| |
| |||||||
Log-Analyse und Auswertung: Redirect auf Google, GMER hat Rootkit-Aktivität festgestelltWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
16.10.2012, 10:13
| #1 |
 |  Redirect auf Google, GMER hat Rootkit-Aktivität festgestellt Hallo TB-Team, ich habe seit einigen Tagen Probleme mit meinem Laptop: Rechner ist sehr langsam, Freeze, Redirect auf Google, wenn ich mit Firefox surfe. GMER hat Rootkit-Aktivität festgestellt, ein Log-File wurde aber nicht erstellt, da sich das Programm geschlossen hat, bevor ich etwas speichern konnte. Bis jetzt habe ich noch nichts am System verändert und lediglich die TB-Anleitung zur Erstellung von Logfiles abgearbeitet. Ich hoffe ihr könnt mir helfen. Danke schon mal im Voraus. Grüße Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 19:55 on 15/10/2012 (User)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter OTL logfile created on: 15.10.2012 19:59:42 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\User\Eigene Dateien\Downloads Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 894.16 Mb Total Physical Memory | 539.59 Mb Available Physical Memory | 60.35% Memory free 2.12 Gb Paging File | 1.60 Gb Available in Paging File | 75.60% Paging File free Paging file location(s): C:\pagefile.sys 1344 2688 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 74.53 Gb Total Space | 4.81 Gb Free Space | 6.45% Space Free | Partition Type: NTFS Drive E: | 33.25 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: KAROOSU-II | User Name: User | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.10.15 19:49:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\User\Eigene Dateien\Downloads\OTL.exe PRC - [2012.09.24 22:52:31 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Programme\Java\jre7\bin\jqs.exe PRC - [2012.08.13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2011.07.01 11:20:56 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.05.20 10:49:24 | 000,218,624 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mobile Partner\OnlineUpdate\ouc.exe PRC - [2011.04.27 15:47:59 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2011.01.10 15:22:55 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.11.16 15:37:38 | 000,264,704 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DatacardService\HWDeviceService.exe PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.12.18 00:32:30 | 000,497,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe PRC - [2009.01.01 17:06:41 | 000,267,016 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\SSL VPN Client\Agent.exe PRC - [2006.06.18 12:30:21 | 000,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe PRC - [2005.11.11 11:00:04 | 000,659,456 | ---- | M] (National Instruments, Inc.) -- C:\Programme\National Instruments\Shared\Tagger\tagsrv.exe PRC - [2005.11.11 10:49:50 | 000,204,800 | ---- | M] (National Instruments, Inc.) -- C:\Programme\National Instruments\Shared\Security\nidmsrv.exe PRC - [2005.11.11 10:46:58 | 000,053,248 | ---- | M] (National Instruments, Inc.) -- C:\WINDOWS\system32\lktsrv.exe PRC - [2005.11.11 10:46:56 | 000,045,056 | ---- | M] (National Instruments, Inc.) -- C:\WINDOWS\system32\lkads.exe PRC - [2005.10.10 14:08:32 | 000,049,152 | ---- | M] (National Instruments Corp.) -- C:\WINDOWS\system32\nisvcloc.exe PRC - [2005.10.06 11:49:52 | 000,263,168 | ---- | M] (National Instruments Corporation) -- C:\Programme\National Instruments\NI-DAQ\HWConfig\nidevmon.exe PRC - [2005.10.03 22:52:40 | 000,005,728 | ---- | M] (National Instruments Corporation) -- C:\Programme\National Instruments\MAX\nimxs.exe PRC - [2005.09.22 17:16:08 | 000,005,728 | ---- | M] (National Instruments Corporation) -- C:\WINDOWS\system32\nipalsm.exe PRC - [2005.08.25 13:43:14 | 000,688,190 | ---- | M] (National Instruments, Inc.) -- C:\WINDOWS\system32\lkcitdl.exe PRC - [2005.08.01 08:28:42 | 000,098,393 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPLpr.exe PRC - [2005.08.01 08:28:24 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE PRC - [2005.05.31 01:04:00 | 001,415,824 | ---- | M] (Safer Networking Limited) -- C:\Programme\Spybot - Search & Destroy\TeaTimer.exe PRC - [2005.05.27 10:24:52 | 000,147,456 | ---- | M] (shbox.de) -- C:\Programme\FreePDF_XP\fpassist.exe PRC - [2005.05.23 22:31:12 | 000,077,824 | ---- | M] (National Instruments) -- C:\WINDOWS\system32\RTProxy.exe PRC - [2005.05.02 15:09:50 | 000,057,344 | ---- | M] (Wistron) -- C:\Launch Manager\HotkeyApp.exe PRC - [2005.04.18 12:41:34 | 000,081,920 | ---- | M] () -- C:\Launch Manager\WButton.exe PRC - [2005.04.07 20:46:59 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2005.03.30 16:29:48 | 000,032,768 | ---- | M] () -- C:\Launch Manager\LaunchAp.exe PRC - [2005.03.16 14:52:02 | 000,204,800 | ---- | M] (Wistron) -- C:\Launch Manager\OSD.exe PRC - [2004.12.14 02:36:08 | 000,032,256 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcrobatInfo.exe PRC - [2004.10.11 11:47:02 | 000,245,760 | ---- | M] () -- C:\Launch Manager\OSDCtrl.exe PRC - [2003.06.20 00:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE ========== Modules (No Company Name) ========== MOD - [2011.05.20 10:49:28 | 001,148,416 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mobile Partner\OnlineUpdate\QtNetwork4.dll MOD - [2011.05.20 10:49:26 | 002,415,104 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mobile Partner\OnlineUpdate\QtCore4.dll MOD - [2011.05.20 10:49:26 | 000,043,008 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mobile Partner\OnlineUpdate\libgcc_s_dw2-1.dll MOD - [2011.05.20 10:49:26 | 000,011,362 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mobile Partner\OnlineUpdate\mingwm10.dll MOD - [2011.05.20 10:49:24 | 000,218,624 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mobile Partner\OnlineUpdate\ouc.exe MOD - [2011.04.11 07:26:33 | 000,024,064 | ---- | M] () -- C:\WINDOWS\system32\spd__l.dll MOD - [2010.11.16 15:37:38 | 000,264,704 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DatacardService\HWDeviceService.exe MOD - [2010.06.17 15:27:02 | 000,355,688 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll MOD - [2009.11.05 08:39:40 | 000,087,552 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll MOD - [2008.06.20 19:36:12 | 000,247,296 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll MOD - [2008.06.20 19:36:12 | 000,247,296 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll MOD - [2005.10.19 12:56:28 | 000,125,952 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2005.10.13 10:11:44 | 000,008,704 | ---- | M] () -- C:\WINDOWS\system32\niidaqlv.dll MOD - [2005.04.18 12:41:34 | 000,081,920 | ---- | M] () -- C:\Launch Manager\WButton.exe MOD - [2005.03.30 16:29:48 | 000,032,768 | ---- | M] () -- C:\Launch Manager\LaunchAp.exe MOD - [2005.01.06 17:33:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\redmonnt.dll MOD - [2004.10.11 11:47:02 | 000,245,760 | ---- | M] () -- C:\Launch Manager\OSDCtrl.exe MOD - [2004.02.17 10:31:18 | 000,053,248 | ---- | M] () -- C:\Programme\National Instruments\MAX\Experts\niIMAQe.mxe ========== Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt) SRV - [2012.09.24 22:52:31 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2012.09.11 08:26:23 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.08.13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012.07.03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.04.06 01:45:44 | 000,129,536 | ---- | M] (Samsung Electronics) [On_Demand | Stopped] -- C:\WINDOWS\system32\SUPDSvc2.exe -- (Samsung UPD Service2) SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2011.07.01 11:20:56 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.05.20 10:49:24 | 000,218,624 | ---- | M] () [Auto | Stopped] -- C:\Programme\Mobile Partner\UpdateDog\ouc.exe -- (Mobile Partner. RunOuc) SRV - [2011.04.27 15:47:59 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.11.16 15:37:38 | 000,264,704 | ---- | M] () [Auto | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DatacardService\HWDeviceService.exe -- (HWDeviceService.exe) SRV - [2010.03.29 08:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Programme\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) SRV - [2009.12.18 00:32:30 | 000,497,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent) SRV - [2009.01.01 17:06:41 | 000,267,016 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco Systems\SSL VPN Client\Agent.exe -- (STCAgent) SRV - [2007.04.26 10:21:28 | 001,234,480 | ---- | M] (Sunbelt Software) [Auto | Stopped] -- C:\Programme\Sunbelt Software\Personal Firewall\kpf4ss.exe -- (SPF4) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2006.06.10 23:05:02 | 000,069,632 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service) SRV - [2005.11.11 11:00:04 | 000,659,456 | ---- | M] (National Instruments, Inc.) [Auto | Running] -- C:\Programme\National Instruments\Shared\Tagger\tagsrv.exe -- (NITaggerService) SRV - [2005.11.11 10:49:50 | 000,204,800 | ---- | M] (National Instruments, Inc.) [Auto | Running] -- C:\Programme\National Instruments\Shared\Security\nidmsrv.exe -- (NIDomainService) SRV - [2005.11.11 10:46:58 | 000,053,248 | ---- | M] (National Instruments, Inc.) [Auto | Running] -- C:\WINDOWS\system32\lktsrv.exe -- (lkTimeSync) SRV - [2005.11.11 10:46:56 | 000,045,056 | ---- | M] (National