| |
| |||||||
Log-Analyse und Auswertung: Redirect auf Google, GMER hat Rootkit-Aktivität festgestelltWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
19.10.2012, 09:44
| #16 |
| /// Malwareteam    |  Redirect auf Google, GMER hat Rootkit-Aktivität festgestellt Schritt 1: Fix mit OTL
Code:
ATTFilter :files
C:\Dokumente und Einstellungen\User\Eigene Dateien\Downloads\LabView_8.exe
C:\Programme\SlySoft\AnyDVD\AnyDVD_.exe
:Commands
[emptytemp]
Schritt 2: Adobe Flash Player update Dein Flash-Player ist veraltet. Da gerade diese Software gerne von Schädlingen als Sprungbrett ins System genutzt wird, muss sie immer aktuell gehalten werden. Um den Flash Player zu aktualisieren, gehe bitte wie folgt vor:
Schritt 3: Java update Dein Java ist nicht mehr aktuell. Ältere Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Nach dem Neustart:
Schritt 4: Adobe Reader update Dein Adobe Reader ist veraltet. Da einige Schädlinge die Schwachstellen in veralteten Versionen nutzen, werden wir sie aktualisieren.
Schritt 5: Mozilla Firefox update Dein Firefox-Browser ist veraltet. Gehe wie folgt vor, um ihn zu aktualisieren:
Schritt 6: Adobe Shockwave Player update Dein Shockwave-Player ist veraltet. Um den Shockwave Player zu aktualisieren, gehe bitte wie folgt vor:
Schritt 7: Mozilla Thunderbird update Dein Thunderbird-Mailclient ist veraltet. Gehe wie folgt vor, um ihn zu aktualisieren:
Schritt 8: Neues OTL-Log
__________________ Kein Asylrecht für Trojaner!  Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
19.10.2012, 12:40
| #17 |
 | Redirect auf Google, GMER hat Rootkit-Aktivität festgestelltCode:
ATTFilter All processes killed
========== FILES ==========
C:\Dokumente und Einstellungen\User\Eigene Dateien\Downloads\LabView_8.exe moved successfully.
C:\Programme\SlySoft\AnyDVD\AnyDVD_.exe moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Sirius
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 4797999 bytes
->FireFox cache emptied: 96133329 bytes
->Flash cache emptied: 996 bytes
User: User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 13353285 bytes
->Java cache emptied: 20827540 bytes
->FireFox cache emptied: 129531703 bytes
->Flash cache emptied: 1474378 bytes
%systemdrive% .tmp files removed: 307254 bytes
%systemroot% .tmp files removed: 39138 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3447087 bytes
RecycleBin emptied: 5349390 bytes
Total Files Cleaned = 263.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 10192012_112019
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Code:
ATTFilter OTL logfile created on: 19.10.2012 12:40:15 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\User\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 894.16 Mb Total Physical Memory | 225.96 Mb Available Physical Memory | 25.27% Memory free 2.11 Gb Paging File | 1.48 Gb Available in Paging File | 70.12% Paging File free Paging file location(s): C:\pagefile.sys 1344 2688 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 74.53 Gb Total Space | 3.52 Gb Free Space | 4.72% Space Free | Partition Type: NTFS Drive E: | 33.25 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: KAROOSU-II | User Name: User | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\User\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation) PRC - C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) PRC - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) PRC - C:\Programme\Rainlendar2\Rainlendar2.exe () PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Mobile Partner\Mobile Partner.exe () PRC - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mobile Partner\OnlineUpdate\ouc.exe () PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DatacardService\HWDeviceService.exe () PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.) PRC - C:\Programme\Cisco Systems\SSL VPN Client\Agent.exe (Cisco Systems, Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\Programme\National Instruments\Shared\Tagger\tagsrv.exe (National Instruments, Inc.) PRC - C:\Programme\National Instruments\Shared\Security\nidmsrv.exe (National Instruments, Inc.) PRC - C:\WINDOWS\system32\lktsrv.exe (National Instruments, Inc.) PRC - C:\WINDOWS\system32\lkads.exe (National Instruments, Inc.) PRC - C:\WINDOWS\system32\nisvcloc.exe (National Instruments Corp.) PRC - C:\Programme\National Instruments\NI-DAQ\HWConfig\nidevmon.exe (National Instruments Corporation) PRC - C:\Programme\National Instruments\MAX\nimxs.exe (National Instruments Corporation) PRC - C:\WINDOWS\system32\nipalsm.exe (National Instruments Corporation) PRC - C:\WINDOWS\system32\lkcitdl.exe (National Instruments, Inc.) PRC - C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.) PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) PRC - C:\WINDOWS\system32\RTProxy.exe (National Instruments) PRC - C:\Launch Manager\HotkeyApp.exe (Wistron) PRC - C:\Launch Manager\WButton.exe () PRC - C:\Launch Manager\LaunchAp.exe () PRC - C:\Launch Manager\OSD.exe (Wistron) PRC - C:\Launch Manager\OSDCtrl.exe () PRC - C:\WINDOWS\system32\HPZipm12.exe (HP) PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Programme\Mozilla Thunderbird\nsldappr32v60.dll () MOD - C:\Programme\Mozilla Thunderbird\nsldap32v60.dll () MOD - C:\Programme\Mozilla Thunderbird\mozjs.dll () MOD - C:\Programme\Rainlendar2\plugins\iCalendarPlugin.dll () MOD - C:\Programme\Rainlendar2\Rainlendar2.exe () MOD - C:\Programme\Mobile Partner\QtGui4.dll () MOD - C:\Programme\Mobile Partner\QtNetwork4.dll () MOD - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mobile Partner\OnlineUpdate\QtNetwork4.dll () MOD - C:\Programme\Mobile Partner\SMSUIPlugin.dll () MOD - C:\Programme\Mobile Partner\SmsAppPlugin.dll () MOD - C:\Programme\Mobile Partner\plugins\imageformats\qtiff4.dll () MOD - C:\Programme\Mobile Partner\StatusBarMgrPlugin.dll () MOD - C:\Programme\Mobile Partner\sdk.dll () MOD - C:\Programme\Mobile Partner\ToolBarMgrPlugin.dll () MOD - C:\Programme\Mobile Partner\SmsSrvPlugin.dll () MOD - C:\Programme\Mobile Partner\XFramePlugin.dll () MOD - C:\Programme\Mobile Partner\XCodec.dll () MOD - C:\Programme\Mobile Partner\STKSrvPlugin.dll () MOD - C:\Programme\Mobile Partner\USSDSrvPlugin.dll () MOD - C:\Programme\Mobile Partner\Trace.dll () MOD - C:\Programme\Mobile Partner\Win7Support.dll () MOD - C:\Programme\Mobile Partner\QtCore4.dll () MOD - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mobile Partner\OnlineUpdate\QtCore4.dll () MOD - C:\Programme\Mobile Partner\NDISAPI.dll () MOD - C:\Programme\Mobile Partner\PluginContainer.dll () MOD - C:\Programme\Mobile Partner\NetInfoUIExPlugin.dll () MOD - C:\Programme\Mobile Partner\DialupUIPlugin.dll () MOD - C:\Programme\Mobile Partner\Proxy.dll () MOD - C:\Programme\Mobile Partner\plugins\imageformats\qmng4.dll () MOD - C:\Programme\Mobile Partner\NetConnectPlugin.dll () MOD - C:\Programme\Mobile Partner\NetInfoSrvPlugin.dll () MOD - C:\Programme\Mobile Partner\MenuMgrPlugin.dll () MOD - C:\Programme\Mobile Partner\LiveUpdateInterface.dll () MOD - C:\Programme\Mobile Partner\NetSrvPlugin.dll () MOD - C:\Programme\Mobile Partner\DialUpPlugin.dll () MOD - C:\Programme\Mobile Partner\plugins\imageformats\qjpeg4.dll () MOD - C:\Programme\Mobile Partner\NDISPlugin.dll () MOD - C:\Programme\Mobile Partner\NetConnectSrvPlugin.dll () MOD - C:\Programme\Mobile Partner\OSDialup.dll () MOD - C:\Programme\Mobile Partner\OSNDIS.dll () MOD - C:\Programme\Mobile Partner\LayoutPlugin.dll () MOD - C:\Programme\Mobile Partner\OSAdapt.dll () MOD - C:\Programme\Mobile Partner\NotifyServicePlugin.dll () MOD - C:\Programme\Mobile Partner\plugins\imageformats\qgif4.dll () MOD - C:\Programme\Mobile Partner\plugins\imageformats\qico4.dll () MOD - C:\Programme\Mobile Partner\OSPowerMgr.dll () MOD - C:\Programme\Mobile Partner\OSCall.dll () MOD - C:\Programme\Mobile Partner\libgcc_s_dw2-1.dll () MOD - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mobile Partner\OnlineUpdate\libgcc_s_dw2-1.dll () MOD - C:\Programme\Mobile Partner\mingwm10.dll () MOD - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mobile Partner\OnlineUpdate\mingwm10.dll () MOD - C:\Programme\Mobile Partner\DeviceMgrUIPlugin.dll () MOD - C:\Programme\Mobile Partner\core.dll () MOD - C:\Programme\Mobile Partner\DeviceAppPlugin.dll () MOD - C:\Programme\Mobile Partner\DeviceSrvPlugin.dll () MOD - C:\Programme\Mobile Partner\Common.dll () MOD - C:\Programme\Mobile Partner\DataServicePlugin.dll () MOD - C:\Programme\Mobile Partner\AddrBookPlugin.dll () MOD - C:\Programme\Mobile Partner\AddrBookUIPlugin.dll () MOD - C:\Programme\Mobile Partner\CallAppPlugin.dll () MOD - C:\Programme\Mobile Partner\CallLogSrvPlugin.dll () MOD - C:\Programme\Mobile Partner\Mobile Partner.exe () MOD - C:\Programme\Mobile Partner\AddrBookSrvPlugin.dll () MOD - C:\Programme\Mobile Partner\AtCodec.dll () MOD - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mobile Partner\OnlineUpdate\ouc.exe () MOD - C:\Programme\Mobile Partner\CallSrvPlugin.dll () MOD - C:\Programme\Mobile Partner\ATR2SMgr.dll () MOD - C:\WINDOWS\system32\spd__l.dll () MOD - C:\Programme\Rainlendar2\wxmsw28u_xrc_vc_rny.dll () MOD - C:\Programme\Rainlendar2\wxbase28u_xml_vc_rny.dll () MOD - C:\Programme\Rainlendar2\wxmsw28u_html_vc_rny.dll () MOD - C:\Programme\Rainlendar2\wxmsw28u_adv_vc_rny.dll () MOD - C:\Programme\Rainlendar2\wxmsw28u_core_vc_rny.dll () MOD - C:\Programme\Rainlendar2\wxbase28u_vc_rny.dll () MOD - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DatacardService\HWDeviceService.exe () MOD - C:\Programme\Avira\AntiVir Desktop\sqlite3.dll () MOD - C:\Programme\Rainlendar2\lfs.dll () MOD - C:\Programme\Rainlendar2\lua51.dll () MOD - C:\WINDOWS\system32\cpwmon2k.dll () MOD - C:\WINDOWS\system32\niidaqlv.dll () MOD - C:\Launch Manager\WButton.exe () MOD - C:\Launch Manager\LaunchAp.exe () MOD - C:\WINDOWS\system32\redmonnt.dll () MOD - C:\Launch Manager\OSDCtrl.exe () MOD - C:\Programme\National Instruments\MAX\Experts\niIMAQe.mxe () ========== Services (SafeList) ========== SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (Skype C2C Service) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (Samsung UPD Service2) -- C:\WINDOWS\system32\SUPDSvc2.exe (Samsung Electronics) SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (Mobile Partner. RunOuc) -- C:\Programme\Mobile Partner\UpdateDog\ouc.exe () SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (HWDeviceService.exe) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DatacardService\HWDeviceService.exe () SRV - (getPlusHelper) -- C:\Programme\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.) SRV - (vpnagent) -- C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.) SRV - (STCAgent) -- C:\Programme\Cisco Systems\SSL VPN Client\Agent.exe (Cisco Systems, Inc.) SRV - (SPF4) -- C:\Programme\Sunbelt Software\Personal Firewall\kpf4ss.exe (Sunbelt Software) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (Adobe LM Service) -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems) SRV - (NITaggerService) -- C:\Programme\National Instruments\Shared\Tagger\tagsrv.exe (National Instruments, Inc.) SRV - (NIDomainService) -- C:\Programme\National Instruments\Shared\Security\nidmsrv.exe (National Instruments, Inc.) SRV - (lkTimeSync) -- C:\WINDOWS\system32\lktsrv.exe (National Instruments, Inc.) SRV - (lkClassAds) -- C:\WINDOWS\system32\lkads.exe (National Instruments, Inc.) SRV - (NILM License Manager) -- C:\Programme\National Instruments\Shared\License Manager\Bin\lmgrd.exe (Macrovision Corporation) SRV - (niSvcLoc) -- C:\WINDOWS\system32\nisvcloc.exe (National Instruments Corp.) SRV - (mxssvr) -- C:\Programme\National Instruments\MAX\nimxs.exe (National Instruments Corporation) SRV - (nipxirmu) -- C:\WINDOWS\system32\nipalsm.exe (National Instruments Corporation) SRV - (nimcrpcsu) -- C:\WINDOWS\system32\nipalsm.exe (National Instruments Corporation) SRV - (nimcdldu) -- C:\WINDOWS\system32\nipalsm.exe (National Instruments Corporation) SRV - (nidevldu) -- C:\WINDOWS\system32\nipalsm.exe (National Instruments Corporation) SRV - (LkCitadelServer) -- C:\WINDOWS\system32\lkcitdl.exe (National Instruments, Inc.) SRV - (niRTProxy) -- C:\WINDOWS\System32\RTProxy.exe (National Instruments) SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP) SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) SRV - (ATMsrvc) -- C:\WINDOWS\system32\ATMsrvc.exe (Adobe Systems Incorporated) ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (Wbutton) -- C:\WINDOWS\system32\drivers\Wbutton.sys File not found DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys File not found DRV - (siusbmod) -- system32\DRIVERS\siusbmod.sys File not found DRV - (PLCMPR5) -- C:\WINDOWS\system32\PLCMPR5.SYS File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (mailKmd) -- File not found DRV - (lbrtfdc) -- File not found DRV - (i2omgmt) -- File not found DRV - (Changer) -- File not found DRV - (catchme) -- C:\ComboFix\catchme.sys File not found DRV - (HOSTNT) -- C:\WINDOWS\System32\drivers\hostnt.sys (SafeNet, Inc.) DRV - (hwinterface) -- C:\WINDOWS\system32\drivers\hwinterface.sys (Logix4u) DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (ew_hwusbdev) -- C:\WINDOWS\system32\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.) DRV - (huawei_enumerator) -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.) DRV - (ewusbnet) -- C:\WINDOWS\system32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.) DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation) DRV - (vpnva) -- C:\WINDOWS\system32\drivers\vpnva.sys (Cisco Systems, Inc.) DRV - (WinUSB) -- C:\WINDOWS\system32\drivers\winusb.sys (Microsoft Corporation) DRV - (PID_0928) -- C:\WINDOWS\system32\drivers\LV561AV.SYS (Logitech Inc.) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (CSVirtA) -- C:\WINDOWS\system32\drivers\CSVirtA.sys (Cisco Systems, Inc.) DRV - (khips) -- C:\WINDOWS\system32\drivers\khips.sys (Sunbelt Software) DRV - (fwdrv) -- C:\WINDOWS\system32\drivers\fwdrv.sys (Sunbelt Software) DRV - (CMIUSB) -- C:\WINDOWS\system32\drivers\MC1001200130012001B\cmiusb.sys (Motic China Gruop Co., Ltd.) DRV - (Kithara-Ksts7) -- C:\WINDOWS\system32\Ksts7.sys (Kithara Software GmbH) DRV - (cvintdrv) -- C:\WINDOWS\System32\drivers\cvintdrv.sys () DRV - (nicanpk) -- C:\WINDOWS\system32\drivers\NICANpk.dll (National Instruments Corporation) DRV - (nidmmk) -- C:\WINDOWS\system32\drivers\nidmmk.dll (National Instruments Corporation) DRV - (Nidaq32k) -- C:\WINDOWS\System32\drivers\nidaq32k.sys (National Instruments Corporation) DRV - (nistck) -- C:\WINDOWS\system32\drivers\niSTCk.dll (National Instruments Corporation) DRV - (nimdsk) -- C:\WINDOWS\system32\drivers\nimdsk.dll (National Instruments Corporation) DRV - (nibffrk) -- C:\WINDOWS\system32\drivers\nibffrk.dll (National Instruments Corporation) DRV - (niarbk) -- C:\WINDOWS\system32\drivers\niarbk.dll (National Instruments Corporation) DRV - (nidmxfk) -- C:\WINDOWS\system32\drivers\nidmxfk.dll (National Instruments Corporation) DRV - (NiViFWK) -- C:\WINDOWS\system32\drivers\NiViFWK.sys (National Instruments Corporation) DRV - (NiViPxiK) -- C:\WINDOWS\system32\drivers\NiViPxiK.sys (National Instruments Corporation) DRV - (NiViPciK) -- C:\WINDOWS\system32\drivers\NiViPciK.sys (National Instruments Corporation) DRV - (nistcrk) -- C:\WINDOWS\system32\drivers\nistcrk.dll (National Instruments Corporation) DRV - (niswdk) -- C:\WINDOWS\system32\drivers\niswdk.dll (National Instruments Corporation) DRV - (nitiork) -- C:\WINDOWS\system32\drivers\nitiork.dll (National Instruments Corporation) DRV - (nixsrk) -- C:\WINDOWS\system32\drivers\nixsrk.dll (National Instruments Corporation) DRV - (niwfrk) -- C:\WINDOWS\system32\drivers\niwfrk.dll (National Instruments Corporation) DRV - (nissrk) -- C:\WINDOWS\system32\drivers\nissrk.dll (National Instruments Corporation) DRV - (niesrk) -- C:\WINDOWS\system32\drivers\niesrk.dll (National Instruments Corporation) DRV - (niemrk) -- C:\WINDOWS\system32\drivers\niemrk.dll (National Instruments Corporation) DRV - (usb6xxxk) -- C:\WINDOWS\system32\drivers\usb6xxxk.dll (National Instruments Corporation) DRV - (nisdigk) -- C:\WINDOWS\system32\drivers\nisdigk.dll (National Instruments Corporation) DRV - (niorbk) -- C:\WINDOWS\system32\drivers\niorbk.dll (National Instruments Corporation) DRV - (nimxpk) -- C:\WINDOWS\system32\drivers\nimxpk.dll (National Instruments Corporation) DRV - (nimstsk) -- C:\WINDOWS\system32\drivers\nimstsk.dll (National Instruments Corporation) DRV - (nimsdrk) -- C:\WINDOWS\system32\drivers\nimsdrk.dll (National Instruments Corporation) DRV - (nidsark) -- C:\WINDOWS\system32\drivers\nidsark.dll (National Instruments Corporation) DRV - (nispdk) -- C:\WINDOWS\system32\drivers\nispdk.dll () DRV - (niscdk) -- C:\WINDOWS\system32\drivers\niscdk.dll (National Instruments Corporation) DRV - (nistc2k) -- C:\WINDOWS\system32\drivers\nistc2k.dll (National Instruments Corporation) DRV - (nicdrk) -- C:\WINDOWS\system32\drivers\nicdrk.dll (National Instruments Corporation) DRV - (nisftk) -- C:\WINDOWS\system32\drivers\nisftk.dll (National Instruments Corporation) DRV - (nifslk) -- C:\WINDOWS\system32\drivers\nifslk.dll (National Instruments Corporation) DRV - (nimsrlk) -- C:\WINDOWS\system32\drivers\nimsrlk.dll (National Instruments Corporation) DRV - (nimslk) -- C:\WINDOWS\system32\drivers\nimslk.dll (National Instruments Corporation) DRV - (niwdk) -- C:\WINDOWS\System32\drivers\niwdk.sys (National Instruments) DRV - (nimru2k) -- C:\WINDOWS\system32\drivers\nimru2k.dll (National Instruments Corporation) DRV - (nidimk) -- C:\WINDOWS\system32\drivers\nidimk.dll (National Instruments Corporation) DRV - (nimxdfk) -- C:\WINDOWS\system32\drivers\nimxdfk.dll (National Instruments Corporation) DRV - (nimdbgk) -- C:\WINDOWS\system32\drivers\nimdbgk.dll (National Instruments Corporation) DRV - (NIPALK) -- C:\WINDOWS\system32\drivers\nipalk.sys (National Instruments Corporation) DRV - (niimaqk) -- C:\WINDOWS\system32\drivers\niimaqk.dll (National Instruments Corporation) DRV - (nipxirmk) -- C:\WINDOWS\system32\drivers\nipxirmk.dll (National Instruments Corporation) DRV - (nidwgk) -- C:\WINDOWS\system32\drivers\nidwgk.dll (National Instruments Corporation) DRV - (nihsdrk) -- C:\WINDOWS\system32\drivers\nihsdrk.dll (National Instruments Corporation) DRV - (nisldk) -- C:\WINDOWS\system32\drivers\niSLDk.dll (National Instruments Corporation) DRV - (nisrcdk) -- C:\WINDOWS\system32\drivers\nisrcdk.dll (National Instruments Corporation) DRV - (nigplk) -- C:\WINDOWS\system32\drivers\nigplk.dll (National Instruments Corporation) DRV - (nimcdfxk) -- C:\WINDOWS\system32\drivers\nimcdfxk.dll (National Instruments Corporation) DRV - (nimcdlbk) -- C:\WINDOWS\system32\drivers\nimcdlbk.dll (National Instruments Corporation) DRV - (PCIIMAQ) -- C:\WINDOWS\System32\drivers\pciimaq.sys (National Instruments Corporation) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.) DRV - (HSFHWATI) -- C:\WINDOWS\system32\drivers\HSFHWATI.sys (Conexant Systems, Inc.) DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys (Realtek Semiconductor Corporation ) DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices) DRV - (tifm21) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments) DRV - (ALCXWDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.) DRV - (lvalarmk) -- C:\WINDOWS\system32\drivers\lvalarmk.dll (National Instruments) DRV - (vserial) -- C:\WINDOWS\system32\drivers\vserial.sys () DRV - (vsbus) -- C:\WINDOWS\system32\drivers\vsb.sys () DRV - (gpib420) -- C:\WINDOWS\system32\drivers\gpib420.sys (National Instruments Corporation) DRV - (GpibPrtK) -- C:\WINDOWS\system32\drivers\GpibPrtK.sys (National Instruments