Weiterleitung nach google Suche + amazon Daten ausgepäht

motzerrobo · 19.03.2012, 00:01

OLT File

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 18.03.2012 23:35:35 - Run 1
OTL by OldTimer - Version 3.2.39.1     Folder = C:\Users\motzer\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,29 Gb Available Physical Memory | 64,46% Memory free
4,00 Gb Paging File | 2,81 Gb Available in Paging File | 70,29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222,78 Gb Total Space | 137,04 Gb Free Space | 61,51% Space Free | Partition Type: NTFS
Drive D: | 232,83 Gb Total Space | 41,77 Gb Free Space | 17,94% Space Free | Partition Type: NTFS
Drive E: | 10,00 Gb Total Space | 6,74 Gb Free Space | 67,37% Space Free | Partition Type: NTFS
Drive F: | 47,14 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive M: | 2,34 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: STEEL | User Name: motzer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.03.18 23:34:36 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\motzer\Desktop\OTL.exe
PRC - [2012.01.03 14:10:50 | 000,815,512 | ---- | M] (Adobe Systems Inc.) -- C:\Programme\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.11.17 08:25:00 | 000,050,328 | ---- | M] (National Instruments Corporation) -- C:\Programme\National Instruments\Shared\NI WebServer\SystemWebServer.exe
PRC - [2011.08.30 17:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011.08.03 04:20:34 | 000,580,416 | ---- | M] (Autodesk, Inc.) -- C:\Programme\Autodesk\Inventor 2012\Moldflow\bin\mitsijm.exe
PRC - [2011.07.28 21:55:14 | 001,082,368 | ---- | M] () -- C:\Programme\Air Mouse\Air Mouse\Air Mouse.exe
PRC - [2011.07.06 10:41:30 | 000,039,080 | ---- | M] (RPA Technology) -- C:\Programme\Air Mouse\Air Mouse\Mobile Mouse Service.exe
PRC - [2011.07.04 15:35:01 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.06.24 05:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.06.19 08:29:04 | 000,619,672 | ---- | M] (National Instruments Corporation) -- C:\Programme\National Instruments\Shared\NI Error Reporting\nierserver.exe
PRC - [2011.06.14 17:57:10 | 000,012,696 | ---- | M] (National Instruments Corporation) -- C:\Programme\National Instruments\MAX\nimxs.exe
PRC - [2011.06.10 14:11:20 | 000,121,032 | ---- | M] (National Instruments Corporation) -- C:\Programme\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe
PRC - [2011.06.01 16:32:14 | 000,194,224 | ---- | M] (National Instruments Corporation) -- C:\Programme\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
PRC - [2011.05.27 13:43:48 | 000,050,336 | ---- | M] (National Instruments Corporation) -- C:\Programme\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
PRC - [2011.03.28 15:15:17 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.03.28 15:15:04 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.03.28 15:14:56 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.03.23 23:34:18 | 000,435,152 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.11.20 13:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2010.10.22 02:00:00 | 002,105,344 | R--- | M] (AVM Berlin) -- C:\Programme\avmwlanstick\WLanGUI.exe
PRC - [2010.10.22 02:00:00 | 000,376,832 | R--- | M] (AVM Berlin) -- C:\Programme\avmwlanstick\WLanNetService.exe
PRC - [2009.12.01 13:22:54 | 000,061,952 | ---- | M] (ASUSTeK COMPUTER INC.) -- C:\Windows\System32\ATKFUSService.exe
PRC - [2009.11.30 14:17:00 | 000,417,792 | ---- | M] () -- C:\Programme\ASUS\GamerOSD\ATKFastUserSwitching.exe
PRC - [2009.11.18 06:45:56 | 000,368,640 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009.11.18 06:45:26 | 000,172,032 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009.07.27 10:13:28 | 000,061,440 | ---- | M] () -- C:\Windows\System32\ASDR.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.03.16 22:04:31 | 000,177,560 | ---- | M] () -- C:\Users\motzer\AppData\Roaming\07016\components\AcroFF.dll
MOD - [2012.03.16 22:04:24 | 000,005,624 | ---- | M] () -- C:\Users\motzer\AppData\Roaming\BAcroIEHelpe.dll
MOD - [2012.03.15 20:44:12 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\08d608378aa405adc844f3cf36974b8c\Microsoft.VisualBasic.ni.dll
MOD - [2012.03.15 18:51:12 | 012,432,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll
MOD - [2012.03.15 18:50:43 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5cae93d923c8378370758489e5535820\System.Runtime.Remoting.ni.dll
MOD - [2012.03.15 18:50:33 | 011,819,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\da5da08245467818759aa44c4eb948e1\System.Web.ni.dll
MOD - [2012.03.15 18:50:24 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
MOD - [2012.03.15 18:49:56 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\461d3b6b3f43e6fbe6c897d5936e17e4\System.Xml.ni.dll
MOD - [2012.03.15 18:49:51 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bc09ad2d49d8535371845cd7532f9271\System.Configuration.ni.dll
MOD - [2012.03.15 18:49:49 | 007,963,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
MOD - [2012.03.15 18:48:34 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
MOD - [2012.03.14 01:04:27 | 000,053,248 | ---- | M] () -- C:\Users\motzer\AppData\Local\Temp\catchme.dll
MOD - [2012.01.03 14:10:54 | 000,019,968 | ---- | M] () -- C:\Programme\Adobe\Acrobat 10.0\Acrobat\Locale\de_DE\AcroTray.DEU
MOD - [2011.09.29 08:09:51 | 001,833,944 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2011.07.28 21:55:14 | 001,082,368 | ---- | M] () -- C:\Programme\Air Mouse\Air Mouse\Air Mouse.exe
MOD - [2011.07.27 13:53:51 | 001,703,936 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Wizard\2.0.3609.23390__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Wizard.dll
MOD - [2011.07.27 13:53:51 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3609.23357__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2011.07.27 13:53:51 | 000,372,736 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3609.23260__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2011.07.27 13:53:51 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3609.23281__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2011.07.27 13:53:51 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3609.23336__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2011.07.27 13:53:51 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3609.23269__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2011.07.27 13:53:51 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3609.23316__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2011.07.27 13:53:51 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3609.23306__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2011.07.27 13:53:51 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3609.23275__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2011.07.27 13:53:51 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3609.23270__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2011.07.27 13:53:50 | 000,643,072 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.3609.23369__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll
MOD - [2011.07.27 13:53:50 | 000,409,600 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3609.23331__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2011.07.27 13:53:50 | 000,356,352 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3609.23322__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2011.07.27 13:53:50 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3609.23322__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2011.07.27 13:53:50 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3609.23368__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll
MOD - [2011.07.27 13:53:50 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3609.23358__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2011.07.27 13:53:50 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3609.23321__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2011.07.27 13:53:50 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Runtime\2.0.3609.23390__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Runtime.dll
MOD - [2011.07.27 13:53:49 | 001,142,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3609.23385__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dashboard.dll
MOD - [2011.07.27 13:53:49 | 000,827,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3609.23308__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2011.07.27 13:53:49 | 000,573,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3609.23282__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2011.07.27 13:53:49 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3609.23307__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2011.07.27 13:53:49 | 000,372,736 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3609.23302__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2011.07.27 13:53:49 | 000,344,064 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Dashboard.Shared\2.0.3609.23298__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Dashboard.Shared.dll
MOD - [2011.07.27 13:53:49 | 000,270,336 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2011.07.27 13:53:49 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3609.23282__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2011.07.27 13:53:49 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3609.23308__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2011.07.27 13:53:49 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3609.23313__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2011.07.27 13:53:49 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3609.23306__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2011.07.27 13:53:49 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3609.23313__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2011.07.27 13:53:49 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3609.23286__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2011.07.27 13:53:49 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3609.23307__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2011.07.27 13:53:49 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3609.23315__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2011.07.27 13:53:49 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3589.25834__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2011.07.27 13:53:49 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3589.25817__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2011.07.27 13:53:49 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3589.25847__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2011.07.27 13:53:49 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3589.25854__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2011.07.27 13:53:48 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3589.25791__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2011.07.27 13:53:48 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3589.25794__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2011.07.27 13:53:48 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll
MOD - [2011.07.27 13:53:48 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3589.25837__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2011.07.27 13:53:48 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2011.07.27 13:53:48 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3589.25951__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll
MOD - [2011.07.27 13:53:48 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3589.25922__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2011.07.27 13:53:48 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3589.25916__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2011.07.27 13:53:48 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2011.07.27 13:53:47 | 000,151,552 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3589.25814__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2011.07.27 13:53:47 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3589.25796__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2011.07.27 13:53:47 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3589.25948__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll
MOD - [2011.07.27 13:53:47 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3589.25848__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2011.07.27 13:53:47 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3589.25945__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2011.07.27 13:53:47 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2011.07.27 13:53:47 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3589.25905__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2011.07.27 13:53:47 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3589.26042__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2011.07.27 13:53:47 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MultiVPU4.Graphics.Shared\2.0.3589.25921__90ba9c70f846762e\CLI.Aspect.MultiVPU4.Graphics.Shared.dll
MOD - [2011.07.27 13:53:47 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3589.25822__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2011.07.27 13:53:47 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerXpress.Graphics.Shared\2.0.3589.25946__90ba9c70f846762e\CLI.Aspect.PowerXpress.Graphics.Shared.dll
MOD - [2011.07.27 13:53:47 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3589.25829__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2011.07.27 13:53:47 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3589.25810__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2011.07.27 13:53:47 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Shared\2.0.3589.25907__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Shared.dll
MOD - [2011.07.27 13:53:47 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3589.25838__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2011.07.27 13:53:47 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3589.25917__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2011.07.27 13:53:47 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2011.07.27 13:53:47 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3589.25832__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2011.07.27 13:53:47 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3589.25896__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2011.07.27 13:53:47 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3589.25844__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2011.07.27 13:53:46 | 000,741,376 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3609.23384__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll
MOD - [2011.07.27 13:53:46 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3609.23351__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2011.07.27 13:53:46 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3609.23350__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2011.07.27 13:53:46 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3589.25859__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2011.07.27 13:53:46 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3589.25846__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2011.07.27 13:53:46 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3589.25888__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2011.07.27 13:53:46 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3609.23363__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2011.07.27 13:53:46 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3589.25806__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2011.07.27 13:53:46 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3589.25831__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2011.07.27 13:53:46 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3589.25857__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2011.07.27 13:53:46 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3589.25801__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2011.07.27 13:53:46 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3589.25893__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2011.07.27 13:53:46 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3589.25912__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2011.07.27 13:53:46 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3589.25825__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2011.07.27 13:53:46 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.ALICrossfire.Graphics.Shared\2.0.3589.25863__90ba9c70f846762e\CLI.Aspect.ALICrossfire.Graphics.Shared.dll
MOD - [2011.07.27 13:53:46 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3589.25839__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2011.07.27 13:53:46 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3589.25862__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2011.07.27 13:53:46 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3589.25819__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll
MOD - [2011.07.27 13:53:46 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3589.25856__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2011.07.27 13:53:46 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3589.25858__90ba9c70f846762e\APM.Foundation.dll
MOD - [2011.07.27 13:53:46 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3589.25836__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2011.07.27 13:53:46 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3609.23257__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2011.07.27 13:53:45 | 001,220,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3609.23265__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2011.07.27 13:53:45 | 000,565,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3609.23345__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2011.07.27 13:53:45 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3609.23275__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2011.07.27 13:53:45 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3609.23257__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2011.07.27 13:53:45 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3609.23259__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2011.07.27 13:53:45 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3589.25849__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2011.07.27 13:53:45 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3589.25851__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2011.07.27 13:53:44 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3609.23255__90ba9c70f846762e\APM.Server.dll
MOD - [2011.07.27 13:53:44 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3609.23256__90ba9c70f846762e\AEM.Server.dll
MOD - [2011.07.27 13:53:44 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3589.25826__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2011.07.27 13:53:44 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2011.07.27 13:53:44 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3589.25865__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2011.07.27 13:53:44 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormatSelection.Graphics.Dashboard.Shared.Private\2.0.3589.25903__90ba9c70f846762e\CLI.Aspect.CustomFormatSelection.Graphics.Dashboard.Shared.Private.dll
MOD - [2011.07.27 13:53:44 | 000,019,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3609.23351__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2011.06.19 08:29:06 | 001,967,104 | ---- | M] () -- C:\Programme\National Instruments\Shared\NI Error Reporting\niwsrp.dll
MOD - [2011.06.14 13:19:58 | 000,025,600 | ---- | M] () -- C:\Programme\Air Mouse\Air Mouse\BonjourService.dll
MOD - [2011.03.16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2011.03.02 11:40:51 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2010.11.05 02:59:41 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2009.11.30 14:17:00 | 000,417,792 | ---- | M] () -- C:\Programme\ASUS\GamerOSD\ATKFastUserSwitching.exe
MOD - [2009.07.14 09:47:13 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2009.07.14 09:47:12 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2008.12.10 10:19:08 | 000,430,080 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.11.17 08:25:00 | 000,050,328 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Programme\National Instruments\Shared\NI WebServer\SystemWebServer.exe -- (niSvcLoc)
SRV - [2011.10.10 23:27:16 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011.10.04 20:49:27 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.08.30 17:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011.08.03 04:20:34 | 000,580,416 | ---- | M] (Autodesk, Inc.) [Auto | Running] -- C:\Programme\Autodesk\Inventor 2012\Moldflow\bin\mitsijm.exe -- (mitsijm2012)
SRV - [2011.07.04 15:35:01 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.06.14 17:57:10 | 000,012,696 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Programme\National Instruments\MAX\nimxs.exe -- (mxssvr)
SRV - [2011.06.14 11:54:08 | 000,676,016 | ---- | M] (National Instruments Corporation) [Auto | Stopped] -- C:\Programme\National Instruments\Shared\Tagger\tagsrv.exe -- (NITaggerService)
SRV - [2011.06.14 09:11:10 | 000,362,104 | ---- | M] (National Instruments Corporation) [Auto | Stopped] -- C:\Programme\National Instruments\Shared\Security\nidmsrv.exe -- (NIDomainService)
SRV - [2011.06.14 09:08:24 | 000,056,952 | ---- | M] (National Instruments Corporation) [Auto | Stopped] -- C:\Windows\System32\lktsrv.exe -- (lkTimeSync)
SRV - [2011.06.14 09:00:10 | 000,046,192 | ---- | M] (National Instruments Corporation) [Auto | Stopped] -- C:\Windows\System32\lkads.exe -- (lkClassAds)
SRV - [2011.06.12 10:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011.06.10 14:11:20 | 000,121,032 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Programme\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe -- (NINetworkDiscovery)
SRV - [2011.06.01 16:32:14 | 000,194,224 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Programme\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe -- (nimDNSResponder)
SRV - [2011.05.27 13:43:48 | 000,050,336 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Programme\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe -- (NIApplicationWebServer)
SRV - [2011.03.28 15:15:04 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.03.23 23:34:18 | 000,435,152 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent)
SRV - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.10.27 09:43:38 | 000,695,136 | ---- | M] (National Instruments, Inc.) [Auto | Stopped] -- C:\Windows\System32\lkcitdl.exe -- (LkCitadelServer)
SRV - [2010.10.22 02:00:00 | 000,376,832 | R--- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service)
SRV - [2010.08.02 10:00:00 | 001,427,688 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\National Instruments\Shared\License Manager\Bin\lmgrd.exe -- (NILM License Manager)
SRV - [2010.01.09 20:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 20:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.12.01 13:22:54 | 000,061,952 | ---- | M] (ASUSTeK COMPUTER INC.) [Auto | Running] -- C:\Windows\System32\ATKFUSService.exe -- (ATKFUSService)
SRV - [2009.11.18 06:45:26 | 000,172,032 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009.07.27 10:13:28 | 000,061,440 | ---- | M] () [Auto | Running] -- C:\Windows\System32\ASDR.exe -- (ASDR)
SRV - [2009.07.14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.06.03 10:26:34 | 000,098,304 | ---- | M] (OPC Foundation) [On_Demand | Stopped] -- C:\Windows\System32\Opcenum.exe -- (OpcEnum)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Running] -- C:\Users\motzer\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2011.11.04 20:34:56 | 000,019,552 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cvintdrv.sys -- (cvintdrv)
DRV - [2011.08.16 15:25:01 | 000,722,416 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2011.07.27 13:54:55 | 000,014,336 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\EIO.sys -- (EIO)
DRV - [2011.07.20 08:46:04 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.)
DRV - [2011.07.20 08:46:04 | 000,077,624 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV - [2011.07.04 15:35:01 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.07.04 15:35:01 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.06.29 13:49:48 | 000,011,968 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nipalfwedl.sys -- (nipalfwedl)
DRV - [2011.06.29 13:48:18 | 000,011,968 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nipalusbedl.sys -- (nipalusbedl)
DRV - [2011.06.29 13:41:00 | 000,584,856 | ---- | M] (National Instruments Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nipalk.sys -- (NIPALK)
DRV - [2011.06.15 09:23:56 | 000,060,156 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2011.05.10 07:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2011.03.23 23:25:38 | 000,019,680 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva)
DRV - [2011.03.23 23:25:14 | 000,077,968 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\acsock.sys -- (acsock)
DRV - [2011.01.21 13:52:18 | 000,381,032 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\Windows\System32\drivers\Uim_IM.sys -- (Uim_IM)
DRV - [2011.01.21 13:52:18 | 000,057,112 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hotcore3.sys -- (hotcore3)
DRV - [2011.01.21 13:52:18 | 000,040,824 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Running] -- C:\Windows\System32\drivers\UimBus.sys -- (UimBus)
DRV - [2010.11.20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.10.22 01:01:00 | 000,586,752 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fwlanusbn.sys -- (fwlanusbn)
DRV - [2010.10.22 01:01:00 | 000,004,352 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avmeject.sys -- (avmeject)
DRV - [2010.10.22 01:00:00 | 000,265,088 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fwlanusb.sys -- (FWLANUSB)
DRV - [2010.09.02 08:18:48 | 000,017,920 | ---- | M] (Shrew Soft Inc) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\vfilter.sys -- (vflt)
DRV - [2010.09.02 08:18:48 | 000,013,824 | ---- | M] (Shrew Soft Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\virtualnet.sys -- (vnet)
DRV - [2010.08.31 11:43:36 | 000,195,968 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2010.06.17 14:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.03.24 12:27:44 | 000,015,448 | ---- | M] (National Instruments Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nipbcfk.sys -- (nipbcfk)
DRV - [2009.12.08 20:24:26 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Programme\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys -- (VSPerfDrv100)
DRV - [2009.11.18 07:20:34 | 005,140,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009.10.08 12:41:46 | 000,063,488 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\silabser.sys -- (silabser)
DRV - [2009.10.08 12:41:46 | 000,017,920 | ---- | M] (Silicon Laboratories, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\silabenm.sys -- (silabenm)
DRV - [2009.07.13 23:02:50 | 000,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2009.06.10 22:19:48 | 009,853,248 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.03.18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009.03.02 13:12:10 | 000,038,400 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2009.03.02 13:12:10 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2009.02.17 17:22:14 | 000,030,976 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKDispLowFilter.sys -- (atkdisplf)
DRV - [2009.02.17 17:22:14 | 000,015,232 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\asusgsb.sys -- (asusgsb)
DRV - [2008.11.16 17:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2008.10.27 13:57:28 | 000,077,824 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2007.01.18 19:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2005.03.30 10:12:38 | 000,014,544 | ---- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TVicPort.sys -- (TVicPort)
DRV - [2002.05.22 00:00:00 | 000,069,600 | ---- | M] (Engelmann GmbH) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\precsim.sys -- (PrecSim)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8C AA F3 5C 76 A0 CC 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box;*.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search the web"
FF - prefs.js..browser.search.order.1: "Search the web"
FF - prefs.js..browser.search.selectedEngine: "Search the web"
FF - prefs.js..keyword.URL: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
 