Instruments, Inc.) [Auto | Running] -- C:\WINDOWS\system32\lkads.exe -- (lkClassAds) SRV - [2005.11.02 13:56:48 | 000,913,408 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\National Instruments\Shared\License Manager\Bin\lmgrd.exe -- (NILM License Manager) SRV - [2005.10.10 14:08:32 | 000,049,152 | ---- | M] (National Instruments Corp.) [Auto | Running] -- C:\WINDOWS\system32\nisvcloc.exe -- (niSvcLoc) SRV - [2005.10.03 22:52:40 | 000,005,728 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Programme\National Instruments\MAX\nimxs.exe -- (mxssvr) SRV - [2005.09.22 17:16:08 | 000,005,728 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\WINDOWS\system32\nipalsm.exe -- (nipxirmu) SRV - [2005.09.22 17:16:08 | 000,005,728 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\WINDOWS\system32\nipalsm.exe -- (nimcrpcsu) SRV - [2005.09.22 17:16:08 | 000,005,728 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\WINDOWS\system32\nipalsm.exe -- (nimcdldu) SRV - [2005.09.22 17:16:08 | 000,005,728 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\WINDOWS\system32\nipalsm.exe -- (nidevldu) SRV - [2005.08.25 13:43:14 | 000,688,190 | ---- | M] (National Instruments, Inc.) [Auto | Running] -- C:\WINDOWS\system32\lkcitdl.exe -- (LkCitadelServer) SRV - [2005.05.23 22:31:12 | 000,077,824 | ---- | M] (National Instruments) [Auto | Running] -- C:\WINDOWS\System32\RTProxy.exe -- (niRTProxy) SRV - [2004.09.29 12:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12) SRV - [2003.06.20 00:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM) SRV - [2000.05.24 15:20:36 | 000,015,360 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\WINDOWS\system32\ATMsrvc.exe -- (ATMsrvc) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\Wbutton.sys -- (Wbutton) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\siusbmod.sys -- (siusbmod) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PLCMPR5.SYS -- (PLCMPR5) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (mailKmd) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2012.08.05 17:52:12 | 000,010,304 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\hostnt.sys -- (HOSTNT) DRV - [2012.08.02 00:41:03 | 000,003,026 | ---- | M] (Logix4u) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\hwinterface.sys -- (hwinterface) DRV - [2011.07.01 11:20:58 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2011.07.01 11:20:58 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.05.20 10:49:29 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev) DRV - [2011.05.20 10:49:29 | 000,072,576 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys -- (huawei_enumerator) DRV - [2011.05.20 10:49:28 | 000,117,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbnet.sys -- (ewusbnet) DRV - [2011.05.20 10:49:28 | 000,106,496 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2010.06.17 15:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.02.11 13:08:25 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6) DRV - [2009.12.18 00:18:50 | 000,020,152 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vpnva.sys -- (vpnva) DRV - [2009.07.13 16:51:12 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB) DRV - [2009.04.30 23:56:32 | 000,495,768 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV561AV.SYS -- (PID_0928) DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2009.01.01 17:06:41 | 000,022,136 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CSVirtA.sys -- (CSVirtA) DRV - [2007.04.26 10:21:34 | 000,072,624 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\khips.sys -- (khips) DRV - [2007.04.26 10:21:30 | 000,302,000 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fwdrv.sys -- (fwdrv) DRV - [2006.03.01 10:22:23 | 000,010,373 | R--- | M] (Motic China Gruop Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MC1001200130012001B\cmiusb.sys -- (CMIUSB) DRV - [2005.12.16 08:50:00 | 000,242,592 | ---- | M] (Kithara Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\Ksts7.sys -- (Kithara-Ksts7) DRV - [2005.10.18 10:00:00 | 000,004,096 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\cvintdrv.sys -- (cvintdrv) DRV - [2005.10.14 06:02:34 | 000,136,791 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\NICANpk.dll -- (nicanpk) DRV - [2005.10.13 10:18:50 | 000,050,688 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nidmmk.dll -- (nidmmk) DRV - [2005.10.13 10:17:26 | 000,674,304 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\nidaq32k.sys -- (Nidaq32k) DRV - [2005.10.13 09:30:36 | 000,111,616 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\niSTCk.dll -- (nistck) DRV - [2005.10.13 09:30:18 | 000,030,208 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nimdsk.dll -- (nimdsk) DRV - [2005.10.13 09:29:34 | 000,021,504 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nibffrk.dll -- (nibffrk) DRV - [2005.10.13 09:29:32 | 000,037,376 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\niarbk.dll -- (niarbk) DRV - [2005.10.13 07:27:56 | 000,166,912 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nidmxfk.dll -- (nidmxfk) DRV - [2005.10.12 17:13:56 | 000,008,704 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NiViFWK.sys -- (NiViFWK) DRV - [2005.10.12 17:04:28 | 000,010,752 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NiViPxiK.sys -- (NiViPxiK) DRV - [2005.10.12 17:04:26 | 000,037,376 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NiViPciK.sys -- (NiViPciK) DRV - [2005.10.10 20:07:02 | 000,110,080 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nistcrk.dll -- (nistcrk) DRV - [2005.10.08 01:08:24 | 000,476,160 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\niswdk.dll -- (niswdk) DRV - [2005.10.07 00:54:24 | 000,692,736 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nitiork.dll -- (nitiork) DRV - [2005.10.07 00:20:20 | 000,926,720 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nixsrk.dll -- (nixsrk) DRV - [2005.10.07 00:20:12 | 000,422,400 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\niwfrk.dll -- (niwfrk) DRV - [2005.10.07 00:20:04 | 001,058,304 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nissrk.dll -- (nissrk) DRV - [2005.10.07 00:19:58 | 000,489,984 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\niesrk.dll -- (niesrk) DRV - [2005.10.07 00:19:54 | 000,346,624 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\niemrk.dll -- (niemrk) DRV - [2005.10.07 00:06:48 | 000,019,968 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\usb6xxxk.dll -- (usb6xxxk) DRV - [2005.10.07 00:06:38 | 000,233,472 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nisdigk.dll -- (nisdigk) DRV - [2005.10.06 16:22:48 | 000,038,912 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\niorbk.dll -- (niorbk) DRV - [2005.10.06 12:31:52 | 000,019,456 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nimxpk.dll -- (nimxpk) DRV - [2005.10.06 12:25:30 | 000,051,200 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nimstsk.dll -- (nimstsk) DRV - [2005.10.06 12:19:44 | 000,131,072 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nimsdrk.dll -- (nimsdrk) DRV - [2005.10.06 12:14:50 | 000,714,752 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nidsark.dll -- (nidsark) DRV - [2005.10.06 12:07:18 | 000,042,496 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nispdk.dll -- (nispdk) DRV - [2005.10.06 12:07:16 | 000,497,664 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\niscdk.dll -- (niscdk) DRV - [2005.10.06 12:03:36 | 000,163,328 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nistc2k.dll -- (nistc2k) DRV - [2005.10.06 11:56:28 | 000,170,496 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nicdrk.dll -- (nicdrk) DRV - [2005.10.06 11:48:30 | 000,163,328 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nisftk.dll -- (nisftk) DRV - [2005.10.06 11:32:18 | 000,035,328 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nifslk.dll -- (nifslk) DRV - [2005.10.06 01:00:32 | 000,151,683 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nimsrlk.dll -- (nimsrlk) DRV - [2005.10.06 01:00:30 | 000,014,464 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nimslk.dll -- (nimslk) DRV - [2005.10.05 17:34:04 | 000,018,432 | ---- | M] (National Instruments) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\niwdk.sys -- (niwdk) DRV - [2005.09.28 21:54:50 | 000,231,936 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nimru2k.dll -- (nimru2k) DRV - [2005.09.28 21:14:02 | 000,141,824 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nidimk.dll -- (nidimk) DRV - [2005.09.28 20:52:50 | 000,212,480 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nimxdfk.dll -- (nimxdfk) DRV - [2005.09.28 20:07:04 | 000,170,496 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nimdbgk.dll -- (nimdbgk) DRV - [2005.09.22 21:12:08 | 000,531,968 | ---- | M] (National Instruments Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nipalk.sys -- (NIPALK) DRV - [2005.09.21 15:41:28 | 000,223,232 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\niimaqk.dll -- (niimaqk) DRV - [2005.09.21 11:30:46 | 000,055,296 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nipxirmk.dll -- (nipxirmk) DRV - [2005.09.20 20:48:50 | 000,979,456 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nidwgk.dll -- (nidwgk) DRV - [2005.09.20 