26:02 | 000,095,784 | ---- | C] () -- C:\Users\Thomas\Desktop\ANTARI M-10 Stage Fogger mit Controller.pdf
[2013.04.25 22:23:37 | 000,081,972 | ---- | C] () -- C:\Users\Thomas\Desktop\Look Viper 2.6 2,6 kW Nebelmaschine, inkl. 5l Regular-Fog (1).pdf
[2013.04.25 22:22:12 | 000,086,200 | ---- | C] () -- C:\Users\Thomas\Desktop\Look Viper 2.6 2,6 kW Nebelmaschine, inkl. 5l Regular-Fog.pdf
[2013.04.25 22:01:27 | 001,356,804 | ---- | C] () -- C:\Users\Thomas\Desktop\Printing Scan.pdf
[2013.04.25 21:48:16 | 000,443,262 | ---- | C] () -- C:\Users\Thomas\Desktop\Hardcopy.pdf
[2013.04.25 21:46:16 | 000,130,504 | ---- | C] () -- C:\Users\Thomas\Desktop\Google Maps.pdf
[2013.04.21 02:44:17 | 001,208,954 | ---- | C] () -- C:\Users\Thomas\Desktop\besichtigungsprotokoll_inspektion_2013-1.pdf
[2013.04.20 22:30:19 | 000,002,005 | ---- | C] () -- C:\Users\Thomas\Desktop\Kies Air Discovery Service.lnk
[2013.04.20 21:43:51 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\FsUsbExDevice.Dll
[2013.04.20 21:43:51 | 000,037,344 | ---- | C] () -- C:\Windows\SysWow64\FsUsbExDisk.Sys
[2013.04.07 19:16:55 | 000,002,333 | ---- | C] () -- C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\go1984 Silverlight Client.lnk
[2013.04.07 14:58:56 | 000,001,067 | ---- | C] () -- C:\Users\Thomas\Desktop\Free Download Manager.lnk
[2013.01.01 18:22:33 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumdfb9.dll
[2013.01.01 18:22:33 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumdfb11.dll
[2013.01.01 18:22:33 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumdfb10.dll
[2013.01.01 18:22:33 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumd9.dll
[2013.01.01 18:22:33 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumd11.dll
[2013.01.01 18:22:33 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumd10.dll
[2012.09.23 00:26:27 | 000,087,219 | ---- | C] () -- C:\Users\Thomas\IMG_2341.jpg
[2012.08.04 12:42:01 | 000,064,640 | ---- | C] () -- C:\Users\Thomas\IMG_0863.jpg
[2012.07.29 12:36:30 | 000,000,021 | ---- | C] () -- C:\Users\Thomas\AppData\Roaming\ISOWorkshop.ini
[2012.06.25 13:22:38 | 000,921,600 | ---- | C] () -- C:\Windows\SysWow64\ZZMP4.X86.DLL
[2012.06.25 13:22:38 | 000,897,536 | ---- | C] () -- C:\Windows\SysWow64\ZZMP4.X64.DLL
[2012.06.01 21:40:38 | 002,019,309 | ---- | C] () -- C:\Users\Thomas\20120530_174119.jpg
[2012.05.28 20:37:56 | 005,070,763 | ---- | C] () -- C:\Windows\SysWow64\AVCODEC-52.DLL
[2012.05.28 20:37:56 | 000,925,696 | ---- | C] () -- C:\Windows\SysWow64\LIBX264.DLL
[2012.05.28 20:37:56 | 000,494,592 | ---- | C] () -- C:\Windows\SysWow64\ZZRTSP.DLL
[2012.05.28 20:37:56 | 000,245,760 | ---- | C] () -- C:\Windows\SysWow64\ZZLABCOM.DLL
[2012.05.28 20:37:56 | 000,192,144 | ---- | C] () -- C:\Windows\SysWow64\AVUTIL-50.DLL
[2012.05.28 20:37:56 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\ZZAVI2.DLL
[2012.05.28 20:37:56 | 000,158,720 | ---- | C] () -- C:\Windows\SysWow64\EYCOPP.DLL
[2012.04.26 23:34:03 | 000,048,531 | ---- | C] () -- C:\Users\Thomas\.TransferManager.db
[2012.04.02 00:31:24 | 036,307,241 | ---- | C] () -- C:\Users\Thomas\CFV_03_2012.pdf
[2012.04.02 00:31:22 | 038,965,977 | ---- | C] () -- C:\Users\Thomas\Chip_03_2012.pdf
[2011.12.25 14:54:48 | 000,155,648 | ---- | C] () -- C:\Windows\SysWow64\daspi32u.dll
[2011.12.25 14:54:48 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\PF1800LC.Dll
[2011.12.25 14:54:48 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\IO_PORT.DLL
[2011.12.25 14:54:48 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\FVC.DLL
[2011.12.25 14:54:48 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\PWiaExt.dll
[2011.12.25 14:54:48 | 000,032,768 | ---- | C] () -- C:\Windows\SysWow64\SQ1394.DLL
[2011.12.25 14:54:48 | 000,010,624 | ---- | C] () -- C:\Windows\SysWow64\GENEUSB.SYS
[2011.12.25 14:54:48 | 000,010,624 | ---- | C] () -- C:\Windows\SysWow64\drivers\GENEUSB.SYS
[2011.12.25 14:54:48 | 000,000,234 | ---- | C] () -- C:\Windows\Scanner.ini
[2011.11.06 20:19:24 | 000,000,197 | ---- | C] () -- C:\Users\Thomas\addressbook.csv
[2011.10.05 20:22:30 | 000,054,576 | ---- | C] () -- C:\Windows\SysWow64\aucapjni.dll
[2011.09.28 18:04:51 | 000,003,076 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.09.28 13:14:25 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\moyocore.dll
[2011.09.28 13:14:00 | 000,315,444 | ---- | C] () -- C:\Windows\SysWow64\isdnapi32.dll
[2011.09.28 13:14:00 | 000,054,576 | ---- | C] () -- C:\Windows\SysWow64\AuerCapiJNINative.dll
[2011.09.03 14:04:01 | 000,000,600 | ---- | C] () -- C:\Users\Thomas\AppData\Local\PUTTY.RND
[2011.07.17 01:15:35 | 000,000,418 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011.07.17 01:15:35 | 000,000,255 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.07.17 00:53:22 | 000,000,017 | -H-- | C] () -- C:\Users\Thomas\AppData\Local\19720201.dat
[2011.07.17 00:52:41 | 000,000,037 | ---- | C] () -- C:\Windows\iltwain.ini
[2011.07.17 00:52:13 | 000,000,000 | ---- | C] () -- C:\Windows\Lmvk32.INI
[2011.06.19 17:24:54 | 000,003,488 | ---- | C] () -- C:\Windows\concdraw.ini
[2011.05.27 15:20:55 | 000,011,235 | ---- | C] () -- C:\Users\Thomas\gsview32.ini
[2011.05.06 00:36:04 | 000,007,623 | ---- | C] () -- C:\Users\Thomas\AppData\Local\Resmon.ResmonCfg
[2011.03.04 00:41:40 | 000,001,456 | ---- | C] () -- C:\Users\Thomas\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2009.04.07 17:55:36 | 000,000,022 | ---- | C] () -- C:\ProgramData\8f01a90e-7eb3-48d3-93b1-50d88fd146fb
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

tom_123 · 06.05.2013, 22:36

und hier die zweite Datei

OTL EXTRAS Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 06.05.2013 22:46:39 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Thomas\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
11,80 Gb Total Physical Memory | 8,78 Gb Available Physical Memory | 74,37% Memory free
23,61 Gb Paging File | 20,27 Gb Available in Paging File | 85,88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 248,46 Gb Free Space | 53,36% Space Free | Partition Type: NTFS
 
