BKA Malware / 100 EUR / Sperrung des PCs Hallo markusg!
OTL Logfile:
Code:
Alles auswählen Aufklappen ATTFilter
OTL logfile created on: 17.04.2012 17:56:33 - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Dokumente und Einstellungen\GS\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,50 Gb Total Physical Memory | 0,79 Gb Available Physical Memory | 52,87% Memory free
2,33 Gb Paging File | 1,68 Gb Available in Paging File | 72,18% Paging File free
Paging file location(s): C:\pagefile.sys 1000 2000 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 65,15 Gb Total Space | 15,09 Gb Free Space | 23,16% Space Free | Partition Type: NTFS
Drive D: | 37,01 Gb Total Space | 11,88 Gb Free Space | 32,10% Space Free | Partition Type: NTFS
Drive U: | 39,07 Gb Total Space | 5,59 Gb Free Space | 14,32% Space Free | Partition Type: NTFS
Drive V: | 279,46 Gb Total Space | 84,97 Gb Free Space | 30,41% Space Free | Partition Type: NTFS
Computer Name: GUIDO-1 | User Name: GS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.04.17 16:39:40 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\GS\Desktop\OTL.exe
PRC - [2012.04.16 20:57:31 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Java\jre6\bin\javaw.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.03.22 13:09:39 | 001,380,464 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\mshaktuell.exe
PRC - [2012.02.27 01:15:42 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2012.01.19 13:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012.01.19 13:47:18 | 011,171,712 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version7\TeamViewer.exe
PRC - [2012.01.19 13:26:18 | 000,116,608 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version7\tv_w32.exe
PRC - [2012.01.18 14:02:04 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2011.12.04 15:02:12 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Real\realplayer\Update\realsched.exe
PRC - [2011.10.19 17:56:15 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.10.19 17:56:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.10.19 17:55:48 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.10.19 17:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.07.19 13:53:20 | 002,567,272 | ---- | M] (CANON INC.) -- C:\Programme\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2011.01.15 17:48:44 | 000,452,016 | ---- | M] (CANON INC.) -- C:\Programme\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
PRC - [2010.06.23 17:21:24 | 000,193,712 | ---- | M] (National Instruments Corporation) -- C:\Programme\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
PRC - [2010.06.22 18:02:52 | 000,047,776 | ---- | M] (National Instruments Corporation) -- C:\Programme\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
PRC - [2010.06.22 17:03:52 | 000,047,768 | ---- | M] (National Instruments Corporation) -- C:\Programme\National Instruments\Shared\NI WebServer\SystemWebServer.exe
PRC - [2010.06.18 22:58:10 | 000,012,696 | ---- | M] (National Instruments Corporation) -- C:\Programme\National Instruments\MAX\nimxs.exe
PRC - [2010.06.17 13:38:50 | 000,752,304 | ---- | M] (National Instruments Corporation) -- C:\Programme\National Instruments\Shared\Tagger\tagsrv.exe
PRC - [2010.06.16 18:06:08 | 000,360,568 | ---- | M] (National Instruments Corporation) -- C:\Programme\National Instruments\Shared\Security\nidmsrv.exe
PRC - [2010.06.16 18:02:02 | 000,055,416 | ---- | M] (National Instruments Corporation) -- C:\WINDOWS\system32\lktsrv.exe
PRC - [2010.06.16 17:46:32 | 000,045,168 | ---- | M] (National Instruments Corporation) -- C:\WINDOWS\system32\lkads.exe
PRC - [2010.03.05 16:10:14 | 000,695,136 | ---- | M] (National Instruments, Inc.) -- C:\WINDOWS\system32\lkcitdl.exe
PRC - [2009.09.08 18:25:52 | 000,096,334 | ---- | M] (Canon Inc.) -- C:\Programme\Canon\CAL\CALMAIN.exe
PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (No Company Name) ==========
MOD - [2012.03.22 13:10:56 | 007,909,488 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\wgui12.dll
MOD - [2012.03.22 13:10:37 | 002,977,904 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\wcore12.dll
MOD - [2012.03.22 13:10:28 | 000,275,056 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\rscorewinapi47.dll
MOD - [2012.03.22 13:10:25 | 004,445,296 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\wauff12.dll
MOD - [2012.03.22 13:10:18 | 001,982,064 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\wfvie12.dll
MOD - [2012.03.22 13:09:53 | 001,616,496 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\wreli12.dll
MOD - [2012.03.22 13:09:50 | 001,543,280 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\wsteu12.dll
MOD - [2012.03.22 13:09:49 | 000,319,600 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\rsguiwinapi47.dll
MOD - [2012.03.22 13:09:39 | 001,380,464 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\mshaktuell.exe
MOD - [2012.03.22 13:09:30 | 000,135,792 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\rsodbc47.dll
MOD - [2012.03.22 13:09:28 | 000,028,672 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\rsdcom47.dll
MOD - [2012.01.25 12:01:03 | 000,720,896 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\qtsqlrs47.dll
MOD - [2011.11.04 14:47:20 | 000,865,280 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\qtcluceners47.dll
MOD - [2011.11.04 14:47:18 | 000,271,872 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\phononrs47.dll
MOD - [2011.11.04 14:47:16 | 011,163,648 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\qtwebkitrs47.dll
MOD - [2011.11.04 14:47:14 | 000,108,544 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\qttestrs47.dll
MOD - [2011.11.04 14:47:12 | 001,340,416 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\qtscriptrs47.dll
MOD - [2011.11.04 14:47:12 | 000,281,088 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\qtsvgrs47.dll
MOD - [2011.11.04 14:47:10 | 008,934,400 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\qtguirs47.dll
MOD - [2011.11.04 14:47:10 | 002,395,648 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\qt3supportrs47.dll
MOD - [2011.11.04 14:47:10 | 000,990,208 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\qtnetworkrs47.dll
MOD - [2011.11.04 14:47:10 | 000,358,400 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\qtxmlrs47.dll
MOD - [2011.11.04 14:47:08 | 002,356,736 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\qtcorers47.dll
MOD - [2011.10.19 17:56:03 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll
MOD - [2009.02.27 17:41:26 | 000,311,296 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU
MOD - [2008.04.14 04:22:16 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2001.07.31 10:17:12 | 000,094,274 | ---- | M] () -- C:\WINDOWS\system32\HPBHealr.dll
========== Win32 Services (SafeList) ==========
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.02.27 01:15:42 | 000,055,144 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2012.01.19 13:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011.10.19 17:56:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.19 17:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2010.06.23 17:21:24 | 000,193,712 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Programme\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe -- (nimDNSResponder)
SRV - [2010.06.22 18:02:52 | 000,047,776 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Programme\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe -- (NIApplicationWebServer)
SRV - [2010.06.22 17:03:52 | 000,047,768 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Programme\National Instruments\Shared\NI WebServer\SystemWebServer.exe -- (niSvcLoc)
SRV - [2010.06.18 22:58:10 | 000,012,696 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Programme\National Instruments\MAX\nimxs.exe -- (mxssvr)
SRV - [2010.06.17 13:38:50 | 000,752,304 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Programme\National Instruments\Shared\Tagger\tagsrv.exe -- (NITaggerService)
SRV - [2010.06.16 18:06:08 | 000,360,568 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Programme\National Instruments\Shared\Security\nidmsrv.exe -- (NIDomainService)
SRV - [2010.06.16 18:02:02 | 000,055,416 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\WINDOWS\system32\lktsrv.exe -- (lkTimeSync)
SRV - [2010.06.16 17:46:32 | 000,045,168 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\WINDOWS\system32\lkads.exe -- (lkClassAds)
SRV - [2010.05.17 19:18:44 | 001,007,616 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\National Instruments\Shared\License Manager\Bin\lmgrd.exe -- (NILM License Manager)
SRV - [2010.03.05 16:10:14 | 000,695,136 | ---- | M] (National Instruments, Inc.) [Auto | Running] -- C:\WINDOWS\system32\lkcitdl.exe -- (LkCitadelServer)
SRV - [2010.02.27 13:06:52 | 000,647,680 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009.09.08 18:25:52 | 000,096,334 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Programme\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2009.06.03 11:26:34 | 000,098,304 | ---- | M] (OPC Foundation) [On_Demand | Stopped] -- C:\WINDOWS\system32\Opcenum.exe -- (OpcEnum)
SRV - [2007.11.06 22:22:26 | 000,092,792 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Programme\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005.04.04 01:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2002.08.01 11:22:40 | 000,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- c:\windows\system32\drivers\giveio.sys -- (giveio)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.02.15 20:28:12 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.11.04 21:34:56 | 000,019,552 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\cvintdrv.sys -- (cvintdrv)
DRV - [2011.11.01 20:58:42 | 000,025,768 | ---- | M] (Blackhawk) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\xds560.sys -- (XDS560)
DRV - [2011.10.19 17:56:15 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.19 17:56:15 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.05.02 18:29:38 | 000,029,568 | ---- | M] (Spectrum Digital Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sdusb2em.sys -- (sdusb2em) SD USB Emulator (sdusb2em.sys)
DRV - [2010.08.31 12:43:36 | 000,195,968 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2010.07.28 19:20:24 | 000,035,008 | ---- | M] (hxxp://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0)
DRV - [2010.06.17 16:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.04.01 20:08:59 | 000,089,088 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\waclient.sys -- (waclient)
DRV - [2008.04.13 20:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2007.11.06 22:22:06 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2006.11.02 08:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2005.11.22 18:57:24 | 000,097,792 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ACEDRV05.sys -- (ACEDRV05)
DRV - [2005.04.05 20:17:16 | 000,078,848 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SSHDRV85.sys -- (SSHDRV85)
DRV - [2004.08.23 14:49:30 | 000,121,472 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004.08.03 22:41:46 | 000,095,424 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slnthal.sys -- (SlNtHal)
DRV - [2004.08.03 22:41:46 | 000,013,240 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slwdmsup.sys -- (SlWdmSup)
DRV - [2004.08.03 22:41:42 | 000,129,535 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slnt7554.sys -- (Slnt7554)
DRV - [2004.08.03 22:41:40 | 000,180,360 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ntmtlfax.sys -- (NtMtlFax)
DRV - [2004.08.03 22:41:40 | 000,126,686 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mtlmnt5.sys -- (Mtlmnt5)
DRV - [2004.08.03 22:41:40 | 000,013,776 | ---- | M] (Smart Link) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\recagent.sys -- (RecAgent)
DRV - [2004.08.03 22:41:38 | 001,309,184 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mtlstrm.sys -- (Mtlstrm)
DRV - [2004.07.26 09:12:40 | 000,050,048 | ---- | M] (OEM) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\oxser.sys -- (oxser)
DRV - [2004.07.26 09:12:40 | 000,015,872 | ---- | M] (OEM) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\oxmf.sys -- (oxmf)
DRV - [2004.07.26 09:12:40 | 000,004,992 | ---- | M] (OEM) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\oxmfuf.sys -- (Oxmfuf)
DRV - [2004.07.26 09:12:40 | 000,004,224 | ---- | M] (OEM) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\oxmep.sys -- (oxmep)
DRV - [2003.11.07 14:33:52 | 000,075,904 | ---- | M] (OEM) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\oxpar.sys -- (oxpar)
DRV - [1999.05.25 03:25:18 | 000,004,576 | ---- | M] (Spectrum Digital Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\sdiont.sys -- (sdiont)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.cityweb.de/cws/cws.homepage.php
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "foxsearch"
FF - prefs.js..browser.search.order.1: "foxsearch"
FF - prefs.js..browser.search.selectedEngine: "foxsearch"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, 192.168.1.0/24"