20:45:14 | 000,534,016 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nihsdrk.dll -- (nihsdrk) DRV - [2005.09.20 20:32:00 | 000,373,863 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\niSLDk.dll -- (nisldk) DRV - [2005.09.20 20:04:14 | 000,677,486 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nisrcdk.dll -- (nisrcdk) DRV - [2005.09.20 18:17:58 | 000,100,352 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nigplk.dll -- (nigplk) DRV - [2005.09.14 10:45:28 | 000,056,956 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nimcdfxk.dll -- (nimcdfxk) DRV - [2005.09.14 10:29:32 | 000,023,164 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nimcdlbk.dll -- (nimcdlbk) DRV - [2005.08.30 10:38:56 | 000,374,448 | ---- | M] (National Instruments Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\pciimaq.sys -- (PCIIMAQ) DRV - [2005.08.01 08:28:51 | 001,035,776 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2005.08.01 08:28:35 | 001,038,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP) DRV - [2005.08.01 08:28:34 | 000,703,232 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf) DRV - [2005.08.01 08:28:34 | 000,200,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWATI.sys -- (HSFHWATI) DRV - [2005.08.01 08:28:33 | 000,070,912 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp) DRV - [2005.08.01 08:28:33 | 000,039,424 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8) DRV - [2005.08.01 08:28:32 | 000,146,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21) DRV - [2005.08.01 08:28:18 | 002,314,560 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) DRV - [2005.07.27 08:58:56 | 000,010,829 | ---- | M] (National Instruments) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lvalarmk.dll -- (lvalarmk) DRV - [2005.07.18 14:34:22 | 000,047,744 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vserial.sys -- (vserial) DRV - [2005.07.18 14:34:20 | 000,015,264 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vsb.sys -- (vsbus) DRV - [2005.07.18 01:45:44 | 000,031,334 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\gpib420.sys -- (gpib420) DRV - [2005.07.18 01:25:40 | 000,199,783 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\GpibPrtK.sys -- (GpibPrtK) DRV - [2005.06.29 19:50:30 | 000,110,080 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE) DRV - [2005.05.17 04:51:34 | 000,005,315 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA) DRV - [2005.05.05 02:08:38 | 000,463,168 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211) DRV - [2005.03.02 01:00:00 | 000,015,104 | R--- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avmunet.sys -- (AVMUNET) DRV - [2004.12.16 17:55:06 | 000,029,440 | ---- | M] (Siemens AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\actser.sys -- (actser) DRV - [2004.08.03 23:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) DRV - [2004.07.08 10:24:36 | 000,030,720 | ---- | M] (National Instruments) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\niembrtk.sys -- (niembrtk) DRV - [2004.05.17 12:21:54 | 000,017,280 | ---- | M] (Intellon, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\plcndis5.sys -- (PLCNDIS5) DRV - [2004.01.19 17:27:31 | 000,050,396 | R--- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K) DRV - [2004.01.19 17:27:26 | 000,006,828 | R--- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftlund.sys -- (FTLUND) DRV - [2004.01.19 17:27:18 | 000,019,153 | R--- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS) DRV - [2003.07.16 14:27:40 | 000,043,264 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl) DRV - [2003.04.28 12:27:06 | 000,009,867 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\HOTKEY.sys -- (Hotkey) DRV - [2001.09.28 08:47:22 | 000,037,972 | ---- | M] (DATAFAB) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DfStor2K.sys -- (DFSTR2K) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.yahoo.com/fsc/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.yahoo.com/fsc/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = eumex.ip IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = 192.168.0.1 ========== FireFox ========== FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..extensions.enabledAddons: getmail@webdesigns.ms11.net:3.4.10 FF - prefs.js..extensions.enabledItems: 2020Player@2020Technologies.com:4.5.2.0 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63 FF - prefs.js..extensions.enabledItems: {34fba747-cbc2-4929-b00d-0e523ee94a6f}:1.7.3 FF - prefs.js..extensions.enabledItems: getmail@webdesigns.ms11.net:3.2.4 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: launchy@gemal.dk:4.2.1 FF - prefs.js..extensions.enabledItems: {fb4eaeed-d1c9-45d1-a2bb-f2876142daf0}:0.600809120100 FF - prefs.js..extensions.enabledItems: {9815d32d-08c2-42ca-a8c6-43e501a4512f}:0.3.3 FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7 FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@cambridgesoft.com/Chem3D,version=12.0: C:\Programme\CambridgeSoft\ChemOffice2010\Chem3D\npChem3DPlugin.dll (CambridgeSoft Corp.) FF - HKLM\Software\MozillaPlugins\@cambridgesoft.com/ChemDraw,version=12.0: C:\Programme\CambridgeSoft\ChemOffice2010\ChemDraw\npcdp32.dll (CambridgeSoft Corp.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2321: C:\Programme\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2379: C:\Programme\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1483: C:\Programme\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.09.11 08:26:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.10.11 14:34:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 1.5.0.14\Extensions\\Components: C:\PROGRA~1\MOZILL~2\components\ [2010.06.23 09:31:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 1.5.0.14\Extensions\\Plugins: C:\PROGRA~1\MOZILL~2\plugins\ [2012.07.04 12:30:32 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 1.5.0.14\Extensions\\Components: C:\PROGRA~1\MOZILL~2\components\ [2010.06.23 09:31:38 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 1.5.0.14\Extensions\\Plugins: C:\PROGRA~1\MOZILL~2\plugins\ [2012.07.04 12:30:32 | 000,000,000 | ---D | M] [2008.12.14 12:10:28 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Extensions [2012.10.15 17:42:32 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\w7lhpv45.default\extensions [2009.04.15 10:00:17 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Sunbird\Profiles\1xggo7yo.default\extensions [2012.07.07 00:34:04 | 000,009,612 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\w7lhpv45.default\extensions\getmail@webdesigns.ms11.net.xpi [2012.07.04 14:13:43 | 000,011,510 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\w7lhpv45.default\extensions\youtube2mp3@mondayx.de.xpi [2012.09.06 12:32:31 | 000,199,396 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\w7lhpv45.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi [2012.07.24 22:52:29 | 000,741,958 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\w7lhpv45.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011.07.24 14:48:09 | 000,002,055 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\w7lhpv45.default\searchplugins\daemon-search.xml [2008.12.04 18:07:37 | 000,001,355 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\w7lhpv45.default\searchplugins\google-scholar.xml [2008.01.05 01:14:05 | 000,001,907 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\w7lhpv45.default\searchplugins\leo-eng-ger.xml [2007.09.14 21:50:54 | 000,001,364 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\w7lhpv45.default\searchplugins\organische-chemiech.xml [2007.04.24 21:15:44 | 000,001,067 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\w7lhpv45.default\searchplugins\wikipedia-deutsch.xml [2009.07.19 22:13:29 | 000,004,140 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\w7lhpv45.default\searchplugins\youtube.xml [2012.02.10 16:31:13 | 000,002,342 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\w7lhpv45.default\searchplugins\zvab-suche.xml [2012.07.07 00:34:07 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.09.06 12:32:09 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011.10.24 11:23:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2012.09.11 08:26:25 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2007.08.16 02:05:00 | 000,049,152 | ---- | M] (BitTorrent, Inc.) -- C:\Programme\mozilla firefox\plugins\npbittorrent.dll [2005.10.12 15:04:02 | 000,020,480 | ---- | M] (National Instruments) -- C:\Programme\mozilla firefox\plugins\NPLV80Win32.dll [2005.08.17 10:49:08 | 000,036,864 | ---- | M] () -- C:\Programme\mozilla firefox\plugins\npSfAppM.dll [2012.07.04 12:12:02 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.11 08:26:13 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.07.04 12:12:02 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.07.04 12:12:02 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.07.04 12:12:02 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.07.04 12:12:02 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.01.13 21:39:18 | 000,000,848 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 192.168.0.5 HP000D9D1C9E95 O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (no name) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found. O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation) O4 - HKLM..