| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: trojaner ruper0dun.exe entfernen ein paar fragenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
17.01.2013, 14:16
| #1 |
| |  trojaner ruper0dun.exe entfernen ein paar fragen Hey zusammen, Habe seit Längeren den trojaner "roper0dun.exe", nach jedem Hochfahren des Rechner (Win 7 64-bit) bekomme ich die Meldung. "Problem beim starten von C:\Users\***\AppData\Temp\roper0dun.exe Das angegebene Modul wurde nicht gefunden." Also habe ich mich schlau gemacht was er macht und wie ich Ihn weg bekomme. Zum ersten Punkt, was er macht habe ich nicht viel gefunden (eigendlich garnichts wenn ich ehrlich bin). Mein nachteil ich habe ein bischen voreilig, ich habe antivir deinstaliert, ESET und tuneup instaliert. Ob woll das glaube ich nicht nötig war (korriegirt mich wenn ich falsch liege). Ich habe danach den scan mit MalewareBytes und ahnschliessend mit OTL gemacht, nach dem neustart (von MalewareBytes gefordert), kam die meldung nicht mehr. Hier den Log von MalewareBytes Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.01.17.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 *** :: ***-PC [Administrator] 17/01/2013 11:55:15 mbam-log-2013-01-17 (11-55-15).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 381939 Laufzeit: 32 Minute(n), 7 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Users\***\Downloads\ConnectifyHotspot\Connectify.Pro.Keygen.by.Raj\Keygen.exe (RiskWare.Tool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\Downloads\LabVIEW 8.5 deutsch\LabVIEW 8.5 deutsch\Crack\keygen.exe (Riskware.Tool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter OTL logfile created on: 17/01/2013 12:57:52 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd/MM/yyyy 8,00 Gb Total Physical Memory | 6,22 Gb Available Physical Memory | 77,77% Memory free 15,99 Gb Paging File | 14,03 Gb Available in Paging File | 87,69% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 135,23 Gb Total Space | 82,16 Gb Free Space | 60,75% Space Free | Partition Type: NTFS Drive E: | 97,56 Gb Total Space | 74,47 Gb Free Space | 76,33% Space Free | Partition Type: NTFS Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/01/17 11:32:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users***\Desktop\OTL.exe PRC - [2012/12/29 00:02:24 | 028,539,392 | ---- | M] (Dropbox, Inc.) -- C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012/12/18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012/11/26 13:34:12 | 001,329,304 | ---- | M] (ESET) -- C:\Programme\ESET\ESET NOD32 Antivirus\x86\ekrn.exe PRC - [2012/07/11 17:30:32 | 000,568,432 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\***\Downloads\ZoomIt43\ZoomIt.exe PRC - [2012/04/19 04:57:44 | 000,336,952 | ---- | M] (Power Software Ltd) -- C:\Program Files (x86)\PowerISO\PWRISOVM.EXE PRC - [2011/06/20 12:53:08 | 000,233,664 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe PRC - [2011/06/14 16:57:10 | 000,012,696 | ---- | M] (National Instruments Corporation) -- E:\Programme\NI\National Instruments\MAX\nimxs.exe PRC - [2011/06/14 08:11:10 | 000,362,104 | ---- | M] (National Instruments Corporation) -- E:\Programme\NI\National Instruments\Shared\Security\nidmsrv.exe PRC - [2011/06/14 08:08:24 | 000,056,952 | ---- | M] (National Instruments Corporation) -- C:\Windows\SysWOW64\lktsrv.exe PRC - [2011/06/14 08:00:10 | 000,046,192 | ---- | M] (National Instruments Corporation) -- C:\Windows\SysWOW64\lkads.exe PRC - [2011/06/10 13:11:20 | 000,121,032 | ---- | M] (National Instruments Corporation) -- E:\Programme\NI\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe PRC - [2011/06/01 15:32:14 | 000,194,224 | ---- | M] (National Instruments Corporation) -- E:\Programme\NI\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe PRC - [2011/05/27 12:44:20 | 000,050,328 | ---- | M] (National Instruments Corporation) -- E:\Programme\NI\National Instruments\Shared\NI WebServer\SystemWebServer.exe PRC - [2010/10/27 08:43:38 | 000,695,136 | ---- | M] (National Instruments, Inc.) -- C:\Windows\SysWOW64\lkcitdl.exe PRC - [2010/08/25 20:35:22 | 000,393,216 | ---- | M] (AMD) -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe PRC - [2010/06/14 12:39:48 | 000,018,584 | ---- | M] (National Instruments Corporation) -- C:\Windows\SysWOW64\nipxism.exe PRC - [2010/05/14 06:02:56 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe PRC - [2009/12/15 12:47:00 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe PRC - [2009/12/08 07:51:50 | 000,774,144 | ---- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe PRC - [2009/07/06 13:22:04 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe PRC - [2009/06/23 12:29:48 | 000,740,968 | ---- | M] (National Instruments Corporation) -- E:\Programme\NI\National Instruments\Shared\Tagger\tagsrv.exe ========== Modules (No Company Name) ========== MOD - [2009/12/15 12:49:20 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll MOD - [2009/12/15 12:46:38 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll ========== Services (SafeList) ========== SRV:64bit: - [2012/09/28 15:43:40 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV:64bit: - [2012/09/28 02:38:16 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2011/03/29 09:04:12 | 000,027,760 | ---- | M] (VIA Technologies, Inc.) [Auto | Running] -- C:\Windows\SysNative\ViakaraokeSrv.exe -- (VIAKaraokeService) SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013/01/09 20:15:28 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/01/05 04:44:06 | 000,115,760 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/12/18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012/11/29 16:06:12 | 002,401,632 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) SRV - [2012/11/26 13:34:12 | 001,329,304 | ---- | M] (ESET) [Auto | Running] -- C:\Programme\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn) SRV - [2011/06/20 12:53:08 | 000,233,664 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files (x86)\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe -- (niLXIDiscovery) SRV - [2011/06/14 16:57:10 | 000,012,696 | ---- | M] (National Instruments Corporation) [Auto | Running] -- E:\Programme\NI\National Instruments\MAX\nimxs.exe -- (mxssvr) SRV - [2011/06/14 08:11:10 | 000,362,104 | ---- | M] (National Instruments Corporation) [Auto | Running] -- E:\Programme\NI\National Instruments\Shared\Security\nidmsrv.exe -- (NIDomainService) SRV - [2011/06/14 08:08:24 | 000,056,952 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\SysWOW64\lktsrv.exe -- (lkTimeSync) SRV - [2011/06/14 08:00:10 | 000,046,192 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\SysWOW64\lkads.exe -- (lkClassAds) SRV - [2011/06/10 13:11:20 | 000,121,032 | ---- | M] (National Instruments Corporation) [Auto | Running] -- E:\Programme\NI\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe -- (NINetworkDiscovery) SRV - [2011/06/01 15:32:14 | 000,194,224 | ---- | M] (National Instruments Corporation) [Auto | Running] -- E:\Programme\NI\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe -- (nimDNSResponder) SRV - [2011/05/27 12:44:20 | 000,050,328 | ---- | M] (National Instruments Corporation) [Auto | Running] -- E:\Programme\NI\National Instruments\Shared\NI WebServer\SystemWebServer.exe -- (niSvcLoc) SRV - [2011/03/28 20:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010/10/27 08:43:38 | 000,695,136 | ---- | M] (National Instruments, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\lkcitdl.exe -- (LkCitadelServer) SRV - [2010/08/02 09:00:00 | 001,427,688 | ---- | M] (Macrovision Corporation) [Disabled | Stopped] -- E:\Programme\NI\National Instruments\Shared\License Manager\Bin\lmgrd.exe -- (NILM License Manager) SRV - [2010/06/14 12:39:48 | 000,018,584 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\SysWOW64\nipxism.exe -- (nipxirmu) SRV - [2010/05/14 13:02:54 | 000,246,256 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe -- (CLKMSVC10_9EC60124) SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/06/23 12:29:48 | 000,740,968 | ---- | M] (National Instruments Corporation) [Auto | Running] -- E:\Programme\NI\National Instruments\Shared\Tagger\tagsrv.exe -- (NITaggerService) SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/06/03 09:26:34 | 000,098,304 | ---- | M] (OPC Foundation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Opcenum.exe -- (OpcEnum) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/10/08 08:21:08 | 000,149,592 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv) DRV:64bit: - [2012/10/08 08:21:08 | 000,138,744 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr) DRV:64bit: - [2012/10/08 08:21:06 | 000,211,344 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm) DRV:64bit: - [2012/09/28 03:21:20 | 010,697,216 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012/09/28 02:12:52 | 000,460,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012/07/30 11:24:30 | 000,158,720 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ser2pl64.sys -- (Ser2pl) DRV:64bit: - [2012/06/21 17:14:08 | 000,052,832 | ---- | M] (hxxp://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\libusb0.sys -- (libusb0) DRV:64bit: - [2012/05/14 07:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2012/04/19 04:57:38 | 000,126,912 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu) DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012/01/24 10:10:38 | 000,012,968 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NiViPxiKl.sys -- (NiViPxiK) DRV:64bit: - [2012/01/24 10:09:44 | 000,012,968 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NiViPciKl.sys -- (NiViPciK) DRV:64bit: - [2011/06/29 12:50:00 | 000,012,992 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nipalfwedl.sys -- (nipalfwedl) DRV:64bit: - [2011/06/29 12:48:26 | 000,012,992 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nipalusbedl.sys -- (nipalusbedl) DRV:64bit: - [2011/06/29 12:39:18 | 000,914,072 | ---- | M] (National Instruments Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nipalk.sys -- (NIPALK) DRV:64bit: - [2011/06/10 05:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011/04/08 17:21:10 | 000,026,704 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ni1065k.sys -- (ni1065k) DRV:64bit: - [2011/04/08 17:21:08 | 000,011,856 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ni1045kl.sys -- (ni1045k) DRV:64bit: - [2011/04/08 17:21:06 | 000,054,424 | ---- | M] (National Instruments Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nipxibrc.sys -- (nipxibrc) DRV:64bit: - [2011/04/08 17:21:06 | 000,030,800 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ni1006k.sys -- (ni1006k) DRV:64bit: - [2011/04/08 17:21:04 | 000,082,568 | ---- | M] (National Instruments Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nipxibaf.sys -- (nipxibaf) DRV:64bit: - [2011/03/29 09:04:06 | 002,157,680 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV:64bit: - [2011/03/18 12:46:20 | 000,074,376 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS) DRV:64bit: - [2011/03/18 12:46:06 | 000,085,384 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K) DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/11/21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010/08/31 11:23:30 | 000,254,976 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\windrvr6.sys -- (WinDriver6) DRV:64bit: - [2010/06/18 11:22:10 | 000,011,928 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nimxdfkl.sys -- (nimxdfk) DRV:64bit: - [2010/06/14 13:30:30 | 000,022,680 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nipxigpk.sys -- (nipxigpk) DRV:64bit: - [2010/06/14 12:57:42 | 000,011,928 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\nipxirmkl.sys -- (nipxirmk) DRV:64bit: - [2010/06/11 13:32:32 | 000,011,944 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nidimkl.sys -- (nidimk) DRV:64bit: - [2010/06/11 13:16:58 | 000,011,936 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nimdbgkl.sys -- (nimdbgk) DRV:64bit: - [2010/03/31 03:10:18 | 000,450,048 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL8187B.sys -- (RTL8187B) DRV:64bit: - [2010/03/24 11:27:44 | 000,016,984 | ---- | M] (National Instruments Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nipbcfk.sys -- (nipbcfk) DRV:64bit: - [2010/02/18 08:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64) DRV:64bit: - [2009/11/19 14:06:43 | 000,158,320 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039unic.sys -- (s1039unic) DRV:64bit: - [2009/11/19 14:06:43 | 000,137,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039obex.sys -- (s1039obex) DRV:64bit: - [2009/11/19 14:06:43 | 000,034,416 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039nd5.sys -- (s1039nd5) DRV:64bit: - [2009/11/19 14:06:41 | 000,141,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039mgmt.sys -- (s1039mgmt) DRV:64bit: - [2009/11/19 14:06:40 | 000,161,904 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039mdm.sys -- (s1039mdm) DRV:64bit: - [2009/11/19 14:06:39 | 000,019,568 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039mdfl.sys -- (s1039mdfl) DRV:64bit: - [2009/11/19 14:06:38 | 000,127,600 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039bus.sys -- (s1039bus) DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/14 14:32:28 | 000,011,856 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\niorbkl.sys -- (niorbk) DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/14 08:26:24 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV:64bit: - [2009/03/18 15:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV - [2012/11/16 16:38:44 | 000,011,880 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv) DRV - [2012/04/09 10:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2) DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-81297295-3351811074-4104478006-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.avg.com/?cid={ED49D19D-E267-4689-A379-48E5298D2534}&mid=799aa7e8e7b147d0bb8a2524420859d0-34fc5f1c3693024236d392cafd24ffcfeb57b8e3&lang=de&ds=st011&pr=sa&d=2012-06-08 23:45:30&v=11.1.0.7&sap=hp IE - HKU\S-1-5-21-81297295-3351811074-4104478006-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-81297295-3351811074-4104478006-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-81297295-3351811074-4104478006-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C4 AE 3C 1A 0F 29 CD 01 [binary data] IE - HKU\S-1-5-21-81297295-3351811074-4104478006-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKU\S-1-5-21-81297295-3351811074-4104478006-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-81297295-3351811074-4104478006-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={ED49D19D-E267-4689-A379-48E5298D2534}&mid=799aa7e8e7b147d0bb8a2524420859d0-34fc5f1c3693024236d392cafd24ffcfeb57b8e3&lang=de&ds=st011&pr=sa&d=2012-06-08 23:45:30&v=11.1.0.7&sap=dsp&q={searchTerms} IE - HKU\S-1-5-21-81297295-3351811074-4104478006-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD [2013/01/17 11:21:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/10/25 08:36:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ [2012/12/21 10:45:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/09 10:35:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/01/10 19:13:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2013/01/17 11:21:44 | 000,000,000 | ---D | M] [2012/12/27 15:25:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2013/01/09 10:35:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013/01/05 04:44:54 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013/01/05 16:11:17 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013/01/05 16:11:17 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013/01/05 16:11:17 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013/01/05 16:11:17 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013/01/05 16:11:17 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013/01/05 16:11:17 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: AVG Secure Search (Enabled) CHR - default_search_provider: search_url = hxxp://isearch.avg.com/search?cid={ED49D19D-E267-4689-A379-48E5298D2534}&mid=799aa7e8e7b147d0bb8a2524420859d0-34fc5f1c3693024236d392cafd24ffcfeb57b8e3&lang=de&ds=st011&pr=sa&d=2012-06-08 23:45:30&v=11.1.0.7&sap=dsp&q={searchTerms} CHR - default_search_provider: suggest_url = hxxp://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding} CHR - homepage: hxxp://www.google.de/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\18.0.1025.162\gcswf32.dll CHR - Extension: YouTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: SweetIM for Facebook = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.1.0.1_0\ CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.0_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ CHR - Extension: Google Mail = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ CHR - Extension: YouTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: SweetIM for Facebook = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.1.0.1_0\ CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.0_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ CHR - Extension: Google Mail = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET) O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe (cyberlink) O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [NI Update Service] E:\Programme\NI\National Instruments\Shared\Update Service\NIUpdateService.exe (National Instruments) O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (Power Software Ltd) O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-81297295-3351811074-4104478006-1000..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD) O4 - HKU\S-1-5-21-81297295-3351811074-4104478006-1000..\Run: [NIRegistrationWizard] E:\Programme\NI\National Instruments\Shared\RegistrationWizard\Bin\RegistrationWizard.exe () O4 - HKU\S-1-5-21-81297295-3351811074-4104478006-1000..\Run: [Sony Ericsson PC Companion] C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson Mobile Communications AB) O4 - HKU\S-1-5-21-81297295-3351811074-4104478006-1000..