Corporation) DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.) DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.) DRV - (AR5211) -- C:\WINDOWS\system32\drivers\ar5211.sys (Atheros Communications, Inc.) DRV - (AVMUNET) -- C:\WINDOWS\system32\drivers\avmunet.sys (AVM GmbH) DRV - (actser) -- C:\WINDOWS\system32\drivers\actser.sys (Siemens AG) DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation) DRV - (niembrtk) -- C:\WINDOWS\System32\drivers\niembrtk.sys (National Instruments) DRV - (PLCNDIS5) -- C:\WINDOWS\system32\plcndis5.sys (Intellon, Inc.) DRV - (FTSER2K) -- C:\WINDOWS\system32\drivers\ftser2k.sys (FTDI Ltd.) DRV - (FTLUND) -- C:\WINDOWS\system32\drivers\ftlund.sys (FTDI Ltd.) DRV - (FTDIBUS) -- C:\WINDOWS\system32\drivers\ftdibus.sys (FTDI Ltd.) DRV - (Ser2pl) -- C:\WINDOWS\system32\drivers\ser2pl.sys (Prolific Technology Inc.) DRV - (Hotkey) -- C:\WINDOWS\System32\drivers\HOTKEY.sys () DRV - (DFSTR2K) -- C:\WINDOWS\system32\drivers\DfStor2K.sys (DATAFAB) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.yahoo.com/fsc/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = eumex.ip ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Leo Eng-Ger" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..extensions.enabledAddons: getmail@webdesigns.ms11.net:3.4.10 FF - prefs.js..extensions.enabledItems: 2020Player@2020Technologies.com:4.5.2.0 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63 FF - prefs.js..extensions.enabledItems: {34fba747-cbc2-4929-b00d-0e523ee94a6f}:1.7.3 FF - prefs.js..extensions.enabledItems: getmail@webdesigns.ms11.net:3.2.4 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: launchy@gemal.dk:4.2.1 FF - prefs.js..extensions.enabledItems: {fb4eaeed-d1c9-45d1-a2bb-f2876142daf0}:0.600809120100 FF - prefs.js..extensions.enabledItems: {9815d32d-08c2-42ca-a8c6-43e501a4512f}:0.3.3 FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7 FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@cambridgesoft.com/Chem3D,version=12.0: C:\Programme\CambridgeSoft\ChemOffice2010\Chem3D\npChem3DPlugin.dll (CambridgeSoft Corp.) FF - HKLM\Software\MozillaPlugins\@cambridgesoft.com/ChemDraw,version=12.0: C:\Programme\CambridgeSoft\ChemOffice2010\ChemDraw\npcdp32.dll (CambridgeSoft Corp.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre7\bin\new_plugin\npjp2.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2321: C:\Programme\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2379: C:\Programme\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1483: C:\Programme\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.10.19 12:30:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.10.19 12:21:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2012.10.19 12:35:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2012.10.19 12:21:57 | 000,000,000 | ---D | M] [2008.12.14 12:10:28 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Extensions [2012.10.15 17:42:32 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\w7lhpv45.default\extensions [2009.04.15 10:00:17 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Sunbird\Profiles\1xggo7yo.default\extensions [2012.07.07 00:34:04 | 000,009,612 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\w7lhpv45.default\extensions\getmail@webdesigns.ms11.net.xpi [2012.07.04 14:13:43 | 000,011,510 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\w7lhpv45.default\extensions\youtube2mp3@mondayx.de.xpi [2012.09.06 12:32:31 | 000,199,396 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\w7lhpv45.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi [2012.07.24 22:52:29 | 000,741,958 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\w7lhpv45.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011.07.24 14:48:09 | 000,002,055 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\w7lhpv45.default\searchplugins\daemon-search.xml [2008.12.04 18:07:37 | 000,001,355 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\w7lhpv45.default\searchplugins\google-scholar.xml [2008.01.05 01:14:05 | 000,001,907 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\w7lhpv45.default\searchplugins\leo-eng-ger.xml [2007.09.14 21:50:54 | 000,001,364 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\w7lhpv45.default\searchplugins\organische-chemiech.xml [2007.04.24 21:15:44 | 000,001,067 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\w7lhpv45.default\searchplugins\wikipedia-deutsch.xml [2009.07.19 22:13:29 | 000,004,140 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\w7lhpv45.default\searchplugins\youtube.xml [2012.02.10 16:31:13 | 000,002,342 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\w7lhpv45.default\searchplugins\zvab-suche.xml [2012.10.19 12:30:05 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.09.06 12:32:09 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011.10.24 11:23:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2012.10.11 03:05:24 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2005.10.12 15:04:02 | 000,020,480 | ---- | M] (National Instruments) -- C:\Programme\mozilla firefox\plugins\NPLV80Win32.dll [2005.08.17 10:49:08 | 000,036,864 | ---- | M] () -- C:\Programme\mozilla firefox\plugins\npSfAppM.dll [2012.10.11 04:10:32 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.10.11 04:10:32 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.10.11 04:10:32 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.10.11 04:10:32 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.10.11 04:10:32 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.10.11 04:10:32 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.10.16 20:28:27 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (no name) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found. O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation) O4 - HKLM..\Run: [CanonMyPrinter] C:\Programme\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CtrlVol] C:\Launch Manager\CtrlVol.exe (Wistron) O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [HotkeyApp] C:\Launch Manager\HotkeyApp.exe (Wistron) O4 - HKLM..\Run: [LaunchAp] C:\Launch Manager\LaunchAp.exe () O4 - HKLM..\Run: [LMgrOSD] C:\Launch Manager\OSDCtrl.exe () O4 - HKLM..\Run: [LMgrVolOSD] C:\Launch Manager\OSD.exe (Wistron) O4 - HKLM..\Run: [niDevMon] C:\Programme\National Instruments\NI-DAQ\HWConfig\nidevmon.exe (National Instruments Corporation) O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [Wbutton] C:\Launch Manager\Wbutton.exe () O4 - HKCU..\Run: [Rainlendar2] C:\Programme\Rainlendar2\Rainlendar2.exe () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Acrobat - Schnellstart.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000002}\SC_Acrobat.exe () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Acrobat - Schnellstart.lnk.disabled () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk.disabled () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk.disabled () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 File not found O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O15 - HKCU\..Trusted Ranges: Range1 ([https] in Vertrauenswürdige Sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 193.189.244.206 193.189.244.225 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{02DBEBD0-397B-46F5-9975-71AE780BC312}: DhcpNameServer = 193.189.244.206 193.189.244.225 O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005.11.15 09:27:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2010.11.18 15:37:38 | 000,142,336 | R--- | M] () - E:\AutoRun.exe -- [ CDFS ] O32 - AutoRun File - [2011.01.11 20:22:00 | 000,000,047 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.10.19 12:10:42 | 018,582,976 | ---- | C] (Mozilla) -- C:\Dokumente und Einstellungen\User\Desktop\Thunderbird Setup 16.0.1.exe [2012.10.19 12:10:03 | 006,722,216 | ---- | C] (Adobe Systems Inc.) -- C:\Dokumente und Einstellungen\User\Desktop\Shockwave_Installer_Slim.exe [2012.10.19 12:06:39 | 018,087,240 | ---- | C] (Mozilla) -- C:\Dokumente und Einstellungen\User\Desktop\Firefox Setup 16.0.1.exe [2012.10.19 11:51:04 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\User\Recent [2012.10.19 11:50:11 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe [2012.10.19 11:47:23 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe [2012.10.19 11:47:23 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe [2012.10.19 11:47:23 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll [2012.10.19 11:44:35 | 000,895,464 | ---- | C] (Oracle Corporation) -- C:\Dokumente und Einstellungen\User\Desktop\jxpiinstall.exe [2012.10.19 11:20:19 | 000,000,000 | ---D | C] -- C:\_OTL [2012.10.19 09:29:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch [2012.10.18 17:18:01 | 001,372,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll [2012.10.18 17:18:01 | 000,093,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6r.dll [2012.10.18 17:18:01 | 000,093,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll [2012.10.18 17:17:42 | 000,870,784 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3d1ag.dll [2012.10.18 17:17:42 | 000,377,984 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvaa.dll [2012.10.18 17:17:42 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll [2012.10.18 17:17:42 | 000,009,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativdaxx.ax [2012.10.18 17:17:41 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll [2012.10.18 17:17:41 | 000,032,768 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativtmxx.dll [2012.10.18 17:17:41 | 000,023,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativmvxx.ax [2012.10.18 17:17:41 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll [2012.10.18 17:17:40 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll [2012.10.18 17:17:40 