\Run: [CanonMyPrinter] C:\Programme\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CtrlVol] C:\Launch Manager\CtrlVol.exe (Wistron) O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [HotkeyApp] C:\Launch Manager\HotkeyApp.exe (Wistron) O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found O4 - HKLM..\Run: [LaunchAp] C:\Launch Manager\LaunchAp.exe () O4 - HKLM..\Run: [LMgrOSD] C:\Launch Manager\OSDCtrl.exe () O4 - HKLM..\Run: [LMgrVolOSD] C:\Launch Manager\OSD.exe (Wistron) O4 - HKLM..\Run: [niDevMon] C:\Programme\National Instruments\NI-DAQ\HWConfig\nidevmon.exe (National Instruments Corporation) O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe File not found O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [Wbutton] C:\Launch Manager\Wbutton.exe () O4 - HKCU..\Run: [Rainlendar2] C:\Programme\Rainlendar2\Rainlendar2.exe () O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Programme\Mozilla Firefox\plugins\GetFlash.exe -p File not found O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Acrobat - Schnellstart.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000002}\SC_Acrobat.exe () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Acrobat - Schnellstart.lnk.disabled () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk.disabled () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk.disabled () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 File not found O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000042 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000043 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000044 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000045 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000046 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000047 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000048 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000049 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000050 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000051 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000052 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000053 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000054 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000055 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000056 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000057 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000058 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000059 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000060 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000061 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000062 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000063 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000064 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000065 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000066 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000067 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000068 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000069 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000070 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000071 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000072 - %SystemRoot%\system32\wshbth.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000073 - %SystemRoot%\system32\wshbth.dll File not found O15 - HKCU\..Trusted Ranges: Range1 ([https] in Vertrauenswürdige Sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005.11.15 09:27:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2010.11.18 15:37:38 | 000,142,336 | R--- | M] () - E:\AutoRun.exe -- [ CDFS ] O32 - AutoRun File - [2011.01.11 20:22:00 | 000,000,047 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{008bf86e-ad78-11e0-af19-0002e3483755}\Shell - "" = AutoRun O33 - MountPoints2\{008bf86e-ad78-11e0-af19-0002e3483755}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{008bf86e-ad78-11e0-af19-0002e3483755}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2010.11.18 15:37:38 | 000,142,336 | R--- | M] () O33 - MountPoints2\{2d5c31ca-0254-11de-a82e-0002e3483755}\Shell\AutoRun\command - "" = System\Security\DriveGuard.exe -run O33 - MountPoints2\{2d5c31ca-0254-11de-a82e-0002e3483755}\Shell\Explore\Command - "" = System\Security\DriveGuard.exe -run O33 - MountPoints2\{2d5c31ca-0254-11de-a82e-0002e3483755}\Shell\Open\Command - "" = System\Security\DriveGuard.exe -run O33 - MountPoints2\{30dbbc3f-2695-11df-ad4e-0002e3483755}\Shell - "" = AutoRun O33 - MountPoints2\{30dbbc3f-2695-11df-ad4e-0002e3483755}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{30dbbc3f-2695-11df-ad4e-0002e3483755}\Shell\AutoRun\command - "" = E:\MINNIE.exe O33 - MountPoints2\{5c4d8a0b-4c8a-11df-ad8c-0002e3483755}\Shell - "" = AutoRun O33 - MountPoints2\{5c4d8a0b-4c8a-11df-ad8c-0002e3483755}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{5c4d8a0b-4c8a-11df-ad8c-0002e3483755}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O33 - MountPoints2\{6dd75ee2-b10b-11de-acc0-0002e3483755}\Shell\AutoRun\command - "" = E:\Toshiba\more4you.exe O33 - MountPoints2\{97d9480c-b723-11de-accc-0002e3483755}\Shell\AutoRun\command - "" = System\Security\DriveGuard.exe -run O33 - MountPoints2\{97d9480c-b723-11de-accc-0002e3483755}\Shell\Explore\Command - "" = System\Security\DriveGuard.exe -run O33 - MountPoints2\{97d9480c-b723-11de-accc-0002e3483755}\Shell\Open\Command - "" = System\Security\DriveGuard.exe -run O33 - MountPoints2\{9c99d742-d829-11da-a330-0002e3483755}\Shell - "" = AutoRun O33 - MountPoints2\{9c99d742-d829-11da-a330-0002e3483755}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{9c99d742-d829-11da-a330-0002e3483755}\Shell\AutoRun\command - "" = E:\preinst.exe O33 - MountPoints2\{9da2653a-a106-11e0-af04-0002e3483755}\Shell - "" = AutoRun O33 - MountPoints2\{9da2653a-a106-11e0-af04-0002e3483755}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{9da2653a-a106-11e0-af04-0002e3483755}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{a34bf88d-1e2e-11de-abef-0002e3483755}\Shell\AutoRun\command - "" = System\Security\DriveGuard.exe -run O33 - MountPoints2\{a34bf88d-1e2e-11de-abef-0002e3483755}\Shell\Explore\Command - "" = System\Security\DriveGuard.exe -run O33 - MountPoints2\{a34bf88d-1e2e-11de-abef-0002e3483755}\Shell\Open\Command - "" = System\Security\DriveGuard.exe -run O33 - MountPoints2\{ca04baa6-9be9-11da-a2c4-0002e3483755}\Shell - "" = AutoRun O33 - MountPoints2\{ca04baa6-9be9-11da-a2c4-0002e3483755}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{ca04baa6-9be9-11da-a2c4-0002e3483755}\Shell\AutoRun\command - "" = E:\preinst.exe O33 - MountPoints2\{cb837fdc-82bd-11e0-aecf-000ae4b0ac2f}\Shell - "" = AutoRun O33 - MountPoints2\{cb837fdc-82bd-11e0-aecf-000ae4b0ac2f}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{cb837fdc-82bd-11e0-aecf-000ae4b0ac2f}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2010.11.18 15:37:38 | 000,142,336 | R--- | M] () O33 - MountPoints2\{cb837fdf-82bd-11e0-aecf-000ae4b0ac2f}\Shell - "" = AutoRun O33 - MountPoints2\{cb837fdf-82bd-11e0-aecf-000ae4b0ac2f}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{cb837fdf-82bd-11e0-aecf-000ae4b0ac2f}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2010.11.18 15:37:38 | 000,142,336 | R--- | M] () O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.10.15 19:02:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Adobe [2012.10.15 18:33:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Malwarebytes [2012.10.15 18:33:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2012.10.15 18:33:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2012.10.15 18:33:10 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.10.15 18:33:10 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2012.10.15 17:12:16 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\User\Recent [2012.10.14 21:26:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Eigene Dateien\Arbeitsvertrag [2012.10.14 21:16:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Eigene Dateien\Schwindelfrei [2012.10.11 15:30:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Eigene Dateien\LabVIEW Data [2012.10.11 15:19:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\nidaq [2012.10.11 15:17:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\nimcorb [2012.10.11 15:15:58 | 000,000,000 | ---D | C] -- C:\Programme\cameralink [2012.10.11 14:50:57 | 000,000,000 | ---D | C] -- C:\VXIPNP [2012.10.11 14:47:47 | 000,000,000 | ---D | C] -- C:\Programme\IVI [2012.10.11 14:26:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\National Instruments [2012.10.11 14:25:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\cvirte [2012.10.11 14:25:36 | 000,000,000 | ---D | C] -- C:\Programme\National Instruments [2012.09.28 14:52:17 | 000,000,000 | ---D | C] -- C:\My Data [2012.09.28 14:52:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\SMaRT [2012.09.28 14:52:01 | 000,000,000 | ---D | C] -- C:\Programme\SMaRT [2012.09.26 16:54:40 | 000,000,000 | ---D | C] -- C:\Programme\1ClickDownload [2012.09.25 01:42:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Office Live Add-in [2012.09.25 01:42:12 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft [2012.09.24 22:54:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe [2012.09.24 22:53:47 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java [13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\Dokumente und Einstellungen\User\Eigene Dateien\*.tmp files -> C:\Dokumente und Einstellungen\User\Eigene Dateien\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.10.15 19:55:05 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\User\defogger_reenable [2012.10.15 19:51:38 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.10.15 19:16:03 | 000,001,206 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2638560129-685934672-2847317654-1007UA.job [2012.10.15 17:09:10 | 000,002,319 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Acrobat - Schnellstart.lnk [2012.10.15 17:08:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.10.15 17:08:50 | 937,660,416 | -HS- | M] () -- C:\hiberfil.sys [2012.10.15 11:16:00 | 000,001,154 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2638560129-685934672-2847317654-1007Core.job [2012.10.14 14:40:01 | 000,000,182 | ---- | M] () -- C:\WINDOWS\hpbafd.ini [2012.10.11 16:52:48 | 000,000,000 | ---- | M] () -- C:\WINDOWS\imaqconf.ini [2012.10.11 15:18:57 | 000,120,406 | ---- | M] () -- C:\WINDOWS\System32\niorbmap [2012.10.11 15:00:23 | 000,000,795 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Measurement & Automation.lnk [2012.10.11 14:53:00 | 000,003,091 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2012.09.28 14:52:05 | 000,001,586 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SMaRT.lnk [2012.09.27 17:58:54 | 006,381,575 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Eigene Dateien\Setup Solartron+Chelsea WinDETA.pdf [2012.09.25 01:20:34 | 937,709,568 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP [2012.09.24 22:51:04 | 000,499,508 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.09.24 22:51:04 | 000,480,244 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.09.24 22:51:04 | 000,095,928 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.09.24 22:51:04 | 000,082,076 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\Dokumente und Einstellungen\User\Eigene Dateien\*.tmp files -> C:\Dokumente und Einstellungen\User\Eigene Dateien\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.10.15 19:55:05 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\User\defogger_reenable [2012.10.11 16:52:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\imaqconf.ini [2012.10.11 15:00:23 | 000,000,795 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Measurement & Automation.lnk [2012.10.11 14:50:00 | 000,120,406 | ---- | C] () -- C:\WINDOWS\System32\niorbmap [2012.10.11 14:33:22 | 000,000,783 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\National Instruments LabVIEW 8.0.lnk [2012.09.28 14:52:05 | 000,001,586 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SMaRT.lnk [2012.09.27 17:58:53 | 006,381,575 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Eigene Dateien\Setup Solartron+Chelsea WinDETA.pdf [2012.08.14 19:26:32 | 000,310,272 | ---- | C] () -- C:\WINDOWS\System32\UPDIO2.dll [2012.08.14 19:26:31 | 000,254,464 | ---- | C] () -- C:\WINDOWS\System32\SUPDRun.exe [2012.08.14 19:26:27 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\spd__l.dll [2012.08.14 19:26:22 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\spd__ci.exe [2012.08.14 19:26:19 | 001,558,432 | ---- | C] () -- C:\WINDOWS\TotalUninstaller.exe [2012.08.08 15:59:38 | 000,014,271 | ---- | C] () -- C:\Dokumente und Einstellungen\User\.recently-used.xbel [2012.08.05 22:16:07 | 000,004,288 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\recently-used.xbel [2012.08.05 17:55:02 | 000,103,424 | ---- | C] () -- C:\WINDOWS\System32\MoticRecordCore.dll [2012.08.05 17:52:51 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\JPEGDLL32.dll [2012.08.05 17:52:49 | 000,053,760 | ---- | C] () -- C:\WINDOWS\System32\Dongle.dll [2012.08.04 21:53:04 | 000,000,106 | ---- | C] () -- C:\Dokumente und Einstellungen\User\tonwert [2012.08.02 01:19:27 | 000,247,808 | ---- | C] () -- C:\WINDOWS\System32\MoticIPFilter.dll [2012.08.02 01:19:26 | 000,227,840 | ---- | C] () -- C:\WINDOWS\System32\MoticBmpCapture.dll [2012.08.02 01:18:58 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\MoticImageDevicesProxy.dll [2012.08.02 01:18:57 | 000,189,440 | ---- | C] () -- C:\WINDOWS\System32\MUCam32.dll [2012.08.02 01:18:55 | 000,663,552 | ---- | C] () -- C:\WINDOWS\System32\FreeImage.dll [2012.08.02 01:18:54 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\MoticCamfnc.dll [2012.02.07 17:48:51 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll [2011.05.17 17:33:24 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\TransCom.dll [2011.05.17 17:32:48 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\FirmwareID.dll [2011.03.12 10:49:13 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2011.02.22 10:48:18 | 000,000,182 | ---- | C] () -- C:\WINDOWS\hpbafd.ini [2010.11.08 19:32:58 | 000,153,833 | ---- | C] () -- C:\WINDOWS\hpwins22.dat.temp [2010.11.08 19:32:58 | 000,001,075 | ---- | C] () -- C:\WINDOWS\hpwmdl22.dat.temp [2010.11.08 13:48:49 | 000,131,250 | ---- | C] () -- C:\WINDOWS\hpwins22.dat [2010.11.08 13:48:49 | 000,001,075 | ---- | C] () -- C:\WINDOWS\hpwmdl22.dat [2010.07.11 13:37:47 | 000,188,378 | ---- | C] () -- C:\Dokumente und Einstellungen\User\acbstractpicture.pdf [2009.02.12 21:38:56 | 000,018,145 | ---- | C] () -- C:\Dokumente und Einstellungen\User\martin.dbj [2009.01.03 15:01:36 | 000,032,768 | ---- | C] () -- C:\Dokumente und Einstellungen\User\WebVpnRegKey6-vpn-uni-halle-de.dll [2008.12.10 23:34:37 | 000,032,768 | ---- | C] () -- C:\Dokumente und Einstellungen\User\WebVpnRegKey6-10-0-0-1.dll [2008.12.03 17:58:00 | 000,009,418 | ---- | C] () -- C:\Dokumente und Einstellungen\User\agic2008mmp.html [2008.11.14 13:00:37 | 000,002,481 | ---- | C] () -- C:\Dokumente und Einstellungen\User\.html [2007.04.09 21:27:35 | 000,000,040 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.zreglib [2006.12.06 02:18:52 | 000,000,537 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\solvents.map [2006.07.27 17:57:13 | 000,001,777 | ---- | C] () -- C:\Dokumente und Einstellungen\User\gsview32.ini [2006.05.18 20:13:39 | 000,000,009 | ---- | C] () -- C:\Dokumente und Einstellungen\User\cd.aux [2006.04.26 23:01:48 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\dm.ini [2006.04.13 21:07:40 | 000,000,198 | ---- | C] () -- C:\Dokumente und Einstellungen\User\vgalusr1.vr [2006.03.13 14:27:17 | 000,038,292 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Microsoft Excel.ADR [2006.03.13 14:21:33 | 000,012,943 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Microsoft Excel.CAL [2005.12.27 17:12:40 | 000,007,496 | ---- | C] () -- C:\Dokumente und Einstellungen\User\sample2e.dvi [2005.12.27 17:12:40 | 000,000,162 | ---- | C] () -- C:\Dokumente und Einstellungen\User\sample2e.aux [2005.12.25 02:34:28 | 000,228,864 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2005.12.12 17:35:15 | 000,000,140 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\wklnhst.dat [2005.12.07 15:26:28 | 000,000,137 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat ========== ZeroAccess Check ========== [2005.11.15 09:33:15 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2010.04.16 17:20:25 | 001,509,888 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 12:00:58 | 000,473,088 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2004.08.04 14:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.08.02 00:41:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Baumer Optronic [2012.03.28 11:46:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CambridgeSoft [2012.06.18 22:39:45 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ [2009.10.25 19:09:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Cisco [2011.07.24 14:47:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite [2011.05.20 10:52:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DatacardService [2011.12.29 23:06:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MDMA [2011.11.03 11:57:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mestrelab Research S.L [2007.08.19 16:01:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microangelo On Display [2011.05.20 10:51:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mobile Partner [2012.08.05 18:18:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Motic [2012.02.29 20:36:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\OriginLab [2012.08.14 19:27:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Samsung [2007.04.09 21:27:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SlySoft [2011.03.23 12:30:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\StatSoft [2012.08.27 11:08:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2011.08.16 13:50:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Thomson.ResearchSoft.Installers [2011.03.23 16:34:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software [2011.03.23 16:33:38 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16} [2009.03.06 19:56:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\.k3d [2012.08.02 00:41:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Baumer Optronic [2012.04.30 15:28:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\BitTorrent [2009.02.24 16:41:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Blender Foundation [2010.01.04 13:30:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\BSW [2011.05.25 13:02:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\ChemAxon [2010.05.02 12:28:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\ChemOffice2004 [2011.07.24 14:55:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\DAEMON Tools Lite [2010.08.08 14:53:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\DataCast [2012.07.17 11:18:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Dropbox [2012.01.07 16:14:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\EndNote [2008.02.16 19:59:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\FTPGetter [2012.08.06 18:43:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\gtk-2.0 [2012.02.16 11:32:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\inkscape [2006.01.12 23:28:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\InterVideo [2012.08.04 20:54:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\IrfanView [2006.05.09 12:04:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Leadertech [2005.12.27 04:53:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\LyX [2006.07.27 17:48:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\MAGIX [2011.11.03 11:57:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mestrelab Research S.L [2012.08.05 18:40:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Motic [2012.07.24 15:06:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Nikon [2010.10.26 11:24:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\OpenOffice.org [2012.06.07 10:00:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Oracle [2008.02.16 19:47:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Pleis Software [2012.06.01 21:12:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Profiles [2007.11.24 18:27:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\RouterControl [2009.01.11 12:49:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Stellarium [2005.12.12 17:35:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Template [2006.08.03 22:24:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Thunderbird [2011.03.23 16:34:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\TuneUp Software [2008.10.21 17:49:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\zweitgeist ========== Purity Check ========== ========== Hard Links - Junction Points - Mount Points - Symbolic Links ========== [C:\WINDOWS\$NtUninstallKB22607$] -> Error: Cannot create file handle -> Unknown point type ========== Alternate Data Streams ========== @Alternate Data Stream - 143 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:C8B8CEBD @Alternate Data Stream - 105 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:F5AC56EA < End of report > Code:
ATTFilter OTL Extras logfile created on: 15.10.2012 19:59:42 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\User\Eigene Dateien\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
894.16 Mb Total Physical Memory | 539.59 Mb Available Physical Memory | 60.35% Memory free
2.12 Gb Paging File | 1.60 Gb Available in Paging File | 75.60% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 74.53 Gb Total Space | 4.81 Gb Free Space | 6.45% Space Free | Partition Type: NTFS
Drive E: | 33.25 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: KAROOSU-II | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
.scr [@ = RasWin.Script] -- C:\Programme\RasWin\RasWin.exe ()
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Programme\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01610E8F-5F6A-4D9A-AFC4-3FE1AC19C488}" = NI-653x Support
"{03773BAB-F4D0-405C-B0BC-AD8053D95B8E}" = NI LabVIEW 8.0 Instr.lib
"{061AE98B-178A-4143-A52A-68ED9279644D}" = NI Legacy DAQmxRF
"{06960020-59A4-11D5-9721-00B0D03F1A43}" = Motic Images Plus 2.0
"{0819E89D-6214-4B6F-A18D-4633CB4E0E4A}" = Softwareupdate für Webordner
"{09B0D7DF-1871-4DAF-9644-D34E0641F309}" = NI DHV DCMP Installer 105f1
"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
"{0AA096F0-FD0C-4859-8F71-441699B16752}" = NI-SCOPE 2.9.2
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0CF6DF46-1058-4B3B-A49E-1C70145C849F}" = NI-VISA Server 3.4
"{0F09F023-E0EF-40DA-A972-38F5BD0DA302}" = NI-VISA MAX Provider 3.4
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4700_series" = Canon iP4700 series Printer Driver
"{11AE3814-BE69-4934-B256-E918F574340F}" = NI-488.2 2.43
"{1212A25B-EE14-4919-AA06-C5EA5E46CAA4}" = NI LabVIEW 8.0 Help
"{12293183-17BA-4A6B-853A-009871F391E4}" = NI-DAQmx - LabVIEW shared documentation
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{162583A9-FA87-4F26-BD56-3ACD381DB9BE}" = SMaRT
"{1AD77A05-76EC-44CF-940F-799FFFE6C731}" = NI Assistant Framework
"{1C63DD23-6554-4A1F-8D0D-B5A6B49D8015}" = Corel Graphics Suite 11
"{1C85BB92-B17F-4CE3-AC53-F9350D1B6D98}" = NI SignalExpress 1.2.2 Datatypes
"{1D51A29C-475D-43A7-A6E8-5592FF6E343D}" = NI LabVIEW 8.0 Simulation
"{1E37767B-1A94-4FEA-9120-15B3360B6D3A}" = NI-DAQmx OPC Support
"{1E85A47B-4150-4003-8283-8B2EB94AF5C9}" = NI-RPC 3.2.1f0
"{1EA6473D-6AFB-4349-B138-DBD810C0F34E}" = NI-DMM 2.4.6
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F72FFB7-3E5C-4752-9E23-FA6CE0281CAD}" = NI-IRDA 1.0.2f0 for Phar Lap ETS
"{21082394-654A-46A9-9426-B834F02877EC}" = NI LabVIEW 8.0 Menus
"{2146CF1A-5ACD-4A50-8B36-6A7DD095B08C}" = NI-DAQ INF Files
"{221861B8-D133-4377-803D-F005EB2B733C}" = NI LVBrokerAux1071
"{26208991-520E-489B-AD52-A7CEA5A5C857}" = NI-IMAQ 3.5
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{26F4D5DD-865B-4A2B-9A36-EE22ACA97331}" = NI-MXDF 1.4.0f0
"{28C59BDD-55F3-4454-BF17-37AC537F894B}" = NI MDF Support
"{2B8681BE-302C-4976-8E77-2735EAEF2AAD}" = NI-VISA for LabVIEW Real-Time 3.4
"{2BD1A5B5-8E98-4E2D-9BE5-D68C57C2FDBE}" = NI Assistant Framework LabVIEW Code Generator 7.0
"{2C8ACC4A-240C-4EC8-81BC-792C5DAE027D}" = NI-DIM 1.3.0f0 for Phar Lap ETS
"{2D7B1642-931E-47C5-9B55-A4E83A9548FD}" = NI-RPC 3.2.1f0 for Phar Lap ETS
"{2E531946-E4A9-4D58-BB69-5696F8481EE2}" = NI LabVIEW 8.0 Help File
"{307ADD1B-AD3E-4D6C-898B-1EB60B1269BC}" = NI LabVIEW 8.0 CINtools
"{32117214-B9F1-4EAC-8EC3-417161EC388D}" = NI LabVIEW MAX XML
"{3263845B-95F2-43C0-817E-B7BF25BCB742}" = NI-PAL 1.10.0f0 for Phar Lap ETS
"{33B9AC9D-0442-4728-AAA1-6B30949B87C5}" = NI-Motion MAX Provider 7.1
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36B13A26-2DD0-4441-A747-C788B4623929}" = NI-SWITCH 3.0
"{36DC540B-3062-4538-B1D1-E367BC9F47FC}" = NI LVBrokerAux71
"{37128905-461C-41E3-86EF-A0B7A627B548}" = NI DHV GPL 107f1
"{37C93522-0209-4D4C-A100-8C149EB45D2C}" = NI LabVIEW 8.0 WWW
"{381E653F-D10F-4866-9A50-E211B97DE574}" = NI LVBrokerAux70
"{3A6F4A31-8CFD-46B4-8385-E1F384DB121E}" = PDF-XChange Viewer
"{3AB4E8CB-3321-4D43-8A59-885338A6EBF9}" = STATISTICA 8.0.725.0 CS
"{3C7B88E1-2C72-44CA-A883-62679DBBA36B}" = NI-DAQmx MAX Support 1.4.0
"{3CD9E7BB-6347-479A-BB0C-0093C1AE6944}" = NI Software Provider for MAX
"{3D47F62E-EE3A-44B6-9079-7D683CA4A975}" = Motic Images Multi-Focus Pro 1.0
"{3DFF45F7-C12C-4A3A-BA9E-1946A4E92424}" = NI LabVIEW Real-Time Error Dialog
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4159DD60-49C1-4323-A1A5-FB060CBA35C5}" = NI Measurement Studio Recipe Processor
"{41BE0B6B-A0A0-4848-9DB5-92359D7BFB7D}" = NI DIO Core 141f1
"{45A380B1-4EBC-489F-9A86-689F5BB5E1E8}" = NI DAQ Assistant 1.5.0
"{45F0CC81-BFA7-4E00-8682-8595BA27C114}" = NI Assistant Framework LabVIEW Code Generator 7.1
"{461BB471-0B29-4A85-8B8E-AD0D96F9BD12}" = NI SCXI 1.2.0
"{46AB635F-5C13-4592-AE25-8687816341D7}" = NI LabVIEW 8.0 Project
"{489922DB-811B-417F-88B8-417ABC93A09A}" = NI-FGEN Driver Part 131f2
"{4960B043-C25F-4C85-B5DF-817448F4D31E}" = NI LabVIEW Deployable License 8.0
"{496B9B49-C7CA-4F32-BD18-029D1C7105F0}" = NI Spy 2.3.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E79CFA8-5FBA-4777-8B69-F52DEFF31BA7}" = NI-CAN - CAN/DNET Core
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5500F75F-EC8D-40D4-A346-9E46D931C4CF}" = NI-VISA 3.4
"{5545EEE4-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2701.01)
"{567DE038-00EF-4C42-8492-3C53B81351BC}" = NI-488.2 Provider for MAX
"{588667A2-96B8-43DA-AF99-6861BED9C889}" = NI LabVIEW 8.0 Applibs
"{5A4AC082-8D61-442A-8A86-68869CB9BC80}" = NI MXS 4.0
"{5B061FDE-E53E-4DDC-8532-D23F95A56B38}" = NI-IVI Provider for MAX
"{5BCB370B-F341-45DF-BDEF-29E1F1291C2C}" = NI PXI Platform Services for Windows 1.5.1
"{5DC9049B-DEEB-429F-8B52-FEC48FC1E9FF}" = NI Remote Provider for MAX
"{5F5E7797-67A8-432C-8319-2D2B2A687AE6}" = NI-DAQmx Documentation
"{607BCFFA-1FDA-4F56-AB36-1A4B2A003FD4}" = NI Variable Engine LabVIEW 8.0 Support
"{60FC2242-9CF5-4264-B02A-A4A86447F560}" = NI EULA Depot
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6134FECC-3207-42A8-BE11-76F80260E416}" = NI Measurements eXtensions for PAL 1.3.0
"{61662552-5E9A-46C1-9D79-97B3B53D4344}" = NI ModInst 1.1.1
"{62DBBC58-6C51-4793-BA66-45012F8BA32C}" = NI LabVIEW Run-Time Engine 7.1.1
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69D26AD4-8D4F-424C-89A2-36E7996FE9F4}" = NI-Motion 7.1
"{6E867F5F-191E-4F87-AC87-DB1D7C2B2082}" = NI-ORB 1.3.0f2 for Phar Lap ETS
