| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Bundespolizei - Trojaner 1.13 - Window 7Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
24.07.2012, 11:04
| #1 |
| |  Bundespolizei - Trojaner 1.13 - Window 7 Hi, ich habe seit heute auch den Trojaner, anscheinend Version 1.13. OS: Windows 7 64 Bit. Unten die Logs von Malwarebytes und OTL. Könnt ihr mir helfen? Malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.24.03 Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 9.0.8112.16421 Tobi :: IBOT [Administrator] 24.07.2012 09:16:38 mbam-log-2012-07-24 (09-16-38).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 506381 Laufzeit: 15 Minute(n), 2 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 1 HKLM\SOFTWARE\Google\chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki (PUP.Funmoods) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Tobi\0.7164734256573202.exe (Trojan.Agent.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter OTL logfile created on: 24.07.2012 11:53:02 - Run 1 OTL by OldTimer - Version 3.2.54.1 Folder = C:\Users\Tobi\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7.85 Gb Total Physical Memory | 6.59 Gb Available Physical Memory | 83.96% Memory free 15.70 Gb Paging File | 14.58 Gb Available in Paging File | 92.86% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 111.79 Gb Total Space | 31.19 Gb Free Space | 27.90% Space Free | Partition Type: NTFS Computer Name: IBOT | User Name: Tobi | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Tobi\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Programme\TortoiseSVN\bin\libsasl32.dll () MOD - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll () MOD - C:\Program Files (x86)\Gemalto\PKCS11 for .NET V2 smart cards\gtop11dotnet.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (CxAudMsg) -- C:\Windows\SysNative\CxAudMsg64.exe (Conexant Systems Inc.) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (DirMngr) -- C:\Program Files (x86)\GnuPG\dirmngr.exe () SRV - (tvnserver) -- C:\Programme\TightVNC\tvnserver.exe (GlavSoft LLC.) SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation) SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) SRV - (OpenVPNService) -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe () SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (AtherosSvc) -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe (Atheros Commnucations) SRV - (niLXIDiscovery) -- C:\Program Files (x86)\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe (National Instruments Corporation) SRV - (mxssvr) -- C:\Program Files (x86)\National Instruments\MAX\nimxs.exe (National Instruments Corporation) SRV - (NITaggerService) -- C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe (National Instruments Corporation) SRV - (NIDomainService) -- C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe (National Instruments Corporation) SRV - (lkTimeSync) -- C:\Windows\SysWOW64\lktsrv.exe (National Instruments Corporation) SRV - (lkClassAds) -- C:\Windows\SysWOW64\lkads.exe (National Instruments Corporation) SRV - (NINetworkDiscovery) -- C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe (National Instruments Corporation) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (nimDNSResponder) -- C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe (National Instruments Corporation) SRV - (niSvcLoc) -- C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe (National Instruments Corporation) SRV - (NIApplicationWebServer64) -- C:\Programme\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe (National Instruments Corporation) SRV - (NIApplicationWebServer) -- C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe (National Instruments Corporation) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (EgisTec Service) -- C:\Program Files (x86)\Acer Bio Protection\EgisService.exe (Egis Technology Inc. ) SRV - (EgisTec Ticket Service) -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe (Egis Technology Inc. ) SRV - (LkCitadelServer) -- C:\Windows\SysWOW64\lkcitdl.exe (National Instruments, Inc.) SRV - (NILM License Manager) -- C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe (Macrovision Corporation) SRV - (nipxirmu) -- C:\Windows\SysWOW64\nipxism.exe (National Instruments Corporation) SRV - (nidevldu) -- C:\Windows\SysWOW64\nipalsm.exe (National Instruments Corporation) SRV - (ni488enumsvc) -- C:\Windows\SysWOW64\nipalsm.exe (National Instruments Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (OpcEnum) -- C:\Windows\SysWOW64\Opcenum.exe (OPC Foundation) SRV - (ANSYS, Inc. License Manager) -- C:\Programme\ANSYS Inc\Shared Files\Licensing\winx64\ansysli_server.exe (ANSYS, Inc.) SRV - (GslShmSrvc) -- C:\Program Files (x86)\Gemalto\Classic Client\BIN\GslShmSrvc.exe (Gemalto) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation) DRV:64bit: - (Ser2pl) -- C:\Windows\SysNative\drivers\ser2pl64.sys (Prolific Technology Inc.) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\drivers\btath_rcp.sys (Atheros) DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\drivers\btath_lwflt.sys (Atheros) DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\drivers\btath_hcrp.sys (Atheros) DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\drivers\btath_flt.sys (Atheros) DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\drivers\btath_bus.sys (Atheros) DRV:64bit: - (btath_avdt) -- C:\Windows\SysNative\drivers\btath_avdt.sys (Atheros) DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\drivers\btath_a2dp.sys (Atheros) DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.) DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.) DRV:64bit: - (NiViPxiK) -- C:\Windows\SysNative\drivers\NiViPxiKl.sys (National Instruments Corporation) DRV:64bit: - (NiViPciK) -- C:\Windows\SysNative\drivers\NiViPciKl.sys (National Instruments Corporation) DRV:64bit: - (nipalfwedl) -- C:\Windows\SysNative\drivers\nipalfwedl.sys (National Instruments Corporation) DRV:64bit: - (nipalusbedl) -- C:\Windows\SysNative\drivers\nipalusbedl.sys (National Instruments Corporation) DRV:64bit: - (NIPALK) -- C:\Windows\SysNative\drivers\nipalk.sys (National Instruments Corporation) DRV:64bit: - (nifslk) -- C:\Windows\SysNative\drivers\nifslkl.sys (National Instruments Corporation) DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation) DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.) DRV:64bit: - (ni1065k) -- C:\Windows\SysNative\drivers\ni1065k.sys (National Instruments Corporation) DRV:64bit: - (ni1045k) -- C:\Windows\SysNative\drivers\ni1045kl.sys (National Instruments Corporation) DRV:64bit: - (nipxibrc) -- C:\Windows\SysNative\drivers\nipxibrc.sys (National Instruments Corporation) DRV:64bit: - (ni1006k) -- C:\Windows\SysNative\drivers\ni1006k.sys (National Instruments Corporation) DRV:64bit: - (nipxibaf) -- C:\Windows\SysNative\drivers\nipxibaf.sys (National Instruments Corporation) DRV:64bit: - (nicsrk) -- C:\Windows\SysNative\drivers\nicsrkl.sys (National Instruments Corporation) DRV:64bit: - (niraptrk) -- C:\Windows\SysNative\drivers\niraptrkl.sys (National Instruments Corporation) DRV:64bit: - (nicondrk) -- C:\Windows\SysNative\drivers\nicondrkl.sys (National Instruments Corporation) DRV:64bit: - (nicmrk) -- C:\Windows\SysNative\drivers\nicmrkl.sys (National Instruments Corporation) DRV:64bit: - (niswdk) -- C:\Windows\SysNative\drivers\niswdkl.sys (National Instruments Corporation) DRV:64bit: - (nidsark) -- C:\Windows\SysNative\drivers\nidsarkl.sys (National Instruments Corporation) DRV:64bit: - (niufurk) -- C:\Windows\SysNative\drivers\niufurkl.sys (National Instruments Corporation) DRV:64bit: - (nixsrk) -- C:\Windows\SysNative\drivers\nixsrkl.sys (National Instruments Corporation) DRV:64bit: - (niemrk) -- C:\Windows\SysNative\drivers\niemrkl.sys (National Instruments Corporation) DRV:64bit: - (niwfrk) -- C:\Windows\SysNative\drivers\niwfrkl.sys (National Instruments Corporation) DRV:64bit: - (nissrk) -- C:\Windows\SysNative\drivers\nissrkl.sys (National Instruments Corporation) DRV:64bit: - (niesrk) -- C:\Windows\SysNative\drivers\niesrkl.sys (National Instruments Corporation) DRV:64bit: - (nistc3rk) -- C:\Windows\SysNative\drivers\nistc3rkl.sys (National Instruments Corporation) DRV:64bit: - (nitiork) -- C:\Windows\SysNative\drivers\nitiorkl.sys (National Instruments Corporation) DRV:64bit: - (nimsdrk) -- C:\Windows\SysNative\drivers\nimsdrkl.sys (National Instruments Corporation) DRV:64bit: - (nidmxfk) -- C:\Windows\SysNative\drivers\nidmxfkl.sys (National Instruments Corporation) DRV:64bit: - (nimxpk) -- C:\Windows\SysNative\drivers\nimxpkl.sys (National Instruments Corporation) DRV:64bit: - (nimstsk) -- C:\Windows\SysNative\drivers\nimstskl.sys (National Instruments Corporation) DRV:64bit: - (FTDIBUS) -- C:\Windows\SysNative\drivers\ftdibus.sys (FTDI Ltd.) DRV:64bit: - (FTSER2K) -- C:\Windows\SysNative\drivers\ftser2k.sys (FTDI Ltd.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\drivers\RtsPStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation) DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation) DRV:64bit: - (FPSensor) -- C:\Windows\SysNative\drivers\FPSensor.sys (Egis Technology Inc.) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (hhdspmc64) -- C:\Windows\SysNative\drivers\hhdspmc64.sys (HHD Software Ltd.) DRV:64bit: - (nisdigk) -- C:\Windows\SysNative\drivers\nisdigkl.sys (National Instruments Corporation) DRV:64bit: - (nicdrk) -- C:\Windows\SysNative\drivers\nicdrkl.sys (National Instruments Corporation) DRV:64bit: - (ni488lock) -- C:\Windows\SysNative\drivers\ni488lock.sys (National Instruments Corporation) DRV:64bit: - (nisftk) -- C:\Windows\SysNative\drivers\nisftkl.sys (National Instruments Corporation) DRV:64bit: - (ninshsdk) -- C:\Windows\SysNative\drivers\ninshsdkl.sys (National Instruments Corporation) DRV:64bit: - (nipxirmk) -- C:\Windows\SysNative\drivers\nipxirmkl.sys (National Instruments Corporation) DRV:64bit: - (nispdk) -- C:\Windows\SysNative\drivers\nispdkl.sys (National Instruments Corporation) DRV:64bit: - (niscdk) -- C:\Windows\SysNative\drivers\niscdkl.sys (National Instruments Corporation) DRV:64bit: - (nimxdfk) -- C:\Windows\SysNative\drivers\nimxdfkl.sys (National Instruments Corporation) DRV:64bit: - (NIEthernetDeviceEnumerator) -- C:\Windows\SysNative\drivers\niede.sys (National Instruments Corporation) DRV:64bit: - (nipxigpk) -- C:\Windows\SysNative\drivers\nipxigpk.sys (National Instruments Corporation) DRV:64bit: - (nidimk) -- C:\Windows\SysNative\drivers\nidimkl.sys (National Instruments Corporation) DRV:64bit: - (nimdbgk) -- C:\Windows\SysNative\drivers\nimdbgkl.sys (National Instruments Corporation) DRV:64bit: - (nipbcfk) -- C:\Windows\SysNative\drivers\nipbcfk.sys (National Instruments Corporation) DRV:64bit: - (nistcrk) -- C:\Windows\SysNative\drivers\nistcrkl.sys (National Instruments Corporation) DRV:64bit: - (nimru2k) -- C:\Windows\SysNative\drivers\nimru2kl.sys (National Instruments Corporation) DRV:64bit: - (GemCCID) -- C:\Windows\SysNative\drivers\GemCCID.sys (Gemalto) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation) DRV:64bit: - (niorbk) -- C:\Windows\SysNative\drivers\niorbkl.sys (National Instruments Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (nistc2k) -- C:\Windows\SysNative\drivers\nistc2kl.sys (National Instruments Corporation) DRV:64bit: - (lvalarmk) -- C:\Windows\SysNative\drivers\lvalarmk.sys (National Instruments Corporation) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.funmoods.com/?f=1&a=ddrnw IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E2 FA C4 B7 47 29 CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {C03BE1C2-5105-4E98-BDC0-3C437350A90F} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{C03BE1C2-5105-4E98-BDC0-3C437350A90F}: "URL" = hxxp://start.funmoods.com/results.php?f=4&a=ddrnw&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2 FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86 FF - prefs.js..extensions.enabledItems: firegestures@xuldev.org:1.5.7 FF - prefs.js..extensions.enabledItems: coc@ble.pl:2.2.0.3.7 FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.11 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.6.9 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: autopager@mozilla.org:0.6.1.30 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..network.proxy.autoconfig_url: "hxxp://proxy.fem.tu-ilmenau.de/proxy.pac" FF - prefs.js..network.proxy.backup.ftp: "141.24.53.249" FF - prefs.js..network.proxy.backup.ftp_port: 3128 FF - prefs.js..network.proxy.backup.gopher: "" FF - prefs.js..network.proxy.backup.gopher_port: 0 FF - prefs.js..network.proxy.backup.socks: "141.24.53.249" FF - prefs.js..network.proxy.backup.socks_port: 3128 FF - prefs.js..network.proxy.backup.ssl: "141.24.53.249" FF - prefs.js..network.proxy.backup.ssl_port: 3128 FF - prefs.js..network.proxy.ftp: "141.24.53.249" FF - prefs.js..network.proxy.ftp_port: 3128 FF - prefs.js..network.proxy.gopher: "www-proxy.t-online.de" FF - prefs.js..network.proxy.gopher_port: 80 FF - prefs.js..network.proxy.http: "141.24.53.249" FF - prefs.js..network.proxy.http_port: 3128 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "141.24.53.249" FF - prefs.js..network.proxy.socks_port: 3128 FF - prefs.js..network.proxy.socks_version: 4 FF - prefs.js..network.proxy.ssl: "141.24.53.249" FF - prefs.js..network.proxy.ssl_port: 3128 FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@mozilla.zeniko.ch/SumatraPDF_Browser_Plugin: C:\Program Files (x86)\SumatraPDF\npPdfViewer.dll (Simon Bünzli) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKCU\Software\MozillaPlugins\@mozilla.zeniko.ch/SumatraPDF_Browser_Plugin: C:\Program Files (x86)\SumatraPDF\npPdfViewer.dll (Simon Bünzli) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Tobi\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Tobi\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{41ecbc0b-34d5-4cd4-935f-253a30e2cb7e}: C:\Program Files (x86)\Acer Bio Protection\FFExt [2012.05.03 18:48:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.20 19:23:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.07.11 07:30:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.06.16 13:29:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.05.03 18:14:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tobi\AppData\Roaming\mozilla\Extensions [2012.07.14 22:40:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tobi\AppData\Roaming\mozilla\Firefox\Profiles\vtifbk7n.default\extensions [2012.05.04 10:44:12 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Tobi\AppData\Roaming\mozilla\Firefox\Profiles\vtifbk7n.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2012.05.04 16:37:38 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\Tobi\AppData\Roaming\mozilla\Firefox\Profiles\vtifbk7n.default\extensions\DeviceDetection@logitech.com [2012.05.06 22:16:34 | 000,001,799 | ---- | M] () -- C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\vtifbk7n.default\searchplugins\funmoods.xml [2010.08.05 10:03:20 | 000,002,252 | ---- | M] () -- C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\vtifbk7n.default\searchplugins\ipv6-google-search.xml [2009.09.23 16:21:50 | 000,000,952 | ---- | M] () -- C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\vtifbk7n.default\searchplugins\youtube-videosuche.xml [2012.07.20 19:22:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.07.20 19:22:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions [2012.06.04 12:18:35 | 000,505,801 | ---- | M] () (No name found) -- C:\USERS\TOBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTIFBK7N.DEFAULT\EXTENSIONS\{1280606B-2510-4FE0-97EF-9B5A22EAFE30}.XPI [2012.06.24 12:26:25 | 000,344,664 | ---- | M] () (No name found) -- C:\USERS\TOBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTIFBK7N.DEFAULT\EXTENSIONS\AUTOPAGER@MOZILLA.ORG.XPI [2012.02.14 01:26:20 | 000,131,094 | ---- | M] () (No name found) -- C:\USERS\TOBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTIFBK7N.DEFAULT\EXTENSIONS\SOCIALFIXER@MATTKRUSE.COM.XPI [2012.07.17 23:15:12 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.06.09 18:05:10 | 000,025,088 | ---- | M] (National Instruments) -- C:\Program Files (x86)\mozilla firefox\plugins\nplv2010win32.dll [2011.06.22 11:43:54 | 000,026,112 | ---- | M] (National Instruments) -- C:\Program Files (x86)\mozilla firefox\plugins\nplv2011win32.dll [2009.10.22 09:28:40 | 000,028,448 | ---- | M] (National Instruments) -- C:\Program Files (x86)\mozilla firefox\plugins\NPLV82Win32.dll [2008.12.10 14:49:34 | 000,023,040 | ---- | M] (National Instruments) -- C:\Program Files (x86)\mozilla firefox\plugins\nplv86win32.dll [2010.10.19 18:15:20 | 000,025,088 | ---- | M] (National Instruments) -- C:\Program Files (x86)\mozilla firefox\plugins\nplv90win32.dll [2012.07.17 23:52:25 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.07.17 23:52:25 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.07.17 23:52:25 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.07.17 23:52:26 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.07.17 23:52:25 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.07.17 23:52:25 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://start.funmoods.com/?f=1&a=ddrnw CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://start.funmoods.com/?f=1&a=ddrnw CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Tobi\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Tobi\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Tobi\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\nppdf32.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll CHR - plugin: Java(TM) Platform SE 6 U32 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 6.0.320.5 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: SumatraPDF Browser Plugin (Enabled) = C:\Program Files (x86)\SumatraPDF\npPdfViewer.dll CHR - plugin: Google Update (Enabled) = C:\Users\Tobi\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - Extension: YouTube = C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Google Mail = C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (EgisPBIE Class) - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\Acer Bio Protection\x64\EgisPBIE.dll (Egis Technology Inc.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (EgisPBIE Class) - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\Acer Bio Protection\EgisPBIE.dll (Egis Technology Inc.) O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations) O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications) O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.) O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [tvncontrol] C:\Program Files\TightVNC\tvnserver.exe (GlavSoft LLC.