FF - user.js..browser.search.selectedEngine: "Search the web"
FF - user.js..browser.search.order.1: "Search the web"
FF - user.js..browser.search.defaultenginename: "Search the web"
FF - user.js..keyword.URL: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012.02.02 14:46:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\motzer\AppData\Roaming\07016 [2012.03.16 22:04:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.10.05 13:21:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.03.12 00:44:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.08.17 19:31:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\motzer\AppData\Roaming\07016 [2012.03.16 22:04:34 | 000,000,000 | ---D | M]
 
[2011.05.25 15:51:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\motzer\AppData\Roaming\mozilla\Extensions
[2011.05.25 15:51:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\motzer\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.01.09 18:13:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\motzer\AppData\Roaming\mozilla\Firefox\Profiles\vcob6byz.default\extensions
[2012.01.09 18:13:19 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\motzer\AppData\Roaming\mozilla\Firefox\Profiles\vcob6byz.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.01.25 15:34:29 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.01.25 15:34:29 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.11.07 14:32:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2012.02.02 14:46:30 | 000,000,000 | ---D | M] (Adobe Acrobat - Create PDF) -- C:\PROGRAM FILES\ADOBE\ACROBAT 10.0\ACROBAT\BROWSER\WCFIREFOXEXTN
[2012.01.25 15:34:29 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.09.29 08:09:51 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.06.22 11:43:54 | 000,026,112 | ---- | M] (National Instruments) -- C:\Program Files\mozilla firefox\plugins\nplv2011win32.dll
[2011.05.12 10:00:46 | 000,025,088 | ---- | M] (National Instruments) -- C:\Program Files\mozilla firefox\plugins\nplv90win32.dll
[2011.09.29 02:24:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.09.29 02:16:42 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.09.29 02:24:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.09.29 02:24:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.10 20:07:03 | 000,000,158 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search the web.src
[2011.09.29 02:24:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.09.29 02:24:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
Hosts file not found
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Microsoft-Webtestaufzeichnung 10.0-Hilfsprogramm) - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Programme\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-89AF-189327213627} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [gema] C:\Windows\System32\gema.exe ()
O4 - HKLM..\Run: [gema.] C:\ProgramData\gema\gema.exe File not found
O4 - HKLM..\Run: [NI Update Service] C:\Program Files\National Instruments\Shared\Update Service\NIUpdateService.exe (National Instruments)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunServer] C:\Programme\Sunbelt Software\CounterSpy\Consumer\SunServer.exe (Sunbelt Software)
O4 - HKCU..\Run: [gema] C:\Users\motzer\AppData\Roaming\gema\gema.exe ()
O4 - HKCU..\Run: [NIRegistrationWizard] C:\Program Files\National Instruments\Shared\RegistrationWizard\Bin\RegistrationWizard.exe ()
O4 - Startup: C:\Users\motzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\motzer\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00  [binary data]
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Free YouTube Download - C:\Users\motzer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\motzer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll (National Instruments Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{56B65BB0-AA21-4A1A-AB7C-8CB9593B7B3A}: DhcpNameServer = 212.23.97.3 212.23.97.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B1290DBB-9D3F-427B-97EB-CCA008AD719C}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\ProgramData\gema\gema.exe) -  File not found
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\gema.exe) - C:\Windows\System32\gema.exe ()
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Users\motzer\AppData\Roaming\appconf32.exe) - C:\Users\motzer\AppData\Roaming\appconf32.exe ()
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.10.25 22:23:56 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011.04.12 03:37:58 | 000,000,043 | R--- | M] () - M:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{afa1bf46-cd7a-11e0-bae4-001aa091f7a6}\Shell - "" = AutoRun
O33 - MountPoints2\{afa1bf46-cd7a-11e0-bae4-001aa091f7a6}\Shell\AutoRun\command - "" = L:\pushinst.exe
O33 - MountPoints2\{dff9a773-86c3-11e0-99af-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{dff9a773-86c3-11e0-99af-806e6f6e6963}\Shell\AutoRun\command - "" = M:\setup.exe -- [2011.04.12 03:37:58 | 000,112,400 | R--- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {31FC3F49-B603-2BBB-4B72-952B41E98BF5} - .NET Framework
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4A714DA3-0F91-9CB5-4DC4-734E0F9FEEAA} - Java (Sun)
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5EA97B4D-0579-EC62-737C-AA2958CBE6F2} - .NET Framework
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {8B1EC444-50ED-44BB-FA40-18FE57D31FAD} - Browser Customizations
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {9605F371-7183-4BD8-B48E-E1B099CA0DB3} - Microsoft Windows Media Player
ActiveX: {A017B03A-758D-6277-904B-8ED91E5E4F84} - Browser Customizations
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: rbfilter -  File not found
NetSvcs: SNC -  File not found
NetSvcs: cmuda -  File not found
NetSvcs: ntservice1 -  File not found
NetSvcs: mcontrol -  File not found
NetSvcs: vmm -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.18 23:34:36 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Users\motzer\Desktop\OTL.exe
[2012.03.18 21:22:53 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.03.18 21:22:53 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.03.18 21:22:53 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.03.18 21:22:23 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012.03.18 21:21:57 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.03.18 21:21:07 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012.03.18 21:20:33 | 004,438,697 | R--- | C] (Swearware) -- C:\Users\motzer\Desktop\ComboFix.exe
[2012.03.17 20:34:37 | 000,000,000 | ---D | C] -- C:\Users\motzer\AppData\Roaming\gema
[2012.03.17 20:34:37 | 000,000,000 | ---D | C] -- C:\ProgramData\gema
[2012.03.16 22:04:31 | 000,000,000 | ---D | C] -- C:\Users\motzer\AppData\Roaming\07016
[2012.03.16 22:04:09 | 000,000,000 | ---D | C] -- C:\Users\motzer\AppData\Roaming\xmldm
[2012.03.16 22:04:09 | 000,000,000 | ---D | C] -- C:\Users\motzer\AppData\Roaming\kock
[2012.03.15 20:35:42 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\motzer\Desktop\aswMBR.exe
[2012.03.15 20:35:31 | 002,063,920 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\motzer\Desktop\tdsskiller.exe
[2012.03.15 19:31:09 | 000,078,336 | ---- | C] (AVM Berlin) -- C:\Windows\System32\fwusbnci.org
[2012.03.15 19:31:09 | 000,074,240 | ---- | C] (AVM Berlin) -- C:\Windows\System32\fwlanci.org
[2012.03.14 21:50:19 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2012.03.14 21:49:12 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2012.03.14 01:02:16 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012.03.13 21:58:43 | 000,000,000 | ---D | C] -- C:\FRST
[2012.03.13 19:12:58 | 000,026,176 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\System32\hamachi.sys
[2012.03.13 19:12:47 | 000,000,000 | ---D | C] -- C:\Users\motzer\AppData\Local\LogMeIn Hamachi
[2012.03.13 19:07:34 | 000,000,000 | ---D | C] -- C:\Users\motzer\Documents\Shrew Soft VPN
[2012.03.13 19:07:33 | 000,000,000 | ---D | C] -- C:\Program Files\ShrewSoft
[2012.03.13 01:05:18 | 000,000,000 | ---D | C] -- C:\Windows\System32\Shared Memory
[2012.03.12 21:38:34 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\motzer\Desktop\HiJackThis204.exe
[2012.03.12 21:33:54 | 000,000,000 | ---D | C] -- C:\Users\motzer\AppData\Roaming\Malwarebytes
[2012.03.12 21:33:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.12 21:33:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.03.12 21:33:34 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.03.12 21:33:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.03.12 21:28:02 | 009,502,424 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\motzer\Desktop\mbam-setup-1.60.1.1000.exe
[2012.03.12 21:11:18 | 000,000,000 | ---D | C] -- C:\Users\motzer\AppData\Local\Sunbelt Software
[2012.03.12 21:10:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sunbelt Software
[2012.03.12 21:10:34 | 000,000,000 | ---D | C] -- C:\Program Files\Sunbelt Software
[2012.03.12 21:07:36 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2012.03.12 00:43:25 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\National Instruments
[2012.03.12 00:15:23 | 000,000,000 | ---D | C] -- C:\Users\motzer\Documents\LabVIEW Data
[2012.03.11 23:59:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\National Instruments
[2012.03.11 23:58:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\cvirte
[2012.03.11 23:58:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012.03.11 23:57:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012.03.11 23:56:21 | 000,000,000 | ---D | C] -- C:\Program Files\National Instruments
[2012.03.11 23:53:49 | 000,000,000 | ---D | C] -- C:\ProgramData\National Instruments
[2012.03.11 23:51:01 | 000,000,000 | ---D | C] -- C:\National Instruments Downloads
[2012.02.26 22:31:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maxima-5.26.0
[2012.02.26 22:31:24 | 000,000,000 | ---D | C] -- C:\Program Files\Maxima-5.26.0
[2012.02.18 01:22:36 | 000,000,000 | ---D | C] -- C:\Program Files\Brotherhood Software
[2012.02.18 01:21:33 | 000,000,000 | ---D | C] -- C:\Users\motzer\AppData\Local\Captcha_Brotherhood
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\motzer\AppData\Roaming\*.tmp files -> C:\Users\motzer\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.18 23:34:36 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\motzer\Desktop\OTL.exe
[2012.03.18 22:48:48 | 000,007,595 | ---- | M] () -- C:\Users\motzer\AppData\Local\Resmon.ResmonCfg
[2012.03.18 21:20:36 | 004,438,697 | R--- | M] (Swearware) -- C:\Users\motzer\Desktop\ComboFix.exe
[2012.03.18 21:20:27 | 000,022,064 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.18 21:20:27 | 000,022,064 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.18 21:17:36 | 000,000,016 | ---- | M] () -- C:\Users\motzer\AppData\Roaming\blckdom.res
[2012.03.18 21:09:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.18 21:09:31 | 1609,175,040 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.17 20:45:49 | 000,302,592 | ---- | M] () -- C:\Users\motzer\Desktop\eu0cksk6.exe
[2012.03.17 20:34:27 | 000,249,929 | ---- | M] () -- C:\Windows\System32\gema.exe
[2012.03.16 22:13:02 | 000,000,272 | ---- | M] () -- C:\Users\motzer\AppData\Roaming\.backup.dm
[2012.03.16 22:04:24 | 000,390,648 | ---- | M] () -- C:\Users\motzer\AppData\Roaming\AcroIEHelpe.dll
[2012.03.16 22:04:24 | 000,005,624 | ---- | M] () -- C:\Users\motzer\AppData\Roaming\BAcroIEHelpe.dll
[2012.03.16 22:03:31 | 000,696,620 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.03.16 22:03:31 | 000,651,938 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.03.16 22:03:31 | 000,147,916 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.03.16 22:03:31 | 000,120,870 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.03.15 20:35:52 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\motzer\Desktop\aswMBR.exe
[2012.03.15 20:35:33 | 002,063,920 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\motzer\Desktop\tdsskiller.exe
[2012.03.15 19:19:00 | 000,019,914 | ---- | M] () -- C:\Users\motzer\Desktop\Wlan.png
[2012.03.15 18:45:04 | 000,544,032 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.03.14 21:41:45 | 000,095,045 | ---- | M] () -- C:\Users\motzer\Desktop\Resourcen.png
[2012.03.14 21:37:36 | 000,019,004 | ---- | M] () -- C:\Users\motzer\Desktop\Combofix_2.png
[2012.03.14 21:27:05 | 000,034,130 | ---- | M] () -- C:\Users\motzer\Desktop\Combofix.png
[2012.03.13 21:31:59 | 2509,058,048 | ---- | M] () -- C:\Users\motzer\Desktop\X17-59886.iso
[2012.03.13 20:25:48 | 000,001,594 | ---- | M] () -- C:\Windows\VPNUnInstall.MIF
[2012.03.13 19:19:03 | 000,001,594 | ---- | M] () -- C:\Windows\VPNInstall.MIF
[2012.03.12 21:38:35 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\motzer\Desktop\HiJackThis204.exe
[2012.03.12 21:33:40 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.12 21:28:07 | 009,502,424 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\motzer\Desktop\mbam-setup-1.60.1.1000.exe
[2012.03.12 21:20:32 | 012,410,880 | ---- | M] () -- C:\Users\motzer\Desktop\Ad-Aware96Install.msi
[2012.03.12 21:12:27 | 000,051,570 | ---- | M] () -- C:\Users\motzer\Documents\cc_20120312_211211.reg
[2012.03.12 21:10:37 | 000,002,135 | ---- | M] () -- C:\Users\Public\Desktop\CounterSpy.lnk
[2012.03.12 20:56:42 | 000,000,000 | -HS- | M] () -- C:\Windows\System32\dds_trash_log.cmd
[2012.03.12 00:02:59 | 000,001,039 | ---- | M] () -- C:\Users\motzer\Desktop\National Instruments LabVIEW 2011.lnk
[2012.03.12 00:01:21 | 000,001,193 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NI Error Reporting.lnk
[2012.02.28 00:43:39 | 000,000,997 | ---- | M] () -- C:\Users\motzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.02.24 02:32:51 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2012.02.18 01:22:40 | 000,002,362 | ---- | M] () -- C:\Users\motzer\Desktop\CBH Captcha Solver.exe.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\motzer\AppData\Roaming\*.tmp files -> C:\Users\motzer\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.18 21:22:53 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.03.18 21:22:53 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.03.18 21:22:53 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.03.18 21:22:53 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.03.18 21:22:53 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.03.18 21:16:50 | 000,013,189 | R--- | C] () -- C:\Windows\instwcli.inf
[2012.03.18 21:10:05 | 000,249,929 | ---- | C] () -- C:\Windows\System32\gema.exe
[2012.03.17 20:45:49 | 000,302,592 | ---- | C] () -- C:\Users\motzer\Desktop\eu0cksk6.exe
[2012.03.16 22:13:02 | 000,000,272 | ---- | C] () -- C:\Users\motzer\AppData\Roaming\.backup.dm
[2012.03.16 22:04:24 | 000,390,648 | ---- | C] () -- C:\Users\motzer\AppData\Roaming\AcroIEHelpe.dll
[2012.03.16 22:04:24 | 000,005,624 | ---- | C] () -- C:\Users\motzer\AppData\Roaming\BAcroIEHelpe.dll
[2012.03.16 22:04:20 | 000,000,016 | ---- | C] () -- C:\Users\motzer\AppData\Roaming\blckdom.res
[2012.03.15 19:19:00 | 000,019,914 | ---- | C] () -- C:\Users\motzer\Desktop\Wlan.png
[2012.03.14 21:41:45 | 000,095,045 | ---- | C] () -- C:\Users\motzer\Desktop\Resourcen.png
[2012.03.14 21:37:36 | 000,019,004 | ---- | C] () -- C:\Users\motzer\Desktop\Combofix_2.png
[2012.03.14 21:30:41 | 000,007,595 | ---- | C] () -- C:\Users\motzer\AppData\Local\Resmon.ResmonCfg
[2012.03.14 21:27:05 | 000,034,130 | ---- | C] () -- C:\Users\motzer\Desktop\Combofix.png
[2012.03.13 20:36:17 | 2509,058,048 | ---- | C] () -- C:\Users\motzer\Desktop\X17-59886.iso
[2012.03.13 19:15:06 | 000,001,594 | ---- | C] () -- C:\Windows\VPNUnInstall.MIF
[2012.03.12 21:33:40 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.12 21:19:57 | 012,410,880 | ---- | C] () -- C:\Users\motzer\Desktop\Ad-Aware96Install.msi
[2012.03.12 21:12:17 | 000,051,570 | ---- | C] () -- C:\Users\motzer\Documents\cc_20120312_211211.reg
[2012.03.12 21:10:37 | 000,002,135 | ---- | C] () -- C:\Users\Public\Desktop\CounterSpy.lnk
[2012.03.12 00:39:58 | 000,000,000 | -HS- | C] () -- C:\Windows\System32\dds_trash_log.cmd
[2012.03.12 00:02:59 | 000,001,039 | ---- | C] () -- C:\Users\motzer\Desktop\National Instruments LabVIEW 2011.lnk
[2012.03.12 00:01:21 | 000,001,193 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NI Error Reporting.lnk
[2012.02.24 02:32:51 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2012.02.18 01:22:40 | 000,002,362 | ---- | C] () -- C:\Users\motzer\Desktop\CBH Captcha Solver.exe.lnk
[2012.01.23 20:53:52 | 000,000,798 | ---- | C] () -- C:\Windows\Ulead32.ini
[2012.01.23 20:53:38 | 000,284,160 | ---- | C] () -- C:\Windows\unin0407.exe
[2011.11.04 20:34:56 | 000,019,552 | ---- | C] () -- C:\Windows\System32\drivers\cvintdrv.sys
[2011.10.27 13:25:41 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.10.18 12:54:48 | 000,034,308 | ---- | C] () -- C:\Windows\System32\bassmod.dll
[2011.08.23 12:32:09 | 000,015,565 | ---- | C] () -- C:\Windows\System32\drivers\fwlanusbn.bin
[2011.07.28 01:21:19 | 000,004,608 | ---- | C] () -- C:\Users\motzer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.07.28 01:16:54 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2011.07.27 13:56:11 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.07.27 13:54:39 | 000,053,248 | ---- | C] () -- C:\Windows\System32\asrussian.dll
[2011.07.27 13:54:39 | 000,053,248 | ---- | C] () -- C:\Windows\System32\askorean.dll
[2011.07.27 13:54:39 | 000,053,248 | ---- | C] () -- C:\Windows\System32\asjapan.dll
[2011.07.27 13:54:39 | 000,053,248 | ---- | C] () -- C:\Windows\System32\asgerman.dll
[2011.07.27 13:54:39 | 000,053,248 | ---- | C] () -- C:\Windows\System32\asfrench.dll
[2011.07.27 13:54:39 | 000,053,248 | ---- | C] () -- C:\Windows\System32\aseng.dll
[2011.07.27 13:54:39 | 000,053,248 | ---- | C] () -- C:\Windows\System32\ASCHT.dll
[2011.07.27 13:54:39 | 000,053,248 | ---- | C] () -- C:\Windows\System32\aschs.dll
[2011.07.27 13:54:38 | 000,761,856 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011.07.27 13:54:38 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011.07.26 16:26:46 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.07.26 16:26:46 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.07.26 16:26:46 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.07.26 16:26:46 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011.06.30 13:00:08 | 000,022,723 | ---- | C] () -- C:\Windows\System32\SUGG1l3.DLL
[2011.06.10 13:52:52 | 000,000,244 | ---- | C] () -- C:\Windows\System32\nirpc.ini
[2011.05.26 23:10:55 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2011.05.25 17:55:20 | 000,000,303 | ---- | C] () -- C:\Users\motzer\AppData\Roaming\myAVR_WorkpadPLUS_Demo.cfg
[2011.05.25 17:55:20 | 000,000,000 | ---- | C] () -- C:\ProgramData\myAVR_WorkpadPLUS_Demo.cfg
[2011.05.25 17:49:50 | 000,000,431 | ---- | C] () -- C:\Users\motzer\AppData\Roaming\myAVR_ProgTool.cfg
[2011.05.25 16:42:25 | 000,017,408 | ---- | C] () -- C:\Users\motzer\AppData\Local\WebpageIcons.db
[2011.05.25 15:51:29 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.10.22 01:00:00 | 000,097,360 | ---- | C] () -- C:\Windows\System32\drivers\Fwusb1b.bin
 