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll [2012.10.18 17:17:39 | 000,651,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll [2012.10.18 17:17:39 | 000,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll [2012.10.18 17:17:39 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll [2012.10.18 17:17:39 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll [2012.10.18 17:17:39 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll [2012.10.18 17:17:38 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll [2012.10.18 17:17:38 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll [2012.10.18 17:17:38 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll [2012.10.18 17:17:37 | 000,032,285 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\hsfcisp2.dll [2012.10.18 17:17:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll [2012.10.18 17:17:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll [2012.10.18 17:17:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll [2012.10.18 17:17:34 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll [2012.10.18 17:17:34 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll [2012.10.18 17:17:33 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll [2012.10.18 17:17:33 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll [2012.10.18 17:17:33 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll [2012.10.18 17:17:33 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe [2012.10.18 17:17:32 | 001,737,856 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\mtxparhd.dll [2012.10.18 17:17:32 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll [2012.10.18 17:17:32 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe [2012.10.18 17:17:32 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll [2012.10.18 17:17:32 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll [2012.10.18 17:17:32 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll [2012.10.18 17:17:31 | 004,274,816 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nv4_disp.dll [2012.10.18 17:17:29 | 000,397,056 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\s3gnb.dll [2012.10.18 17:17:29 | 000,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll [2012.10.18 17:17:29 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll [2012.10.18 17:17:29 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll [2012.10.18 17:17:28 | 000,286,792 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slextspk.dll [2012.10.18 17:17:28 | 000,188,508 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slgen.dll [2012.10.18 17:17:28 | 000,073,832 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slcoinst.dll [2012.10.18 17:17:28 | 000,073,796 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slserv.exe [2012.10.18 17:17:28 | 000,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slrundll.exe [2012.10.18 17:17:28 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe [2012.10.18 17:17:27 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll [2012.10.18 17:17:26 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\verclsid.exe [2012.10.18 17:17:25 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll [2012.10.18 17:17:22 | 000,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\slrundll.exe [2012.10.18 17:17:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de-de [2012.10.18 17:17:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas [2012.10.18 17:17:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de [2012.10.18 17:17:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits [2012.10.18 17:05:19 | 000,004,255 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv01nt5.dll [2012.10.18 17:05:19 | 000,003,967 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv02nt5.dll [2012.10.18 17:05:19 | 000,003,647 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv07nt5.dll [2012.10.18 17:05:19 | 000,003,615 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv05nt5.dll [2012.10.18 17:05:19 | 000,003,135 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv08nt5.dll [2012.10.18 17:05:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic [2012.10.18 17:05:18 | 000,056,623 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1btxx.sys [2012.10.18 17:05:18 | 000,003,775 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv11nt5.dll [2012.10.18 17:05:18 | 000,003,711 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv09nt5.dll [2012.10.18 17:05:17 | 000,063,663 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1rvxx.sys [2012.10.18 17:05:17 | 000,036,463 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1tuxx.sys [2012.10.18 17:05:17 | 000,034,735 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xsxx.sys [2012.10.18 17:05:17 | 000,030,671 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1raxx.sys [2012.10.18 17:05:17 | 000,029,455 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xbxx.sys [2012.10.18 17:05:17 | 000,026,367 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1snxx.sys [2012.10.18 17:05:17 | 000,021,343 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1ttxx.sys [2012.10.18 17:05:17 | 000,012,047 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1pdxx.sys [2012.10.18 17:05:17 | 000,011,615 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1mdxx.sys [2012.10.18 17:05:16 | 000,327,168 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtaa.sys [2012.10.18 17:05:16 | 000,104,960 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinrvxx.sys [2012.10.18 17:05:16 | 000,073,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atintuxx.sys [2012.10.18 17:05:16 | 000,057,856 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinbtxx.sys [2012.10.18 17:05:16 | 000,052,224 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinraxx.sys [2012.10.18 17:05:16 | 000,031,744 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxbxx.sys [2012.10.18 17:05:16 | 000,028,672 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinsnxx.sys [2012.10.18 17:05:16 | 000,014,336 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinpdxx.sys [2012.10.18 17:05:16 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinttxx.sys [2012.10.18 17:05:16 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinmdxx.sys [2012.10.18 17:05:15 | 000,063,488 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxsxx.sys [2012.10.18 17:05:15 | 000,025,471 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv04nt5.dll [2012.10.18 17:05:15 | 000,021,183 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv01nt5.dll [2012.10.18 17:05:15 | 000,017,279 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv10nt5.dll [2012.10.18 17:05:15 | 000,014,143 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv06nt5.dll [2012.10.18 17:05:15 | 000,011,359 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv02nt5.dll [2012.10.18 17:05:14 | 000,036,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthprint.sys [2012.10.18 17:05:13 | 000,015,423 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\ch7xxnt5.dll [2012.10.18 17:05:10 | 000,126,686 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys [2012.10.18 17:05:09 | 001,309,184 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlstrm.sys [2012.10.18 17:05:09 | 000,452,736 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\drivers\mtxparhm.sys [2012.10.18 17:05:09 | 000,180,360 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys [2012.10.18 17:05:09 | 000,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mutohpen.sys [2012.10.18 17:05:08 | 000,166,912 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\drivers\s3gnbm.sys [2012.10.18 17:05:08 | 000,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys [2012.10.18 17:05:08 | 000,013,776 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\recagent.sys [2012.10.18 17:05:07 | 000,404,990 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slntamr.sys [2012.10.18 17:05:07 | 000,129,535 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnt7554.sys [2012.10.18 17:05:07 | 000,003,901 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\siint5.dll [2012.10.18 17:05:06 | 000,095,424 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnthal.sys [2012.10.18 17:05:06 | 000,013,240 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slwdmsup.sys [2012.10.18 17:05:06 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys [2012.10.18 17:05:05 | 000,011,325 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\vchnt5.dll [2012.10.18 17:05:04 | 000,025,471 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\watv10nt.sys [2012.10.18 17:05:04 | 000,022,271 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\watv06nt.sys [2012.10.18 17:05:04 | 000,011,935 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv11nt.sys [2012.10.18 17:05:04 | 000,011,871 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv09nt.sys [2012.10.18 17:05:04 | 000,011,807 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv07nt.sys [2012.10.18 17:05:04 | 000,011,295 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv08nt.sys [2012.10.18 16:50:40 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$ [2012.10.18 16:50:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\EHome [2012.10.18 16:35:30 | 000,000,000 | ---D | C] -- C:\ab5920b26d5b8b86ed1eaff4 [2012.10.18 12:38:12 | 328,324,136 | ---- | C] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\User\Desktop\WindowsXP-KB936929-SP3-x86-DEU.exe [2012.10.18 00:37:46 | 000,000,000 | ---D | C] -- C:\Programme\ESET [2012.10.18 00:37:18 | 002,322,184 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\User\Desktop\esetsmartinstaller_enu.exe [2012.10.17 15:28:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2012.10.17 15:17:23 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2012.10.16 