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [NI Update Service] C:\Program Files (x86)\National Instruments\Shared\Update Service\NIUpdateService.exe (National Instruments) O4 - HKLM..\Run: [niDevMon] C:\Program Files (x86)\National Instruments\NI-DAQ\HWConfig\nidevmon.exe (National Instruments Corporation) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [RegTool] C:\Program Files (x86)\Gemalto\Classic Client\BIN\RegTool.exe () O4 - HKLM..\Run: [VitaKeyTSR] C:\Program Files (x86)\Acer Bio Protection\EgisTSR.exe (Egis Technology Inc. ) O4 - HKCU..\Run: [Akamai NetSession Interface] "C:\Users\Tobi\AppData\Local\Akamai\netsession_win.exe" File not found O4 - HKCU..\Run: [NIRegistrationWizard] C:\Program Files (x86)\National Instruments\Shared\RegistrationWizard\Bin\RegistrationWizard.exe () O4 - HKCU..\Run: [qdjwfoqfwctited] C:\ProgramData\qdjwfoqf.exe () O4 - HKCU..\Run: [StrokeIt] C:\Program Files (x86)\StrokeIt\StrokeIt.exe () O4 - Startup: C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Tobi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Psi.lnk = C:\Program Files (x86)\Psi\Psi.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll (National Instruments Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll (National Instruments Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 141.24.53.248 141.24.53.227 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5F08A7EE-2E62-4DA7-97F4-35E8590CDDF7}: DhcpNameServer = 141.24.53.248 141.24.53.227 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9F1DC218-ED83-43D8-AA5D-553FC02B8E21}: DhcpNameServer = 141.24.53.248 141.24.53.227 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9F1DC218-ED83-43D8-AA5D-553FC02B8E21}: Domain = fem.tu-ilmenau.de O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A9B1F1B3-A96F-4184-A918-084C10E8C9C6}: DhcpNameServer = 141.24.53.248 141.24.53.227 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A9B1F1B3-A96F-4184-A918-084C10E8C9C6}: Domain = fem.tu-ilmenau.de O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.07.24 11:39:36 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Tobi\Desktop\OTL.exe [2012.07.24 09:15:56 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Roaming\Malwarebytes [2012.07.24 09:15:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.07.24 09:15:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.07.24 09:15:53 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.07.24 09:15:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.07.24 08:47:32 | 000,000,000 | ---D | C] -- C:\ProgramData\lqdenbynwxmheay [2012.07.19 17:29:18 | 000,000,000 | ---D | C] -- C:\Campus EM Griechenland [2012.07.19 17:27:09 | 000,000,000 | ---D | C] -- C:\Fotos Campus EM Dänemark [2012.07.19 15:34:56 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Roaming\MiKTeX [2012.07.19 15:34:55 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Local\MiKTeX [2012.07.19 15:33:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiKTeX 2.9 [2012.07.19 15:32:59 | 000,000,000 | ---D | C] -- C:\ProgramData\MiKTeX [2012.07.19 15:32:02 | 000,000,000 | ---D | C] -- C:\Program Files\MiKTeX 2.9 [2012.07.19 13:01:11 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Roaming\xm1 [2012.07.19 12:54:53 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Texmaker [2012.07.19 12:54:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Texmaker [2012.07.19 12:54:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Texmaker [2012.07.15 22:07:52 | 000,000,000 | ---D | C] -- C:\Users\Tobi\Documents\My Videos [2012.07.15 22:07:51 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Local\CyberLink [2012.07.15 22:05:33 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Crystal Eye Webcam [2012.07.15 22:05:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acer [2012.07.15 00:14:43 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Local\MetaGeek,_LLC [2012.07.15 00:03:33 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MetaGeek [2012.07.15 00:03:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MetaGeek [2012.07.13 00:02:53 | 000,000,000 | ---D | C] -- C:\Users\Tobi\Desktop\Neuer Ordner [2012.07.11 22:48:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JKI [2012.07.11 22:48:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JKI [2012.07.11 22:48:00 | 000,000,000 | ---D | C] -- C:\ProgramData\JKI [2012.07.11 08:38:54 | 000,000,000 | ---D | C] -- C:\Users\Tobi\Documents\LabVIEW Data [2012.07.11 07:25:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\cvirte [2012.07.11 07:25:28 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\cvirte [2012.07.11 07:24:58 | 000,000,000 | ---D | C] -- C:\ProgramData\IVI Foundation [2012.07.11 07:24:58 | 000,000,000 | ---D | C] -- C:\Program Files\IVI Foundation [2012.07.11 07:24:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IVI Foundation [2012.07.11 07:22:56 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HI-TECH Software [2012.07.11 07:22:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HI-TECH Software [2012.07.11 07:22:02 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\National Instruments [2012.07.11 07:16:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\National Instruments [2012.07.11 07:16:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Merge Modules [2012.07.11 07:16:27 | 000,000,000 | ---D | C] -- C:\Program Files\National Instruments [2012.07.11 07:15:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\National Instruments [2012.07.09 18:24:50 | 000,000,000 | ---D | C] -- C:\Users\Tobi\Documents\Arduino [2012.07.09 18:24:50 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Roaming\Arduino [2012.07.09 18:04:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tera Term [2012.07.09 18:04:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\teraterm [2012.07.09 16:46:30 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CommFront [2012.07.09 16:46:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CommFront [2012.07.09 16:41:59 | 000,039,472 | ---- | C] (HHD Software Ltd.) -- C:\Windows\SysNative\drivers\hhdspmc64.sys [2012.07.09 16:41:59 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE [2012.07.09 16:41:58 | 000,000,000 | ---D | C] -- C:\Program Files\HHD Software [2012.07.09 13:19:11 | 000,154,624 | ---- | C] (Prolific Technology Inc.) -- C:\Windows\SysNative\drivers\ser2pl64.sys [2012.07.09 13:19:11 | 000,035,892 | ---- | C] (Prolific Technology Inc.) -- C:\Windows\SysWow64\SER9PL.sys [2012.07.04 17:08:10 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Local\ElevatedDiagnostics [2012.06.24 12:29:00 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2012.06.24 12:27:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gemalto [2012.06.24 12:27:50 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\GPinPad [2012.06.24 12:27:50 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\gpccard [2012.06.24 12:27:50 | 000,000,000 | ---D | C] -- C:\Program Files\Gemalto [2012.05.04 17:23:55 | 001,157,352 | ---- | C] (SoftPerfect Research) -- C:\Program Files\netscan.exe [2012.05.04 15:44:31 | 000,483,328 | ---- | C] (Simon Tatham) -- C:\Program Files\putty.exe ========== Files - Modified Within 30 Days ========== [2012.07.24 11:51:53 | 000,000,168 | ---- | M] () -- C:\Users\Tobi\defogger_reenable [2012.07.24 11:51:24 | 000,050,477 | ---- | M] () -- C:\Users\Tobi\Desktop\Defogger.exe [2012.07.24 11:40:57 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.07.24 11:40:57 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.07.24 11:40:57 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.07.24 11:40:57 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.07.24 11:40:57 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.07.24 11:39:37 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Tobi\Desktop\OTL.exe [2012.07.24 11:36:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.24 11:36:45 | 2028,212,223 | -HS- | M] () -- C:\hiberfil.sys [2012.07.24 09:16:13 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.24 08:59:25 | 000,020,496 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.24 08:59:25 | 000,020,496 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.24 08:47:33 | 000,000,051 | ---- | M] () -- C:\ProgramData\oizvggwsokvizxg [2012.07.24 08:47:29 | 000,057,344 | ---- | M] () -- C:\ProgramData\qdjwfoqf.exe [2012.07.24 08:32:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1075945210-3722903961-1690909599-1000UA.job [2012.07.23 19:32:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1075945210-3722903961-1690909599-1000Core.job [2012.07.23 15:15:05 | 000,000,600 | ---- | M] () -- C:\Users\Tobi\AppData\Local\PUTTY.RND [2012.07.22 20:18:54 | 002,185,425 | ---- | M] () -- C:\Users\Tobi\Desktop\test.jpg [2012.07.22 20:11:22 | 002,818,302 | ---- | M] () -- C:\Users\Tobi\Desktop\test.psd [2012.07.20 01:11:40 | 007,918,974 | ---- | M] () -- C:\Users\Tobi\Desktop\dsc_1461.jpg [2012.07.15 00:03:33 | 000,003,039 | ---- | M] () -- C:\Users\Tobi\Desktop\inSSIDer.lnk [2012.07.14 00:17:20 | 005,220,627 | ---- | M] () -- C:\Users\Tobi\Desktop\ilm1-2010200304.pdf [2012.07.12 13:24:34 | 000,095,920 | ---- | M] () -- C:\Users\Tobi\Desktop\Unbenannt-1.jpg [2012.07.11 08:27:50 | 000,459,232 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.07.11 08:26:10 | 000,167,878 | ---- | M] () -- C:\Windows\SysWow64\niorbmap [2012.07.11 07:20:26 | 000,001,092 | ---- | M] () -- C:\Users\Public\Desktop\Measurement & Automation.lnk [2012.07.11 07:17:48 | 000,001,223 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NI Error Reporting.lnk [2012.07.09 20:07:50 | 000,000,510 | ---- | M] () -- C:\Windows\SysNative\Simias.UninstallLog [2012.07.09 20:07:50 | 000,000,468 | ---- | M] () -- C:\Windows\SysNative\iFolderApp.UninstallLog [2012.07.09 20:07:32 | 000,000,024 | ---- | M] () -- C:\Users\Tobi\AppData\Local\domain.list [2012.07.09 18:04:07 | 000,001,889 | ---- | M] () -- C:\Users\Tobi\Desktop\Tera Term.lnk [2012.07.09 16:46:30 | 000,002,865 | ---- | M] () -- C:\Users\Tobi\Desktop\232Analyzer.lnk [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.06.29 14:49:27 | 000,004,764 | ---- | M] () -- C:\Users\Tobi\Desktop\Unbenannt 1.csv [2012.06.24 12:50:08 | 000,014,274 | ---- | M] () -- C:\Users\Tobi\Desktop\ImmatrikulationVS55362a74-fdfe-47a3-94e4-d68b9be99b6c.pdf [2012.06.24 12:49:50 | 000,014,271 | ---- | M] () -- C:\Users\Tobi\Desktop\Immatrikulationfc795f5c-22f9-4e7e-a1a3-b5b639381b9e.pdf ========== Files Created - No Company Name ========== [2012.07.24 11:51:53 | 000,000,168 | ---- | C] () -- C:\Users\Tobi\defogger_reenable [2012.07.24 11:51:24 | 000,050,477 | ---- | C] () -- C:\Users\Tobi\Desktop\Defogger.exe [2012.07.24 09:15:54 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.24 08:47:32 | 000,057,344 | ---- | C] () -- C:\ProgramData\qdjwfoqf.exe [2012.07.24 08:47:29 | 000,000,051 | ---- | C] () -- C:\ProgramData\oizvggwsokvizxg [2012.07.22 20:11:28 | 002,185,425 | ---- | C] () -- C:\Users\Tobi\Desktop\test.jpg [2012.07.22 20:06:52 | 002,818,302 | ---- | C] () -- C:\Users\Tobi\Desktop\test.psd [2012.07.20 01:11:39 | 007,918,974 | ---- | C] () -- C:\Users\Tobi\Desktop\dsc_1461.jpg [2012.07.15 00:03:33 | 000,003,039 | ---- | C] () -- C:\Users\Tobi\Desktop\inSSIDer.lnk [2012.07.14 00:17:20 | 005,220,627 | ---- | C] () -- C:\Users\Tobi\Desktop\ilm1-2010200304.pdf [2012.07.12 11:10:49 | 000,095,920 | ---- | C] () -- C:\Users\Tobi\Desktop\Unbenannt-1.jpg [2012.07.11 22:48:12 | 000,002,296 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LabVIEW Tools Network.lnk [2012.07.11 22:48:11 | 000,002,067 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VI Package Manager.lnk [2012.07.11 07:25:59 | 000,167,878 | ---- | C] () -- C:\Windows\SysWow64\niorbmap [2012.07.11 07:20:26 | 000,001,092 | ---- | C] () -- C:\Users\Public\Desktop\Measurement & Automation.lnk [2012.07.11 07:18:34 | 000,001,069 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\National Instruments LabVIEW 2011 (32 Bit).lnk [2012.07.11 07:17:48 | 000,001,223 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NI Error Reporting.lnk [2012.07.09 20:07:50 | 000,000,510 | ---- | C] () -- C:\Windows\SysNative\Simias.UninstallLog [2012.07.09 20:07:50 | 000,000,468 | ---- | C] () -- C:\Windows\SysNative\iFolderApp.UninstallLog [2012.07.09 18:04:07 | 000,001,889 | ---- | C] () -- C:\Users\Tobi\Desktop\Tera Term.lnk [2012.07.09 16:46:30 | 000,002,865 | ---- | C] () -- C:\Users\Tobi\Desktop\232Analyzer.lnk [2012.07.09 13:19:11 | 000,026,719 | ---- | C] () -- C:\Windows\SysWow64\SERSPL.VXD [2012.06.29 14:26:09 | 000,004,764 | ---- | C] () -- C:\Users\Tobi\Desktop\Unbenannt 1.csv [2012.06.24 12:50:09 | 000,014,274 | ---- | C] () -- C:\Users\Tobi\Desktop\ImmatrikulationVS55362a74-fdfe-47a3-94e4-d68b9be99b6c.pdf [2012.06.24 12:49:55 | 000,014,271 | ---- | C] () -- C:\Users\Tobi\Desktop\Immatrikulationfc795f5c-22f9-4e7e-a1a3-b5b639381b9e.pdf [2012.06.18 15:17:16 | 000,871,424 | ---- | C] () -- C:\Program Files\Vorlesungsverzeichnis-v1.19.exe [2012.06.12 09:42:16 | 000,003,584 | ---- | C] () -- C:\Users\Tobi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.05.19 18:23:02 | 000,000,136 | ---- | C] () -- C:\Users\Tobi\file.err [2012.05.13 14:07:31 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll [2012.05.13 14:07:31 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll [2012.05.13 14:07:31 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll [2012.05.08 19:46:28 | 001,590,378 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.05.06 17:29:35 | 000,000,600 | ---- | C] () -- C:\Users\Tobi\AppData\Roaming\winscp.rnd [2012.05.05 09:37:10 | 000,000,024 | ---- | C] () -- C:\Users\Tobi\AppData\Local\domain.list [2012.05.04 15:46:06 | 000,000,600 | ---- | C] () -- C:\Users\Tobi\AppData\Local\PUTTY.RND [2012.05.03 21:53:48 | 000,007,605 | ---- | C] () -- C:\Users\Tobi\AppData\Local\Resmon.ResmonCfg [2012.05.03 18:43:58 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll [2012.03.19 23:31:16 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2012.03.19 23:31:16 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2012.03.19 23:31:16 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2012.03.19 23:25:58 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.03.19 22:21:14 | 013,212,672 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2011.06.10 13:52:52 | 000,000,244 | ---- | C] () -- C:\Windows\SysWow64\nirpc.ini [2011.03.23 11:54:44 | 000,050,272 | ---- | C] () -- C:\Windows\SysWow64\nispdu.dll ========== LOP Check ========== [2012.05.08 20:39:42 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\.algor [2012.05.19 18:26:19 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\Ansys [2012.07.09 18:24:50 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\Arduino [2012.05.08 21:00:29 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\Autodesk [2012.05.11 13:40:18 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\DAEMON Tools Lite [2012.05.08 17:33:21 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\DassaultSystemes [2012.05.05 09:33:47 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\Downloaded Installations [2012.07.24 09:33:34 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\Dropbox [2012.05.04 16:34:45 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\e-academy Inc [2012.05.08 19:38:11 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\EW4App [2012.05.25 23:10:30 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\FileZilla [2012.05.08 16:43:33 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\FreeCAD [2012.07.23 01:05:32 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\gnupg [2012.05.05 18:02:16 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\iFolder [2012.06.06 09:48:35 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\InfraRecorder [2012.06.01 16:56:20 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\IrfanView [2012.05.04 16:39:30 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\Leadertech [2012.05.22 20:09:47 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\LibreOffice [2012.05.04 15:26:27 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\Notepad++ [2012.05.04 10:06:46 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\Psi+ [2012.05.05 09:36:59 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\simias [2012.05.05 09:36:35 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\Subversion [2012.05.03 22:00:22 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\SumatraPDF [2012.05.04 12:28:09 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\TCB Networks [2012.05.04 11:03:26 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\Thunderbird [2012.05.26 12:07:13 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\TightVNC [2012.07.19 15:29:44 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\xm1 [2009.07.14 07:08:49 | 000,015,750 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:1FB1CEE3 @Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:A1EDB939 < End of report > Extras.txt: Code:
ATTFilter OTL Extras logfile created on: 24.07.2012 11:53:02 - Run 1
OTL by OldTimer - Version 3.2.54.1 Folder = C:\Users\Tobi\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7.85 Gb Total Physical Memory | 6.59 Gb Available Physical Memory | 83.96% Memory free
15.70 Gb Paging File | 14.58 Gb Available in Paging File | 92.86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111.79 Gb Total Space | 31.19 Gb Free Space | 27.90% Space Free | Partition Type: NTFS
Computer Name: IBOT | User Name: Tobi | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{968E3142-D80F-4EA2-9168-DF8A05E9D62E}" = lport=3389 | protocol=6 | dir=in | svc=termservice | app=%systemroot%\system32\svchost.exe |
"{ECFB09EE-417F-48D0-A1E4-7380D5736BBD}" = lport=3389 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4F08CF52-B016-4A68-944C-1304C9C0BE35}" = protocol=6 | dir=in | app=c:\program files\national instruments\shared\ni webserver\applicationwebserver.exe |
"{7D1BFEA2-7EB6-428A-B92E-11B160B6DF3B}" = protocol=17 | dir=in | app=c:\users\tobi\appdata\roaming\dropbox\bin\dropbox.exe |
"{A1B3113F-9286-4EA1-BAA0-2168570E977B}" = dir=in | app=c:\program files\tightvnc\tvnserver.exe |
"{C229CA86-D1D2-4089-A45B-2E31E803BAF1}" = protocol=17 | dir=in | app=c:\program files\national instruments\shared\ni webserver\applicationwebserver.exe |
"{CD4A55A3-AC69-4910-B11D-11764353D2A1}" = protocol=17 | dir=in | app=c:\program files (x86)\national instruments\shared\ni webserver\systemwebserver.exe |
"{D0E1BBB1-27FB-4791-AAB7-E3D6B6E1FD1B}" = protocol=6 | dir=in | app=c:\users\tobi\appdata\roaming\dropbox\bin\dropbox.exe |