Computer Name: PC | User Name: Thomas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_USERS\S-1-5-21-915812183-1053917599-1125579299-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00C88F42-5D4C-4AEB-A3AA-2E6744FFEC43}" = lport=3390 | protocol=6 | dir=in | app=system | 
"{010E0213-E683-43F3-B8F8-B7AB732FA96C}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{08BF288F-85A7-4B91-BB63-F272C7AE423E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{08F359E9-1C34-45A9-BBA4-0EEC4248092B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{0A2FA836-C6A2-48E2-A8C3-A935F7BE2A02}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{0ABA77B6-B2D2-4591-B85C-82843991692B}" = lport=1723 | protocol=6 | dir=in | app=system | 
"{0C20D5E6-77D7-4B82-83F0-CAA763120BC5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{11A25AD8-DCDB-47DE-AC81-F06A8A8BBCF6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=%systemroot%\system32\svchost.exe | 
"{12A54CD1-5A79-4613-86B1-5B5B83F01DEE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{143411C5-9918-43AB-B5FA-5950833A8379}" = lport=rpc | protocol=6 | dir=in | app=%systemroot%\system32\vdsldr.exe | 
"{1AA732CD-9349-4E6A-9CE2-75DFA8CA7C2A}" = lport=10244 | protocol=6 | dir=in | app=system | 
"{1C331E1A-0A15-4876-B8E8-BC9D0AA153F0}" = rport=1701 | protocol=17 | dir=out | app=system | 
"{1DE3EEC0-E188-4498-B27C-C8E92CE62F5F}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe | 
"{29DB82AC-EB5D-43AC-BC67-7333885DBA06}" = rport=139 | protocol=6 | dir=out | app=system | 
"{318213AF-5126-4DE9-8D08-F69258DF3770}" = lport=443 | protocol=6 | dir=in | app=system | 
"{32AFFECD-1944-4B13-AB7E-7B82B6A89D55}" = lport=445 | protocol=6 | dir=in | app=system | 
"{3582C2BB-F840-4C2C-B3E0-6C6C4427B427}" = lport=137 | protocol=17 | dir=in | app=system | 
"{36F9B7DF-A054-4DC1-BE27-481BF3A96CF6}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3C06BCA9-4523-4C25-B890-1A308A6674F8}" = lport=5900 | protocol=6 | dir=in | name=vnc5900 | 
"{3C33D8CF-F364-4E4E-A2AA-E54391EAC4D3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3ED7217C-D1CD-4828-8DDF-409B466E0E54}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3EE1BE78-36BB-4F51-8C78-45089EA9869D}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{42DD8BBD-E196-488D-99B6-F78705ED0364}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{50D0ADBF-E347-4341-BC54-A1E177E9D46E}" = lport=5800 | protocol=6 | dir=in | name=vnc5800 | 
"{5A539EEC-65D1-43A5-A256-B7C3DD92C3F3}" = lport=445 | protocol=6 | dir=in | app=system | 
"{5ACC7B7E-EC36-4AC1-AFC9-13ABAE85C701}" = lport=1900 | protocol=17 | dir=in | name=upnp device discovery (udp 1900) | 
"{5D011814-905F-4308-BA23-B7C8CBBC128A}" = rport=1723 | protocol=6 | dir=out | app=system | 
"{5DF38CD7-EEB4-42F1-9E27-31CADE3A92A9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{63B5EE5F-36F5-43CA-B0DE-EA4A86F411AC}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{63CC83AB-8776-4C67-8DD2-E0B740E5DF27}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=%systemroot%\system32\svchost.exe | 
"{6AA50FE1-74D4-461E-8212-2BDC727A8E26}" = lport=5800 | protocol=6 | dir=in | name=vnc5800 | 
"{70928FAB-66F9-41CE-8BEE-BC3CCFF333AA}" = lport=80 | protocol=6 | dir=in | app=system | 
"{723EEC06-56C7-4E21-AE43-378AD0997E14}" = lport=5900 | protocol=6 | dir=in | name=vnc5900 | 
"{72C85044-A0E4-48C9-A46E-2687A71CE463}" = lport=rpc | protocol=6 | dir=in | svc=schedule | app=%systemroot%\system32\svchost.exe | 
"{73D8913E-3877-48F5-BFFD-53CD8EAFCB83}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{74F72BCF-1EFD-4A9A-9798-2B526BC8704E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{7A1BBF05-BF63-4BA1-BE91-31336629458D}" = lport=139 | protocol=6 | dir=in | app=system | 
"{7A276B3B-6A61-4754-B767-1A390E3321C1}" = rport=138 | protocol=17 | dir=out | app=system | 
"{7AB47596-8A06-443A-A65B-01C454A01A97}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7D273CD7-A72F-41D0-A635-72F1C3791D1B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=%systemroot%\system32\svchost.exe | 
"{7DCC925C-9796-408B-B407-365E034C4C91}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{84DCDCF3-1191-463E-A865-388A0263BB12}" = lport=5800 | protocol=6 | dir=in | name=vnc5800 | 
"{8BBDA0B6-B18B-42E8-9AD5-E13573B2BF06}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{8C41009F-1DA8-4526-B5CE-51E9E1D4563A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{916A632F-F30E-4476-9D46-23E399F14DE4}" = lport=5985 | protocol=6 | dir=in | app=system | 
"{923A57B5-3A46-4CA8-BB53-E80F90198DB9}" = lport=rpc | protocol=6 | dir=in | svc=vds | app=%systemroot%\system32\vds.exe | 
"{9945B7FE-EC2A-4548-AA12-F20F95857059}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=%systemroot%\system32\svchost.exe | 
"{A29FE87C-1D1F-4F53-891F-2207C83763EE}" = lport=5900 | protocol=6 | dir=in | name=vnc5900 | 
"{A898E030-B7C4-401B-BAAB-5E6CA0AD8515}" = lport=rpc | protocol=6 | dir=in | app=%systemroot%\system32\services.exe | 
"{A8F53585-27E6-41C1-A2D6-182886AA4E56}" = lport=2869 | protocol=6 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{ABA4C479-7634-435B-9746-8F210EDA9C7F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{ACD073A4-90DF-4370-900B-DDFE433E9C7C}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe | 
"{AE4AB01F-AF93-4448-A0F8-C079CC8DBA6E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AE8B39E4-1727-47F9-8D62-A67AFD0C9649}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B42BFF3F-9656-4679-99B2-F42BF003538E}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{C6516150-61E9-4B35-8D88-368803943ACB}" = rport=445 | protocol=6 | dir=out | app=system | 
"{C764AB50-454B-4296-8907-A150239779F3}" = rport=137 | protocol=17 | dir=out | app=system | 
"{CC4F9A49-8DF7-417D-91D1-9B380D88A039}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{CD4A55A3-AC69-4910-B11D-11764353D2A1}" = lport=3580-3581 | protocol=17 | dir=in | app=c:\program files (x86)\national instruments\shared\ni webserver\systemwebserver.exe | 
"{D02813AC-1141-478F-92BA-1FCBE255A718}" = lport=445 | protocol=6 | dir=in | app=system | 
"{D28183AC-1F20-468A-BD8E-89C719A546D6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D4826F70-E053-466C-9EEF-C5F3A72888FA}" = lport=rpc | protocol=6 | dir=in | svc=eventlog | app=%systemroot%\system32\svchost.exe | 
"{D4C51903-D557-4F41-BE87-7554BAD91F58}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{D85585E6-A0DC-448F-98B3-CEBA837E39FB}" = lport=2869 | protocol=6 | dir=in | name=upnp device discovery (tcp 2869) | 
"{D8A0971A-1AC2-4441-96B7-7F88995C093B}" = lport=1701 | protocol=17 | dir=in | app=system | 
"{D98EA584-0096-4666-9C7D-8994CD97A0DB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E1AA504D-8A2A-40BE-8FCC-4B91130A85CD}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{E40F5D34-FACB-4BB5-9D24-66F088760A67}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E6426BDD-221D-436E-9C18-92AA7A9937AE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E7528604-E499-4362-977C-B12625E4B845}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{E909E245-D486-4905-B69F-76F10B838ACA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E9A1E3F0-9D3C-4D6D-8A3C-9BB156433880}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{E9F3CA92-CAD3-46F6-BDA4-C9D733553497}" = lport=3580-3581 | protocol=6 | dir=in | app=c:\program files (x86)\national instruments\shared\ni webserver\systemwebserver.exe | 
"{EC48C782-D86D-4327-9328-9160DB88E007}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{EFB4F464-FFE4-473E-8DBF-9B52DBA98602}" = lport=445 | protocol=6 | dir=in | app=system | 
"{EFDCA747-2D86-475E-B316-5F01EE8A33C6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F2F144D0-9FCB-4344-BACA-DC7574BA38B1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{FF6B8D63-BF31-4F27-8449-0EDCBC7D65F8}" = lport=138 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{076BE79E-E851-4AAE-A28E-2FB040B850AB}" = protocol=6 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{0853C59D-AFFF-456B-BFE9-7C598970E0D6}" = protocol=17 | dir=in | app=c:\program files (x86)\eib-programme\power-tool\toolbapp.exe | 
"{0CAF36F0-B64B-448B-93FD-090320077BA5}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{0E608CB1-9A62-4C6E-8C8C-ACFA9DC5D349}" = dir=in | app=c:\program files (x86)\axxonsoft\axxonsmart\bin\apphost.exe | 
"{0F849A0A-6B15-4DBB-88D4-6498A263A218}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{17C55C8C-A8BD-4AAC-AB2A-E014CDB06F41}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{17FCE8EF-6BE1-4626-8CE7-7B5A6CD51E53}" = dir=in | app=c:\program files (x86)\axxonsoft\axxonsmart\bin\tao_nt_service.exe | 
"{1967E5A6-E0F3-40D1-BF0C-D48BD18EC1EE}" = dir=in | app=c:\program files (x86)\pctv systems\tvcenter\tvcenter.exe | 
"{1D17C6CA-6969-49FD-A458-C699896C4722}" = protocol=17 | dir=in | app=c:\windows\system32\hasplms.exe | 
"{1D4CCA4E-3858-413A-BB27-91FBC2FBDB79}" = protocol=6 | dir=in | app=c:\program files (x86)\bosmon\bosmon.exe | 
"{1FB283BD-40DF-41A8-8B46-0995E0B12108}" = protocol=17 | dir=in | app=c:\program files (x86)\wertpapieranalyse 2011\wm60.exe | 
"{2169FF6F-79E3-4A26-BE0A-08254F3B7819}" = protocol=6 | dir=in | app=%systemroot%\system32\msra.exe | 
"{218ECBAA-A8A2-4367-9B43-3BB8ECEF42F8}" = protocol=6 | dir=in | app=c:\program files (x86)\ultravnc\vncviewer.exe | 
"{22EC3136-CADE-4416-9D77-F40268D55AD2}" = protocol=6 | dir=in | app=c:\program files (x86)\national instruments\shared\ni webserver\applicationwebserver.exe | 
"{2364C8DC-0858-4D16-8402-2B860AED3604}" = protocol=6 | dir=in | app=c:\program files\ultravnc\winvnc.exe | 
"{241FB197-7455-4B62-B587-73C853AE2412}" = dir=in | app=c:\program files (x86)\common files\pctv systems\pvr\videocontrol.exe | 
"{244B625D-B9A3-467F-84E9-09F51EB0993F}" = dir=in | app=c:\program files (x86)\axxonsoft\axxonsmart\bin\ls_tool.exe | 
"{2D10378B-8BA6-409F-B0F8-07E4D893A192}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2E90A75B-4BEE-4905-AD03-4310937A181B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{2EE0D6CE-AE59-4AD3-8FC7-ED99DD807459}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe | 
"{2F95949D-F3B2-4418-8924-41F0E48478BF}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{31FA52C9-1FCE-4A6F-92FB-01F59940667D}" = protocol=17 | dir=in | app=c:\program files (x86)\tightvnc\vncviewer.exe | 
"{31FA7824-B7E2-4AE8-A0D0-85CA98BD12BB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{3AC75BE0-52C8-46D9-9BE6-36E14BF3F709}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe | 
"{3B26A12B-C4BE-4D3F-A5CA-6B4C2A4D96AE}" = protocol=6 | dir=in | app=c:\windows\system32\hasplms.exe | 
"{3B848BF1-A2CB-49D8-BEDD-6E15C4BDB929}" = protocol=17 | dir=in | app=c:\program files (x86)\national instruments\shared\ni webserver\applicationwebserver.exe | 
"{3C03FF0C-B6AB-4999-8D9F-4706C38EF138}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe | 
"{3CA56BAB-7074-4455-A4C3-501059336FD9}" = protocol=47 | dir=in | app=system | 
"{3D1A89C8-C0FE-44F7-97D1-7DBBFD90DF87}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{3E8EB5B1-DE64-49B7-96B7-BC717C307899}" = protocol=6 | dir=in | app=c:\program files (x86)\ets4\ets4.exe | 
"{3EE18CCD-5FA5-4CE0-A883-2E850242F499}" = protocol=6 | dir=in | app=c:\program files (x86)\ultravnc\winvnc.exe | 
"{3F0544EA-1C1D-492B-8D8C-323DE996ED39}" = protocol=6 | dir=in | app=c:\program files (x86)\setup wizard\setup wizard.exe | 
"{48701DC6-D7A6-46BF-9D76-ABFAEC096ADE}" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"{4E13D12F-560D-4CF8-A129-56E016EAEEA9}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe | 
"{4F08CF52-B016-4A68-944C-1304C9C0BE35}" = protocol=6 | dir=in | app=c:\program files\national instruments\shared\ni webserver\applicationwebserver.exe | 
"{4F6A774B-C0A8-45BC-B8DF-19E63DD526FD}" = protocol=6 | dir=in | app=c:\program files (x86)\webcam 7\wservice.exe | 
"{569D4F3C-601E-4421-AF97-AF0D8A20EFF8}" = protocol=6 | dir=in | app=c:\program files (x86)\tightvnc\vncviewer.exe | 
"{5757641D-B37E-46EB-A460-1F808DA83304}" = dir=in | app=c:\program files (x86)\axxonsoft\axxonsmart\bin\axxonnext.exe | 
"{5CB21806-2DCE-4CBC-B775-852648BAC8EB}" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"{5FD7EB9A-C900-448D-8859-3FC3A809AECE}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{6047A67B-8FC9-4DF3-BAB8-FCD701D88FD6}" = protocol=17 | dir=in | app=c:\program files (x86)\numark cue\cue.exe | 
"{659E0397-51A6-4CE3-9EA4-36B58E57CDCB}" = protocol=6 | dir=in | app=c:\windows\system32\hasplms.exe | 
"{6BF6B441-EC23-4844-833B-12A1D7BAAE56}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"{6DFC8BCE-888C-4979-BF5D-50543A99D0B9}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{6F22FB01-F745-44DB-95A7-E6FA7CECA923}" = protocol=6 | dir=in | app=c:\program files (x86)\wertpapieranalyse 2011\wm60.exe | 
"{6F3AA1E5-0E7B-4288-AB2D-173E955623CC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7086CE10-3CC3-4CDF-A342-E11DD44C998B}" = protocol=6 | dir=in | app=c:\program files\ultravnc\vncviewer.exe | 
"{71DE2365-98D7-4264-BA46-14D3569B0CC5}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"{74806FC4-E11F-41AB-8DFB-651FFDF92543}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe | 
"{74C8DD05-7DD0-41AB-93F4-1A54F7050B2A}" = protocol=6 | dir=in | app=c:\program files (x86)\tightvnc\tvnserver.exe | 
"{76F31BB0-79F3-4CF3-A58A-A9AE52FF7020}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{7B60FEC6-C209-4E2B-9997-3A584B36454D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7D353EAF-E30C-48E0-BA3B-51219B8E0A8E}" = protocol=6 | dir=out | app=%systemroot%\system32\msra.exe | 
"{7DB38E55-1F12-4841-AC47-5658313889D8}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{853048A7-AF27-4731-B154-8E8D2DAC7B2B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{883CCF79-CA04-4B36-96A0-FB732D6FDFF8}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{8919B711-7D8A-4934-8E99-AB874104F175}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8A7C428E-D6E8-402F-90DB-13D4A36328FD}" = protocol=6 | dir=in | app=c:\program files (x86)\myphoneexplorer\myphoneexplorer.exe | 
"{8C6592E8-68B2-427E-8B75-04E5611401BE}" = protocol=6 | dir=in | app=c:\program files (x86)\webcam 7\wlite.exe | 
"{8DB65059-3A4C-4110-BEC9-26E574EB4CBC}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{90D64B3A-1EA9-4E6B-8085-F1BA4A0D63F0}" = protocol=17 | dir=in | app=c:\program files (x86)\setup wizard\setup wizard.exe | 
"{91D0B819-8168-4C18-B55D-125FDACBD536}" = protocol=17 | dir=in | app=c:\program files\ultravnc\winvnc.exe | 
"{928C1866-AFA8-48A8-A4C6-A69A296AA65B}" = protocol=6 | dir=in | app=c:\program files (x86)\ultravnc\winvnc.exe | 
"{95E24E38-82D4-4D39-A9DD-F0F8041124E2}" = protocol=17 | dir=in | app=c:\program files\ultravnc\vncviewer.exe | 
"{963405EC-489B-4E85-A7EF-E2663654C5DC}" = protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{97A7D373-99B4-41F0-A7B5-59531A0A19BE}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{983791E0-82FA-44A5-A171-D289E938D319}" = protocol=6 | dir=out | app=system | 
"{9C28B85D-5653-4405-8DDE-0E993CCD8AC4}" = dir=in | app=c:\program files (x86)\axxonsoft\axxonsmart\bin\licensetool.exe | 
"{9D29999C-CB9B-4A95-BE8E-D4564AD6CEC7}" = dir=in | app=c:\program files (x86)\axxonsoft\axxonsmart\bin\nethost.exe | 
"{9E204FFF-9476-46C2-AFC7-BD81B5013051}" = protocol=17 | dir=in | app=c:\program files (x86)\webcam 7\wservice.exe | 
"{A497008F-24C8-4D7D-85E3-9C9F8ECEECC7}" = protocol=17 | dir=in | app=c:\program files (x86)\dmxcontrol3.0\gui\lumosgui.exe | 
"{A5CE0532-8181-4A42-BDA6-A15E4A59D8F4}" = dir=in | app=c:\program files (x86)\axxonsoft\axxonsmart\bin\ngpsh.exe | 
"{A8C1CC1A-A2AD-4DBF-A883-02F20BE72703}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{AC1352EC-921A-4B8E-8A7B-6AD036DA539B}" = protocol=17 | dir=in | app=c:\program files (x86)\ets4\ets4.exe | 
"{ACFAE25C-0C61-465D-84FA-00EF3B87C822}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{B1D1266D-5319-4230-92F1-550173D3DDC0}" = protocol=6 | dir=in | app=c:\program files\ultravnc\vncviewer.exe | 
"{B1DDEA36-4A85-4C16-9F45-C466A7AA6A13}" = dir=in | app=c:\windows\ehome\ehrecvr.exe | 
"{B340960C-C48E-4D77-B940-D26D9CDD9CA9}" = protocol=17 | dir=in | app=c:\program files (x86)\dmxcontrol3.0\kernel\lumos.exe | 
"{B78B5A54-ED78-4C1D-B5B7-5E32B6D28C6A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B7BA2B06-C855-482D-AFC6-DB10ACC40134}" = protocol=17 | dir=in | app=c:\program files\ultravnc\vncviewer.exe | 
"{BB883679-A740-4C02-8E9A-211124998804}" = protocol=17 | dir=in | app=c:\program files (x86)\cs odessa\conceptdraw\concdraw.exe | 
"{BD52E35A-9A3A-4547-BA78-2E995A3DD0E2}" = protocol=17 | dir=in | app=c:\program files (x86)\myphoneexplorer\myphoneexplorer.exe | 
"{C0EB0B4A-4708-4F26-BBA0-DE12E4BD0B2F}" = protocol=47 | dir=out | app=system | 
"{C1958D43-7711-4BA9-8F98-C20A2CA69CB1}" = protocol=17 | dir=in | app=c:\program files (x86)\ultravnc\winvnc.exe | 
"{C229CA86-D1D2-4089-A45B-2E31E803BAF1}" = protocol=17 | dir=in | app=c:\program files\national instruments\shared\ni webserver\applicationwebserver.exe | 
"{C692E6E4-0EE4-4D30-A3B1-360EC62EEEBD}" = protocol=6 | dir=in | app=c:\program files (x86)\ultravnc\winvnc.exe | 
"{C7F05D45-2222-4B21-8AB1-97F4BC1BDB64}" = protocol=6 | dir=in | app=c:\program files (x86)\cs odessa\conceptdraw\concdraw.exe | 
"{C86315F9-13C9-4AD8-8186-ECA096569CF0}" = protocol=17 | dir=in | app=c:\program files (x86)\tightvnc\tvnserver.exe | 
"{CA4C041A-1AFB-4E07-9740-A910B747BBBC}" = dir=in | app=%programfiles%\ultravnc\vncviewer.exe | 
"{D16EB1BB-06C3-425A-B615-ACEF903E60CC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{D20B6583-956D-446A-A046-7ABE6D5B7A16}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D3409CD0-4D3C-4ACE-BAA3-7079B8F6BA64}" = protocol=17 | dir=in | app=c:\windows\system32\hasplms.exe | 
"{D4B359D0-3E94-403A-9CB7-024C805BA598}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{D733D4B4-8D5A-4E9B-BDBC-820A5064DF18}" = protocol=17 | dir=in | app=c:\program files (x86)\ultravnc\vncviewer.exe | 
"{DE0E3E23-BE62-4C20-920A-685018D7220F}" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"{E048C5BF-99B9-4E3E-BEB2-8021F887E618}" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"{E082AC24-9641-45CA-B500-47C373BFF02F}" = protocol=17 | dir=in | app=c:\program files (x86)\webcam 7\wlite.exe | 
"{E1D88512-214D-4D3E-859F-CCF313F73D61}" = dir=in | app=c:\program files (x86)\common files\pctv systems\streamingserver\strmserver.exe | 
"{E4698339-BF20-4D51-B479-403E71C10CB2}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{E5B96BAC-E32D-49EF-9A48-8757E17F9320}" = protocol=6 | dir=in | app=c:\program files (x86)\numark cue\cue.exe | 
"{EDC4F8DE-5667-4874-900A-918727FAEED4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{F0156EAA-6B10-4D82-8065-48FC906E8D4D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F2DF6622-BF06-416D-A980-29187BA27C0C}" = protocol=6 | dir=in | app=c:\program files (x86)\dmxcontrol3.0\kernel\lumos.exe | 
"{F3D26A93-0BBD-44E0-806D-B2E7EE12AA9B}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{F3DBC6DA-9FE4-4939-94C0-C00F255351E1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F43346C0-3568-4356-8A10-BD7AF19123FA}" = protocol=6 | dir=in | app=c:\program files (x86)\eib-programme\power-tool\toolbapp.exe | 
"{F4AC71AF-ACAF-42AD-9C98-F606B222C405}" = protocol=17 | dir=in | app=c:\program files (x86)\bosmon\bosmon.exe | 
"{F92E43D2-3E7E-428B-A495-95CF48D84207}" = protocol=6 | dir=in | app=c:\program files (x86)\dmxcontrol3.0\gui\lumosgui.exe | 
"{FC2397D0-ECC8-4B4C-9823-7DCDD77C69F5}" = protocol=17 | dir=in | app=c:\program files (x86)\ultravnc\winvnc.exe | 
"{FE7D5593-C354-4B93-869E-E04E13C36D2D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{FEBFF7AD-7F07-41B9-AD74-93BF6311B0F4}" = protocol=17 | dir=in | app=c:\program files (x86)\ultravnc\winvnc.exe | 
"TCP Query User{03F7B104-4B77-4B38-BA06-38561EB65BC9}C:\program files (x86)\dmxcontrol3.0\gui\lumosgui.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dmxcontrol3.0\gui\lumosgui.exe | 
"TCP Query User{0CC96739-2403-42ED-B244-D5757FF25E30}C:\program files (x86)\setup wizard\setup wizard.exe" = protocol=6 | dir=in | app=c:\program files (x86)\setup wizard\setup wizard.exe | 
"TCP Query User{0D725E8E-C793-4831-8B3D-71BDB0AAADB7}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"TCP Query User{293E562E-CA8D-45F5-A5AC-3356E0E09B14}C:\program files (x86)\intervideo\dvd7\windvd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\intervideo\dvd7\windvd.exe | 
"TCP Query User{3F4C599C-DAE8-4D68-8B3D-A5D65615B039}C:\program files (x86)\wertpapieranalyse 2011\wm60.exe" = protocol=6 | dir=in | app=c:\program files (x86)\wertpapieranalyse 2011\wm60.exe | 
"TCP Query User{3FF4BE81-398F-4ACD-90B1-2CE895FDB750}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"TCP Query User{45AE8D84-0318-4DB4-8732-E62163783265}C:\program files (x86)\numark cue\cue.exe" = protocol=6 | dir=in | app=c:\program files (x86)\numark cue\cue.exe | 
"TCP Query User{4DA4541F-2288-4D96-B725-F5FF6F0E2FB9}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{66C53560-02E1-40A4-8F11-FB6D8BE2E65C}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{6792EE4B-37C2-41EB-88A5-A2E9EE3BCE86}C:\program files (x86)\dmxcontrol3.0\kernel\lumos.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dmxcontrol3.0\kernel\lumos.exe | 