19:43:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt [2012.10.16 19:42:25 | 000,072,624 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\khips.sys [2012.10.16 19:25:50 | 000,000,000 | RHSD | C] -- C:\cmdcons [2012.10.16 18:23:13 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2012.10.16 18:23:13 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2012.10.16 18:23:13 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2012.10.16 18:23:13 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2012.10.16 15:43:06 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.10.16 15:35:35 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2012.10.16 15:31:31 | 004,981,258 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\User\Desktop\ComboFix.exe [2012.10.16 13:25:27 | 002,213,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\User\Desktop\tdsskiller.exe [2012.10.16 13:23:22 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Dokumente und Einstellungen\User\Desktop\aswMBR.exe [2012.10.15 19:49:33 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\User\Desktop\OTL.exe [2012.10.15 19:02:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Adobe [2012.10.15 18:33:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Malwarebytes [2012.10.15 18:33:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2012.10.15 18:33:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2012.10.15 18:33:10 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.10.15 18:33:10 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2012.10.14 21:26:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Eigene Dateien\Arbeitsvertrag [2012.10.14 21:16:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Eigene Dateien\Schwindelfrei [2012.10.11 15:30:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Eigene Dateien\LabVIEW Data [2012.10.11 15:19:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\nidaq [2012.10.11 15:17:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\nimcorb [2012.10.11 15:15:58 | 000,000,000 | ---D | C] -- C:\Programme\cameralink [2012.10.11 14:50:57 | 000,000,000 | ---D | C] -- C:\VXIPNP [2012.10.11 14:47:47 | 000,000,000 | ---D | C] -- C:\Programme\IVI [2012.10.11 14:26:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\National Instruments [2012.10.11 14:25:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\cvirte [2012.10.11 14:25:36 | 000,000,000 | ---D | C] -- C:\Programme\National Instruments [2012.09.28 14:52:17 | 000,000,000 | ---D | C] -- C:\My Data [2012.09.28 14:52:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\SMaRT [2012.09.28 14:52:01 | 000,000,000 | ---D | C] -- C:\Programme\SMaRT [2012.09.26 16:54:40 | 000,000,000 | ---D | C] -- C:\Programme\1ClickDownload [2012.09.25 01:42:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Office Live Add-in [2012.09.25 01:42:12 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft [2012.09.24 22:54:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe [2012.09.24 22:53:47 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java ========== Files - Modified Within 30 Days ========== [2012.10.19 13:10:15 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.10.19 12:30:15 | 000,000,702 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk [2012.10.19 12:21:58 | 000,001,720 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader XI.lnk [2012.10.19 12:16:00 | 000,001,206 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2638560129-685934672-2847317654-1007UA.job [2012.10.19 12:12:35 | 018,582,976 | ---- | M] (Mozilla) -- C:\Dokumente und Einstellungen\User\Desktop\Thunderbird Setup 16.0.1.exe [2012.10.19 12:10:49 | 006,722,216 | ---- | M] (Adobe Systems Inc.) -- C:\Dokumente und Einstellungen\User\Desktop\Shockwave_Installer_Slim.exe [2012.10.19 12:08:40 | 018,087,240 | ---- | M] (Mozilla) -- C:\Dokumente und Einstellungen\User\Desktop\Firefox Setup 16.0.1.exe [2012.10.19 11:56:11 | 000,002,319 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Acrobat - Schnellstart.lnk [2012.10.19 11:52:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.10.19 11:52:21 | 937,660,416 | -HS- | M] () -- C:\hiberfil.sys [2012.10.19 11:44:38 | 000,895,464 | ---- | M] (Oracle Corporation) -- C:\Dokumente und Einstellungen\User\Desktop\jxpiinstall.exe [2012.10.19 11:43:09 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2012.10.19 11:43:08 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2012.10.19 11:20:30 | 000,499,508 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.10.19 11:20:30 | 000,480,244 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.10.19 11:20:30 | 000,082,076 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.10.19 11:20:29 | 000,095,928 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.10.19 11:16:01 | 000,001,154 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2638560129-685934672-2847317654-1007Core.job [2012.10.19 09:31:29 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx [2012.10.19 09:29:09 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.10.19 09:28:07 | 000,402,328 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.10.18 20:53:27 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012.10.18 17:03:47 | 000,251,712 | RHS- | M] () -- C:\ntldr [2012.10.18 12:58:03 | 328,324,136 | ---- | M] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\User\Desktop\WindowsXP-KB936929-SP3-x86-DEU.exe [2012.10.18 00:37:32 | 002,322,184 | ---- | M] (ESET) -- C:\Dokumente und Einstellungen\User\Desktop\esetsmartinstaller_enu.exe [2012.10.17 17:26:03 | 000,212,674 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Desktop\umwandlungstemperaturen.opj [2012.10.17 15:24:54 | 000,000,218 | ---- | M] () -- C:\Dokumente und Einstellungen\User\.recently-used.xbel [2012.10.16 20:28:27 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2012.10.16 19:26:07 | 000,000,327 | RHS- | M] () -- C:\boot.ini [2012.10.16 15:32:01 | 004,981,258 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\User\Desktop\ComboFix.exe [2012.10.16 15:15:42 | 000,000,512 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Desktop\MBR.dat [2012.10.16 13:25:33 | 002,213,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\User\Desktop\tdsskiller.exe [2012.10.16 13:23:35 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Dokumente und Einstellungen\User\Desktop\aswMBR.exe [2012.10.16 01:45:00 | 001,204,761 | ---- | M] () -- C:\WINDOWS\System32\drivers\fwdrv.err [2012.10.15 19:55:05 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\User\defogger_reenable [2012.10.15 19:49:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\User\Desktop\OTL.exe [2012.10.14 14:40:01 | 000,000,182 | ---- | M] () -- C:\WINDOWS\hpbafd.ini [2012.10.11 16:52:48 | 000,000,000 | ---- | M] () -- C:\WINDOWS\imaqconf.ini [2012.10.11 15:18:57 | 000,120,406 | ---- | M] () -- C:\WINDOWS\System32\niorbmap [2012.10.11 15:00:23 | 000,000,795 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Measurement & Automation.lnk [2012.10.11 14:53:00 | 000,003,091 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2012.09.28 14:52:05 | 000,001,586 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SMaRT.lnk [2012.09.27 17:58:54 | 006,381,575 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Eigene Dateien\Setup Solartron+Chelsea WinDETA.pdf [2012.09.25 01:20:34 | 937,709,568 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP [2012.09.24 23:16:36 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll [2012.09.24 23:08:31 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe [2012.09.24 23:08:27 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe [2012.09.24 23:07:57 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe [2012.09.24 22:56:00 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl [2012.09.24 22:52:20 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll [2012.09.24 22:52:20 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll ========== Files Created - No Company Name ========== [2012.10.19 12:35:51 | 000,001,644 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Mozilla Thunderbird.lnk [2012.10.19 12:30:15 | 000,000,702 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk [2012.10.19 12:21:58 | 000,001,720 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader XI.lnk [2012.10.19 12:21:57 | 000,001,804 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Adobe Reader XI.lnk [2012.10.19 11:43:12 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.10.18 19:11:32 | 000,000,753 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Startmenü\Programme\Internet Explorer.lnk [2012.10.18 17:05:15 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod [2012.10.18 17:05:13 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty [2012.10.18 17:05:09 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img [2012.10.17 15:24:54 | 000,000,218 | ---- | C] () -- C:\Dokumente und Einstellungen\User\.recently-used.xbel [2012.10.16 19:26:07 | 000,000,211 | ---- | C] () -- C:\Boot.bak [2012.10.16 19:25:57 | 000,262,448 | RHS- | C] () -- C:\cmldr [2012.10.16 18:23:13 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2012.10.16 18:23:13 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2012.10.16 18:23:13 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2012.10.16 18:23:13 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2012.10.16 18:23:13 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2012.10.16 15:15:42 | 000,000,512 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Desktop\MBR.dat [2012.10.15 19:55:05 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\User\defogger_reenable [2012.10.11 16:52:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\imaqconf.ini [2012.10.11 15:00:23 | 000,000,795 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Measurement & Automation.lnk [2012.10.11 14:50:00 | 