"{E9F3CA92-CAD3-46F6-BDA4-C9D733553497}" = protocol=6 | dir=in | app=c:\program files (x86)\national instruments\shared\ni webserver\systemwebserver.exe |
"{EA30D05A-9AE8-4D94-8273-CA755C3AE4CD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"TCP Query User{0E99B79A-042B-4A52-8CBB-EE6687858FFB}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{1E087AE5-1BB1-438B-AEF5-8656882557D6}C:\program files (x86)\psi\psi.exe" = protocol=6 | dir=in | app=c:\program files (x86)\psi\psi.exe |
"TCP Query User{29CB8122-EA18-4986-B32E-377056373A9E}C:\program files (x86)\openvpn\bin\openvpn.exe" = protocol=6 | dir=in | app=c:\program files (x86)\openvpn\bin\openvpn.exe |
"TCP Query User{2D7D562A-5637-49BE-9FA8-E427F5C95738}C:\users\tobi\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\tobi\appdata\local\akamai\netsession_win.exe |
"TCP Query User{3358AB32-3803-4E61-8C21-EB57BA0CEB06}C:\program files\ansys inc\v120\framework\bin\win64\ansysfww.exe" = protocol=6 | dir=in | app=c:\program files\ansys inc\v120\framework\bin\win64\ansysfww.exe |
"TCP Query User{338FEF44-12F7-4900-AC6B-41C43380836F}C:\program files\ansys inc\v120\rsm\bin\ans.rsm.jmhost.exe" = protocol=6 | dir=in | app=c:\program files\ansys inc\v120\rsm\bin\ans.rsm.jmhost.exe |
"TCP Query User{387674EA-0AB3-4630-B8B5-79BE6C8E0E79}C:\program files\ansys inc\v120\aisol\bin\winx64\ansyswbu.exe" = protocol=6 | dir=in | app=c:\program files\ansys inc\v120\aisol\bin\winx64\ansyswbu.exe |
"TCP Query User{62972858-9BA5-4176-9287-365969C041D6}C:\program files\ansys inc\v120\rsm\bin\ans.rsm.shhost.exe" = protocol=6 | dir=in | app=c:\program files\ansys inc\v120\rsm\bin\ans.rsm.shhost.exe |
"TCP Query User{65E5BC96-B0AB-446F-A765-947D3C63546C}C:\program files (x86)\psi+\psi-plus.exe" = protocol=6 | dir=in | app=c:\program files (x86)\psi+\psi-plus.exe |
"TCP Query User{769339A7-75DA-4A44-85B3-F066C8EC244C}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{78A457D3-AB89-4FB8-9DC5-7AD15C1E01CB}C:\program files\ansys inc\v120\commonfiles\jre\winx64\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\ansys inc\v120\commonfiles\jre\winx64\bin\java.exe |
"TCP Query User{7A0EB05A-BC05-4816-84C8-596FE97485FD}C:\users\tobi\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\tobi\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{846B335B-7ADC-45EF-B36E-CC4809FF110B}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{84F222B0-DED4-43C8-9D77-BCD8CD9A9AA7}C:\program files (x86)\psi\psi.exe" = protocol=6 | dir=in | app=c:\program files (x86)\psi\psi.exe |
"TCP Query User{88EEB672-5F98-4A5F-ADDD-5C747AC97E1C}C:\program files\ansys inc\v120\commonfiles\tcl\bin\winx64\wish.exe" = protocol=6 | dir=in | app=c:\program files\ansys inc\v120\commonfiles\tcl\bin\winx64\wish.exe |
"TCP Query User{9130554A-FF6B-46D8-83F8-CED1042277EA}C:\program files\ansys inc\shared files\licensing\winx64\ansysli_client.exe" = protocol=6 | dir=in | app=c:\program files\ansys inc\shared files\licensing\winx64\ansysli_client.exe |
"TCP Query User{99A829CE-A001-49D0-AECC-22E32AADA3B7}C:\program files\ansys inc\v120\aisol\bin\winx64\ansys.solvermanager.exe" = protocol=6 | dir=in | app=c:\program files\ansys inc\v120\aisol\bin\winx64\ansys.solvermanager.exe |
"TCP Query User{A375F456-5763-447A-BADD-0B048CEAB687}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{A40856FC-353E-4845-A764-15E3318DA84E}C:\program files\ansys inc\shared files\licensing\winx64\ansysli_client.exe" = protocol=6 | dir=in | app=c:\program files\ansys inc\shared files\licensing\winx64\ansysli_client.exe |
"TCP Query User{A970DA90-1010-43DF-98A4-4DF918F4B4DE}C:\program files (x86)\national instruments\labview 2011\labview.exe" = protocol=6 | dir=in | app=c:\program files (x86)\national instruments\labview 2011\labview.exe |
"TCP Query User{B50E475B-0C61-4F33-8D2A-0663BD46D79C}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{B6B1D14F-0152-4D17-B749-88D7FE4BF291}C:\program files\ansys inc\v120\rsm\bin\ans.rsm.jmhost.exe" = protocol=6 | dir=in | app=c:\program files\ansys inc\v120\rsm\bin\ans.rsm.jmhost.exe |
"TCP Query User{C3217CD8-DDED-4130-8EBA-CE6505FE58D6}C:\program files\ansys inc\v120\framework\bin\win64\ansysfww.exe" = protocol=6 | dir=in | app=c:\program files\ansys inc\v120\framework\bin\win64\ansysfww.exe |
"TCP Query User{C38201E2-7766-4E8E-8C3E-45CA78C4F21C}C:\program files\ansys inc\v120\commonfiles\tcl\bin\winx64\wish.exe" = protocol=6 | dir=in | app=c:\program files\ansys inc\v120\commonfiles\tcl\bin\winx64\wish.exe |
"TCP Query User{D2C680C4-BD16-4B31-AF06-9C01C19543F3}C:\program files\ansys inc\v120\rsm\bin\ans.rsm.shhost.exe" = protocol=6 | dir=in | app=c:\program files\ansys inc\v120\rsm\bin\ans.rsm.shhost.exe |
"TCP Query User{D820191C-5954-4142-8D55-DCF29567AFCF}C:\program files (x86)\openvpn\bin\openvpn.exe" = protocol=6 | dir=in | app=c:\program files (x86)\openvpn\bin\openvpn.exe |
"TCP Query User{DB62BB06-7553-4EF4-9C4D-E215AB826E85}C:\program files (x86)\filezilla ftp client\filezilla.exe" = protocol=6 | dir=in | app=c:\program files (x86)\filezilla ftp client\filezilla.exe |
"TCP Query User{ED8A04DE-3AC9-4CD0-B6C3-CF529DDFB4EA}C:\program files\ansys inc\v120\aisol\bin\winx64\ansyswbu.exe" = protocol=6 | dir=in | app=c:\program files\ansys inc\v120\aisol\bin\winx64\ansyswbu.exe |
"TCP Query User{F0188D0F-60DD-4B3A-80C1-882E97A34E60}C:\program files\ansys inc\v120\aisol\bin\winx64\ansys.solvermanager.exe" = protocol=6 | dir=in | app=c:\program files\ansys inc\v120\aisol\bin\winx64\ansys.solvermanager.exe |
"TCP Query User{FA8BFBCC-E47E-41B3-9944-800603765F34}C:\program files (x86)\filezilla ftp client\filezilla.exe" = protocol=6 | dir=in | app=c:\program files (x86)\filezilla ftp client\filezilla.exe |
"TCP Query User{FF1B2041-858E-4249-8565-FA30BEB6935B}C:\users\tobi\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\tobi\appdata\local\akamai\netsession_win.exe |
"UDP Query User{0BE82192-3B06-4F3D-8ABA-9686A50E2D89}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{0BEFB6CE-3E7F-49BF-B777-FB63CC202E7D}C:\program files (x86)\psi+\psi-plus.exe" = protocol=17 | dir=in | app=c:\program files (x86)\psi+\psi-plus.exe |
"UDP Query User{0EDFD3C8-39DE-4857-9E80-CF8569A63EBF}C:\program files\ansys inc\v120\rsm\bin\ans.rsm.jmhost.exe" = protocol=17 | dir=in | app=c:\program files\ansys inc\v120\rsm\bin\ans.rsm.jmhost.exe |
"UDP Query User{1E8993AA-9381-40E5-A996-0D97E9213EAA}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{1FB58EE1-8F90-475B-9465-E15A3ABF5B6F}C:\program files\ansys inc\shared files\licensing\winx64\ansysli_client.exe" = protocol=17 | dir=in | app=c:\program files\ansys inc\shared files\licensing\winx64\ansysli_client.exe |
"UDP Query User{21FAF04C-163F-4735-A4DE-4791B7AD8D76}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{3202F427-A592-4B31-97E1-BF34376897CB}C:\users\tobi\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\tobi\appdata\local\akamai\netsession_win.exe |
"UDP Query User{33E2DD11-E064-4B11-A1C2-C3841E7B42DC}C:\program files\ansys inc\v120\commonfiles\jre\winx64\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\ansys inc\v120\commonfiles\jre\winx64\bin\java.exe |
"UDP Query User{3D52A538-C013-4864-8EF6-A267E8440A07}C:\program files\ansys inc\v120\rsm\bin\ans.rsm.jmhost.exe" = protocol=17 | dir=in | app=c:\program files\ansys inc\v120\rsm\bin\ans.rsm.jmhost.exe |
"UDP Query User{49595CF0-68F6-4139-9985-509A883954CD}C:\program files (x86)\psi\psi.exe" = protocol=17 | dir=in | app=c:\program files (x86)\psi\psi.exe |
"UDP Query User{5957B05B-8063-4AA8-9184-57C38593E46A}C:\program files\ansys inc\v120\aisol\bin\winx64\ansys.solvermanager.exe" = protocol=17 | dir=in | app=c:\program files\ansys inc\v120\aisol\bin\winx64\ansys.solvermanager.exe |
"UDP Query User{5CCBD879-4438-4FED-A87C-6DC4118E4788}C:\program files\ansys inc\v120\aisol\bin\winx64\ansys.solvermanager.exe" = protocol=17 | dir=in | app=c:\program files\ansys inc\v120\aisol\bin\winx64\ansys.solvermanager.exe |
"UDP Query User{6FE06232-195B-49DC-B177-102C31E22622}C:\program files\ansys inc\v120\rsm\bin\ans.rsm.shhost.exe" = protocol=17 | dir=in | app=c:\program files\ansys inc\v120\rsm\bin\ans.rsm.shhost.exe |
"UDP Query User{7392714C-DDDE-4997-82A3-2A3BCF21ABB9}C:\program files\ansys inc\v120\commonfiles\tcl\bin\winx64\wish.exe" = protocol=17 | dir=in | app=c:\program files\ansys inc\v120\commonfiles\tcl\bin\winx64\wish.exe |
"UDP Query User{7B0058D7-4703-440A-AC43-CC83FF0FF936}C:\program files\ansys inc\shared files\licensing\winx64\ansysli_client.exe" = protocol=17 | dir=in | app=c:\program files\ansys inc\shared files\licensing\winx64\ansysli_client.exe |
"UDP Query User{87DB5A61-986D-4521-9F8E-99F7ECE8EB6C}C:\program files\ansys inc\v120\commonfiles\tcl\bin\winx64\wish.exe" = protocol=17 | dir=in | app=c:\program files\ansys inc\v120\commonfiles\tcl\bin\winx64\wish.exe |
"UDP Query User{880D42AA-A2FB-4D24-9059-E2D55FABCFA6}C:\program files (x86)\filezilla ftp client\filezilla.exe" = protocol=17 | dir=in | app=c:\program files (x86)\filezilla ftp client\filezilla.exe |
"UDP Query User{9596493A-2705-415E-B52C-8A255BB29458}C:\users\tobi\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\tobi\appdata\local\akamai\netsession_win.exe |
"UDP Query User{A255568C-8A5A-47B2-A031-D5849A6C8519}C:\users\tobi\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\tobi\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{AD52665C-E7E2-47C4-AA14-35C7A23F505A}C:\program files (x86)\openvpn\bin\openvpn.exe" = protocol=17 | dir=in | app=c:\program files (x86)\openvpn\bin\openvpn.exe |
"UDP Query User{B68F25FC-33BD-4418-8504-AE8311D2B694}C:\program files (x86)\filezilla ftp client\filezilla.exe" = protocol=17 | dir=in | app=c:\program files (x86)\filezilla ftp client\filezilla.exe |
"UDP Query User{B7309AE0-4FD6-479B-9782-A34393C613EC}C:\program files\ansys inc\v120\aisol\bin\winx64\ansyswbu.exe" = protocol=17 | dir=in | app=c:\program files\ansys inc\v120\aisol\bin\winx64\ansyswbu.exe |
"UDP Query User{D6A20F15-ABC7-4533-9CF6-780A708531AD}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{DDE95222-0051-4862-83F9-2A372FECD8D9}C:\program files (x86)\psi\psi.exe" = protocol=17 | dir=in | app=c:\program files (x86)\psi\psi.exe |
"UDP Query User{DEF20748-8130-4C10-8CF3-D7698ABE6C83}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{E6A4BAB7-F008-49B7-A3D8-0B38D67D174A}C:\program files\ansys inc\v120\framework\bin\win64\ansysfww.exe" = protocol=17 | dir=in | app=c:\program files\ansys inc\v120\framework\bin\win64\ansysfww.exe |
"UDP Query User{E7EADF3C-D947-4510-BD6D-A9F05E97752C}C:\program files\ansys inc\v120\rsm\bin\ans.rsm.shhost.exe" = protocol=17 | dir=in | app=c:\program files\ansys inc\v120\rsm\bin\ans.rsm.shhost.exe |
"UDP Query User{F60DCBB4-28AD-4AFE-A042-AC552828CDBA}C:\program files\ansys inc\v120\framework\bin\win64\ansysfww.exe" = protocol=17 | dir=in | app=c:\program files\ansys inc\v120\framework\bin\win64\ansysfww.exe |
"UDP Query User{FBD10287-6FAB-4BED-A917-9F1F75C7C758}C:\program files\ansys inc\v120\aisol\bin\winx64\ansyswbu.exe" = protocol=17 | dir=in | app=c:\program files\ansys inc\v120\aisol\bin\winx64\ansyswbu.exe |
"UDP Query User{FC357F0D-40DC-444E-A0D5-4B56773E34D2}C:\program files (x86)\openvpn\bin\openvpn.exe" = protocol=17 | dir=in | app=c:\program files (x86)\openvpn\bin\openvpn.exe |
"UDP Query User{FDC42AD8-D97F-474F-ACDC-2C0D44F602F8}C:\program files (x86)\national instruments\labview 2011\labview.exe" = protocol=17 | dir=in | app=c:\program files (x86)\national instruments\labview 2011\labview.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{020DFD6B-8032-4237-9B68-BC5B1E42A684}" = NI Ethernet Device Enumerator 64-Bit
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0548BBBB-0511-4EF0-93E5-1234B023CB09}" = NI-DAQmx Switch Core for 64 Bit Windows 2.2.0
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0B7AFE8D-1265-4025-AD23-3624CEAD4F3C}" = NI Xalan Delay Load 1.10.1 64-bit
"{0B94017B-7924-4774-8444-16B992B4EA4E}" = NI STC for 64 Bit Windows 1.10.0
"{0D5534F6-AF96-489F-A69F-082199EE027F}" = NI Authentication 2.0 (64-bit)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{133458D4-55CA-4D3C-A83E-52156CCE3ACB}" = NI IVI Class Drivers (64-bit)
"{15707222-66D9-4053-B0B3-4F1071565E1A}" = NI-488.2 for Windows x64 version 2.8.1
"{1778742E-59D3-4090-AB8A-DAA281D66772}" = NI Assistant Framework 64-bit
"{1BA584C3-654B-4162-B1A3-386B05C3C2BC}" = NI IVI Compliance Package 4.4 (64-bit)
"{1C174277-CE5D-44A2-888F-2522A8B4739D}" = NI DataSocket 4.9 (64 Bit)
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{253843AC-CF8F-4F4C-B942-59FE46BD7C84}" = NI PXI Platform Framework 1.3.2 64-bit
"{29D5C4E9-1956-4F06-AA30-88CAEA33E1C1}" = NI-DAQmx MAX Support 64-bit 2.2.0
"{2C304E7A-A1E0-4E56-8679-7B7FC80BE6BE}" = NI-RPC 4.2.2f0 for 64 Bit Windows
"{3268C8FE-AEA7-48A0-ACA5-776CF8A9852F}" = NI-MDBG 1.10.0f0 for 64 Bit Windows
"{33E1FE8C-739F-479C-BDB2-E4D3D6BC1C54}" = NI FSL Installer for 64-Bit Windows 1.13.0
"{36399014-1508-46F3-A31B-379C3B1FC451}" = NI-DAQmx/LabVIEW shared documentation for 64 Bit Windows 1.9.5
"{36EA334E-C5A9-4A63-8C6C-0145A1242760}" = NI-MRU 2.11.1f0 for 64 Bit Windows
"{394E442A-637D-43EF-B402-4CFD88263CF0}" = Broadcom Gigabit Integrated Controller
"{3AFD5259-24B6-4332-8EEF-9947200DF693}" = NI GMP Windows 64-bit Installer 11.0.0
"{4168FF33-8D45-40B3-B2A8-FD91BB2A1BA0}" = NI mDNS Responder 1.6 for Windows 64-bit
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4E07E126-991F-4BA4-A0B9-35A54DAB3B33}" = NI-ORB 1.9.3f0 for 64 Bit Windows
"{4EBBC187-6988-4B10-A846-E1DBD2AD2B8D}" = NI Math Kernel Libraries (64-bit)
"{4EE0B022-366F-432B-98C6-4EB27C87774E}" = NI Math Kernel Libraries (64-bit)
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{50B2D9D8-87B6-49EE-BC5C-874119FD6B7B}" = NI Xerces Delay Load 2.7.3 64-bit
"{53794485-921A-4C71-8E82-6F5A15E9ECBA}" = NI Network Discovery 5.0 for Windows 64-bit
"{55C0A3D4-E95F-4C7D-98CE-2A01353B06EF}" = NI Common Digital for 64 Bit Windows 1.13.0
"{5780B596-E0C0-4E78-8671-6C80D2913366}" = NI TDMS (64-bit)
"{5783F2D7-B028-0409-0100-0060B0CE6BBA}" = DWG TrueView 2013
"{59AEDF7C-0D51-48A1-8829-3B4343319B68}" = NI-MXDF 1.11.5f1 for 64 Bit Windows
"{5C720EE4-F6A5-4BAD-ABC4-745D3D720EC9}" = NI Timing for 64 Bit Windows 2.3.0
"{5E3886A4-EAFC-40F6-A03E-14E594B1037D}" = NI Curl 1.1 (64-bit)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{678EB05F-D317-48C9-9C67-E33AE7C0F900}" = NI MXS 5.0.0 for 64 Bit Windows
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{723DFC01-183D-40E9-AE2E-4314ABC558D7}" = NI-653x Installer for 64 Bit Windows 1.9.4
"{75DD2A7A-D54F-4C1F-AE1F-5F023EDCCB26}" = NI RTSI UI Provider for 64 Bit Windows 1.0.0
"{8011A67E-2702-4A4E-867E-F491EF8A04B3}" = TightVNC
"{803E7FD0-02FE-440E-990A-77B0E50EC30B}" = NI Web Application Server 2.0 (64-bit)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{82DA2AE0-AC4B-4D34-BE7D-B4C720A1E7D2}" = NI VC2008MSMs x64
"{85B6FB54-339C-497E-80D5-1FC27E31CD27}" = NI-MX Expert Framework for 64 Bit Windows 2.8.0
"{86D21310-28DA-4843-83A8-17807E6A846B}" = NI MIO Device Drivers for 64 Bit Windows 2.6.0
"{88E18DCA-12DF-477F-9921-A804BC43AD3B}" = NI Calibration Provider Help for 64 Bit Windows
"{895C2A25-8CB1-4DFE-9816-030841464F74}" = NI-DIM 1.11.0f0 for 64 Bit Windows
"{899576E7-3569-417F-8EFE-EB881BE22EDE}" = NI MAX Remote Configuration 64-bit Installer 5.0
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D4DAF79-8A5A-4469-9AB6-FC8B411AD8F7}" = Classic Client 6.0 for 64 bits
"{8E245224-4496-44F3-8229-69AD3000BA28}" = NI RTSI Cable Core Installer for 64 Bit Windows 1.0.0
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{922317D8-F321-4F43-9D50-03399CECD597}" = NI MAX Support for 64 Bit Windows
"{93142995-F7F2-41A3-990C-0A9041E8A788}" = NI-DAQmx Documentation for 64 bit Windows 9.3.5
"{974391A4-9358-4122-951C-CE73EF490A40}" = NI System Configuration Runtime 5.0.0 for Windows 64-bit
"{9852ECEE-C1A0-4D3B-9702-00097BD8BE80}" = NI System State Publisher (64-bit)
"{99ACA06A-648E-4045-BF5C-A79EC35DBEE9}" = NI Trace Engine (64-bit)
"{9CE96256-FAF1-4E48-9CA1-02F7ED80A2E6}" = NI Logos64 5.3.0
"{A000F75A-A246-44A7-8079-9E9E7F9054B2}" = BioExcess
"{A2B07F9D-69FA-4BE8-A6B0-C0F13B5EDE62}" = NI USI 1.9.0 64-Bit
"{A336BF29-66E7-429E-A879-90B63A597496}" = NI IVI Engine (64-bit)
"{AC4088C0-E5F7-45F1-ACAB-0FB1C78AFA3F}" = NI Variable Engine (64-bit)
"{ACDE2A50-97CF-47FE-B92C-ED8147F85A9D}" = NI VC2005MSMs x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B0E1F009-F570-4114-AA2D-95788A3E3EAA}" = NI-APAL 2.1 64-Bit Error Files
"{B262144E-0AD8-44DF-A733-82409F88A3C8}" = NI IVI Class Simulation Drivers (64-bit)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 268.83
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 268.83
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 268.83
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.22.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B3ACDAEB-08E0-41F8-8789-D0A333AE4964}" = NI System Web Server Base 2.0 (64-bit)
"{B8F5F1F7-0A7B-4265-AAD5-AACFC4EA8E73}" = NI Dynamic Signal Acquisition for 64 Bit Windows 2.2.0
"{B9254715-D10D-4B4B-B002-54CBA61E6F64}" = NI LabVIEW Broker (64 bit)
"{C8786BF1-0278-4DAF-8015-EAF94CDF2F0C}" = NI-MXLC LabVIEW 2011 Support
"{CCC79B52-19CF-4A50-BE60-AEE3DE96B3EA}" = NI Web Pipeline 2.0.1 64-bit support
"{CCD7A659-74D4-4577-A3FE-4E5C8C3AEF14}" = NI-PAL 2.7.0f0 for 64 Bit Windows
"{CFCC7864-15DB-46AB-96A2-69F716E7D963}" = NI Logos64 XT Support
"{CFE1A50A-762C-4802-82F0-AD3F2B08CF7A}" = NI-VISA 5.1.0 64-bit Support
"{D198B514-B24E-43FC-AE19-E634F48B928C}" = NI System API Windows 64-bit 5.0.0
"{D2D22BEE-B7F1-49D0-9ED6-86D0B2CEDFAD}" = TortoiseSVN 1.7.6.22632 (64 bit)
"{D5D8BFCD-C9F4-488A-B660-8876D02AA572}" = NI Portable Configuration for 64 Bit Windows 5.0.0
"{D6B2A074-836C-47C2-88B0-270C29192F3D}" = NI RTSI PAL Device Library Installer for 64 Bit Windows 1.0.0
"{D7CCDF1B-6819-4003-87BB-F6F1BDC48C2E}" = NI-MXLC LabVIEW 2009 Support
"{D91ACEAA-C14F-4172-8AF1-AD40FEE8E325}" = NI-MXLC Core (64-bit)
"{D9F81649-D7A6-4FA0-856C-76CDB1120F9D}" = NI Spy Windows 64 Support 3.0.0
"{DA798CB8-D760-47CC-BC55-AA864E8D22F1}" = NI DAQ Assistant 64-bit 2.0.0
"{DD9D1FE4-43FC-4FE2-940A-33A95F2AB348}" = NI LabWindows/CVI 2009 Run-Time Engine (64-bit)
"{E3867DF9-81D4-40BC-880C-1F134FECF995}" = NI Help Assistant (64bit)
"{E45B7F5F-A814-4C15-A0D6-14CEE02AD72D}" = NI SSL Support (64-bit)
"{E6819B9C-7279-4EFC-8426-968DB116F545}" = NI-VISA 5.1.0 Provider 64-bit Support
"{E807BDD0-9A9F-453B-992A-927F9499B668}" = NI PXI Hardware 64-bit Support 2.6.2
"{E9F226A6-A0FB-4077-B47E-DFB44825C659}" = NI-MXLC LabVIEW 2010 Support