FF - prefs.js..network.proxy.type: 1
FF - user.js..browser.search.selectedEngine: "foxsearch"
FF - user.js..browser.search.order.1: "foxsearch"
FF - user.js..browser.search.defaultenginename: "foxsearch"
FF - user.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Programme\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Programme\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: c:\programme\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: c:\programme\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: c:\programme\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.12.04 15:02:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.03.21 20:43:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.04.16 06:58:42 | 000,000,000 | ---D | M]
[2008.06.18 18:15:37 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\GS\Anwendungsdaten\Mozilla\Extensions
[2012.04.14 00:05:55 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\GS\Anwendungsdaten\Mozilla\Firefox\Profiles\g0k3lawc.default\extensions
[2012.04.16 20:58:04 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.10.17 23:18:20 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.04.16 20:58:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\GS\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\G0K3LAWC.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI
[2012.04.16 20:57:37 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012.03.21 20:43:39 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012.04.16 20:57:33 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2010.09.16 14:35:04 | 000,025,088 | ---- | M] (National Instruments) -- C:\Programme\mozilla firefox\plugins\nplv2010win32.dll
[2010.05.25 13:43:16 | 000,025,088 | ---- | M] (National Instruments) -- C:\Programme\mozilla firefox\plugins\nplv90win32.dll
[2010.03.19 10:23:30 | 000,686,592 | ---- | M] (Synatix GmbH) -- C:\Programme\mozilla firefox\plugins\npmieze.dll
[2012.02.14 23:03:12 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.14 23:03:12 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.02.14 23:03:12 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011.03.06 15:09:30 | 000,000,143 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\foxsearch.src
[2012.02.14 23:03:12 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.14 23:03:12 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.14 23:03:12 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2012.04.16 20:18:31 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Programme\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [HP Proxy Server] C:\Programme\Hewlett-Packard\ProxyService\ProxyService.lnk ()
O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Programme\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NI Update Service] C:\Programme\National Instruments\Shared\Update Service\NIUpdateService.exe (National Instruments)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\programme\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WISO Mein Steuer-Sparbuch heute.lnk = C:\Programme\WISO\Steuersoftware 2012\mshaktuell.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll (National Instruments Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {3195CF7C-E9E2-49B2-8B61-14F285298E1C} https://rla.gigaset.com/wa/AccessClientLoader.cab (Access Client web loader)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1155317319984 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155317313453 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.220.18.8 89.246.64.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3670870D-AAE9-495E-AE50-1CF9B903D4E7}: DhcpNameServer = 62.220.18.8 89.246.64.8
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About========== Files/Folders - Created Within 30 Days ==========
[2012.04.17 16:39:39 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\GS\Desktop\OTL.exe
[2012.04.16 23:57:22 | 002,237,440 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe
[2012.04.16 22:35:35 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012.04.16 20:58:38 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java
[2012.04.16 20:38:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\GS\Anwendungsdaten\Malwarebytes
[2012.04.16 20:38:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.04.16 20:38:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.04.16 20:38:41 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.04.16 20:38:41 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012.04.16 20:12:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012.04.16 20:05:56 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012.04.16 20:03:29 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012.04.16 20:03:29 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012.04.16 20:03:29 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012.04.16 20:03:29 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012.04.16 20:03:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012.04.16 18:44:06 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.04.16 18:42:34 | 004,464,884 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\GS\Desktop\ComboFix.exe
[2012.04.14 22:44:29 | 127,231,689 | ---- | C] (Igor Pavlov) -- C:\Dokumente und Einstellungen\GS\Desktop\OTLPENet.exe
[2012.04.14 19:13:02 | 000,607,260 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\GS\Desktop\dds.com
[2012.04.14 00:02:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012.04.13 20:22:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Local Settings
[2012.04.10 14:55:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\iTunes
[2012.04.10 14:53:42 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2012.04.10 14:53:36 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2012.04.09 19:58:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\GS\Lokale Einstellungen\Anwendungsdaten\Rellik_Software
[2012.04.09 19:58:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\GS\Anwendungsdaten\EXIF Date Changer
[2012.03.23 22:17:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\GS\Eigene Dateien\Steuer-Sparbuch
========== Files - Modified Within 30 Days ==========
[2012.04.17 17:56:30 | 000,019,348 | ---- | M] () -- C:\WINDOWS\uedit32.INI
[2012.04.17 16:39:40 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\GS\Desktop\OTL.exe