"TCP Query User{682A19BC-2973-4B9B-A035-EC00265B9598}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"TCP Query User{6AC47F4F-13C4-409D-98F1-54A1FDDF730F}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{6ADF9550-EEA3-446B-8ABD-301474E16EFC}C:\program files (x86)\bosmon\bosmon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bosmon\bosmon.exe | 
"TCP Query User{6E8E3067-2B6B-45E8-A9ED-7030A463EAA3}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\myphoneexplorer\myphoneexplorer.exe | 
"TCP Query User{7B88B888-889F-4685-A090-900B40FF9F87}C:\program files (x86)\eib-programme\power-project40\bin\powerpro4.exe" = protocol=6 | dir=in | app=c:\program files (x86)\eib-programme\power-project40\bin\powerpro4.exe | 
"TCP Query User{97B56CDB-6338-48CD-BCB3-54EA3B1FD5F8}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"TCP Query User{9F1BF709-6E33-4FA9-B91D-E0F970D7EBBB}C:\program files (x86)\ets4\ets4.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ets4\ets4.exe | 
"TCP Query User{C0EA2432-92D1-4418-A0BF-29B59B0AAF9E}C:\program files (x86)\sma\sunny explorer\sunnyexplorer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sma\sunny explorer\sunnyexplorer.exe | 
"TCP Query User{C22D88D5-FFB1-4609-91D0-953B53496614}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{DA53E44A-EDAE-48C9-A256-EDD0780A05EB}C:\program files (x86)\wertpapieranalyse 2011\wm60.exe" = protocol=6 | dir=in | app=c:\program files (x86)\wertpapieranalyse 2011\wm60.exe | 
"UDP Query User{00C74A43-B100-4BCB-B793-3EEE1D58D232}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{01CD0EAC-BE73-45CA-B53A-1BA1B291F577}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"UDP Query User{1708BA1F-B263-4222-AFA1-5402912656A5}C:\program files (x86)\intervideo\dvd7\windvd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\intervideo\dvd7\windvd.exe | 
"UDP Query User{174278E9-C99E-4507-AB4F-DEF222EACBCD}C:\program files (x86)\wertpapieranalyse 2011\wm60.exe" = protocol=17 | dir=in | app=c:\program files (x86)\wertpapieranalyse 2011\wm60.exe | 
"UDP Query User{1EDAD5AA-0F56-4529-A803-6A007A742A03}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\myphoneexplorer\myphoneexplorer.exe | 
"UDP Query User{1F994B47-85C0-407E-881A-26017A4206A8}C:\program files (x86)\bosmon\bosmon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bosmon\bosmon.exe | 
"UDP Query User{2FA2C5F3-1A6F-46A4-9FB2-C81E8F86E5B9}C:\program files (x86)\dmxcontrol3.0\gui\lumosgui.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dmxcontrol3.0\gui\lumosgui.exe | 
"UDP Query User{3FD66453-881D-45F9-9256-AFDF1E1F45EC}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"UDP Query User{5C4A8A1F-AB82-463F-B00C-310922ECF975}C:\program files (x86)\sma\sunny explorer\sunnyexplorer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sma\sunny explorer\sunnyexplorer.exe | 
"UDP Query User{6562A1B3-1F05-4378-B492-D33C107FB808}C:\program files (x86)\ets4\ets4.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ets4\ets4.exe | 
"UDP Query User{74DC2216-873D-4FAA-ABD1-6FC9FB18DA7B}C:\program files (x86)\dmxcontrol3.0\kernel\lumos.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dmxcontrol3.0\kernel\lumos.exe | 
"UDP Query User{79D72F0B-1DB6-4AAB-B3FB-DEA1D6EC93CE}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"UDP Query User{832FA5D5-7180-491E-9A04-4E496330C469}C:\program files (x86)\eib-programme\power-project40\bin\powerpro4.exe" = protocol=17 | dir=in | app=c:\program files (x86)\eib-programme\power-project40\bin\powerpro4.exe | 
"UDP Query User{9ABCCCB1-96ED-4B59-B885-C5E96C963407}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{9BFD0086-7207-458C-92C3-D68B5F4A9213}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{A3B54496-01EF-419C-BD75-EBBF9334FFE5}C:\program files (x86)\setup wizard\setup wizard.exe" = protocol=17 | dir=in | app=c:\program files (x86)\setup wizard\setup wizard.exe | 
"UDP Query User{BBA6F048-CC7E-49AB-BAE0-C48529C93BB8}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{C024EF55-2D05-43DD-BBA8-00C6EF1E8759}C:\program files (x86)\wertpapieranalyse 2011\wm60.exe" = protocol=17 | dir=in | app=c:\program files (x86)\wertpapieranalyse 2011\wm60.exe | 
"UDP Query User{C6568A0D-174B-4EC7-917E-B9BEA7BF4209}C:\program files (x86)\numark cue\cue.exe" = protocol=17 | dir=in | app=c:\program files (x86)\numark cue\cue.exe | 
"UDP Query User{CB1F7CEE-4C51-44F7-A9EF-778B1F16495C}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{03DDD360-84C3-42CF-B67F-230CC521A5C9}" = NI Logos64 XT Support
"{05825BEC-5290-4FF1-BD25-CA9BD29071FA}" = NI-Mesa
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1111706F-666A-4037-7777-202648764D10}" = JavaFX 2.0.2 (64-bit)
"{13F04F10-986E-42D5-9668-D9BCBCAAAF3B}" = NI System State Publisher (64-bit)
"{18F703C3-32EC-4E5C-BC3C-C1BD72D35F5B}" = TVCenter
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{2180B33F-3225-423E-BBC1-7798CFD3CD1F}" = Microsoft SQL Server 2008 R2 Native Client
"{2222706F-666A-4037-7777-202648764D10}" = JavaFX 2.0.2 SDK (64-bit)
"{234F6B0D-10AE-4BB7-B2F3-E48D4861952D}" = SQL Server 2008 R2 Common Files
"{26A24AE4-039D-4CA4-87B4-2F86417002FF}" = Java(TM) 7 Update 2 (64-bit)
"{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}" = Microsoft SQL Server VSS Writer
"{31D8581C-BF83-45CD-B70F-56228C0D7F47}" = NI Logos 5.4 (64 Bit)
"{35A97349-0C65-447D-ADCC-50816D7E1D38}" = NI LabWindows/CVI 2012 Network Variable Library (64-bit)
"{36B8F941-4CC2-4FAC-8429-1A623F49FB06}" = NI LabWindows/CVI 2012 TDMS Library (64-bit)
"{36F70DEE-1EBF-4707-AFA2-E035EEAEBAA1}" = SQL Server 2008 R2 Common Files
"{4168FF33-8D45-40B3-B2A8-FD91BB2A1BA0}" = NI mDNS Responder 1.6 for Windows 64-bit
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4DEF728D-28F0-46A6-A395-90E0D7BF954D}" = Disc Manager
"{52815726-3F51-4E74-8CCD-0A92FB74BC48}" = NI LabWindows/CVI Run-Time Engine 2012 (64-bit)
"{583E320A-F7F7-4A23-A80E-26995A5371CC}" = MySQL Connector/ODBC 5.1
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6344718C-AE30-4C86-B5CD-459077A83623}" = Microsoft SQL Server Native Client
"{64A3A4F4-B792-11D6-A78A-00B0D0170020}" = Java(TM) SE Development Kit 7 Update 2 (64-bit)
"{6964A158-5906-48CF-9764-10881EAE5B94}" = DisplayLink Core Software
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6B6C4C46-1B7E-4A41-9E70-ACFBB22B1D81}" = SpyHunter
"{6D10FB2C-82A9-40F2-91D0-7BE64CF0DAF2}" = Microsoft SQL Server 2008 R2 Setup (English)
"{6DC6AB4E-2BAA-AFC6-C5E1-A442917C6AFD}" = AMD Catalyst Install Manager
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E9D6C3B-C8A3-4C47-9355-B04FBFD5C81F}" = NI GMP Windows 64-bit Installer 12.0.0
"{79253283-47EB-4A67-9014-0CBEC8AE4D0C}" = NI VC2010MSMs x64
"{7949A08A-A7F7-4667-BBE9-8F16F00160F9}" = NI Curl 12.0.0 (64-bit)
"{7E7F2CA1-F0D9-43FE-9E96-2289FCD8C9F9}" = NI Trace Engine (64-bit)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{82DA2AE0-AC4B-4D34-BE7D-B4C720A1E7D2}" = NI VC2008MSMs x64
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C5B5A11-CBF8-451B-B201-77FAB0D0B77D}" = Microsoft Network Monitor 3.4
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{9235132D-76EF-4A53-921A-CEF3224C1B52}" = Unterstützung für NI SSL (64 Bit)
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{944955CA-DC3A-40B2-B21B-4CD333B15BCE}" = NI-ActiveX-Container (64-bit)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{963E5FEB-1367-46B9-851D-A957F1A3747F}" = Microsoft Network Monitor: NetworkMonitor Parsers 3.4
"{9ED333F8-3E6C-4A38-BAFA-728454121CDA}" = PDF-XChange Viewer
"{A2122A9C-A699-4365-ADF8-68FEAC125D61}" = SQL Server 2008 R2 Database Engine Shared
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ACDE2A50-97CF-47FE-B92C-ED8147F85A9D}" = NI VC2005MSMs x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B40EE88B-400A-4266-A17B-E3DE64E94431}" = Microsoft SQL Server 2008 Setup Support Files 
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B85DCCD8-5CAF-4B85-A347-AF62238C1BA2}" = NI Web Application Server 12.0 (64 Bit)
"{B9B61267-773D-4569-A4F9-FB241BABA462}" = NI MAX Remote Configuration 64-bit Installer 5.3
"{BA4EF391-FE34-4E99-97B2-338426F82E00}" = NI System Web Server Base 12.0.0 (64-bit)
"{BB57A765-FFFE-498B-8C1E-6C9CE2AB92BA}" = Microsoft SQL Server 2008 R2 RsFx Driver
"{BBDC08C8-1932-43D3-A711-67618CCD40BB}" = NI Authentication 12.0.0 (64-bit)
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{C942A025-A840-4BF2-8987-849C0DD44574}" = SQL Server 2008 R2 Database Engine Shared
"{CF076FC9-35B1-414C-AE9B-7B582D1B9DD5}" = NI LabWindows/CVI 2012 Analysis Library (64-bit)
"{D75A0E66-994D-4348-AB6A-80DCD1142960}" = NI TDMS (64-bit)
"{E23B6390-68FE-4882-B25C-0950C212AA57}" = NI Math Kernel Libraries (64-bit)
"{E28F112D-4784-4466-AE4B-07B3630C857F}" = Oracle VM VirtualBox 4.2.10
"{ECD1806C-56F6-4798-93A2-166F45124B1D}" = O&O MediaRecovery
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F31183CF-E10F-4DE1-BB59-6C0FF38E481E}" = Sql Server Customer Experience Improvement Program
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = SQL Server 2008 R2 Database Engine Services
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = SQL Server 2008 R2 Database Engine Services
"Auerswald CAPI 2.0 Treiber" = Auerswald-CAPI-2.0-Treiber
"Auerswald Fax Drucker" = Druckertreiber Auerswald Fax
"Auerswald Uni TAPI Treiber" = Auerswald Uni TAPI Treiber
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 R2 (64-bit)
"Microsoft SQL Server 2008 R2" = Microsoft SQL Server 2008 R2 (64-bit)
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"sp6" = Logitech SetPoint 6.20
"VLC media player" = VLC media player 2.0.2
"VueScan" = VueScan
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{08D51536-D958-5C3E-2F36-F2F5C0B2D7F8}" = DataCenter2
"{097F54D3-1019-4CC1-B2BA-8EA46A3EC9B2}" = NI EulaDepot
"{0C8364B1-AFD8-45B7-ACE8-B76113B6C418}" = FugVS2005
"{0CD02701-CF13-41D7-81CF-E46600629052}" = NI LabWindows/CVI Run-Time Engine 2012 (Updated)
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{163A486D-BE65-487E-98D9-F5298F3D5E15}" = PhotoTools 2.5
"{16DBD2E0-C9D9-4C5C-A697-ECAEEC2F0E9D}" = NI LabWindows/CVI 2012 Low-Level Driver (Updated)
"{17C551F5-4706-4096-B9E3-CCEE31788484}" = AxxonSoft Situation detectors. ItvDetectorPack v.3.0.2.46
"{186A95B6-4729-4762-A1FA-3ED95D13D631}" = NI Curl 12.0.0
"{1A0B8239-664B-434A-99D8-C50793513249}" = Audials TV
"{1D9B4546-E954-4DF1-8808-8CC2CE72FA77}" = NI Math Kernel Libraries
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FCBD504-AB7D-4757-9A14-850348384B08}" = StarMoney
"{20F1C397-6394-411C-B299-4743A4E4EFFF}" = NI Uninstaller
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{286B8A6B-72B5-4382-8380-BFFCAA67ACF9}" = CUE
"{2B69AD59-FA30-47fc-B950-FA27E7D16A73}_is1" = MZ-Tools 3.0 für VBA
"{2C303EE0-A595-3543-A71A-931C7AC40EDE}" = Microsoft Primary Interoperability Assemblies 2005
"{3698573F-F778-4076-96DF-3BE4D53A61CA}" = Axxon Driver Pack v.3.2.13.1072
"{374262DA-B644-4CCA-8A37-DF57AD806408}" = Sunny Design 2.21
"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
"{3B35725F-C623-4A1E-B5CC-99C0868679E3}" = Smart 6 B10.0422.1
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B10.0427.1
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{4148991D-DB5B-4064-91D3-3F9B6FDBBE5C}" = Tunebite
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B10.0521.1
"{45CEBDDE-AD94-4C5A-999D-0D35CE61405B}_is1" = 1.5
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A684677-2EB8-41DF-941D-BEA07D50D545}" = Videoraptor
"{4B1740DF-F9BE-4993-9F91-7350D1143447}" = NI System Web Server Base 12.0.0
"{4B3284A1-AE20-440B-BB97-A322B94F1279}" = NI MAX Remote Configuration Installer 5.3
"{4BFADFE0-10A4-4F97-863B-8C76E348EB82}" = NI System State Publisher
"{4CD648BA-93D6-4D55-81FF-7B66FA67E2C6}" = NI MDF Support
"{527BB01E-3067-4608-BF7F-EFEF0920C203}" = Auerswald COMfortel Melody 1.3.0
"{56582EEA-3AEF-4D84-8B9D-C87A3CD9250F}" = GetDataBack for NTFS
"{59624372-3B85-47f4-9B04-4911E551DF1E}" = Lexware Info Service
"{5A6DB7C1-E646-4842-A562-49C5EB8F2B47}" = StarMoney
"{5E29E10C-A5F2-4C04-BDAF-98BE38FA80E3}" = NI LabWindows/CVI 2012 TDMS Library
"{5F3D8CCF-7A99-401C-A8B5-7237242592B1}" = NI Logos 5.4
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{665C721C-49A3-49E9-AED0-EBEDC1327D57}" = Setup Wizard
"{66E3BA00-6B3D-466B-96FA-6309A7F42BB0}" = Adobe Flash Player 10 ActiveX
"{675F86A8-E093-4002-87D5-915CC2C45571}" = DES 2.0
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6FFB1B16-0930-421B-9F2C-E4CB91E3B22D}" = NI VC2010MSMs x86
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{712723FB-BF99-4406-8F91-A2DB766AB2C9}" = NI VC2008MSMs x86
"{754854DC-2E0A-49D8-A1A1-426C1F9B1459}" = Intel(R) IPP Run-Time Installer 5.3 Update 4 for Windows* on IA-32
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{766B7D2F-EE51-4C31-A336-E5C6399D1B82}" = NI-Mesa
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{781CE3C3-3228-4BB4-A8A2-1317A0447553}" = NI LabWindows/CVI 2012 Analysis Library
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7DE391F3-CC8D-4EC2-80E6-5F24120FA4F1}" = Silicon Laboratories CP210x VCP Drivers for Windows XP/2003 Server/Vista/7
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8AC58984-BA65-41D1-9F14-261EFEDAAB01}" = Unterstützung für NI SSL
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PROHYBRIDR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_PROHYBRIDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.VISIOR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.VISIOR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.VISIOR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.VISIOR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.VISIOR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.VISIOR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.VISIOR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2010
"{90140000-0054-0407-0000-0000000FF1CE}_Office14.VISIOR_{1FEAC070-BB09-4055-9BD0-48CF52023F92}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.VISIOR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90885A82-9673-49EA-AB39-AF776639C67C}" = InterVideo WinDVD 7
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91140000-0057-0000-0000-0000000FF1CE}" = Microsoft Office Visio 2010
"{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{01D8AE4B-A04D-47E5-81BF-E3F98B81B8C3}" = Microsoft Visio 2010 Service Pack 1 (SP1)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{94F2978F-59C7-45E9-8DD7-54A73D212303}" = NI Logos XT Support
"{956AB2F3-CE39-4078-82DC-B2B7F1BEEEC5}" = Tagrunner
"{962EEB0B-2063-4D3C-A621-B303F3D2DAC3}" = NI LabWindows/CVI Run-Time Engine 2012
"{965BB87F-CF2A-4D1F-A0D2-3795BEBC9999}" = NI Trace Engine
"{96A7A3D9-8AD3-410A-82C6-B6E0964A1AFC}" = DDBAC
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C450606-ED24-4958-92BA-B8940C99D441}" = PixiePack Codec Pack
"{9DC1A9BA-070A-455F-8AC3-62587524ADFB}" = Quicken 2011 - ServicePack 4
"{9E7F5CE2-DD2A-495E-8FBE-AB5DBC000F35}" = AxxonNext v.3.0.1.641
"{9F0C8CCB-53C7-4E86-B106-15517D35CE14}" = Sunny Explorer
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A13D9E3A-B31D-4E69-8681-EDB7AA02E365}" = Quicken Import Export Server 2011
"{A2B09CFD-F0B2-30AF-8DF4-1DF6B63FC7B5}" = Auerswald COMfortel Set 2.8.0
"{A2F991E7-DDCD-42B7-AFEC-47789A099FDC}" = Browser Configuration Utility
"{A33A9C7A-DAF1-4A13-989C-64DAAF62C750}" = NI System Web Server 12.0
"{A363C314-2242-4BBE-9ADE-B427AF646EFF}" = NI mDNS Responder 1.6.0
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9F2E6BA-6756-4D8D-808E-671F4862EF2B}" = KNX ETS4
"{AA75D3E0-E40D-438A-8693-314AA4D58344}" = Data Logger
"{AC3DDDE2-2CCA-4ACE-8BF1-BF1239AFE12F}" = NI Visual C++ 2005 Redistributable Package
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{B066064E-8BB9-4BB6-88A1-62522FD34EB3}" = Radiotracker
"{b17ff919-2d84-4f2a-94d1-4c5254d8924f}" = KNX eteC Falcon Runtime v2.0
"{B256C380-AC47-4681-8342-7F42E4F0F434}" = JRE 1.6.1
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS
"{B59B5506-2034-48AE-810F-54E7C780A8BD}" = NI Authentication 12.0.0
"{B823632F-3B72-4514-8861-B961CE263224}" = PostgreSQL 8.3
"{B837579C-B73E-47ED-B722-B0076CDDFB2C}_is1" = BosMon 1.2.2
"{B9681EB8-76E5-4022-AE84-F6B7CE464554}" = KNX ETS4 Additional Runtime
"{BF9BF038-FE03-429D-9B26-2FA0FD756052}" = Microsoft SQL Server Browser
"{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = DriverScanner
"{C60FC3DA-1B1A-41D0-8C0F-6D139845E065}" = NI LabWindows/CVI 2012 Low-Level Driver (Original)
"{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B09.1014.2
"{C92BA15C-7952-4626-9EE3-0C8940D62945}" = NI Visual C++ 2010 Redistributable Package
"{CE810E58-20B0-4701-A1B5-8B9C155FE156}" = NI Visual C++ 2008 Redistributable Package
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D9364B00-D223-11D5-9F10-00304F0AF384}" = ConceptDraw Deutsch
"{D9C15833-DBC0-418C-B27E-921E2534F834}" = Power-Tool
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E0D8CD4E-4771-4848-A09D-60A31D883883}" = NI VC2005MSMs x86
"{E259DE5F-4980-4882-85D0-312F82721ED5}" = Quicken 2011
"{E2F2B987-F2BC-4969-95F2-92099486B811}" = StarMoney
"{E483D4FF-1ECD-4218-8560-CAAB6DF31A9C}" = NI GMP Windows 32-bit Installer 12.0.0
"{E7BBCB1F-21CC-4DC9-83AD-587F776EDAD9}" = NI TDMS
"{EC2F8A30-787F-4DA5-9A8F-8E7DFE777CC2}" = Servicepack Datumsaktualisierung
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{EE2F0FD3-2943-4A4F-895A-AB8085481D41}" = NI LabWindows/CVI 2012 Network Variable Library
"{F074C96B-CBD0-4614-B4DA-E7A5B81CB721}" = Power-Project V4.5
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4D83475-BA56-48F3-A03C-283871B6EC33}" = NI-ActiveX-Container
"{F625701A-E55C-47B4-8FC0-52B4FFE306BB}" = Wertpapieranalyse 2011
"{F6995FC4-2D91-4169-B3C4-7C51B7123902}" = Lexware online banking
"{F722209B-739E-40E4-ADB1-062BD032A0DB}" = Personal ID
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F902AB2B-7816-4CBD-A385-F2549F62956B}" = StarMoney
"{FB3F09C4-029C-48B7-9242-6616BFDE0596}" = Bosch Video SDK Runtime Library 4.23.03.03
"{FE76435C-3F81-4A07-A620-22308DF454AF}" = NI Web Application Server 12.0
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"Anti-Twin 2011-02-13 18.28.45" = Anti-Twin (Installation 13.02.2011)
"AudialsOne_is1" = AudialsOne 3.0.4980.7100
"Aurora 22.0a2 (x86 de)" = Aurora 22.0a2 (x86 de)
"Avira AntiVir Desktop" = Avira Free Antivirus
"AxxonNext" = AxxonNext
"CDLIB" = CDLIB 5.1
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"CTDVDAudio Plugin" = Creative DVD Audio Plugin for Audigy Series
"DAEMON Tools Lite" = DAEMON Tools Lite
"Data Center 2" = Data Center 2
"DataCenter2.6A52D17A1C86211F195F60E94C15876515EBE62C.1" = DataCenter2
"DeInst_d2vexcrdTop50 Viewer (Build 1.0.5.388)" = Top50 Viewer
"DivX Setup" = DivX-Setup
"DMXControl_3.0" = DMXControl 3.0
"DVDx 4.0" = DVDx 4.0
"ElsterFormular für Unternehmer 12.1.1.6214u" = ElsterFormular-Update
"ESET Online Scanner" = ESET Online Scanner v3
"FileZilla Client" = FileZilla Client 3.5.2
"Free Download Manager_is1" = Free Download Manager 3.9.2
"FreePDF_XP" = FreePDF (Remove only)
"Fugawi45_GE_is1" = Fugawi Google Earth Plug-in Version 1.1.0.6
"Fugawi45_is1" = Fugawi 4.5
"go1984 Desktop Client_is1" = go1984 Desktop Client, Version 3.8.1.8
"Google Chrome" = Google Chrome
"GPL Ghostscript 9.00" = GPL Ghostscript 9.00
"GSview 4.9" = GSview 4.9
"Hardcopy(C__Program Files (x86)_Hardcopy)" = Hardcopy (C:\Program Files (x86)\Hardcopy)
"IcoFX_is1" = IcoFX 1.6.4
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B10.0521.1
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B09.1014.2
"InstallShield_{E259DE5F-4980-4882-85D0-312F82721ED5}" = Quicken Deluxe 2011
"InterActual Player" = InterActual Player
"ISO Workshop_is1" = ISO Workshop 3.2
"KNX ETS4" = KNX ETS4
"MacroX" = MacroX 3.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"MatrixLock USB Driver v2.30.0" = MatrixLock USB Driver v2.30.0
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Thunderbird 17.0.5 (x86 de)" = Mozilla Thunderbird 17.0.5 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPE" = MyPhoneExplorer
"NAVIGON Fresh" = NAVIGON Fresh 3.3.2
"NI Uninstaller" = National Instruments - Software
"NIMDFDeployment.{AA75D3E0-E40D-438A-8693-314AA4D58344}" = Data Logger
"Numark Cue (Atomix Productions)" = Numark Cue (Atomix Productions)
"ODBC" = ODBC
"Office14.VISIOR" = Microsoft Visio Premium 2010
"Power-Project V4.5" = Power-Project V4.5
"Power-Tool" = Power-Tool
"PROHYBRIDR" = 2007 Microsoft Office system
"QNAPSurveillanceStation" = QNAP Surveillance Station
"SLABCOMM&10C4&EA60" = Silicon Laboratories CP210x USB to UART Bridge (Driver Removal)
"ST6UNST #1" = FFVNeuinst
"TightVNC" = TightVNC 2.0.4
"TuneUpMedia" = TuneUp Companion 2.0.9
"UltraISO_is1" = UltraISO Premium V9.52
"Videoload Manager" = Videoload Manager 2.0.2220
"VLC media player" = VLC media player 2.0.3
"webcam 7" = webcam 7
"YTdetect" = Yahoo! Detect
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-915812183-1053917599-1125579299-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0427d521-705d-45a6-a05e-e3a49d10a8b8}" = Snap.Do Engine
"176773093.demo.go1984.de" = go1984 Silverlight Client
"Amazon Kindle" = Amazon Kindle
"Dropbox" = Dropbox
"pdfsam" = pdfsam
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 06.05.2013 16:40:09 | Computer Name = PC.tt.local | Source = MSSQL$PP40 | ID = 19011
Description = 
 