"{EDC7187A-CA7C-472E-81CD-84806FDB1B6F}" = NI Math Kernel Libraries (64-bit)
"{F35499BF-B4E7-4C3F-8769-229D9DE3E07E}" = IVI Shared Component 64-bit
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F63D3568-80A4-47AB-B97D-8988DF18BD0C}" = NI TDM Excel Add-In 3.3 64-bit
"{F71335BF-CF6B-4ACC-ABCE-BA9DF2031DB8}" = VISA Shared Components 64-Bit
"{F9F02D3A-2CF2-496A-B6BF-C63BD11738A2}" = NI SCXI for 64 Bit Windows 1.15.0
"{FB585470-EFFC-461E-9302-27CA43DD3A74}" = NI PXI SystemAPI Expert 64-bit 2.6.2
"{FDA5F940-CC93-4F8C-9316-A0E887A6FDAD}" = NI-VISA x64 support 5.1.1
"Broadcom 802.11 Network Adapter" = Broadcom 802.11 Network Adapter
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"MiKTeX 2.9" = MiKTeX 2.9
"sp6" = Logitech SetPoint 6.32
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 2.0.1
"WinRAR archiver" = WinRAR 4.11 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0093CF58-3A00-46E0-A3E2-3E684E20C6A6}" = NI Instrument I/O Assistant
"{010A2C18-0830-45A0-BE2B-DD37A2D8A2FE}" = NI LabVIEW Run-Time Engine Interop 2011
"{0123C12C-3DEC-4428-ACE3-2E6676BAB894}" = NI STC 1.10.0
"{01415FEA-D7D9-40CF-9370-AF74ABC1AE39}" = NI System API Web-Servce 32-bit 5.0.0
"{01AC4D6A-05F0-4158-95E7-FC299961B50A}" = NI Math Kernel Libraries
"{033F0FD6-07E0-414A-8367-51EB862EFE12}" = Runtime für den NI-Systemkonfigurator 5.0.0
"{043955AD-7E11-4B6D-A317-B72F7BB87736}" = NI Assistant Framework LabVIEW 2011 Support
"{05617B99-0727-4FFB-AC8E-8F6427799C8F}" = NI-DAQmx/LabVIEW shared documentation 1.9.5
"{05C030B8-DC4F-489D-B86B-FC6B7DB3F607}" = NI SSL LabVIEW 2011 Support
"{0605BA5B-7041-482E-A7DC-C1B55DB6046A}" = NI-MXLC LabVIEW 2011 Support
"{066F687E-1CA0-4D94-A2C9-F8E6E817F4CB}" = NI LabVIEW Run-Time Engine 2011
"{070E052E-8D36-4B7E-B640-C75F12B2A76E}" = NI LabVIEW SignalExpress 2011 Licenses
"{08B760EF-E028-45B1-80E2-624F9C54F4CE}" = NI-MXLC Core (32-bit)
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{0B851303-5BA7-4C49-A9E1-59AAE27F663C}" = NI Ethernet Device Enumerator
"{0BD06981-453D-4336-9A47-5A0231B5CB22}" = NI-Netzwerkbrowser 5.0.0
"{0F49F0AC-B14D-40B7-9848-EBA6B3A5C123}" = NI LabWindows/CVI 2009 Run-Time Engine
"{0FD812C9-3BBE-4CC5-A43C-B7304E3EC581}" = NI Web Pipeline 2.0.1
"{105271B2-81E8-4C84-B820-590BFBC5F958}" = NI IVI Compliance Package 4.4
"{112FE5D5-EB7A-4795-B906-79FB08E936C6}" = NI-RPC 4.2.0f0 for Phar Lap ETS
"{126A258A-DF8C-4EF2-9780-0EEA4C76CE6D}" = NI Logos LabVIEW 2011 Support
"{1534B787-736A-404A-9983-B6952846E057}" = NI-DAQmx Documentation 9.3.5
"{16AE16D2-8895-4E4A-A6D5-7EB9055B6517}" = NI I/O Trace API LV2011
"{16DF18C7-7F56-48A4-9CDE-CB699DBB5B16}" = NI IVI Class Driver LabVIEW 2011 Support
"{1848995E-B449-4549-A914-2CEBC0BA27F2}" = NI IVI Online Help
"{1A609A84-71AF-4D96-962B-E060D34FD4AB}" = NI MetaSuite Installer
"{1B5ABB51-8AAB-4FBA-8987-9A8820756E2B}" = NI USI 1.9.0
"{1C6CED43-A5C1-4291-AA5C-912F26B90150}" = NI RTSI Cable Core Installer 1.0.0
"{1CC6055C-CF22-4FF3-A92E-2B8F7B505173}" = NI-MDBG 1.10.0f0
"{1D4843A4-5AE6-4CDF-BBC6-62DB47F5B381}" = NI RTSI PAL Device Library Installer 1.0.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200927E3-5E45-493A-9343-508613BC59CE}" = NI LabVIEW Web Services Runtime
"{21816DDC-3737-4CD2-914A-82567EF6B928}" = NI-DAQ C and VB6 API 2.3.0
"{22923F17-B592-4A7F-84A8-18F3BFC13B94}" = NI Microsoft Silverlight Wrapper
"{22940D8E-2DE3-4A0E-A75C-1F1A9F5C5190}" = NI-MXLC LabVIEW 2010 Support
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{24EEDE86-3CB5-485D-91E3-F630273A08FF}" = NI LabVIEW SignalExpress 2011 Core LabVIEW Support
"{268B0789-E2BF-4836-BF05-A6140B4983CA}" = NI MAX Remote Configuration Installer 5.0
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{27111B7A-97FE-46BD-81F9-4E87737DF803}" = NI LabVIEW 2011 MeasAppChm File
"{27286309-2433-4B7E-93AA-95C6D25DA08A}" = NI-MX Expert Framework 2.8.0
"{28C70D19-6DE9-43EF-BFA3-342F4A11B727}" = LibreOffice 3.5
"{292382C0-61F7-458A-9008-55F272A4DD9C}" = NI Logos 5.3.0
"{298008B1-AD82-4791-9BB8-863AD1408492}" = NI Uninstaller
"{2ADC660A-77C9-4A6C-9D4B-5E48A27BCA10}" = NI Help Assistant
"{2BC9B2CE-D569-4ADC-A8A0-170F2FD57139}" = NI LabVIEW 2010 Real-Time NBFifo
"{2DBC8A34-0646-4F3D-B005-414E317FB281}" = NI Circuit Design Suite 11.0.2 Edu Licenses
"{326913E3-E0AF-42A0-8860-BC4B9026DFA3}" = NI System Configuration 5.0.0 LabVIEW Support
"{32C26756-A756-43D2-900D-92CB44316602}" = NI Calibration Provider for MAX 5.0.0
"{3363E5BE-7FBF-424B-B26C-0041CE837DD0}" = NI LabVIEW SignalExpress 2011 Core LabVIEW 2011 Support
"{33AAA123-A24A-46A7-8CD6-F03C5B375033}" = NI TDM Excel Add-In 3.3
"{397E268E-FB51-4C23-A496-1031B8F1CCEE}" = NI AFW UI Assemblies
"{3A1504FB-7067-4E46-9AFA-A3C29C95E4DC}" = NI LabVIEW Run-Time Engine 8.2.1
"{3AC01660-F640-4AFB-A25E-082B260C025C}" = WIF Core Dependencies Windows 5.0.0
"{3AE9153C-1E52-4B6B-9405-FE403342A3C8}" = NI-Update-Dienst 2.0
"{3B12BE74-0FE6-4296-9ACC-C909CEAD8BB9}" = NI-DAQmx ADE Support 9.3.5
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3CF95105-5857-4852-BF20-764B69C1881D}" = NI LabVIEW 2011
"{3D1F6E51-C98C-4C01-8170-D2DBF2837F13}" = NI LabVIEW Merge Utility 11.0.0
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{4067DBF1-91AF-445E-A34E-00707F214B49}" = NI IVI Class Simulation Drivers
"{40A3EF24-FBB9-4261-84BF-D1C312680C5B}" = NI FSL Installer 1.13.0
"{415780C0-4A19-4567-AAAE-10CCB9832B13}" = NI-RPC 4.2.2f0 for Phar Lap ETS
"{4159DD60-49C1-4323-A1A5-FB060CBA35C5}" = NI Measurement Studio Recipe Processor
"{416B50BB-64CE-46C5-81A6-7F842CC35CDC}" = NI LabVIEW MAX XML
"{45C5DE6E-85AB-466E-9A6F-8BAB11EE0EDD}" = NI Web Interface Framework 2.0
"{46ADBF7F-868A-4625-9546-14355105AC50}" = NI IVI Provider for MAX
"{46BF7707-A511-47E7-B118-0E53DCA1A0EA}" = NI Remote PXI Provider for MAX 5.0.0
"{4967DB4F-07FC-4443-8287-C9C1B0D1C8FA}" = NI Variable Engine LabVIEW 2011 Support
"{49F05354-04F7-4AE4-8434-9E7B5462C727}" = NI DN 2.0 SP1 installer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA402A7-4547-4E1A-A034-1DF609A6CCA9}" = NI LabVIEW SignalExpress 2011 Datatypes LabVIEW 2011 Support
"{4BDAF6F8-8C28-49FD-8FA7-CEE3E9E9BAD4}" = NI LabVIEW 2011 Simulation
"{4BEFB7C6-F103-42FB-9482-861C6D9690A0}" = NI LabVIEW Compare Utility 11.0.0
"{4C16AC07-1EEE-48E5-8DAE-CCB1BA9F90E9}" = NI-DAQmx Switch Core 2.2.0
"{4C6F8199-E1B2-4F60-9099-A9298D8EA4D6}" = NI-MXDF 1.11.5f1
"{501DACFF-9399-4DBC-AA59-F35C9C6970D2}" = NI-DIM 1.11.0f0
"{502F10D2-9096-4D2E-BC71-4DFF995159F3}" = NI-DAQ Document Set 9.3.5
"{50F728C0-9A37-4868-B9E1-42565C228B12}" = Reset NI Config 5.0.0
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{52252F5C-58CD-48ED-8C88-9AAD6FE887B4}" = NI Trace Engine
"{523B5D39-C209-41C8-9075-F6C14C2394D2}" = NI LabVIEW 2011 Search
"{523F21B6-D325-4515-9416-04A166437C43}" = NI LabVIEW SignalExpress 2011 Steps
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5545EEE4-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2701.01)
"{555B2ADE-B3CB-4C95-A789-8A7C03A004B7}" = NI LabVIEW 2011 Deployment Framework
"{578A6214-6CC6-4043-A9A8-C045DDAE2B39}" = NI Remote Provider for MAX 5.0.0
"{580FB2E4-A159-4F9B-82C8-1ACE179686B9}" = NI-653x Installer 1.9.4
"{5866AEFB-0037-49DA-8F2C-ED7E7E21636E}" = NI LabVIEW 2011
"{5C0BBD9F-2D3F-4093-AD7B-3F7377E0EDCA}" = NI LabVIEW Real-Time NBFifo
"{5C468B0A-6DB3-402E-B4C0-6CA4CEFAE0AF}" = NI Sound and Vibration Frequency Analysis 2010
"{5F123C21-A5E2-4CFB-A6A7-034C9087099F}" = NI Logos XT Support
"{63BB51BB-C078-4960-B624-087651E8D526}" = NI LabVIEW 2011
"{644DAD90-2083-4871-BD49-721BF8FAE295}" = NI LabVIEW Run-Time Engine 8.6.1
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{67A00571-3985-4051-97D1-5EA81F9F1319}" = NI LabVIEW SignalExpress 2011 LabVIEW 2011 Support
"{68DE7BF6-AFA9-4609-9C96-8C15E46E2093}" = NI Example Finder 11.0
"{69FAF7E0-6E43-4845-9BB7-A9D9F7440084}" = NI PXI Platform Services 2.6.2 Expert
"{6C520D64-E109-4A73-82A3-7808592051BC}" = NI Circuit Design Suite 11.0.2 Core
"{6CAADA3B-2513-4BEC-96EE-A7DF908E5B1E}" = NI PXI Platform Framework 1.3.2
"{6E84AECC-91B8-4738-97D2-0E8083A093F2}" = NI Measurement Studio Common .NET Assemblies for .NET 2.0
"{70BA7761-629A-4118-BFE0-02753B9019C8}" = NI MXS 5.0.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{712723FB-BF99-4406-8F91-A2DB766AB2C9}" = NI VC2008MSMs x86
"{71355055-64A7-44AB-8C4C-9E893AC4FA40}" = NI-488.2 Provider for MAX version 2.8.1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73854BF9-E78E-4D6F-B8C2-A7A3CD855124}" = NI LabVIEW 2011 Help File
"{75C812EE-06B8-4A47-B37D-9777BE9A644C}" = NI SSL Support
"{786C5747-0C40-4930-9AFE-113BCE553101}" = Adobe Stock Photos 1.0
"{7A29AA0C-202A-467E-9257-DE2E8DBC60B3}" = NI LabVIEW 2011 License
"{7BE5AA0C-E564-430F-B297-2B01121A1C5A}" = NI LabVIEW Real-Time NBFifo
"{7C62B54A-E524-4F3D-83E7-0F2ABAFC978A}" = NI Xalan Delay Load 1.10.1
"{7C6869BF-6CBE-4CB0-8869-2743B419343C}" = NI LabVIEW 2011 Real-Time NBFifo
"{7D64A463-C3C9-40B6-BC46-4DD7D0DE2BFD}" = NI Unterstützung für nicht englische Versionen der Runtime-Engine von LabVIEW 2011.
"{7D826D95-7FEE-4FC6-A3CC-BE4A53810441}" = NI IVI Engine
"{7D89ECEB-7E27-4898-812E-80862E91AB94}" = NI Portable Configuration 5.0.0
"{7E3668CB-1228-416E-B721-C2FA3247B985}" = NI LabVIEW Real-Time FIFO for Runtime
"{80C792E1-78BC-4F4A-839E-BCD107770938}" = NI System API Windows 32-bit 5.0.0
"{8283E8AC-3CF9-4712-B56D-FFE9D47F88E1}" = NI LabVIEW 2011
"{82D29FE9-9F5A-4EF7-BBA1-EF107DDB2E64}" = NI Certificates Deployment Support
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83A4DBE2-1AAA-42F1-BAB3-C873C2F5DD81}" = NI System Configuration LV2011 Support 5.0.0
"{886C3E95-4032-45C8-92F6-57861871635A}" = NI Software Provider for MAX 5.0.0
"{89089F33-94D7-4E9C-918F-75CC933FC88F}" = NI DataSocket 4.9
"{8923D179-24D1-475D-A381-0B8C1AF1A206}" = NI LabVIEW 2011 Web Server
"{896849EE-EEE6-4E45-B20B-9F4DDCF805DA}" = NI Assistant Framework
"{8B3E6AA0-992F-4957-A1DB-CC2CA521F790}" = NI LabVIEW SignalExpress 2011 Core
"{8B88204E-6446-4F7F-9379-F1A982C9D07C}" = NI LabVIEW 2011
"{8D9F6EFD-6EAF-4327-AD59-92DEA050BDAF}" = NI Instrument IO Assistant for LabVIEW 2011 32-bit
"{8EDBA74D-0686-4C99-BFDD-F894678E5101}" = Adobe Common File Installer
"{8F1B9FE1-5777-4118-B982-B50B030101FF}" = NI LabVIEW 2011
"{90120000-0016-0000-0000-0000000FF1CE}" = Microsoft Office Excel 2007
"{90120000-0016-0000-0000-0000000FF1CE}_EXCEL_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_EXCEL_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0000-0000-0000000FF1CE}" = Microsoft Office PowerPoint 2007
"{90120000-0018-0000-0000-0000000FF1CE}_POWERPOINT_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_POWERPOINT_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2007
"{90120000-001B-0000-0000-0000000FF1CE}_WORD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_WORD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_EXCEL_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_POWERPOINT_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_WORD_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_EXCEL_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_POWERPOINT_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_WORD_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_EXCEL_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_POWERPOINT_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_WORD_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_EXCEL_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_POWERPOINT_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_WORD_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_EXCEL_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_POWERPOINT_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_WORD_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_EXCEL_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_POWERPOINT_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_WORD_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_EXCEL_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_POWERPOINT_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_WORD_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PRJPROR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PRJPROR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PRJPROR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PRJPROR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PRJPROR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PRJPROR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PRJPROR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2010
"{90140000-0054-0407-0000-0000000FF1CE}_Office14.VISIOR_{1FEAC070-BB09-4055-9BD0-48CF52023F92}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PRJPROR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00B4-0407-0000-0000000FF1CE}" = Microsoft Office Project MUI (German) 2010
"{90140000-00B4-0407-0000-0000000FF1CE}_Office14.PRJPROR_{86D01646-1942-4253-B11F-68F5ED259B17}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{91140000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2010
"{91140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPROR_{8A8F117F-8EDB-440D-B679-F08909D729F7}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{91140000-0057-0000-0000-0000000FF1CE}" = Microsoft Office Visio 2010
"{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{01D8AE4B-A04D-47E5-81BF-E3F98B81B8C3}" = Microsoft Visio 2010 Service Pack 1 (SP1)
"{9320E1F0-31CB-4095-B430-017A35406E40}" = NI LabVIEW SignalExpress 2011 Datatypes
"{9492A5F3-FDA5-4CE9-9B96-AB5881046CB6}" = NI LabVIEW 2011 Help
"{95C26FA7-5FDD-4C6D-AD6F-3D4B3FEB0D70}" = NI AFW Custom UI Assemblies
"{975F2F8A-CB6C-48CB-AF02-CEA55B194DDA}" = NI MIO Device Drivers 2.6.0
"{98B874D4-D8A4-40BE-B82A-36E902C84289}" = NI-ORB 1.9.3f0
"{98F4DC3F-958E-4DE5-BE1D-DBD72B05A204}" = NI Search Shared
"{9B05C597-5509-47C6-87B8-461E1BB6AF5C}" = NI LabVIEW Run-Time Engine 2009
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9BF9F0A2-2CF9-4165-9A36-639381F54BE3}" = NI IO Trace 3.0.0
"{9C2113B6-30DC-4827-9166-E6F4889D7594}" = NI LabVIEW 2011 Deployable License
"{9D500758-F84E-4B0D-85CC-579DD1F579ED}" = NI PXI Platform Services 2.6.2
"{9EEA4977-878D-4ECA-8DF2-7C8BF37AE5B9}" = NI-488.2 2.8.1
"{9FCEDDD0-4FEA-41CE-9739-565F39B2F607}" = NI MDF Support
"{A0382E3C-7384-429A-9BFA-AF5888E5A193}" = Acer Crystal Eye Webcam
"{A0A20C35-FA6C-471D-ADA6-FFB1604157BD}" = NI-PAL 2.7.0f0
"{A108E5C1-C45E-4EA4-A395-CF61F959AC82}" = NI-DAQmx MAX Configuration Support 9.3.5
"{A11A542A-37BF-4943-9810-3F1DC0AD4A1C}" = NI LabWindows/CVI 2010 Code Generator
"{A1A3C998-7D53-4BE2-A4DC-57A115DB0AD3}" = NI DAQ Assistant 2.0.0
"{A1B35B59-B8B4-47C8-B4D6-3F90FB1997CC}" = NI LabVIEW 2011
"{A29EC1AF-7077-4E6E-B4EB-30A719117268}" = NI System Web Server 2.0
"{A363C314-2242-4BBE-9ADE-B427AF646EFF}" = NI mDNS Responder 1.6.0
"{A3752527-E9F5-4EE5-9A09-D6582AFE1D35}" = NI Circuit Design Suite 11.0.2 Education
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5FB6F3A-2120-45C8-B5E5-476BD5580BD6}" = NI LabVIEW EWB DeviceHandler 2010
"{A736A59D-FFAD-4EE5-962F-510DE151D6AA}" = NI AFW Channel Configuration Tool
"{A7B1ABA8-E2A2-4565-A8AF-F01657FF5CEA}" = NI LabVIEW Web Services Runtime
"{A98841B5-69CF-4D81-9BF1-5EA8968B3A1E}" = 232Analyzer
"{AB47630B-C1BF-4A0A-93EF-3492A59A4704}" = NI LabVIEW Run-Time Engine Interop 2010
"{AB55A100-AAC9-43EA-845E-2DCDC0D4D2B8}" = NI Math Kernel Libraries
"{AB9BBC2E-83F6-47A9-9FA3-08D3774F8E45}" = NI-RPC 4.2.2f0
"{ABD79E99-F9E3-413B-8D18-11070754355F}" = NI Math Kernel Libraries
"{AD118C09-CD56-4676-80D3-25221BA9A3E9}" = NI IVI Class Drivers
"{AD3F600F-EF24-4145-9514-B4F8A685F944}" = NI PXI Platform Services 2.6.2 Configuration Support
"{AE4167B0-F589-4D2A-BF05-E181D543C49F}" = ES603 WDM Driver
"{AE593237-3C8E-44F2-A9AA-2DDE0A472CDE}" = NI LabVIEW Web Server for Run-Time Engine
"{AFFE41B4-6FB6-4E64-811C-5F57D05DF70F}" = NI Sound and Vibration Frequency Analysis LabVIEW 2011 Support
"{B10F8C17-3DB8-4093-92F6-9F85C263D51A}" = NI LabVIEW Run-Time Engine Interop 2009
"{B15B400A-19ED-4CC7-B3E4-9295D8470CBE}" = Secure Download Manager
"{B179B6ED-5D5B-49B8-8929-5144738B81C3}" = NI LabVIEW SignalExpress 2011 Tools
"{B1DCBBC7-8ECE-497F-926F-02FE4E42216B}" = NI-DSM 2011
"{B1EE55C1-F98B-40AB-AF0C-422ECCC88454}" = NI Measurement & Automation Explorer 5.0.0
"{B2BDA3BC-29BE-49C1-A30E-15DA8D041601}" = NI License Manager
"{B74D4E10-6884-0000-0000-000000000101}" = Adobe Bridge 1.0
"{B96A1127-96B8-403A-BD57-0C4CD008A434}" = NI-DAQmx support for LabVIEW 2.1.0
"{BA0C74BC-3CE2-4BDE-BEC8-C330EAB9A3B1}" = NI-MRU 2.11.1f0
"{BB3EBB9E-1CA1-4B7F-9E67-09540CCE9F45}" = NI Assistant Framework LabVIEW Code Generator 2011
"{BD2BD62A-444B-4838-8931-B3E9679144AB}" = NI LabVIEW SignalExpress 2011 LabVIEW Support
"{C0DE25AE-B0E5-4D4B-96CE-EE757066D0BA}" = NI Network Discovery 5.0
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C462AA63-FD78-485B-9FA8-F66ED2248DE1}" = NI SCXI 1.15.0
"{C673968D-BBC5-4A5E-AFF4-60F538388775}" = NI-VISA 5.1.0 MAX Provider
"{C856BC45-C56B-43B5-BFBE-0AEE1035C370}" = NI System Configuration CVI Support 5.0.0
"{C9A91453-88C1-49A0-A719-86DA2D463734}" = NI-VISA Server 5.1.0
"{CAC9188C-83A0-4F9F-858A-DA430DC2E401}" = NI AFW Custom UI
"{CC17CE69-4AB6-4434-ADB4-27DB49D36080}" = NI Curl 1.1
"{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool
"{CF30E2B5-A7A7-47AD-8B03-22A27D4E9971}" = NI LabVIEW 2011 Real-Time Error Dialog
"{D30CB7A9-2B45-4C90-9D6B-A2DDED7AAF9B}" = NI Timing Installer 2.3.0
"{D35F1304-4FA0-40AB-9EEF-13F15EFC207D}" = NI-VISA Runtime 5.1.1
"{D361B9E5-E918-48CB-BEC3-8E44A5F6E624}" = NI LabVIEW 2009 SP1 Run-Time Engine Web Services
"{D3D8A298-9C08-43DD-A9C0-7D32BF68CAC9}" = NI-VISA 5.1.0
"{D5BB7AAE-62F4-4C4F-B272-F27AEE16BA7F}" = NI TDMS
"{D5EE063C-12BF-4D36-BFD1-D7E2AC1E2566}" = NI-APAL 2.1 Error Files
"{D6D68ABC-954B-4373-92A2-0FE7FA59AC1A}" = NI EulaDepot
"{D7CC49D5-FC42-4082-8F2D-CCAAF9390E7F}" = NI LabVIEW 2011
"{DB0D5AFF-0B60-4287-9BC2-F4AE797B02F4}" = NI Authentication 2.0
"{DB29F1F4-113E-45E0-B1E9-90A188DAF0AD}" = NI-APAL 2.1 Error Files for LabVIEW RT
"{DB2C5648-700D-4AEF-83E1-70C72F0C34FA}" = NI Math Kernel Libraries
"{DB68B420-5382-48EE-9A2A-CB984FEBB192}" = NI LabVIEW Web Server for Run-Time Engine
"{DBAF9288-7503-48AC-A43F-B00B4EA0F145}" = NI PXI SystemAPI Expert 2.6.2
"{DC7F8117-3D5A-4848-AA4F-2A61BE4A5094}" = NI-MXLC LabVIEW 2009 Support
"{DEC25D81-2317-47F6-8B26-D54A939DA1EE}" = NI LabVIEW C Interface
"{E0D8CD4E-4771-4848-A09D-60A31D883883}" = NI VC2005MSMs x86
"{E125DE33-5564-4531-A4EF-BBC7C78031BA}" = NI LabVIEW SignalExpress 2011
"{E1D60C68-016C-4951-8C1F-52E24DFE7836}" = NI CodeSignAPI
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E5102348-951B-4375-A582-2E0675180517}" = NI LabVIEW 2011
"{E5C8FBCD-F2F1-4FD0-9FA1-EF9F277400D7}" = NI-DAQmx 9.3.5