[2012.04.17 16:38:33 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012.04.17 06:49:29 | 000,180,921 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012.04.17 06:48:42 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.04.17 06:47:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.04.16 20:38:44 | 000,000,762 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.16 20:18:31 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012.04.16 20:06:04 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012.04.16 18:42:47 | 004,464,884 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\GS\Desktop\ComboFix.exe
[2012.04.14 22:50:38 | 127,231,689 | ---- | M] (Igor Pavlov) -- C:\Dokumente und Einstellungen\GS\Desktop\OTLPENet.exe
[2012.04.14 19:23:11 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\GS\Desktop\njt9dznr.exe
[2012.04.14 19:13:03 | 000,607,260 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\GS\Desktop\dds.com
[2012.04.14 19:11:06 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\GS\defogger_reenable
[2012.04.12 13:44:45 | 000,521,056 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.04.12 13:44:45 | 000,497,348 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.04.12 13:44:45 | 000,102,266 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.04.12 13:44:45 | 000,085,450 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.04.10 15:04:19 | 000,001,205 | ---- | M] () -- C:\WINDOWS\WISO.INI
[2012.04.10 14:55:20 | 000,001,528 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2012.04.09 19:41:23 | 000,002,607 | ---- | M] () -- C:\Dokumente und Einstellungen\GS\Desktop\Microsoft Office Outlook 2007.lnk
[2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
========== Files Created - No Company Name ==========
[2012.04.16 20:38:44 | 000,000,762 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.16 20:06:04 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012.04.16 20:06:00 | 000,262,448 | RHS- | C] () -- C:\cmldr
[2012.04.16 20:03:29 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012.04.16 20:03:29 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012.04.16 20:03:29 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012.04.16 20:03:29 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012.04.16 20:03:29 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012.04.14 19:23:11 | 000,302,592 | ---- | C] () -- C:\Dokumente und Einstellungen\GS\Desktop\njt9dznr.exe
[2012.04.14 19:11:06 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\GS\defogger_reenable
[2012.04.10 14:55:20 | 000,001,528 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2012.02.16 20:13:56 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.02.01 22:46:10 | 000,304,344 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2011.12.03 13:34:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\gconf.INI
[2011.11.04 21:34:56 | 000,019,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\cvintdrv.sys
[2011.09.22 23:37:33 | 002,122,293 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-2422020464-2594104472-2321261851-1005-0.dat
[2011.09.22 23:37:29 | 000,360,070 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat
[2011.09.09 21:48:18 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\FLEXOBUS.DLL
[2011.07.13 19:31:34 | 000,038,424 | ---- | C] () -- C:\Dokumente und Einstellungen\GS\Anwendungsdaten\Microsoft Excel 97-2003.ADR
[2011.03.18 22:51:10 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011.03.13 14:32:00 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\SERBUS.DLL
[2011.02.10 22:26:34 | 000,012,948 | ---- | C] () -- C:\Dokumente und Einstellungen\GS\Anwendungsdaten\Microsoft Excel.CAL
[2011.02.08 00:00:11 | 000,038,416 | ---- | C] () -- C:\Dokumente und Einstellungen\GS\Anwendungsdaten\Microsoft Excel.ADR
[2010.10.18 15:10:30 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.08.12 09:28:14 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\xds560_DLLCall.exe
[2010.06.10 15:46:20 | 000,000,244 | ---- | C] () -- C:\WINDOWS\System32\nirpc.ini
========== LOP Check ==========
[2009.10.30 22:23:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Atmel
[2012.04.10 14:55:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Buhl Data Service GmbH
[2011.11.10 00:48:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canon IJ Network Tool
[2011.11.09 23:16:03 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ
[2011.11.10 00:53:27 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonEPP
[2011.11.10 00:53:27 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJEPPEX2
[2011.11.09 20:03:11 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJScan
[2007.05.15 19:08:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\HotSync
[2012.01.14 18:56:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\National Instruments
[2011.05.02 20:31:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ODIR
[2012.01.11 00:01:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\VS
[2010.07.10 20:04:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009.09.28 23:10:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011.03.28 20:14:21 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{A95D9AFA-BABC-4938-AA3A-19488253E342}
[2012.01.28 00:21:04 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{C69BB8C8-8940-417A-AF55-209D73059EBA}
[2011.12.05 00:04:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\GS\Anwendungsdaten\.spectrumdigital
[2011.09.20 20:37:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\GS\Anwendungsdaten\Atmel
[2008.01.01 13:32:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\GS\Anwendungsdaten\Buhl Data Service
[2008.05.31 17:16:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\GS\Anwendungsdaten\CadSoft
[2011.11.10 00:49:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\GS\Anwendungsdaten\Canon
[2012.04.09 19:58:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\GS\Anwendungsdaten\EXIF Date Changer
[2006.09.30 11:25:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\GS\Anwendungsdaten\Exodus
[2011.03.06 15:35:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\GS\Anwendungsdaten\Gutscheinmieze
[2007.05.15 19:06:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\GS\Anwendungsdaten\HotSync
[2005.04.04 20:20:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\GS\Anwendungsdaten\MSNInstaller
[2011.02.14 20:14:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\GS\Anwendungsdaten\SmartTools
[2008.01.04 17:44:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\GS\Anwendungsdaten\SPAMfighter
[2011.02.06 23:31:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\GS\Anwendungsdaten\TeamViewer