000,120,406 | ---- | C] () -- C:\WINDOWS\System32\niorbmap [2012.10.11 14:33:22 | 000,000,783 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\National Instruments LabVIEW 8.0.lnk [2012.09.28 14:52:05 | 000,001,586 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SMaRT.lnk [2012.09.27 17:58:53 | 006,381,575 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Eigene Dateien\Setup Solartron+Chelsea WinDETA.pdf [2012.08.14 19:26:32 | 000,310,272 | ---- | C] () -- C:\WINDOWS\System32\UPDIO2.dll [2012.08.14 19:26:31 | 000,254,464 | ---- | C] () -- C:\WINDOWS\System32\SUPDRun.exe [2012.08.14 19:26:27 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\spd__l.dll [2012.08.14 19:26:22 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\spd__ci.exe [2012.08.14 19:26:19 | 001,558,432 | ---- | C] () -- C:\WINDOWS\TotalUninstaller.exe [2012.08.05 22:16:07 | 000,004,288 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\recently-used.xbel [2012.08.05 17:55:02 | 000,103,424 | ---- | C] () -- C:\WINDOWS\System32\MoticRecordCore.dll [2012.08.05 17:52:51 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\JPEGDLL32.dll [2012.08.05 17:52:49 | 000,053,760 | ---- | C] () -- C:\WINDOWS\System32\Dongle.dll [2012.08.04 21:53:04 | 000,000,106 | ---- | C] () -- C:\Dokumente und Einstellungen\User\tonwert [2012.08.02 01:19:27 | 000,247,808 | ---- | C] () -- C:\WINDOWS\System32\MoticIPFilter.dll [2012.08.02 01:19:26 | 000,227,840 | ---- | C] () -- C:\WINDOWS\System32\MoticBmpCapture.dll [2012.08.02 01:18:58 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\MoticImageDevicesProxy.dll [2012.08.02 01:18:57 | 000,189,440 | ---- | C] () -- C:\WINDOWS\System32\MUCam32.dll [2012.08.02 01:18:55 | 000,663,552 | ---- | C] () -- C:\WINDOWS\System32\FreeImage.dll [2012.08.02 01:18:54 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\MoticCamfnc.dll [2012.02.07 17:48:51 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll [2011.05.17 17:33:24 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\TransCom.dll [2011.05.17 17:32:48 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\FirmwareID.dll [2011.03.12 10:49:13 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2011.02.22 10:48:18 | 000,000,182 | ---- | C] () -- C:\WINDOWS\hpbafd.ini [2010.11.08 19:32:58 | 000,153,833 | ---- | C] () -- C:\WINDOWS\hpwins22.dat.temp [2010.11.08 19:32:58 | 000,001,075 | ---- | C] () -- C:\WINDOWS\hpwmdl22.dat.temp [2010.11.08 13:48:49 | 000,131,250 | ---- | C] () -- C:\WINDOWS\hpwins22.dat [2010.11.08 13:48:49 | 000,001,075 | ---- | C] () -- C:\WINDOWS\hpwmdl22.dat [2010.07.11 13:37:47 | 000,188,378 | ---- | C] () -- C:\Dokumente und Einstellungen\User\acbstractpicture.pdf [2009.02.12 21:38:56 | 000,018,145 | ---- | C] () -- C:\Dokumente und Einstellungen\User\martin.dbj [2008.12.03 17:58:00 | 000,009,418 | ---- | C] () -- C:\Dokumente und Einstellungen\User\agic2008mmp.html [2008.11.14 13:00:37 | 000,002,481 | ---- | C] () -- C:\Dokumente und Einstellungen\User\.html [2007.04.09 21:27:35 | 000,000,040 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.zreglib [2006.12.06 02:18:52 | 000,000,537 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\solvents.map [2006.07.27 17:57:13 | 000,001,777 | ---- | C] () -- C:\Dokumente und Einstellungen\User\gsview32.ini [2006.05.18 20:13:39 | 000,000,009 | ---- | C] () -- C:\Dokumente und Einstellungen\User\cd.aux [2006.04.26 23:01:48 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\dm.ini [2006.04.13 21:07:40 | 000,000,198 | ---- | C] () -- C:\Dokumente und Einstellungen\User\vgalusr1.vr [2006.03.13 14:27:17 | 000,038,292 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Microsoft Excel.ADR [2006.03.13 14:21:33 | 000,012,943 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Microsoft Excel.CAL [2005.12.27 17:12:40 | 000,007,496 | ---- | C] () -- C:\Dokumente und Einstellungen\User\sample2e.dvi [2005.12.27 17:12:40 | 000,000,162 | ---- | C] () -- C:\Dokumente und Einstellungen\User\sample2e.aux [2005.12.25 02:34:28 | 000,228,864 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2005.12.12 17:35:15 | 000,000,140 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\wklnhst.dat [2005.12.07 15:26:28 | 000,000,137 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat ========== ZeroAccess Check ========== [2005.11.15 09:33:15 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2010.04.16 18:06:44 | 001,509,888 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 07:52:34 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Alternate Data Streams ========== @Alternate Data Stream - 143 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:C8B8CEBD < End of report > Code:
ATTFilter OTL Extras logfile created on: 19.10.2012 12:40:15 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\User\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
894.16 Mb Total Physical Memory | 225.96 Mb Available Physical Memory | 25.27% Memory free
2.11 Gb Paging File | 1.48 Gb Available in Paging File | 70.12% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 74.53 Gb Total Space | 3.52 Gb Free Space | 4.72% Space Free | Partition Type: NTFS
Drive E: | 33.25 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: KAROOSU-II | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
.scr [@ = RasWin.Script] -- C:\Programme\RasWin\RasWin.exe ()
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Programme\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01610E8F-5F6A-4D9A-AFC4-3FE1AC19C488}" = NI-653x Support
"{03773BAB-F4D0-405C-B0BC-AD8053D95B8E}" = NI LabVIEW 8.0 Instr.lib
"{061AE98B-178A-4143-A52A-68ED9279644D}" = NI Legacy DAQmxRF
"{06960020-59A4-11D5-9721-00B0D03F1A43}" = Motic Images Plus 2.0
"{0819E89D-6214-4B6F-A18D-4633CB4E0E4A}" = Softwareupdate für Webordner
"{09B0D7DF-1871-4DAF-9644-D34E0641F309}" = NI DHV DCMP Installer 105f1
"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
"{0AA096F0-FD0C-4859-8F71-441699B16752}" = NI-SCOPE 2.9.2
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0CF6DF46-1058-4B3B-A49E-1C70145C849F}" = NI-VISA Server 3.4
"{0F09F023-E0EF-40DA-A972-38F5BD0DA302}" = NI-VISA MAX Provider 3.4
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4700_series" = Canon iP4700 series Printer Driver
"{11AE3814-BE69-4934-B256-E918F574340F}" = NI-488.2 2.43
"{1212A25B-EE14-4919-AA06-C5EA5E46CAA4}" = NI LabVIEW 8.0 Help
"{12293183-17BA-4A6B-853A-009871F391E4}" = NI-DAQmx - LabVIEW shared documentation
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{162583A9-FA87-4F26-BD56-3ACD381DB9BE}" = SMaRT
"{1AD77A05-76EC-44CF-940F-799FFFE6C731}" = NI Assistant Framework
"{1C63DD23-6554-4A1F-8D0D-B5A6B49D8015}" = Corel Graphics Suite 11
"{1C85BB92-B17F-4CE3-AC53-F9350D1B6D98}" = NI SignalExpress 1.2.2 Datatypes
"{1D51A29C-475D-43A7-A6E8-5592FF6E343D}" = NI LabVIEW 8.0 Simulation
"{1E37767B-1A94-4FEA-9120-15B3360B6D3A}" = NI-DAQmx OPC Support
"{1E85A47B-4150-4003-8283-8B2EB94AF5C9}" = NI-RPC 3.2.1f0
"{1EA6473D-6AFB-4349-B138-DBD810C0F34E}" = NI-DMM 2.4.6
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F72FFB7-3E5C-4752-9E23-FA6CE0281CAD}" = NI-IRDA 1.0.2f0 for Phar Lap ETS
"{21082394-654A-46A9-9426-B834F02877EC}" = NI LabVIEW 8.0 Menus
"{2146CF1A-5ACD-4A50-8B36-6A7DD095B08C}" = NI-DAQ INF Files
"{221861B8-D133-4377-803D-F005EB2B733C}" = NI LVBrokerAux1071
"{26208991-520E-489B-AD52-A7CEA5A5C857}" = NI-IMAQ 3.5
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{26F4D5DD-865B-4A2B-9A36-EE22ACA97331}" = NI-MXDF 1.4.0f0
"{28C59BDD-55F3-4454-BF17-37AC537F894B}" = NI MDF Support
"{2B8681BE-302C-4976-8E77-2735EAEF2AAD}" = NI-VISA for LabVIEW Real-Time 3.4
"{2BD1A5B5-8E98-4E2D-9BE5-D68C57C2FDBE}" = NI Assistant Framework LabVIEW Code Generator 7.0
"{2C8ACC4A-240C-4EC8-81BC-792C5DAE027D}" = NI-DIM 1.3.0f0 for Phar Lap ETS
"{2D7B1642-931E-47C5-9B55-A4E83A9548FD}" = NI-RPC 3.2.1f0 for Phar Lap ETS
"{2E531946-E4A9-4D58-BB69-5696F8481EE2}" = NI LabVIEW 8.0 Help File
"{307ADD1B-AD3E-4D6C-898B-1EB60B1269BC}" = NI LabVIEW 8.0 CINtools
"{32117214-B9F1-4EAC-8EC3-417161EC388D}" = NI LabVIEW MAX XML
"{3263845B-95F2-43C0-817E-B7BF25BCB742}" = NI-PAL 1.10.0f0 for Phar Lap ETS
"{33B9AC9D-0442-4728-AAA1-6B30949B87C5}" = NI-Motion MAX Provider 7.1
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36B13A26-2DD0-4441-A747-C788B4623929}" = NI-SWITCH 3.0
"{36DC540B-3062-4538-B1D1-E367BC9F47FC}" = NI LVBrokerAux71
"{37128905-461C-41E3-86EF-A0B7A627B548}" = NI DHV GPL 107f1
"{37C93522-0209-4D4C-A100-8C149EB45D2C}" = NI LabVIEW 8.0 WWW
"{381E653F-D10F-4866-9A50-E211B97DE574}" = NI LVBrokerAux70
"{3A6F4A31-8CFD-46B4-8385-E1F384DB121E}" = PDF-XChange Viewer
"{3AB4E8CB-3321-4D43-8A59-885338A6EBF9}" = STATISTICA 8.0.725.0 CS
"{3C7B88E1-2C72-44CA-A883-62679DBBA36B}" = NI-DAQmx MAX Support 1.4.0
"{3CD9E7BB-6347-479A-BB0C-0093C1AE6944}" = NI Software Provider for MAX
"{3D47F62E-EE3A-44B6-9079-7D683CA4A975}" = Motic Images Multi-Focus Pro 1.0
"{3DFF45F7-C12C-4A3A-BA9E-1946A4E92424}" = NI LabVIEW Real-Time Error Dialog
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4159DD60-49C1-4323-A1A5-FB060CBA35C5}" = NI Measurement Studio Recipe Processor
"{41BE0B6B-A0A0-4848-9DB5-92359D7BFB7D}" = NI DIO Core 141f1
"{45A380B1-4EBC-489F-9A86-689F5BB5E1E8}" = NI DAQ Assistant 1.5.0
"{45F0CC81-BFA7-4E00-8682-8595BA27C114}" = NI Assistant Framework LabVIEW Code Generator 7.1
"{461BB471-0B29-4A85-8B8E-AD0D96F9BD12}" = NI SCXI 1.2.0
"{46AB635F-5C13-4592-AE25-8687816341D7}" = NI LabVIEW 8.0 Project
"{489922DB-811B-417F-88B8-417ABC93A09A}" = NI-FGEN Driver Part 131f2
"{4960B043-C25F-4C85-B5DF-817448F4D31E}" = NI LabVIEW Deployable License 8.0
"{496B9B49-C7CA-4F32-BD18-029D1C7105F0}" = NI Spy 2.3.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E79CFA8-5FBA-4777-8B69-F52DEFF31BA7}" = NI-CAN - CAN/DNET Core
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5500F75F-EC8D-40D4-A346-9E46D931C4CF}" = NI-VISA 3.4