========== LOP Check ==========
 
[2012.03.16 22:04:34 | 000,000,000 | ---D | M] -- C:\Users\motzer\AppData\Roaming\07016
[2011.06.21 12:23:23 | 000,000,000 | ---D | M] -- C:\Users\motzer\AppData\Roaming\Amazon
[2011.05.25 17:43:53 | 000,000,000 | ---D | M] -- C:\Users\motzer\AppData\Roaming\Atmel
[2011.11.29 20:37:45 | 000,000,000 | ---D | M] -- C:\Users\motzer\AppData\Roaming\Autodesk
[2011.10.27 17:32:20 | 000,000,000 | ---D | M] -- C:\Users\motzer\AppData\Roaming\CADClick
[2011.09.12 18:34:11 | 000,000,000 | ---D | M] -- C:\Users\motzer\AppData\Roaming\Das Fussball Studio
[2012.03.18 21:17:18 | 000,000,000 | ---D | M] -- C:\Users\motzer\AppData\Roaming\Dropbox
[2012.01.09 18:15:58 | 000,000,000 | ---D | M] -- C:\Users\motzer\AppData\Roaming\DVDVideoSoft
[2012.01.09 18:15:53 | 000,000,000 | ---D | M] -- C:\Users\motzer\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.03.17 20:34:37 | 000,000,000 | ---D | M] -- C:\Users\motzer\AppData\Roaming\gema
[2011.06.21 10:51:15 | 000,000,000 | ---D | M] -- C:\Users\motzer\AppData\Roaming\go
[2012.03.02 21:02:37 | 000,000,000 | ---D | M] -- C:\Users\motzer\AppData\Roaming\ICQ
[2011.09.22 00:15:44 | 000,000,000 | ---D | M] -- C:\Users\motzer\AppData\Roaming\ImgBurn
[2011.09.15 16:23:07 | 000,000,000 | ---D | M] -- C:\Users\motzer\AppData\Roaming\IrfanView
[2012.03.16 22:04:09 | 000,000,000 | ---D | M] -- C:\Users\motzer\AppData\Roaming\kock
[2011.09.15 16:13:04 | 000,000,000 | ---D | M] -- C:\Users\motzer\AppData\Roaming\MAGIX
[2011.05.25 20:07:34 | 000,000,000 | ---D | M] -- C:\Users\motzer\AppData\Roaming\MCS Electronics
[2011.07.05 23:24:23 | 000,000,000 | ---D | M] -- C:\Users\motzer\AppData\Roaming\mkvtoolnix
[2011.06.23 14:51:05 | 000,000,000 | ---D | M] -- C:\Users\motzer\AppData\Roaming\OpenOffice.org
[2011.05.25 15:07:10 | 000,000,000 | ---D | M] -- C:\Users\motzer\AppData\Roaming\Opera
[2011.08.22 12:42:48 | 000,000,000 | ---D | M] -- C:\Users\motzer\AppData\Roaming\Samsung
[2011.07.07 18:44:23 | 000,000,000 | ---D | M] -- C:\Users\motzer\AppData\Roaming\TeamViewer
[2011.05.25 15:51:29 | 000,000,000 | ---D | M] -- C:\Users\motzer\AppData\Roaming\Thunderbird
[2012.01.12 13:25:07 | 000,000,000 | ---D | M] -- C:\Users\motzer\AppData\Roaming\toolplugin
[2012.03.12 21:07:41 | 000,000,000 | ---D | M] -- C:\Users\motzer\AppData\Roaming\TS3Client
[2011.08.16 22:20:40 | 000,000,000 | ---D | M] -- C:\Users\motzer\AppData\Roaming\Unified Remote
[2011.05.25 21:02:49 | 000,000,000 | ---D | M] -- C:\Users\motzer\AppData\Roaming\VisualAssist
[2011.06.24 17:54:31 | 000,000,000 | ---D | M] -- C:\Users\motzer\AppData\Roaming\X-Chat 2
[2012.03.16 22:04:09 | 000,000,000 | ---D | M] -- C:\Users\motzer\AppData\Roaming\xmldm
[2011.11.14 15:36:33 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.03.18 23:12:23 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2012.03.18 21:22:27 | 000,000,000 | --SD | M] -- C:\32788R22FWJFW
[2011.07.25 13:22:33 | 000,000,000 | ---D | M] -- C:\AdobeAcrobat
[2011.10.25 22:23:56 | 000,000,000 | ---D | M] -- C:\Autodesk
[2012.03.15 18:50:02 | 000,000,000 | -HSD | M] -- C:\Boot
[2012.03.18 21:32:37 | 000,000,000 | --SD | M] -- C:\ComboFix
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011.05.25 12:47:22 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2012.03.16 21:57:02 | 000,000,000 | ---D | M] -- C:\FRST
[2011.10.24 15:32:32 | 000,000,000 | ---D | M] -- C:\Inventor
[2011.10.10 23:22:42 | 000,000,000 | ---D | M] -- C:\MITSI 2012 Temporary Files
[2011.10.25 13:43:05 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2012.03.12 00:42:15 | 000,000,000 | ---D | M] -- C:\National Instruments Downloads
[2009.07.14 03:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.03.13 20:27:31 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.03.17 20:34:37 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011.05.25 12:47:22 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.11.21 18:16:00 | 000,000,000 | ---D | M] -- C:\Python24
[2012.03.18 21:22:33 | 000,000,000 | ---D | M] -- C:\Qoobox
[2011.05.25 12:47:23 | 000,000,000 | -HSD | M] -- C:\Recovery
[2011.05.25 21:00:45 | 000,000,000 | ---D | M] -- C:\SiLabs
[2011.07.06 21:41:49 | 000,000,000 | ---D | M] -- C:\stick
[2012.03.18 23:40:27 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.06.30 12:59:54 | 000,000,000 | ---D | M] -- C:\Temp
[2011.05.25 12:47:32 | 000,000,000 | R--D | M] -- C:\Users
[2012.03.18 21:24:40 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_f4050b883d2c3c08\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-03-16 01:35:06
 
<           >
 
========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\$NtUninstallKB40230$] ->  -> Unknown point type