Error - 06.05.2013 16:40:09 | Computer Name = PC.tt.local | Source = MSSQL$PP40 | ID = 19011
Description = 
 
Error - 06.05.2013 16:40:09 | Computer Name = PC.tt.local | Source = MSSQL$PP40 | ID = 19011
Description = 
 
Error - 06.05.2013 16:40:25 | Computer Name = PC.tt.local | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 192.168.100.16:5353   17 16.100.168.192.in-addr.arpa.
 PTR PC-2.local.
 
Error - 06.05.2013 16:40:25 | Computer Name = PC.tt.local | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Unexpected conflict discarding   15 16.100.168.192.in-addr.arpa.
 PTR PC.local.
 
Error - 06.05.2013 16:40:25 | Computer Name = PC.tt.local | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 192.168.56.1:5353   17 1.56.168.192.in-addr.arpa.
 PTR PC-2.local.
 
Error - 06.05.2013 16:40:25 | Computer Name = PC.tt.local | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Unexpected conflict discarding   15 1.56.168.192.in-addr.arpa.
 PTR PC.local.
 
Error - 06.05.2013 16:40:25 | Computer Name = PC.tt.local | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 192.168.56.1:5353   17 A.6.6.9.9.1.4.8.D.F.5.9.9.8.D.8.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa.
 PTR PC-2.local.
 
Error - 06.05.2013 16:40:25 | Computer Name = PC.th.local | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Unexpected conflict discarding   15 A.6.6.9.9.1.4.8.D.F.5.9.9.8.D.8.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa.
 PTR PC.local.
 
Error - 06.05.2013 16:43:34 | Computer Name = PC.th.local | Source = Application Hang | ID = 1002
Description = Programm Spyhunter4.exe, Version 4.12.13.4202 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 1158    Startzeit: 01ce4a99fb75c294    Endzeit: 10    Anwendungspfad:
 C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe    Berichts-ID: 76b4a417-b68d-11e2-9cd4-1c6f65431138

 
[ OSession Events ]
Error - 02.05.2012 18:06:20 | Computer Name = PC.tt.local | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 2, Application Name: Microsoft Office Access, Application Version:
 12.0.6606.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 0
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 02.05.2012 18:08:15 | Computer Name = PC.tt.local | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 2, Application Name: Microsoft Office Access, Application Version:
 12.0.6606.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 02.05.2012 18:14:33 | Computer Name = PC.tt.local | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 2, Application Name: Microsoft Office Access, Application Version:
 12.0.6606.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 80
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 02.05.2012 18:15:02 | Computer Name = PC.tt.local | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 2, Application Name: Microsoft Office Access, Application Version:
 12.0.6606.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 13
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 20.05.2012 14:08:25 | Computer Name = PC.tt.local | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 2, Application Name: Microsoft Office Access, Application Version:
 12.0.6606.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1690
 seconds with 240 seconds of active time.  This session ended with a crash.
 