[2012.03.27 22:21:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\GS\Anwendungsdaten\VisualAssist
[2011.04.09 20:55:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\GS\Anwendungsdaten\Windows Search
[2008.01.29 23:00:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\GS\Anwendungsdaten\Wireshark
[2009.02.04 22:28:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\GS\Anwendungsdaten\XnView
[2012.01.14 18:58:18 | 000,000,318 | ---- | M] () -- C:\WINDOWS\Tasks\NIUpdateServiceCheckTask.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*. >
[2012.01.02 00:15:47 | 000,000,000 | ---D | M] -- C:\BATCH
[2012.04.16 20:06:04 | 000,000,000 | RHSD | M] -- C:\cmdcons
[2005.04.04 19:01:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2011.04.09 13:33:32 | 000,000,000 | R--D | M] -- C:\MSOCache
[2012.01.25 18:11:15 | 000,000,000 | ---D | M] -- C:\National Instruments
[2008.08.18 22:21:39 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2011.09.20 20:39:27 | 000,000,000 | ---D | M] -- C:\Program Files
[2011.09.20 20:39:43 | 000,000,000 | ---D | M] -- C:\ProgramData
[2012.04.16 20:38:41 | 000,000,000 | R--D | M] -- C:\Programme
[2012.04.16 20:23:27 | 000,000,000 | ---D | M] -- C:\Qoobox
[2012.04.16 22:35:35 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2012.01.23 22:28:40 | 000,000,000 | ---D | M] -- C:\SHARE
[2012.04.14 09:57:12 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.04.17 17:56:30 | 000,000,000 | ---D | M] -- C:\TEMP
[2012.04.16 20:17:49 | 000,000,000 | ---D | M] -- C:\WINDOWS
< %PROGRAMFILES%\*.exe >
Invalid Environment Variable: LOCALAPPDATA
< %systemroot%\*. /mp /s >
< MD5 for: AGP440.SYS >
[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010.08.06 19:58:45 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2010.08.06 19:58:45 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004.08.03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
< MD5 for: ATAPI.SYS >
[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010.08.06 19:58:45 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2010.08.06 19:58:45 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
< MD5 for: EVENTLOG.DLL >
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2000.11.08 17:08:30 | 000,032,768 | ---- | M] () MD5=07762C46CBC3307393F7C98244E89ACD -- C:\Programme\Perl\site\lib\auto\Win32\EventLog\EventLog.dll
[2004.08.04 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
< MD5 for: EXPLORER.EXE >
[2004.08.04 14:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
< MD5 for: NETLOGON.DLL >
[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2004.08.04 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
< MD5 for: SCECLI.DLL >
[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2004.08.04 14:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
< MD5 for: USER32.DLL >
[2005.03.02 20:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ERDNT\cache\user32.dll
[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
< MD5 for: USERINIT.EXE >
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004.08.04 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
< MD5 for: WINLOGON.EXE >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2004.08.04 14:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
< MD5 for: WS2IFSL.SYS >
[2004.08.04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2004.08.04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2004.08.20 23:20:24 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2004.08.20 23:20:24 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2004.08.20 23:20:24 | 000,409,600 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
< %systemroot%\system32\*.dll /lockedfiles >
< %USERPROFILE%\*.* >
[2006.01.15 23:55:25 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\GS\.gtk-bookmarks
[2012.04.14 19:11:06 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\GS\defogger_reenable
[2009.10.09 16:37:34 | 000,010,630 | ---- | M] () -- C:\Dokumente und Einstellungen\GS\hs_err_pid1124.log
[2009.10.02 17:54:28 | 000,010,631 | ---- | M] () -- C:\Dokumente und Einstellungen\GS\hs_err_pid520.log
[2012.04.17 06:46:07 | 015,990,784 | -H-- | M] () -- C:\Dokumente und Einstellungen\GS\NTUSER.DAT
[2012.04.17 17:56:29 | 000,001,024 | -H-- | M] () -- C:\Dokumente und Einstellungen\GS\ntuser.dat.LOG
[2012.04.17 06:46:07 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\GS\ntuser.ini
< %USERPROFILE%\Local Settings\Temp\*.exe >
< %USERPROFILE%\Local Settings\Temp\*.dll >
< %USERPROFILE%\Application Data\*.exe >
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Kmode: %SystemRoot%\system32\win32k.sys [2012.02.03 11:57:08 | 001,860,224 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
< End of report >
--- --- ---
OTL Logfile:
Code:
Alles auswählen Aufklappen ATTFilter
OTL Extras logfile created on: 17.04.2012 17:56:33 - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Dokumente und Einstellungen\GS\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,50 Gb Total Physical Memory | 0,79 Gb Available Physical Memory | 52,87% Memory free
2,33 Gb Paging File | 1,68 Gb Available in Paging File | 72,18% Paging File free
Paging file location(s): C:\pagefile.sys 1000 2000 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 65,15 Gb Total Space | 15,09 Gb Free Space | 23,16% Space Free | Partition Type: NTFS
Drive D: | 37,01 Gb Total Space | 11,88 Gb Free Space | 32,10% Space Free | Partition Type: NTFS
Drive U: | 39,07 Gb Total Space | 5,59 Gb Free Space | 14,32% Space Free | Partition Type: NTFS
Drive V: | 279,46 Gb Total Space | 84,97 Gb Free Space | 30,41% Space Free | Partition Type: NTFS
Computer Name: GUIDO-1 | User Name: GS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.ini [@ = UltraEdit.ini] -- C:\Programme\UltraEdit\uedit32.exe (IDM Computer Solutions, Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.jse [@ = JSEFile] -- C:\WINDOWS\System32\CScript.exe (Microsoft Corporation)
.txt [@ = UltraEdit.txt] -- C:\Programme\UltraEdit\uedit32.exe (IDM Computer Solutions, Inc.)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\CScript.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
jsefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
wsffile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Digital Photo Professional] -- C:\Programme\Canon\Digital Photo Professional\DPP\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Terminal\Terminal.exe" = C:\Programme\Terminal\Terminal.exe:*:Disabled:Terminal -- ()