< End of report >

--- --- ---

motzerrobo · 19.03.2012, 00:04

EXTRA File
OTL EXTRAS Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 18.03.2012 23:35:35 - Run 1
OTL by OldTimer - Version 3.2.39.1     Folder = C:\Users\motzer\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,29 Gb Available Physical Memory | 64,46% Memory free
4,00 Gb Paging File | 2,81 Gb Available in Paging File | 70,29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222,78 Gb Total Space | 137,04 Gb Free Space | 61,51% Space Free | Partition Type: NTFS
Drive D: | 232,83 Gb Total Space | 41,77 Gb Free Space | 17,94% Space Free | Partition Type: NTFS
Drive E: | 10,00 Gb Total Space | 6,74 Gb Free Space | 67,37% Space Free | Partition Type: NTFS
Drive F: | 47,14 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive M: | 2,34 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: STEEL | User Name: motzer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{010A2C18-0830-45A0-BE2B-DD37A2D8A2FE}" = NI LabVIEW Run-Time Engine Interop 2011
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{01415FEA-D7D9-40CF-9370-AF74ABC1AE39}" = NI System API Web-Servce 32-bit 5.0.0
"{01AC4D6A-05F0-4158-95E7-FC299961B50A}" = NI Math Kernel Libraries
"{033F0FD6-07E0-414A-8367-51EB862EFE12}" = Runtime für den NI-Systemkonfigurator 5.0.0
"{035400A4-29BD-3723-BEED-E2718A68CDE0}" = Microsoft Visual Studio 2010 Office Developer Tools (x86)
"{03A4C6A1-26E9-4DDB-81D9-B332E5BB10AD}" = Microsoft Sync Framework SDK v1.0 SP1 de
"{043955AD-7E11-4B6D-A317-B72F7BB87736}" = NI Assistant Framework LabVIEW 2011 Support
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05617B99-0727-4FFB-AC8E-8F6427799C8F}" = NI-DAQmx/LabVIEW shared documentation 1.9.5
"{05C030B8-DC4F-489D-B86B-FC6B7DB3F607}" = NI SSL LabVIEW 2011 Support
"{066F687E-1CA0-4D94-A2C9-F8E6E817F4CB}" = NI LabVIEW Run-Time Engine 2011
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0AD5AD99-6172-4385-8765-385FBE3A1013}" = Sunbelt CounterSpy
"{0FD812C9-3BBE-4CC5-A43C-B7304E3EC581}" = NI Web Pipeline 2.0.1
"{10779616-12F8-4D9C-A02B-5394C2868188}" = Silicon Laboratories CP210x VCP Drivers for Windows 2000/XP/2003 Server/Vista
"{123700E7-CAC7-48BB-B309-48FAFAC4FA2F}" = BOcncV2
"{126A258A-DF8C-4EF2-9780-0EEA4C76CE6D}" = NI Logos LabVIEW 2011 Support
"{1570DE88-A78A-37FD-8A05-92620D160CCA}" = Microsoft Visual Studio 2010 Office Developer Tools (x86) Language Pack - DEU
"{15F02176-0D12-4FAF-B2CD-2767C7781427}" = Google SketchUp 8
"{16AE16D2-8895-4E4A-A6D5-7EB9055B6517}" = NI I/O Trace API LV2011
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1A609A84-71AF-4D96-962B-E060D34FD4AB}" = NI MetaSuite Installer
"{1B5ABB51-8AAB-4FBA-8987-9A8820756E2B}" = NI USI 1.9.0
"{1D328E11-3B0C-388C-835D-C9C20E8C7734}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{207780D5-A515-4E79-B7C2-E4D32F8A6CA1}" = Eco Materials Adviser
"{22923F17-B592-4A7F-84A8-18F3BFC13B94}" = NI Microsoft Silverlight Wrapper
"{24FF088D-CDCF-480C-8A4B-98F14A54CAA8}" = Autodesk Material Library Low Resolution Image Library 2012
"{266597A9-1632-0000-0100-DCBF2B69166B}" = Autodesk Vault 2012 (Client) German Language Pack
"{268B0789-E2BF-4836-BF05-A6140B4983CA}" = NI MAX Remote Configuration Installer 5.0
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java(TM) 6 Update 29
"{27111B7A-97FE-46BD-81F9-4E87737DF803}" = NI LabVIEW 2011 MeasAppChm File
"{292382C0-61F7-458A-9008-55F272A4DD9C}" = NI Logos 5.3.0
"{2ADC660A-77C9-4A6C-9D4B-5E48A27BCA10}" = NI Help Assistant
"{2B1D39F8-477A-4B40-B062-F5E0C4D42B9B}" = NI LabWindows/CVI 2010 SP1 Low-Level Driver (Original)
"{2DCD52EE-1AE1-4128-9819-A79F7D09B6B3}" = MAGIX Foto Designer 7
"{3070A9C6-D670-439A-21ED-ED0CB66B15FC}" = Catalyst Control Center Graphics Full Existing
"{3174B721-5400-4259-900D-C804356B0010}" = NI LabVIEW Run-Time Engine 2009 SP1
"{338AD4E5-9332-A678-5062-7A07ED70D6D4}" = ccc-core-static
"{33AAA123-A24A-46A7-8CD6-F03C5B375033}" = NI TDM Excel Add-In 3.3
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{36FDBDC7-C572-4A85-A104-28AD48207448}" = Mobile Mouse Server
"{39D5C483-196E-4A75-A7E9-FEF0FA8314EC}" = Unified Remote
"{3AC01660-F640-4AFB-A25E-082B260C025C}" = WIF Core Dependencies Windows 5.0.0
"{3AE9153C-1E52-4B6B-9405-FE403342A3C8}" = NI-Update-Dienst 2.0
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CF95105-5857-4852-BF20-764B69C1881D}" = NI LabVIEW 2011
"{3D1F6E51-C98C-4C01-8170-D2DBF2837F13}" = NI LabVIEW Merge Utility 11.0.0
"{4135C790-0387-36D7-9C2A-1B09A5900460}" = Microsoft Visual Studio 2010 Ultimate - DEU
"{415780C0-4A19-4567-AAAE-10CCB9832B13}" = NI-RPC 4.2.2f0 for Phar Lap ETS
"{4159DD60-49C1-4323-A1A5-FB060CBA35C5}" = NI Measurement Studio Recipe Processor
"{416B50BB-64CE-46C5-81A6-7F842CC35CDC}" = NI LabVIEW MAX XML
"{41A01180-D9FD-3428-9FD6-749F4C637CBF}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{43CB1196-79D0-18F6-B66D-BD94E8910883}" = ATI Catalyst Install Manager
"{451F962A-92A1-407C-AFA0-A29C0349A76F}" = NI MDF Support
"{45C5DE6E-85AB-466E-9A6F-8BAB11EE0EDD}" = NI Web Interface Framework 2.0
"{46BF7707-A511-47E7-B118-0E53DCA1A0EA}" = NI Remote PXI Provider for MAX 5.0.0
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{47F94730-ABD2-47F6-920E-EA8CDB6DD0C6}_is1" = BASCOM-AVR
"{4967DB4F-07FC-4443-8287-C9C1B0D1C8FA}" = NI Variable Engine LabVIEW 2011 Support
"{49F05354-04F7-4AE4-8434-9E7B5462C727}" = NI DN 2.0 SP1 installer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BDAF6F8-8C28-49FD-8FA7-CEE3E9E9BAD4}" = NI LabVIEW 2011 Simulation
"{4BEFB7C6-F103-42FB-9482-861C6D9690A0}" = NI LabVIEW Compare Utility 11.0.0
"{4E1A54A9-FFB3-4BE6-B59B-3CC94C3B31D2}" = Autodesk Inventor Fusion for Inventor 2012 Zusatzmodul Language Pack
"{4E3B47F2-21EB-4F20-87C8-5A0E4D5F3858}" = Autodesk Inventor Fusion for Inventor 2012 Zusatzmodul
"{50F728C0-9A37-4868-B9E1-42565C228B12}" = Reset NI Config 5.0.0
"{52252F5C-58CD-48ED-8C88-9AAD6FE887B4}" = NI Trace Engine
"{523B5D39-C209-41C8-9075-F6C14C2394D2}" = NI LabVIEW 2011 Search
"{5242B252-01BB-4F2E-BBF4-5C01BC3B6619}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5545EEE4-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2701.01)
"{555B2ADE-B3CB-4C95-A789-8A7C03A004B7}" = NI LabVIEW 2011 Deployment Framework
"{561A25E6-C332-45E0-94A1-9BA22CD2C4A5}" = NI-PAL 2.7.0f0 for Phar Lap ETS
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5783F2D7-A028-0409-0000-0060B0CE6BBA}" = DWG TrueView 2012
"{578A6214-6CC6-4043-A9A8-C045DDAE2B39}" = NI Remote Provider for MAX 5.0.0
"{5866AEFB-0037-49DA-8F2C-ED7E7E21636E}" = NI LabVIEW 2011
"{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}" = Microsoft SQL Server System CLR Types
"{5B1F04DA-0F27-45B7-96F2-37190D5E11AE}" = Cisco AnyConnect Secure Mobility Client
"{5C0BBD9F-2D3F-4093-AD7B-3F7377E0EDCA}" = NI LabVIEW Real-Time NBFifo
"{5F123C21-A5E2-4CFB-A6A7-034C9087099F}" = NI Logos XT Support
"{60315A8A-5FCA-47CE-A856-681F3A9CDB5B}" = AVR Studio 5.0
"{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{63BB51BB-C078-4960-B624-087651E8D526}" = NI LabVIEW 2011
"{65420DC9-306E-4371-905F-F4DC3B418E52}" = Autodesk Material Library Base Resolution Image Library 2012
"{660787DD-68B3-4E67-9073-4A66DD7AD193}" = ASUS VGA Driver
"{67DEC296-C8CC-A5BE-0378-A25C760B78B4}" = Catalyst Control Center Graphics Full New
"{68DE7BF6-AFA9-4609-9C96-8C15E46E2093}" = NI Example Finder 11.0
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010  x86 Runtime - 10.0.30319
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{6E542012-DD29-0000-B703-2376D4CC9C8F}" = Autodesk Inventor Publisher 2012
"{6E542012-DD29-0001-B703-2376D4CC9C8F}" = Autodesk Inventor Publisher 2012 Language Pack
"{70BA7761-629A-4118-BFE0-02753B9019C8}" = NI MXS 5.0.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{712723FB-BF99-4406-8F91-A2DB766AB2C9}" = NI VC2008MSMs x86
"{73854BF9-E78E-4D6F-B8C2-A7A3CD855124}" = NI LabVIEW 2011 Help File
"{74DBB98D-B4A7-4DD9-9E13-C51FDB1105D0}" = NI LabWindows/CVI 2010 SP1 Low-Level Driver (Updated)
"{75E71ADD-042C-4F30-BFAC-A9EC42351313}" = Python 2.4.3
"{7644E42D-B096-457F-8B5B-901238FC81AE}" = ICQ7.6
"{76560C00-0CFB-00F0-31AD-3DDA280032B6}" = Catalyst Control Center InstallProxy
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{774F2CE3-C9C9-BC80-1231-E9432F2756C3}" = ccc-utility
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A29AA0C-202A-467E-9257-DE2E8DBC60B3}" = NI LabVIEW 2011 License
"{7C62B54A-E524-4F3D-83E7-0F2ABAFC978A}" = NI Xalan Delay Load 1.10.1
"{7C6869BF-6CBE-4CB0-8869-2743B419343C}" = NI LabVIEW 2011 Real-Time NBFifo
"{7D64A463-C3C9-40B6-BC46-4DD7D0DE2BFD}" = NI Unterstützung für nicht englische Versionen der Runtime-Engine von LabVIEW 2011.
"{7D89ECEB-7E27-4898-812E-80862E91AB94}" = NI Portable Configuration 5.0.0
"{7EAC91E4-AFC3-8A6F-B802-218548D21873}" = Catalyst Control Center Core Implementation
"{7F4DD591-1632-0409-0000-7107D70F3DB4}" = Autodesk Inventor Professional 2012
"{7F4DD591-1632-0409-0001-7107D70F3DB4}" = Autodesk Inventor Professional 2012 Language Pack - Deutsch
"{7F88C9E5-12BD-404F-AC6A-108BAAC9B708}" = ASUS Gamer OSD
"{809D7E6D-915D-4EAD-821F-E13D93F37161}" = ASUS Smart Doctor
"{80C792E1-78BC-4F4A-839E-BCD107770938}" = NI System API Windows 32-bit 5.0.0
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{8283E8AC-3CF9-4712-B56D-FFE9D47F88E1}" = NI LabVIEW 2011
"{86EADBA6-CE62-46D1-B594-4267CB11FC66}" = NI BCI 2.0.2
"{886C3E95-4032-45C8-92F6-57861871635A}" = NI Software Provider for MAX 5.0.0
"{89089F33-94D7-4E9C-918F-75CC933FC88F}" = NI DataSocket 4.9
"{8923D179-24D1-475D-A381-0B8C1AF1A206}" = NI LabVIEW 2011 Web Server
"{896849EE-EEE6-4E45-B20B-9F4DDCF805DA}" = NI Assistant Framework
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B88204E-6446-4F7F-9379-F1A982C9D07C}" = NI LabVIEW 2011
"{8D9F6EFD-6EAF-4327-AD59-92DEA050BDAF}" = NI Instrument IO Assistant for LabVIEW 2011 32-bit
"{8EAA9D70-C912-3708-92DD-0CCC26F386E1}" = Microsoft Visual Studio 2010 Performance Collection Tools - DEU
"{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}" = Autodesk Material Library 2012
"{8F1B9FE1-5777-4118-B982-B50B030101FF}" = NI LabVIEW 2011
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2010 Primary Interop Assemblies
"{92443D78-4C75-4320-BFC6-47D75122625F}" = Captcha Brotherhood
"{929F5BFC-60F0-34EC-A50B-2001AAC03D56}" = Microsoft Team Foundation Server 2010 Object Model - DEU
"{92C5C058-E941-47C3-B7E8-38A79C605969}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
"{9492A5F3-FDA5-4CE9-9B96-AB5881046CB6}" = NI LabVIEW 2011 Help
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{962F04A4-130E-F725-BFC3-F46E33889D0E}" = ATI AVIVO Codecs
"{98F4DC3F-958E-4DE5-BE1D-DBD72B05A204}" = NI Search Shared
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A87DA58-1C1C-4305-BD69-231886F03191}" = NI Uninstaller
"{9B2B0EAD-2CC7-4589-B3AA-D23BAB724065}" = CDRWIN 5
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9BF9F0A2-2CF9-4165-9A36-639381F54BE3}" = NI IO Trace 3.0.0
"{9C2113B6-30DC-4827-9166-E6F4889D7594}" = NI LabVIEW 2011 Deployable License
"{9C3B8582-A72A-4835-8903-877A834407BB}" = Microsoft SQL Server 2008 R2-Datenebenenanwendungs-Framework
"{9FD901EF-E9E0-42AD-B957-C691E020DD6A}" = NI Authentication 2011 SP1
"{A059FB87-5DC3-0883-7D65-F68603CACDF1}" = Catalyst Control Center Graphics Previews Vista
"{A0A20C35-FA6C-471D-ADA6-FFB1604157BD}" = NI-PAL 2.7.0f0
"{A106D33E-6B43-42C0-9BFC-D03303261FA7}" = Microsoft SQL Server 2008 R2 Management Objects
"{A11A542A-37BF-4943-9810-3F1DC0AD4A1C}" = NI LabWindows/CVI 2010 Code Generator
"{A1B35B59-B8B4-47C8-B4D6-3F90FB1997CC}" = NI LabVIEW 2011
"{A363C314-2242-4BBE-9ADE-B427AF646EFF}" = NI mDNS Responder 1.6.0
"{A49BDCBE-590E-43A6-AB77-7C40E499B7C1}" = Autodesk Design Review 2012
"{A7B1ABA8-E2A2-4565-A8AF-F01657FF5CEA}" = NI LabVIEW Web Services Runtime
"{A9111573-EF12-4D80-A5B9-55F620D5BCA1}" = PL-2303 USB-to-Serial
"{A961C6FD-C583-45F6-A0A4-5E4376C29E41}" = Catalyst Control Center - Branding
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AB972FD3-1B17-4592-9C47-4C732A018B48}" = NI System Web Server 11.5
"{AB9BBC2E-83F6-47A9-9FA3-08D3774F8E45}" = NI-RPC 4.2.2f0
"{ABD79E99-F9E3-413B-8D18-11070754355F}" = NI Math Kernel Libraries
"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{AE593237-3C8E-44F2-A9AA-2DDE0A472CDE}" = NI LabVIEW Web Server for Run-Time Engine
"{B1DCBBC7-8ECE-497F-926F-02FE4E42216B}" = NI-DSM 2011
"{B1EE55C1-F98B-40AB-AF0C-422ECCC88454}" = NI Measurement & Automation Explorer 5.0.0
"{B2BDA3BC-29BE-49C1-A30E-15DA8D041601}" = NI License Manager
"{B46DECD1-1632-4EF1-0000-22D71E81877C}" = Autodesk Inventor Content Center Libraries 2012 (Desktop Content)
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{BB3EBB9E-1CA1-4B7F-9E67-09540CCE9F45}" = NI Assistant Framework LabVIEW Code Generator 2011
"{BEBCBC05-4B39-4935-8B7C-B06E9FF1EA2A}" = NI EulaDepot
"{C0DE25AE-B0E5-4D4B-96CE-EE757066D0BA}" = NI Network Discovery 5.0
"{C1457A9E-3745-4026-BF81-4332AA695644}" = NI System Web Server Base 11.5
"{C268B5E1-A5DA-11DF-A289-005056C00008}" = Paragon Backup & Recovery™ 2011 (Advanced) Free
"{C3B91040-953D-4A51-8D69-D660AE9003D0}" = FreeMILL
"{C6E8484F-F9C1-4657-B03B-9CD1FE4CB812}" = NI ECU Measurement and Calibration Toolkit 2.2.0
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CC17CE69-4AB6-4434-ADB4-27DB49D36080}" = NI Curl 1.1
"{CE9BAD6E-60FC-46CC-82A2-5B0F2B1A0E36}" = Dotfuscator Software Services - Community Edition - DEU
"{CF30E2B5-A7A7-47AD-8B03-22A27D4E9971}" = NI LabVIEW 2011 Real-Time Error Dialog
"{CF526A26-1632-0000-0000-02E95019B628}" = Autodesk Vault 2012 (Client)
"{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D25FF5C1-1632-469A-9794-69309387C193}" = Schnell-Deinstallations-Tool für Autodesk Inventor 2012
"{D361B9E5-E918-48CB-BEC3-8E44A5F6E624}" = NI LabVIEW 2009 SP1 Run-Time Engine Web Services
"{D5BB7AAE-62F4-4C4F-B272-F27AEE16BA7F}" = NI TDMS
"{D64B6984-242F-32BC-B008-752806E5FC44}" = Microsoft Visual Studio 2010 Shell (Isolated) - ENU
"{D6A6CFAD-CD86-482B-90D1-6FCC4E252ACD}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x86) de
"{D7AF16E7-5938-4369-BA54-B1ABD541BC32}" = Utility
"{D7CC49D5-FC42-4082-8F2D-CCAAF9390E7F}" = NI LabVIEW 2011
"{DB0AF767-7CC7-4E4D-B6BE-A200F20A2FB1}" = Microsoft Sync Framework Runtime v1.0 SP1 (x86) de
"{DB2C5648-700D-4AEF-83E1-70C72F0C34FA}" = NI Math Kernel Libraries
"{DBE8431C-CF9A-38C3-B42D-28B6FCE1EA3B}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU
"{DEC25D81-2317-47F6-8B26-D54A939DA1EE}" = NI LabVIEW C Interface
"{E0D8CD4E-4771-4848-A09D-60A31D883883}" = NI VC2005MSMs x86
"{E1D60C68-016C-4951-8C1F-52E24DFE7836}" = NI CodeSignAPI
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E5102348-951B-4375-A582-2E0675180517}" = NI LabVIEW 2011
"{E6068691-1FBC-4EF0-87E8-609CDB32038A}" = NI Xerces Delay Load 2.7.3
"{E69A31C9-F24F-4A1A-BEAD-B1AA255760C1}" = NI Registration Wizard
"{E7BDC0BC-583B-4193-9460-BDF51D131695}" = NI LabVIEW 2011
"{E8550330-7EAF-46CC-AE68-25A3AC6B1AE4}" = NI LabVIEW 2011 Manuals
"{E8F8861D-98E0-43FF-9E48-AC236CC3BE4E}" = AVR Jungo USB
"{E9030CD3-1707-4149-B3CA-794582116E23}" = NI SSL Support
"{EA37AB72-EC8C-432C-A1C6-186850FB0559}" = NI System State Publisher
"{EAF7B35C-DCBE-4032-9ABF-C35C43D07124}" = Microsoft Sync Framework Services v1.0 SP1 (x86) de
"{EB8D0A82-E02A-437C-A7C4-90516F1CFB39}" = NI Web Application Server 2.0
"{EC2F2B8A-8C35-D5CE-0011-C97BCD807D05}" = CCC Help German
"{EC66418E-DAA2-36D5-809E-40BEC94E622A}" = Microsoft Visual Studio Macro Tools - DEU Language Pack
"{ED7CED5A-26BF-DFD3-08AC-771E72D43F74}" = Catalyst Control Center Localization All
"{EF1B1A68-988E-4A68-8504-774373A4651C}" = NI OPC Support
"{F04A89CB-A185-4263-85ED-4BAD766F7DAE}" = NI Error Reporting 2011
"{F055B0A4-8F75-4F85-B6FF-1C5BE10A72DC}" = NI LabWindows/CVI 9.0 Run-Time Engine
"{F37CC885-1E37-4F2A-93F3-7F1E1EEBBEBB}" = NI LabVIEW Broker
"{F3AB0933-B7D6-4C47-5523-922B49B37AE3}" = Catalyst Control Center Graphics Light
"{F45CE5E8-4A60-4292-8FD5-1807DFEBE221}" = NI LabWindows/CVI 2010 LabVIEW DLL Builder
"{F57F2FCF-A66D-4F6F-A2CF-321B8DB4D385}" = AVR QTouch Studio
"{F6C682B6-7714-41CC-80B6-3288364910AF}" = NI GMP Windows 32-bit Installer 11.0.0
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F804CEB4-747E-46D5-B8AB-C56E3BAF27D9}_is1" = Das Fussball Studio 8.3.1
"{F9A74F70-7597-47B8-B04C-044824C23B15}" = NI LabVIEW 2011 VIPM Helper
"{F9E0880D-B263-48F9-B8E5-BAFCAE9BE150}" = NI System API Client for WIF 5.0.0
"{FDED748C-432B-4B44-BB33-3BB8550A2AD2}" = NI Variable Engine 2.5.0
"{FE24BCDF-9231-450D-AA08-D3550B81EE41}" = NI LabVIEW Web Server for Run-Time Engine
"{FF82AEC3-C821-4716-BD9C-10434178EA39}" = NI LabVIEW Run-Time Engine Interop 2009
"{FFF5619F-6669-4EC5-A85E-9994F70A9E5D}" = Autodesk Inventor Fusion 2012
"{FFF7F80F-929E-497F-A112-B070DE816128}" = Autodesk Inventor Fusion 2012 Language Pack
"1489-3350-5074-6281" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Apex RM RMVB Converter_is1" = Apex RM RMVB Converter 6.57
"Autodesk Design Review 2012" = Autodesk Design Review 2012
"Autodesk Inventor Fusion 2012" = Autodesk Inventor Fusion 2012
"Autodesk Inventor Fusion for Inventor 2012 Zusatzmodul" = Autodesk Inventor Fusion for Inventor 2012 Add-in
"Autodesk Inventor Professional 2012" = Autodesk Inventor Professional 2012 Deutsch
"Autodesk Inventor Professional 2012 SP1" = Autodesk Inventor Professional 2012 SP1
"Autodesk Inventor Publisher 2012" = Autodesk Inventor Publisher 2012
"Autodesk Vault 2012 (Client)" = Autodesk Vault 2012 (Client)
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVMWLANCLI" = AVM FRITZ!WLAN
"CCleaner" = CCleaner
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client 
"DWG TrueView 2012" = DWG TrueView 2012
"FinePrint" = FinePrint
"Free Video Flip and Rotate_is1" = Free Video Flip and Rotate version 1.8.11.426
"Free YouTube Download_is1" = Free YouTube Download version 3.0.20.1228
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.15.1228
"ImgBurn" = ImgBurn
"InstallShield_{809D7E6D-915D-4EAD-821F-E13D93F37161}" = ASUS Smart Doctor
"iPhoto Plus 4" = iPhoto Plus 4
"IrfanView" = IrfanView (remove only)
"IsoBuster_is1" = IsoBuster 2.8.5
"MAGIX_MSI_FotoDesigner7_silver" = MAGIX Foto Designer 7
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"MatlabR2011a" = MATLAB R2011a
"Maxima-5.26.0_is1" = Maxima 5.26.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Microsoft Team Foundation Server 2010 Object Model - DEU" = Microsoft Team Foundation Server 2010-Objektmodell - DEU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU
"Microsoft Visual Studio 2010 Ultimate - DEU" = Microsoft Visual Studio 2010 Ultimate - DEU
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"Microsoft Visual Studio Macro Tools - DEU Language Pack" = Microsoft Visual Studio Macro Tools - DEU Language Pack
"MKVtoolnix" = MKVtoolnix 4.9.1
"Mozilla Firefox 7.0.1 (x86 de)" = Mozilla Firefox 7.0.1 (x86 de)
"Mozilla Thunderbird 10.0.2 (x86 de)" = Mozilla Thunderbird 10.0.2 (x86 de)
"myAVR Workpad PLUS Demo" = myAVR Workpad PLUS Demo
"NAVIGON Fresh" = NAVIGON Fresh 3.3.2
"NI Uninstaller" = National Instruments - Software
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"Opera 11.61.1250" = Opera 11.61
"PDFTK Builder_is1" = PDFTK Builder 3.5.3
"PowerISO" = PowerISO
"Samsung CLP-300 Series" = Samsung CLP-300 Series
"SLABCOMM&10C4&EA60" = Silicon Laboratories CP210x USB to UART Bridge (Driver Removal)
"SopCast" = SopCast 3.4.0
"Steam App 10" = Counter-Strike
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 6" = TeamViewer 6
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.9
"WinRAR archiver" = WinRAR 4.00 (32-Bit)
"X-Chat 2_is1" = X-Chat 2.8.6-2
"xvid" = XviD MPEG-4 Video Codec
"Zattoo4" = Zattoo4 4.0.5
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"8C1A28F014D5B1E4398987CA544BE8A2009D0228" = Autodesk Inventor Publisher 2012 Word Add-in
"Dropbox" = Dropbox
"Game Organizer" = EasyBits GO
 