Error - 20.05.2012 14:09:14 | Computer Name = PC.tt.local | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 2, Application Name: Microsoft Office Access, Application Version:
 12.0.6606.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 21
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 20.05.2012 14:09:31 | Computer Name = PC.tt.local | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 2, Application Name: Microsoft Office Access, Application Version:
 12.0.6606.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 12
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 20.05.2012 14:09:56 | Computer Name = PC.tt.local | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 2, Application Name: Microsoft Office Access, Application Version:
 12.0.6606.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 18
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 20.05.2012 14:10:43 | Computer Name = PC.tt.local | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 2, Application Name: Microsoft Office Access, Application Version:
 12.0.6606.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 12
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 28.05.2012 09:07:42 | Computer Name = PC.tt.local | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 2, Application Name: Microsoft Office Access, Application Version:
 12.0.6606.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 13138
 seconds with 3780 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 05.05.2013 05:58:21 | Computer Name = PC.tt.local | Source = TermService | ID = 1067
Description = 
 
Error - 05.05.2013 06:33:24 | Computer Name = PC.tt.local | Source = NETLOGON | ID = 5719
Description = Der Computer konnte eine sichere Sitzung mit einem  Domänencontroller
 in der Domäne TH aufgrund der folgenden  Ursache nicht einrichten:   %%1311    Dies kann
 zu Authentifizierungsproblemen führen. Stellen  Sie sicher, dass der Computer mit
 dem Netzwerk verbunden ist.  Wenden Sie sich an den Domänenadministrator, wenn das
 Problem  weiterhin besteht.        ZUSÄTZLICHE INFORMATIONEN    Wenn dieser Computer ein Domänencontroller
 der bestimmten  Domäne ist, wird eine sichere Sitzung zum primären  Domänencontrolleremulator
 in der bestimmten Domäne eingerichtet.  Andernfalls richtet dieser Computer eine 
sichere Sitzung zu  einem beliebigen Domänencontroller in der bestimmten Domäne ein.
 
Error - 05.05.2013 10:38:13 | Computer Name = PC.tt.local | Source = NETLOGON | ID = 5719
Description = Der Computer konnte eine sichere Sitzung mit einem  Domänencontroller
 in der Domäne TH aufgrund der folgenden  Ursache nicht einrichten:   %%1311    Dies kann
 zu Authentifizierungsproblemen führen. Stellen  Sie sicher, dass der Computer mit
 dem Netzwerk verbunden ist.  Wenden Sie sich an den Domänenadministrator, wenn das
 Problem  weiterhin besteht.        ZUSÄTZLICHE INFORMATIONEN    Wenn dieser Computer ein Domänencontroller
 der bestimmten  Domäne ist, wird eine sichere Sitzung zum primären  Domänencontrolleremulator
 in der bestimmten Domäne eingerichtet.  Andernfalls richtet dieser Computer eine 
sichere Sitzung zu  einem beliebigen Domänencontroller in der bestimmten Domäne ein.
 
Error - 05.05.2013 10:43:00 | Computer Name = PC.tt.local | Source = TermService | ID = 1067
Description = 
 
Error - 05.05.2013 10:49:15 | Computer Name = PC.tt.local | Source = TermService | ID = 1067
Description = 
 
Error - 05.05.2013 15:12:47 | Computer Name = PC.tt.local | Source = NETLOGON | ID = 5719
Description = Der Computer konnte eine sichere Sitzung mit einem  Domänencontroller
 in der Domäne TH aufgrund der folgenden  Ursache nicht einrichten:   %%1311    Dies kann
 zu Authentifizierungsproblemen führen. Stellen  Sie sicher, dass der Computer mit
 dem Netzwerk verbunden ist.  Wenden Sie sich an den Domänenadministrator, wenn das
 Problem  weiterhin besteht.        ZUSÄTZLICHE INFORMATIONEN    Wenn dieser Computer ein Domänencontroller
 der bestimmten  Domäne ist, wird eine sichere Sitzung zum primären  Domänencontrolleremulator
 in der bestimmten Domäne eingerichtet.  Andernfalls richtet dieser Computer eine 
sichere Sitzung zu  einem beliebigen Domänencontroller in der bestimmten Domäne ein.
 
Error - 05.05.2013 19:59:07 | Computer Name = PC.tt.local | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender 
Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann
 eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn
 die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde 
und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere 
Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.
 
Error - 06.05.2013 16:39:54 | Computer Name = PC.tt.local | Source = NETLOGON | ID = 5719
Description = Der Computer konnte eine sichere Sitzung mit einem  Domänencontroller
 in der Domäne TH aufgrund der folgenden  Ursache nicht einrichten:   %%1311    Dies kann
 zu Authentifizierungsproblemen führen. Stellen  Sie sicher, dass der Computer mit
 dem Netzwerk verbunden ist.  Wenden Sie sich an den Domänenadministrator, wenn das
 Problem  weiterhin besteht.        ZUSÄTZLICHE INFORMATIONEN    Wenn dieser Computer ein Domänencontroller
 der bestimmten  Domäne ist, wird eine sichere Sitzung zum primären  Domänencontrolleremulator
 in der bestimmten Domäne eingerichtet.  Andernfalls richtet dieser Computer eine 
sichere Sitzung zu  einem beliebigen Domänencontroller in der bestimmten Domäne ein.
 
Error - 06.05.2013 16:39:57 | Computer Name = PC.tt.local | Source = Microsoft-Windows-GroupPolicy | ID = 1055
Description = Fehler bei der Verarbeitung der Gruppenrichtlinie. Der Computername
 konnte nicht aufgelöst werden. Dies kann mindestens eine der folgenden Ursachen
 haben:   a) Fehler bei der Namensauflösung mit dem aktuellen Domänencontroller.   b)
 Active Directory-Replikationswartezeit (ein auf einem anderen Domänencontroller
 erstelltes Konto hat nicht auf dem aktuellen Domänencontroller repliziert).
 
Error - 06.05.2013 16:47:43 | Computer Name = PC.tt.local | Source = TermService | ID = 1067
Description = 
 
 
< End of report >

--- --- ---

cosinus · 07.05.2013, 10:18

Code:

ATTFilter

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = tt.local

Firmenrechner werden hier eigentlich nicht bereinigt

Siehe => http://www.trojaner-board.de/108422-...-anfragen.html

Zitat:

3. Grundsätzlich bereinigen wir keine gewerblich genutzten Rechner. Dafür ist die IT Abteilung eurer Firma zuständig.

Bei Kleinunternehmen, welche keinen IT Support haben, machen wir da eine Ausnahme und helfen gerne ( kleine Spende hilft auch uns ).
Voraussetzung: Ihr teilt uns dies in eurer ersten Antwort mit.

Bedenkt jedoch, dass Logfiles viele heikle Informationen enthalten können ( Kundendaten, Bankdaten, etc ) sowie das Malware die Möglichkeit besitzt, diese auszuspähen und zu missbrauchen. Hier legen wir euch ein Formatieren und Neuaufsetzen nahe.

tom_123 · 07.05.2013, 21:49

Hallo cosinus,

ich kann nur sagen es handelt sich bei dem Rechner und auch bei der Domäne um ein reines privates Netzwerk das nicht gewerblich genutzt wird. Es dient mir nur dazu um mich bezüglich der Server und Netzwerktechnik aktuell zu halten bzw. weiterzubilden. Die eingesetzte Server Software ist nur für die Evaluierung aktueller Microsoft-Software freigegeben. Da ich leider im Bereich der Schädlinge ein sehr dürftiges Wissen besitze, hatte ich auf eure Hilfe gehofft.

Danke an euch.

Gruß Tom

cosinus · 07.05.2013, 22:05

Zitat:

und auch bei der Domäne um ein reines privates Netzwerk das nicht gewerblich genutzt wird

Privat eine Windows-Server-Domäne?

Woher hast du die Windows-Server-Lizenzen?

tom_123 · 07.05.2013, 22:47

Stichwort TechNet-Abo denke du weist Bescheid.

cosinus · 07.05.2013, 23:01

Ach, du meinst MSDN, das hatte ich als Schüler/Student damals auch

Führe mal JRT und adwCleaner aus, in den meisten Fällen ist der Werbemüll weg, Reste werden dann noch aufgespürt (bitte beide Tools neu runterladen, ich glaube JRT hast du schonmal ausgeführt)

JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Danach eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles in CODE-Tags hier in den Thread.

tom_123 · 08.05.2013, 00:52

JRT:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Ultimate x64
Ran by Thomas on 08.05.2013 at  0:37:52,58
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08.05.2013 at  0:40:51,45
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

AdwCleaner

Code:

ATTFilter

# AdwCleaner v2.300 - Datei am 08/05/2013 um 00:42:06 erstellt
# Aktualisiert am 28/04/2013 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzer : Thomas - XXXXXXX
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Thomas\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Gelöscht mit Neustart : C:\Program Files (x86)\DeviceVM

***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16476

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v [Version kann nicht ermittelt werden]

Datei : C:\Users\thomas.TH\AppData\Roaming\Mozilla\Firefox\Profiles\df3buwm8.default\prefs.js

[OK] Die Datei ist sauber.

Datei : C:\Users\thomas.TH\AppData\Roaming\Mozilla\Firefox\Profiles\jewn20nv.default\prefs.js

[OK] Die Datei ist sauber.

Datei : C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\jewn20nv.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v26.0.1410.64

Datei : C:\Users\thomas.TT\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

Datei : C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gelöscht [l.2061] : homepage = "hxxp://feed.snap.do/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=DE&userid=db187f10-[...]

*************************

AdwCleaner[R1].txt - [13984 octets] - [04/05/2013 02:13:25]
AdwCleaner[R2].txt - [14070 octets] - [04/05/2013 03:08:43]
AdwCleaner[R3].txt - [1942 octets] - [04/05/2013 03:15:36]
AdwCleaner[R4].txt - [2062 octets] - [04/05/2013 09:29:27]
AdwCleaner[R5].txt - [2182 octets] - [04/05/2013 23:03:53]
AdwCleaner[S1].txt - [375 octets] - [04/05/2013 02:13:53]
AdwCleaner[S2].txt - [14078 octets] - [04/05/2013 03:08:54]
AdwCleaner[S3].txt - [1949 octets] - [04/05/2013 03:16:22]
AdwCleaner[S4].txt - [2069 octets] - [04/05/2013 09:30:02]
AdwCleaner[S5].txt - [2189 octets] - [04/05/2013 23:04:05]
AdwCleaner[S6].txt - [2149 octets] - [08/05/2013 00:42:06]

########## EOF - C:\AdwCleaner[S6].txt - [2209 octets] ##########

OTL:

Code:

ATTFilter

OTL logfile created on: 08.05.2013 00:54:03 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Thomas\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
11,80 Gb Total Physical Memory | 9,30 Gb Available Physical Memory | 78,82% Memory free
23,61 Gb Paging File | 20,88 Gb Available in Paging File | 88,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 248,90 Gb Free Space | 53,45% Space Free | Partition Type: NTFS
 
Computer Name: xxxxxx | User Name: Thomas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC -  File not found
PRC - C:\Program Files (x86)\Aurora\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Users\Thomas\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe (Uniblue Systems Ltd)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe (National Instruments Corporation)
PRC - C:\Windows\SysWOW64\lktsrv.exe (National Instruments Corporation)
PRC - C:\Windows\SysWOW64\lkads.exe (National Instruments Corporation)
PRC - C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe (National Instruments Corporation)
PRC - C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe (National Instruments Corporation)
PRC - C:\Program Files (x86)\TightVNC\tvnserver.exe (GlavSoft LLC.)
PRC - C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe (National Instruments Corporation)
PRC - C:\Windows\SysWOW64\lkcitdl.exe (National Instruments, Inc.)
PRC - C:\Program Files (x86)\Hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann)
PRC - C:\Program Files (x86)\Hardcopy\hcdll2_ex_Win32.exe ()
PRC - C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Program Files (x86)\Common Files\PCTV Systems\RemoTerm\remoterm.exe (PCTV Systems S.à r.l.)
PRC - C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exe (Gigabyte Technology CO., LTD.)
PRC - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe (DeviceVM, Inc.)
PRC - C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe (Gigabyte Technology CO., LTD.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Common Files\AxxonSoft\PostgreSQL.NGP\bin\pg_ctl.exe (PostgreSQL Global Development Group)
PRC - C:\Program Files (x86)\Common Files\AxxonSoft\PostgreSQL.NGP\bin\postgres.exe (PostgreSQL Global Development Group)
PRC - C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe ()
PRC - C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Lexware GmbH & Co. KG)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\0116eb86d490dd9ea9fcc53aa7f62422\System.Messaging.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\e818fbdb44667fdf48e69d032ed038a9\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\276a4a9226efbd4e3bfe1cff92acdb51\System.Windows.Forms.ni.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8f045547dc39be38a6c3348b524b5d96\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\39cb017c2a46136cf3ca8a877d4fa741\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f3bcf05501f25211734e003e40c1fc4d\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\35a8c4dd1bd18d6100a4974aa272761c\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Hardcopy\HcDllS.dll ()
MOD - C:\Program Files (x86)\Hardcopy\hcdll2_ex_Win32.exe ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Program Files (x86)\Hardcopy\hardcopy_03.dll ()
MOD - C:\Program Files (x86)\Hardcopy\HcDLL2_30_Win32.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (nlscc) -- C:\Windows\SysNative\nlsInterface.EXE (Nalpeiron Ltd.)
SRV:64bit: - (AppleChargerSrv) -- C:\Windows\SysNative\AppleChargerSrv.exe ()
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (hasplms) -- C:\Windows\SysNative\hasplms.exe (Aladdin Knowledge Systems Ltd.)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe (McAfee, Inc.)
SRV - (SpyHunter 4 Service) -- C:\Programme\Enigma Software Group\SpyHunter\SH4Service.exe (Enigma Software Group USA, LLC.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (DisplayLinkService) -- C:\Programme\DisplayLink Core Software\DisplayLinkManager.exe (DisplayLink Corp.)
SRV - (w7Svc) -- C:\Program Files (x86)\webcam 7\wService.exe (Moonware Studios)
SRV - (NIDomainService) -- C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe (National Instruments Corporation)
SRV - (lkTimeSync) -- C:\Windows\SysWOW64\lktsrv.exe (National Instruments Corporation)
SRV - (lkClassAds) -- C:\Windows\SysWOW64\lkads.exe (National Instruments Corporation)
SRV - (niSvcLoc) -- C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe (National Instruments Corporation)
SRV - (NIApplicationWebServer64) -- C:\Programme\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe (National Instruments Corporation)
SRV - (NIApplicationWebServer) -- C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe (National Instruments Corporation)
SRV - (tvnserver) -- C:\Program Files (x86)\TightVNC\tvnserver.exe (GlavSoft LLC.)
SRV - (nimDNSResponder) -- C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe (National Instruments Corporation)
SRV - (LkCitadelServer) -- C:\Windows\SysWOW64\lkcitdl.exe (National Instruments, Inc.)
SRV - (LBTServ) -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (MSSQLServerADHelper100) -- C:\Programme\Microsoft SQL Server\100\Shared\sqladhlp.exe (Microsoft Corporation)
SRV - (SQLWriter) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (BCUService) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe (DeviceVM, Inc.)
SRV - (Smart TimeLock) -- C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe (Gigabyte Technology CO., LTD.)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (pgsql-8.3) -- C:\Program Files (x86)\Common Files\AxxonSoft\PostgreSQL.NGP\bin\pg_ctl.exe (PostgreSQL Global Development Group)
SRV - (DES2 Service) -- C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation)
DRV:64bit: - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (dlkmd) -- C:\Windows\SysNative\drivers\dlkmd.sys (DisplayLink Corp.)
DRV:64bit: - (dlkmdldr) -- C:\Windows\SysNative\drivers\dlkmdldr.sys (DisplayLink Corp.)
DRV:64bit: - (DisplayLinkUsbPort) -- C:\Windows\SysNative\drivers\DisplayLinkUsbPort_6.3.40660.0.sys (hxxp://libusb-win32.sourceforge.net)
DRV:64bit: - (Ser2pl) -- C:\Windows\SysNative\drivers\ser2pl64.sys (Prolific Technology Inc.)
DRV:64bit: - (EsgScanner) -- C:\Windows\SysNative\drivers\EsgScanner.sys ()
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (L8042Kbd) -- C:\Windows\SysNative\drivers\L8042Kbd.sys (Logitech, Inc.)
DRV:64bit: - (nm3) -- C:\Windows\SysNative\drivers\nm3.sys (Microsoft Corporation)
DRV:64bit: - (AppleCharger) -- C:\Windows\SysNative\drivers\AppleCharger.sys ()
DRV:64bit: - (RsFx0150) -- C:\Windows\SysNative\drivers\RsFx0150.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (PCTVStargate) -- C:\Windows\SysNative\drivers\Stargate64.sys (Hauppauge Computer Works! )
DRV:64bit: - (IwUSB) -- C:\Windows\SysNative\drivers\iwusb_x64.sys (TDi GmbH  TechnoData - Interware)
DRV:64bit: - (auusb) -- C:\Windows\SysNative\drivers\auusb.sys (Auerswald GmbH & Co.KG                         )
DRV:64bit: - (aumpa) -- C:\Windows\SysNative\drivers\aumpa.sys (Auerswald GmbH & Co.KG                         )
DRV:64bit: - (aucapi) -- C:\Windows\SysNative\drivers\aucapi.sys (Auerswald GmbH & Co.KG                         )
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (aksdf) -- C:\Windows\SysNative\drivers\aksdf.sys (Aladdin Knowledge Systems Ltd.)
DRV:64bit: - (azvusb) -- C:\Windows\SysNative\drivers\azvusb.sys (AzureWave Technologies, Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (ZTEusbnet) -- C:\Windows\SysNative\drivers\ZTEusbnet.sys (ZTE Corporation)
DRV:64bit: - (ZTEusbvoice) -- C:\Windows\SysNative\drivers\zteusbvoice.sys (ZTE Incorporated)
DRV:64bit: - (ZTEusbnmea) -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV:64bit: - (ZTEusbser6k) -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV:64bit: - (ZTEusbmdm6k) -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV:64bit: - (massfilter) -- C:\Windows\SysNative\drivers\massfilter.sys (ZTE Incorporated)
DRV:64bit: - (tbhsd) -- C:\Windows\SysNative\drivers\tbhsd.sys (RapidSolution Software AG)
DRV:64bit: - (hardlock) -- C:\Windows\SysNative\drivers\hardlock.sys (Aladdin Knowledge Systems Ltd.)
DRV:64bit: - (akshasp) -- C:\Windows\SysNative\drivers\akshasp.sys (Aladdin Knowledge Systems Ltd.)
DRV:64bit: - (aksusb) -- C:\Windows\SysNative\drivers\aksusb.sys (Aladdin Knowledge Systems Ltd.)
DRV:64bit: - (aksfridge) -- C:\Windows\SysNative\drivers\aksfridge.sys (Aladdin Knowledge Systems Ltd.)
DRV:64bit: - (akshhl) -- C:\Windows\SysNative\drivers\akshhl.sys (Aladdin Knowledge Systems Ltd.)
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider)
DRV - (FsUsbExDisk) -- C:\Windows\SysWOW64\FsUsbExDisk.Sys ()
DRV - (GVTDrv64) -- C:\Windows\GVTDrv64.sys ()
DRV - (etdrv) -- C:\Windows\etdrv.sys (Windows (R) Server 2003 DDK provider)
DRV - (esgiguard) -- C:\Programme\Enigma Software Group\SpyHunter\esgiguard.sys ()
DRV - (ISODrive) -- C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys (EZB Systems, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (usbscan) -- C:\Windows\SysWOW64\drivers\USBSCAN.SYS (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-915812183-1053917599-1125579299-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com
IE - HKU\S-1-5-21-915812183-1053917599-1125579299-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-915812183-1053917599-1125579299-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-915812183-1053917599-1125579299-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-915812183-1053917599-1125579299-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-915812183-1053917599-1125579299-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 43 7F 68 10 E7 B9 CC 01  [binary data]
IE - HKU\S-1-5-21-915812183-1053917599-1125579299-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com
IE - HKU\S-1-5-21-915812183-1053917599-1125579299-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com
IE - HKU\S-1-5-21-915812183-1053917599-1125579299-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-915812183-1053917599-1125579299-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-915812183-1053917599-1125579299-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-915812183-1053917599-1125579299-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-915812183-1053917599-1125579299-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = file://C:/Users/Thomas/AppData/Local/RapidSolution/Videoraptor/WebRip/profile/rrproxy_ie_4db579dc.pac
 