"{E6068691-1FBC-4EF0-87E8-609CDB32038A}" = NI Xerces Delay Load 2.7.3
"{E648AF0B-A340-4AEE-8275-D47688D25613}" = NI RTSI UI Provider 1.0.0
"{E69A31C9-F24F-4A1A-BEAD-B1AA255760C1}" = NI Registration Wizard
"{E7BDC0BC-583B-4193-9460-BDF51D131695}" = NI LabVIEW 2011
"{E8550330-7EAF-46CC-AE68-25A3AC6B1AE4}" = NI LabVIEW 2011 Manuals
"{E91960AA-EB6A-418C-B6C3-6FDF7C166B59}" = NI Dynamic Signal Acquisition Installer 2.2.0
"{E9787678-119F-4D52-B551-6739B2B22101}" = Adobe Help Center 1.0
"{EA37AB72-EC8C-432C-A1C6-186850FB0559}" = NI System State Publisher
"{EA903EDC-4358-4F98-AFB2-14991144DE1D}" = NI Common Digital 1.13.0
"{EB708DAB-CD04-46E4-88C9-E3BC80595982}" = NI System Web Server Base 2.0
"{EB8D0A82-E02A-437C-A7C4-90516F1CFB39}" = NI Web Application Server 2.0
"{EC45867D-83A8-4ECF-911A-154CD98BD592}" = NI Measurement Studio 8.6 Enterprise RunTime for VS2005
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EDFC39D7-B782-4B43-BF9C-D1B80ADEA863}" = NI LabVIEW Runtime Engine 2010 SP1
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF1B1A68-988E-4A68-8504-774373A4651C}" = NI OPC Support
"{F04A89CB-A185-4263-85ED-4BAD766F7DAE}" = NI Error Reporting 2011
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F37CC885-1E37-4F2A-93F3-7F1E1EEBBEBB}" = NI LabVIEW Broker
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F45CE5E8-4A60-4292-8FD5-1807DFEBE221}" = NI LabWindows/CVI 2010 LabVIEW DLL Builder
"{F6C682B6-7714-41CC-80B6-3288364910AF}" = NI GMP Windows 32-bit Installer 11.0.0
"{F8A10A25-D8DD-4661-9A1E-7F6DBAAA3C5E}" = inSSIDer
"{F97CB7B0-28D2-4E33-A806-9475EB134DC7}" = NI-DAQ INF Files 19.3.5
"{F9A74F70-7597-47B8-B04C-044824C23B15}" = NI LabVIEW 2011 VIPM Helper
"{F9E0880D-B263-48F9-B8E5-BAFCAE9BE150}" = NI System API Client for WIF 5.0.0
"{FA7E1ADB-CEB4-4710-A1FA-8CFF4025AAB0}" = NI-MXLC LabVIEW 8.6 Support
"{FD588AD4-9150-4A41-83E8-61596E0954E4}" = Fingerprint Solution
"{FDED748C-432B-4B44-BB33-3BB8550A2AD2}" = NI Variable Engine 2.5.0
"{FE24BCDF-9231-450D-AA08-D3550B81EE41}" = NI LabVIEW Web Server for Run-Time Engine
"{FE7EA637-9C65-4D57-9342-DDD98315AA58}" = Gemalto PKCS#11 For .NET Smart Cards V2+
"{FEFA778A-05D2-4D0F-80A3-7AE24B8161C0}" = NI LabVIEW Web Server for Run-Time Engine
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Avira AntiVir Desktop" = Avira Free Antivirus
"DAEMON Tools Lite" = DAEMON Tools Lite
"EXCEL" = Microsoft Office Excel 2007
"FileZilla Client" = FileZilla Client 3.5.3
"GPG4Win" = Gpg4win (2.1.1-34299-beta)
"HC51 9.60PL0" = HI-TECH C51-lite V9.60PL0
"InfraRecorder" = InfraRecorder
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{A0382E3C-7384-429A-9BFA-AF5888E5A193}" = Acer Crystal Eye Webcam
"InstallShield_{AE4167B0-F589-4D2A-BF05-E181D543C49F}" = EgisTec ES603 WDM Driver
"InstallShield_{FD588AD4-9150-4A41-83E8-61596E0954E4}" = Acer Bio Protection
"IviSharedComponent" = IVI Shared Components 2.2.1
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"MozBackup" = MozBackup 1.5.1
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"Mozilla Thunderbird 14.0 (x86 de)" = Mozilla Thunderbird 14.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NI Uninstaller" = National Instruments - Software
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PRJPROR" = Microsoft Project Professional 2010
"Office14.VISIOR" = Microsoft Visio Professional 2010
"OpenVPN" = OpenVPN 2.2.2
"Picasa 3" = Picasa 3
"PICC 9.60PL0" = HI-TECH PICC lite V9.60PL0
"POWERPOINT" = Microsoft Office PowerPoint 2007
"Psi" = Psi (remove only)
"SecureW2 EAP Suite" = SecureW2 EAP Suite 1.1.3 for Windows
"StrokeIt" = StrokeIt
"SumatraPDF" = SumatraPDF
"Tera Term_is1" = Tera Term 4.74
"Texmaker" = Texmaker
"VI Package Manager" = VI Package Manager
"VISASharedComponents" = VISA Shared Components 64-Bit
"winscp3_is1" = WinSCP 4.3.7
"WORD" = Microsoft Office Word 2007
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 20.07.2012 13:23:56 | Computer Name = ibot | Source = LabVIEW | ID = 3299
Description = LabVIEW information: Error: 404 "Not Found" for "national instruments/ni-rpc/interface/eadfc80d-1e6f-425b-8986-12ccef98f646",
file "c:/program files (x86)/national instruments/shared/ni webserver/www/national
instruments/ni-rpc/interface/eadfc80d-1e6f-425b-8986-12ccef98f646": Can't access
URL .
Error - 20.07.2012 13:23:56 | Computer Name = ibot | Source = LabVIEW | ID = 3299
Description = LabVIEW information: Error: 404 "Not Found" for "national instruments/ni-rpc/interface/eadfc80d-1e6f-425b-8986-12ccef98f646",
file "c:/program files (x86)/national instruments/shared/ni webserver/www/national
instruments/ni-rpc/interface/eadfc80d-1e6f-425b-8986-12ccef98f646": Can't access
URL .
Error - 20.07.2012 13:24:00 | Computer Name = ibot | Source = WinMgmt | ID = 10
Description =
Error - 22.07.2012 12:32:21 | Computer Name = ibot | Source = WinMgmt | ID = 10
Description =
Error - 24.07.2012 02:52:36 | Computer Name = ibot | Source = WinMgmt | ID = 10
Description =
Error - 24.07.2012 03:12:23 | Computer Name = ibot | Source = WinMgmt | ID = 10
Description =
Error - 24.07.2012 03:15:10 | Computer Name = ibot | Source = WinMgmt | ID = 10
Description =
Error - 24.07.2012 03:33:33 | Computer Name = ibot | Source = WinMgmt | ID = 10
Description =
Error - 24.07.2012 03:36:51 | Computer Name = ibot | Source = WinMgmt | ID = 10
Description =
Error - 24.07.2012 05:38:42 | Computer Name = ibot | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 24.07.2012 05:36:52 | Computer Name = ibot | Source = DCOM | ID = 10005
Description =
Error - 24.07.2012 05:36:57 | Computer Name = ibot | Source = DCOM | ID = 10005
Description =
Error - 24.07.2012 05:36:58 | Computer Name = ibot | Source = DCOM | ID = 10005
Description =
Error - 24.07.2012 05:36:58 | Computer Name = ibot | Source = DCOM | ID = 10005
Description =
Error - 24.07.2012 05:37:08 | Computer Name = ibot | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad:
C:\Windows\System32\bcmihvsrv64.dll Fehlercode: 21
Error - 24.07.2012 05:37:24 | Computer Name = ibot | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 24.07.2012 05:37:25 | Computer Name = ibot | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 24.07.2012 05:37:25 | Computer Name = ibot | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 24.07.2012 05:37:27 | Computer Name = ibot | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 24.07.2012 05:37:27 | Computer Name = ibot | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
< End of report >
|
|
24.07.2012, 17:27
| #2 |
| /// Malware-holic   | Bundespolizei - Trojaner 1.13 - Window 7 dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
__________________wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL
O4 - HKCU..\Run: [qdjwfoqfwctited] C:\ProgramData\qdjwfoqf.exe ()
[2012.07.24 08:47:33 | 000,000,051 | ---- | M] () -- C:\ProgramData\oizvggwsokvizxg
:Files
C:\ProgramData\qdjwfoqf.exe
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]
• Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die  + E Taste.
__________________ |
|
24.07.2012, 17:53
| #3 |
| | Bundespolizei - Trojaner 1.13 - Window 7 Hi,
__________________danke! Ich kann wieder normal starten ohne Trojaner-Bildschirm Anbei die OTL-Textdatei.. Die Movedfiles.zip habe ich hochgeladen, hat ohne Probleme geklappt. Ist jetzt noch etwas zu tun? Code:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\qdjwfoqfwctited deleted successfully.
C:\ProgramData\qdjwfoqf.exe moved successfully.
C:\ProgramData\oizvggwsokvizxg moved successfully.
========== COMMANDS ==========
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: Public
User: Tobi
->Flash cache emptied: 12418 bytes
User: UpdatusUser
Total Flash Files Cleaned = 0.00 mb
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
User: Tobi
->Temp folder emptied: 239870042 bytes
->Temporary Internet Files folder emptied: 98919948 bytes
->Java cache emptied: 210065 bytes
->FireFox cache emptied: 223486742 bytes
->Google Chrome cache emptied: 13663431 bytes
->Flash cache emptied: 0 bytes
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1837695027 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36031079 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 2,336.00 mb
OTL by OldTimer - Version 3.2.54.1 log created on 07242012_184138
Files\Folders moved on Reboot...
C:\Users\Tobi\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
File C:\Users\Tobi\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
Registry entries deleted on Reboot...
|
|
25.07.2012, 17:05
| #4 | |
| /// Malware-holic | Bundespolizei - Trojaner 1.13 - Window 7 hi Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
26.07.2012, 12:06
| #5 |
| | Bundespolizei - Trojaner 1.13 - Window 7 hey, hab ich gemacht, siehe Log. Die Datei befindet sich aber in C:/ComboFix/ComboFix.txt Danke für die Hilfe! Code:
ATTFilter ComboFix 12-07-27.01 - Tobi 26.07.2012 12:36:34.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.8040.5513 [GMT 2:00]
ausgeführt von:: C:\Users\Tobi\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
C:\Users\Tobi\AppData\Local\TempDIR
C:\Windows\Downloaded Program Files\IDropPTB.dll
((((((((((((((((((((((( Dateien erstellt von 2012-06-26 bis 2012-07-26 ))))))))))))))))))))))))))))))
2012-07-24 16:41:38 . 2012-07-24 16:49:35 -------- d-----w- C:\_OTL
2012-07-24 11:23:55 . 2012-07-24 11:23:55 -------- d-----w- C:\Program Files (x86)\IrfanView
2012-07-24 07:15:56 . 2012-07-24 07:15:56 -------- d-----w- C:\Users\Tobi\AppData\Roaming\Malwarebytes
2012-07-24 07:15:54 . 2012-07-24 07:15:54 -------- d-----w- C:\ProgramData\Malwarebytes
2012-07-24 07:15:53 . 2012-07-24 07:16:13 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-24 07:15:53 . 2012-07-03 11:46:44 24904 ----a-w- C:\Windows\system32\drivers\mbam.sys
2012-07-24 06:47:32 . 2012-07-24 06:47:32 -------- d-----w- C:\ProgramData\lqdenbynwxmheay
2012-07-24 06:37:25 . 2012-06-29 10:04:29 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A3C862D2-CFEE-4834-B34E-EF91B080F0A2}\mpengine.dll
2012-07-20 17:22:47 . 2012-07-17 21:13:53 73696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-07-19 15:29:18 . 2012-07-19 15:29:18 -------- d-----w- C:\Campus EM Griechenland
2012-07-19 15:27:09 . 2012-07-19 15:34:21 -------- d-----w- C:\Fotos Campus EM Dänemark
2012-07-19 13:34:56 . 2012-07-19 13:34:56 -------- d-----w- C:\Users\Tobi\AppData\Roaming\MiKTeX
2012-07-19 13:34:55 . 2012-07-19 13:34:55 -------- d-----w- C:\Users\Tobi\AppData\Local\MiKTeX
2012-07-19 13:32:59 . 2012-07-19 13:32:59 -------- d-----w- C:\ProgramData\MiKTeX
2012-07-19 13:32:02 . 2012-07-19 13:32:38 -------- d-----w- C:\Program Files\MiKTeX 2.9
2012-07-19 11:01:11 . 2012-07-19 13:29:44 -------- d-----w- C:\Users\Tobi\AppData\Roaming\xm1
2012-07-19 10:54:51 . 2012-07-19 10:54:53 -------- d-----w- C:\Program Files (x86)\Texmaker
2012-07-15 20:07:51 . 2012-07-15 20:07:51 -------- d-----w- C:\Users\Tobi\AppData\Local\CyberLink
2012-07-15 20:05:20 . 2012-07-15 20:05:20 -------- d-----w- C:\Program Files (x86)\Acer
2012-07-14 22:14:43 . 2012-07-14 22:14:43 -------- d-----w- C:\Users\Tobi\AppData\Local\MetaGeek,_LLC
2012-07-14 22:03:33 . 2012-07-14 22:03:33 -------- d-----w- C:\Program Files (x86)\MetaGeek
2012-07-11 20:48:07 . 2012-07-11 20:48:07 -------- d-----w- C:\Program Files (x86)\JKI
2012-07-11 20:48:00 . 2012-07-11 20:48:07 -------- d-----w- C:\ProgramData\JKI
2012-07-11 05:25:32 . 2012-07-11 05:25:32 -------- d-----w- C:\Windows\system32\cvirte
2012-07-11 05:25:28 . 2012-07-11 05:25:29 -------- d-----w- C:\Windows\SysWow64\cvirte
2012-07-11 05:24:58 . 2012-07-11 05:25:19 -------- d-----w- C:\ProgramData\IVI Foundation
2012-07-11 05:24:58 . 2012-07-11 05:25:19 -------- d-----w- C:\Program Files\IVI Foundation
2012-07-11 05:24:58 . 2012-07-11 05:25:19 -------- d-----w- C:\Program Files (x86)\IVI Foundation
2012-07-11 05:22:55 . 2012-07-11 05:22:56 -------- d-----w- C:\Program Files (x86)\HI-TECH Software
2012-07-11 05:22:36 . 2000-01-28 16:17:28 557328 ----a-w- C:\Program Files\Common Files\Microsoft Shared\dao\dao360.dll
2012-07-11 05:16:30 . 2012-07-11 05:26:35 -------- d-----w- C:\Program Files (x86)\Common Files\Merge Modules
2012-07-11 05:16:27 . 2012-07-11 05:27:28 -------- d-----w- C:\Program Files\National Instruments
2012-07-11 05:15:59 . 2012-07-11 06:25:55 -------- d-----w- C:\Program Files (x86)\National Instruments
2012-07-10 17:53:01 . 2012-06-12 03:08:36 3148800 ----a-w- C:\Windows\system32\win32k.sys
2012-07-10 17:22:36 . 2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\system32\msxml6.dll
2012-07-09 16:24:50 . 2012-07-09 16:24:50 -------- d-----w- C:\Users\Tobi\AppData\Roaming\Arduino
2012-07-09 16:04:06 . 2012-07-09 16:04:07 -------- d-----w- C:\Program Files (x86)\teraterm
2012-07-09 14:46:30 . 2012-07-09 14:46:30 -------- d-----w- C:\Program Files (x86)\CommFront
2012-07-09 14:41:59 . 2012-07-09 14:41:59 -------- dc----w- C:\Windows\system32\DRVSTORE
2012-07-09 14:41:59 . 2010-10-13 11:10:22 39472 ----a-w- C:\Windows\system32\drivers\hhdspmc64.sys
2012-07-09 14:41:58 . 2012-07-09 14:41:58 -------- d-----w- C:\Program Files\HHD Software
2012-07-09 11:19:11 . 2012-04-02 12:23:42 154624 ----a-w- C:\Windows\system32\drivers\ser2pl64.sys
2012-07-09 11:19:11 . 2005-08-03 14:05:02 35892 ----a-w- C:\Windows\SysWow64\SER9PL.sys
2012-07-09 11:19:11 . 2005-08-03 14:04:22 26719 ----a-w- C:\Windows\SysWow64\SERSPL.VXD
2012-07-04 15:08:10 . 2012-07-04 15:08:10 -------- d-----w- C:\Users\Tobi\AppData\Local\ElevatedDiagnostics
2012-07-03 15:36:11 . 2010-02-23 08:16:17 294912 ----a-w- C:\Windows\system32\browserchoice.exe
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
2012-07-20 17:24:20 . 2012-05-03 19:46:25 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-20 17:24:20 . 2012-05-03 19:46:25 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-10 17:50:35 . 2012-05-03 16:18:54 59701280 ----a-w- C:\Windows\system32\MRT.exe
2012-06-18 13:17:16 . 2012-06-18 13:17:16 871424 ----a-w- C:\Program Files\Vorlesungsverzeichnis-v1.19.exe
2012-06-02 22:19:46 . 2012-06-08 22:59:01 38424 ----a-w- C:\Windows\system32\wups.dll
2012-06-02 22:19:43 . 2012-06-08 22:59:03 2428952 ----a-w- C:\Windows\system32\wuaueng.dll
2012-06-02 22:19:42 . 2012-06-08 22:59:03 57880 ----a-w- C:\Windows\system32\wuauclt.exe
2012-06-02 22:19:42 . 2012-06-08 22:59:03 44056 ----a-w- C:\Windows\system32\wups2.dll
2012-06-02 22:19:23 . 2012-06-08 22:59:01 701976 ----a-w- C:\Windows\system32\wuapi.dll
2012-06-02 22:15:31 . 2012-06-08 22:59:03 2622464 ----a-w- C:\Windows\system32\wucltux.dll
2012-06-02 22:15:08 . 2012-06-08 22:59:01 99840 ----a-w- C:\Windows\system32\wudriver.dll
2012-06-02 13:19:42 . 2012-06-08 22:59:00 186752 ----a-w- C:\Windows\system32\wuwebv.dll
2012-06-02 13:15:12 . 2012-06-08 22:59:00 36864 ----a-w- C:\Windows\system32\wuapp.exe
2012-05-31 10:25:12 . 2010-11-21 03:27:21 279656 ------w- C:\Windows\system32\MpSigStub.exe
2012-05-26 13:45:56 . 2012-05-26 13:45:56 119808 ----a-r- C:\Users\Tobi\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe
2012-05-24 21:18:40 . 2012-05-24 21:18:40 4472832 ----a-w- C:\Windows\SysWow64\GPhotos.scr
2012-05-13 12:07:40 . 2012-05-13 12:07:31 21840 ----atw- C:\Windows\SysWow64\SIntfNT.dll
2012-05-13 12:07:40 . 2012-05-13 12:07:31 17212 ----atw- C:\Windows\SysWow64\SIntf32.dll
2012-05-13 12:07:40 . 2012-05-13 12:07:31 12067 ----atw- C:\Windows\SysWow64\SIntf16.dll
2012-05-08 16:26:34 . 2012-05-03 16:25:54 98848 ----a-w- C:\Windows\system32\drivers\avgntflt.sys
2012-05-08 16:26:34 . 2012-05-03 16:25:54 132832 ----a-w- C:\Windows\system32\drivers\avipbb.sys
2012-05-05 16:08:26 . 2012-05-05 16:08:26 65536 ----a-r- C:\Users\Tobi\AppData\Roaming\Microsoft\Installer\{FE7EA637-9C65-4D57-9342-DDD98315AA58}\ARPPRODUCTICON.exe
2012-05-04 14:39:30 . 2012-05-04 14:39:30 53248 ----a-r- C:\Users\Tobi\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-05-04 14:39:27 . 2012-05-04 14:39:27 18960 ----a-w- C:\Windows\system32\drivers\LNonPnP.sys
2012-05-04 14:16:13 . 2012-05-04 14:16:13 283200 ----a-w- C:\Windows\system32\drivers\dtsoftbus01.sys
2012-05-04 13:48:52 . 2012-05-04 13:48:56 476960 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-05-04 13:48:52 . 2012-05-04 13:48:56 472864 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-05-04 13:44:32 . 2012-05-04 13:44:31 483328 ----a-w- C:\Program Files\putty.exe
2012-05-04 11:06:22 . 2012-06-14 09:43:05 5559664 ----a-w- C:\Windows\system32\ntoskrnl.exe
2012-05-04 11:00:43 . 2012-06-18 08:34:50 366592 ----a-w- C:\Windows\system32\qdvd.dll
2012-05-04 10:03:53 . 2012-06-14 09:43:04 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 . 2012-06-14 09:43:04 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-04 09:59:54 . 2012-06-18 08:34:50 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-05-03 16:38:25 . 2012-05-03 16:38:36 606000 ----a-w- C:\Windows\SysWow64\NBMatS1SDK.dll
2012-05-03 16:32:33 . 2012-05-03 16:32:33 91648 ----a-w- C:\Windows\system32\SetIEInstalledDate.exe
2012-05-03 16:32:33 . 2012-05-03 16:32:33 89088 ----a-w- C:\Windows\system32\RegisterIEPKEYs.exe
2012-05-03 16:32:33 . 2012-05-03 16:32:33 89088 ----a-w- C:\Windows\system32\ie4uinit.exe
2012-05-03 16:32:33 . 2012-05-03 16:32:33 86528 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2012-05-03 16:32:33 . 2012-05-03 16:32:33 82432 ----a-w- C:\Windows\system32\icardie.dll
2012-05-03 16:32:33 . 2012-05-03 16:32:33 76800 ----a-w- C:\Windows\SysWow64\SetIEInstalledDate.exe
2012-05-03 16:32:33 . 2012-05-03 16:32:33 76800 ----a-w- C:\Windows\system32\tdc.ocx
2012-05-03 16:32:33 . 2012-05-03 16:32:33 74752 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2012-05-03 16:32:33 . 2012-05-03 16:32:33 74752 ----a-w- C:\Windows\SysWow64\iesetup.dll
2012-05-03 16:32:33 . 2012-05-03 16:32:33 65024 ----a-w- C:\Windows\system32\pngfilt.dll
2012-05-03 16:32:33 . 2012-05-03 16:32:33 63488 ----a-w- C:\Windows\SysWow64\tdc.ocx
2012-05-03 16:32:33 . 2012-05-03 16:32:33 55296 ----a-w- C:\Windows\system32\msfeedsbs.dll
2012-05-03 16:32:33 . 2012-05-03 16:32:33 534528 ----a-w- C:\Windows\system32\ieapfltr.dll
2012-05-03 16:32:33 . 2012-05-03 16:32:33 49664 ----a-w- C:\Windows\system32\imgutil.dll
2012-05-03 16:32:33 . 2012-05-03 16:32:33 48640 ----a-w- C:\Windows\SysWow64\mshtmler.dll
2012-05-03 16:32:33 . 2012-05-03 16:32:33 48640 ----a-w- C:\Windows\system32\mshtmler.dll
2012-05-03 16:32:33 . 2012-05-03 16:32:33 452608 ----a-w- C:\Windows\system32\dxtmsft.dll
2012-05-03 16:32:33 . 2012-05-03 16:32:33 448512 ----a-w- C:\Windows\system32\html.iec
2012-05-03 16:32:33 . 2012-05-03 16:32:33 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-05-03 16:32:33 . 2012-05-03 16:32:33 39936 ----a-w- C:\Windows\system32\iernonce.dll