\Run: [ZoomIt] C:\Users\***\Downloads\ZoomIt43\ZoomIt.exe (Sysinternals - www.sysinternals.com) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Client auf Monitor & öffnen1 - C:\Windows\web\AOpenClient.htm File not found O8:64bit: - Extra context menu item: Client auf Monitor & öffnen2 - C:\Windows\web\AOpenClient.htm File not found O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Client auf Monitor & öffnen1 - C:\Windows\web\AOpenClient.htm File not found O8 - Extra context menu item: Client auf Monitor & öffnen2 - C:\Windows\web\AOpenClient.htm File not found O8 - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll (National Instruments Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - E:\Programme\NI\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll (National Instruments Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab (Java Plug-in 10.10.2) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab (Reg Error: Key error.) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab (Java Plug-in 1.7.0_10) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{47910B07-1553-4136-B1B8-EE5ADB3CCEB7}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{49E507C6-9479-4BBB-B63B-C649CF4085CD}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{24a35ef3-8ee9-11e1-8e11-f46d04ecb023}\Shell - "" = AutoRun O33 - MountPoints2\{24a35ef3-8ee9-11e1-8e11-f46d04ecb023}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\{86db272d-e239-11e1-b3bc-f46d04ecb023}\Shell - "" = AutoRun O33 - MountPoints2\{86db272d-e239-11e1-b3bc-f46d04ecb023}\Shell\AutoRun\command - "" = G:\Startme.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/01/17 11:53:49 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2013/01/17 11:53:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/01/17 11:53:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013/01/17 11:53:09 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013/01/17 11:53:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013/01/17 11:32:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013/01/17 11:30:08 | 000,034,656 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe [2013/01/17 11:30:08 | 000,025,952 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll [2013/01/17 11:30:07 | 000,021,344 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll [2013/01/17 11:30:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013 [2013/01/17 11:29:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2013 [2013/01/17 11:21:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET [2013/01/17 11:21:43 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET [2013/01/17 11:21:43 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2013/01/17 11:21:20 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} [2013/01/09 12:50:33 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2013/01/09 12:50:33 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll [2013/01/09 12:49:31 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2013/01/09 12:49:29 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll [2013/01/09 12:49:22 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll [2013/01/09 12:49:22 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll [2013/01/09 12:49:22 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll [2013/01/09 12:49:22 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll [2013/01/09 12:49:22 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs [2013/01/09 12:49:22 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs [2013/01/09 12:49:22 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs [2013/01/09 12:49:22 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs [2013/01/09 12:49:22 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs [2013/01/09 12:49:22 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs [2013/01/09 12:49:22 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs [2013/01/09 12:49:22 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs [2013/01/09 12:49:22 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs [2013/01/09 12:49:22 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs [2013/01/09 12:49:22 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs [2013/01/09 12:49:22 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs [2013/01/09 12:49:22 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs [2013/01/09 12:49:22 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs [2013/01/09 12:49:22 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs [2013/01/09 12:49:22 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs [2013/01/09 12:49:22 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs [2013/01/09 12:49:22 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs [2013/01/09 12:49:22 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs [2013/01/09 12:49:22 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs [2013/01/09 12:49:21 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs [2013/01/09 12:49:21 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs [2013/01/09 12:49:21 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs [2013/01/09 12:49:21 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs [2013/01/09 12:49:21 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs [2013/01/09 12:49:21 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs [2013/01/09 12:49:21 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs [2013/01/09 12:49:21 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs [2013/01/09 12:47:56 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2013/01/09 12:47:56 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2013/01/09 12:47:55 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2013/01/09 12:47:55 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2013/01/09 12:47:55 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2013/01/09 12:47:55 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2013/01/09 12:47:55 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2013/01/09 12:47:55 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013/01/09 12:47:55 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2013/01/09 12:47:55 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2013/01/09 12:47:55 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2013/01/09 12:47:55 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2013/01/09 12:47:55 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2013/01/09 12:47:55 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013/01/09 12:47:55 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2013/01/09 12:47:55 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2013/01/09 12:47:55 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2013/01/09 12:47:55 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2013/01/09 12:47:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2013/01/09 12:47:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2013/01/09 12:47:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2013/01/09 12:47:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2013/01/09 12:47:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2013/01/09 12:47:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2013/01/09 12:47:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2013/01/09 12:47:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2013/01/09 12:47:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2013/01/09 12:47:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2013/01/09 12:47:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2013/01/09 12:47:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2013/01/09 12:47:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2013/01/09 12:47:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2013/01/09 12:47:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2013/01/09 12:47:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2013/01/09 12:47:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2013/01/09 12:47:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2013/01/09 12:47:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2013/01/09 12:47:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2013/01/09 12:47:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2013/01/09 12:47:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2013/01/09 12:47:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2013/01/09 12:47:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2013/01/09 12:47:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2013/01/09 12:47:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2013/01/09 12:47:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2013/01/09 12:47:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2013/01/09 12:47:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2013/01/09 12:47:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2013/01/09 12:47:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2013/01/09 12:47:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2013/01/09 12:47:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2013/01/09 12:47:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2013/01/09 12:47:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2013/01/09 12:47:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2013/01/09 