========== Last 10 Event Log Errors ==========
 
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 18.03.2012 18:33:49 | Computer Name = STEEL | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line:
 648 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -33095647
 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 18.03.2012 18:33:54 | Computer Name = STEEL | Source = acvpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
 2600 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647 
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 18.03.2012 18:33:54 | Computer Name = STEEL | Source = acvpnagent | ID = 67108866
Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line: 
2182 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 18.03.2012 18:33:54 | Computer Name = STEEL | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line:
 648 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -33095647
 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 18.03.2012 18:33:59 | Computer Name = STEEL | Source = acvpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
 2600 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647 
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 18.03.2012 18:33:59 | Computer Name = STEEL | Source = acvpnagent | ID = 67108866
Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line: 
2182 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 18.03.2012 18:33:59 | Computer Name = STEEL | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line:
 648 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -33095647
 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 18.03.2012 18:34:04 | Computer Name = STEEL | Source = acvpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
 2600 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647 
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 18.03.2012 18:34:04 | Computer Name = STEEL | Source = acvpnagent | ID = 67108866
Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line: 
2182 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 18.03.2012 18:34:04 | Computer Name = STEEL | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line:
 648 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -33095647
 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
[ System Events ]
Error - 18.03.2012 17:35:05 | Computer Name = Steel | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
 
Error - 18.03.2012 17:35:09 | Computer Name = Steel | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
 
Error - 18.03.2012 18:32:13 | Computer Name = Steel | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
 
Error - 18.03.2012 18:32:23 | Computer Name = Steel | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
 
Error - 18.03.2012 18:34:08 | Computer Name = Steel | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
 
Error - 18.03.2012 18:34:08 | Computer Name = Steel | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
 
Error - 18.03.2012 18:34:15 | Computer Name = Steel | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
 
Error - 18.03.2012 18:34:20 | Computer Name = Steel | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
 
Error - 18.03.2012 18:34:20 | Computer Name = Steel | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
 
Error - 18.03.2012 18:34:23 | Computer Name = Steel | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
 
 
< End of report >

--- --- ---

Sorry musste Splitten und du wolltest ja das alles hier reingepostet wird ohne Anhang.

In dem Qoobox Ordner sind nur andere Ordner die Textdatei ist nicht vorhanden.

mfg
motzer

Psychotic · 19.03.2012, 00:13

Alles klar, melde mich morgen früh! warte ab und führe keine anderen Tools aus!

motzerrobo · 19.03.2012, 00:16

Perfekt - Danke Dir schonmal !

mfg
motzer

Psychotic · 19.03.2012, 15:22

Schritt 1: OTL-Fix

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

:otl
O4 - HKLM..\Run: [gema] C:\Windows\System32\gema.exe ()
O4 - HKLM..\Run: [gema.] C:\ProgramData\gema
O4 - HKCU..\Run: [gema] C:\Users\motzer\AppData\Roaming\gema
O20 - HKLM Winlogon: UserInit - (C:\ProgramData\gema\gema.exe) -  File not found
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\gema.exe) - C:\Windows\System32\gema.exe ()
O20 - HKLM Winlogon: UserInit - (C:\Users\motzer\AppData\Roaming\appconf32.exe) - C:\Users\motzer\AppData\Roaming\appconf32.exe ()
[2012.03.16 22:04:31 | 000,000,000 | ---D | C] -- C:\Users\motzer\AppData\Roaming\07016
[2012.03.16 22:04:09 | 000,000,000 | ---D | C] -- C:\Users\motzer\AppData\Roaming\xmldm
[2012.03.16 22:04:09 | 000,000,000 | ---D | C] -- C:\Users\motzer\AppData\Roaming\kock
[2012.03.18 21:16:50 | 000,013,189 | R--- | C] () -- C:\Windows\instwcli.inf
:files
C:\Windows\$NtUninstallKB40230$
fsuitl reparesepoint delete C:\Windows\$NtUninstallKB40230$ /c
:commands
[emptytemp]
[resethosts]

Schliesse bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

.

Schritt 2: Combofix

Wichtig: Gehe nach dem Neustart NICHT ins Internet, sondern führe combofix über die Kommandozeile aus, indem du folgendes tust:

Stelle sicher, dass Combofix auf deinem Desktop liegt!
Drücke die Windows- und dieR-Taste gleichzeitig.
Schreibe in das Feld: Combofix /nombr, klicke OK.

Poste die von OTL und die von Combofix erstellte Textdatei hier in deinen Thread!

(Du findest sie unter C:\_OTL\<Datum><Zeit>.txt (OTL) bzw. unter C:\combofix.txt)

motzerrobo · 19.03.2012, 20:30

It finally worked:

Code:

ATTFilter

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\gema deleted successfully.
C:\Windows\System32\gema.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\gema. deleted successfully.
C:\ProgramData\gema folder moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\gema deleted successfully.
C:\Users\motzer\AppData\Roaming\gema folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\ProgramData\gema\gema.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\gema.exe deleted successfully.
File C:\Windows\System32\gema.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Users\motzer\AppData\Roaming\appconf32.exe deleted successfully.
File move failed. C:\Users\motzer\AppData\Roaming\appconf32.exe scheduled to be moved on reboot.
C:\Users\motzer\AppData\Roaming\07016\components folder moved successfully.
C:\Users\motzer\AppData\Roaming\07016 folder moved successfully.
C:\Users\motzer\AppData\Roaming\xmldm folder moved successfully.
C:\Users\motzer\AppData\Roaming\kock folder moved successfully.
C:\Windows\instwcli.inf moved successfully.
========== FILES ==========
Folder move failed. C:\Windows\$NtUninstallKB40230$\TxR scheduled to be moved on reboot.
C:\Windows\$NtUninstallKB40230$\systemprofile\Vorlagen folder moved successfully.
C:\Windows\$NtUninstallKB40230$\systemprofile\Videos folder moved successfully.
C:\Windows\$NtUninstallKB40230$\systemprofile\Startmenü folder moved successfully.
C:\Windows\$NtUninstallKB40230$\systemprofile\SendTo folder moved successfully.
C:\Windows\$NtUninstallKB40230$\systemprofile\Searches folder moved successfully.
C:\Windows\$NtUninstallKB40230$\systemprofile\Saved Games folder moved successfully.
C:\Windows\$NtUninstallKB40230$\systemprofile\Recent folder moved successfully.
C:\Windows\$NtUninstallKB40230$\systemprofile\Pictures\Slide Shows folder moved successfully.
C:\Windows\$NtUninstallKB40230$\systemprofile\Pictures folder moved successfully.
C:\Windows\$NtUninstallKB40230$\systemprofile\Netzwerkumgebung folder moved successfully.
C:\Windows\$NtUninstallKB40230$\systemprofile\Music\Playlists folder moved successfully.
C:\Windows\$NtUninstallKB40230$\systemprofile\Music folder moved successfully.
C:\Windows\$NtUninstallKB40230$\systemprofile\Lokale Einstellungen folder moved successfully.
C:\Windows\$NtUninstallKB40230$\systemprofile\Links folder moved successfully.
C:\Windows\$NtUninstallKB40230$\systemprofile\Favorites folder moved successfully.
C:\Windows\$NtUninstallKB40230$\systemprofile\Eigene Dateien folder moved successfully.
C:\Windows\$NtUninstallKB40230$\systemprofile\Druckumgebung folder moved successfully.
C:\Windows\$NtUninstallKB40230$\systemprofile\Downloads folder moved successfully.
C:\Windows\$NtUninstallKB40230$\systemprofile\Documents\LabVIEW Data\WebServices\Standalone folder moved successfully.
C:\Windows\$NtUninstallKB40230$\systemprofile\Documents\LabVIEW Data\WebServices folder moved successfully.
C:\Windows\$NtUninstallKB40230$\systemprofile\Documents\LabVIEW Data folder moved successfully.
C:\Windows\$NtUninstallKB40230$\systemprofile\Documents\Eigene Videos folder moved successfully.
C:\Windows\$NtUninstallKB40230$\systemprofile\Documents\Eigene Musik folder moved successfully.
C:\Windows\$NtUninstallKB40230$\systemprofile\Documents\Eigene Bilder folder moved successfully.
C:\Windows\$NtUninstallKB40230$\systemprofile\Documents folder moved successfully.
C:\Windows\$NtUninstallKB40230$\systemprofile\Desktop folder moved successfully.
C:\Windows\$NtUninstallKB40230$\systemprofile\Cookies folder moved successfully.
C:\Windows\$NtUninstallKB40230$\systemprofile\Contacts folder moved successfully.
Folder move failed. C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Roaming scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\LocalLow scheduled to be moved on reboot.
C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Verlauf folder moved successfully.
C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Temporary Internet Files folder moved successfully.
C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Programs\Common folder moved successfully.
C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Programs folder moved successfully.
Folder move failed. C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Microsoft scheduled to be moved on reboot.
C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\LogMeIn Hamachi folder moved successfully.
Folder move failed. C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Verlauf scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Temporary Internet Files scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Programs\Common scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Programs scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Microsoft scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\LogMeIn Hamachi scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Verlauf scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Programs\Common scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Programs scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Microsoft scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\LogMeIn Hamachi scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Programs\Common scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Programs scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Microsoft scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\LogMeIn Hamachi scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Programs\Common scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Programs scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Microsoft scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\LogMeIn Hamachi scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Programs\Common scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Programs scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Microsoft scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\LogMeIn Hamachi scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Programs\Common scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Programs scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Microsoft scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\LogMeIn Hamachi scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Programs\Common scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Programs scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Microsoft scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\LogMeIn Hamachi scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Programs\Common scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Programs scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Microsoft scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\LogMeIn Hamachi scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Programs\Common scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Programs scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Microsoft scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\LogMeIn Hamachi scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Programs\Common scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Programs scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Microsoft scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\LogMeIn Hamachi scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Programs\Common scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Programs scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Microsoft scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\LogMeIn Hamachi scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Programs scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Microsoft scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\LogMeIn Hamachi scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten scheduled to be moved on reboot.
C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten folder moved successfully.
Folder move failed. C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB40230$\systemprofile\AppData scheduled to be moved on reboot.
C:\Windows\$NtUninstallKB40230$\systemprofile\Anwendungsdaten folder moved successfully.
Folder move failed. C:\Windows\$NtUninstallKB40230$\systemprofile scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB40230$\RegBack scheduled to be moved on reboot.
C:\Windows\$NtUninstallKB40230$\Journal folder moved successfully.
Folder move failed. C:\Windows\$NtUninstallKB40230$ scheduled to be moved on reboot.
< fsuitl reparesepoint delete C:\Windows\$NtUninstallKB40230$ /c >
C:\Users\motzer\Desktop\cmd.bat deleted successfully.
C:\Users\motzer\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: motzer
->Temp folder emptied: 16634181 bytes
->Temporary Internet Files folder emptied: 7343517 bytes
->Java cache emptied: 3106485 bytes
->FireFox cache emptied: 37125657 bytes
->Opera cache emptied: 13146261 bytes
->Flash cache emptied: 2173 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 3066788 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 35219024 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 110,00 mb
 
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.39.1 log created on 03192012_192551