2012-05-03 16:32:33 . 2012-05-03 16:32:33 3695416 ----a-w- C:\Windows\system32\ieapfltr.dat
2012-05-03 16:32:33 . 2012-05-03 16:32:33 367104 ----a-w- C:\Windows\SysWow64\html.iec
2012-05-03 16:32:33 . 2012-05-03 16:32:33 35840 ----a-w- C:\Windows\SysWow64\imgutil.dll
2012-05-03 16:32:33 . 2012-05-03 16:32:33 282112 ----a-w- C:\Windows\system32\dxtrans.dll
2012-05-03 16:32:33 . 2012-05-03 16:32:33 267776 ----a-w- C:\Windows\system32\ieaksie.dll
2012-05-03 16:32:33 . 2012-05-03 16:32:33 23552 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2012-05-03 16:32:33 . 2012-05-03 16:32:33 222208 ----a-w- C:\Windows\system32\msls31.dll
2012-05-03 16:32:33 . 2012-05-03 16:32:33 197120 ----a-w- C:\Windows\system32\msrating.dll
2012-05-03 16:32:33 . 2012-05-03 16:32:33 163840 ----a-w- C:\Windows\system32\ieakui.dll
2012-05-03 16:32:33 . 2012-05-03 16:32:33 161792 ----a-w- C:\Windows\SysWow64\msls31.dll
2012-05-03 16:32:33 . 2012-05-03 16:32:33 160256 ----a-w- C:\Windows\system32\ieakeng.dll
2012-05-03 16:32:33 . 2012-05-03 16:32:33 152064 ----a-w- C:\Windows\SysWow64\wextract.exe
2012-05-03 16:32:33 . 2012-05-03 16:32:33 150528 ----a-w- C:\Windows\SysWow64\iexpress.exe
2012-05-03 16:32:33 . 2012-05-03 16:32:33 149504 ----a-w- C:\Windows\system32\occache.dll
2012-05-03 16:32:33 . 2012-05-03 16:32:33 145920 ----a-w- C:\Windows\system32\iepeers.dll
2012-05-03 16:32:33 . 2012-05-03 16:32:33 135168 ----a-w- C:\Windows\system32\IEAdvpack.dll
2012-05-03 16:32:33 . 2012-05-03 16:32:33 12288 ----a-w- C:\Windows\system32\mshta.exe
2012-05-03 16:32:33 . 2012-05-03 16:32:33 11776 ----a-w- C:\Windows\SysWow64\mshta.exe
2012-05-03 16:32:33 . 2012-05-03 16:32:33 114176 ----a-w- C:\Windows\system32\admparse.dll
2012-05-03 16:32:33 . 2012-05-03 16:32:33 111616 ----a-w- C:\Windows\system32\iesysprep.dll
2012-05-03 16:32:33 . 2012-05-03 16:32:33 110592 ----a-w- C:\Windows\SysWow64\IEAdvpack.dll
2012-05-03 16:32:33 . 2012-05-03 16:32:33 10752 ----a-w- C:\Windows\system32\msfeedssync.exe
2012-05-03 16:32:33 . 2012-05-03 16:32:33 101888 ----a-w- C:\Windows\SysWow64\admparse.dll
2012-05-03 16:32:32 . 2012-05-03 16:32:32 85504 ----a-w- C:\Windows\system32\iesetup.dll
2012-05-03 16:32:32 . 2012-05-03 16:32:32 697344 ----a-w- C:\Windows\system32\msfeeds.dll
2012-05-03 16:32:32 . 2012-05-03 16:32:32 603648 ----a-w- C:\Windows\system32\vbscript.dll
2012-05-03 16:32:32 . 2012-05-03 16:32:32 403248 ----a-w- C:\Windows\system32\iedkcs32.dll
2012-05-03 16:32:32 . 2012-05-03 16:32:32 30720 ----a-w- C:\Windows\system32\licmgr10.dll
2012-05-03 16:32:32 . 2012-05-03 16:32:32 249344 ----a-w- C:\Windows\system32\webcheck.dll
2012-05-03 16:32:32 . 2012-05-03 16:32:32 165888 ----a-w- C:\Windows\system32\iexpress.exe
2012-05-03 16:32:32 . 2012-05-03 16:32:32 160256 ----a-w- C:\Windows\system32\wextract.exe
2012-05-03 16:32:32 . 2012-05-03 16:32:32 103936 ----a-w- C:\Windows\system32\inseng.dll
2012-05-03 16:11:42 . 2012-05-03 16:11:50 95544 ----a-w- C:\Windows\system32\bcmwlcoi.dll
2012-05-03 16:11:42 . 2012-05-03 16:11:50 6656 ----a-w- C:\Windows\system32\bcmwlrc.dll
2012-05-03 16:11:42 . 2012-05-03 16:11:50 4720704 ----a-w- C:\Windows\system32\drivers\BCMWL664.SYS
2012-05-03 16:11:42 . 2012-05-03 16:11:50 3905848 ----a-w- C:\Windows\system32\bcmihvsrv64.dll
2012-05-03 16:11:42 . 2012-05-03 16:11:50 3571512 ----a-w- C:\Windows\system32\bcmihvui64.dll
2012-05-01 05:40:20 . 2012-06-14 09:43:05 209920 ----a-w- C:\Windows\system32\profsvc.dll
2012-04-28 03:55:21 . 2012-06-14 09:43:04 210944 ----a-w- C:\Windows\system32\drivers\rdpwd.sys
2012-04-11 09:55:32 . 2012-05-04 15:23:55 1157352 ----a-w- C:\Program Files\netscan.exe
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20:44 64792 ----a-w- C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20:44 64792 ----a-w- C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20:44 64792 ----a-w- C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20:44 64792 ----a-w- C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20:44 64792 ----a-w- C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20:44 64792 ----a-w- C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20:44 64792 ----a-w- C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20:44 64792 ----a-w- C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20:44 64792 ----a-w- C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32:48 94208 ----a-w- C:\Users\Tobi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32:48 94208 ----a-w- C:\Users\Tobi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32:48 94208 ----a-w- C:\Users\Tobi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StrokeIt"="C:\Program Files (x86)\StrokeIt\StrokeIt.exe" [2010-01-03 17:27:58 26248]
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe" [2012-07-03 11:23:52 17417392]
"NIRegistrationWizard"="C:\Program Files (x86)\National Instruments\Shared\RegistrationWizard\Bin\RegistrationWizard.exe" [2010-06-21 12:53:18 846520]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 16:26:34 348624]
"NUSB3MON"="C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 07:53:16 113288]
"EgisTecPMMUpdate"="C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-10-19 13:39:58 407920]
"EgisUpdate"="C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-10-19 13:39:42 201584]
"VitaKeyTSR"="C:\Program Files (x86)\Acer Bio Protection\EgisTSR.exe" [2010-11-05 20:41:28 189296]
"LManager"="C:\Program Files (x86)\Launch Manager\LManager.exe" [2012-01-19 15:07:54 1106512]
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 12:02:04 254696]
"RegTool"="C:\Program Files (x86)\Gemalto\Classic Client\BIN\RegTool.exe" [2009-11-06 09:55:00 861696]
"NI Update Service"="C:\Program Files (x86)\National Instruments\Shared\Update Service\NIUpdateService.exe" [2011-06-07 10:41:54 3002976]
"niDevMon"="C:\Program Files (x86)\National Instruments\NI-DAQ\HWConfig\nidevmon.exe" [2010-04-20 07:21:12 109712]
C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Dropbox.lnk - C:\Users\Tobi\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
Psi.lnk - C:\Program Files (x86)\Psi\Psi.exe [2009-12-3 8456704]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
NI Error Reporting.lnk - C:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\nierserver.exe [2011-6-19 619672]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\Windows\SysWOW64\nvinit.dll
2;2 nvUpdatusService;NVIDIA Update Service Daemon [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 12:27:14 138576]
R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-06-07 17:12:14 160944]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-22 10:19:12 2656280]
R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\system32\DRIVERS\btath_flt.sys [2011-09-16 13:59:48 36000]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\system32\drivers\btath_a2dp.sys [2011-09-16 13:59:02 330912]
R3 btath_avdt;Atheros Bluetooth AVDT Service;C:\Windows\system32\drivers\btath_avdt.sys [2011-09-16 13:59:18 110240]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\system32\DRIVERS\btath_hcrp.sys [2011-09-16 14:00:04 167584]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\system32\DRIVERS\btath_lwflt.sys [2011-09-16 14:00:34 68256]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\system32\DRIVERS\btath_rcp.sys [2011-09-16 14:00:50 280992]
R3 cphs;Intel(R) Content Protection HECI Service;C:\Windows\SysWow64\IntelCpHeciSvc.exe [2012-03-19 21:44:20 276248]
R3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 03:23:48 71168]
R3 hhdspmc64;HHD Software Serial Port Monitoring Control Filter Driver;C:\Windows\system32\DRIVERS\hhdspmc64.sys [2010-10-13 11:10:22 39472]
R3 lvalarmk;lvalarmk;C:\Windows\system32\drivers\lvalarmk.sys [2008-12-05 14:21:30 25224]
R3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-17 21:14:05 114144]
R3 ni1006k;NI PXI-1006 Chassis Pilot;C:\Windows\system32\drivers\ni1006k.sys [2011-04-08 16:21:06 30800]
R3 ni1045k;NI PXI-1045 Chassis Pilot;C:\Windows\system32\drivers\ni1045kl.sys [2011-04-08 16:21:08 11856]
R3 ni1065k;NI PXIe-1065 Chassis Pilot;C:\Windows\system32\drivers\ni1065k.sys [2011-04-08 16:21:10 26704]
R3 nicdrk;nicdrk;C:\Windows\system32\drivers\nicdrkl.sys [2010-08-12 19:36:20 11864]
R3 nicmrk;nicmrk;C:\Windows\system32\drivers\nicmrkl.sys [2011-04-01 12:54:30 12976]
R3 nicondrk;nicondrk;C:\Windows\system32\drivers\nicondrkl.sys [2011-04-01 13:09:28 12936]
R3 nicsrk;nicsrk;C:\Windows\system32\drivers\nicsrkl.sys [2011-04-01 13:56:52 12944]
R3 nidmxfk;nidmxfk;C:\Windows\system32\drivers\nidmxfkl.sys [2011-03-22 21:52:14 12944]
R3 nidsark;nidsark;C:\Windows\system32\drivers\nidsarkl.sys [2011-03-23 13:59:50 12952]
R3 niemrk;niemrk;C:\Windows\system32\drivers\niemrkl.sys [2011-03-23 12:24:22 12944]
R3 niesrk;niesrk;C:\Windows\system32\drivers\niesrkl.sys [2011-03-23 09:08:24 12944]
R3 nifslk;nifslk;C:\Windows\system32\drivers\nifslkl.sys [2011-06-15 08:41:26 12960]
R3 nimsdrk;nimsdrk;C:\Windows\system32\drivers\nimsdrkl.sys [2011-03-22 22:50:56 13000]
R3 nimxpk;nimxpk;C:\Windows\system32\drivers\nimxpkl.sys [2011-03-22 21:21:28 12976]
R3 ninshsdk;ninshsdk;C:\Windows\system32\drivers\ninshsdkl.sys [2010-07-14 09:03:38 12968]
R3 nipalfwedl;nipalfwedl;C:\Windows\system32\drivers\nipalfwedl.sys [2011-06-29 11:50:00 12992]
R3 nipalusbedl;nipalusbedl;C:\Windows\system32\drivers\nipalusbedl.sys [2011-06-29 11:48:26 12992]
R3 nipxigpk;NI PXI Generic Chassis Pilot;C:\Windows\system32\drivers\nipxigpk.sys [2010-06-14 12:30:30 22680]
R3 niraptrk;niraptrk;C:\Windows\system32\drivers\niraptrkl.sys [2011-04-01 13:24:38 12936]
R3 niscdk;niscdk;C:\Windows\system32\drivers\niscdkl.sys [2010-07-12 19:42:36 12984]
R3 nisdigk;nisdigk;C:\Windows\system32\drivers\nisdigkl.sys [2010-10-01 07:52:04 12960]
R3 nisftk;nisftk;C:\Windows\system32\drivers\nisftkl.sys [2010-07-14 09:26:10 12952]
R3 nispdk;nispdk;C:\Windows\system32\drivers\nispdkl.sys [2010-07-12 19:54:06 12984]
R3 nissrk;nissrk;C:\Windows\system32\drivers\nissrkl.sys [2011-03-23 09:31:26 12944]
R3 nistc2k;nistc2k;C:\Windows\system32\drivers\nistc2kl.sys [2009-01-05 08:19:30 11824]
R3 nistc3rk;nistc3rk;C:\Windows\system32\drivers\nistc3rkl.sys [2011-03-23 08:49:40 12936]
R3 nistcrk;nistcrk;C:\Windows\system32\drivers\nistcrkl.sys [2009-08-31 12:15:48 11872]
R3 niswdk;niswdk;C:\Windows\system32\drivers\niswdkl.sys [2011-03-23 17:43:52 12936]
R3 nitiork;nitiork;C:\Windows\system32\drivers\nitiorkl.sys [2011-03-23 08:23:08 12968]
R3 niufurk;niufurk;C:\Windows\system32\drivers\niufurkl.sys [2011-03-23 13:38:54 12968]
R3 niwfrk;niwfrk;C:\Windows\system32\drivers\niwfrkl.sys [2011-03-23 09:47:06 12944]
R3 nixsrk;nixsrk;C:\Windows\system32\drivers\nixsrkl.sys [2011-03-23 12:56:34 12944]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys [2011-03-03 19:29:20 174184]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 19:34:24 4925184]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 03:24:33 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 03:23:47 31232]
R3 usb6xxxk;usb6xxxk;C:\Windows\system32\drivers\usb6xxxkl.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 00:07:28 17920]
R4 NIApplicationWebServer64;NI Application Web Server (64-bit);C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [2011-05-27 11:43:58 68256]
S0 nipbcfk;National Instruments Class Upper Filter Driver;C:\Windows\System32\drivers\nipbcfk.sys [2010-03-24 10:27:44 16984]
S0 nipxibaf;National Instruments PXI Bridge Access Driver;C:\Windows\System32\drivers\nipxibaf.sys [2011-04-08 16:21:04 82568]
S0 nipxibrc;National Instruments PXI Bridge Configuration Driver;C:\Windows\System32\drivers\nipxibrc.sys [2011-04-08 16:21:06 54424]
S0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys [2011-06-05 17:52:00 25960]
S1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys [2011-09-16 14:08:07 27760]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2012-05-04 14:16:13 283200]
S1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 00:07:22 59904]
S2 ANSYS, Inc. License Manager;ANSYS, Inc. License Manager;C:\Program Files\ANSYS Inc\Shared Files\Licensing\winx64\ansysli_server.exe [2009-04-14 10:56:11 3536896]
S2 AntiVirSchedulerService;Avira Planer;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 16:26:34 86224]
S2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [2011-09-16 13:52:06 105120]
S2 CxAudMsg;Conexant Audio Message Service;C:\Windows\system32\CxAudMsg64.exe [2011-05-05 15:08:04 198784]
S2 DirMngr;DirMngr;C:\Program Files (x86)\GnuPG\dirmngr.exe [2012-05-02 15:08:40 221696]
S2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2012-01-19 15:07:54 355920]
S2 EgisTec Service;EgisTec Service;C:\Program Files (x86)\Acer Bio Protection\EgisService.exe [2010-11-05 20:42:30 315248]
S2 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-11-05 20:41:40 257904]
S2 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys);C:\Windows\system32\Drivers\FPSensor.sys [2010-10-31 08:36:56 35952]
S2 GslShmSrvc;GSL Share Memory;C:\Program Files (x86)\Gemalto\Classic Client\BIN\GslShmSrvc.exe [2009-02-26 12:45:34 69632]
S2 ni488enumsvc;NI-488.2 Enumeration Service;C:\Windows\SysWOW64\nipalsm.exe [2010-03-24 13:23:06 12696]
S2 NIApplicationWebServer;NI Application Web Server;C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [2011-05-27 11:43:48 50336]
S2 nidevldu;NI Device Loader;C:\Windows\SysWOW64\nipalsm.exe [2010-03-24 13:23:06 12696]
S2 niLXIDiscovery;National Instruments LXI Discovery Service;C:\Program Files (x86)\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe [2011-06-20 12:53:08 233664]
S2 nimDNSResponder;National Instruments mDNS Responder Service;C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [2011-06-01 14:32:14 194224]
S2 NINetworkDiscovery;NI Network Discovery;C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe [2011-06-10 12:11:20 121032]
S2 nipxirmk;nipxirmk;C:\Windows\system32\drivers\nipxirmkl.sys [2010-07-13 15:32:46 11928]
S2 NiViPxiK;NI-VISA PXI Driver;C:\Windows\system32\drivers\NiViPxiKl.sys [2011-08-17 14:52:22 12968]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-06-05 03:31:30 378472]
S2 tvnserver;TightVNC Server;C:\Program Files\TightVNC\tvnserver.exe [2012-04-26 19:45:06 1633296]
S3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\DRIVERS\btath_bus.sys [2011-09-16 13:59:32 30368]
S3 GemCCID;GemCCID;C:\Windows\system32\Drivers\GemCCID.sys [2009-08-10 10:07:40 119680]
S3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys [2010-10-19 21:34:26 56344]
S3 ni488lock;NI-488.2 Locking Service;C:\Windows\system32\drivers\ni488lock.sys [2010-07-27 18:29:00 18568]
S3 nidimk;nidimk;C:\Windows\system32\drivers\nidimkl.sys [2010-06-11 12:32:32 11944]
S3 NIEthernetDeviceEnumerator;NI Ethernet Device Enumerator Driver;C:\Windows\system32\DRIVERS\niede.sys [2010-06-15 15:15:46 38064]
S3 nimru2k;nimru2k;C:\Windows\system32\drivers\nimru2kl.sys [2009-08-24 13:08:28 11872]
S3 nimstsk;nimstsk;C:\Windows\system32\drivers\nimstskl.sys [2011-03-22 21:18:44 12968]
S3 NiViPciK;NI-VISA PCI Driver;C:\Windows\system32\drivers\NiViPciKl.sys [2011-08-17 14:51:16 12968]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys [2010-11-19 08:34:26 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys [2010-11-19 08:34:26 181248]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys [2010-12-08 11:30:08 329832]
--- Andere Dienste/Treiber im Speicher ---
*NewlyCreated* - WS2IFSL
Inhalt des "geplante Tasks" Ordners
2012-07-25 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1075945210-3722903961-1690909599-1000Core.job
- C:\Users\Tobi\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-05 19:22:10 . 2012-05-05 19:22:10]
2012-07-26 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1075945210-3722903961-1690909599-1000UA.job
- C:\Users\Tobi\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-05 19:22:10 . 2012-05-05 19:22:10]
--------- X64 Entries -----------
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20:44 75544 ----a-w- C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20:44 75544 ----a-w- C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20:44 75544 ----a-w- C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20:44 75544 ----a-w- C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20:44 75544 ----a-w- C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20:44 75544 ----a-w- C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20:44 75544 ----a-w- C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20:44 75544 ----a-w- C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20:44 75544 ----a-w- C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32:50 97792 ----a-w- C:\Users\Tobi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32:50 97792 ----a-w- C:\Users\Tobi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32:50 97792 ----a-w- C:\Users\Tobi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32:50 97792 ----a-w- C:\Users\Tobi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2012-03-19 21:44:20 170264]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2012-03-19 21:44:20 398616]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2012-03-19 21:44:20 439064]
"cAudioFilterAgent"="C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2011-05-06 21:03:40 524928]
"AtherosBtStack"="C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" [2011-09-16 13:56:12 976032]
"AthBtTray"="C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-09-16 13:52:36 799904]
"EvtMgr6"="C:\Program Files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 09:38:38 1744152]
"tvncontrol"="C:\Program Files\TightVNC\tvnserver.exe" [2012-04-26 19:45:06 1633296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=C:\Windows\System32\nvinitx.dll
|
|
26.07.2012, 12:21
| #6 |
| /// Malware-holic | Bundespolizei - Trojaner 1.13 - Window 7 das log scheint unvollständig, hänge es mal als txt an
__________________ --> Bundespolizei - Trojaner 1.13 - Window 7 |
|
26.07.2012, 12:36
| #7 |
| | Bundespolizei - Trojaner 1.13 - Window 7 hmm, komisch.. Zur not kann ich es auch nochmal ausführen |
|
26.07.2012, 12:56
| #8 |
| /// Malware-holic | Bundespolizei - Trojaner 1.13 - Window 7 starte mal neu, drücke f8 wähle abgesicherter modus mit netzwerk, melde dich in deinem konto an und versuchs da erneut
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
29.07.2012, 19:03
| #9 |
| | Bundespolizei - Trojaner 1.13 - Window 7 Hat etwas gedauert, aber hier ist die komplette Log-Datei: Combofix Logfile: Code:
ATTFilter ComboFix 12-07-27.03 - Tobi 27.07.2012 21:31:25.3.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.8040.6047 [GMT 2:00]
ausgeführt von:: c:\users\Tobi\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-06-27 bis 2012-07-27 ))))))))))))))))))))))))))))))
.