12:47:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2013/01/09 12:47:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2013/01/09 12:47:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2013/01/09 12:47:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2013/01/09 12:47:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2013/01/09 12:47:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2013/01/09 12:47:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2013/01/09 12:47:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2013/01/09 12:47:54 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013/01/09 12:47:54 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013/01/09 12:47:54 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2013/01/09 12:47:54 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2013/01/09 12:47:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2013/01/09 12:47:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2013/01/09 12:47:54 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013/01/09 12:47:45 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe [2013/01/09 10:35:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2013/01/06 20:01:02 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\jDown [2013/01/04 12:54:01 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\OPen Office hilfe [2013/01/03 20:48:21 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\LabVIEW Server [2013/01/02 16:52:26 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2013/01/01 09:51:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT [2013/01/01 09:51:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP [2013/01/01 09:51:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center [2012/12/31 17:59:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced IP Scanner v2 [2012/12/31 17:59:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Advanced IP Scanner v2 [2012/12/31 11:37:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012/12/31 11:36:55 | 000,260,528 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2012/12/31 11:36:48 | 000,174,000 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2012/12/31 11:36:48 | 000,173,992 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2012/12/31 11:36:48 | 000,095,184 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2012/12/31 11:36:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2012/12/28 12:13:13 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\STA und STT [2012/12/27 15:17:10 | 001,081,320 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll [2012/12/27 15:17:10 | 000,959,976 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll [2012/12/27 15:17:10 | 000,308,200 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2012/12/27 15:17:04 | 000,188,392 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2012/12/27 15:17:04 | 000,188,392 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2012/12/27 15:17:04 | 000,108,008 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll [2012/12/27 15:16:58 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2012/12/27 12:46:21 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Programs [2012/12/27 12:44:27 | 000,000,000 | ---D | C] -- C:\WebCD [2012/12/26 09:17:10 | 000,000,000 | ---D | C] -- C:\Users\***\.dvdcss [2012/12/26 09:16:47 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\MPlayer [2012/12/26 09:16:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDx 4.0 Open Edition [2012/12/21 17:22:53 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Processing [2012/12/21 17:22:53 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Processing [2012/12/21 16:09:34 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2012/12/21 16:09:34 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2012/12/21 16:09:34 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2012/12/21 16:09:34 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2012/12/21 13:48:52 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\ela nerven musik [2012/12/20 17:56:15 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Kopie von 9-DoF_Razer_IMU [2012/12/19 21:26:10 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Neuer Ordner [2012/12/19 21:12:46 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Urlaub Jessi [2012/12/19 16:07:06 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\At-Commandos [2012/12/19 15:41:27 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Hyperterminal ========== Files - Modified Within 30 Days ========== [2013/01/17 12:38:05 | 000,021,808 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/01/17 12:38:05 | 000,021,808 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/01/17 12:31:05 | 000,000,437 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics [2013/01/17 12:30:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/01/17 12:30:33 | 2145,951,743 | -HS- | M] () -- C:\hiberfil.sys [2013/01/17 12:15:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/01/17 11:32:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013/01/17 11:30:05 | 000,002,209 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2013/01/17 11:30:05 | 000,002,189 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2013.lnk [2013/01/17 10:48:53 | 001,589,690 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013/01/17 10:48:53 | 000,696,680 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013/01/17 10:48:53 | 000,651,998 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/01/17 10:48:53 | 000,147,976 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013/01/17 10:48:53 | 000,120,930 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/01/17 10:48:44 | 001,589,690 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/01/15 15:30:48 | 000,054,272 | ---- | M] () -- C:\Users\***\main.exe [2013/01/13 14:18:43 | 000,021,791 | ---- | M] () -- C:\Users\***\Desktop\890.jpg [2013/01/13 13:18:33 | 000,605,311 | ---- | M] () -- C:\Users\***\Desktop\filter.xps [2013/01/12 19:13:45 | 000,020,768 | ---- | M] () -- C:\Users\***\Desktop\Drehratensensor.png [2013/01/10 20:12:14 | 002,817,128 | ---- | M] () -- C:\Users\***\Desktop\ael07_02_016.pdf [2013/01/10 16:11:05 | 000,305,480 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013/01/09 20:59:16 | 000,988,185 | ---- | M] () -- C:\Users\***\Desktop\Mikromechanische Sensormodule.pdf [2013/01/09 20:15:28 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013/01/09 20:15:28 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013/01/09 10:35:14 | 000,001,147 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013/01/01 12:55:05 | 000,110,592 | ---- | M] () -- C:\Users\***\RSTCP_Server.exe [2012/12/31 11:36:45 | 000,859,072 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2012/12/31 11:36:45 | 000,779,704 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2012/12/31 11:36:45 | 000,260,528 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2012/12/31 11:36:45 | 000,174,000 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2012/12/31 11:36:45 | 000,173,992 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2012/12/31 11:36:45 | 000,095,184 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2012/12/30 18:34:12 | 000,001,049 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012/12/28 12:32:24 | 000,000,960 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk [2012/12/27 15:17:00 | 000,108,008 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll [2012/12/27 15:16:59 | 001,081,320 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll [2012/12/27 15:16:59 | 000,959,976 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll [2012/12/27 15:16:59 | 000,308,200 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2012/12/27 15:16:59 | 000,188,392 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2012/12/27 15:16:59 | 000,188,392 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2012/12/19 18:31:29 | 003,058,079 | ---- | M] () -- C:\Users\***\Desktop\RS9110-N-11-22_24_28_EVB_UserGuide.pdf [2012/12/19 14:58:54 | 001,972,500 | ---- | M] () -- C:\Users\***\Desktop\RS9110-N-11-22_24_28-Software_PRM.pdf ========== Files Created - No Company Name ========== [2013/01/17 11:30:05 | 000,002,209 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2013/01/17 11:30:05 | 000,002,201 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013.lnk [2013/01/17 11:30:05 | 000,002,189 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2013.lnk [2013/01/17 10:48:52 | 001,589,690 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013/01/13 14:18:43 | 000,021,791 | ---- | C] () -- C:\Users\****\Desktop\890.jpg [2013/01/13 13:18:31 | 000,605,311 | ---- | C] () -- C:\Users\***\Desktop\filter.xps [2013/01/12 19:04:30 | 000,020,768 | ---- | C] () -- C:\Users\***\Desktop\Drehratensensor.png [2013/01/10 20:12:14 | 002,817,128 | ---- | C] () -- C:\Users\***\Desktop\ael07_02_016.pdf [2013/01/08 21:02:53 | 000,988,185 | ---- | C] () -- C:\Users\***\Desktop\Mikromechanische Sensormodule.pdf [2013/01/06 20:01:45 | 000,001,775 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk [2013/01/06 20:01:45 | 000,001,719 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk [2013/01/06 20:01:45 | 000,001,698 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk [2013/01/01 12:55:01 | 000,110,592 | ---- | C] () -- C:\Users\***\RSTCP_Server.exe [2013/01/01 12:20:22 | 000,110,592 | ---- | C] () -- C:\Windows\SysNative\RS9110.exe [2012/12/28 12:32:24 | 000,000,960 | ---- | C] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk [2012/12/27 15:24:35 | 000,001,159 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012/12/27 15:24:35 | 000,001,147 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012/12/19 18:31:29 | 003,058,079 | ---- | C] () -- C:\Users\***\Desktop\RS9110-N-11-22_24_28_EVB_UserGuide.pdf [2012/12/19 14:58:54 | 001,972,500 | ---- | C] () -- C:\Users\***\Desktop\RS9110-N-11-22_24_28-Software_PRM.pdf [2012/12/12 20:32:51 | 000,290,904 | ---- | C] () -- C:\Windows\SysWow64\vc6-re200l.dll [2012/11/08 20:29:59 | 000,002,058 | ---- | C] () -- C:\Users\***\AppData\Local\recently-used.xbel [2012/10/26 17:59:53 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2012/10/26 17:59:53 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2012/10/26 17:59:53 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll [2012/10/26 17:59:53 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2012/10/26 17:59:51 | 000,112,640 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2012/08/29 15:32:07 | 004,503,728 | ---- | C] () -- C:\ProgramData\nud0repor.pad [2012/07/20 15:33:21 | 000,000,236 | ---- | C] () -- C:\Users\***\.languagetool-ooo.cfg [2012/06/23 22:48:46 | 000,054,272 | ---- | C] () -- C:\Users\***\main.exe [2012/06/21 17:14:15 | 000,000,446 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2012/06/11 17:50:16 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012/06/11 17:50:16 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012/05/04 18:17:41 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2012/05/02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012/04/16 21:43:32 | 000,000,372 | ---- | C] () -- C:\Windows\lgfwup.ini [2012/04/16 21:25:53 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011/09/12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011/06/10 12:52:52 | 000,000,244 | ---- | C] () -- C:\Windows\SysWow64\nirpc.ini ========== ZeroAccess Check ========== [2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012/10/05 16:13:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Arduino [2012/10/18 09:32:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Audacity [2012/09/12 07:19:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CadSoft [2012/12/28 12:38:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\calibre [2013/01/17 12:31:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox [2012/12/21 10:45:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft [2012/12/21 10:45:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers [2012/05/12 10:49:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\e-academy Inc [2012/07/30 08:47:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Easeware [2012/12/21 10:45:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenCandy [2012/05/21 09:55:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org [2012/06/08 22:46:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PowerISO [2012/12/21 17:22:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Processing [2012/06/22 13:58:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Scribus [2012/07/30 21:38:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thinstall [2013/01/17 11:29:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software [2012/09/05 12:02:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Wizards of the Coast ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 17/01/2013 12:57:52 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd/MM/yyyy
8,00 Gb Total Physical Memory | 6,22 Gb Available Physical Memory | 77,77% Memory free
15,99 Gb Paging File | 14,03 Gb Available in Paging File | 87,69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 135,23 Gb Total Space | 82,16 Gb Free Space | 60,75% Space Free | Partition Type: NTFS
Drive E: | 97,56 Gb Total Space | 74,47 Gb Free Space | 76,33% Space Free | Partition Type: NTFS
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- Reg Error: Key error. File not found
[HKEY_USERS\S-1-5-21-81297295-3351811074-4104478006-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{11A505AC-23A1-4B49-B78E-BE2C0E2ACFD0}" = lport=2869 | protocol=6 | dir=in | app=system |
"{34530D47-7887-43EE-ADD6-1ED738FA8250}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{3E9F6D9C-4217-4DA9-A2BF-4C7A80AE76BD}" = rport=2869 | protocol=6 | dir=out | app=system |
"{4480CA61-CEED-479B-8B35-40DCFC157658}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{98E87F6C-49D3-4818-A02F-3A42707B4B8B}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{ACA53D3D-52F8-492F-AF19-ED30BA0C72F0}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{B5FA1602-5B28-4A5C-B9F8-B9C1A9F9DE2E}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{CCAABD4B-1F42-4317-B105-55AEE751015A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E742BB19-72D9-4CF1-BE46-7E809FDFE0E3}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{EFB88301-FCF0-48EE-BF08-7FB8F3B4BD9C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EFDF1766-127E-426F-AFC9-3ADAA51AFEAF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F17750E7-F646-4EEB-8C90-80BDA9CBC37A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1053D3E6-79D5-4009-BE18-450BAAA62D7B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2D39B95F-5254-4A3E-8FA8-20E373A91AD7}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{31B33B05-9850-4DB0-80BA-96E6EB09D33C}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{3B1D6892-EF77-461E-AC9D-ABEA9998F27B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5733B164-59E9-4DC1-B101-ABE913CD37EE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5BD66BC2-61AD-4AA4-9899-CCEE69EA22E9}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{5F3D5D0F-EA9F-49CC-BDF1-A0A8ADE06D27}" = protocol=17 | dir=in | app=e:\programme\ni\national instruments\shared\mdns responder\nimdnsresponder.exe |
"{790C5C76-F4EE-4DAE-9730-37D16C628FB6}" = protocol=6 | dir=in | app=e:\programme\ni\national instruments\shared\registrationwizard\bin\registrationwizard.exe |
"{A7F77346-0FB9-4071-9EE4-199D2D721F84}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{ABA3230A-0BBF-4B0B-8A9E-69BC9FFFB5A3}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{B93ED636-FBFF-459F-8B8D-4E850181CF22}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{BD68DDEF-63E8-4DB7-903A-CA12BD894B45}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{BF58160F-2B2B-4EBE-BE62-3FDADC39720A}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{C28E97B9-4191-4D1E-ABB2-69D7CFA46DA4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C4F39CBC-E149-47AD-AA27-55D40B02C0FE}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{C5887AA5-EB7E-462F-93A5-9245DEF7D623}" = protocol=17 | dir=in | app=e:\programme\ni\national instruments\shared\registrationwizard\bin\registrationwizard.exe |
"{CD4A55A3-AC69-4910-B11D-11764353D2A1}" = protocol=17 | dir=in | app=e:\programme\ni\national instruments\shared\ni webserver\systemwebserver.exe |
"{D2A8D9DA-2CA0-4818-A2D8-0D5C84448FCE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DEFAD019-E160-429B-AFBB-26C5E51E13E3}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
"{E56AF7B4-18B1-4B18-9C04-23A0B520D1F1}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{E95B1D4D-6A66-4EF1-9E6F-1DCC5952AFE9}" = protocol=6 | dir=in | app=e:\programme\ni\national instruments\shared\mdns responder\nimdnsresponder.exe |
"{E9F3CA92-CAD3-46F6-BDA4-C9D733553497}" = protocol=6 | dir=in | app=e:\programme\ni\national instruments\shared\ni webserver\systemwebserver.exe |
"TCP Query User{13461911-6626-4C9D-98F2-4E1CCC6D4C5D}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{36861B75-C06E-49FB-957B-3AA1A0AE0EA9}E:\programme\ni\national instruments\shared\registrationwizard\bin\registrationwizard.exe" = protocol=6 | dir=in | app=e:\programme\ni\national instruments\shared\registrationwizard\bin\registrationwizard.exe |
"TCP Query User{372DC337-17F4-445E-926B-16DADED71D1F}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{5E6225F6-582A-4E71-B0FD-B21FE9EBD65D}C:\users\***\main.exe" = protocol=6 | dir=in | app=c:\users\***\main.exe |
"TCP Query User{9A8066C4-AF67-4020-A30C-828A9BFC1D67}C:\windows\system32\rs9110.exe" = protocol=6 | dir=in | app=c:\windows\system32\rs9110.exe |
"TCP Query User{9FA7B7C7-8B30-4AA4-84E7-1DE0451C66FD}C:\users\***\rstcp_server.exe" = protocol=6 | dir=in | app=c:\users\***\rstcp_server.exe |
"TCP Query User{A3F894CA-2B0A-4E99-8C9F-D4AB2CBC7739}E:\programme\ni\national instrumentsnational instruments\labview 2009\labview.exe" = protocol=6 | dir=in | app=e:\programme\ni\national instrumentsnational instruments\labview 2009\labview.exe |
"TCP Query User{E42AADB5-F80D-4D8E-91E9-45CDA2824FBD}E:\programme\ni\national instruments\max\nimax.exe" = protocol=6 | dir=in | app=e:\programme\ni\national instruments\max\nimax.exe |