"D:\PROJECTS\FLEXOBUS\SERBUS\DLLTestDebug\DLLTEST.EXE" = D:\PROJECTS\FLEXOBUS\SERBUS\DLLTestDebug\DLLTEST.EXE:*:Enabled:DLLTEST -- ()
"D:\PROJECTS\FLEXOBUS\FLEXOSCR\Debug\FLEXOSCR.EXE" = D:\PROJECTS\FLEXOBUS\FLEXOSCR\Debug\FLEXOSCR.EXE:*:Enabled:FLEXOSCR -- ()
"D:\PROJECTS\FLEXOBUS\FLEXOPRG\Debug\FLEXOPRG.EXE" = D:\PROJECTS\FLEXOBUS\FLEXOPRG\Debug\FLEXOPRG.EXE:*:Enabled:FLEXOPRG -- ()
"C:\Programme\Java\jre1.6.0_05\bin\javaw.exe" = C:\Programme\Java\jre1.6.0_05\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Programme\Lantronix\DeviceInstaller4.2\DeviceInstaller.exe" = C:\Programme\Lantronix\DeviceInstaller4.2\DeviceInstaller.exe:*:Enabled:DeviceInstaller -- (Lantronix)
"C:\Programme\Java\jre6\bin\javaw.exe" = C:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe" = C:\Programme\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe:*:Enabled:NI Application Web Server -- (National Instruments Corporation)
"C:\Programme\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe" = C:\Programme\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe:*:Enabled:nimdnsResponder -- (National Instruments Corporation)
"C:\Programme\National Instruments\Shared\NI WebServer\SystemWebServer.exe" = C:\Programme\National Instruments\Shared\NI WebServer\SystemWebServer.exe:*:Enabled:NI System WebServer -- (National Instruments Corporation)
"C:\Programme\Atmel\AVR Studio 5.0\avrstudio5.exe" = C:\Programme\Atmel\AVR Studio 5.0\avrstudio5.exe:*:Enabled:AvrStudio Application -- (Atmel)
"C:\Programme\TeamViewer\Version7\TeamViewer.exe" = C:\Programme\TeamViewer\Version7\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe" = C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
"C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Programme\Java\jre1.6.0_03\bin\javaw.exe" = C:\Programme\Java\jre1.6.0_03\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary
"C:\Programme\Java\jre1.6.0_02\bin\javaw.exe" = C:\Programme\Java\jre1.6.0_02\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01CF3725-EE33-4308-BBF9-90BF6AC43814}" = NI Logos 5.2.0
"{01EDE5EB-64AB-4C69-83C7-A4E40C791B3E}" = NI LabVIEW 2010 Simulation
"{02F0B8AE-7501-4333-AFBE-6BAABFEC7637}" = WISO Steuer-Sparbuch 2011
"{03148858-69DC-4143-8CA0-12972E5922F8}" = NI LabVIEW 2010
"{03FECA97-52A3-4079-937E-7840EE4FF52C}" = NI Web Application Server 1.0
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{06E94DFA-ECCE-4A6D-BDCA-1F00D030B0C0}" = NI LabVIEW Merge Utility 10.0.0
"{075CA8A9-25A1-4EA7-885C-8A92AED7DB3A}" = NI LabWindows/CVI Run-Time Engine 2010 SP1 (Updated)
"{078A5D0D-BF50-4BB1-89FB-1018391E9F06}" = NI LabVIEW 2010
"{08133ED0-B6EB-49CD-B0EF-60502E41D15E}" = NI Xerces Delay Load 2.7.1
"{09860281-0D72-418B-B691-CADCE0AF2192}" = NI Assistant Framework LabVIEW 2010 Support
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0AAB121C-8EA7-49F5-B37C-DF117FB46771}" = NI LabVIEW Run-Time Engine 2009 SP1
"{0CC1DAFB-40C8-4903-953D-471E541477C7}" = WISO Steuer-Sparbuch 2012
"{0CF669FF-D168-4CA3-8D9B-E5B74C192E88}" = NI Variable Engine LabVIEW 2010 Support
"{0D3F2D86-F2F2-4B05-BB46-83C15DC88CD1}" = NI LabVIEW 2010 Real-Time Error Dialog
"{0FCE0BA9-8AD4-4622-9ADF-EFF0355EEAE7}" = NI LabVIEW Run-Time Engine Interop 2009
"{0FD812C9-3BBE-4CC5-A43C-B7304E3EC581}" = NI Web Pipeline 2.0.1
"{112FE5D5-EB7A-4795-B906-79FB08E936C6}" = NI-RPC 4.2.0f0 for Phar Lap ETS
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6200_series" = Canon MG6200 series MP Drivers
"{12A5D6BF-3D08-4F99-9621-E340801FD8F1}" = NI System Web Server Base 1.0.1
"{1332BD03-AB54-4AAE-8F98-2E4D52C96E30}" = MPLAB Tools v7.20
"{15B05C75-6B0C-4969-BD33-C9B8FBEFA251}" = NI LabVIEW 2010 License
"{19F59734-0740-49E6-818D-53C1CA6B4ABE}" = NI System State Publisher
"{1DC9C573-FE7A-4A80-8150-88770BCD56A4}" = NI LabVIEW Run-Time Engine Interop 2010
"{1E5C217C-FEE5-4A54-8A07-F6308D112CB3}" = NI MXS 4.7.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21EF2C48-A06F-4001-8E0B-72DCA779860F}" = NI DataSocket 4.8
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{281FA4DA-7FAB-4B3B-ADC6-ED0AF09E7B7A}" = PIXO MEDIA USB DRIVER
"{28746645-0B4B-4BE8-A5BB-95E9D66E0DC7}" = NI LabVIEW 2010
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2ADC660A-77C9-4A6C-9D4B-5E48A27BCA10}" = NI Help Assistant
"{2B1D39F8-477A-4B40-B062-F5E0C4D42B9B}" = NI LabWindows/CVI 2010 SP1 Low-Level Driver (Original)
"{2BC9B2CE-D569-4ADC-A8A0-170F2FD57139}" = NI LabVIEW 2010 Real-Time NBFifo
"{2C13B0F2-1EB6-4704-BE23-EDBC6270CECB}" = NI LabVIEW 2010
"{2C751795-11E7-41B4-8E42-DC361717DBCB}" = NI Software Provider for MAX 4.7.0
"{30FC5877-BBA0-41C4-8A1D-ED914194610E}" = NI LabVIEW 2010
"{33FDB706-7029-42A5-869A-CB5AE256D872}" = NI System Web Server 1.0.1
"{34A6ADBE-2521-4634-96AA-E4B9C3F0BF20}" = AVRStudio4
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36CD31F7-963A-47BD-8508-C27A2BC18E28}" = Lantronix DeviceInstaller 4.2.0.4 (32bit)
"{3AC465DB-700E-4A68-9AC9-33F61A2E7ABA}" = NI Trace Engine
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CEF952C-2808-4A93-BEB0-5744F48EBD5B}" = NI Curl 1.0
"{4027672A-3560-4B71-973F-B348DF175E3E}" = NI LabVIEW 2010
"{4058873D-3915-449A-9879-17149E06EA2F}" = NI SSL Support
"{4159DD60-49C1-4323-A1A5-FB060CBA35C5}" = NI Measurement Studio Recipe Processor
"{416B50BB-64CE-46C5-81A6-7F842CC35CDC}" = NI LabVIEW MAX XML
"{416CC970-0238-4116-B900-BF9456051BB5}" = NI-Update-Dienst 2.0
"{44CD79C3-375F-41C8-977E-97BB3E520B30}" = NI Assistant Framework
"{451F962A-92A1-407C-AFA0-A29C0349A76F}" = NI MDF Support
"{49C6FE81-CE63-4B49-A295-7A10B96D36CD}" = NI LabVIEW 2010 Deployable License
"{49F05354-04F7-4AE4-8434-9E7B5462C727}" = NI DN 2.0 SP1 installer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A41E13A-8083-43C8-9B1B-09C9345F6346}" = NI MetaSuite Installer
"{4A6F12CD-3AF0-48E0-BC55-22313248381C}" = NI LabVIEW 2010 Search
"{4CFE677E-1256-4B27-B91E-5450F9E1FEAE}" = NI LabVIEW 2010
"{4E97AAFD-E743-43FE-B876-CD29D40AEA29}" = NI Measurement & Automation Explorer 4.7.0
"{55AF38A4-B9BB-4052-86D8-F6C3A2D5DB78}" = NI Portable Configuration 4.7.0
"{56C9725B-CA13-4FAE-8CDB-E70906AFAEE3}" = NI LabWindows/CVI 2009 Code Generator
"{576F1764-9198-4709-9249-EA1F4C33D81A}" = NI System API RT 1.1.2
"{57BB52B7-6B7B-31F3-89F4-4EE8FE5CEF6D}" = Microsoft Help Viewer 1.1
"{59A4D1C4-BB47-4AB5-9851-372BD1643EFD}" = NI Instrument IO Assistant for LabVIEW 2010 32-bit
"{59B7E8FF-7BE3-4C91-A8E9-0D998D578329}" = NI OPC Support
"{5AB7D739-1735-3A9E-BE73-C43507CB4E6F}" = Microsoft Visual Studio 2010 Service Pack 1
"{5C0BBD9F-2D3F-4093-AD7B-3F7377E0EDCA}" = NI LabVIEW Real-Time NBFifo