Files\Folders moved on Reboot...
C:\Users\motzer\AppData\Roaming\appconf32.exe moved successfully.
Folder move failed. C:\Windows\$NtUninstallKB40230$\TxR scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Roaming scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\LocalLow scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Microsoft scheduled to be moved on reboot.
File\Folder C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Verlauf not found!
File\Folder C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Temporary Internet Files not found!
File\Folder C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Programs\Common not found!
File\Folder C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Programs not found!
File\Folder C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Microsoft not found!
File\Folder C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\LogMeIn Hamachi not found!
File\Folder C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Verlauf not found!
File\Folder C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files not found!
File\Folder C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Programs\Common not found!
File\Folder C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Programs not found!
File\Folder C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Microsoft not found!
File\Folder C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\LogMeIn Hamachi not found!
File\Folder C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf not found!
File\Folder C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files not found!
File\Folder C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Programs\Common not found!
File\Folder C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Programs not found!
File\Folder C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Microsoft not found!
File\Folder C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\LogMeIn Hamachi not found!
File\Folder C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf not found!
File\Folder C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files not found!
File\Folder C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Programs\Common not found!
File\Folder C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Programs not found!
File\Folder C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Microsoft not found!
File\Folder C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\LogMeIn Hamachi not found!
File\Folder C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf not found!
File\Folder C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files not found!
File\Folder C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Programs\Common not found!
File\Folder C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Programs not found!
File\Folder C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Microsoft not found!
File\Folder C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\LogMeIn Hamachi not found!
File\Folder C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf not found!
File\Folder C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files not found!
File\Folder C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Programs\Common not found!
File\Folder C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Programs not found!
File\Folder C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Microsoft not found!
File\Folder C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\LogMeIn Hamachi not found!
File\Folder C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf not found!
File\Folder C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files not found!
File\Folder C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Programs\Common not found!
File\Folder C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Programs not found!
File\Folder C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Microsoft not found!
File\Folder C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\LogMeIn Hamachi not found!
File\Folder C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf not found!
File\Folder C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files not found!
File\Folder C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Programs\Common not found!
File\Folder C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Programs not found!
File\Folder C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Microsoft not found!
File\Folder C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\LogMeIn Hamachi not found!
File\Folder C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf not found!
File\Folder C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files not found!
File\Folder C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Programs\Common not found!
File\Folder C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Programs not found!
File\Folder C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Microsoft not found!
File\Folder C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\LogMeIn Hamachi not found!
File\Folder C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf not found!
File\Folder C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files not found!
File\Folder C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Programs\Common not found!
File\Folder C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Programs not found!
File\Folder C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Microsoft not found!
File\Folder C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\LogMeIn Hamachi not found!
File\Folder C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf not found!
File\Folder C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files not found!
File\Folder C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Programs\Common not found!
File\Folder C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Programs not found!
File\Folder C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Microsoft not found!
File\Folder C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\LogMeIn Hamachi not found!
File\Folder C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf not found!
File\Folder C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files not found!
File\Folder C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Programs not found!
File\Folder C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Microsoft not found!
File\Folder C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\LogMeIn Hamachi not found!
File\Folder C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten not found!
File\Folder C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten not found!
File\Folder C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten not found!
File\Folder C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten not found!
File\Folder C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten not found!
File\Folder C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten not found!
File\Folder C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten not found!
File\Folder C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten not found!
File\Folder C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten not found!
File\Folder C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten not found!
File\Folder C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten not found!
File\Folder C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Anwendungsdaten not found!
Folder move failed. C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Microsoft scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Roaming scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\LocalLow scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Microsoft scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB40230$\systemprofile\AppData scheduled to be moved on reboot.
C:\Windows\$NtUninstallKB40230$\systemprofile\Documents\LabVIEW Data\WebServices\Standalone folder moved successfully.
C:\Windows\$NtUninstallKB40230$\systemprofile\Documents\LabVIEW Data\WebServices folder moved successfully.
C:\Windows\$NtUninstallKB40230$\systemprofile\Documents\LabVIEW Data folder moved successfully.
C:\Windows\$NtUninstallKB40230$\systemprofile\Documents folder moved successfully.
Folder move failed. C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Roaming scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\LocalLow scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Microsoft scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB40230$\systemprofile\AppData scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB40230$\systemprofile scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB40230$\RegBack scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB40230$\TxR scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Roaming scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\LocalLow scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local\Microsoft scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB40230$\systemprofile\AppData\Local scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB40230$\systemprofile\AppData scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB40230$\systemprofile scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB40230$\RegBack scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB40230$ scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Und Combofix

Code:

ATTFilter

Combofix Logfile:

	Code: 

 ATTFilter

  
	ComboFix 12-03-17.01 - motzer 19.03.2012  19:46:39.1.2 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.2046.1344 [GMT 1:00]
ausgeführt von:: c:\users\motzer\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: /nombr
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\motzer\AppData\Local\assembly\tmp
c:\users\motzer\AppData\Roaming\AcroIEHelpe.dll
c:\users\motzer\AppData\Roaming\AcroIEHelpe.txt
c:\users\motzer\AppData\Roaming\srvblck2.tmp
c:\windows\$NtUninstallKB40230$
c:\windows\$NtUninstallKB40230$\1042759890
c:\windows\$NtUninstallKB40230$\3762978156\@
c:\windows\$NtUninstallKB40230$\3762978156\cfg.ini
c:\windows\$NtUninstallKB40230$\3762978156\Desktop.ini
c:\windows\$NtUninstallKB40230$\3762978156\L\xadqgnnk
c:\windows\$NtUninstallKB40230$\3762978156\oemid
c:\windows\$NtUninstallKB40230$\3762978156\U\00000001.@
c:\windows\$NtUninstallKB40230$\3762978156\U\00000002.@
c:\windows\$NtUninstallKB40230$\3762978156\U\00000004.@
c:\windows\$NtUninstallKB40230$\3762978156\U\80000000.@
c:\windows\$NtUninstallKB40230$\3762978156\U\80000004.@
c:\windows\$NtUninstallKB40230$\3762978156\U\80000032.@
c:\windows\$NtUninstallKB40230$\3762978156\version
c:\windows\Downloaded Program Files\IDropPTB.dll
c:\windows\system32\dds_trash_log.cmd
c:\windows\system32\muzapp.exe
c:\windows\unin0407.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-02-19 bis 2012-03-19  ))))))))))))))))))))))))))))))
.
.
2012-03-19 19:12 . 2012-03-19 19:14	--------	d-----w-	c:\users\motzer\AppData\Local\temp
2012-03-19 19:12 . 2012-03-19 19:12	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-03-19 18:25 . 2012-03-19 18:25	--------	d-----w-	C:\_OTL
2012-03-15 18:31 . 2010-10-22 00:01	78336	----a-w-	c:\windows\system32\fwusbnci.org
2012-03-15 18:31 . 2010-10-22 00:00	74240	----a-w-	c:\windows\system32\fwlanci.org
2012-03-14 20:49 . 2012-03-14 20:49	--------	d-----w-	c:\windows\system32\EventProviders
2012-03-13 20:58 . 2012-03-16 20:57	--------	d-----w-	C:\FRST
2012-03-13 19:30 . 2012-02-10 05:38	1077248	----a-w-	c:\windows\system32\DWrite.dll
2012-03-13 18:12 . 2009-03-18 15:35	26176	---ha-w-	c:\windows\system32\hamachi.sys
2012-03-13 18:12 . 2012-03-13 19:27	--------	d-----w-	c:\users\motzer\AppData\Local\LogMeIn Hamachi
2012-03-13 18:07 . 2012-03-13 19:28	--------	d-----w-	c:\program files\ShrewSoft
2012-03-13 17:30 . 2012-02-17 04:14	183808	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-03-13 17:30 . 2012-02-17 04:13	24576	----a-w-	c:\windows\system32\drivers\tdtcp.sys
2012-03-13 17:30 . 2010-11-20 10:21	18432	----a-w-	c:\windows\system32\drivers\tdpipe.sys
2012-03-12 20:33 . 2012-03-12 20:33	--------	d-----w-	c:\users\motzer\AppData\Roaming\Malwarebytes
2012-03-12 20:33 . 2012-03-12 20:33	--------	d-----w-	c:\programdata\Malwarebytes
2012-03-12 20:33 . 2012-03-12 20:33	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-03-12 20:33 . 2011-12-10 14:24	20464	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-03-12 20:11 . 2012-03-12 20:11	--------	d-----w-	c:\users\motzer\AppData\Local\Sunbelt Software
2012-03-12 20:10 . 2012-03-12 20:10	--------	d-----w-	c:\program files\Sunbelt Software
2012-03-12 20:07 . 2012-03-12 20:07	--------	d-----w-	c:\windows\Downloaded Installations
2012-03-11 22:58 . 2012-03-11 22:58	--------	d-----w-	c:\windows\system32\cvirte
2012-03-11 22:57 . 2012-03-13 17:23	--------	d-----w-	c:\program files\Microsoft Silverlight
2012-03-11 22:56 . 2012-03-11 23:45	--------	d-----w-	c:\program files\National Instruments
2012-03-11 22:53 . 2012-03-12 19:58	--------	d-----w-	c:\programdata\National Instruments
2012-03-11 22:51 . 2012-03-11 23:42	--------	d-----w-	C:\National Instruments Downloads
2012-02-26 21:31 . 2012-02-26 21:31	--------	d-----w-	c:\program files\Maxima-5.26.0
2012-02-24 12:16 . 2012-02-24 12:16	--------	d-----w-	c:\windows\system32\wbem\en-US
2012-02-22 23:20 . 2012-02-22 23:20	327432	----a-w-	c:\program files\Common Files\Microsoft Shared\VSA\9.0\VsaEnv\vsaenv.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-14 20:56 . 2009-07-14 02:05	152576	----a-w-	c:\windows\system32\msclmd.dll
2012-03-13 22:21 . 2011-05-25 16:40	1844384	----a-w-	c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-03-13 22:21 . 2011-05-25 17:14	1912512	----a-w-	c:\programdata\Microsoft\VisualStudio\10.0\1031\ResourceCache.dll
2012-02-24 01:32 . 2012-02-24 01:32	76800	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2012-02-24 01:32 . 2012-02-24 01:32	74752	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2012-02-24 01:32 . 2012-02-24 01:32	63488	----a-w-	c:\windows\system32\tdc.ocx
2012-02-24 01:32 . 2012-02-24 01:32	152064	----a-w-	c:\windows\system32\wextract.exe
2012-02-24 01:32 . 2012-02-24 01:32	1127424	----a-w-	c:\windows\system32\wininet.dll
2012-02-24 01:32 . 2012-02-24 01:32	420864	----a-w-	c:\windows\system32\vbscript.dll
2012-02-21 18:17 . 2011-05-25 14:49	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-17 05:34 . 2012-03-13 17:30	826880	----a-w-	c:\windows\system32\rdpcore.dll
2012-02-03 03:54 . 2012-03-13 19:30	2343424	----a-w-	c:\windows\system32\win32k.sys
2012-01-25 05:32 . 2012-03-15 17:54	58880	----a-w-	c:\windows\system32\rdpwsx.dll
2012-01-25 05:32 . 2012-03-15 17:54	129536	----a-w-	c:\windows\system32\rdpcorekmts.dll
2012-01-25 05:27 . 2012-03-13 17:30	8192	----a-w-	c:\windows\system32\rdrmemptylst.exe
2012-01-04 08:58 . 2012-02-16 20:24	442880	----a-w-	c:\windows\system32\ntshrui.dll
2011-12-30 05:27 . 2012-02-16 20:25	478720	----a-w-	c:\windows\system32\timedate.cpl
2011-06-22 10:44 . 2011-06-22 10:44	158720	----a-w-	c:\program files\internet explorer\plugins\LV2011ActiveXControl.dll
2011-05-12 09:01 . 2011-05-12 09:01	158720	----a-w-	c:\program files\internet explorer\plugins\LV90ActiveXControl.dll
2011-09-29 07:09 . 2011-10-05 12:21	134104	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\motzer\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\motzer\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\motzer\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\motzer\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"NIRegistrationWizard"="c:\program files\National Instruments\Shared\RegistrationWizard\Bin\RegistrationWizard.exe" [2010-06-21 846520]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVMWlanClient"="c:\program files\avmwlanstick\wlangui.exe" [2010-10-22 2105344]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-01-03 36760]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-01-03 815512]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-18 98304]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"NI Update Service"="c:\program files\National Instruments\Shared\Update Service\NIUpdateService.exe" [2011-06-07 3002976]
"SunServer"="c:\program files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe" [2005-11-11 290816]
.
c:\users\motzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\motzer\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Air Mouse.lnk - c:\program files\Air Mouse\Air Mouse\Air Mouse.exe [2011-7-28 1082368]
NI Error Reporting.lnk - c:\program files\National Instruments\Shared\NI Error Reporting\nierserver.exe [2011-6-19 619672]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R1 vflt;Shrew Soft Lightweight Filter;c:\windows\system32\DRIVERS\vfilter.sys [2010-09-02 17920]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock.sys [2011-03-23 77968]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [2010-10-22 4352]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2011-07-20 77624]
R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [2010-10-22 265088]
R3 fwlanusbn;FRITZ!WLAN N;c:\windows\system32\DRIVERS\fwlanusbn.sys [2010-10-22 586752]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2011-05-10 18432]
R3 nipalfwedl;nipalfwedl;c:\windows\system32\drivers\nipalfwedl.sys [2011-06-29 11968]
R3 nipalusbedl;nipalusbedl;c:\windows\system32\drivers\nipalusbedl.sys [2011-06-29 11968]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\DRIVERS\silabenm.sys [2009-10-08 17920]
R3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windows\system32\DRIVERS\silabser.sys [2009-10-08 63488]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2011-07-20 181432]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 vnet;Shrew Soft Virtual Adapter;c:\windows\system32\DRIVERS\virtualnet.sys [2010-09-02 13824]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys [2009-12-08 48128]
S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [2011-01-21 57112]
S0 nipbcfk;National Instruments Class Upper Filter Driver;c:\windows\System32\drivers\nipbcfk.sys [2010-03-24 15448]
S0 PrecSim;PrecSim;c:\windows\system32\DRIVERS\precsim.sys [2002-05-21 69600]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-08-16 722416]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-11-18 172032]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-03-28 136360]
S2 mitsijm2012;Autodesk Moldflow Inventor Tool Suite Integration 2012 Job-Manager;c:\program files\Autodesk\Inventor 2012\Moldflow\bin\mitsijm.exe [2011-08-03 580416]
S2 NIApplicationWebServer;NI Application Web Server;c:\program files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [2011-05-27 50336]
S2 nimDNSResponder;National Instruments mDNS Responder Service;c:\program files\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [2011-06-01 194224]
S2 NINetworkDiscovery;NI Network Discovery;c:\program files\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe [2011-06-10 121032]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2009-03-02 5120]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-30 2358656]
S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2011-03-23 435152]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
rbfilter
SNC
cmuda
ntservice1
mcontrol
vmm
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = fritz.box;*.local
IE: An OneNote s&enden - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: An vorhandene PDF-Datei anfügen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Free YouTube Download - c:\users\motzer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\motzer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: In Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files\ICQ7.6\ICQ.exe
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\motzer\AppData\Roaming\Mozilla\Firefox\Profiles\vcob6byz.default\
FF - prefs.js: browser.search.selectedEngine - Search the web
FF - prefs.js: keyword.URL - hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q=
FF - user.js: browser.search.selectedEngine - Search the web
FF - user.js: browser.search.order.1 - Search the web
FF - user.js: browser.search.defaultenginename - Search the web
FF - user.js: keyword.URL - hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q=
FF - user.js: privacy.item.cookies - false
FF - user.js: privacy.sanitize.promptOnSanitize - false
.
.
------- Dateityp-Verknüpfung -------
.
.scr=DWGTrueViewScriptFile
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-iPhoto Plus 4 - c:\windows\unin0407.exe
AddRemove-SLABCOMM&10C4&EA60 - c:\windows\system32\Silabs\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&EA60
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
AddRemove-26_VIA_driver2 - c:\program files\Samsung\USB Drivers\26_VIA_driver2\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(6140)
c:\users\motzer\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\ATKFUSService.exe
c:\windows\system32\atieclxx.exe
c:\windows\system32\taskhost.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\ASUS\GamerOSD\ATKFastUserSwitching.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\windows\System32\ASDR.exe
c:\program files\avmwlanstick\WlanNetService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\lkads.exe
c:\program files\National Instruments\MAX\nimxs.exe
c:\program files\National Instruments\Shared\Security\nidmsrv.exe
c:\windows\system32\conhost.exe
c:\program files\ASUS\SmartDoctor\SmartDoctor.exe
c:\program files\National Instruments\Shared\NI WebServer\SystemWebServer.exe
c:\program files\National Instruments\Shared\Tagger\tagsrv.exe
c:\windows\system32\lkcitdl.exe
c:\windows\system32\lktsrv.exe
c:\program files\Air Mouse\Air Mouse\Mobile Mouse Service.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-03-19  20:23:30 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-03-19 19:23
.
Vor Suchlauf: 16 Verzeichnis(se), 146.924.564.480 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 146.630.221.824 Bytes frei
.
- - End Of File - - AC43627F598EFEF6EC6DD7C46FFD9A84
         