IE - HKU\S-1-5-21-915812183-1053917599-1125579299-1011\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snap.do/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=DE&userid=db187f10-b1b8-4dd0-861f-57909adc44e1&searchtype=ds&q={searchTerms}&installDate=01/05/2013
IE - HKU\S-1-5-21-915812183-1053917599-1125579299-1011\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=DE&userid=db187f10-b1b8-4dd0-861f-57909adc44e1&searchtype=ds&q={searchTerms}&installDate=01/05/2013
IE - HKU\S-1-5-21-915812183-1053917599-1125579299-1011\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snap.do/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=DE&userid=db187f10-b1b8-4dd0-861f-57909adc44e1&searchtype=hp&installDate=01/05/2013
IE - HKU\S-1-5-21-915812183-1053917599-1125579299-1011\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snap.do/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=DE&userid=db187f10-b1b8-4dd0-861f-57909adc44e1&searchtype=ds&q={searchTerms}&installDate=01/05/2013
IE - HKU\S-1-5-21-915812183-1053917599-1125579299-1011\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=DE&userid=db187f10-b1b8-4dd0-861f-57909adc44e1&searchtype=ds&q={searchTerms}&installDate=01/05/2013
IE - HKU\S-1-5-21-915812183-1053917599-1125579299-1011\..\SearchScopes,DefaultScope = 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: translator%40zoli.bod:2.1.0.3
FF - prefs.js..extensions.enabledAddons: %7B23fcfd51-4958-4f00-80a3-ae97e717ed8b%7D:2.1.2.145
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.6.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0a2
FF - prefs.js..extensions.enabledItems: {db187f10-b1b8-4dd0-861f-57909adc44e1}:1.0
FF - prefs.js..extensions.enabledItems: linkuryfirefoxremoteplugin@linkury.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.7
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.2.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.2.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@fluxdvd.com/NPWMDRMWrapper: C:\Program Files (x86)\Videoload Manager\NPWMDRMWrapper.dll ( )
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPMPDRM: C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10174.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Aurora 22.0a2\extensions\\Components: C:\Program Files (x86)\Aurora\components [2013.05.07 22:51:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Aurora 22.0a2\extensions\\Plugins: C:\Program Files (x86)\Aurora\plugins [2013.05.07 22:51:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\tunebite-firefox-surf-and-catch-extension@audials.com: C:\Program Files (x86)\RapidSolution\AudialsOne\Tunebite\plugins\GeckoBased\tunebite-firefox-surf-and-catch-extension@audials.com\ [2011.02.13 20:42:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\videoraptor-firefox-surf-and-catch-extension@audials.com: C:\Program Files (x86)\RapidSolution\AudialsOne\VideoRaptor\plugins\GeckoBased\videoraptor-firefox-surf-and-catch-extension@audials.com\ [2011.02.13 20:44:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.05.09 00:11:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.04.04 23:45:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Aurora 22.0a2\extensions\\Components: C:\Program Files (x86)\Aurora\components [2013.05.07 22:51:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Aurora 22.0a2\extensions\\Plugins: C:\Program Files (x86)\Aurora\plugins [2013.05.07 22:51:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.04.04 23:45:17 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2013.05.05 16:51:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\Extensions
[2013.05.06 00:04:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\jewn20nv.default\extensions
[2013.02.24 22:45:50 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\jewn20nv.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.10.13 23:29:07 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\jewn20nv.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2012.10.28 17:46:00 | 000,060,290 | ---- | M] () (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\firefox\profiles\jewn20nv.default\extensions\translator@zoli.bod.xpi
[2013.05.06 00:04:23 | 000,534,214 | ---- | M] () (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\firefox\profiles\jewn20nv.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013.04.20 00:51:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.04.20 00:51:33 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013.04.20 00:51:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\distribution\extensions
[2012.05.09 00:11:11 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2011.12.14 11:45:24 | 000,170,080 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = hxxp://www.google.com/search?q={searchTerms}&ie=utf-8&oe=utf-8&aq=t
CHR - default_search_provider: suggest_url = hxxp://suggestqueries.google.com/complete/search?q={searchTerms}
CHR - homepage: hxxp://feed.snap.do/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=DE&userid=db187f10-b1b8-4dd0-861f-57909adc44e1&searchtype=hp&installDate=01/05/2013
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: PDF-XChange Viewer (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 11\plugins\npPDFXCviewNPPlugin.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Videoraptor_WebRipPlugin Class) - {3C0372C2-04C3-4100-BAB1-1D42C552BC48} - C:\Program Files (x86)\RapidSolution\AudialsOne\VideoRaptor\plugins\IE\VR_WebRipIePlugin.dll (RapidSolution Software)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Tunebite_WebRipPlugin Class) - {AA102584-3B97-47e7-B9BC-75D54C110A7D} - C:\Program Files (x86)\RapidSolution\AudialsOne\Tunebite\plugins\IE\TB_WebRipIePlugin.dll (RapidSolution Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Free Download Manager) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" File not found
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [tvncontrol] C:\Program Files (x86)\TightVNC\tvnserver.exe (GlavSoft LLC.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-915812183-1053917599-1125579299-1000..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKU\S-1-5-21-915812183-1053917599-1125579299-1000..\Run: [AdobeBridge]  File not found
O4 - HKU\S-1-5-21-915812183-1053917599-1125579299-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-915812183-1053917599-1125579299-1000..\Run: [EarthAlerts] C:\Program Files (x86)\Earth Alerts\EarthAlerts.exe File not found
O4 - HKU\S-1-5-21-915812183-1053917599-1125579299-1000..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup File not found
O4 - HKU\S-1-5-21-915812183-1053917599-1125579299-1000..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics)
O4 - HKU\S-1-5-21-915812183-1053917599-1125579299-1000..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKU\S-1-5-21-915812183-1053917599-1125579299-1000..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKU\S-1-5-21-915812183-1053917599-1125579299-1000..\Run: [Personal ID] C:\coolspot AG\Personal ID\pid.exe (coolspot AG, Düsseldorf)
O4 - HKU\S-1-5-21-915812183-1053917599-1125579299-1000..\Run: [RemoTerm.exe] C:\Program Files (x86)\Common Files\PCTV Systems\RemoTerm\RemoTerm.exe (PCTV Systems S.à r.l.)
O4 - HKU\S-1-5-21-915812183-1053917599-1125579299-1011..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-915812183-1053917599-1125579299-1011..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hardcopy.LNK = C:\Program Files (x86)\Hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann)
O4 - Startup: C:\Users\thomas.tt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hardcopy.LNK = C:\Program Files (x86)\Hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O8:64bit: - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8:64bit: - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8:64bit: - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll (National Instruments Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll (National Instruments Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Reg Error: Key error.)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Reg Error: Key error.)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab (DLM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {937FE81C-FECF-4A55-9754-49D6D6550EDC} hxxp://192.168.0.2:8080/cgi-bin/NNVRVMon.cab (NAS NVR(V) Monitor)
O16 - DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 1.7.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 1.7.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.0.43.145 217.0.43.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = tt.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E74A067E-1622-4FBA-8607-2823B98EF3DF}: DhcpNameServer = 217.0.43.145 217.0.43.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F49CFDB7-97CE-4E4F-87C3-798082C48014}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O18:64bit: - Protocol\Handler\fluxhttp - No CLSID value found
O18:64bit: - Protocol\Handler\fluxhttp\0x00000007 - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\fluxhttp {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files (x86)\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax (ACE GmbH)
O18 - Protocol\Handler\fluxhttp\0x00000007 {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files (x86)\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax (ACE GmbH)
O18 - Protocol\Handler\gopher - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013.05.04 02:04:00 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{30d0e25f-fc91-11e0-8c3e-1c6f65431138}\Shell - "" = AutoRun
O33 - MountPoints2\{30d0e25f-fc91-11e0-8c3e-1c6f65431138}\Shell\AutoRun\command - "" = I:\SETUP.EXE
O33 - MountPoints2\{30d0e25f-fc91-11e0-8c3e-1c6f65431138}\Shell\configure\command - "" = I:\SETUP.EXE
O33 - MountPoints2\{30d0e25f-fc91-11e0-8c3e-1c6f65431138}\Shell\install\command - "" = I:\SETUP.EXE
O33 - MountPoints2\{4bd1e240-775c-11e1-a1b6-1c6f65431138}\Shell - "" = AutoRun
O33 - MountPoints2\{4bd1e240-775c-11e1-a1b6-1c6f65431138}\Shell\AutoRun\command - "" = I:\autorun.exe
O33 - MountPoints2\{6332d5fa-dec2-11e0-b407-e4b965e55e7f}\Shell - "" = AutoRun
O33 - MountPoints2\{6332d5fa-dec2-11e0-b407-e4b965e55e7f}\Shell\AutoRun\command - "" = L:\CD_Start.exe
O33 - MountPoints2\{b5316e49-2ce2-11e1-9391-1c6f65431138}\Shell - "" = AutoRun
O33 - MountPoints2\{b5316e49-2ce2-11e1-9391-1c6f65431138}\Shell\AutoRun\command - "" = I:\SETUP.EXE
O33 - MountPoints2\{b5316e49-2ce2-11e1-9391-1c6f65431138}\Shell\configure\command - "" = I:\SETUP.EXE
O33 - MountPoints2\{b5316e49-2ce2-11e1-9391-1c6f65431138}\Shell\install\command - "" = I:\SETUP.EXE
O33 - MountPoints2\{ed7371b8-1171-11e1-8c6d-1c6f65431138}\Shell - "" = AutoRun
O33 - MountPoints2\{ed7371b8-1171-11e1-8c6d-1c6f65431138}\Shell\AutoRun\command - "" = J:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{ed7371dd-1171-11e1-8c6d-1c6f65431138}\Shell - "" = AutoRun
O33 - MountPoints2\{ed7371dd-1171-11e1-8c6d-1c6f65431138}\Shell\AutoRun\command - "" = J:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.08 00:36:54 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Thomas\Desktop\JRT.exe
[2013.05.07 22:51:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Aurora
[2013.05.07 22:35:03 | 000,083,160 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys
[2013.05.05 16:38:09 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\Foxit Software
[2013.05.05 12:34:46 | 000,000,000 | ---D | C] -- C:\ProgramData\StarMoney 9.0
[2013.05.04 22:27:50 | 000,263,584 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.05.04 10:25:17 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.05.04 10:25:17 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.05.04 10:25:17 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.05.04 10:10:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Thomas\Desktop\OTL.exe
[2013.05.04 09:58:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013.05.04 02:03:23 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
[2013.05.04 02:03:22 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2013.05.04 02:03:22 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013.05.04 00:58:14 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\Malwarebytes
[2013.05.04 00:58:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.05.04 00:58:11 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.05.04 00:58:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.05.04 00:58:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.05.04 00:45:34 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.05.04 00:45:27 | 000,000,000 | ---D | C] -- C:\JRT
[2013.05.01 19:20:53 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\MyPhoneExplorer
[2013.05.01 19:20:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer
[2013.05.01 19:20:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyPhoneExplorer
[2013.05.01 02:07:12 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump
[2013.04.30 00:31:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QNAP
[2013.04.30 00:31:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QNAP
[2013.04.20 21:43:51 | 000,233,472 | ---- | C] (Teruten) -- C:\Windows\SysWow64\FsUsbExService.Exe
[2013.04.20 00:51:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.04.10 00:47:49 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.04.10 00:47:49 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.04.10 00:47:48 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.04.10 00:47:48 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.04.10 00:47:48 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.04.10 00:47:48 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.04.10 00:47:48 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.04.10 00:47:48 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.04.10 00:47:48 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.04.10 00:47:48 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.04.10 00:47:47 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.04.10 00:47:47 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.04.10 00:47:46 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.04.10 00:47:46 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.04.10 00:47:46 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.04.09 22:34:42 | 003,717,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013.04.09 22:34:42 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013.04.09 22:34:41 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2013.04.09 22:34:41 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2013.04.09 22:34:41 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2013.04.09 22:34:41 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2013.04.09 22:29:57 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.04.09 22:29:57 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.04.09 22:29:57 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.04.09 22:29:56 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013.04.09 22:29:56 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013.04.09 22:29:56 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013.04.02 00:14:47 | 009,204,256 | ---- | C] (Moonware Studios) -- C:\Users\Thomas\w7inst.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.08 00:53:01 | 000,019,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.08 00:53:01 | 000,019,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.08 00:46:03 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.08 00:45:59 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\dsmonitor.job
[2013.05.08 00:45:19 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\Windows\gdrv.sys
[2013.05.08 00:45:04 | 004,986,968 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.08 00:45:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.08 00:44:41 | 916,054,014 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.08 00:42:25 | 000,000,495 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013.05.08 00:36:56 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Thomas\Desktop\JRT.exe
[2013.05.08 00:27:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.08 00:10:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.07 23:38:03 | 2115,124,467 | ---- | M] () -- C:\archive.afs
[2013.05.07 22:52:05 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2013.05.07 22:34:51 | 000,083,160 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys
[2013.05.05 19:43:26 | 000,017,630 | ---- | M] () -- C:\Users\Thomas\Desktop\Telefonliste Mannschaft.pdf
[2013.05.05 12:43:17 | 002,665,106 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.05 12:43:17 | 001,287,602 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.05 12:43:17 | 000,766,990 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.05 12:43:17 | 000,678,104 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.05 12:43:17 | 000,007,036 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.05 00:12:21 | 000,030,724 | ---- | M] () -- C:\Users\Thomas\Desktop\bild.jpg
[2013.05.04 22:34:58 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.05.04 10:10:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Thomas\Desktop\OTL.exe
[2013.05.04 10:04:34 | 000,890,815 | ---- | M] () -- C:\Users\Thomas\Desktop\SecurityCheck.exe
[2013.05.04 02:04:00 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2013.05.04 02:03:23 | 000,002,256 | ---- | M] () -- C:\Users\Thomas\Desktop\SpyHunter.lnk
[2013.05.04 01:43:41 | 000,628,743 | ---- | M] () -- C:\Users\Thomas\Desktop\adwcleaner.exe
[2013.05.04 00:58:12 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.05.02 19:46:55 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\BosMon.lnk
[2013.05.01 23:30:08 | 000,040,735 | ---- | M] () -- C:\Users\Public\Documents\calender.xml
[2013.05.01 19:20:50 | 000,002,057 | ---- | M] () -- C:\Users\Public\Desktop\MyPhoneExplorer.lnk
[2013.05.01 01:47:25 | 000,002,002 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
[2013.04.25 22:27:49 | 000,073,885 | ---- | M] () -- C:\Users\Thomas\Desktop\Antari Z-3000 MK II, Neue Version, DMX on Board.pdf
[2013.04.25 22:26:02 | 000,095,784 | ---- | M] () -- C:\Users\Thomas\Desktop\ANTARI M-10 Stage Fogger mit Controller.pdf
[2013.04.25 22:23:46 | 000,086,200 | ---- | M] () -- C:\Users\Thomas\Desktop\Look Viper 2.6 2,6 kW Nebelmaschine, inkl. 5l Regular-Fog.pdf
[2013.04.25 22:23:37 | 000,081,972 | ---- | M] () -- C:\Users\Thomas\Desktop\Look Viper 2.6 2,6 kW Nebelmaschine, inkl. 5l Regular-Fog (1).pdf
[2013.04.25 22:01:29 | 001,356,804 | ---- | M] () -- C:\Users\Thomas\Desktop\Printing Scan.pdf
[2013.04.25 21:48:19 | 000,443,262 | ---- | M] () -- C:\Users\Thomas\Desktop\Hardcopy.pdf
[2013.04.25 21:46:16 | 000,130,504 | ---- | M] () -- C:\Users\Thomas\Desktop\Google Maps.pdf
[2013.04.23 22:51:25 | 001,208,954 | ---- | M] () -- C:\Users\Thomas\Desktop\besichtigungsprotokoll_inspektion_2013-1.pdf
[2013.04.20 22:45:31 | 000,048,531 | ---- | M] () -- C:\Users\Thomas\.TransferManager.db
[2013.04.20 22:30:19 | 000,002,005 | ---- | M] () -- C:\Users\Thomas\Desktop\Kies Air Discovery Service.lnk
[2013.04.16 21:37:28 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.04.16 21:37:28 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.04.14 15:03:04 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.05.05 19:43:26 | 000,017,630 | ---- | C] () -- C:\Users\Thomas\Desktop\Telefonliste Mannschaft.pdf
[2013.05.05 00:12:21 | 000,030,724 | ---- | C] () -- C:\Users\Thomas\Desktop\bild.jpg
[2013.05.04 22:34:58 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013.05.04 22:34:58 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.05.04 10:04:33 | 000,890,815 | ---- | C] () -- C:\Users\Thomas\Desktop\SecurityCheck.exe
[2013.05.04 03:08:59 | 000,000,495 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013.05.04 02:04:00 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2013.05.04 02:03:31 | 000,022,704 | ---- | C] () -- C:\Windows\SysNative\drivers\EsgScanner.sys
[2013.05.04 02:03:23 | 000,002,256 | ---- | C] () -- C:\Users\Thomas\Desktop\SpyHunter.lnk
[2013.05.04 01:43:39 | 000,628,743 | ---- | C] () -- C:\Users\Thomas\Desktop\adwcleaner.exe
[2013.05.04 00:58:12 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.05.01 23:30:08 | 000,040,735 | ---- | C] () -- C:\Users\Public\Documents\calender.xml
[2013.05.01 19:20:50 | 000,002,057 | ---- | C] () -- C:\Users\Public\Desktop\MyPhoneExplorer.lnk
[2013.05.01 01:47:25 | 000,002,002 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
[2013.04.25 22:27:49 | 000,073,885 | ---- | C] () -- C:\Users\Thomas\Desktop\Antari Z-3000 MK II, Neue Version, DMX on Board.pdf
[2013.04.25 22:26:02 | 000,095,784 | ---- | C] () -- C:\Users\Thomas\Desktop\ANTARI M-10 Stage Fogger mit Controller.pdf
[2013.04.25 22:23:37 | 000,081,972 | ---- | C] () -- C:\Users\Thomas\Desktop\Look Viper 2.6 2,6 kW Nebelmaschine, inkl. 5l Regular-Fog (1).pdf
[2013.04.25 22:22:12 | 000,086,200 | ---- | C] () -- C:\Users\Thomas\Desktop\Look Viper 2.6 2,6 kW Nebelmaschine, inkl. 5l Regular-Fog.pdf
[2013.04.25 22:01:27 | 001,356,804 | ---- | C] () -- C:\Users\Thomas\Desktop\Printing Scan.pdf
[2013.04.25 21:48:16 | 000,443,262 | ---- | C] () -- C:\Users\Thomas\Desktop\Hardcopy.pdf
[2013.04.25 21:46:16 | 000,130,504 | ---- | C] () -- C:\Users\Thomas\Desktop\Google Maps.pdf
[2013.04.21 02:44:17 | 001,208,954 | ---- | C] () -- C:\Users\Thomas\Desktop\besichtigungsprotokoll_inspektion_2013-1.pdf
[2013.04.20 22:30:19 | 000,002,005 | ---- | C] () -- C:\Users\Thomas\Desktop\Kies Air Discovery Service.lnk
[2013.04.20 21:43:51 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\FsUsbExDevice.Dll
[2013.04.20 21:43:51 | 000,037,344 | ---- | C] () -- C:\Windows\SysWow64\FsUsbExDisk.Sys
[2013.01.01 18:22:33 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumdfb9.dll
[2013.01.01 18:22:33 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumdfb11.dll
[2013.01.01 18:22:33 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumdfb10.dll
[2013.01.01 18:22:33 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumd9.dll
[2013.01.01 18:22:33 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumd11.dll
[2013.01.01 18:22:33 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumd10.dll
[2012.09.23 00:26:27 | 000,087,219 | ---- | C] () -- C:\Users\Thomas\IMG_2341.jpg
[2012.08.04 12:42:01 | 000,064,640 | ---- | C] () -- C:\Users\Thomas\IMG_0863.jpg
[2012.07.29 12:36:30 | 000,000,021 | ---- | C] () -- C:\Users\Thomas\AppData\Roaming\ISOWorkshop.ini
[2012.06.25 13:22:38 | 000,921,600 | ---- | C] () -- C:\Windows\SysWow64\ZZMP4.X86.DLL
[2012.06.25 13:22:38 | 000,897,536 | ---- | C] () -- C:\Windows\SysWow64\ZZMP4.X64.DLL
[2012.06.01 21:40:38 | 002,019,309 | ---- | C] () -- C:\Users\Thomas\20120530_174119.jpg
[2012.05.28 20:37:56 | 005,070,763 | ---- | C] () -- C:\Windows\SysWow64\AVCODEC-52.DLL
[2012.05.28 20:37:56 | 000,925,696 | ---- | C] () -- C:\Windows\SysWow64\LIBX264.DLL
[2012.05.28 20:37:56 | 000,494,592 | ---- | C] () -- C:\Windows\SysWow64\ZZRTSP.DLL
[2012.05.28 20:37:56 | 000,245,760 | ---- | C] () -- C:\Windows\SysWow64\ZZLABCOM.DLL
[2012.05.28 20:37:56 | 000,192,144 | ---- | C] () -- C:\Windows\SysWow64\AVUTIL-50.DLL
[2012.05.28 20:37:56 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\ZZAVI2.DLL
[2012.05.28 20:37:56 | 000,158,720 | ---- | C] () -- C:\Windows\SysWow64\EYCOPP.DLL
[2012.04.26 23:34:03 | 000,048,531 | ---- | C] () -- C:\Users\Thomas\.TransferManager.db
[2012.04.02 00:31:24 | 036,307,241 | ---- | C] () -- C:\Users\Thomas\CFV_03_2012.pdf
[2012.04.02 00:31:22 | 038,965,977 | ---- | C] () -- C:\Users\Thomas\Chip_03_2012.pdf
[2011.12.25 14:54:48 | 000,155,648 | ---- | C] () -- C:\Windows\SysWow64\daspi32u.dll
[2011.12.25 14:54:48 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\PF1800LC.Dll
[2011.12.25 14:54:48 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\IO_PORT.DLL
[2011.12.25 14:54:48 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\FVC.DLL
[2011.12.25 14:54:48 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\PWiaExt.dll
[2011.12.25 14:54:48 | 000,032,768 | ---- | C] () -- C:\Windows\SysWow64\SQ1394.DLL
[2011.12.25 14:54:48 | 000,010,624 | ---- | C] () -- C:\Windows\SysWow64\GENEUSB.SYS
[2011.12.25 14:54:48 | 000,010,624 | ---- | C] () -- C:\Windows\SysWow64\drivers\GENEUSB.SYS
[2011.12.25 14:54:48 | 000,000,234 | ---- | C] () -- C:\Windows\Scanner.ini
[2011.11.06 20:19:24 | 000,000,197 | ---- | C] () -- C:\Users\Thomas\addressbook.csv
[2011.10.05 20:22:30 | 000,054,576 | ---- | C] () -- C:\Windows\SysWow64\aucapjni.dll
[2011.09.28 18:04:51 | 000,003,076 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.09.28 13:14:25 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\moyocore.dll
[2011.09.28 13:14:00 | 000,315,444 | ---- | C] () -- C:\Windows\SysWow64\isdnapi32.dll
[2011.09.28 13:14:00 | 000,054,576 | ---- | C] () -- C:\Windows\SysWow64\AuerCapiJNINative.dll
[2011.09.03 14:04:01 | 000,000,600 | ---- | C] () -- C:\Users\Thomas\AppData\Local\PUTTY.RND
[2011.07.17 01:15:35 | 000,000,418 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011.07.17 01:15:35 | 000,000,255 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.07.17 00:53:22 | 000,000,017 | -H-- | C] () -- C:\Users\Thomas\AppData\Local\19720201.dat
[2011.07.17 00:52:41 | 000,000,037 | ---- | C] () -- C:\Windows\iltwain.ini
[2011.07.17 00:52:13 | 000,000,000 | ---- | C] () -- C:\Windows\Lmvk32.INI
[2011.06.19 17:24:54 | 000,003,488 | ---- | C] () -- C:\Windows\concdraw.ini
[2011.05.27 15:20:55 | 000,011,235 | ---- | C] () -- C:\Users\Thomas\gsview32.ini
[2011.05.06 00:36:04 | 000,007,623 | ---- | C] () -- C:\Users\Thomas\AppData\Local\Resmon.ResmonCfg
[2011.03.04 00:41:40 | 000,001,456 | ---- | C] () -- C:\Users\Thomas\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2009.04.07 17:55:36 | 000,000,022 | ---- | C] () -- C:\ProgramData\8f01a90e-7eb3-48d3-93b1-50d88fd146fb
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

tom_123 · 08.05.2013, 00:56

Code:

ATTFilter

OTL Extras logfile created on: 08.05.2013 00:54:03 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Thomas\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
11,80 Gb Total Physical Memory | 9,30 Gb Available Physical Memory | 78,82% Memory free
23,61 Gb Paging File | 20,88 Gb Available in Paging File | 88,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 248,90 Gb Free Space | 53,45% Space Free | Partition Type: NTFS
 
Computer Name: xxxxxx | User Name: Thomas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_USERS\S-1-5-21-915812183-1053917599-1125579299-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00C88F42-5D4C-4AEB-A3AA-2E6744FFEC43}" = lport=3390 | protocol=6 | dir=in | app=system | 
"{010E0213-E683-43F3-B8F8-B7AB732FA96C}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{08BF288F-85A7-4B91-BB63-F272C7AE423E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{08F359E9-1C34-45A9-BBA4-0EEC4248092B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{0A2FA836-C6A2-48E2-A8C3-A935F7BE2A02}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{0ABA77B6-B2D2-4591-B85C-82843991692B}" = lport=1723 | protocol=6 | dir=in | app=system | 
"{0C20D5E6-77D7-4B82-83F0-CAA763120BC5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{11A25AD8-DCDB-47DE-AC81-F06A8A8BBCF6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=%systemroot%\system32\svchost.exe | 
"{12A54CD1-5A79-4613-86B1-5B5B83F01DEE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{143411C5-9918-43AB-B5FA-5950833A8379}" = lport=rpc | protocol=6 | dir=in | app=%systemroot%\system32\vdsldr.exe | 
"{1AA732CD-9349-4E6A-9CE2-75DFA8CA7C2A}" = lport=10244 | protocol=6 | dir=in | app=system | 
"{1C331E1A-0A15-4876-B8E8-BC9D0AA153F0}" = rport=1701 | protocol=17 | dir=out | app=system | 
"{1DE3EEC0-E188-4498-B27C-C8E92CE62F5F}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe | 
"{29DB82AC-EB5D-43AC-BC67-7333885DBA06}" = rport=139 | protocol=6 | dir=out | app=system | 
"{318213AF-5126-4DE9-8D08-F69258DF3770}" = lport=443 | protocol=6 | dir=in | app=system | 
"{32AFFECD-1944-4B13-AB7E-7B82B6A89D55}" = lport=445 | protocol=6 | dir=in | app=system | 
"{3582C2BB-F840-4C2C-B3E0-6C6C4427B427}" = lport=137 | protocol=17 | dir=in | app=system | 
"{36F9B7DF-A054-4DC1-BE27-481BF3A96CF6}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3C06BCA9-4523-4C25-B890-1A308A6674F8}" = lport=5900 | protocol=6 | dir=in | name=vnc5900 | 
"{3C33D8CF-F364-4E4E-A2AA-E54391EAC4D3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3ED7217C-D1CD-4828-8DDF-409B466E0E54}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3EE1BE78-36BB-4F51-8C78-45089EA9869D}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{42DD8BBD-E196-488D-99B6-F78705ED0364}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{50D0ADBF-E347-4341-BC54-A1E177E9D46E}" = lport=5800 | protocol=6 | dir=in | name=vnc5800 | 
"{5A539EEC-65D1-43A5-A256-B7C3DD92C3F3}" = lport=445 | protocol=6 | dir=in | app=system | 
"{5ACC7B7E-EC36-4AC1-AFC9-13ABAE85C701}" = lport=1900 | protocol=17 | dir=in | name=upnp device discovery (udp 1900) | 
"{5D011814-905F-4308-BA23-B7C8CBBC128A}" = rport=1723 | protocol=6 | dir=out | app=system | 
"{5DF38CD7-EEB4-42F1-9E27-31CADE3A92A9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{63B5EE5F-36F5-43CA-B0DE-EA4A86F411AC}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{63CC83AB-8776-4C67-8DD2-E0B740E5DF27}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=%systemroot%\system32\svchost.exe | 
"{6AA50FE1-74D4-461E-8212-2BDC727A8E26}" = lport=5800 | protocol=6 | dir=in | name=vnc5800 | 
"{70928FAB-66F9-41CE-8BEE-BC3CCFF333AA}" = lport=80 | protocol=6 | dir=in | app=system | 
"{723EEC06-56C7-4E21-AE43-378AD0997E14}" = lport=5900 | protocol=6 | dir=in | name=vnc5900 | 
"{72C85044-A0E4-48C9-A46E-2687A71CE463}" = lport=rpc | protocol=6 | dir=in | svc=schedule | app=%systemroot%\system32\svchost.exe | 
"{73D8913E-3877-48F5-BFFD-53CD8EAFCB83}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{74F72BCF-1EFD-4A9A-9798-2B526BC8704E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{7A1BBF05-BF63-4BA1-BE91-31336629458D}" = lport=139 | protocol=6 | dir=in | app=system | 
"{7A276B3B-6A61-4754-B767-1A390E3321C1}" = rport=138 | protocol=17 | dir=out | app=system | 
"{7AB47596-8A06-443A-A65B-01C454A01A97}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7D273CD7-A72F-41D0-A635-72F1C3791D1B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=%systemroot%\system32\svchost.exe | 
"{7DCC925C-9796-408B-B407-365E034C4C91}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{84DCDCF3-1191-463E-A865-388A0263BB12}" = lport=5800 | protocol=6 | dir=in | name=vnc5800 | 
"{8BBDA0B6-B18B-42E8-9AD5-E13573B2BF06}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{8C41009F-1DA8-4526-B5CE-51E9E1D4563A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{916A632F-F30E-4476-9D46-23E399F14DE4}" = lport=5985 | protocol=6 | dir=in | app=system | 
"{923A57B5-3A46-4CA8-BB53-E80F90198DB9}" = lport=rpc | protocol=6 | dir=in | svc=vds | app=%systemroot%\system32\vds.exe | 
"{9945B7FE-EC2A-4548-AA12-F20F95857059}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=%systemroot%\system32\svchost.exe | 
"{A29FE87C-1D1F-4F53-891F-2207C83763EE}" = lport=5900 | protocol=6 | dir=in | name=vnc5900 | 
"{A898E030-B7C4-401B-BAAB-5E6CA0AD8515}" = lport=rpc | protocol=6 | dir=in | app=%systemroot%\system32\services.exe | 
"{A8F53585-27E6-41C1-A2D6-182886AA4E56}" = lport=2869 | protocol=6 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{ABA4C479-7634-435B-9746-8F210EDA9C7F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{ACD073A4-90DF-4370-900B-DDFE433E9C7C}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe | 
"{AE4AB01F-AF93-4448-A0F8-C079CC8DBA6E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AE8B39E4-1727-47F9-8D62-A67AFD0C9649}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B42BFF3F-9656-4679-99B2-F42BF003538E}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{C6516150-61E9-4B35-8D88-368803943ACB}" = rport=445 | protocol=6 | dir=out | app=system | 
"{C764AB50-454B-4296-8907-A150239779F3}" = rport=137 | protocol=17 | dir=out | app=system | 
"{CC4F9A49-8DF7-417D-91D1-9B380D88A039}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{CD4A55A3-AC69-4910-B11D-11764353D2A1}" = lport=3580-3581 | protocol=17 | dir=in | app=c:\program files (x86)\national instruments\shared\ni webserver\systemwebserver.exe | 
"{D02813AC-1141-478F-92BA-1FCBE255A718}" = lport=445 | protocol=6 | dir=in | app=system | 
"{D28183AC-1F20-468A-BD8E-89C719A546D6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D4826F70-E053-466C-9EEF-C5F3A72888FA}" = lport=rpc | protocol=6 | dir=in | svc=eventlog | app=%systemroot%\system32\svchost.exe | 
"{D4C51903-D557-4F41-BE87-7554BAD91F58}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{D85585E6-A0DC-448F-98B3-CEBA837E39FB}" = lport=2869 | protocol=6 | dir=in | name=upnp device discovery (tcp 2869) | 
"{D8A0971A-1AC2-4441-96B7-7F88995C093B}" = lport=1701 | protocol=17 | dir=in | app=system | 
"{D98EA584-0096-4666-9C7D-8994CD97A0DB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E1AA504D-8A2A-40BE-8FCC-4B91130A85CD}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{E40F5D34-FACB-4BB5-9D24-66F088760A67}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E6426BDD-221D-436E-9C18-92AA7A9937AE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E7528604-E499-4362-977C-B12625E4B845}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{E909E245-D486-4905-B69F-76F10B838ACA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E9A1E3F0-9D3C-4D6D-8A3C-9BB156433880}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{E9F3CA92-CAD3-46F6-BDA4-C9D733553497}" = lport=3580-3581 | protocol=6 | dir=in | app=c:\program files (x86)\national instruments\shared\ni webserver\systemwebserver.exe | 
"{EC48C782-D86D-4327-9328-9160DB88E007}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{EFB4F464-FFE4-473E-8DBF-9B52DBA98602}" = lport=445 | protocol=6 | dir=in | app=system | 
"{EFDCA747-2D86-475E-B316-5F01EE8A33C6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F2F144D0-9FCB-4344-BACA-DC7574BA38B1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{FF6B8D63-BF31-4F27-8449-0EDCBC7D65F8}" = lport=138 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{076BE79E-E851-4AAE-A28E-2FB040B850AB}" = protocol=6 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{0853C59D-AFFF-456B-BFE9-7C598970E0D6}" = protocol=17 | dir=in | app=c:\program files (x86)\eib-programme\power-tool\toolbapp.exe | 
"{0CAF36F0-B64B-448B-93FD-090320077BA5}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{0F849A0A-6B15-4DBB-88D4-6498A263A218}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{17C55C8C-A8BD-4AAC-AB2A-E014CDB06F41}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1967E5A6-E0F3-40D1-BF0C-D48BD18EC1EE}" = dir=in | app=c:\program files (x86)\pctv systems\tvcenter\tvcenter.exe | 
"{1D17C6CA-6969-49FD-A458-C699896C4722}" = protocol=17 | dir=in | app=c:\windows\system32\hasplms.exe | 
"{1D4CCA4E-3858-413A-BB27-91FBC2FBDB79}" = protocol=6 | dir=in | app=c:\program files (x86)\bosmon\bosmon.exe | 
"{1FB283BD-40DF-41A8-8B46-0995E0B12108}" = protocol=17 | dir=in | app=c:\program files (x86)\wertpapieranalyse 2011\wm60.exe | 
"{2169FF6F-79E3-4A26-BE0A-08254F3B7819}" = protocol=6 | dir=in | app=%systemroot%\system32\msra.exe | 
"{218ECBAA-A8A2-4367-9B43-3BB8ECEF42F8}" = protocol=6 | dir=in | app=c:\program files (x86)\ultravnc\vncviewer.exe | 
"{22EC3136-CADE-4416-9D77-F40268D55AD2}" = protocol=6 | dir=in | app=c:\program files (x86)\national instruments\shared\ni webserver\applicationwebserver.exe | 
"{2364C8DC-0858-4D16-8402-2B860AED3604}" = protocol=6 | dir=in | app=c:\program files\ultravnc\winvnc.exe | 
"{241FB197-7455-4B62-B587-73C853AE2412}" = dir=in | app=c:\program files (x86)\common files\pctv systems\pvr\videocontrol.exe | 
"{2D10378B-8BA6-409F-B0F8-07E4D893A192}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2E90A75B-4BEE-4905-AD03-4310937A181B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{2EE0D6CE-AE59-4AD3-8FC7-ED99DD807459}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe | 
"{2F95949D-F3B2-4418-8924-41F0E48478BF}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{31FA52C9-1FCE-4A6F-92FB-01F59940667D}" = protocol=17 | dir=in | app=c:\program files (x86)\tightvnc\vncviewer.exe | 
"{31FA7824-B7E2-4AE8-A0D0-85CA98BD12BB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{3AC75BE0-52C8-46D9-9BE6-36E14BF3F709}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe | 
"{3B26A12B-C4BE-4D3F-A5CA-6B4C2A4D96AE}" = protocol=6 | dir=in | app=c:\windows\system32\hasplms.exe | 
"{3B848BF1-A2CB-49D8-BEDD-6E15C4BDB929}" = protocol=17 | dir=in | app=c:\program files (x86)\national instruments\shared\ni webserver\applicationwebserver.exe | 
"{3C03FF0C-B6AB-4999-8D9F-4706C38EF138}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe | 
"{3CA56BAB-7074-4455-A4C3-501059336FD9}" = protocol=47 | dir=in | app=system | 
"{3D1A89C8-C0FE-44F7-97D1-7DBBFD90DF87}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{3E8EB5B1-DE64-49B7-96B7-BC717C307899}" = protocol=6 | dir=in | app=c:\program files (x86)\ets4\ets4.exe | 
"{3EE18CCD-5FA5-4CE0-A883-2E850242F499}" = protocol=6 | dir=in | app=c:\program files (x86)\ultravnc\winvnc.exe | 
"{3F0544EA-1C1D-492B-8D8C-323DE996ED39}" = protocol=6 | dir=in | app=c:\program files (x86)\setup wizard\setup wizard.exe | 
"{48701DC6-D7A6-46BF-9D76-ABFAEC096ADE}" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"{4E13D12F-560D-4CF8-A129-56E016EAEEA9}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe | 
"{4F08CF52-B016-4A68-944C-1304C9C0BE35}" = protocol=6 | dir=in | app=c:\program files\national instruments\shared\ni webserver\applicationwebserver.exe | 
"{4F6A774B-C0A8-45BC-B8DF-19E63DD526FD}" = protocol=6 | dir=in | app=c:\program files (x86)\webcam 7\wservice.exe | 
"{569D4F3C-601E-4421-AF97-AF0D8A20EFF8}" = protocol=6 | dir=in | app=c:\program files (x86)\tightvnc\vncviewer.exe | 
"{5CB21806-2DCE-4CBC-B775-852648BAC8EB}" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"{5FD7EB9A-C900-448D-8859-3FC3A809AECE}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{6047A67B-8FC9-4DF3-BAB8-FCD701D88FD6}" = protocol=17 | dir=in | app=c:\program files (x86)\numark cue\cue.exe | 
"{659E0397-51A6-4CE3-9EA4-36B58E57CDCB}" = protocol=6 | dir=in | app=c:\windows\system32\hasplms.exe | 
"{6BF6B441-EC23-4844-833B-12A1D7BAAE56}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"{6DFC8BCE-888C-4979-BF5D-50543A99D0B9}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{6F22FB01-F745-44DB-95A7-E6FA7CECA923}" = protocol=6 | dir=in | app=c:\program files (x86)\wertpapieranalyse 2011\wm60.exe | 
"{6F3AA1E5-0E7B-4288-AB2D-173E955623CC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7086CE10-3CC3-4CDF-A342-E11DD44C998B}" = protocol=6 | dir=in | app=c:\program files\ultravnc\vncviewer.exe | 
"{71DE2365-98D7-4264-BA46-14D3569B0CC5}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"{74806FC4-E11F-41AB-8DFB-651FFDF92543}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe | 
"{74C8DD05-7DD0-41AB-93F4-1A54F7050B2A}" = protocol=6 | dir=in | app=c:\program files (x86)\tightvnc\tvnserver.exe | 
"{76F31BB0-79F3-4CF3-A58A-A9AE52FF7020}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{7B60FEC6-C209-4E2B-9997-3A584B36454D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7D353EAF-E30C-48E0-BA3B-51219B8E0A8E}" = protocol=6 | dir=out | app=%systemroot%\system32\msra.exe | 
"{7DB38E55-1F12-4841-AC47-5658313889D8}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{853048A7-AF27-4731-B154-8E8D2DAC7B2B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{883CCF79-CA04-4B36-96A0-FB732D6FDFF8}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{8919B711-7D8A-4934-8E99-AB874104F175}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8A7C428E-D6E8-402F-90DB-13D4A36328FD}" = protocol=6 | dir=in | app=c:\program files (x86)\myphoneexplorer\myphoneexplorer.exe | 
"{8C6592E8-68B2-427E-8B75-04E5611401BE}" = protocol=6 | dir=in | app=c:\program files (x86)\webcam 7\wlite.exe | 
"{8DB65059-3A4C-4110-BEC9-26E574EB4CBC}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{90D64B3A-1EA9-4E6B-8085-F1BA4A0D63F0}" = protocol=17 | dir=in | app=c:\program files (x86)\setup wizard\setup wizard.exe | 
"{91D0B819-8168-4C18-B55D-125FDACBD536}" = protocol=17 | dir=in | app=c:\program files\ultravnc\winvnc.exe | 
"{928C1866-AFA8-48A8-A4C6-A69A296AA65B}" = protocol=6 | dir=in | app=c:\program files (x86)\ultravnc\winvnc.exe | 
"{95E24E38-82D4-4D39-A9DD-F0F8041124E2}" = protocol=17 | dir=in | app=c:\program files\ultravnc\vncviewer.exe | 
"{963405EC-489B-4E85-A7EF-E2663654C5DC}" = protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{97A7D373-99B4-41F0-A7B5-59531A0A19BE}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{983791E0-82FA-44A5-A171-D289E938D319}" = protocol=6 | dir=out | app=system | 
"{9E204FFF-9476-46C2-AFC7-BD81B5013051}" = protocol=17 | dir=in | app=c:\program files (x86)\webcam 7\wservice.exe | 
"{A497008F-24C8-4D7D-85E3-9C9F8ECEECC7}" = protocol=17 | dir=in | app=c:\program files (x86)\dmxcontrol3.0\gui\lumosgui.exe | 
"{A8C1CC1A-A2AD-4DBF-A883-02F20BE72703}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{AC1352EC-921A-4B8E-8A7B-6AD036DA539B}" = protocol=17 | dir=in | app=c:\program files (x86)\ets4\ets4.exe | 
"{ACFAE25C-0C61-465D-84FA-00EF3B87C822}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{B1D1266D-5319-4230-92F1-550173D3DDC0}" = protocol=6 | dir=in | app=c:\program files\ultravnc\vncviewer.exe | 
"{B1DDEA36-4A85-4C16-9F45-C466A7AA6A13}" = dir=in | app=c:\windows\ehome\ehrecvr.exe | 
"{B340960C-C48E-4D77-B940-D26D9CDD9CA9}" = protocol=17 | dir=in | app=c:\program files (x86)\dmxcontrol3.0\kernel\lumos.exe | 
"{B78B5A54-ED78-4C1D-B5B7-5E32B6D28C6A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B7BA2B06-C855-482D-AFC6-DB10ACC40134}" = protocol=17 | dir=in | app=c:\program files\ultravnc\vncviewer.exe | 
"{BB883679-A740-4C02-8E9A-211124998804}" = protocol=17 | dir=in | app=c:\program files (x86)\cs odessa\conceptdraw\concdraw.exe | 
"{BD52E35A-9A3A-4547-BA78-2E995A3DD0E2}" = protocol=17 | dir=in | app=c:\program files (x86)\myphoneexplorer\myphoneexplorer.exe | 
"{C0EB0B4A-4708-4F26-BBA0-DE12E4BD0B2F}" = protocol=47 | dir=out | app=system | 
"{C1958D43-7711-4BA9-8F98-C20A2CA69CB1}" = protocol=17 | dir=in | app=c:\program files (x86)\ultravnc\winvnc.exe | 
"{C229CA86-D1D2-4089-A45B-2E31E803BAF1}" = protocol=17 | dir=in | app=c:\program files\national instruments\shared\ni webserver\applicationwebserver.exe | 
"{C692E6E4-0EE4-4D30-A3B1-360EC62EEEBD}" = protocol=6 | dir=in | app=c:\program files (x86)\ultravnc\winvnc.exe | 
"{C7F05D45-2222-4B21-8AB1-97F4BC1BDB64}" = protocol=6 | dir=in | app=c:\program files (x86)\cs odessa\conceptdraw\concdraw.exe | 
"{C86315F9-13C9-4AD8-8186-ECA096569CF0}" = protocol=17 | dir=in | app=c:\program files (x86)\tightvnc\tvnserver.exe | 
"{CA4C041A-1AFB-4E07-9740-A910B747BBBC}" = dir=in | app=%programfiles%\ultravnc\vncviewer.exe | 
"{D16EB1BB-06C3-425A-B615-ACEF903E60CC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{D20B6583-956D-446A-A046-7ABE6D5B7A16}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D3409CD0-4D3C-4ACE-BAA3-7079B8F6BA64}" = protocol=17 | dir=in | app=c:\windows\system32\hasplms.exe | 
"{D4B359D0-3E94-403A-9CB7-024C805BA598}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{D733D4B4-8D5A-4E9B-BDBC-820A5064DF18}" = protocol=17 | dir=in | app=c:\program files (x86)\ultravnc\vncviewer.exe | 
"{DE0E3E23-BE62-4C20-920A-685018D7220F}" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"{E048C5BF-99B9-4E3E-BEB2-8021F887E618}" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"{E082AC24-9641-45CA-B500-47C373BFF02F}" = protocol=17 | dir=in | app=c:\program files (x86)\webcam 7\wlite.exe | 
"{E1D88512-214D-4D3E-859F-CCF313F73D61}" = dir=in | app=c:\program files (x86)\common files\pctv systems\streamingserver\strmserver.exe | 
"{E4698339-BF20-4D51-B479-403E71C10CB2}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{E5B96BAC-E32D-49EF-9A48-8757E17F9320}" = protocol=6 | dir=in | app=c:\program files (x86)\numark cue\cue.exe | 
"{EDC4F8DE-5667-4874-900A-918727FAEED4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{F0156EAA-6B10-4D82-8065-48FC906E8D4D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F2DF6622-BF06-416D-A980-29187BA27C0C}" = protocol=6 | dir=in | app=c:\program files (x86)\dmxcontrol3.0\kernel\lumos.exe | 
"{F3D26A93-0BBD-44E0-806D-B2E7EE12AA9B}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{F3DBC6DA-9FE4-4939-94C0-C00F255351E1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F43346C0-3568-4356-8A10-BD7AF19123FA}" = protocol=6 | dir=in | app=c:\program files (x86)\eib-programme\power-tool\toolbapp.exe | 
"{F4AC71AF-ACAF-42AD-9C98-F606B222C405}" = protocol=17 | dir=in | app=c:\program files (x86)\bosmon\bosmon.exe | 
"{F92E43D2-3E7E-428B-A495-95CF48D84207}" = protocol=6 | dir=in | app=c:\program files (x86)\dmxcontrol3.0\gui\lumosgui.exe | 
"{FC2397D0-ECC8-4B4C-9823-7DCDD77C69F5}" = protocol=17 | dir=in | app=c:\program files (x86)\ultravnc\winvnc.exe | 
"{FE7D5593-C354-4B93-869E-E04E13C36D2D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{FEBFF7AD-7F07-41B9-AD74-93BF6311B0F4}" = protocol=17 | dir=in | app=c:\program files (x86)\ultravnc\winvnc.exe | 
"TCP Query User{03F7B104-4B77-4B38-BA06-38561EB65BC9}C:\program files (x86)\dmxcontrol3.0\gui\lumosgui.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dmxcontrol3.0\gui\lumosgui.exe | 
"TCP Query User{0CC96739-2403-42ED-B244-D5757FF25E30}C:\program files (x86)\setup wizard\setup wizard.exe" = protocol=6 | dir=in | app=c:\program files (x86)\setup wizard\setup wizard.exe | 
"TCP Query User{0D725E8E-C793-4831-8B3D-71BDB0AAADB7}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"TCP Query User{293E562E-CA8D-45F5-A5AC-3356E0E09B14}C:\program files (x86)\intervideo\dvd7\windvd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\intervideo\dvd7\windvd.exe | 
"TCP Query User{3F4C599C-DAE8-4D68-8B3D-A5D65615B039}C:\program files (x86)\wertpapieranalyse 2011\wm60.exe" = protocol=6 | dir=in | app=c:\program files (x86)\wertpapieranalyse 2011\wm60.exe | 
"TCP Query User{3FF4BE81-398F-4ACD-90B1-2CE895FDB750}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"TCP Query User{45AE8D84-0318-4DB4-8732-E62163783265}C:\program files (x86)\numark cue\cue.exe" = protocol=6 | dir=in | app=c:\program files (x86)\numark cue\cue.exe | 
"TCP Query User{4DA4541F-2288-4D96-B725-F5FF6F0E2FB9}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{66C53560-02E1-40A4-8F11-FB6D8BE2E65C}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{6792EE4B-37C2-41EB-88A5-A2E9EE3BCE86}C:\program files (x86)\dmxcontrol3.0\kernel\lumos.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dmxcontrol3.0\kernel\lumos.exe | 
"TCP Query User{682A19BC-2973-4B9B-A035-EC00265B9598}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"TCP Query User{6AC47F4F-13C4-409D-98F1-54A1FDDF730F}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{6ADF9550-EEA3-446B-8ABD-301474E16EFC}C:\program files (x86)\bosmon\bosmon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bosmon\bosmon.exe | 
"TCP Query User{6E8E3067-2B6B-45E8-A9ED-7030A463EAA3}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\myphoneexplorer\myphoneexplorer.exe | 
"TCP Query User{7B88B888-889F-4685-A090-900B40FF9F87}C:\program files (x86)\eib-programme\power-project40\bin\powerpro4.exe" = protocol=6 | dir=in | app=c:\program files (x86)\eib-programme\power-project40\bin\powerpro4.exe | 
"TCP Query User{97B56CDB-6338-48CD-BCB3-54EA3B1FD5F8}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"TCP Query User{9F1BF709-6E33-4FA9-B91D-E0F970D7EBBB}C:\program files (x86)\ets4\ets4.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ets4\ets4.exe | 
"TCP Query User{C0EA2432-92D1-4418-A0BF-29B59B0AAF9E}C:\program files (x86)\sma\sunny explorer\sunnyexplorer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sma\sunny explorer\sunnyexplorer.exe | 
"TCP Query User{C22D88D5-FFB1-4609-91D0-953B53496614}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{DA53E44A-EDAE-48C9-A256-EDD0780A05EB}C:\program files (x86)\wertpapieranalyse 2011\wm60.exe" = protocol=6 | dir=in | app=c:\program files (x86)\wertpapieranalyse 2011\wm60.exe | 
"UDP Query User{00C74A43-B100-4BCB-B793-3EEE1D58D232}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{01CD0EAC-BE73-45CA-B53A-1BA1B291F577}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"UDP Query User{1708BA1F-B263-4222-AFA1-5402912656A5}C:\program files (x86)\intervideo\dvd7\windvd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\intervideo\dvd7\windvd.exe | 
"UDP Query User{174278E9-C99E-4507-AB4F-DEF222EACBCD}C:\program files (x86)\wertpapieranalyse 2011\wm60.exe" = protocol=17 | dir=in | app=c:\program files (x86)\wertpapieranalyse 2011\wm60.exe | 
"UDP Query User{1EDAD5AA-0F56-4529-A803-6A007A742A03}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\myphoneexplorer\myphoneexplorer.exe | 
"UDP Query User{1F994B47-85C0-407E-881A-26017A4206A8}C:\program files (x86)\bosmon\bosmon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bosmon\bosmon.exe | 
"UDP Query User{2FA2C5F3-1A6F-46A4-9FB2-C81E8F86E5B9}C:\program files (x86)\dmxcontrol3.0\gui\lumosgui.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dmxcontrol3.0\gui\lumosgui.exe | 
"UDP Query User{3FD66453-881D-45F9-9256-AFDF1E1F45EC}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"UDP Query User{5C4A8A1F-AB82-463F-B00C-310922ECF975}C:\program files (x86)\sma\sunny explorer\sunnyexplorer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sma\sunny explorer\sunnyexplorer.exe | 
"UDP Query User{6562A1B3-1F05-4378-B492-D33C107FB808}C:\program files (x86)\ets4\ets4.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ets4\ets4.exe | 
"UDP Query User{74DC2216-873D-4FAA-ABD1-6FC9FB18DA7B}C:\program files (x86)\dmxcontrol3.0\kernel\lumos.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dmxcontrol3.0\kernel\lumos.exe | 
"UDP Query User{79D72F0B-1DB6-4AAB-B3FB-DEA1D6EC93CE}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"UDP Query User{832FA5D5-7180-491E-9A04-4E496330C469}C:\program files (x86)\eib-programme\power-project40\bin\powerpro4.exe" = protocol=17 | dir=in | app=c:\program files (x86)\eib-programme\power-project40\bin\powerpro4.exe | 
"UDP Query User{9ABCCCB1-96ED-4B59-B885-C5E96C963407}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{9BFD0086-7207-458C-92C3-D68B5F4A9213}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{A3B54496-01EF-419C-BD75-EBBF9334FFE5}C:\program files (x86)\setup wizard\setup wizard.exe" = protocol=17 | dir=in | app=c:\program files (x86)\setup wizard\setup wizard.exe | 
"UDP Query User{BBA6F048-CC7E-49AB-BAE0-C48529C93BB8}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{C024EF55-2D05-43DD-BBA8-00C6EF1E8759}C:\program files (x86)\wertpapieranalyse 2011\wm60.exe" = protocol=17 | dir=in | app=c:\program files (x86)\wertpapieranalyse 2011\wm60.exe | 
"UDP Query User{C6568A0D-174B-4EC7-917E-B9BEA7BF4209}C:\program files (x86)\numark cue\cue.exe" = protocol=17 | dir=in | app=c:\program files (x86)\numark cue\cue.exe | 
"UDP Query User{CB1F7CEE-4C51-44F7-A9EF-778B1F16495C}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{03DDD360-84C3-42CF-B67F-230CC521A5C9}" = NI Logos64 XT Support
"{05825BEC-5290-4FF1-BD25-CA9BD29071FA}" = NI-Mesa
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1111706F-666A-4037-7777-202648764D10}" = JavaFX 2.0.2 (64-bit)
"{13F04F10-986E-42D5-9668-D9BCBCAAAF3B}" = NI System State Publisher (64-bit)
"{18F703C3-32EC-4E5C-BC3C-C1BD72D35F5B}" = TVCenter
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{2180B33F-3225-423E-BBC1-7798CFD3CD1F}" = Microsoft SQL Server 2008 R2 Native Client
"{2222706F-666A-4037-7777-202648764D10}" = JavaFX 2.0.2 SDK (64-bit)
"{234F6B0D-10AE-4BB7-B2F3-E48D4861952D}" = SQL Server 2008 R2 Common Files
"{26A24AE4-039D-4CA4-87B4-2F86417002FF}" = Java(TM) 7 Update 2 (64-bit)
"{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}" = Microsoft SQL Server VSS Writer
"{31D8581C-BF83-45CD-B70F-56228C0D7F47}" = NI Logos 5.4 (64 Bit)
"{35A97349-0C65-447D-ADCC-50816D7E1D38}" = NI LabWindows/CVI 2012 Network Variable Library (64-bit)
"{36B8F941-4CC2-4FAC-8429-1A623F49FB06}" = NI LabWindows/CVI 2012 TDMS Library (64-bit)
"{36F70DEE-1EBF-4707-AFA2-E035EEAEBAA1}" = SQL Server 2008 R2 Common Files
"{4168FF33-8D45-40B3-B2A8-FD91BB2A1BA0}" = NI mDNS Responder 1.6 for Windows 64-bit
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4DEF728D-28F0-46A6-A395-90E0D7BF954D}" = Disc Manager
"{52815726-3F51-4E74-8CCD-0A92FB74BC48}" = NI LabWindows/CVI Run-Time Engine 2012 (64-bit)
"{583E320A-F7F7-4A23-A80E-26995A5371CC}" = MySQL Connector/ODBC 5.1
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6344718C-AE30-4C86-B5CD-459077A83623}" = Microsoft SQL Server Native Client
"{64A3A4F4-B792-11D6-A78A-00B0D0170020}" = Java(TM) SE Development Kit 7 Update 2 (64-bit)
"{6964A158-5906-48CF-9764-10881EAE5B94}" = DisplayLink Core Software
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6B6C4C46-1B7E-4A41-9E70-ACFBB22B1D81}" = SpyHunter
"{6D10FB2C-82A9-40F2-91D0-7BE64CF0DAF2}" = Microsoft SQL Server 2008 R2 Setup (English)
"{6DC6AB4E-2BAA-AFC6-C5E1-A442917C6AFD}" = AMD Catalyst Install Manager
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E9D6C3B-C8A3-4C47-9355-B04FBFD5C81F}" = NI GMP Windows 64-bit Installer 12.0.0
"{79253283-47EB-4A67-9014-0CBEC8AE4D0C}" = NI VC2010MSMs x64
"{7949A08A-A7F7-4667-BBE9-8F16F00160F9}" = NI Curl 12.0.0 (64-bit)
"{7E7F2CA1-F0D9-43FE-9E96-2289FCD8C9F9}" = NI Trace Engine (64-bit)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{82DA2AE0-AC4B-4D34-BE7D-B4C720A1E7D2}" = NI VC2008MSMs x64
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C5B5A11-CBF8-451B-B201-77FAB0D0B77D}" = Microsoft Network Monitor 3.4
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{9235132D-76EF-4A53-921A-CEF3224C1B52}" = Unterstützung für NI SSL (64 Bit)
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{944955CA-DC3A-40B2-B21B-4CD333B15BCE}" = NI-ActiveX-Container (64-bit)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{963E5FEB-1367-46B9-851D-A957F1A3747F}" = Microsoft Network Monitor: NetworkMonitor Parsers 3.4
"{9ED333F8-3E6C-4A38-BAFA-728454121CDA}" = PDF-XChange Viewer
"{A2122A9C-A699-4365-ADF8-68FEAC125D61}" = SQL Server 2008 R2 Database Engine Shared
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ACDE2A50-97CF-47FE-B92C-ED8147F85A9D}" = NI VC2005MSMs x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B40EE88B-400A-4266-A17B-E3DE64E94431}" = Microsoft SQL Server 2008 Setup Support Files 
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B85DCCD8-5CAF-4B85-A347-AF62238C1BA2}" = NI Web Application Server 12.0 (64 Bit)
"{B9B61267-773D-4569-A4F9-FB241BABA462}" = NI MAX Remote Configuration 64-bit Installer 5.3
"{BA4EF391-FE34-4E99-97B2-338426F82E00}" = NI System Web Server Base 12.0.0 (64-bit)
"{BB57A765-FFFE-498B-8C1E-6C9CE2AB92BA}" = Microsoft SQL Server 2008 R2 RsFx Driver
"{BBDC08C8-1932-43D3-A711-67618CCD40BB}" = NI Authentication 12.0.0 (64-bit)
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{C942A025-A840-4BF2-8987-849C0DD44574}" = SQL Server 2008 R2 Database Engine Shared
"{CF076FC9-35B1-414C-AE9B-7B582D1B9DD5}" = NI LabWindows/CVI 2012 Analysis Library (64-bit)
"{D75A0E66-994D-4348-AB6A-80DCD1142960}" = NI TDMS (64-bit)
"{E23B6390-68FE-4882-B25C-0950C212AA57}" = NI Math Kernel Libraries (64-bit)
"{E28F112D-4784-4466-AE4B-07B3630C857F}" = Oracle VM VirtualBox 4.2.10
"{ECD1806C-56F6-4798-93A2-166F45124B1D}" = O&O MediaRecovery
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F31183CF-E10F-4DE1-BB59-6C0FF38E481E}" = Sql Server Customer Experience Improvement Program
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = SQL Server 2008 R2 Database Engine Services
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = SQL Server 2008 R2 Database Engine Services
"Auerswald CAPI 2.0 Treiber" = Auerswald-CAPI-2.0-Treiber
"Auerswald Fax Drucker" = Druckertreiber Auerswald Fax
"Auerswald Uni TAPI Treiber" = Auerswald Uni TAPI Treiber
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 R2 (64-bit)
"Microsoft SQL Server 2008 R2" = Microsoft SQL Server 2008 R2 (64-bit)
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"sp6" = Logitech SetPoint 6.20
"VLC media player" = VLC media player 2.0.2
"VueScan" = VueScan
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{08D51536-D958-5C3E-2F36-F2F5C0B2D7F8}" = DataCenter2
"{097F54D3-1019-4CC1-B2BA-8EA46A3EC9B2}" = NI EulaDepot
"{0C8364B1-AFD8-45B7-ACE8-B76113B6C418}" = FugVS2005
"{0CD02701-CF13-41D7-81CF-E46600629052}" = NI LabWindows/CVI Run-Time Engine 2012 (Updated)
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{163A486D-BE65-487E-98D9-F5298F3D5E15}" = PhotoTools 2.5
"{16DBD2E0-C9D9-4C5C-A697-ECAEEC2F0E9D}" = NI LabWindows/CVI 2012 Low-Level Driver (Updated)
"{17C551F5-4706-4096-B9E3-CCEE31788484}" = AxxonSoft Situation detectors. ItvDetectorPack v.3.0.2.46
"{186A95B6-4729-4762-A1FA-3ED95D13D631}" = NI Curl 12.0.0
"{1A0B8239-664B-434A-99D8-C50793513249}" = Audials TV
"{1D9B4546-E954-4DF1-8808-8CC2CE72FA77}" = NI Math Kernel Libraries
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FCBD504-AB7D-4757-9A14-850348384B08}" = StarMoney
"{20F1C397-6394-411C-B299-4743A4E4EFFF}" = NI Uninstaller
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{286B8A6B-72B5-4382-8380-BFFCAA67ACF9}" = CUE
"{2B69AD59-FA30-47fc-B950-FA27E7D16A73}_is1" = MZ-Tools 3.0 für VBA
"{2C303EE0-A595-3543-A71A-931C7AC40EDE}" = Microsoft Primary Interoperability Assemblies 2005
"{3698573F-F778-4076-96DF-3BE4D53A61CA}" = Axxon Driver Pack v.3.2.13.1072
"{374262DA-B644-4CCA-8A37-DF57AD806408}" = Sunny Design 2.21
"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
"{3B35725F-C623-4A1E-B5CC-99C0868679E3}" = Smart 6 B10.0422.1
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B10.0427.1
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{4148991D-DB5B-4064-91D3-3F9B6FDBBE5C}" = Tunebite
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B10.0521.1
"{45CEBDDE-AD94-4C5A-999D-0D35CE61405B}_is1" = 1.5
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A684677-2EB8-41DF-941D-BEA07D50D545}" = Videoraptor
"{4B1740DF-F9BE-4993-9F91-7350D1143447}" = NI System Web Server Base 12.0.0
"{4B3284A1-AE20-440B-BB97-A322B94F1279}" = NI MAX Remote Configuration Installer 5.3
"{4BFADFE0-10A4-4F97-863B-8C76E348EB82}" = NI System State Publisher
"{4CD648BA-93D6-4D55-81FF-7B66FA67E2C6}" = NI MDF Support
"{527BB01E-3067-4608-BF7F-EFEF0920C203}" = Auerswald COMfortel Melody 1.3.0
"{56582EEA-3AEF-4D84-8B9D-C87A3CD9250F}" = GetDataBack for NTFS
"{59624372-3B85-47f4-9B04-4911E551DF1E}" = Lexware Info Service
"{5A6DB7C1-E646-4842-A562-49C5EB8F2B47}" = StarMoney
"{5E29E10C-A5F2-4C04-BDAF-98BE38FA80E3}" = NI LabWindows/CVI 2012 TDMS Library
"{5F3D8CCF-7A99-401C-A8B5-7237242592B1}" = NI Logos 5.4
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{665C721C-49A3-49E9-AED0-EBEDC1327D57}" = Setup Wizard
"{66E3BA00-6B3D-466B-96FA-6309A7F42BB0}" = Adobe Flash Player 10 ActiveX
"{675F86A8-E093-4002-87D5-915CC2C45571}" = DES 2.0
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6FFB1B16-0930-421B-9F2C-E4CB91E3B22D}" = NI VC2010MSMs x86
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{712723FB-BF99-4406-8F91-A2DB766AB2C9}" = NI VC2008MSMs x86
"{754854DC-2E0A-49D8-A1A1-426C1F9B1459}" = Intel(R) IPP Run-Time Installer 5.3 Update 4 for Windows* on IA-32
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{766B7D2F-EE51-4C31-A336-E5C6399D1B82}" = NI-Mesa
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{781CE3C3-3228-4BB4-A8A2-1317A0447553}" = NI LabWindows/CVI 2012 Analysis Library
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7DE391F3-CC8D-4EC2-80E6-5F24120FA4F1}" = Silicon Laboratories CP210x VCP Drivers for Windows XP/2003 Server/Vista/7
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8AC58984-BA65-41D1-9F14-261EFEDAAB01}" = Unterstützung für NI SSL
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PROHYBRIDR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_PROHYBRIDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.VISIOR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.VISIOR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.VISIOR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.VISIOR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.VISIOR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.VISIOR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.VISIOR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2010
"{90140000-0054-0407-0000-0000000FF1CE}_Office14.VISIOR_{1FEAC070-BB09-4055-9BD0-48CF52023F92}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.VISIOR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90885A82-9673-49EA-AB39-AF776639C67C}" = InterVideo WinDVD 7
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91140000-0057-0000-0000-0000000FF1CE}" = Microsoft Office Visio 2010
"{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{01D8AE4B-A04D-47E5-81BF-E3F98B81B8C3}" = Microsoft Visio 2010 Service Pack 1 (SP1)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{94F2978F-59C7-45E9-8DD7-54A73D212303}" = NI Logos XT Support
"{956AB2F3-CE39-4078-82DC-B2B7F1BEEEC5}" = Tagrunner
"{962EEB0B-2063-4D3C-A621-B303F3D2DAC3}" = NI LabWindows/CVI Run-Time Engine 2012
"{965BB87F-CF2A-4D1F-A0D2-3795BEBC9999}" = NI Trace Engine
"{96A7A3D9-8AD3-410A-82C6-B6E0964A1AFC}" = DDBAC
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C450606-ED24-4958-92BA-B8940C99D441}" = PixiePack Codec Pack
"{9DC1A9BA-070A-455F-8AC3-62587524ADFB}" = Quicken 2011 - ServicePack 4
"{9F0C8CCB-53C7-4E86-B106-15517D35CE14}" = Sunny Explorer
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A13D9E3A-B31D-4E69-8681-EDB7AA02E365}" = Quicken Import Export Server 2011
"{A2B09CFD-F0B2-30AF-8DF4-1DF6B63FC7B5}" = Auerswald COMfortel Set 2.8.0
"{A2F991E7-DDCD-42B7-AFEC-47789A099FDC}" = Browser Configuration Utility
"{A33A9C7A-DAF1-4A13-989C-64DAAF62C750}" = NI System Web Server 12.0
"{A363C314-2242-4BBE-9ADE-B427AF646EFF}" = NI mDNS Responder 1.6.0
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9F2E6BA-6756-4D8D-808E-671F4862EF2B}" = KNX ETS4
"{AA75D3E0-E40D-438A-8693-314AA4D58344}" = Data Logger
"{AC3DDDE2-2CCA-4ACE-8BF1-BF1239AFE12F}" = NI Visual C++ 2005 Redistributable Package
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{B066064E-8BB9-4BB6-88A1-62522FD34EB3}" = Radiotracker
"{b17ff919-2d84-4f2a-94d1-4c5254d8924f}" = KNX eteC Falcon Runtime v2.0
"{B256C380-AC47-4681-8342-7F42E4F0F434}" = JRE 1.6.1
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS
"{B59B5506-2034-48AE-810F-54E7C780A8BD}" = NI Authentication 12.0.0
"{B823632F-3B72-4514-8861-B961CE263224}" = PostgreSQL 8.3
"{B837579C-B73E-47ED-B722-B0076CDDFB2C}_is1" = BosMon 1.2.2
"{B9681EB8-76E5-4022-AE84-F6B7CE464554}" = KNX ETS4 Additional Runtime
"{BF9BF038-FE03-429D-9B26-2FA0FD756052}" = Microsoft SQL Server Browser
"{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = DriverScanner
"{C60FC3DA-1B1A-41D0-8C0F-6D139845E065}" = NI LabWindows/CVI 2012 Low-Level Driver (Original)
"{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B09.1014.2
"{C92BA15C-7952-4626-9EE3-0C8940D62945}" = NI Visual C++ 2010 Redistributable Package
"{CE810E58-20B0-4701-A1B5-8B9C155FE156}" = NI Visual C++ 2008 Redistributable Package
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D9364B00-D223-11D5-9F10-00304F0AF384}" = ConceptDraw Deutsch
"{D9C15833-DBC0-418C-B27E-921E2534F834}" = Power-Tool
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E0D8CD4E-4771-4848-A09D-60A31D883883}" = NI VC2005MSMs x86
"{E259DE5F-4980-4882-85D0-312F82721ED5}" = Quicken 2011
"{E2F2B987-F2BC-4969-95F2-92099486B811}" = StarMoney
"{E483D4FF-1ECD-4218-8560-CAAB6DF31A9C}" = NI GMP Windows 32-bit Installer 12.0.0
"{E7BBCB1F-21CC-4DC9-83AD-587F776EDAD9}" = NI TDMS
"{EC2F8A30-787F-4DA5-9A8F-8E7DFE777CC2}" = Servicepack Datumsaktualisierung
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{EE2F0FD3-2943-4A4F-895A-AB8085481D41}" = NI LabWindows/CVI 2012 Network Variable Library
"{F074C96B-CBD0-4614-B4DA-E7A5B81CB721}" = Power-Project V4.5
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4D83475-BA56-48F3-A03C-283871B6EC33}" = NI-ActiveX-Container
"{F625701A-E55C-47B4-8FC0-52B4FFE306BB}" = Wertpapieranalyse 2011
"{F6995FC4-2D91-4169-B3C4-7C51B7123902}" = Lexware online banking
"{F722209B-739E-40E4-ADB1-062BD032A0DB}" = Personal ID
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F902AB2B-7816-4CBD-A385-F2549F62956B}" = StarMoney
"{FB3F09C4-029C-48B7-9242-6616BFDE0596}" = Bosch Video SDK Runtime Library 4.23.03.03
"{FE76435C-3F81-4A07-A620-22308DF454AF}" = NI Web Application Server 12.0
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"Anti-Twin 2011-02-13 18.28.45" = Anti-Twin (Installation 13.02.2011)
"AudialsOne_is1" = AudialsOne 3.0.4980.7100
"Aurora 22.0a2 (x86 de)" = Aurora 22.0a2 (x86 de)
"Avira AntiVir Desktop" = Avira Free Antivirus
"CDLIB" = CDLIB 5.1
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"CTDVDAudio Plugin" = Creative DVD Audio Plugin for Audigy Series
"DAEMON Tools Lite" = DAEMON Tools Lite
"Data Center 2" = Data Center 2
"DataCenter2.6A52D17A1C86211F195F60E94C15876515EBE62C.1" = DataCenter2
"DeInst_d2vexcrdTop50 Viewer (Build 1.0.5.388)" = Top50 Viewer
"DivX Setup" = DivX-Setup
"DMXControl_3.0" = DMXControl 3.0
"DVDx 4.0" = DVDx 4.0
"ElsterFormular für Unternehmer 12.1.1.6214u" = ElsterFormular-Update
"ESET Online Scanner" = ESET Online Scanner v3
"FileZilla Client" = FileZilla Client 3.5.2
"Free Download Manager_is1" = Free Download Manager 3.9.2
"FreePDF_XP" = FreePDF (Remove only)
"Fugawi45_GE_is1" = Fugawi Google Earth Plug-in Version 1.1.0.6
"Fugawi45_is1" = Fugawi 4.5
"go1984 Desktop Client_is1" = go1984 Desktop Client, Version 3.8.1.8
"Google Chrome" = Google Chrome
"GPL Ghostscript 9.00" = GPL Ghostscript 9.00
"GSview 4.9" = GSview 4.9
"Hardcopy(C__Program Files (x86)_Hardcopy)" = Hardcopy (C:\Program Files (x86)\Hardcopy)
"IcoFX_is1" = IcoFX 1.6.4
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B10.0521.1
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B09.1014.2
"InstallShield_{E259DE5F-4980-4882-85D0-312F82721ED5}" = Quicken Deluxe 2011
"InterActual Player" = InterActual Player
"ISO Workshop_is1" = ISO Workshop 3.2
"KNX ETS4" = KNX ETS4
"MacroX" = MacroX 3.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"MatrixLock USB Driver v2.30.0" = MatrixLock USB Driver v2.30.0
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Thunderbird 17.0.5 (x86 de)" = Mozilla Thunderbird 17.0.5 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPE" = MyPhoneExplorer
"NAVIGON Fresh" = NAVIGON Fresh 3.3.2
"NI Uninstaller" = National Instruments - Software
"NIMDFDeployment.{AA75D3E0-E40D-438A-8693-314AA4D58344}" = Data Logger
"Numark Cue (Atomix Productions)" = Numark Cue (Atomix Productions)
"ODBC" = ODBC
"Office14.VISIOR" = Microsoft Visio Premium 2010
"Power-Project V4.5" = Power-Project V4.5
"Power-Tool" = Power-Tool
"PROHYBRIDR" = 2007 Microsoft Office system
"QNAPSurveillanceStation" = QNAP Surveillance Station
"SLABCOMM&10C4&EA60" = Silicon Laboratories CP210x USB to UART Bridge (Driver Removal)
"ST6UNST #1" = FFVNeuinst
"TightVNC" = TightVNC 2.0.4
"TuneUpMedia" = TuneUp Companion 2.0.9
"UltraISO_is1" = UltraISO Premium V9.52
"Videoload Manager" = Videoload Manager 2.0.2220
"VLC media player" = VLC media player 2.0.3
"webcam 7" = webcam 7
"YTdetect" = Yahoo! Detect
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-915812183-1053917599-1125579299-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0427d521-705d-45a6-a05e-e3a49d10a8b8}" = Snap.Do Engine
"176773093.demo.go1984.de" = go1984 Silverlight Client
"Amazon Kindle" = Amazon Kindle
"Dropbox" = Dropbox
"pdfsam" = pdfsam
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 07.05.2013 18:45:26 | Computer Name = PC.tt.local | Source = MSSQL$PP40 | ID = 19011
Description = 
 