.
2012-07-27 19:34 . 2012-07-27 19:34 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-07-27 19:34 . 2012-07-27 19:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-27 05:47 . 2012-07-27 05:49 -------- d-----w- c:\users\Tobi\AppData\Roaming\Swiss Academic Software
2012-07-27 05:47 . 2012-07-27 05:47 -------- d-----w- c:\program files (x86)\Citavi 3
2012-07-27 05:46 . 2012-07-27 05:47 -------- d-----w- c:\programdata\Swiss Academic Software
2012-07-24 16:41 . 2012-07-24 16:49 -------- d-----w- C:\_OTL
2012-07-24 11:23 . 2012-07-24 11:23 -------- d-----w- c:\program files (x86)\IrfanView
2012-07-24 07:15 . 2012-07-24 07:15 -------- d-----w- c:\users\Tobi\AppData\Roaming\Malwarebytes
2012-07-24 07:15 . 2012-07-24 07:15 -------- d-----w- c:\programdata\Malwarebytes
2012-07-24 07:15 . 2012-07-24 07:16 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-24 07:15 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-24 06:47 . 2012-07-24 06:47 -------- d-----w- c:\programdata\lqdenbynwxmheay
2012-07-24 06:37 . 2012-06-29 10:04 9133488 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A3C862D2-CFEE-4834-B34E-EF91B080F0A2}\mpengine.dll
2012-07-20 17:22 . 2012-07-17 21:13 73696 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-07-19 15:29 . 2012-07-19 15:29 -------- d-----w- C:\Campus EM Griechenland
2012-07-19 15:27 . 2012-07-19 15:34 -------- d-----w- C:\Fotos Campus EM Dänemark
2012-07-19 13:34 . 2012-07-19 13:34 -------- d-----w- c:\users\Tobi\AppData\Roaming\MiKTeX
2012-07-19 13:34 . 2012-07-19 13:34 -------- d-----w- c:\users\Tobi\AppData\Local\MiKTeX
2012-07-19 13:32 . 2012-07-19 13:32 -------- d-----w- c:\programdata\MiKTeX
2012-07-19 13:32 . 2012-07-19 13:32 -------- d-----w- c:\program files\MiKTeX 2.9
2012-07-19 11:01 . 2012-07-19 13:29 -------- d-----w- c:\users\Tobi\AppData\Roaming\xm1
2012-07-19 10:54 . 2012-07-19 10:54 -------- d-----w- c:\program files (x86)\Texmaker
2012-07-15 20:07 . 2012-07-15 20:07 -------- d-----w- c:\users\Tobi\AppData\Local\CyberLink
2012-07-15 20:05 . 2012-07-15 20:05 -------- d-----w- c:\program files (x86)\Acer
2012-07-14 22:14 . 2012-07-14 22:14 -------- d-----w- c:\users\Tobi\AppData\Local\MetaGeek,_LLC
2012-07-14 22:03 . 2012-07-14 22:03 -------- d-----w- c:\program files (x86)\MetaGeek
2012-07-11 20:48 . 2012-07-11 20:48 -------- d-----w- c:\program files (x86)\JKI
2012-07-11 20:48 . 2012-07-11 20:48 -------- d-----w- c:\programdata\JKI
2012-07-11 05:25 . 2012-07-11 05:25 -------- d-----w- c:\windows\system32\cvirte
2012-07-11 05:25 . 2012-07-11 05:25 -------- d-----w- c:\windows\SysWow64\cvirte
2012-07-11 05:24 . 2012-07-11 05:25 -------- d-----w- c:\programdata\IVI Foundation
2012-07-11 05:24 . 2012-07-11 05:25 -------- d-----w- c:\program files\IVI Foundation
2012-07-11 05:24 . 2012-07-11 05:25 -------- d-----w- c:\program files (x86)\IVI Foundation
2012-07-11 05:22 . 2012-07-11 05:22 -------- d-----w- c:\program files (x86)\HI-TECH Software
2012-07-11 05:22 . 2000-01-28 16:17 557328 ----a-w- c:\program files\Common Files\Microsoft Shared\dao\dao360.dll
2012-07-11 05:16 . 2012-07-11 05:26 -------- d-----w- c:\program files (x86)\Common Files\Merge Modules
2012-07-11 05:16 . 2012-07-11 05:27 -------- d-----w- c:\program files\National Instruments
2012-07-11 05:15 . 2012-07-11 06:25 -------- d-----w- c:\program files (x86)\National Instruments
2012-07-10 17:53 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-10 17:22 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-09 16:24 . 2012-07-09 16:24 -------- d-----w- c:\users\Tobi\AppData\Roaming\Arduino
2012-07-09 16:04 . 2012-07-09 16:04 -------- d-----w- c:\program files (x86)\teraterm
2012-07-09 14:46 . 2012-07-09 14:46 -------- d-----w- c:\program files (x86)\CommFront
2012-07-09 14:41 . 2012-07-09 14:41 -------- dc----w- c:\windows\system32\DRVSTORE
2012-07-09 14:41 . 2010-10-13 11:10 39472 ----a-w- c:\windows\system32\drivers\hhdspmc64.sys
2012-07-09 14:41 . 2012-07-09 14:41 -------- d-----w- c:\program files\HHD Software
2012-07-09 11:19 . 2012-04-02 12:23 154624 ----a-w- c:\windows\system32\drivers\ser2pl64.sys
2012-07-09 11:19 . 2005-08-03 14:05 35892 ----a-w- c:\windows\SysWow64\SER9PL.sys
2012-07-09 11:19 . 2005-08-03 14:04 26719 ----a-w- c:\windows\SysWow64\SERSPL.VXD
2012-07-04 15:08 . 2012-07-04 15:08 -------- d-----w- c:\users\Tobi\AppData\Local\ElevatedDiagnostics
2012-07-03 15:36 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-20 17:24 . 2012-05-03 19:46 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-20 17:24 . 2012-05-03 19:46 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-10 17:50 . 2012-05-03 16:18 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-18 13:17 . 2012-06-18 13:17 871424 ----a-w- c:\program files\Vorlesungsverzeichnis-v1.19.exe
2012-06-02 22:19 . 2012-06-08 22:59 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-08 22:59 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-08 22:59 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-08 22:59 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-08 22:59 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-08 22:59 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-08 22:59 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-08 22:59 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-08 22:59 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-31 10:25 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-26 13:45 . 2012-05-26 13:45 119808 ----a-r- c:\users\Tobi\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe
2012-05-24 21:18 . 2012-05-24 21:18 4472832 ----a-w- c:\windows\SysWow64\GPhotos.scr
2012-05-13 12:07 . 2012-05-13 12:07 21840 ----atw- c:\windows\SysWow64\SIntfNT.dll
2012-05-13 12:07 . 2012-05-13 12:07 17212 ----atw- c:\windows\SysWow64\SIntf32.dll
2012-05-13 12:07 . 2012-05-13 12:07 12067 ----atw- c:\windows\SysWow64\SIntf16.dll
2012-05-05 16:08 . 2012-05-05 16:08 65536 ----a-r- c:\users\Tobi\AppData\Roaming\Microsoft\Installer\{FE7EA637-9C65-4D57-9342-DDD98315AA58}\ARPPRODUCTICON.exe
2012-05-04 14:39 . 2012-05-04 14:39 53248 ----a-r- c:\users\Tobi\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-05-04 14:39 . 2012-05-04 14:39 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-05-04 14:16 . 2012-05-04 14:16 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-05-04 13:48 . 2012-05-04 13:48 476960 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-05-04 13:48 . 2012-05-04 13:48 472864 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-05-04 13:44 . 2012-05-04 13:44 483328 ----a-w- c:\program files\putty.exe
2012-05-04 11:06 . 2012-06-14 09:43 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 11:00 . 2012-06-18 08:34 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-05-04 10:03 . 2012-06-14 09:43 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-14 09:43 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-04 09:59 . 2012-06-18 08:34 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-05-03 16:38 . 2012-05-03 16:38 606000 ----a-w- c:\windows\SysWow64\NBMatS1SDK.dll
2012-05-03 16:32 . 2012-05-03 16:32 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-05-03 16:32 . 2012-05-03 16:32 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-05-03 16:32 . 2012-05-03 16:32 89088 ----a-w- c:\windows\system32\ie4uinit.exe
2012-05-03 16:32 . 2012-05-03 16:32 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-05-03 16:32 . 2012-05-03 16:32 82432 ----a-w- c:\windows\system32\icardie.dll
2012-05-03 16:32 . 2012-05-03 16:32 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-05-03 16:32 . 2012-05-03 16:32 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-05-03 16:32 . 2012-05-03 16:32 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-05-03 16:32 . 2012-05-03 16:32 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-05-03 16:32 . 2012-05-03 16:32 65024 ----a-w- c:\windows\system32\pngfilt.dll
2012-05-03 16:32 . 2012-05-03 16:32 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-05-03 16:32 . 2012-05-03 16:32 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
2012-05-03 16:32 . 2012-05-03 16:32 534528 ----a-w- c:\windows\system32\ieapfltr.dll
2012-05-03 16:32 . 2012-05-03 16:32 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-05-03 16:32 . 2012-05-03 16:32 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-05-03 16:32 . 2012-05-03 16:32 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-05-03 16:32 . 2012-05-03 16:32 452608 ----a-w- c:\windows\system32\dxtmsft.dll
2012-05-03 16:32 . 2012-05-03 16:32 448512 ----a-w- c:\windows\system32\html.iec
2012-05-03 16:32 . 2012-05-03 16:32 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-05-03 16:32 . 2012-05-03 16:32 39936 ----a-w- c:\windows\system32\iernonce.dll
2012-05-03 16:32 . 2012-05-03 16:32 3695416 ----a-w- c:\windows\system32\ieapfltr.dat
2012-05-03 16:32 . 2012-05-03 16:32 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-05-03 16:32 . 2012-05-03 16:32 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-05-03 16:32 . 2012-05-03 16:32 282112 ----a-w- c:\windows\system32\dxtrans.dll
2012-05-03 16:32 . 2012-05-03 16:32 267776 ----a-w- c:\windows\system32\ieaksie.dll
2012-05-03 16:32 . 2012-05-03 16:32 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-05-03 16:32 . 2012-05-03 16:32 222208 ----a-w- c:\windows\system32\msls31.dll
2012-05-03 16:32 . 2012-05-03 16:32 197120 ----a-w- c:\windows\system32\msrating.dll
2012-05-03 16:32 . 2012-05-03 16:32 163840 ----a-w- c:\windows\system32\ieakui.dll
2012-05-03 16:32 . 2012-05-03 16:32 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-05-03 16:32 . 2012-05-03 16:32 160256 ----a-w- c:\windows\system32\ieakeng.dll
2012-05-03 16:32 . 2012-05-03 16:32 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-05-03 16:32 . 2012-05-03 16:32 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-05-03 16:32 . 2012-05-03 16:32 149504 ----a-w- c:\windows\system32\occache.dll
2012-05-03 16:32 . 2012-05-03 16:32 145920 ----a-w- c:\windows\system32\iepeers.dll
2012-05-03 16:32 . 2012-05-03 16:32 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-05-03 16:32 . 2012-05-03 16:32 12288 ----a-w- c:\windows\system32\mshta.exe
2012-05-03 16:32 . 2012-05-03 16:32 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-05-03 16:32 . 2012-05-03 16:32 114176 ----a-w- c:\windows\system32\admparse.dll
2012-05-03 16:32 . 2012-05-03 16:32 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-05-03 16:32 . 2012-05-03 16:32 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-05-03 16:32 . 2012-05-03 16:32 10752 ----a-w- c:\windows\system32\msfeedssync.exe
2012-05-03 16:32 . 2012-05-03 16:32 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-05-03 16:32 . 2012-05-03 16:32 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-05-03 16:32 . 2012-05-03 16:32 697344 ----a-w- c:\windows\system32\msfeeds.dll
2012-05-03 16:32 . 2012-05-03 16:32 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-05-03 16:32 . 2012-05-03 16:32 403248 ----a-w- c:\windows\system32\iedkcs32.dll
2012-05-03 16:32 . 2012-05-03 16:32 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-03 16:32 . 2012-05-03 16:32 249344 ----a-w- c:\windows\system32\webcheck.dll
2012-05-03 16:32 . 2012-05-03 16:32 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-05-03 16:32 . 2012-05-03 16:32 160256 ----a-w- c:\windows\system32\wextract.exe
2012-05-03 16:32 . 2012-05-03 16:32 103936 ----a-w- c:\windows\system32\inseng.dll
2012-05-03 16:11 . 2012-05-03 16:11 95544 ----a-w- c:\windows\system32\bcmwlcoi.dll
2012-05-03 16:11 . 2012-05-03 16:11 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2012-05-03 16:11 . 2012-05-03 16:11 4720704 ----a-w- c:\windows\system32\drivers\BCMWL664.SYS
2012-05-03 16:11 . 2012-05-03 16:11 3905848 ----a-w- c:\windows\system32\bcmihvsrv64.dll
2012-05-03 16:11 . 2012-05-03 16:11 3571512 ----a-w- c:\windows\system32\bcmihvui64.dll
2012-05-01 05:40 . 2012-06-14 09:43 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-04-11 09:55 . 2012-05-04 15:23 1157352 ----a-w- c:\program files\netscan.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-26_10.41.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-07-26 12:53 49302 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-27 15:06 35348 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-07-27 05:46 . 2012-07-27 05:46 86912 c:\windows\Installer\{e12c6653-1ff0-4686-adb8-589c13ae761f}\_6FEFF9B68218417F98F549.exe
+ 2012-05-03 16:14 . 2012-07-27 15:06 4738 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1075945210-3722903961-1690909599-1000_UserData.bin
+ 2012-07-27 15:12 . 2012-07-27 15:12 9560 c:\windows\system32\NetworkList\Icons\{B208BEBC-1BCD-4EF9-96D6-73DB6130E80A}_48.bin
+ 2012-07-27 15:12 . 2012-07-27 15:12 4280 c:\windows\system32\NetworkList\Icons\{B208BEBC-1BCD-4EF9-96D6-73DB6130E80A}_32.bin
+ 2012-07-27 15:12 . 2012-07-27 15:12 2456 c:\windows\system32\NetworkList\Icons\{B208BEBC-1BCD-4EF9-96D6-73DB6130E80A}_24.bin
+ 2012-07-26 16:34 . 2012-07-26 16:34 9560 c:\windows\system32\NetworkList\Icons\{374FB214-CFFA-478C-B924-41BA059357DF}_48.bin
+ 2012-07-26 16:34 . 2012-07-26 16:34 4280 c:\windows\system32\NetworkList\Icons\{374FB214-CFFA-478C-B924-41BA059357DF}_32.bin
+ 2012-07-26 16:34 . 2012-07-26 16:34 2456 c:\windows\system32\NetworkList\Icons\{374FB214-CFFA-478C-B924-41BA059357DF}_24.bin
+ 2012-07-27 16:28 . 2012-07-27 16:28 9560 c:\windows\system32\NetworkList\Icons\{2F246B04-1756-44CE-B5E0-2D7ADF293A9F}_48.bin
+ 2012-07-27 16:28 . 2012-07-27 16:28 4280 c:\windows\system32\NetworkList\Icons\{2F246B04-1756-44CE-B5E0-2D7ADF293A9F}_32.bin
+ 2012-07-27 16:28 . 2012-07-27 16:28 2456 c:\windows\system32\NetworkList\Icons\{2F246B04-1756-44CE-B5E0-2D7ADF293A9F}_24.bin
+ 2012-07-27 15:49 . 2012-07-27 15:49 9560 c:\windows\system32\NetworkList\Icons\{2A8331D7-E73C-4310-A5AF-58536D584B0F}_48.bin
+ 2012-07-27 15:49 . 2012-07-27 15:49 4280 c:\windows\system32\NetworkList\Icons\{2A8331D7-E73C-4310-A5AF-58536D584B0F}_32.bin
+ 2012-07-27 15:49 . 2012-07-27 15:49 2456 c:\windows\system32\NetworkList\Icons\{2A8331D7-E73C-4310-A5AF-58536D584B0F}_24.bin
+ 2012-07-27 19:27 . 2012-07-27 19:28 1736 c:\windows\SoftwareDistribution\EventCache\{C39EBC08-38D3-4E81-B271-AC07FAAF5948}.bin
- 2012-07-26 10:40 . 2012-07-26 10:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-27 15:04 . 2012-07-27 15:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-26 10:40 . 2012-07-26 10:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-27 15:04 . 2012-07-27 15:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-05-05 15:47 . 2012-07-27 19:16 327596 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
- 2009-07-14 02:36 . 2012-07-25 14:53 652148 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-27 15:08 652148 c:\windows\system32\perfh009.dat
- 2011-04-12 07:43 . 2012-07-25 14:53 696870 c:\windows\system32\perfh007.dat
+ 2011-04-12 07:43 . 2012-07-27 15:08 696870 c:\windows\system32\perfh007.dat
- 2009-07-14 02:36 . 2012-07-25 14:53 121080 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-07-27 15:08 121080 c:\windows\system32\perfc009.dat
+ 2011-04-12 07:43 . 2012-07-27 15:08 148134 c:\windows\system32\perfc007.dat
- 2011-04-12 07:43 . 2012-07-25 14:53 148134 c:\windows\system32\perfc007.dat
- 2009-07-14 05:01 . 2012-07-26 10:40 396900 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-07-27 15:03 396900 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-05-03 16:30 . 2012-07-27 15:03 54670204 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1075945210-3722903961-1690909599-1000-8192.dat
- 2012-05-03 16:30 . 2012-07-26 10:40 54670204 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1075945210-3722903961-1690909599-1000-8192.dat
+ 2012-07-27 05:46 . 2012-07-27 05:46 70992896 c:\windows\Installer\2f0566c.msi
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Tobi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Tobi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Tobi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StrokeIt"="c:\program files (x86)\StrokeIt\StrokeIt.exe" [2010-01-03 26248]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-03 17417392]
"Akamai NetSession Interface"="c:\users\Tobi\AppData\Local\Akamai\netsession_win.exe" [BU]
"NIRegistrationWizard"="c:\program files (x86)\National Instruments\Shared\RegistrationWizard\Bin\RegistrationWizard.exe" [2010-06-21 846520]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-10-19 407920]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-10-19 201584]
"VitaKeyTSR"="c:\program files (x86)\Acer Bio Protection\EgisTSR.exe" [2010-11-05 189296]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2012-01-19 1106512]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"RegTool"="c:\program files (x86)\Gemalto\Classic Client\BIN\RegTool.exe" [2009-11-06 861696]
"NI Update Service"="c:\program files (x86)\National Instruments\Shared\Update Service\NIUpdateService.exe" [2011-06-07 3002976]
"niDevMon"="c:\program files (x86)\National Instruments\NI-DAQ\HWConfig\nidevmon.exe" [2010-04-20 109712]
.