 --- --- ---

mfg motzer

Psychotic · 20.03.2012, 09:30

OTL (Custom Scan)

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
explorer.exe
regedit.exe
winlogon.exe
wininit.exe
userinit.exe
/md5stop
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

motzerrobo · 20.03.2012, 17:36

Jop

OLT.txt

Code:

ATTFilter

OTL logfile created on: 20.03.2012 16:50:25 - Run 2
OTL by OldTimer - Version 3.2.39.1     Folder = C:\Users\motzer\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,16 Gb Available Physical Memory | 58,17% Memory free
4,00 Gb Paging File | 2,87 Gb Available in Paging File | 71,88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222,78 Gb Total Space | 136,28 Gb Free Space | 61,17% Space Free | Partition Type: NTFS
Drive D: | 232,83 Gb Total Space | 41,48 Gb Free Space | 17,82% Space Free | Partition Type: NTFS
Drive E: | 10,00 Gb Total Space | 6,74 Gb Free Space | 67,37% Space Free | Partition Type: NTFS
Drive F: | 47,14 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive M: | 2,34 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: STEEL | User Name: motzer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.03.18 23:34:36 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\motzer\Desktop\OTL.exe
PRC - [2012.01.03 14:10:50 | 000,815,512 | ---- | M] (Adobe Systems Inc.) -- C:\Programme\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.11.17 08:25:00 | 000,050,328 | ---- | M] (National Instruments Corporation) -- C:\Programme\National Instruments\Shared\NI WebServer\SystemWebServer.exe
PRC - [2011.08.30 17:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011.08.03 04:20:34 | 000,580,416 | ---- | M] (Autodesk, Inc.) -- C:\Programme\Autodesk\Inventor 2012\Moldflow\bin\mitsijm.exe
PRC - [2011.07.28 21:55:14 | 001,082,368 | ---- | M] () -- C:\Programme\Air Mouse\Air Mouse\Air Mouse.exe
PRC - [2011.07.06 10:41:30 | 000,039,080 | ---- | M] (RPA Technology) -- C:\Programme\Air Mouse\Air Mouse\Mobile Mouse Service.exe
PRC - [2011.07.04 15:35:01 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.06.24 05:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.06.19 08:29:04 | 000,619,672 | ---- | M] (National Instruments Corporation) -- C:\Programme\National Instruments\Shared\NI Error Reporting\nierserver.exe
PRC - [2011.06.14 17:57:10 | 000,012,696 | ---- | M] (National Instruments Corporation) -- C:\Programme\National Instruments\MAX\nimxs.exe
PRC - [2011.06.14 11:54:08 | 000,676,016 | ---- | M] (National Instruments Corporation) -- C:\Programme\National Instruments\Shared\Tagger\tagsrv.exe
PRC - [2011.06.14 09:11:10 | 000,362,104 | ---- | M] (National Instruments Corporation) -- C:\Programme\National Instruments\Shared\Security\nidmsrv.exe
PRC - [2011.06.14 09:08:24 | 000,056,952 | ---- | M] (National Instruments Corporation) -- C:\Windows\System32\lktsrv.exe
PRC - [2011.06.14 09:00:10 | 000,046,192 | ---- | M] (National Instruments Corporation) -- C:\Windows\System32\lkads.exe
PRC - [2011.06.10 14:11:20 | 000,121,032 | ---- | M] (National Instruments Corporation) -- C:\Programme\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe
PRC - [2011.06.01 16:32:14 | 000,194,224 | ---- | M] (National Instruments Corporation) -- C:\Programme\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
PRC - [2011.05.27 13:43:48 | 000,050,336 | ---- | M] (National Instruments Corporation) -- C:\Programme\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
PRC - [2011.03.28 15:15:17 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.03.28 15:15:04 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.03.28 15:14:56 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.03.23 23:34:18 | 000,435,152 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.11.20 13:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2010.10.27 09:43:38 | 000,695,136 | ---- | M] (National Instruments, Inc.) -- C:\Windows\System32\lkcitdl.exe
PRC - [2010.10.22 02:00:00 | 002,105,344 | R--- | M] (AVM Berlin) -- C:\Programme\avmwlanstick\WLanGUI.exe
PRC - [2010.10.22 02:00:00 | 000,376,832 | R--- | M] (AVM Berlin) -- C:\Programme\avmwlanstick\WLanNetService.exe
PRC - [2009.12.21 23:42:18 | 001,204,224 | ---- | M] (ASUSTeK Inc.) -- C:\Programme\ASUS\SmartDoctor\SmartDoctor.exe
PRC - [2009.12.01 13:22:54 | 000,061,952 | ---- | M] (ASUSTeK COMPUTER INC.) -- C:\Windows\System32\ATKFUSService.exe
PRC - [2009.11.30 14:17:00 | 000,417,792 | ---- | M] () -- C:\Programme\ASUS\GamerOSD\ATKFastUserSwitching.exe
PRC - [2009.11.18 06:45:56 | 000,368,640 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009.11.18 06:45:26 | 000,172,032 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009.07.27 10:13:28 | 000,061,440 | ---- | M] () -- C:\Windows\System32\ASDR.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.03.15 20:44:12 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\08d608378aa405adc844f3cf36974b8c\Microsoft.VisualBasic.ni.dll
MOD - [2012.03.15 18:51:12 | 012,432,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll
MOD - [2012.03.15 18:50:43 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5cae93d923c8378370758489e5535820\System.Runtime.Remoting.ni.dll
MOD - [2012.03.15 18:50:33 | 011,819,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\da5da08245467818759aa44c4eb948e1\System.Web.ni.dll
MOD - [2012.03.15 18:50:24 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
MOD - [2012.03.15 18:49:56 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\461d3b6b3f43e6fbe6c897d5936e17e4\System.Xml.ni.dll
MOD - [2012.03.15 18:49:51 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bc09ad2d49d8535371845cd7532f9271\System.Configuration.ni.dll
MOD - [2012.03.15 18:49:49 | 007,963,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
MOD - [2012.03.15 18:48:34 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
MOD - [2012.01.03 14:10:54 | 000,019,968 | ---- | M] () -- C:\Programme\Adobe\Acrobat 10.0\Acrobat\Locale\de_DE\AcroTray.DEU
MOD - [2011.07.28 21:55:14 | 001,082,368 | ---- | M] () -- C:\Programme\Air Mouse\Air Mouse\Air Mouse.exe
MOD - [2011.07.27 13:53:51 | 001,703,936 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Wizard\2.0.3609.23390__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Wizard.dll
MOD - [2011.07.27 13:53:51 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3609.23357__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2011.07.27 13:53:51 | 000,372,736 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3609.23260__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2011.07.27 13:53:51 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3609.23281__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2011.07.27 13:53:51 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3609.23336__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2011.07.27 13:53:51 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3609.23269__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2011.07.27 13:53:51 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3609.23316__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2011.07.27 13:53:51 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3609.23306__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2011.07.27 13:53:51 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3609.23275__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2011.07.27 13:53:51 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3609.23270__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2011.07.27 13:53:50 | 000,643,072 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.3609.23369__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll
MOD - [2011.07.27 13:53:50 | 000,409,600 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3609.23331__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2011.07.27 13:53:50 | 000,356,352 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3609.23322__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2011.07.27 13:53:50 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3609.23322__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2011.07.27 13:53:50 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3609.23368__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll
MOD - [2011.07.27 13:53:50 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3609.23358__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2011.07.27 13:53:50 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3609.23321__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2011.07.27 13:53:50 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Runtime\2.0.3609.23390__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Runtime.dll
MOD - [2011.07.27 13:53:49 | 001,142,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3609.23385__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dashboard.dll
MOD - [2011.07.27 13:53:49 | 000,827,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3609.23308__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2011.07.27 13:53:49 | 000,573,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3609.23282__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2011.07.27 13:53:49 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3609.23307__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2011.07.27 13:53:49 | 000,372,736 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3609.23302__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2011.07.27 13:53:49 | 000,270,336 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2011.07.27 13:53:49 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3609.23282__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2011.07.27 13:53:49 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3609.23308__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2011.07.27 13:53:49 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3609.23313__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2011.07.27 13:53:49 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3609.23306__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2011.07.27 13:53:49 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3609.23313__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2011.07.27 13:53:49 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3609.23286__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2011.07.27 13:53:49 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3609.23307__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2011.07.27 13:53:49 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3609.23315__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2011.07.27 13:53:49 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3589.25834__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2011.07.27 13:53:49 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3589.25817__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2011.07.27 13:53:49 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3589.25847__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2011.07.27 13:53:49 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3589.25854__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2011.07.27 13:53:48 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3589.25791__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2011.07.27 13:53:48 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3589.25794__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2011.07.27 13:53:48 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll
MOD - [2011.07.27 13:53:48 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3589.25837__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2011.07.27 13:53:48 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2011.07.27 13:53:48 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3589.25951__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll
MOD - [2011.07.27 13:53:48 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3589.25922__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2011.07.27 13:53:48 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3589.25916__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2011.07.27 13:53:48 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2011.07.27 13:53:47 | 000,151,552 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3589.25814__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2011.07.27 13:53:47 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3589.25796__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2011.07.27 13:53:47 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3589.25948__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll
MOD - [2011.07.27 13:53:47 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3589.25848__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2011.07.27 13:53:47 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3589.25945__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2011.07.27 13:53:47 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2011.07.27 13:53:47 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3589.25905__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2011.07.27 13:53:47 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3589.26042__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2011.07.27 13:53:47 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3589.25822__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2011.07.27 13:53:47 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3589.25829__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2011.07.27 13:53:47 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3589.25810__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2011.07.27 13:53:47 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Shared\2.0.3589.25907__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Shared.dll
MOD - [2011.07.27 13:53:47 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3589.25838__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2011.07.27 13:53:47 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3589.25917__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2011.07.27 13:53:47 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2011.07.27 13:53:47 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3589.25832__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2011.07.27 13:53:47 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3589.25896__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2011.07.27 13:53:47 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3589.25844__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2011.07.27 13:53:46 | 000,741,376 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3609.23384__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll
MOD - [2011.07.27 13:53:46 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3609.23351__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2011.07.27 13:53:46 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3609.23350__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2011.07.27 13:53:46 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3589.25859__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2011.07.27 13:53:46 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3589.25846__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2011.07.27 13:53:46 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3589.25888__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2011.07.27 13:53:46 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3609.23363__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2011.07.27 13:53:46 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3589.25806__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2011.07.27 13:53:46 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3589.25831__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2011.07.27 13:53:46 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3589.25857__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2011.07.27 13:53:46 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3589.25801__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2011.07.27 13:53:46 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3589.25893__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2011.07.27 13:53:46 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3589.25912__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2011.07.27 13:53:46 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3589.25825__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2011.07.27 13:53:46 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3589.25839__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2011.07.27 13:53:46 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3589.25862__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2011.07.27 13:53:46 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3589.25819__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll
MOD - [2011.07.27 13:53:46 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3589.25856__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2011.07.27 13:53:46 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3589.25858__90ba9c70f846762e\APM.Foundation.dll
MOD - [2011.07.27 13:53:46 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3589.25836__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2011.07.27 13:53:46 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3609.23257__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2011.07.27 13:53:45 | 001,220,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3609.23265__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2011.07.27 13:53:45 | 000,565,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3609.23345__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2011.07.27 13:53:45 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3609.23275__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2011.07.27 13:53:45 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3609.23257__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2011.07.27 13:53:45 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3609.23259__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2011.07.27 13:53:45 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3589.25849__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2011.07.27 13:53:45 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3589.25851__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2011.07.27 13:53:44 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3609.23255__90ba9c70f846762e\APM.Server.dll
MOD - [2011.07.27 13:53:44 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3609.23256__90ba9c70f846762e\AEM.Server.dll
MOD - [2011.07.27 13:53:44 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3589.25826__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2011.07.27 13:53:44 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2011.07.27 13:53:44 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3589.25865__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2011.07.27 13:53:44 | 000,019,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3609.23351__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2011.06.19 08:29:06 | 001,967,104 | ---- | M] () -- C:\Programme\National Instruments\Shared\NI Error Reporting\niwsrp.dll
MOD - [2011.06.14 13:19:58 | 000,025,600 | ---- | M] () -- C:\Programme\Air Mouse\Air Mouse\BonjourService.dll
MOD - [2011.03.16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2009.11.30 14:17:00 | 000,417,792 | ---- | M] () -- C:\Programme\ASUS\GamerOSD\ATKFastUserSwitching.exe
MOD - [2009.07.14 09:47:13 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2009.07.14 09:47:12 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2008.12.10 10:19:08 | 000,430,080 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2007.03.13 15:46:50 | 000,007,168 | ---- | M] () -- C:\Programme\ASUS\SmartDoctor\VOV32.dll
MOD - [2007.02.28 17:34:04 | 000,643,142 | ---- | M] () -- C:\Programme\ASUS\SmartDoctor\aticlocklib.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.11.17 08:25:00 | 000,050,328 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Programme\National Instruments\Shared\NI WebServer\SystemWebServer.exe -- (niSvcLoc)
SRV - [2011.10.10 23:27:16 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011.10.04 20:49:27 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.08.30 17:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011.08.03 04:20:34 | 000,580,416 | ---- | M] (Autodesk, Inc.) [Auto | Running] -- C:\Programme\Autodesk\Inventor 2012\Moldflow\bin\mitsijm.exe -- (mitsijm2012)
SRV - [2011.07.04 15:35:01 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.06.14 17:57:10 | 000,012,696 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Programme\National Instruments\MAX\nimxs.exe -- (mxssvr)
SRV - [2011.06.14 11:54:08 | 000,676,016 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Programme\National Instruments\Shared\Tagger\tagsrv.exe -- (NITaggerService)
SRV - [2011.06.14 09:11:10 | 000,362,104 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Programme\National Instruments\Shared\Security\nidmsrv.exe -- (NIDomainService)
SRV - [2011.06.14 09:08:24 | 000,056,952 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\System32\lktsrv.exe -- (lkTimeSync)
SRV - [2011.06.14 09:00:10 | 000,046,192 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\System32\lkads.exe -- (lkClassAds)
SRV - [2011.06.12 10:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011.06.10 14:11:20 | 000,121,032 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Programme\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe -- (NINetworkDiscovery)
SRV - [2011.06.01 16:32:14 | 000,194,224 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Programme\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe -- (nimDNSResponder)
SRV - [2011.05.27 13:43:48 | 000,050,336 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Programme\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe -- (NIApplicationWebServer)
SRV - [2011.03.28 15:15:04 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.03.23 23:34:18 | 000,435,152 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent)
SRV - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.10.27 09:43:38 | 000,695,136 | ---- | M] (National Instruments, Inc.) [Auto | Running] -- C:\Windows\System32\lkcitdl.exe -- (LkCitadelServer)
SRV - [2010.10.22 02:00:00 | 000,376,832 | R--- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service)
SRV - [2010.08.02 10:00:00 | 001,427,688 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\National Instruments\Shared\License Manager\Bin\lmgrd.exe -- (NILM License Manager)
SRV - [2010.01.09 20:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 20:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.12.01 13:22:54 | 000,061,952 | ---- | M] (ASUSTeK COMPUTER INC.) [Auto | Running] -- C:\Windows\System32\ATKFUSService.exe -- (ATKFUSService)
SRV - [2009.11.18 06:45:26 | 000,172,032 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009.07.27 10:13:28 | 000,061,440 | ---- | M] () [Auto | Running] -- C:\Windows\System32\ASDR.exe -- (ASDR)
SRV - [2009.07.14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.06.03 10:26:34 | 000,098,304 | ---- | M] (OPC Foundation) [On_Demand | Stopped] -- C:\Windows\System32\Opcenum.exe -- (OpcEnum)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\motzer\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2011.11.04 20:34:56 | 000,019,552 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cvintdrv.sys -- (cvintdrv)
DRV - [2011.08.16 15:25:01 | 000,722,416 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2011.07.27 13:54:55 | 000,014,336 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\EIO.sys -- (EIO)
DRV - [2011.07.20 08:46:04 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.)
DRV - [2011.07.20 08:46:04 | 000,077,624 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV - [2011.07.04 15:35:01 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.07.04 15:35:01 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.06.29 13:49:48 | 000,011,968 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nipalfwedl.sys -- (nipalfwedl)
DRV - [2011.06.29 13:48:18 | 000,011,968 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nipalusbedl.sys -- (nipalusbedl)
DRV - [2011.06.29 13:41:00 | 000,584,856 | ---- | M] (National Instruments Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nipalk.sys -- (NIPALK)
DRV - [2011.06.15 09:23:56 | 000,060,156 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2011.05.10 07:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2011.03.23 23:25:38 | 000,019,680 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva)
DRV - [2011.03.23 23:25:14 | 000,077,968 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\acsock.sys -- (acsock)
DRV - [2011.01.21 13:52:18 | 000,381,032 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\Windows\System32\drivers\Uim_IM.sys -- (Uim_IM)
DRV - [2011.01.21 13:52:18 | 000,057,112 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hotcore3.sys -- (hotcore3)
DRV - [2011.01.21 13:52:18 | 000,040,824 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Running] -- C:\Windows\System32\drivers\UimBus.sys -- (UimBus)
DRV - [2010.11.20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.10.22 01:01:00 | 000,586,752 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fwlanusbn.sys -- (fwlanusbn)
DRV - [2010.10.22 01:01:00 | 000,004,352 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avmeject.sys -- (avmeject)
DRV - [2010.10.22 01:00:00 | 000,265,088 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fwlanusb.sys -- (FWLANUSB)
DRV - [2010.09.02 08:18:48 | 000,017,920 | ---- | M] (Shrew Soft Inc) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\vfilter.sys -- (vflt)
DRV - [2010.09.02 08:18:48 | 000,013,824 | ---- | M] (Shrew Soft Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\virtualnet.sys -- (vnet)
DRV - [2010.08.31 11:43:36 | 000,195,968 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2010.06.17 14:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.03.24 12:27:44 | 000,015,448 | ---- | M] (National Instruments Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nipbcfk.sys -- (nipbcfk)
DRV - [2009.12.08 20:24:26 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Programme\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys -- (VSPerfDrv100)
DRV - [2009.11.18 07:20:34 | 005,140,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009.10.08 12:41:46 | 000,063,488 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\silabser.sys -- (silabser)
DRV - [2009.10.08 12:41:46 | 000,017,920 | ---- | M] (Silicon Laboratories, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\silabenm.sys -- (silabenm)
DRV - [2009.07.14 00:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009.07.13 23:02:50 | 000,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2009.06.10 22:19:48 | 009,853,248 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.03.18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009.03.02 13:12:10 | 000,038,400 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2009.03.02 13:12:10 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2009.02.17 17:22:14 | 000,030,976 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKDispLowFilter.sys -- (atkdisplf)
DRV - [2009.02.17 17:22:14 | 000,015,232 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\asusgsb.sys -- (asusgsb)
DRV - [2008.11.16 17:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2008.10.27 13:57:28 | 000,077,824 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2007.01.18 19:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2005.03.30 10:12:38 | 000,014,544 | ---- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TVicPort.sys -- (TVicPort)
DRV - [2002.05.22 00:00:00 | 000,069,600 | ---- | M] (Engelmann GmbH) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\precsim.sys -- (PrecSim)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8C AA F3 5C 76 A0 CC 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box;*.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search the web"
FF - prefs.js..browser.search.order.1: "Search the web"
FF - prefs.js..browser.search.selectedEngine: "Search the web"
FF - prefs.js..keyword.URL: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
 