Error - 07.05.2013 18:45:26 | Computer Name = PC.tt.local | Source = MSSQL$PP40 | ID = 19011
Description = 
 
Error - 07.05.2013 18:45:26 | Computer Name = PC.tt.local | Source = MSSQL$PP40 | ID = 19011
Description = 
 
Error - 07.05.2013 18:45:32 | Computer Name = PC.tt.local | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 192.168.100.16:5353   17 16.100.168.192.in-addr.arpa.
 PTR PC-2.local.
 
Error - 07.05.2013 18:45:32 | Computer Name = PC.tt.local | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Unexpected conflict discarding   15 16.100.168.192.in-addr.arpa.
 PTR PC.local.
 
Error - 07.05.2013 18:45:32 | Computer Name = PC.tt.local | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 192.168.56.1:5353   17 1.56.168.192.in-addr.arpa.
 PTR PC-2.local.
 
Error - 07.05.2013 18:45:32 | Computer Name = PC.tt.local | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Unexpected conflict discarding   15 1.56.168.192.in-addr.arpa.
 PTR PC.local.
 
Error - 07.05.2013 18:45:32 | Computer Name = PC.tt.local | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 192.168.56.1:5353   17 A.6.6.9.9.1.4.8.D.F.5.9.9.8.D.8.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa.
 PTR PC-2.local.
 
Error - 07.05.2013 18:45:32 | Computer Name = PC.tt.local | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Unexpected conflict discarding   15 A.6.6.9.9.1.4.8.D.F.5.9.9.8.D.8.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa.
 PTR PC.local.
 
[ OSession Events ]
Error - 02.05.2012 18:06:20 | Computer Name = PC.tt.local | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 2, Application Name: Microsoft Office Access, Application Version:
 12.0.6606.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 0
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 02.05.2012 18:08:15 | Computer Name = PC.tt.local | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 2, Application Name: Microsoft Office Access, Application Version:
 12.0.6606.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 02.05.2012 18:14:33 | Computer Name = PC.tt.local | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 2, Application Name: Microsoft Office Access, Application Version:
 12.0.6606.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 80
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 02.05.2012 18:15:02 | Computer Name = PC.tt.local | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 2, Application Name: Microsoft Office Access, Application Version:
 12.0.6606.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 13
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 20.05.2012 14:08:25 | Computer Name = PC.tt.local | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 2, Application Name: Microsoft Office Access, Application Version:
 12.0.6606.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1690
 seconds with 240 seconds of active time.  This session ended with a crash.
 
Error - 20.05.2012 14:09:14 | Computer Name = PC.tt.local | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 2, Application Name: Microsoft Office Access, Application Version:
 12.0.6606.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 21
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 20.05.2012 14:09:31 | Computer Name = PC.tt.local | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 2, Application Name: Microsoft Office Access, Application Version:
 12.0.6606.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 12
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 20.05.2012 14:09:56 | Computer Name = PC.tt.local | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 2, Application Name: Microsoft Office Access, Application Version:
 12.0.6606.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 18
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 20.05.2012 14:10:43 | Computer Name = PC.tt.local | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 2, Application Name: Microsoft Office Access, Application Version:
 12.0.6606.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 12
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 28.05.2012 09:07:42 | Computer Name = PC.tt.local | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 2, Application Name: Microsoft Office Access, Application Version:
 12.0.6606.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 13138
 seconds with 3780 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 07.05.2013 18:41:01 | Computer Name = PC.tt.local | Source = DCOM | ID = 10010
Description = 
 
Error - 07.05.2013 18:45:13 | Computer Name = PC.tt.local | Source = NETLOGON | ID = 5719
Description = Der Computer konnte eine sichere Sitzung mit einem  Domänencontroller
 in der Domäne TH aufgrund der folgenden  Ursache nicht einrichten:   %%1311    Dies kann
 zu Authentifizierungsproblemen führen. Stellen  Sie sicher, dass der Computer mit
 dem Netzwerk verbunden ist.  Wenden Sie sich an den Domänenadministrator, wenn das
 Problem  weiterhin besteht.        ZUSÄTZLICHE INFORMATIONEN    Wenn dieser Computer ein Domänencontroller
 der bestimmten  Domäne ist, wird eine sichere Sitzung zum primären  Domänencontrolleremulator
 in der bestimmten Domäne eingerichtet.  Andernfalls richtet dieser Computer eine 
sichere Sitzung zu  einem beliebigen Domänencontroller in der bestimmten Domäne ein.
 
Error - 07.05.2013 18:45:15 | Computer Name = PC.tt.local | Source = Microsoft-Windows-GroupPolicy | ID = 1055
Description = Fehler bei der Verarbeitung der Gruppenrichtlinie. Der Computername
 konnte nicht aufgelöst werden. Dies kann mindestens eine der folgenden Ursachen
 haben:   a) Fehler bei der Namensauflösung mit dem aktuellen Domänencontroller.   b)
 Active Directory-Replikationswartezeit (ein auf einem anderen Domänencontroller
 erstelltes Konto hat nicht auf dem aktuellen Domänencontroller repliziert).
 
Error - 07.05.2013 18:52:09 | Computer Name = PC.tt.local | Source = TermService | ID = 1067
Description = 
 
 
< End of report >

Danke erst mal.

cosinus · 08.05.2013, 07:40

Scan mit SystemLook (x64)

Lade SystemLook von jpshortstuff von einem der folgenden Spiegel herunter und speichere das Tool auf dem Desktop.
SystemLook (64 bit)

Doppelklicke auf die SystemLook_x64.exe, um das Tool zu starten.
Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:
Code:
ATTFilter
```
:filefind
*snap.do*

:folderfind
*snap.do*

:regfind
*snap.do*
         
```
Klicke nun auf den Button Look, um den Scan zu starten.
Der Suchlauf kann einige Zeit dauern.
Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.

tom_123 · 08.05.2013, 23:58

Code:

ATTFilter

SystemLook 30.07.11 by jpshortstuff
Log created at 00:45 on 09/05/2013 by Thomas
Administrator - Elevation successful

========== filefind ==========

Searching for "*snap.do*"
No files found.

========== folderfind ==========

Searching for "*snap.do*"
No folders found.

========== regfind ==========

Searching for "*snap.do*"
No data found.

-= EOF =-

cosinus · 08.05.2013, 23:59

Kein snap.do mehr, Problem behoben?

tom_123 · 09.05.2013, 14:59

Hi,

habe jetzt noch die Datei : C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Preferences gelöscht.

adwcleaner hat bei jeder suche den eintrag [l.2061] : homepage = "hxxp://feed.snap.do/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=DE&userid=db187f10-[...]

Hat zwar immer beim Löschen geschrieben, er hätte den Eintrag gelöscht, jedoch war er dann bei jeder Suche wieder da. Nach dem Löschen der Datei durch mich ist jetzt Ruhe.

Den HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{0427d521-705d-45a6-a05e-e3a49d10a8b8} Eintrag habe ich noch gelöscht, um auch unter Software den Eintrag " Snap.Do Engine" zu entfernen.

Auch habe ich die Einträge in der Reg unter User noch entfernt.

Code:

ATTFilter

IE - HKU\S-1-5-21-915812183-1053917599-1125579299-1011\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snap.do/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=DE&userid=db187f10-b1b8-4dd0-861f-57909adc44e1&searchtype=ds&q={searchTerms}&installDate=01/05/2013
IE - HKU\S-1-5-21-915812183-1053917599-1125579299-1011\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=DE&userid=db187f10-b1b8-4dd0-861f-57909adc44e1&searchtype=ds&q={searchTerms}&installDate=01/05/2013
IE - HKU\S-1-5-21-915812183-1053917599-1125579299-1011\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snap.do/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=DE&userid=db187f10-b1b8-4dd0-861f-57909adc44e1&searchtype=hp&installDate=01/05/2013
IE - HKU\S-1-5-21-915812183-1053917599-1125579299-1011\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snap.do/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=DE&userid=db187f10-b1b8-4dd0-861f-57909adc44e1&searchtype=ds&q={searchTerms}&installDate=01/05/2013
IE - HKU\S-1-5-21-915812183-1053917599-1125579299-1011\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=DE&userid=db187f10-b1b8-4dd0-861f-57909adc44e1&searchtype=ds&q={searchTerms}&installDate=01/05/2013
IE - HKU\S-1-5-21-915812183-1053917599-1125579299-1011\..\SearchScopes,DefaultScope =

Weiter habe ich den Eintrag in Chrome noch gelöscht

Code:

ATTFilter

CHR - homepage: hxxp://feed.snap.do/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=DE&userid=db187f10-b1b8-4dd0-861f-57909adc44e1&searchtype=hp&installDate=01/05/2013

Somit finde ich keine Einträge mehr die Snap.do enthalten, wenn jetzt die Ursache für die Erstellung auch entfernt ist denke ich bin ich sauber.

Habe das noch einigen Neustarts des Rechners und der Browser getestet und ja die Einträge sind weg und bleiben weg.

Dann danke ich dir für deine Hilfe und hoffe ich werde mir nicht wieder so einen Plagegeist einfangen.

Danke Tom

08.05.2013, 23:59	#14
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	snap.do wie deinstalieren Kein snap.do mehr, Problem behoben? __________________ Logfiles bitte immer in CODE-Tags posten

snap.do wie deinstalieren

Plagegeister aller Art und deren Bekämpfung: snap.do wie deinstalieren