c:\users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Dropbox.lnk - c:\users\Tobi\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
Psi.lnk - c:\program files (x86)\Psi\Psi.exe [2009-12-3 8456704]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NI Error Reporting.lnk - c:\program files (x86)\National Instruments\Shared\NI Error Reporting\nierserver.exe [2011-6-19 619672]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
R2 ANSYS, Inc. License Manager;ANSYS, Inc. License Manager;c:\program files\ANSYS Inc\Shared Files\Licensing\winx64\ansysli_server.exe [2009-04-14 3536896]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DirMngr;DirMngr;c:\program files (x86)\GnuPG\dirmngr.exe [2012-05-02 221696]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-09-16 36000]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-09-16 330912]
R3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [2011-09-16 110240]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-09-16 167584]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-09-16 68256]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-09-16 280992]
R3 cphs;Intel(R) Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-03-19 276248]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 hhdspmc64;HHD Software Serial Port Monitoring Control Filter Driver;c:\windows\system32\DRIVERS\hhdspmc64.sys [2010-10-13 39472]
R3 lvalarmk;lvalarmk;c:\windows\system32\drivers\lvalarmk.sys [2008-12-05 25224]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-17 114144]
R3 ni1006k;NI PXI-1006 Chassis Pilot;c:\windows\system32\drivers\ni1006k.sys [2011-04-08 30800]
R3 ni1045k;NI PXI-1045 Chassis Pilot;c:\windows\system32\drivers\ni1045kl.sys [2011-04-08 11856]
R3 ni1065k;NI PXIe-1065 Chassis Pilot;c:\windows\system32\drivers\ni1065k.sys [2011-04-08 26704]
R3 nicdrk;nicdrk;c:\windows\system32\drivers\nicdrkl.sys [2010-08-12 11864]
R3 nicmrk;nicmrk;c:\windows\system32\drivers\nicmrkl.sys [2011-04-01 12976]
R3 nicondrk;nicondrk;c:\windows\system32\drivers\nicondrkl.sys [2011-04-01 12936]
R3 nicsrk;nicsrk;c:\windows\system32\drivers\nicsrkl.sys [2011-04-01 12944]
R3 nidmxfk;nidmxfk;c:\windows\system32\drivers\nidmxfkl.sys [2011-03-22 12944]
R3 nidsark;nidsark;c:\windows\system32\drivers\nidsarkl.sys [2011-03-23 12952]
R3 niemrk;niemrk;c:\windows\system32\drivers\niemrkl.sys [2011-03-23 12944]
R3 niesrk;niesrk;c:\windows\system32\drivers\niesrkl.sys [2011-03-23 12944]
R3 nifslk;nifslk;c:\windows\system32\drivers\nifslkl.sys [2011-06-15 12960]
R3 nimsdrk;nimsdrk;c:\windows\system32\drivers\nimsdrkl.sys [2011-03-22 13000]
R3 nimxpk;nimxpk;c:\windows\system32\drivers\nimxpkl.sys [2011-03-22 12976]
R3 ninshsdk;ninshsdk;c:\windows\system32\drivers\ninshsdkl.sys [2010-07-14 12968]
R3 nipalfwedl;nipalfwedl;c:\windows\system32\drivers\nipalfwedl.sys [2011-06-29 12992]
R3 nipalusbedl;nipalusbedl;c:\windows\system32\drivers\nipalusbedl.sys [2011-06-29 12992]
R3 nipxigpk;NI PXI Generic Chassis Pilot;c:\windows\system32\drivers\nipxigpk.sys [2010-06-14 22680]
R3 niraptrk;niraptrk;c:\windows\system32\drivers\niraptrkl.sys [2011-04-01 12936]
R3 niscdk;niscdk;c:\windows\system32\drivers\niscdkl.sys [2010-07-12 12984]
R3 nisdigk;nisdigk;c:\windows\system32\drivers\nisdigkl.sys [2010-10-01 12960]
R3 nisftk;nisftk;c:\windows\system32\drivers\nisftkl.sys [2010-07-14 12952]
R3 nispdk;nispdk;c:\windows\system32\drivers\nispdkl.sys [2010-07-12 12984]
R3 nissrk;nissrk;c:\windows\system32\drivers\nissrkl.sys [2011-03-23 12944]
R3 nistc2k;nistc2k;c:\windows\system32\drivers\nistc2kl.sys [2009-01-05 11824]
R3 nistc3rk;nistc3rk;c:\windows\system32\drivers\nistc3rkl.sys [2011-03-23 12936]
R3 nistcrk;nistcrk;c:\windows\system32\drivers\nistcrkl.sys [2009-08-31 11872]
R3 niswdk;niswdk;c:\windows\system32\drivers\niswdkl.sys [2011-03-23 12936]
R3 nitiork;nitiork;c:\windows\system32\drivers\nitiorkl.sys [2011-03-23 12968]
R3 niufurk;niufurk;c:\windows\system32\drivers\niufurkl.sys [2011-03-23 12968]
R3 niwfrk;niwfrk;c:\windows\system32\drivers\niwfrkl.sys [2011-03-23 12944]
R3 nixsrk;nixsrk;c:\windows\system32\drivers\nixsrkl.sys [2011-03-23 12944]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2011-03-03 174184]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 usb6xxxk;usb6xxxk;c:\windows\system32\drivers\usb6xxxkl.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R4 NIApplicationWebServer64;NI Application Web Server (64-bit);c:\program files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [2011-05-27 68256]
S0 nipbcfk;National Instruments Class Upper Filter Driver;c:\windows\System32\drivers\nipbcfk.sys [2010-03-24 16984]
S0 nipxibaf;National Instruments PXI Bridge Access Driver;c:\windows\System32\drivers\nipxibaf.sys [2011-04-08 82568]
S0 nipxibrc;National Instruments PXI Bridge Configuration Driver;c:\windows\System32\drivers\nipxibrc.sys [2011-04-08 54424]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-06-05 25960]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-05-04 283200]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-09-16 105120]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe [2011-05-05 198784]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2012-01-19 355920]
S2 EgisTec Service;EgisTec Service;c:\program files (x86)\Acer Bio Protection\EgisService.exe [2010-11-05 315248]
S2 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-11-05 257904]
S2 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys);c:\windows\system32\Drivers\FPSensor.sys [2010-10-31 35952]
S2 GslShmSrvc;GSL Share Memory;c:\program files (x86)\Gemalto\Classic Client\BIN\GslShmSrvc.exe [2009-02-26 69632]
S2 ni488enumsvc;NI-488.2 Enumeration Service;c:\windows\SysWOW64\nipalsm.exe [2010-03-24 12696]
S2 NIApplicationWebServer;NI Application Web Server;c:\program files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [2011-05-27 50336]
S2 nidevldu;NI Device Loader;c:\windows\SysWOW64\nipalsm.exe [2010-03-24 12696]
S2 niLXIDiscovery;National Instruments LXI Discovery Service;c:\program files (x86)\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe [2011-06-20 233664]
S2 nimDNSResponder;National Instruments mDNS Responder Service;c:\program files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [2011-06-01 194224]
S2 NINetworkDiscovery;NI Network Discovery;c:\program files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe [2011-06-10 121032]
S2 nipxirmk;nipxirmk;c:\windows\system32\drivers\nipxirmkl.sys [2010-07-13 11928]
S2 NiViPxiK;NI-VISA PXI Driver;c:\windows\system32\drivers\NiViPxiKl.sys [2011-08-17 12968]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-06-05 1997416]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-06-05 378472]
S2 tvnserver;TightVNC Server;c:\program files\TightVNC\tvnserver.exe [2012-04-26 1633296]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-22 2656280]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-09-16 30368]
S3 GemCCID;GemCCID;c:\windows\system32\Drivers\GemCCID.sys [2009-08-10 119680]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 ni488lock;NI-488.2 Locking Service;c:\windows\system32\drivers\ni488lock.sys [2010-07-27 18568]
S3 nidimk;nidimk;c:\windows\system32\drivers\nidimkl.sys [2010-06-11 11944]
S3 NIEthernetDeviceEnumerator;NI Ethernet Device Enumerator Driver;c:\windows\system32\DRIVERS\niede.sys [2010-06-15 38064]
S3 nimru2k;nimru2k;c:\windows\system32\drivers\nimru2kl.sys [2009-08-24 11872]
S3 nimstsk;nimstsk;c:\windows\system32\drivers\nimstskl.sys [2011-03-22 12968]
S3 NiViPciK;NI-VISA PCI Driver;c:\windows\system32\drivers\NiViPciKl.sys [2011-08-17 12968]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-11-19 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-11-19 181248]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2010-12-08 329832]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1075945210-3722903961-1690909599-1000Core.job
- c:\users\Tobi\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-05 19:22]
.
2012-07-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1075945210-3722903961-1690909599-1000UA.job
- c:\users\Tobi\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-05 19:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Tobi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Tobi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Tobi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Tobi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-19 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-19 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-19 439064]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2011-05-06 524928]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-09-16 976032]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-09-16 799904]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
"tvncontrol"="c:\program files\TightVNC\tvnserver.exe" [2012-04-26 1633296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.funmoods.com/?f=1&a=ddrnw
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\vtifbk7n.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.ftp - 141.24.53.249
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.gopher - www-proxy.t-online.de
FF - prefs.js: network.proxy.gopher_port - 80
FF - prefs.js: network.proxy.http - 141.24.53.249
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - 141.24.53.249
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - 141.24.53.249
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.funmoods_i.hmpg - true
FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=ddrnw
FF - user.js: extensions.funmoods_i.dfltSrch - true
FF - user.js: extensions.funmoods_i.srchPrvdr - Search
FF - user.js: extensions.funmoods_i.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods_i.newTabUrl - hxxp://start.funmoods.com/?f=2&a=ddrnw
FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=ddrnw&q=
FF - user.js: extensions.funmoods_i.id - 4cfb558600000000000000ff5f08a7ee
FF - user.js: extensions.funmoods_i.instlDay - 15466
FF - user.js: extensions.funmoods_i.vrsn - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsni - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.11.1622:16
FF - user.js: extensions.funmoods_i.prtnrId - funmoods
FF - user.js: extensions.funmoods_i.prdct - funmoods
FF - user.js: extensions.funmoods_i.aflt - ddrnw
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods_i.tlbrId - base
FF - user.js: extensions.funmoods_i.instlRef -
FF - user.js: extensions.funmoods_i.dfltLng -
FF - user.js: extensions.funmoods_i.excTlbr - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-combofix - c:\combofix\CF16140.3XE
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-07-27 22:31:59
ComboFix-quarantined-files.txt 2012-07-27 20:31
.
Vor Suchlauf: 20 Verzeichnis(se), 33,530,179,584 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 33,339,035,648 Bytes frei
.
- - End Of File - - 4D1C4032C2A4A0F7E11C8BEA142263DE
|
|
30.07.2012, 20:08
| #10 |
| /// Malware-holic | Bundespolizei - Trojaner 1.13 - Window 7 hi lade den CCleaner standard: CCleaner Download - CCleaner 3.21.1767 falls der CCleaner bereits instaliert, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
30.07.2012, 20:37
| #11 |
| | Bundespolizei - Trojaner 1.13 - Window 7 servus, hier ist die Liste vom CCCleaner: Code:
ATTFilter 232Analyzer CommFront Communications 09.07.2012 4.76MB 5.6.0.0 notwendig 7-Zip 9.20 (x64 edition) Igor Pavlov 03.05.2012 4.53MB 9.20.00.0 notwendig Acer Bio Protection Egis Technology Inc. 03.05.2012 23.3MB 7.0.60.0 notwendig Acer Crystal Eye Webcam CyberLink Corp. 15.07.2012 42.4MB 1.5.2904.00 notwendig Adobe Flash Player 11 Plugin Adobe Systems Incorporated 20.07.2012 6.00MB 11.3.300.265 notwendig Adobe Photoshop CS2 Adobe Systems, Inc. 15.05.2012 9.0 notwendig Bluetooth Win7 Suite (64) Atheros Communications 03.05.2012 118MB 7.4.0.96 notwendig Broadcom 802.11 Network Adapter Broadcom Corporation 03.05.2012 5.100.235.19 notwendig Broadcom Gigabit Integrated Controller Broadcom Corporation 03.05.2012 1.58MB 14.6.1.5 notwendig CCleaner Piriform 24.07.2012 3.21 notwendig Citavi Swiss Academic Software 27.07.2012 69.2MB 3.2.0.0 notwendig Classic Client 6.0 for 64 bits Gemalto 24.06.2012 38.5MB 6.00.000.002 notwendig Conexant HD Audio Conexant 03.05.2012 8.54.6.0 notwendig DAEMON Tools Lite DT Soft Ltd 04.05.2012 4.45.4.0315 notwendig Dropbox Dropbox, Inc. 27.05.2012 1.4.7 notwendig EgisTec ES603 WDM Driver Egis Technology Inc. 03.05.2012 1.36MB 3.0.16.0 notwendig FileZilla Client 3.5.3 FileZilla Project 04.05.2012 16.5MB 3.5.3 notwendig Gemalto PKCS#11 For .NET Smart Cards V2+ Gemalto 05.05.2012 4.46MB 2.1.3.201 notwendig Google Chrome Google Inc. 05.05.2012 20.0.1132.57 notwendig Gpg4win (2.1.1-34299-beta) The Gpg4win Project 04.05.2012 2.1.1-34299-beta notwendig HI-TECH C51-lite V9.60PL0 HI-TECH Software 11.07.2012 9.60 unbekannt HI-TECH PICC lite V9.60PL0 HI-TECH Software 11.07.2012 9.60 unbekannt InfraRecorder Christian Kindahl 06.06.2012 notwendig inSSIDer MetaGeek 15.07.2012 4.31MB 2.1.5 notwendig Intel(R) Management Engine Components Intel Corporation 03.05.2012 7.0.0.1144 notwendig IrfanView (remove only) Irfan Skiljan 24.07.2012 1.50MB 4.32 notwendig IVI Shared Components 2.2.1 IVI Foundation 11.07.2012 2.21.49152 notwendig Java(TM) 6 Update 32 Oracle 04.05.2012 95.7MB 6.0.320 notwendig Launch Manager Acer Inc. 03.05.2012 6.0.11 notwendig LibreOffice 3.5 The Document Foundation 04.05.2012 368MB 3.5.3.2 notwendig Logitech SetPoint 6.32 Logitech 04.05.2012 39.0MB 6.32.20 notwendig Malwarebytes Anti-Malware Version 1.62.0.1300 Malwarebytes Corporation 24.07.2012 18.7MB 1.62.0.1300 notwendig Microsoft .NET Framework 4 Client Profile Microsoft Corporation 03.05.2012 38.8MB 4.0.30319 notwendig Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 03.05.2012 2.93MB 4.0.30319 notwendig Microsoft .NET Framework 4 Extended Microsoft Corporation 08.05.2012 51.9MB 4.0.30319 notwendig Microsoft .NET Framework 4 Extended DEU Language Pack Microsoft Corporation 08.05.2012 10.6MB 4.0.30319 notwendig Microsoft Office Excel 2007 Microsoft Corporation 09.05.2012 12.0.6612.1000 notwendig Microsoft Office Live Add-in 1.5 Microsoft Corporation 08.05.2012 508KB 2.0.4024.1 notwendig Microsoft Office PowerPoint 2007 Microsoft Corporation 09.05.2012 12.0.6612.1000 notwendig Microsoft Office Word 2007 Microsoft Corporation 09.05.2012 12.0.6612.1000 notwendig Microsoft Project Professional 2010 Microsoft Corporation 04.05.2012 14.0.6029.1000 notwendig Microsoft Silverlight Microsoft Corporation 11.05.2012 50.6MB 5.1.10411.0 notwendig Microsoft Visio Professional 2010 Microsoft Corporation 18.06.2012 14.0.6029.1000 notwendig Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 19.05.2012 2.38MB 8.0.59193 notwendig Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 08.05.2012 620KB 8.0.61000 notwendig Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 Microsoft Corporation 08.05.2012 242KB 9.0.30729 notwendig Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 04.05.2012 788KB 9.0.30729 notwendig Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 08.05.2012 232KB 9.0.30729.4148 notwendig Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 08.05.2012 786KB 9.0.30729.6161 notwendig Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 05.05.2012 1.25MB 9.0.21022 notwendig Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 08.05.2012 238KB 9.0.30729 notwendig Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 08.05.2012 224KB 9.0.30729.4148 notwendig Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 08.05.2012 598KB 9.0.30729.6161 notwendig Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Corporation 11.05.2012 1.22MB 10.0.40219 notwendig Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 08.05.2012 15.0MB 10.0.40219 notwendig Microsoft WSE 3.0 Runtime Microsoft Corp. 08.05.2012 942KB 3.0.5305.0 notwendig Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme Microsoft Corporation 08.05.2012 132KB 12.0.4518.1014 notwendig MiKTeX 2.9 MiKTeX.org 19.07.2012 2.9 notwendig MozBackup 1.5.1 Pavel Cvrcek 04.05.2012 notwendig Mozilla Firefox 15.0 (x86 de) Mozilla 20.07.2012 69.0MB 15.0 notwendig Mozilla Maintenance Service Mozilla 20.07.2012 327KB 15.0 notwendig Mozilla Thunderbird 14.0 (x86 de) Mozilla 17.07.2012 39.4MB 14.0 notwendig National Instruments - Software National Instruments 11.07.2012 notwendig Notepad++ 04.05.2012 6.1.2 notwendig NVIDIA 3D Vision Treiber 268.83 NVIDIA Corporation 03.05.2012 268.83 notwendig NVIDIA Grafiktreiber 268.83 NVIDIA Corporation 03.05.2012 268.83 notwendig NVIDIA HD-Audiotreiber 1.2.22.1 NVIDIA Corporation 03.05.2012 1.2.22.1 notwendig OpenVPN 2.2.2 04.05.2012 2.2.2 notwendig Picasa 3 Google, Inc. 09.06.2012 3.8 notwendig PL-2303 USB-to-Serial Prolific Technology INC 09.07.2012 1.6.0 notwendig Psi (remove only) 04.05.2012 notwendig Realtek PCIE Card Reader Realtek Semiconductor Corp. 03.05.2012 6.1.7600.69 notwendig Renesas Electronics USB 3.0 Host Controller Driver Renesas Electronics Corporation 03.05.2012 1.00MB 2.0.30.0 notwendig Secure Download Manager e-academy Inc. 26.05.2012 1.14MB 3.0.3 notwendig SecureW2 EAP Suite 1.1.3 for Windows 11.05.2012 notwendig Skype™ 5.10 Skype Technologies S.A. 20.07.2012 19.5MB 5.10.115 notwendig StrokeIt 04.05.2012 notwendig SumatraPDF Krzysztof Kowalczyk 12.05.2012 8.19MB 2.1.1 notwendig Synaptics Pointing Device Driver Synaptics Incorporated 03.05.2012 46.4MB 15.2.14.0 notwendig Tera Term 4.74 09.07.2012 9.20MB notwendig Texmaker 19.07.2012 notwendig TightVNC GlavSoft LLC. 26.05.2012 2.86MB 2.5.1.0 notwendig TortoiseSVN 1.7.6.22632 (64 bit) TortoiseSVN 05.05.2012 52.2MB 1.7.22632 notwendig VI Package Manager JKI 11.07.2012 68.3MB 2012.0.0 (build 1780) notwendig VISA Shared Components 64-Bit 11.07.2012 notwendig VLC media player 2.0.1 VideoLAN 03.05.2012 2.0.1 notwendig Windows 7 USB/DVD Download Tool Microsoft Corporation 26.05.2012 2.71MB 1.0.30 notwendig WinRAR 4.11 (64-Bit) win.rar GmbH 11.05.2012 4.11.0 notwendig WinSCP 4.3.7 Martin Prikryl 06.05.2012 8.76MB 4.3.7 notwendig |
|
| Themen zu Bundespolizei - Trojaner 1.13 - Window 7 |
| 32 bit, 7-zip, akamai, autorun, avira, bho, compare, document, error, firefox, flash player, format, google, helper, install.exe, jdownloader, langs, launch, logfile, microsoft office word, mozilla, national, nvidia update, nvpciflt.sys, office 2007, photoshop, plug-in, pmmupdate.exe, port, realtek, registry, rundll, scan, searchscopes, security, server, software, svchost.exe, trojan.agent.ge, trojaner, tvnserver, udp, usb 3.0, win64, window 7, windows |
Linear-Darstellung