"TCP Query User{EB9AAD5F-A12B-4BEF-9090-A0B46CB92204}C:\users\***\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{5A89CD44-0249-4B78-B6F9-31BED5310C04}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{708B8A59-1DF4-4E83-A776-BA704C670687}C:\users\***\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{7B76B677-4130-47D8-99C0-9224754E160F}C:\users\***\main.exe" = protocol=17 | dir=in | app=c:\users\***\main.exe |
"UDP Query User{8020A566-56B9-4DD7-84EE-6B372CAC52A8}C:\windows\system32\rs9110.exe" = protocol=17 | dir=in | app=c:\windows\system32\rs9110.exe |
"UDP Query User{8338AE0C-6ED2-4CE6-8343-A21FDFD840B0}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{B87D541C-CBD7-40E6-B141-FBD2966121C2}E:\programme\ni\national instruments\shared\registrationwizard\bin\registrationwizard.exe" = protocol=17 | dir=in | app=e:\programme\ni\national instruments\shared\registrationwizard\bin\registrationwizard.exe |
"UDP Query User{C0F8F64A-2BA3-48E7-B6C1-9011D5E2B48F}E:\programme\ni\national instruments\max\nimax.exe" = protocol=17 | dir=in | app=e:\programme\ni\national instruments\max\nimax.exe |
"UDP Query User{D78BD6B3-88DB-47E5-8189-2859BB7F6BCC}E:\programme\ni\national instrumentsnational instruments\labview 2009\labview.exe" = protocol=17 | dir=in | app=e:\programme\ni\national instrumentsnational instruments\labview 2009\labview.exe |
"UDP Query User{F2452A28-25F5-4867-A35D-B7DC19BFB109}C:\users\***\rstcp_server.exe" = protocol=17 | dir=in | app=c:\users\***\rstcp_server.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{032A9FD2-114E-4DB7-9CE3-4179D40B71C3}" = NI PXI Platform Framework 1.3.0 64-bit
"{042B10AA-8233-A9E0-4DEB-B7253C686DBB}" = AMD Fuel
"{07E00E94-7A78-40FA-9BEF-71C190E98041}" = NI VC2008MSMs x64
"{0B7AFE8D-1265-4025-AD23-3624CEAD4F3C}" = NI Xalan Delay Load 1.10.1 64-bit
"{0C2486A3-EF0D-4C6C-9947-C63D6E8C6E4C}" = NI LabWindows/CVI 2010 SP1 Network Variable Library (64-bit)
"{0C3F8F8A-CE77-4CF1-B54D-9636026E6C2D}" = NI-VISA 5.1.2 Provider 64-bit Support
"{0D5534F6-AF96-489F-A69F-082199EE027F}" = NI Authentication 2.0 (64-bit)
"{0DCAB5DD-CC69-271A-CF03-F2BD6B60BD8A}" = AMD Media Foundation Decoders
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{174443DD-EF03-41F8-A66D-987EBBBC1517}" = NI System State Publisher (64-bit)
"{176468CE-41AB-4A9A-AC38-45A146D39688}" = NI LabWindows/CVI 2010 SP1 Run-Time Engine (64-bit)
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1AED2F27-D33C-4785-AB44-C7F9C3F6CF4F}" = NI-VISA x64 support 5.1.2
"{25DECAB0-6580-4B9C-8174-5AC6C9E2D823}" = NI LabWindows/CVI 2010 SP1 TDM Streaming Library (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86416038FF}" = Java(TM) 6 Update 38 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417010FF}" = Java 7 Update 10 (64-bit)
"{2C304E7A-A1E0-4E56-8679-7B7FC80BE6BE}" = NI-RPC 4.2.2f0 for 64 Bit Windows
"{3268C8FE-AEA7-48A0-ACA5-776CF8A9852F}" = NI-MDBG 1.10.0f0 for 64 Bit Windows
"{3389274C-923A-4536-98CD-4AB0C4064F5A}" = NI Spy Windows 64 Support 3.0.1
"{3AFD5259-24B6-4332-8EEF-9947200DF693}" = NI GMP Windows 64-bit Installer 11.0.0
"{4168FF33-8D45-40B3-B2A8-FD91BB2A1BA0}" = NI mDNS Responder 1.6 for Windows 64-bit
"{46DA7FD9-8BC1-7BA8-98D1-27F46647871B}" = AMD Catalyst Install Manager
"{4E07E126-991F-4BA4-A0B9-35A54DAB3B33}" = NI-ORB 1.9.3f0 for 64 Bit Windows
"{4EBBC187-6988-4B10-A846-E1DBD2AD2B8D}" = NI Math Kernel Libraries (64-bit)
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{504184A2-1B0E-5D93-603A-517E93E7EDB3}" = AMD Accelerated Video Transcoding
"{50B2D9D8-87B6-49EE-BC5C-874119FD6B7B}" = NI Xerces Delay Load 2.7.3 64-bit
"{53794485-921A-4C71-8E82-6F5A15E9ECBA}" = NI Network Discovery 5.0 for Windows 64-bit
"{57580625-C673-7FEA-8791-E84B7AAF5069}" = ccc-utility64
"{5780B596-E0C0-4E78-8671-6C80D2913366}" = NI TDMS (64-bit)
"{59AEDF7C-0D51-48A1-8829-3B4343319B68}" = NI-MXDF 1.11.5f1 for 64 Bit Windows
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{67048E0C-29A5-534C-FF67-83C4BF948D48}" = AMD Drag and Drop Transcoding
"{678EB05F-D317-48C9-9C67-E33AE7C0F900}" = NI MXS 5.0.0 for 64 Bit Windows
"{7248FB25-7FB1-4F2F-BA7E-4BA916830007}" = NI-VISA 5.1.2 64-bit Support
"{74B6BE8E-F209-4A61-B59F-2F165AB0B46C}" = ESET NOD32 Antivirus
"{79253283-47EB-4A67-9014-0CBEC8AE4D0C}" = NI VC2010MSMs x64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{895C2A25-8CB1-4DFE-9816-030841464F74}" = NI-DIM 1.11.0f0 for 64 Bit Windows
"{899576E7-3569-417F-8EFE-EB881BE22EDE}" = NI MAX Remote Configuration 64-bit Installer 5.0
"{8C089519-64BD-48F5-AFDB-CACB1FF51FC4}" = NI-APAL 2.0 64-Bit Error Files
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{922317D8-F321-4F43-9D50-03399CECD597}" = NI MAX Support for 64 Bit Windows
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{974391A4-9358-4122-951C-CE73EF490A40}" = NI System Configuration Runtime 5.0.0 for Windows 64-bit
"{99ACA06A-648E-4045-BF5C-A79EC35DBEE9}" = NI Trace Engine (64-bit)
"{9CE96256-FAF1-4E48-9CA1-02F7ED80A2E6}" = NI Logos64 5.3.0
"{ACDE2A50-97CF-47FE-B92C-ED8147F85A9D}" = NI VC2005MSMs x64
"{B9254715-D10D-4B4B-B002-54CBA61E6F64}" = NI LabVIEW Broker (64 bit)
"{CA7DAF6F-D5F4-46FD-A824-7E0B472C3211}" = NI USI 1.7.0 64-Bit
"{CCC79B52-19CF-4A50-BE60-AEE3DE96B3EA}" = NI Web Pipeline 2.0.1 64-bit support
"{CCD7A659-74D4-4577-A3FE-4E5C8C3AEF14}" = NI-PAL 2.7.0f0 for 64 Bit Windows
"{CFCC7864-15DB-46AB-96A2-69F716E7D963}" = NI Logos64 XT Support
"{D198B514-B24E-43FC-AE19-E634F48B928C}" = NI System API Windows 64-bit 5.0.0
"{D4F0D273-9967-4BD8-B85F-FA03C2504475}" = NI DataSocket 4.7.0 (64-bit)
"{D5D8BFCD-C9F4-488A-B660-8876D02AA572}" = NI Portable Configuration for 64 Bit Windows 5.0.0
"{D754C95D-A80F-471C-819B-EEEDD07C9B0A}" = NI-Mesa
"{D87047B9-BBC5-9941-00B4-719B9E56CACC}" = ATI AVIVO64 Codecs
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DA7916C4-07D8-45D3-9EE7-BE24811554EB}" = NI-DAQmx - LabVIEW shared documentation for 64 Bit Windows 1.5.0
"{DABB1D70-482A-4B92-8B24-052AD650A2B0}" = NI LabWindows/CVI 2010 SP1 Analysis Library (64-bit)
"{DD358747-BDE7-4041-A91B-982519694DA0}" = NI Assistant Framework 64-bit
"{DF7710D3-A41B-4E31-92DD-7C3A829F859E}" = NI System Web Server Base 2.0 (64-bit)
"{E3867DF9-81D4-40BC-880C-1F134FECF995}" = NI Help Assistant (64bit)
"{E45B7F5F-A814-4C15-A0D6-14CEE02AD72D}" = NI SSL Support (64-bit)
"{E807BDD0-9A9F-453B-992A-927F9499B668}" = NI PXI Hardware 64-bit Support 2.6.2
"{EDC7187A-CA7C-472E-81CD-84806FDB1B6F}" = NI Math Kernel Libraries (64-bit)
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F71335BF-CF6B-4ACC-ABCE-BA9DF2031DB8}" = VISA Shared Components 64-Bit
"{FB585470-EFFC-461E-9302-27CA43DD3A74}" = NI PXI SystemAPI Expert 64-bit 2.6.2
"{FFFA9DD7-58D7-464B-BD5B-7224BFC4B039}" = NI Variable Engine (64-bit)
"498B9978CE49397903524B0761200F43EC650044" = Windows-Treiberpaket - FTDI CDM Driver Package (07/12/2010 2.08.02)
"67170FB0228B69BCCBEF8CE14A76953A5505D8EA" = Windows-Treiberpaket - FTDI CDM Driver Package (07/12/2010 2.08.02)
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"WinRAR archiver" = WinRAR 4.11 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0093CF58-3A00-46E0-A3E2-3E684E20C6A6}" = NI Instrument I/O Assistant
"{01415FEA-D7D9-40CF-9370-AF74ABC1AE39}" = NI System API Web-Servce 32-bit 5.0.0
"{01AC4D6A-05F0-4158-95E7-FC299961B50A}" = NI Math Kernel Libraries
"{033F0FD6-07E0-414A-8367-51EB862EFE12}" = NI System Configuration Runtime 5.0.0
"{075CA8A9-25A1-4EA7-885C-8A92AED7DB3A}" = NI LabWindows/CVI Run-Time Engine 2010 SP1 (Updated)
"{094621AC-72E7-4167-8A06-CCDDBEBC233F}" = NI LabVIEW 2009 Help File
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F4EAF80-522A-4D89-8E62-7AEFF54E811E}" = NI MDF Support
"{0F7A6FD0-87F5-FB5D-973C-CF604DE1BC6B}" = CCC Help Polish
"{0FB31DF8-38DF-4C9D-B313-AFAFC3FBA02B}" = NI LVBrokerAux 8.2.1
"{0FD812C9-3BBE-4CC5-A43C-B7304E3EC581}" = NI Web Pipeline 2.0.1
"{0FF78186-41DE-4C50-8C93-EF794068E600}" = NI LabVIEW 2009 Examples
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1296CAF3-F007-4813-A95F-AD153F978DF1}" = AVRStudio4
"{147BD273-B3FC-4D1C-864B-CDF19CEACE67}" = NI-1588 Configuration 1.1.2 LabVIEW 2009 Support
"{1752D07B-9BEB-414F-9B51-AA529101F0E5}" = calibre
"{19C120B7-F7A6-4105-9D62-1F6305B2E2CF}" = NI DataSocket 4.7.0
"{1A9BE3D6-4D53-2C9D-B77D-562D85936B91}" = CCC Help Norwegian
"{1AC600E0-EACF-4FAA-9477-3CE8CE711E19}" = NI LabVIEW 2009 Help
"{1CC6055C-CF22-4FF3-A92E-2B8F7B505173}" = NI-MDBG 1.10.0f0
"{1D6F0B9D-F19E-43AB-9D8E-2E3653212C72}" = NI LabVIEW 2009 MeasAppChm File
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{2108E50D-978D-4D62-A837-4F12A61ADF15}" = NI LabVIEW 2009 License
"{210DFA65-F805-1A2B-4F83-8E27279AE385}" = Catalyst Control Center Graphics Previews Common
"{22923F17-B592-4A7F-84A8-18F3BFC13B94}" = NI Microsoft Silverlight Wrapper
"{25FD6E1F-D73B-44EB-B840-261FF41CFAC5}" = NI Variable Engine LabVIEW 2009 Support
"{268B0789-E2BF-4836-BF05-A6140B4983CA}" = NI MAX Remote Configuration Installer 5.0
"{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 10
"{292382C0-61F7-458A-9008-55F272A4DD9C}" = NI Logos 5.3.0
"{29822CAD-C76A-0BEE-55F5-AAA524DA814F}" = CCC Help Greek
"{2ADC660A-77C9-4A6C-9D4B-5E48A27BCA10}" = NI Help Assistant