"{5545EEE4-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2701.01)
"{567DE038-00EF-4C42-8492-3C53B81351BC}" = NI-488.2 Provider for MAX
"{588667A2-96B8-43DA-AF99-6861BED9C889}" = NI LabVIEW 8.0 Applibs
"{5A4AC082-8D61-442A-8A86-68869CB9BC80}" = NI MXS 4.0
"{5B061FDE-E53E-4DDC-8532-D23F95A56B38}" = NI-IVI Provider for MAX
"{5BCB370B-F341-45DF-BDEF-29E1F1291C2C}" = NI PXI Platform Services for Windows 1.5.1
"{5DC9049B-DEEB-429F-8B52-FEC48FC1E9FF}" = NI Remote Provider for MAX
"{5F5E7797-67A8-432C-8319-2D2B2A687AE6}" = NI-DAQmx Documentation
"{607BCFFA-1FDA-4F56-AB36-1A4B2A003FD4}" = NI Variable Engine LabVIEW 8.0 Support
"{60FC2242-9CF5-4264-B02A-A4A86447F560}" = NI EULA Depot
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6134FECC-3207-42A8-BE11-76F80260E416}" = NI Measurements eXtensions for PAL 1.3.0
"{61662552-5E9A-46C1-9D79-97B3B53D4344}" = NI ModInst 1.1.1
"{62DBBC58-6C51-4793-BA66-45012F8BA32C}" = NI LabVIEW Run-Time Engine 7.1.1
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69D26AD4-8D4F-424C-89A2-36E7996FE9F4}" = NI-Motion 7.1
"{6E867F5F-191E-4F87-AC87-DB1D7C2B2082}" = NI-ORB 1.3.0f2 for Phar Lap ETS
"{6F139AA4-624B-499A-A20F-AF20F552B494}" = NI PXI Platform Services for LabVIEW Real-Time 1.5.1
"{6FC644ED-B118-4837-AE96-1828FC400E56}" = NI OPC Support
"{7020FC34-6E04-4858-924D-354B28CB2402}_is1" = Luminance HDR 2.1.0
"{708878B7-6B4C-42EB-AA0B-FD91339E228B}" = NI-DNET 1.4.2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{761C7705-C07C-47C1-9DEF-1C7B7E85C026}" = NI-Embedded RT Provider 1.1 for MAX
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}" = Windows Live installer
"{847D8AC1-E041-44BF-8FE9-0A1CACD3169A}" = NI Registration Wizard
"{857594FA-206C-4937-8D9B-D096F737C17B}" = NI-TClk 1.4.1
"{85BA7798-BFDB-4A26-99E1-1D685DD70D6C}" = NI Variable Engine
"{86B3F2D6-AC2B-4E88-8AE1-F2F77F781B0C}" = EndNote X3
"{879D59A5-FD51-44EE-91D2-734CA0DC91D8}" = NI LabVIEW RT Proxy
"{87F64F82-D571-4F51-A8FA-A36C273BA3C7}" = NI-PAL 1.10.0f0
"{88BBB9A9-C034-466E-BB83-8197AFD1669C}" = NI LVBrokerAux8.0
"{8A4C8B35-7004-4E33-9064-D66A2238BEB5}" = NI-IMAQ Configuration 1.6
"{8A78D7F3-6D9F-4616-B813-4A7BF5495809}" = NI-DAQmx support for LabVIEW
"{8AB1D901-D67B-4827-B7BD-CA048D2E4769}" = NI Fusion Standard Library
"{8BB89D6D-85DD-4B36-A5D8-2321509E9E64}" = NI LabVIEW 8.0 iMath
"{8C363CB9-9F31-4349-8491-762C42D3FDFB}" = CambridgeSoft Desktop Inventory 12.0
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8DF4BC37-2D90-4F99-8F20-7D5EB0679094}" = IVI Shared Component
"{8E41D2A5-C0DD-4139-8C7A-2F0E1F20ED24}" = CombineZP
"{8EB3022D-F805-421C-A573-59EC3EE5C08C}" = NI-IMAQ Provider for MAX
"{8ED57302-7546-4DC3-BD5F-EC87CBCEBD71}" = NI LabVIEW 8.0 Examples
"{8F2735AA-F673-4818-8F33-FE9E5612EBDB}" = NI-CAN 2.3.1
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0016-0000-0000-0000000FF1CE}" = Microsoft Office Excel 2007
"{90120000-0016-0000-0000-0000000FF1CE}_EXCEL_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_EXCEL_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_EXCEL_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_EXCEL_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_EXCEL_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_EXCEL_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_EXCEL_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{901A0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Outlook 2003
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{91120407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{92083A9A-549D-4057-88E8-223EA08563FA}" = Cisco AnyConnect VPN Client
"{92E160E5-0C7A-4DDA-9285-4B307547766D}" = NI-DAQmx Switch Core 1.6.0
"{92E975F4-D3C2-4F27-8CF8-5510D02AAEEF}" = NI Assistant Framework LabVIEW Code Generator 6.1
"{95F578F6-E6BC-4743-BB82-9CE93E460074}" = NI-TNF 1.3.1f0 for Phar Lap ETS
"{980A99BE-86E6-4365-BEC8-9C64D06FC42C}" = NI LabVIEW 8.0 MeasAppChm File
"{984C439F-FCC1-44E4-B7D6-800DC4921012}" = NI LabVIEW 8.0 Manuals
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B114692-442E-46C7-8F01-797BF434024B}" = NI STC 1.2.0
"{9C3C2CC1-94E5-469E-98B7-A74125CC5827}" = NI Common Digital 1.2.0
"{9DE980C5-926C-4BE0-B3CA-F18A3455FF1A}" = NI Timing 1.5.0
"{9E0AE153-88DC-428B-99EB-6A3D984230B8}" = NI LabWindows/CVI 7.1.1 Run Time Engine
"{9F17FA4D-409D-4DB4-BB2E-93949844BE74}" = NI IVI Engine 2.0
"{9F6D6471-32F4-4583-960D-4FC956D0A04B}" = NI Portable Configuration
"{9F9D38F6-C366-432C-AD75-4EAB1AF381A3}" = NI-CAN: Common LabVIEW code for NI CAN products
"{9FFBB61F-4B1B-421C-8F34-7340458ED6B7}" = NI Assistant Framework LabVIEW Code Generator 8.0
"{A038B7DE-A784-42BE-BB2B-D101E6223FC2}" = NI-HSDIO 1.4.1
"{A1E1083D-249D-483C-AD92-CDCFA230A4C7}" = STATISTICA CambridgeSoft Integration
"{A25708B0-0520-4BE3-927A-2CF039CDF40E}" = NI LabVIEW 8.0 Resource
"{A2AA1890-14B4-4252-A17E-7A338BC42D88}" = NI-DIM 1.3.0f0
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A542D955-9F05-4C74-8866-25DDC0DB15DB}" = SIEMENS USB Data Cable
"{A9C61320-FA84-4B54-AEAA-3BEFE95B6FA8}" = NI LabWindows/CVI 7.0 Code Generator
"{AA8D8A7B-4606-420E-9FE9-E4C77B200857}" = NI Measurement & Automation Explorer 4.0
"{AB171825-B5E6-4F9A-8438-6E1D99EFCB58}" = USB Data Cable Driver
"{AB7F05AC-F4CF-4355-8BB8-C3D443E1D2AF}" = NI Calibration Provider for MAX
"{AC76BA86-1033-F400-7760-000000000002}" = Adobe Acrobat 7.0 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch
"{AD31D4D6-7154-4AC4-B580-59F28CA331D0}" = MDL CrossFire Commander 7.0 SP2
"{B08C2B62-0200-4801-A62A-4E4069928A1A}" = NI LabVIEW 8.0 User.lib
"{B1AA8556-7F80-4F7B-8F6B-2E69D0C96298}" = Traditional NI-DAQ Documentation
"{B1F27A23-B6D1-4397-BA2F-25F348DF135F}" = NI Uninstaller
"{B26E3B0D-C2FA-4370-B068-7C476766F029}" = Microsoft Works
"{B3428FFA-367B-46B6-AFAF-34A63C77BAEE}" = NI-DAQ C and VB6 API
"{B3A667C2-66F2-41FA-94CA-B5DD9A6F3380}" = Traditional NI-DAQ 7.4.1 (Legacy)
"{B43543B0-1B58-45DF-94E2-669B1EF9D251}" = NI-ORB 1.3.0f2
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BBD2F68D-97FD-48CF-93BC-9E9C24B2B016}" = NI Logos 4.6
"{BCD6D492-DB6C-4582-8AE3-8EE9D4EAF74A}" = NI LabVIEW Broker
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{BEA0A9C5-C1D9-40AF-A52D-C2D816ADE1D5}" = NI-MDBG 1.3.0f0
"{BFD080F6-3BF0-40E1-9507-9CA969C35870}" = Sunbelt Personal Firewall
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C184F49B-34E6-4A0C-B7CF-219F9AE3EF6F}" = Motic Images Assembly Pro 1.0
"{C1D8CD08-C64C-4039-BE58-9289907344D7}" = NI-CAN Provider for MAX
"{C346D933-8F17-4A18-B96B-D240157C1AE6}" = NI LabVIEW 8.0 Deutsch
"{C5078C26-8B75-411D-9806-27E2BBD61DF6}" = NI Remote PXI Provider for MAX
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C73A0FC7-FFDC-4BAD-912A-C5791FF9EAC6}" = NI Service Locator
"{CB2D3647-18D2-4E06-8062-AF6224C5489E}" = NGrab Streamingserver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC82342B-74FC-4BD6-AF8C-6CAEAC389DE9}" = NI Script Editor 1.3.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D06EF6C2-62D8-4308-897E-B20FE81712B4}" = CambridgeSoft ChemBioOffice Ultra 2010
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.3.4
"{D0AA2E4A-CC81-4BE4-8607-8C4D5BC8AE03}" = Origin85
"{D2EB6337-42E5-4D6E-B01F-2FF9E30F4A06}" = NI Web Pipeline
"{D3439CB7-5F0E-493C-BD9F-E6CA41E8B27A}" = NI Hierarchical Waveform Storage 1.4.1
"{D3F14999-E294-449F-93CB-699775F53A6E}" = NI Example Finder 8.0
"{D573DEA6-782D-4032-998D-18DA272DA38F}" = NI LabVIEW Run-Time Engine 7.0
"{D69245E6-87C2-40E6-8F0D-F93F23EE4A0F}" = NI LabVIEW Run-Time Engine 8.0
"{D75DA63A-6403-4268-AB34-90134DDF65D5}" = NI MIO Device Drivers 1.7.0
"{D89B93AC-6507-40CA-A22A-0A1700ED0E04}" = NI Variable Manager
"{D92D5431-B36E-498A-9E7B-521E53C8825A}" = NI-DAQmx 8.0
"{D9B37BA7-24CD-445B-B145-773CC99D3E00}" = NI LabVIEW 8.0 Activity
"{D9C9A9BC-7891-4057-A193-56CEAAE2C143}" = NI-VISA Runtime 3.4
"{D9DC7038-9448-41BE-AEC3-122262D3ED0B}" = NI-FGEN 2.3.2
"{DB2C5648-700D-4AEF-83E1-70C72F0C34FA}" = NI Math Kernel Libraries
"{DB4663C6-2E47-4B46-AD39-52F546D53809}" = NI-MRU 2.4.0f0
"{DC25A68A-D49A-474F-B86D-86EB228553ED}" = NI-Embedded RT 1.0.1
"{DD390149-1F7A-4451-B64D-82FAC39F8B3C}" = NI USI 1.2.0
"{de2f2d9c-53e2-40ee-8209-74da63cb060e}" = Python 3.0.1
"{DEBA0D04-418C-4791-BF2D-046ED28B13D0}" = NI-DAQmx DSA Support 1.5.0
"{DEE42EFF-EE8F-4C81-9CFA-647B26B915CD}" = NI LabVIEW 8.0 gMath
"{DEF321A1-6E28-49A1-A5EC-DB79E647E51F}" = NI-DAQ Document Set
"{DFE4E18A-6F20-4F3C-AB3D-382FFFB43BCA}" = NI LabVIEW 8.0 Templates
"{E040BA70-61B7-434E-A273-F62EB400AC4F}" = NI Session Manager 3.5
"{E0E49070-F2C7-402A-9D36-C9B87CA2E09D}" = OriginPro 8.5
"{E145D9BE-D521-4527-A85D-2B2D47725506}" = CambridgeSoft ChemScript 12.0
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E3AD8913-0BF6-455C-92E3-5CDCD8C7D266}" = NI Instrument IO Assistant for LabVIEW 8.0
"{E3B9CB1E-C982-4A5A-BBC8-EDBE784A756A}" = NI LabVIEW 8.0 VI.lib
"{E4A3D0CD-EEA2-458F-BBC8-DC174DCCAC3D}" = NI-Serial for LabVIEW Real-Time 2.5.6
"{E51FB7DE-F7B5-4BB3-958F-4DC0C8EECAF0}" = NI-Motion 7.1 FX Development
"{E57C34B8-623E-4757-92D7-BBE17488E24D}" = NI IVI Class Drivers
"{E773E0B9-6ABE-4F9E-816C-56B2DD8613B9}" = CambridgeSoft Activation Client
"{E7CDB32A-128D-49DB-BF7F-1E96EA636D88}" = NI PXI Platform Services Provider for MAX 1.5.1
"{EAAEEDD4-0609-47E8-B747-AF3D8E8AD88C}" = NI-Watchdog 2.1.4f0
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{ECE12161-B445-48FA-9056-FD54D8A72459}" = OriginPro 7.5
"{ECE4289B-68C8-4D30-9C65-84CC2052CCFF}" = CambridgeSoft BioAssay 12.0
"{ED1617B8-98F7-412A-9502-BB9607CE17C3}" = NI Instrument I/O Assistant
"{ED318768-B5F9-4102-9852-B2AAB68819B2}" = NI LabVIEW 8.0 Device Detection and Deployment Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F14236D9-4B9A-4CEC-AE70-0E964020A0E7}" = NI Logos LabVIEW 8.0 Support
"{F2FC4CA5-BC77-4118-BC84-1542BF2EE06B}" = NI-DAQ Provider for MAX