"{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
"{5E81B080-4629-4EC3-AA90-538394122120}" = MSVC80_Runtime
"{60315A8A-5FCA-47CE-A856-681F3A9CDB5B}" = AVR Studio 5.0
"{6052FD3A-E988-4302-983F-642197DBDA8D}" = NI Assistant Framework LabVIEW Code Generator 2010
"{63E19B33-DD24-4EAB-9E77-6735C2171CE4}" = NI VC2005MSMs x86
"{673E0ADC-0F04-420F-B250-3AE72B2A78E4}" = NI Logos LabVIEW 2010 Support
"{6CD33838-7432-4BD3-93FE-A5C40A068BBB}" = NI MAX Remote Configuration Installer 4.7
"{6E0A9556-A848-4738-B4DB-468DF8F5EF37}" = NI LabVIEW Run-Time Engine 2010
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{712723FB-BF99-4406-8F91-A2DB766AB2C9}" = NI VC2008MSMs x86
"{73661C77-DB65-416D-9B7A-543AC88EA846}" = NI LabVIEW 2010 Manuals
"{74BB2D2F-E1AE-44EC-9714-0BF15BFD918D}" = ProfiTrace V2.6.1
"{74C9CAE2-7D42-40C2-A0CC-15393E12AABC}" = NI LabVIEW 2010 Web Server
"{74DBB98D-B4A7-4DD9-9E13-C51FDB1105D0}" = NI LabWindows/CVI 2010 SP1 Low-Level Driver (Updated)
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}" = Microsoft SQL Server 2008 R2 Management Objects
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7C62B54A-E524-4F3D-83E7-0F2ABAFC978A}" = NI Xalan Delay Load 1.10.1
"{8327309A-62EA-44CF-B708-B9D98963EF42}" = NI LabVIEW 2010 Help
"{8695FC18-0685-4F47-B8C4-E09BC03935C6}" = NI LabVIEW Compare Utility 10.0.0
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{877B76B2-F83F-4F5A-B28D-3F398641ADB6}" = Microsoft SQL Server System CLR Types
"{8875F085-4F00-4462-B52F-507E568EB75F}" = NI SSL LabVIEW 2010 Support
"{89FC36E5-5C62-499B-8207-9014C484F65C}" = NI-RPC 4.2.0f0
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{8DA7D661-2184-4B78-8220-73F9878E9992}" = NI USI 1.8.0
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{94748C43-8C0A-410E-9C84-AD718C494307}" = NI LabVIEW 2010
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A87DA58-1C1C-4305-BD69-231886F03191}" = NI Uninstaller
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C1794A9-4514-4D81-91BB-570CCE1F1F0C}" = NI LabVIEW 2010
"{9EB3DE10-EF40-437F-876A-C2F1577D4F66}" = Cevicon_3.5i
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A27F9884-D0F7-4788-B016-CC55FA3015D3}" = NI Logos XT Support
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5B57591-4E0C-4EF0-8954-11781BC5CCA1}" = NI Remote PXI Provider for MAX 4.7.0
"{A8BE8637-98A7-4CFA-B064-44253A96DD69}" = NI mDNS Responder 1.3.0
"{A999B934-1EBA-415F-BA5B-5036E0811956}" = NI Example Finder 10.0
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AB55A100-AAC9-43EA-845E-2DCDC0D4D2B8}" = NI Math Kernel Libraries
"{ABD79E99-F9E3-413B-8D18-11070754355F}" = NI Math Kernel Libraries
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
"{AC76BA86-7AD7-2447-0000-900000000003}" = Chinese Simplified Fonts Support For Adobe Reader 9
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{B02DF253-C315-4869-BB65-0054B0C2A0A4}" = NI LabVIEW 2010 Help File
"{B3D1CFF9-C5DA-3590-894B-40821DDB67C5}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{B4D09BE5-59C1-434C-85D9-DBF135A44CB6}" = NI Authentication 1.0
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BD7905FA-8134-4B25-88D0-0A944B5BA4F7}" = NI Remote Provider for MAX 4.7.0
"{BEBCBC05-4B39-4935-8B7C-B06E9FF1EA2A}" = NI EulaDepot
"{C05BC4CD-C001-37E7-939C-3392604DFBEF}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1C8BDB9-8FBA-4200-B5D4-18EB27850916}" = NI-DAQmx/LabVIEW shared documentation 1.7.5
"{C2AD80E1-9484-42F4-BA13-B3B045723ACB}" = NI Variable Engine 2.4.0
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CA30E58F-D4AA-43B9-B740-29D358357B2F}" = NI LabVIEW 2010 Deployment Framework
"{CC038D57-788A-4544-BF8F-179E5CF50D2F}" = Microsoft Visual C++ 2005 SP1 CRT Redistributable
"{CD0FCF9E-E1BF-435F-9758-9D7B6200806A}" = PCD (PROCENTEC Communication Driver)
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEDBF278-329A-4FD6-8F1D-82BDC8121D8C}" = NI TDMS
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D0409C8F-7F01-41A0-B7B2-1031D766CE53}" = NI System Configuration 1.1.2
"{D361B9E5-E918-48CB-BEC3-8E44A5F6E624}" = NI LabVIEW 2009 SP1 Run-Time Engine Web Services
"{D581FB60-4827-4AB0-9BF0-A1159C1D0579}" = NI License Manager
"{D64B6984-242F-32BC-B008-752806E5FC44}" = Microsoft Visual Studio 2010 Shell (Isolated) - ENU
"{DAA922C9-D005-4F98-8543-D94DD103F491}" = NI LabVIEW 2010
"{DAD2AE4C-B4FA-11D4-AC04-0090276F49CA}" = ActivePerl Build 622
"{DB2C5648-700D-4AEF-83E1-70C72F0C34FA}" = NI Math Kernel Libraries
"{DB68B420-5382-48EE-9A2A-CB984FEBB192}" = NI LabVIEW Web Server for Run-Time Engine
"{DBB123AF-C399-48BB-B3E3-14B953321D0B}" = AVRStudio4
"{DEC25D81-2317-47F6-8B26-D54A939DA1EE}" = NI LabVIEW C Interface
"{DFC467FC-88CE-4568-88CB-51E5AF6C7B63}_is1" = Image Describe 1.0
"{E0A9CA4D-349A-451E-BEC3-3870AEB7C168}" = PROFIBUS-DP Master Simulator
"{E0C32607-2DD4-4124-9A74-351D135FAD4B}" = NI Distributed System Manager 2010
"{E1D60C68-016C-4951-8C1F-52E24DFE7836}" = NI CodeSignAPI
"{E4DA55EF-5374-4E3D-B3A7-9DA930E25414}" = NI LabVIEW Web Services Runtime
"{E69A31C9-F24F-4A1A-BEAD-B1AA255760C1}" = NI Registration Wizard
"{E6C0EA48-8AF1-4A1C-9383-8F0706F22431}" = NI LabWindows/CVI DLL Builder for LabVIEW
"{E8F8861D-98E0-43FF-9E48-AC236CC3BE4E}" = AVR Jungo USB
"{EA7C218C-1F5E-47AF-9FC7-4B4255B8CB43}" = NI System API Windows 32-bit 1.1.2
"{EB026BC8-E00C-499D-BD87-89A0566BEB0E}" = AVRStudio4
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ECA841EF-06B7-42F2-973E-A4D3E30EC2FA}" = NI LabVIEW 2010 MeasAppChm File
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F055B0A4-8F75-4F85-B6FF-1C5BE10A72DC}" = NI LabWindows/CVI 9.0 Run-Time Engine
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F37CC885-1E37-4F2A-93F3-7F1E1EEBBEBB}" = NI LabVIEW Broker
"{F444664E-87EE-43D1-B829-0F78D3F20C79}" = NI TDM Excel Add-In 3.2
"{F57F2FCF-A66D-4F6F-A2CF-321B8DB4D385}" = AVR QTouch Studio
"{F7A7C15E-EA7C-47E9-870C-6ABFF1D19EC2}" = NI Web Interface Framework 1.0
"{FE24BCDF-9231-450D-AA08-D3550B81EE41}" = NI LabVIEW Web Server for Run-Time Engine
"{FFA0C0F9-4D1F-4B3A-B2A0-981841295AEC}" = AVRStudio5-ASF-Update
"12E480B8B522F8B0DB54C0A03B90FCB00B96CD3D" = Windows-Treiberpaket - Spectrum Digital (sdusb2em) SDUSBEmulators (12/05/2008 6.0.999.0)
"22794B1D2C0BB36E523BAF6ED24EF94EB1A84443" = Windows-Treiberpaket - Spectrum Digital (sdusb2em) SDUSBEmulators (03/25/2011 6.0.999.2)
"3B093C44CA19A7D5324F4A3CEB666DD4EBB257D6" = Windows-Treiberpaket - FTDI CDM Driver Package (10/22/2009 2.06.00)
"5AB23CC5A2E8D3A0AA129214C6F9CE8D7F4874B9" = Windows-Treiberpaket - FTDI CDM Driver Package (10/22/2009 2.06.00)