"{6F139AA4-624B-499A-A20F-AF20F552B494}" = NI PXI Platform Services for LabVIEW Real-Time 1.5.1
"{6FC644ED-B118-4837-AE96-1828FC400E56}" = NI OPC Support
"{7020FC34-6E04-4858-924D-354B28CB2402}_is1" = Luminance HDR 2.1.0
"{708878B7-6B4C-42EB-AA0B-FD91339E228B}" = NI-DNET 1.4.2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{761C7705-C07C-47C1-9DEF-1C7B7E85C026}" = NI-Embedded RT Provider 1.1 for MAX
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}" = Windows Live installer
"{847D8AC1-E041-44BF-8FE9-0A1CACD3169A}" = NI Registration Wizard
"{857594FA-206C-4937-8D9B-D096F737C17B}" = NI-TClk 1.4.1
"{85BA7798-BFDB-4A26-99E1-1D685DD70D6C}" = NI Variable Engine
"{86B3F2D6-AC2B-4E88-8AE1-F2F77F781B0C}" = EndNote X3
"{879D59A5-FD51-44EE-91D2-734CA0DC91D8}" = NI LabVIEW RT Proxy
"{87F64F82-D571-4F51-A8FA-A36C273BA3C7}" = NI-PAL 1.10.0f0
"{88BBB9A9-C034-466E-BB83-8197AFD1669C}" = NI LVBrokerAux8.0
"{8A4C8B35-7004-4E33-9064-D66A2238BEB5}" = NI-IMAQ Configuration 1.6
"{8A78D7F3-6D9F-4616-B813-4A7BF5495809}" = NI-DAQmx support for LabVIEW
"{8AB1D901-D67B-4827-B7BD-CA048D2E4769}" = NI Fusion Standard Library
"{8BB89D6D-85DD-4B36-A5D8-2321509E9E64}" = NI LabVIEW 8.0 iMath
"{8C363CB9-9F31-4349-8491-762C42D3FDFB}" = CambridgeSoft Desktop Inventory 12.0
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8DF4BC37-2D90-4F99-8F20-7D5EB0679094}" = IVI Shared Component
"{8E41D2A5-C0DD-4139-8C7A-2F0E1F20ED24}" = CombineZP
"{8EB3022D-F805-421C-A573-59EC3EE5C08C}" = NI-IMAQ Provider for MAX
"{8ED57302-7546-4DC3-BD5F-EC87CBCEBD71}" = NI LabVIEW 8.0 Examples
"{8F2735AA-F673-4818-8F33-FE9E5612EBDB}" = NI-CAN 2.3.1
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0016-0000-0000-0000000FF1CE}" = Microsoft Office Excel 2007
"{90120000-0016-0000-0000-0000000FF1CE}_EXCEL_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_EXCEL_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_EXCEL_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_EXCEL_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_EXCEL_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_EXCEL_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_EXCEL_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{901A0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Outlook 2003
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{91120407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{92083A9A-549D-4057-88E8-223EA08563FA}" = Cisco AnyConnect VPN Client
"{92E160E5-0C7A-4DDA-9285-4B307547766D}" = NI-DAQmx Switch Core 1.6.0
"{92E975F4-D3C2-4F27-8CF8-5510D02AAEEF}" = NI Assistant Framework LabVIEW Code Generator 6.1
"{95F578F6-E6BC-4743-BB82-9CE93E460074}" = NI-TNF 1.3.1f0 for Phar Lap ETS
"{980A99BE-86E6-4365-BEC8-9C64D06FC42C}" = NI LabVIEW 8.0 MeasAppChm File
"{984C439F-FCC1-44E4-B7D6-800DC4921012}" = NI LabVIEW 8.0 Manuals
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B114692-442E-46C7-8F01-797BF434024B}" = NI STC 1.2.0
"{9C3C2CC1-94E5-469E-98B7-A74125CC5827}" = NI Common Digital 1.2.0
"{9DE980C5-926C-4BE0-B3CA-F18A3455FF1A}" = NI Timing 1.5.0
"{9E0AE153-88DC-428B-99EB-6A3D984230B8}" = NI LabWindows/CVI 7.1.1 Run Time Engine
"{9F17FA4D-409D-4DB4-BB2E-93949844BE74}" = NI IVI Engine 2.0
"{9F6D6471-32F4-4583-960D-4FC956D0A04B}" = NI Portable Configuration
"{9F9D38F6-C366-432C-AD75-4EAB1AF381A3}" = NI-CAN: Common LabVIEW code for NI CAN products
"{9FFBB61F-4B1B-421C-8F34-7340458ED6B7}" = NI Assistant Framework LabVIEW Code Generator 8.0
"{A038B7DE-A784-42BE-BB2B-D101E6223FC2}" = NI-HSDIO 1.4.1
"{A1E1083D-249D-483C-AD92-CDCFA230A4C7}" = STATISTICA CambridgeSoft Integration
"{A25708B0-0520-4BE3-927A-2CF039CDF40E}" = NI LabVIEW 8.0 Resource
"{A2AA1890-14B4-4252-A17E-7A338BC42D88}" = NI-DIM 1.3.0f0
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A542D955-9F05-4C74-8866-25DDC0DB15DB}" = SIEMENS USB Data Cable
"{A9C61320-FA84-4B54-AEAA-3BEFE95B6FA8}" = NI LabWindows/CVI 7.0 Code Generator
"{AA8D8A7B-4606-420E-9FE9-E4C77B200857}" = NI Measurement & Automation Explorer 4.0
"{AB171825-B5E6-4F9A-8438-6E1D99EFCB58}" = USB Data Cable Driver
"{AB7F05AC-F4CF-4355-8BB8-C3D443E1D2AF}" = NI Calibration Provider for MAX
"{AC76BA86-1033-F400-7760-000000000002}" = Adobe Acrobat 7.0 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AD31D4D6-7154-4AC4-B580-59F28CA331D0}" = MDL CrossFire Commander 7.0 SP2
"{B08C2B62-0200-4801-A62A-4E4069928A1A}" = NI LabVIEW 8.0 User.lib
"{B1AA8556-7F80-4F7B-8F6B-2E69D0C96298}" = Traditional NI-DAQ Documentation
"{B1F27A23-B6D1-4397-BA2F-25F348DF135F}" = NI Uninstaller
"{B26E3B0D-C2FA-4370-B068-7C476766F029}" = Microsoft Works
"{B3428FFA-367B-46B6-AFAF-34A63C77BAEE}" = NI-DAQ C and VB6 API
"{B3A667C2-66F2-41FA-94CA-B5DD9A6F3380}" = Traditional NI-DAQ 7.4.1 (Legacy)
"{B43543B0-1B58-45DF-94E2-669B1EF9D251}" = NI-ORB 1.3.0f2
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BBD2F68D-97FD-48CF-93BC-9E9C24B2B016}" = NI Logos 4.6
"{BCD6D492-DB6C-4582-8AE3-8EE9D4EAF74A}" = NI LabVIEW Broker
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{BEA0A9C5-C1D9-40AF-A52D-C2D816ADE1D5}" = NI-MDBG 1.3.0f0
"{BFD080F6-3BF0-40E1-9507-9CA969C35870}" = Sunbelt Personal Firewall
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C184F49B-34E6-4A0C-B7CF-219F9AE3EF6F}" = Motic Images Assembly Pro 1.0
"{C1D8CD08-C64C-4039-BE58-9289907344D7}" = NI-CAN Provider for MAX
"{C346D933-8F17-4A18-B96B-D240157C1AE6}" = NI LabVIEW 8.0 Deutsch
"{C5078C26-8B75-411D-9806-27E2BBD61DF6}" = NI Remote PXI Provider for MAX
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C73A0FC7-FFDC-4BAD-912A-C5791FF9EAC6}" = NI Service Locator
"{CB2D3647-18D2-4E06-8062-AF6224C5489E}" = NGrab Streamingserver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC82342B-74FC-4BD6-AF8C-6CAEAC389DE9}" = NI Script Editor 1.3.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D06EF6C2-62D8-4308-897E-B20FE81712B4}" = CambridgeSoft ChemBioOffice Ultra 2010
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.3.4
"{D0AA2E4A-CC81-4BE4-8607-8C4D5BC8AE03}" = Origin85
"{D2EB6337-42E5-4D6E-B01F-2FF9E30F4A06}" = NI Web Pipeline
"{D3439CB7-5F0E-493C-BD9F-E6CA41E8B27A}" = NI Hierarchical Waveform Storage 1.4.1
"{D3F14999-E294-449F-93CB-699775F53A6E}" = NI Example Finder 8.0
"{D573DEA6-782D-4032-998D-18DA272DA38F}" = NI LabVIEW Run-Time Engine 7.0
"{D69245E6-87C2-40E6-8F0D-F93F23EE4A0F}" = NI LabVIEW Run-Time Engine 8.0
"{D75DA63A-6403-4268-AB34-90134DDF65D5}" = NI MIO Device Drivers 1.7.0
"{D89B93AC-6507-40CA-A22A-0A1700ED0E04}" = NI Variable Manager
"{D92D5431-B36E-498A-9E7B-521E53C8825A}" = NI-DAQmx 8.0
"{D9B37BA7-24CD-445B-B145-773CC99D3E00}" = NI LabVIEW 8.0 Activity
"{D9C9A9BC-7891-4057-A193-56CEAAE2C143}" = NI-VISA Runtime 3.4
"{D9DC7038-9448-41BE-AEC3-122262D3ED0B}" = NI-FGEN 2.3.2
"{DB2C5648-700D-4AEF-83E1-70C72F0C34FA}" = NI Math Kernel Libraries
"{DB4663C6-2E47-4B46-AD39-52F546D53809}" = NI-MRU 2.4.0f0
"{DC25A68A-D49A-474F-B86D-86EB228553ED}" = NI-Embedded RT 1.0.1
"{DD390149-1F7A-4451-B64D-82FAC39F8B3C}" = NI USI 1.2.0
"{de2f2d9c-53e2-40ee-8209-74da63cb060e}" = Python 3.0.1
"{DEBA0D04-418C-4791-BF2D-046ED28B13D0}" = NI-DAQmx DSA Support 1.5.0
"{DEE42EFF-EE8F-4C81-9CFA-647B26B915CD}" = NI LabVIEW 8.0 gMath
"{DEF321A1-6E28-49A1-A5EC-DB79E647E51F}" = NI-DAQ Document Set
"{DFE4E18A-6F20-4F3C-AB3D-382FFFB43BCA}" = NI LabVIEW 8.0 Templates
"{E040BA70-61B7-434E-A273-F62EB400AC4F}" = NI Session Manager 3.5
"{E0E49070-F2C7-402A-9D36-C9B87CA2E09D}" = OriginPro 8.5
"{E145D9BE-D521-4527-A85D-2B2D47725506}" = CambridgeSoft ChemScript 12.0
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E3AD8913-0BF6-455C-92E3-5CDCD8C7D266}" = NI Instrument IO Assistant for LabVIEW 8.0
"{E3B9CB1E-C982-4A5A-BBC8-EDBE784A756A}" = NI LabVIEW 8.0 VI.lib
"{E4A3D0CD-EEA2-458F-BBC8-DC174DCCAC3D}" = NI-Serial for LabVIEW Real-Time 2.5.6
"{E51FB7DE-F7B5-4BB3-958F-4DC0C8EECAF0}" = NI-Motion 7.1 FX Development
"{E57C34B8-623E-4757-92D7-BBE17488E24D}" = NI IVI Class Drivers
"{E773E0B9-6ABE-4F9E-816C-56B2DD8613B9}" = CambridgeSoft Activation Client
"{E7CDB32A-128D-49DB-BF7F-1E96EA636D88}" = NI PXI Platform Services Provider for MAX 1.5.1
"{EAAEEDD4-0609-47E8-B747-AF3D8E8AD88C}" = NI-Watchdog 2.1.4f0
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{ECE12161-B445-48FA-9056-FD54D8A72459}" = OriginPro 7.5
"{ECE4289B-68C8-4D30-9C65-84CC2052CCFF}" = CambridgeSoft BioAssay 12.0
"{ED1617B8-98F7-412A-9502-BB9607CE17C3}" = NI Instrument I/O Assistant
"{ED318768-B5F9-4102-9852-B2AAB68819B2}" = NI LabVIEW 8.0 Device Detection and Deployment Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F14236D9-4B9A-4CEC-AE70-0E964020A0E7}" = NI Logos LabVIEW 8.0 Support
"{F2FC4CA5-BC77-4118-BC84-1542BF2EE06B}" = NI-DAQ Provider for MAX
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F596E368-2A1D-4896-AB37-C81BFA4DD011}" = CambridgeSoft ENotebook 12.0.1
"{F80E2443-811E-4864-9AC7-0C6DDBED3186}" = NI LabVIEW C Interface
"{F98A8B8A-1922-4C8D-9852-074A1DA3EB2A}" = NI HSD Core 142f3
"{F993C3BF-D483-4B80-8EE7-8AB6F0E7450E}" = NI IVI Compliance Package 2.3
"{FA237125-51FF-408C-8BB8-30C2B3DFFF9C}" = Windows Resource Kit Tools
"{FAE4CE60-F3C1-463A-98CF-7A810E26A4DB}" = NI DataSocket 4.3.0
"{FB6DF036-C3A7-4A89-92DA-B4364A8E9373}" = NI License Manager
"{FC924128-8F69-4561-B6F8-994C44311F21}" = Motic Images Advanced 3.2
"{FFEC1925-09BC-493D-97FC-D27A364C9C8A}" = NI-488.2 for LabVIEW Real-Time 2.4.3
"1ClickDownload" = 1ClickDownloader