"{2B1D39F8-477A-4B40-B062-F5E0C4D42B9B}" = NI LabWindows/CVI 2010 SP1 Low-Level Driver (Original)
"{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}" = CyberLink BD Advisor 2.0
"{2FF17A1B-00A8-4A18-A0D7-6BF2D1510F38}" = NI LabVIEW 2009 Templates
"{30F064A1-6933-4027-BD62-B7BEB1F84711}" = NI LabVIEW 2009 VI.lib
"{3174B721-5400-4259-900D-C804356B0010}" = NI LabVIEW Run-Time Engine 2009 SP1
"{326913E3-E0AF-42A0-8860-BC4B9026DFA3}" = NI System Configuration 5.0.0 LabVIEW Support
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34CEE654-0BE9-4AE5-851F-6C90200D9CD0}" = NI-VISA Runtime 5.1.2
"{34EE2F0F-D6EA-4C36-8315-41107048D48D}" = NI-DAQmx - LabVIEW shared documentation
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39BA78A5-5F6C-47E8-98DC-F4398A541273}" = NI LabVIEW 2009 Manuals
"{3A1293DF-7D09-BB0F-9576-EC47EE4A9362}" = CCC Help Italian
"{3F188640-B4F5-44D5-BBF3-DAB70CF5629B}" = NI LabVIEW Compare Utility 9.0.0
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink LG Burning Tool
"{40D9D764-7FD7-4036-B565-6D94DEEBD4A5}" = NI LabVIEW Merge Utility 9.0.0
"{415780C0-4A19-4567-AAAE-10CCB9832B13}" = NI-RPC 4.2.2f0 for Phar Lap ETS
"{4159DD60-49C1-4323-A1A5-FB060CBA35C5}" = NI Measurement Studio Recipe Processor
"{416B50BB-64CE-46C5-81A6-7F842CC35CDC}" = NI LabVIEW MAX XML
"{41F6CA61-82CB-4615-9A97-252C5D58FA4B}" = NI LabWindows/CVI Run-Time Engine 2010 SP1
"{42E578FB-55B2-4430-8223-E1080FF5EE1C}" = NI Uninstaller
"{44CD79C3-375F-41C8-977E-97BB3E520B30}" = NI Assistant Framework
"{45A5461A-7D1D-4A91-B033-0B85E7AB25C2}" = NI MXS 4.6.0f0 for LabVIEW Real-Time
"{45FA54F6-8574-49D2-9E2D-0BDDE6237822}" = NI LabVIEW Run-Time Engine 8.2.1
"{46BF7707-A511-47E7-B118-0E53DCA1A0EA}" = NI Remote PXI Provider for MAX 5.0.0
"{47416F0B-6589-591E-C6F8-4235D2230B14}" = Catalyst Control Center InstallProxy
"{498754EF-6CB0-4E13-9C5F-2DBD4A6D7482}" = NI-Update-Dienst 2.2.1
"{49F05354-04F7-4AE4-8434-9E7B5462C727}" = NI DN 2.0 SP1 installer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{4C6F8199-E1B2-4F60-9099-A9298D8EA4D6}" = NI-MXDF 1.11.5f1
"{4D581C40-11D0-476B-A943-76506924B722}" = NI-DSM 2009
"{501DACFF-9399-4DBC-AA59-F35C9C6970D2}" = NI-DIM 1.11.0f0
"{50F728C0-9A37-4868-B9E1-42565C228B12}" = Reset NI Config 5.0.0
"{50F9A1FC-39D8-46E8-8234-1A1A68A4033E}" = NI Variable Engine 2.3.0
"{52252F5C-58CD-48ED-8C88-9AAD6FE887B4}" = NI Trace Engine
"{52C3DD72-17E5-4E0D-83A8-FB42FCE3A8EF}" = NI-RPC 4.1.1f0 for Phar Lap ETS
"{56C9725B-CA13-4FAE-8CDB-E70906AFAEE3}" = NI LabWindows/CVI 2009 Code Generator
"{578A6214-6CC6-4043-A9A8-C045DDAE2B39}" = NI Remote Provider for MAX 5.0.0
"{57B77060-04B4-468E-89A9-F68EEE466F57}" = NI USI 1.7.0
"{57F37CA1-6FA3-46D2-8F01-AD3A26FA4E9B}" = NI Assistant Framework LabVIEW Code Generator 2009
"{596C11D1-2285-4057-99F6-735B50EB87E1}" = NI System API RT
"{5ACAF333-CED0-4652-B73C-8F63C65B0376}" = NI LabVIEW 2009 Instr.lib
"{5C0BBD9F-2D3F-4093-AD7B-3F7377E0EDCA}" = NI LabVIEW Real-Time NBFifo
"{5CC95D76-A798-4722-AE76-E494D9664907}" = NI .NET Framework 4.0
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5F123C21-A5E2-4CFB-A6A7-034C9087099F}" = NI Logos XT Support
"{6044C32B-88A6-411F-A9A0-8BB05ACDCED2}" = NI EulaDepot
"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG Tool Kit
"{625FC7D1-656D-1BEC-F86F-3EACAFDAA8FE}" = CCC Help English
"{63EE61AC-1C10-47DE-9307-3B0320CA8AA6}" = NI-1588 Configuration 1.1.2
"{6447FE3A-8B2C-41DB-9791-322B8445B3E9}" = NI LabVIEW Deployable License 2009
"{65589581-920C-CAE1-58C2-2149D3AA3F39}" = HydraVision
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68B7D58E-AB44-4B10-B039-762C907082B7}" = NI-VISA 5.1.2 MAX Provider
"{69FAF7E0-6E43-4845-9BB7-A9D9F7440084}" = NI PXI Platform Services 2.6.2 Expert
"{6F91E2F8-4207-46F1-A656-BB6E41BBD3CE}" = NI System Configuration LV90 Support 5.0.0
"{6FFB1B16-0930-421B-9F2C-E4CB91E3B22D}" = NI VC2010MSMs x86
"{70B565CB-20F8-4685-A6A3-F7673510BF0D}" = NI I/O Trace API LV90
"{70BA7761-629A-4118-BFE0-02753B9019C8}" = NI MXS 5.0.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7351EEF8-9D6C-5F46-5A19-F2C7456CE132}" = CCC Help German
"{74DBB98D-B4A7-4DD9-9E13-C51FDB1105D0}" = NI LabWindows/CVI 2010 SP1 Low-Level Driver (Updated)
"{7559B6F5-180B-479A-A8CD-2175EFBC61F8}" = NI LabVIEW 2009 Deployment Framework
"{75C812EE-06B8-4A47-B37D-9777BE9A644C}" = NI SSL Support
"{76D1943A-FA7A-460F-B622-BD0C02D635EE}" = NI Assistant Framework LabVIEW 2009 Support
"{7888F38C-E534-473D-B029-562173EEA2C8}" = NI-Mesa
"{7C62B54A-E524-4F3D-83E7-0F2ABAFC978A}" = NI Xalan Delay Load 1.10.1
"{7D89ECEB-7E27-4898-812E-80862E91AB94}" = NI Portable Configuration 5.0.0
"{7E3668CB-1228-416E-B721-C2FA3247B985}" = NI LabVIEW Real-Time FIFO for Runtime
"{7F172E34-4107-8964-6AEA-5051FFD265FF}" = CCC Help Portuguese
"{7FB07065-F547-448A-A1C3-1F2EF5EB834F}" = NI LabWindows/CVI 2010 SP1 Network Variable Library
"{80C792E1-78BC-4F4A-839E-BCD107770938}" = NI System API Windows 32-bit 5.0.0
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{82D29FE9-9F5A-4EF7-BBA1-EF107DDB2E64}" = NI Certificates Deployment Support
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86095E92-1959-8364-920E-82E81F64F8FB}" = AMD VISION Engine Control Center
"{86CD8FBB-39DA-4E20-B258-EC34D6437D88}" = NI-APAL 2.0 Error Files
"{886C3E95-4032-45C8-92F6-57861871635A}" = NI Software Provider for MAX 5.0.0
"{88D1DA3C-09FA-4CA7-BB6B-2CEACCFA95D5}" = NI System State Publisher
"{89A7BD8C-0FC3-49EF-9072-5C8371C0A4D6}" = NI LabVIEW Web Services Runtime
"{89D05F35-933A-89C0-B935-C92BEE4229BD}" = CCC Help French
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A1369C7-A314-465C-8C96-040A427CBC85}" = NI LabVIEW 2009 Project
"{8AF869D1-F416-4855-8177-EB75D73CC992}" = NI LabVIEW 2009 Web Server
"{8B43117B-7D68-45D4-8774-32F0B10535B4}" = NI LabVIEW 2009 Deutsch
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F7B9C3D-9F99-4510-BF38-8818709C3A96}" = NI System Web Server Base 2.0
"{9033A0BF-9B8A-4C27-812B-40BA10855E2D}" = NI LabVIEW 2009 Simulation
"{90ABA0A4-9393-4A17-AB0E-534CE40FB9AF}" = NI LabVIEW 2009 CINtools
"{91B22937-173B-434A-84C5-CEB8F58871FC}" = NI IO Trace 3.0.1
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{94AEBDCC-159F-4CBB-ABDE-B16483D2CF6C}" = NI LabWindows/CVI 2010 SP1 Analysis Library
"{94C3324A-2DF8-44F0-9FF9-204E9C936527}" = NI MetaSuite Installer
"{959E4378-CCA1-E4E4-2425-793DA92E8D95}" = CCC Help Czech
"{96BB3C67-4EB4-9757-E0C2-C0D2FE9053B1}" = CCC Help Turkish
"{974F4B73-2017-E174-9070-3F58F01B341F}" = CCC Help Danish
"{98B874D4-D8A4-40BE-B82A-36E902C84289}" = NI-ORB 1.9.3f0
"{98E20A18-3C29-86FA-50B4-918C2B34A082}" = CCC Help Hungarian
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D500758-F84E-4B0D-85CC-579DD1F579ED}" = NI PXI Platform Services 2.6.2
"{9E2E5EB3-DC6E-9277-E9DB-13175E7DDA39}" = CCC Help Dutch
"{9F7DBC83-611C-4407-8817-8FD63E149288}" = NI SSL LabVIEW 2009 Support
"{A06A7065-FCA1-4D3C-BE65-2837ACCB135D}" = NI LabWindows/CVI 2010 SP1 TDM Streaming Library
"{A0A20C35-FA6C-471D-ADA6-FFB1604157BD}" = NI-PAL 2.7.0f0
"{A29EC1AF-7077-4E6E-B4EB-30A719117268}" = NI System Web Server 2.0
"{A34D1ADB-6E94-4F42-9D8E-BA2A94C6AAB2}" = NI LabVIEW 2009 gMath
"{A363C314-2242-4BBE-9ADE-B427AF646EFF}" = NI mDNS Responder 1.6.0
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A96395DA-AFC5-459E-A374-CE10E84FEEB2}" = NI TDM Excel Add-In 2.1
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAACC0A5-4382-04D0-C75E-0669C7B949B6}" = CCC Help Japanese
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB9BBC2E-83F6-47A9-9FA3-08D3774F8E45}" = NI-RPC 4.2.2f0
"{ABD79E99-F9E3-413B-8D18-11070754355F}" = NI Math Kernel Libraries
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{ACEF4078-9B86-2455-E18D-34D52D37D9D5}" = CCC Help Chinese Standard
"{AD3F600F-EF24-4145-9514-B4F8A685F944}" = NI PXI Platform Services 2.6.2 Configuration Support
"{AF32BE73-E284-444E-B310-7EE80192949B}" = NI LabWindows/CVI DLL Builder for LabVIEW
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1EE55C1-F98B-40AB-AF0C-422ECCC88454}" = NI Measurement & Automation Explorer 5.0.0
"{B2BDA3BC-29BE-49C1-A30E-15DA8D041601}" = NI License Manager
"{B378AD16-8A9F-47B2-8225-3CB339465FAF}" = NI PXI Platform Framework 1.3.0
"{B4285CA3-3EA6-43AD-BD87-DBF842581AB2}" = NI LabVIEW 2009 WWW
"{B55FB422-B803-11F5-5582-B3666EA1B9AC}" = Catalyst Control Center Localization All
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{B8010864-15F8-613B-20EF-AC35B14B3E0D}" = CCC Help Russian
"{B8E65E0D-30D8-49BD-B92C-0E77A09545D6}" = NI MAX LabVIEW Support 4.6.0
"{C0DE25AE-B0E5-4D4B-96CE-EE757066D0BA}" = NI Network Discovery 5.0
"{C1342411-5A98-DE8A-5629-D0C518E1C280}" = CCC Help Finnish
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C9A91453-88C1-49A0-A719-86DA2D463734}" = NI-VISA Server 5.1.0
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CEDA69AF-DD7A-42A8-B6D3-65BA0592D34E}" = NI Instrument IO Assistant for LabVIEW 9.0 32
"{CF30E2B5-A7A7-47AD-8B03-22A27D4E9971}" = NI LabVIEW 2011 Real-Time Error Dialog
"{D08B4177-5160-6B66-8934-2F9012134D61}" = CCC Help Thai
"{D1032C80-FBB6-450B-8C79-B7F9A64DFFEF}" = NI Logos LabVIEW 2009 Support
"{D34A6029-FB1A-9EA8-A938-5393F82A3A00}" = CCC Help Korean