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F596E368-2A1D-4896-AB37-C81BFA4DD011}" = CambridgeSoft ENotebook 12.0.1
"{F80E2443-811E-4864-9AC7-0C6DDBED3186}" = NI LabVIEW C Interface
"{F98A8B8A-1922-4C8D-9852-074A1DA3EB2A}" = NI HSD Core 142f3
"{F993C3BF-D483-4B80-8EE7-8AB6F0E7450E}" = NI IVI Compliance Package 2.3
"{FA237125-51FF-408C-8BB8-30C2B3DFFF9C}" = Windows Resource Kit Tools
"{FAE4CE60-F3C1-463A-98CF-7A810E26A4DB}" = NI DataSocket 4.3.0
"{FB6DF036-C3A7-4A89-92DA-B4364A8E9373}" = NI License Manager
"{FC924128-8F69-4561-B6F8-994C44311F21}" = Motic Images Advanced 3.2
"{FFEC1925-09BC-493D-97FC-D27A364C9C8A}" = NI-488.2 for LabVIEW Real-Time 2.4.3
"1ClickDownload" = 1ClickDownloader
"31830087-F23D-4198-B67D-AD4A2A69147F_is1" = Micro-Manager-1.4
"AccelrysAccordSDK51RT" = Accord SDK 5.1 Runtime
"Adobe Acrobat 7.0 Professional - EFG" = Adobe Acrobat 7.0 Professional - English, Français, Deutsch
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AdobeESD" = Adobe Download Manager 2.0 (Nur entfernen)
"ATI Display Driver" = ATI Display Driver
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"CanonMyPrinter" = Canon My Printer
"Cisco Systems SSL VPN Client" = Cisco SSL VPN Client
"CNXT_MODEM_PCI_VEN_1002&DEV_4378&SUBSYS_10921734" = SoftV90 Data Fax Modem with SmartCP
"CutePDF Writer Installation" = CutePDF Writer 2.8
"Data Access Objects (DAO) 3.5" = Data Access Objects (DAO) 3.5
"DivX Codec" = DivX 5.0.3 Pro Bundle
"dslmon" = devolo Informer
"DVD Shrink_is1" = DVD Shrink 3.2
"EMANIM_is1" = EMANIM 1.01
"ESET Online Scanner" = ESET Online Scanner v3
"EXCEL" = Microsoft Office Excel 2007
"FaJo XP File Security Extension_is1" = FaJo XP File Security Extension v1.2
"ffdshow_is1" = ffdshow [rev 2228] [2008-10-17]
"FreePDF_XP" = FreePDF XP (Remove only)
"FTDICOMM" = SEMC DSS SyncStation Driver
"GPL Ghostscript 8.15" = GPL Ghostscript 8.15
"GPL Ghostscript 9.04" = GPL Ghostscript
"GPL Ghostscript Fonts" = GPL Ghostscript Fonts
"GSview 4.8" = GSview 4.8
"Inkscape" = Inkscape 0.48.2
"InstallShield_{1C63DD23-6554-4A1F-8D0D-B5A6B49D8015}" = Corel Graphics Suite 11
"IrfanView" = IrfanView (remove only)
"IviSharedComponent" = IVI Shared Components
"JabRef 2.4.2" = JabRef 2.4.2
"JabRef 2.6" = JabRef 2.6
"JabRef 2.7.2" = JabRef 2.7.2
"K-3D 0.7.9.0" = K-3D 0.7.9.0
"Kithara Tool Suite 7 Runtime" = Kithara Tool Suite 7 Runtime
"krinnicam" = krinnicam 2.02
"LitLink Windows Components" = LitLink Windows Components
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"MDL ISIS Draw 2.5 Standalone" = MDL ISIS Draw 2.5 Standalone
"MestReNova" = MestReNova 6.0.2-5475
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MiKTeX" = MiKTeX
"MiKTeX 2.8" = MiKTeX 2.8
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 16.0.1 (x86 de)" = Mozilla Firefox 16.0.1 (x86 de)
"Mozilla Thunderbird 16.0.1 (x86 de)" = Mozilla Thunderbird 16.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NI Uninstaller" = National Instruments-Software
"Prog-Studio" = Prog-Studio 6.09
"Rainlendar2" = Rainlendar2 (remove only)
"RasWin" = RasWin (remove only)
"RealPlayer 6.0" = RealPlayer
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"RegiStax" = RegiStax V3.0.1.23
"ResearchSoft Direct Export Helper" = ResearchSoft Direct Export Helper
"reSizer_is1" = reSizer v0.78
"RouterControl" = RouterControl 1.85
"Samsung Universal Print Driver" = Samsung Universal Print Driver
"SciPlore MindMapping" = SciPlore MindMapping
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"STATNOVAPDF_is1" = STATNOVAPDF (novaPDF Professional Server 5.4 printer)
"Stellarium_is1" = Stellarium 0.10.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeXnicCenter_is1" = TeXnicCenter Version 1 Beta 7.01 (Greengrass)
"Totalcmd" = Total Commander (Remove or Repair)
"Update Service" = Update Service
"Virtualdub 1.4.9" = Virtualdub 1.4.9
"VLC media player" = VLC media player 0.9.4
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WIC" = Windows Imaging Component
"Winamp" = Winamp (remove only)
"WINCNT" = WinCNT
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinGTK-2_is1" = GTK+ 2.10.11 runtime environment
"WinRAR archiver" = WinRAR Archivierer
"winusb0200" = Microsoft WinUsb 2.0
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"XviD" = XviD MPEG-4 Codec
"Xvid_is1" = Xvid 1.2.2 final uninstall
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 16.10.2012 14:27:18 | Computer Name = KAROOSU-II | Source = STCAgent | ID = 50331650
Description = Termination reason code 10 [FAST_USER_SWITCH]
Error - 16.10.2012 16:33:18 | Computer Name = KAROOSU-II | Source = STCAgent | ID = 50331650
Description = Termination reason code 10 [FAST_USER_SWITCH]
Error - 17.10.2012 03:36:18 | Computer Name = KAROOSU-II | Source = STCAgent | ID = 50331650
Description = Termination reason code 10 [FAST_USER_SWITCH]
Error - 17.10.2012 05:05:36 | Computer Name = KAROOSU-II | Source = STCAgent | ID = 50331650
Description = Termination reason code 10 [FAST_USER_SWITCH]
Error - 17.10.2012 18:28:10 | Computer Name = KAROOSU-II | Source = STCAgent | ID = 50331650
Description = Termination reason code 10 [FAST_USER_SWITCH]
Error - 18.10.2012 02:15:08 | Computer Name = KAROOSU-II | Source = STCAgent | ID = 50331650
Description = Termination reason code 10 [FAST_USER_SWITCH]
Error - 18.10.2012 13:10:02 | Computer Name = KAROOSU-II | Source = STCAgent | ID = 50331650
Description = Termination reason code 10 [FAST_USER_SWITCH]
Error - 19.10.2012 03:34:46 | Computer Name = KAROOSU-II | Source = STCAgent | ID = 50331650
Description = Termination reason code 10 [FAST_USER_SWITCH]
Error - 19.10.2012 05:28:48 | Computer Name = KAROOSU-II | Source = STCAgent | ID = 50331650
Description = Termination reason code 10 [FAST_USER_SWITCH]
Error - 19.10.2012 05:53:30 | Computer Name = KAROOSU-II | Source = STCAgent | ID = 50331650
Description = Termination reason code 10 [FAST_USER_SWITCH]
[ OSession Events ]
Error - 25.07.2012 08:42:32 | Computer Name = KAROOSU-II | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 174
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 19.10.2012 05:50:45 | Computer Name = KAROOSU-II | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126
Error - 19.10.2012 05:50:45 | Computer Name = KAROOSU-II | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126
Error - 19.10.2012 05:50:45 | Computer Name = KAROOSU-II | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126
Error - 19.10.2012 05:50:45 | Computer Name = KAROOSU-II | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126
Error - 19.10.2012 05:50:46 | Computer Name = KAROOSU-II | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126
Error - 19.10.2012 05:50:46 | Computer Name = KAROOSU-II | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126
Error - 19.10.2012 05:50:46 | Computer Name = KAROOSU-II | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126
Error - 19.10.2012 05:53:50 | Computer Name = KAROOSU-II | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Mobile
Partner. OUC.
Error - 19.10.2012 05:53:50 | Computer Name = KAROOSU-II | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 19.10.2012 05:59:18 | Computer Name = KAROOSU-II | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 10.172.134.78 für die Netzwerkkarte mit der Netzwerkadresse
001E101F1D99 wurde durch den DHCP-Server 10.70.253.58 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).
[ TuneUp Events ]
Error - 08.04.2011 18:16:29 | Computer Name = NAME-BB02E5F58F | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 08.04.2011 18:16:29 | Computer Name = NAME-BB02E5F58F | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 08.04.2011 18:16:29 | Computer Name = NAME-BB02E5F58F | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
< End of report >
|
|
22.10.2012, 06:28
| #18 |
| /// Malwareteam | Redirect auf Google, GMER hat Rootkit-Aktivität festgestellt VLC-Player update
__________________Dein VLC-Player ist veraltet. Um ihn zu aktualisieren, gehe bitte wie folgt vor:
Ansonsten sind wir durch!  Defogger re-enable Starte bitte den Defogger und klicke den re-enable Button ComboFix Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren. Windows-Taste + R drücke. Kopiere nun folgende Zeile in die Kommandozeile und klicke OK. Code:
ATTFilter Combofix /Uninstall
 Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert, damit auch aus dieser die Schädlinge verschwinden. Nun die eben deaktivierten Programme wieder aktivieren. OTL Starte bitte OTL und klicke auf Bereinigung. Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen. ComboFix
Hier noch ein paar Tipps zur Absicherung deines Systems. Aktualität Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, damit ich diesen Thread aus meinen Abos löschen kann.
__________________ |
|
22.10.2012, 12:08
| #19 |
| | Redirect auf Google, GMER hat Rootkit-Aktivität festgestellt Hi Marius, hab auch die restlichen Punkte ohne Probleme erledigen können. Vielen Dank nochmal für die umfassende Hilfe und die Tipps. Grüße Martin |
|
22.10.2012, 12:40
| #20 |
| /// Malwareteam | Redirect auf Google, GMER hat Rootkit-Aktivität festgestellt Schön, dass wir helfen konnten!  Dieses Thema scheint erledigt und wurde aus meinen Abos gelöscht. Solltest du das Thema erneut brauchen, schicke mir bitte eine PM. Jeder andere bitte hier klicken und ein eigenes Thema erstellen!
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
| Themen zu Redirect auf Google, GMER hat Rootkit-Aktivität festgestellt |
| antivir, application/pdf:, avira, bho, desktop, entfernen, error, excel, fehler, firefox, flash player, format, google, google-redirect, home, hotkey.sys, installation, langsam, launch, mozilla, mp3, national, office 2007, plug-in, programm, realtek, registry, rootkit, rundll, safer networking, scan, security, sehr langsam, software, system, total commander, tracker |
Textbox.
Linear-Darstellung