"31830087-F23D-4198-B67D-AD4A2A69147F_is1" = Micro-Manager-1.4
"AccelrysAccordSDK51RT" = Accord SDK 5.1 Runtime
"Adobe Acrobat 3.01" = Adobe Acrobat 3.01
"Adobe Acrobat 7.0 Professional - EFG" = Adobe Acrobat 7.0 Professional - English, Français, Deutsch
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Adobe Type Manager 4.1" = Adobe Type Manager 4.1
"AdobeESD" = Adobe Download Manager 2.0 (Nur entfernen)
"ATI Display Driver" = ATI Display Driver
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"BitTorrent" = BitTorrent 5.0.9
"BSW" = BrettspielWelt
"CanonMyPrinter" = Canon My Printer
"Cisco Systems SSL VPN Client" = Cisco SSL VPN Client
"CNXT_MODEM_PCI_VEN_1002&DEV_4378&SUBSYS_10921734" = SoftV90 Data Fax Modem with SmartCP
"CutePDF Writer Installation" = CutePDF Writer 2.8
"Data Access Objects (DAO) 3.5" = Data Access Objects (DAO) 3.5
"DivX Codec" = DivX 5.0.3 Pro Bundle
"dslmon" = devolo Informer
"DVD Shrink_is1" = DVD Shrink 3.2
"EMANIM_is1" = EMANIM 1.01
"EXCEL" = Microsoft Office Excel 2007
"FaJo XP File Security Extension_is1" = FaJo XP File Security Extension v1.2
"ffdshow_is1" = ffdshow [rev 2228] [2008-10-17]
"FreePDF_XP" = FreePDF XP (Remove only)
"FTDICOMM" = SEMC DSS SyncStation Driver
"GPL Ghostscript 8.15" = GPL Ghostscript 8.15
"GPL Ghostscript 9.04" = GPL Ghostscript
"GPL Ghostscript Fonts" = GPL Ghostscript Fonts
"GSview 4.8" = GSview 4.8
"High Precision Ephemeris Tool" = High Precision Ephemeris Tool
"Inkscape" = Inkscape 0.48.2
"InstallShield_{1C63DD23-6554-4A1F-8D0D-B5A6B49D8015}" = Corel Graphics Suite 11
"IrfanView" = IrfanView (remove only)
"IviSharedComponent" = IVI Shared Components
"JabRef 2.4.2" = JabRef 2.4.2
"JabRef 2.6" = JabRef 2.6
"JabRef 2.7.2" = JabRef 2.7.2
"K-3D 0.7.9.0" = K-3D 0.7.9.0
"Kithara Tool Suite 7 Runtime" = Kithara Tool Suite 7 Runtime
"krinnicam" = krinnicam 2.02
"LitLink Windows Components" = LitLink Windows Components
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"MDL ISIS Draw 2.5 Standalone" = MDL ISIS Draw 2.5 Standalone
"Media Reader 1.15" = DATAFAB Media Reader
"MestReNova" = MestReNova 6.0.2-5475
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MiKTeX" = MiKTeX
"MiKTeX 2.8" = MiKTeX 2.8
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"Mozilla Thunderbird (1.5.0.14)" = Mozilla Thunderbird (1.5.0.14)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NI Uninstaller" = National Instruments-Software
"Prog-Studio" = Prog-Studio 6.09
"Rainlendar2" = Rainlendar2 (remove only)
"RasWin" = RasWin (remove only)
"RealPlayer 6.0" = RealPlayer
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"RegiStax" = RegiStax V3.0.1.23
"ResearchSoft Direct Export Helper" = ResearchSoft Direct Export Helper
"reSizer_is1" = reSizer v0.78
"RouterControl" = RouterControl 1.85
"Samsung Universal Print Driver" = Samsung Universal Print Driver
"SciPlore MindMapping" = SciPlore MindMapping
"SecureW2 TTLS Client" = SecureW2 TTLS Client 3.2.0 for Windows 2K/XP
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"STATNOVAPDF_is1" = STATNOVAPDF (novaPDF Professional Server 5.4 printer)
"Stellarium_is1" = Stellarium 0.10.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeXnicCenter_is1" = TeXnicCenter Version 1 Beta 7.01 (Greengrass)
"Totalcmd" = Total Commander (Remove or Repair)
"Update Service" = Update Service
"Virtual Sky 5" = Virtual Sky 5
"Virtualdub 1.4.9" = Virtualdub 1.4.9
"VLC media player" = VLC media player 0.9.4
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WIC" = Windows Imaging Component
"Winamp" = Winamp (remove only)
"WINCNT" = WinCNT
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinGTK-2_is1" = GTK+ 2.10.11 runtime environment
"WinRAR archiver" = WinRAR Archivierer
"winusb0200" = Microsoft WinUsb 2.0
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"xp-AntiSpy" = xp-AntiSpy 3.95-1
"XviD" = XviD MPEG-4 Codec
"Xvid_is1" = Xvid 1.2.2 final uninstall
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 12.10.2012 03:00:18 | Computer Name = KAROOSU-II | Source = STCAgent | ID = 50331650
Description = Termination reason code 10 [FAST_USER_SWITCH]
Error - 12.10.2012 04:45:41 | Computer Name = KAROOSU-II | Source = STCAgent | ID = 50331650
Description = Termination reason code 10 [FAST_USER_SWITCH]
Error - 12.10.2012 16:07:39 | Computer Name = KAROOSU-II | Source = STCAgent | ID = 50331650
Description = Termination reason code 10 [FAST_USER_SWITCH]
Error - 13.10.2012 11:59:03 | Computer Name = KAROOSU-II | Source = STCAgent | ID = 50331650
Description = Termination reason code 10 [FAST_USER_SWITCH]
Error - 14.10.2012 09:21:11 | Computer Name = KAROOSU-II | Source = STCAgent | ID = 50331650
Description = Termination reason code 10 [FAST_USER_SWITCH]
Error - 15.10.2012 03:57:09 | Computer Name = KAROOSU-II | Source = STCAgent | ID = 50331650
Description = Termination reason code 10 [FAST_USER_SWITCH]
Error - 15.10.2012 05:25:03 | Computer Name = KAROOSU-II | Source = VSS | ID = 12305
Description = Volumeschattenkopie-Dienstfehler: Volume bzw. Datenträger ist nicht
richtig angeschlossen oder wurde nicht gefunden. Fehlerkontext: DeviceIoControl(000001D4,0x00534194,00000000,0,0003BC68,4096,[0]).
Error - 15.10.2012 10:52:25 | Computer Name = KAROOSU-II | Source = STCAgent | ID = 50331650
Description = Termination reason code 10 [FAST_USER_SWITCH]
Error - 15.10.2012 11:09:03 | Computer Name = KAROOSU-II | Source = STCAgent | ID = 50331650
Description = Termination reason code 10 [FAST_USER_SWITCH]
Error - 15.10.2012 11:31:55 | Computer Name = KAROOSU-II | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.2649, fehlgeschlagenes
Modul , Version 0.0.0.0, Fehleradresse 0x00000000.
[ OSession Events ]
Error - 25.07.2012 08:42:32 | Computer Name = KAROOSU-II | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 174
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 15.10.2012 13:30:11 | Computer Name = KAROOSU-II | Source = Service Control Manager | ID = 7023
Description = Der Dienst "NLA (Network Location Awareness)" wurde mit folgendem
Fehler beendet: %%127
Error - 15.10.2012 13:35:12 | Computer Name = KAROOSU-II | Source = Service Control Manager | ID = 7023
Description = Der Dienst "NLA (Network Location Awareness)" wurde mit folgendem
Fehler beendet: %%127
Error - 15.10.2012 13:40:12 | Computer Name = KAROOSU-II | Source = Service Control Manager | ID = 7023
Description = Der Dienst "NLA (Network Location Awareness)" wurde mit folgendem
Fehler beendet: %%127
Error - 15.10.2012 13:45:12 | Computer Name = KAROOSU-II | Source = Service Control Manager | ID = 7023
Description = Der Dienst "NLA (Network Location Awareness)" wurde mit folgendem
Fehler beendet: %%127
Error - 15.10.2012 13:50:12 | Computer Name = KAROOSU-II | Source = Service Control Manager | ID = 7023
Description = Der Dienst "NLA (Network Location Awareness)" wurde mit folgendem
Fehler beendet: %%127
Error - 15.10.2012 13:55:12 | Computer Name = KAROOSU-II | Source = Service Control Manager | ID = 7023
Description = Der Dienst "NLA (Network Location Awareness)" wurde mit folgendem
Fehler beendet: %%127
Error - 15.10.2012 13:58:47 | Computer Name = KAROOSU-II | Source = Service Control Manager | ID = 7023
Description = Der Dienst "NLA (Network Location Awareness)" wurde mit folgendem
Fehler beendet: %%127
Error - 15.10.2012 14:00:42 | Computer Name = KAROOSU-II | Source = Service Control Manager | ID = 7023
Description = Der Dienst "NLA (Network Location Awareness)" wurde mit folgendem
Fehler beendet: %%127
Error - 15.10.2012 14:05:42 | Computer Name = KAROOSU-II | Source = Service Control Manager | ID = 7023
Description = Der Dienst "NLA (Network Location Awareness)" wurde mit folgendem
Fehler beendet: %%127
Error - 15.10.2012 14:11:12 | Computer Name = KAROOSU-II | Source = Service Control Manager | ID = 7023
Description = Der Dienst "NLA (Network Location Awareness)" wurde mit folgendem
Fehler beendet: %%127
[ TuneUp Events ]
Error - 08.04.2011 18:16:29 | Computer Name = NAME-BB02E5F58F | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 08.04.2011 18:16:29 | Computer Name = NAME-BB02E5F58F | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 08.04.2011 18:16:29 | Computer Name = NAME-BB02E5F58F | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
< End of report >
Code:
ATTFilter Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.10.15.08 Windows XP Service Pack 2 x86 NTFS Internet Explorer 6.0.2900.2180 User :: KAROOSU-II [Administrator] 15.10.2012 18:35:58 mbam-log-2012-10-15 (19-23-16).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 231883 Laufzeit: 46 Minute(n), 33 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 3 C:\WINDOWS\Temp\BRw1PjXk.exe.part (PUP.Adware.MediaGet) -> Keine Aktion durchgeführt. C:\WINDOWS\Temp\ouivgbv.exe (Trojan.Agent.PS) -> Keine Aktion durchgeführt. C:\boot.bin (Malware.Trace) -> Keine Aktion durchgeführt. (Ende) |
| Themen zu Redirect auf Google, GMER hat Rootkit-Aktivität festgestellt |
| antivir, application/pdf:, avira, bho, desktop, entfernen, error, excel, fehler, firefox, flash player, format, google, google-redirect, home, hotkey.sys, installation, langsam, launch, mozilla, mp3, national, office 2007, plug-in, programm, realtek, registry, rootkit, rundll, safer networking, scan, security, sehr langsam, software, system, total commander, tracker |
Baum-Darstellung