"{D361B9E5-E918-48CB-BEC3-8E44A5F6E624}" = NI LabVIEW 2009 SP1 Run-Time Engine Web Services
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5BB7AAE-62F4-4C4F-B272-F27AEE16BA7F}" = NI TDMS
"{D5D88F8F-FDA4-4CF4-9F3E-3F40118C2120}" = AVRStudio4
"{D69E0672-CDB3-4F3D-BE65-9CDB6803F60E}" = NI LabVIEW 2009 Applibs
"{DA5DEB6B-E108-4652-BFEC-C9B95446F244}" = Advanced IP Scanner
"{DB0D5AFF-0B60-4287-9BC2-F4AE797B02F4}" = NI Authentication 2.0
"{DB2C5648-700D-4AEF-83E1-70C72F0C34FA}" = NI Math Kernel Libraries
"{DBAF9288-7503-48AC-A43F-B00B4EA0F145}" = NI PXI SystemAPI Expert 2.6.2
"{DEC25D81-2317-47F6-8B26-D54A939DA1EE}" = NI LabVIEW C Interface
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0D8CD4E-4771-4848-A09D-60A31D883883}" = NI VC2005MSMs x86
"{E1D60C68-016C-4951-8C1F-52E24DFE7836}" = NI CodeSignAPI
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E37CCD6C-56C1-43C7-B2FA-24A32B6B09F7}" = NI Example Finder 9.0
"{E3A09D13-4D40-3CF8-7D32-8BD55F8D1533}" = CCC Help Spanish
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E538C96B-606E-47E3-84D5-62BE82A69E39}" = NI LabVIEW 2009 Resource
"{E6068691-1FBC-4EF0-87E8-609CDB32038A}" = NI Xerces Delay Load 2.7.3
"{E69A31C9-F24F-4A1A-BEAD-B1AA255760C1}" = NI Registration Wizard
"{E84997A1-4D6F-4C0B-B60D-F85B360D2666}" = NI VC2008MSMs x86
"{EA28C7E9-B586-44DB-97B8-886503324CB8}" = NI-1588 Configuration 1.1.2 LabVIEW API Core
"{EBC6DA72-25C9-45E1-9CE4-7EEBC6440538}" = NI LabVIEW 2009 User.lib
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 1.60.13
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F19E2B0A-2249-45DA-92DB-0CE0DEB8E8A4}" = NI OPC Support
"{F2C35491-9323-3AE7-6023-6B4128045153}" = CCC Help Swedish
"{F37CC885-1E37-4F2A-93F3-7F1E1EEBBEBB}" = NI LabVIEW Broker
"{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE)
"{F6C682B6-7714-41CC-80B6-3288364910AF}" = NI GMP Windows 32-bit Installer 11.0.0
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA954510-7E2F-4432-9309-4638F836F2C7}" = NI-VISA 5.1.2
"{FC66A32F-1A57-AC5C-4F12-DAC2F4CB77A0}" = CCC Help Chinese Traditional
"{FE24BCDF-9231-450D-AA08-D3550B81EE41}" = NI LabVIEW Web Server for Run-Time Engine
"{FF06AE31-83AF-4277-A719-E697C310D95C}" = NI LabVIEW 2009 Menus
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FF82AEC3-C821-4716-BD9C-10434178EA39}" = NI LabVIEW Run-Time Engine Interop 2009
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Diagram Designer" = Diagram Designer
"DivX Setup" = DivX-Setup
"Flowino_is1" = Flowino
"Free YouTube Download_is1" = Free YouTube Download version 3.1.42.1212
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.37.1212
"ifolor-Designer" = ifolor Designer
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink LG Burning Tool
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 9.3.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"MKV Player_is1" = MKV Player 2.1
"Mozilla Firefox 18.0 (x86 de)" = Mozilla Firefox 18.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NI Uninstaller" = National Instruments - Software
"PowerISO" = PowerISO
"Tera Term_is1" = Tera Term 4.73
"TuneUp Utilities 2013" = TuneUp Utilities 2013
"VISASharedComponents" = VISA Shared Components 64-Bit
"WinAVR-20100110" = WinAVR 20100110 (remove only)
"WinLiveSuite" = Windows Live Essentials
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-81297295-3351811074-4104478006-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CodeBlocks" = CodeBlocks
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 17/01/2013 06:15:19 | Computer Name = ***-PC | Source = LabVIEW | ID = 3299
Description = LabVIEW information: Error: 404 "Not Found" for "national instruments/ni-rpc/interface/eadfc80d-1e6f-425b-8986-12ccef98f646",
file "e:/programme/ni/national instruments/shared/ni webserver/www/national instruments/ni-rpc/interface/eadfc80d-1e6f-425b-8986-12ccef98f646":
Can't access URL .
Error - 17/01/2013 06:15:19 | Computer Name = ***-PC | Source = LabVIEW | ID = 3299
Description = LabVIEW information: Error: 404 "Not Found" for "national instruments/ni-rpc/interface/eadfc80d-1e6f-425b-8986-12ccef98f646",
file "e:/programme/ni/national instruments/shared/ni webserver/www/national instruments/ni-rpc/interface/eadfc80d-1e6f-425b-8986-12ccef98f646":
Can't access URL .
Error - 17/01/2013 06:15:19 | Computer Name = ***-PC | Source = LabVIEW | ID = 3299
Description = LabVIEW information: Error: 404 "Not Found" for "national instruments/ni-rpc/interface/eadfc80d-1e6f-425b-8986-12ccef98f646",
file "e:/programme/ni/national instruments/shared/ni webserver/www/national instruments/ni-rpc/interface/eadfc80d-1e6f-425b-8986-12ccef98f646":
Can't access URL .
Error - 17/01/2013 06:15:19 | Computer Name = ***-PC | Source = LabVIEW | ID = 3299
Description = LabVIEW information: Error: 404 "Not Found" for "national instruments/ni-rpc/interface/eadfc80d-1e6f-425b-8986-12ccef98f646",
file "e:/programme/ni/national instruments/shared/ni webserver/www/national instruments/ni-rpc/interface/eadfc80d-1e6f-425b-8986-12ccef98f646":
Can't access URL .
Error - 17/01/2013 06:15:19 | Computer Name = ***-PC | Source = LabVIEW | ID = 3299
Description = LabVIEW information: Error: 404 "Not Found" for "national instruments/ni-rpc/interface/eadfc80d-1e6f-425b-8986-12ccef98f646",
file "e:/programme/ni/national instruments/shared/ni webserver/www/national instruments/ni-rpc/interface/eadfc80d-1e6f-425b-8986-12ccef98f646":
Can't access URL .
Error - 17/01/2013 06:15:19 | Computer Name = ***-PC | Source = LabVIEW | ID = 3299
Description = LabVIEW information: Error: 404 "Not Found" for "national instruments/ni-rpc/interface/eadfc80d-1e6f-425b-8986-12ccef98f646",
file "e:/programme/ni/national instruments/shared/ni webserver/www/national instruments/ni-rpc/interface/eadfc80d-1e6f-425b-8986-12ccef98f646":
Can't access URL .
Error - 17/01/2013 06:15:19 | Computer Name = ***-PC | Source = LabVIEW | ID = 3299
Description = LabVIEW information: Error: 404 "Not Found" for "national instruments/ni-rpc/interface/eadfc80d-1e6f-425b-8986-12ccef98f646",
file "e:/programme/ni/national instruments/shared/ni webserver/www/national instruments/ni-rpc/interface/eadfc80d-1e6f-425b-8986-12ccef98f646":
Can't access URL .
Error - 17/01/2013 06:16:44 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
Error - 17/01/2013 07:32:26 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
Error - 17/01/2013 07:57:37 | Computer Name = ***-PC | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.69.0 kann nicht mehr unter Windows ausgeführt
werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 16b0 Startzeit:
01cdf4a95b123131 Endzeit: 30 Anwendungspfad: C:\Users\***\Desktop\OTL.exe Berichts-ID:
0eb61dfd-609d-11e2-8ea2-f46d04ecb023
[ System Events ]
Error - 16/01/2013 15:20:44 | Computer Name = ***-PC | Source = bowser | ID = 8003
Description =
Error - 16/01/2013 15:26:58 | Computer Name = ***-PC | Source = ipnathlp | ID = 31004
Description =
Error - 17/01/2013 05:05:54 | Computer Name = ***-PC | Source = ipnathlp | ID = 31004
Description =
Error - 17/01/2013 05:06:32 | Computer Name = ***-PC | Source = ipnathlp | ID = 31004
Description =
Error - 17/01/2013 05:06:43 | Computer Name = ***-PC | Source = ipnathlp | ID = 31004
Description =
Error - 17/01/2013 05:10:15 | Computer Name = ***-PC | Source = ipnathlp | ID = 31004
Description =
Error - 17/01/2013 05:13:49 | Computer Name = ***-PC | Source = ipnathlp | ID = 31004
Description =
Error - 17/01/2013 05:13:55 | Computer Name = ***-PC | Source = ipnathlp | ID = 31004
Description =
Error - 17/01/2013 06:21:47 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "ESET Service" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error - 17/01/2013 07:31:47 | Computer Name = ***-PC | Source = ipnathlp | ID = 31004
Description =
< End of report >
Weil beim Hochfahren kommt die Meldung nicht mehr, kann ich mir das neu aufsetzten von Win7 sparen? MfG Exkluski |
|
17.01.2013, 14:57
| #2 |
| /// Malware-holic   | trojaner ruper0dun.exe entfernen ein paar fragen hi
__________________C:\Users\***\Downloads\ConnectifyHotspot\Connectify.Pro.Keygen.by.Raj\Keygen.exe (RiskWare.Tool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\Downloads\LabVIEW 8.5 deutsch\LabVIEW 8.5 deutsch\Crack\keygen.exe (Riskware.Tool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt. da du raubkopieen nutzt, und dies illegal in deutschland ist, bekommst du hier nur Hilfe beim Formatieren, neu aufsetzen und PC absichern: der pc muss neu aufgesetzt und dann abgesichert werden 1. Datenrettung:
ich werde außerdem noch weitere punkte dazu posten. 4. alle Passwörter ändern! 5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen. 6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.
__________________ |
|
| Themen zu trojaner ruper0dun.exe entfernen ein paar fragen |
| antivir, antivirus, avg secure search, bho, browser, cid, compare, converter, entfernen, error, eset nod32, excel, firefox, flash player, helper, homepage, iexplore.exe, install.exe, libusb0.sys, logfile, mp3, msiexec.exe, national, object, plug-in, poweriso, problem, problem beim starten von c, realtek, scan, secure search, security, software, starten, svchost.exe, trojaner, vdeck.exe |
Linear-Darstellung