"664BA48B9B35AECDA0AED237C1528CBEC8862DA9" = Windows-Treiberpaket - EWA Technologies, Inc. (XDS560) TI_Emulators (11/11/2009 1.0.0.1)
"6DBBE862580281438868BCDD37A84E63A0FBB067" = Windows-Treiberpaket - FTDI CDM Driver Package - VCP Driver (03/18/2011 2.08.14)
"7-Zip" = 7-Zip 4.57
"ACBD450607B9A261AF1F694FAE00A92218E1F94B" = Windows-Treiberpaket - FTDI CDM Driver Package - Bus/D2XX Driver (03/18/2011 2.08.14)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon My Printer
"CCleaner" = CCleaner
"Code Composer Studio v5" = Code Composer Studio v5
"CSCLIB" = Canon Camera Support Core Library
"DPP" = Canon Utilities Digital Photo Professional 3.9
"EAGLE 5.11.0" = EAGLE 5.11.0
"EAGLE 6.1.0" = EAGLE 6.1.0
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"EOS Utility" = Canon Utilities EOS Utility
"Exact Audio Copy" = Exact Audio Copy 0.99pb4
"FTDICOMM" = FTDI USB Serial Converter Drivers
"hp LaserJet 2300 Uninstaller" = hp LaserJet 2300-Deinstallationsprogramm
"ie8" = Windows Internet Explorer 8
"InstallShield_{1332BD03-AB54-4AAE-8F98-2E4D52C96E30}" = MPLAB Tools v7.20
"JoJoThumb_is1" = JoJoThumb 2.9.4
"KRISTAL Audio Engine" = KRISTAL Audio Engine
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Micrografx Designer 7" = Micrografx Designer 7
"Micrografx Graphics Suite 2 Enterprise" = Micrografx Graphics Suite 2 Enterprise
"Micrografx Picture Publisher 7" = Micrografx Picture Publisher 7
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Developer Network - Visual Studio 6.0 (deu)" = MSDN Library - Visual Studio 6.0 (Deutsch)
"Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1
"Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"MP Navigator EX 5.0" = Canon MP Navigator EX 5.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero 6
"NI Uninstaller" = National Instruments - Software
"NVIDIA Drivers" = NVIDIA Drivers
"ODIR_is1" = ODIR
"Packetyzer_is1" = Network Chemistry Packetyzer 5.0.0
"PCD (PROCENTEC Communication Driver)" = PCD (PROCENTEC Communication Driver)
"ProfiTrace V2.6.1" = ProfiTrace V2.6.1
"PROHYBRIDR" = 2007 Microsoft Office system
"RealPlayer 15.0" = RealPlayer
"SmartToolsFeiertags-Assistentv3.00" = SmartTools Publishing • Outlook Feiertags-Assistent
"TeamViewer 7" = TeamViewer 7
"Tera Term_is1" = Tera Term 4.68
"Visual C++ 6.0 Standard Edition (deu)" = Microsoft Visual C++ 6.0 Standard Edition (Deutsch)
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WinAVR-20100110" = WinAVR 20100110 (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinMerge_is1" = WinMerge 2.12.0
"WinPcapInst" = WinPcap 4.0.2
"winusb0100" = Microsoft WinUsb 1.0
"Wireshark" = Wireshark 0.99.7
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"PocketMirror" = PocketMirror 3.1.7 (Standard Edition)
"WinDirStat" = WinDirStat 1.1.2
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 16.04.2012 14:14:24 | Computer Name = GUIDO-1 | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 192.168.1.100:5353 15 100.1.168.192.in-addr.arpa.
PTR GUIDO-2.local.
Error - 16.04.2012 14:14:24 | Computer Name = GUIDO-1 | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Unexpected conflict discarding 15 100.1.168.192.in-addr.arpa.
PTR GUIDO-1.local.
Error - 17.04.2012 00:48:13 | Computer Name = GUIDO-1 | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 192.168.1.100:5353 15 100.1.168.192.in-addr.arpa.
PTR GUIDO-2.local.
Error - 17.04.2012 00:48:13 | Computer Name = GUIDO-1 | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Unexpected conflict discarding 15 100.1.168.192.in-addr.arpa.
PTR GUIDO-1.local.
Error - 17.04.2012 01:03:03 | Computer Name = GUIDO-1 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 17.04.2012 01:03:03 | Computer Name = GUIDO-1 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1953
Error - 17.04.2012 01:03:03 | Computer Name = GUIDO-1 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1953
Error - 17.04.2012 10:38:25 | Computer Name = GUIDO-1 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 17.04.2012 10:38:25 | Computer Name = GUIDO-1 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 34523968
Error - 17.04.2012 10:38:25 | Computer Name = GUIDO-1 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 34523968
[ OSession Events ]
Error - 06.11.2011 08:24:40 | Computer Name = GUIDO-1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 4599
seconds with 120 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 16.04.2012 14:01:46 | Computer Name = GUIDO-1 | Source = Service Control Manager | ID = 7034
Description = Dienst "National Instruments Domain Service" wurde unerwartet beendet.
Dies ist bereits 1 Mal passiert.
Error - 16.04.2012 14:01:46 | Computer Name = GUIDO-1 | Source = Service Control Manager | ID = 7034
Description = Dienst "NI Configuration Manager" wurde unerwartet beendet. Dies ist
bereits 1 Mal passiert.
Error - 16.04.2012 14:01:47 | Computer Name = GUIDO-1 | Source = Service Control Manager | ID = 7034
Description = Dienst "National Instruments Time Synchronization" wurde unerwartet
beendet. Dies ist bereits 1 Mal passiert.
Error - 16.04.2012 14:01:47 | Computer Name = GUIDO-1 | Source = Service Control Manager | ID = 7034
Description = Dienst "National Instruments PSP Server Locator" wurde unerwartet
beendet. Dies ist bereits 1 Mal passiert.
Error - 16.04.2012 14:01:47 | Computer Name = GUIDO-1 | Source = Service Control Manager | ID = 7034
Description = Dienst "Lookout Citadel Server" wurde unerwartet beendet. Dies ist
bereits 1 Mal passiert.
Error - 16.04.2012 14:01:47 | Computer Name = GUIDO-1 | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist
bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
durchgeführt: Starten Sie den Dienst neu..
Error - 16.04.2012 14:01:47 | Computer Name = GUIDO-1 | Source = Service Control Manager | ID = 7034
Description = Dienst "Java Quick Starter" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 16.04.2012 14:01:48 | Computer Name = GUIDO-1 | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Avira Echtzeit Scanner" wurde unerwartet beendet. Dies
ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden
durchgeführt: Starten Sie den Dienst neu..
Error - 16.04.2012 14:01:48 | Computer Name = GUIDO-1 | Source = Service Control Manager | ID = 7034
Description = Dienst "Druckwarteschlange" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 17.04.2012 00:48:17 | Computer Name = GUIDO-1 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
agp440 amdagp IntelIde iteraid sisagp viaagp
< End of report >
--- --- ---
Danke.
Guido
16.04.2012, 18:49
Linear-Darstellung