FF - user.js..browser.search.selectedEngine: "Search the web"
FF - user.js..browser.search.order.1: "Search the web"
FF - user.js..browser.search.defaultenginename: "Search the web"
FF - user.js..keyword.URL: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012.02.02 14:46:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\motzer\AppData\Roaming\07016
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.10.05 13:21:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.03.12 00:44:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.08.17 19:31:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\motzer\AppData\Roaming\07016
 
[2011.05.25 15:51:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\motzer\AppData\Roaming\mozilla\Extensions
[2011.05.25 15:51:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\motzer\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.01.09 18:13:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\motzer\AppData\Roaming\mozilla\Firefox\Profiles\vcob6byz.default\extensions
[2012.01.09 18:13:19 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\motzer\AppData\Roaming\mozilla\Firefox\Profiles\vcob6byz.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.01.25 15:34:29 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.01.25 15:34:29 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.11.07 14:32:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2012.02.02 14:46:30 | 000,000,000 | ---D | M] (Adobe Acrobat - Create PDF) -- C:\PROGRAM FILES\ADOBE\ACROBAT 10.0\ACROBAT\BROWSER\WCFIREFOXEXTN
[2012.01.25 15:34:29 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.09.29 08:09:51 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.06.22 11:43:54 | 000,026,112 | ---- | M] (National Instruments) -- C:\Program Files\mozilla firefox\plugins\nplv2011win32.dll
[2011.05.12 10:00:46 | 000,025,088 | ---- | M] (National Instruments) -- C:\Program Files\mozilla firefox\plugins\nplv90win32.dll
[2011.09.29 02:24:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.09.29 02:16:42 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.09.29 02:24:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.09.29 02:24:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.10 20:07:03 | 000,000,158 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search the web.src
[2011.09.29 02:24:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.09.29 02:24:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.03.19 20:13:41 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Microsoft-Webtestaufzeichnung 10.0-Hilfsprogramm) - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Programme\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NI Update Service] C:\Program Files\National Instruments\Shared\Update Service\NIUpdateService.exe (National Instruments)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunServer] C:\Programme\Sunbelt Software\CounterSpy\Consumer\SunServer.exe (Sunbelt Software)
O4 - HKCU..\Run: [NIRegistrationWizard] C:\Program Files\National Instruments\Shared\RegistrationWizard\Bin\RegistrationWizard.exe ()
O4 - Startup: C:\Users\motzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\motzer\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00  [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Free YouTube Download - C:\Users\motzer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\motzer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll (National Instruments Corporation)
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{56B65BB0-AA21-4A1A-AB7C-8CB9593B7B3A}: DhcpNameServer = 212.23.97.3 212.23.97.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B1290DBB-9D3F-427B-97EB-CCA008AD719C}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.10.25 22:23:56 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011.04.12 03:37:58 | 000,000,043 | R--- | M] () - M:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {31FC3F49-B603-2BBB-4B72-952B41E98BF5} - .NET Framework
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4A714DA3-0F91-9CB5-4DC4-734E0F9FEEAA} - Java (Sun)
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5EA97B4D-0579-EC62-737C-AA2958CBE6F2} - .NET Framework
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {8B1EC444-50ED-44BB-FA40-18FE57D31FAD} - Browser Customizations
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {9605F371-7183-4BD8-B48E-E1B099CA0DB3} - Microsoft Windows Media Player
ActiveX: {A017B03A-758D-6277-904B-8ED91E5E4F84} - Browser Customizations
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: rbfilter -  File not found
NetSvcs: SNC -  File not found
NetSvcs: cmuda -  File not found
NetSvcs: ntservice1 -  File not found
NetSvcs: mcontrol -  File not found
NetSvcs: vmm -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.19 20:23:32 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.03.19 20:14:05 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.03.19 20:12:17 | 000,000,000 | ---D | C] -- C:\Users\motzer\AppData\Local\temp
[2012.03.19 19:31:32 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012.03.19 19:25:51 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.03.18 23:34:36 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Users\motzer\Desktop\OTL.exe
[2012.03.18 21:22:53 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.03.18 21:22:53 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.03.18 21:22:53 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.03.18 21:21:57 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.03.18 21:20:33 | 004,438,697 | R--- | C] (Swearware) -- C:\Users\motzer\Desktop\ComboFix.exe
[2012.03.15 20:35:42 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\motzer\Desktop\aswMBR.exe
[2012.03.15 20:35:31 | 002,063,920 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\motzer\Desktop\tdsskiller.exe
[2012.03.15 19:31:09 | 000,078,336 | ---- | C] (AVM Berlin) -- C:\Windows\System32\fwusbnci.org
[2012.03.15 19:31:09 | 000,074,240 | ---- | C] (AVM Berlin) -- C:\Windows\System32\fwlanci.org
[2012.03.14 21:50:19 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2012.03.14 21:49:12 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2012.03.14 01:02:16 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012.03.13 21:58:43 | 000,000,000 | ---D | C] -- C:\FRST
[2012.03.13 19:12:58 | 000,026,176 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\System32\hamachi.sys
[2012.03.13 19:12:47 | 000,000,000 | ---D | C] -- C:\Users\motzer\AppData\Local\LogMeIn Hamachi
[2012.03.13 19:07:34 | 000,000,000 | ---D | C] -- C:\Users\motzer\Documents\Shrew Soft VPN
[2012.03.13 19:07:33 | 000,000,000 | ---D | C] -- C:\Program Files\ShrewSoft
[2012.03.13 01:05:18 | 000,000,000 | ---D | C] -- C:\Windows\System32\Shared Memory
[2012.03.12 21:38:34 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\motzer\Desktop\HiJackThis204.exe
[2012.03.12 21:33:54 | 000,000,000 | ---D | C] -- C:\Users\motzer\AppData\Roaming\Malwarebytes
[2012.03.12 21:33:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.12 21:33:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.03.12 21:33:34 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.03.12 21:33:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.03.12 21:28:02 | 009,502,424 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\motzer\Desktop\mbam-setup-1.60.1.1000.exe
[2012.03.12 21:11:18 | 000,000,000 | ---D | C] -- C:\Users\motzer\AppData\Local\Sunbelt Software
[2012.03.12 21:10:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sunbelt Software
[2012.03.12 21:10:34 | 000,000,000 | ---D | C] -- C:\Program Files\Sunbelt Software
[2012.03.12 21:07:36 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2012.03.12 00:43:25 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\National Instruments
[2012.03.12 00:15:23 | 000,000,000 | ---D | C] -- C:\Users\motzer\Documents\LabVIEW Data
[2012.03.11 23:59:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\National Instruments
[2012.03.11 23:58:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\cvirte
[2012.03.11 23:58:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012.03.11 23:57:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012.03.11 23:56:21 | 000,000,000 | ---D | C] -- C:\Program Files\National Instruments
[2012.03.11 23:53:49 | 000,000,000 | ---D | C] -- C:\ProgramData\National Instruments
[2012.03.11 23:51:01 | 000,000,000 | ---D | C] -- C:\National Instruments Downloads
[2012.02.26 22:31:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maxima-5.26.0
[2012.02.26 22:31:24 | 000,000,000 | ---D | C] -- C:\Program Files\Maxima-5.26.0
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.20 16:35:03 | 000,022,064 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.20 16:35:03 | 000,022,064 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.20 16:25:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.20 16:25:48 | 1609,175,040 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.19 20:13:41 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.03.19 19:38:51 | 000,222,126 | ---- | M] () -- C:\Users\motzer\Desktop\fixi.png
[2012.03.19 19:25:20 | 000,261,943 | ---- | M] () -- C:\Users\motzer\Desktop\anweisung.png
[2012.03.19 19:20:00 | 000,000,016 | ---- | M] () -- C:\Users\motzer\AppData\Roaming\blckdom.res
[2012.03.18 23:34:36 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\motzer\Desktop\OTL.exe
[2012.03.18 22:48:48 | 000,007,595 | ---- | M] () -- C:\Users\motzer\AppData\Local\Resmon.ResmonCfg
[2012.03.18 21:20:36 | 004,438,697 | R--- | M] (Swearware) -- C:\Users\motzer\Desktop\ComboFix.exe
[2012.03.17 20:45:49 | 000,302,592 | ---- | M] () -- C:\Users\motzer\Desktop\eu0cksk6.exe
[2012.03.16 22:13:02 | 000,000,272 | ---- | M] () -- C:\Users\motzer\AppData\Roaming\.backup.dm
[2012.03.16 22:03:31 | 000,696,620 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.03.16 22:03:31 | 000,651,938 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.03.16 22:03:31 | 000,147,916 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.03.16 22:03:31 | 000,120,870 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.03.15 20:35:52 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\motzer\Desktop\aswMBR.exe
[2012.03.15 20:35:33 | 002,063,920 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\motzer\Desktop\tdsskiller.exe
[2012.03.15 19:19:00 | 000,019,914 | ---- | M] () -- C:\Users\motzer\Desktop\Wlan.png
[2012.03.15 18:45:04 | 000,544,032 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.03.14 21:41:45 | 000,095,045 | ---- | M] () -- C:\Users\motzer\Desktop\Resourcen.png
[2012.03.14 21:37:36 | 000,019,004 | ---- | M] () -- C:\Users\motzer\Desktop\Combofix_2.png
[2012.03.14 21:27:05 | 000,034,130 | ---- | M] () -- C:\Users\motzer\Desktop\Combofix.png
[2012.03.13 21:31:59 | 2509,058,048 | ---- | M] () -- C:\Users\motzer\Desktop\X17-59886.iso
[2012.03.13 20:25:48 | 000,001,594 | ---- | M] () -- C:\Windows\VPNUnInstall.MIF
[2012.03.13 19:19:03 | 000,001,594 | ---- | M] () -- C:\Windows\VPNInstall.MIF
[2012.03.12 21:38:35 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\motzer\Desktop\HiJackThis204.exe
[2012.03.12 21:33:40 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.12 21:28:07 | 009,502,424 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\motzer\Desktop\mbam-setup-1.60.1.1000.exe
[2012.03.12 21:20:32 | 012,410,880 | ---- | M] () -- C:\Users\motzer\Desktop\Ad-Aware96Install.msi
[2012.03.12 21:12:27 | 000,051,570 | ---- | M] () -- C:\Users\motzer\Documents\cc_20120312_211211.reg
[2012.03.12 21:10:37 | 000,002,135 | ---- | M] () -- C:\Users\Public\Desktop\CounterSpy.lnk
[2012.03.12 00:02:59 | 000,001,039 | ---- | M] () -- C:\Users\motzer\Desktop\National Instruments LabVIEW 2011.lnk
[2012.03.12 00:01:21 | 000,001,193 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NI Error Reporting.lnk
[2012.02.28 00:43:39 | 000,000,997 | ---- | M] () -- C:\Users\motzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.02.24 02:32:51 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
 
========== Files Created - No Company Name ==========
 
[2012.03.19 19:38:50 | 000,222,126 | ---- | C] () -- C:\Users\motzer\Desktop\fixi.png
[2012.03.19 19:25:19 | 000,261,943 | ---- | C] () -- C:\Users\motzer\Desktop\anweisung.png
[2012.03.18 21:22:53 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.03.18 21:22:53 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.03.18 21:22:53 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.03.18 21:22:53 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.03.18 21:22:53 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.03.17 20:45:49 | 000,302,592 | ---- | C] () -- C:\Users\motzer\Desktop\eu0cksk6.exe
[2012.03.16 22:13:02 | 000,000,272 | ---- | C] () -- C:\Users\motzer\AppData\Roaming\.backup.dm
[2012.03.16 22:04:20 | 000,000,016 | ---- | C] () -- C:\Users\motzer\AppData\Roaming\blckdom.res
[2012.03.15 19:19:00 | 000,019,914 | ---- | C] () -- C:\Users\motzer\Desktop\Wlan.png
[2012.03.14 21:41:45 | 000,095,045 | ---- | C] () -- C:\Users\motzer\Desktop\Resourcen.png
[2012.03.14 21:37:36 | 000,019,004 | ---- | C] () -- C:\Users\motzer\Desktop\Combofix_2.png
[2012.03.14 21:30:41 | 000,007,595 | ---- | C] () -- C:\Users\motzer\AppData\Local\Resmon.ResmonCfg
[2012.03.14 21:27:05 | 000,034,130 | ---- | C] () -- C:\Users\motzer\Desktop\Combofix.png
[2012.03.13 20:36:17 | 2509,058,048 | ---- | C] () -- C:\Users\motzer\Desktop\X17-59886.iso
[2012.03.13 19:15:06 | 000,001,594 | ---- | C] () -- C:\Windows\VPNUnInstall.MIF
[2012.03.12 21:33:40 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.12 21:19:57 | 012,410,880 | ---- | C] () -- C:\Users\motzer\Desktop\Ad-Aware96Install.msi
[2012.03.12 21:12:17 | 000,051,570 | ---- | C] () -- C:\Users\motzer\Documents\cc_20120312_211211.reg
[2012.03.12 21:10:37 | 000,002,135 | ---- | C] () -- C:\Users\Public\Desktop\CounterSpy.lnk
[2012.03.12 00:02:59 | 000,001,039 | ---- | C] () -- C:\Users\motzer\Desktop\National Instruments LabVIEW 2011.lnk
[2012.03.12 00:01:21 | 000,001,193 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NI Error Reporting.lnk
[2012.02.24 02:32:51 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2012.01.23 20:53:52 | 000,000,798 | ---- | C] () -- C:\Windows\Ulead32.ini
[2011.11.04 20:34:56 | 000,019,552 | ---- | C] () -- C:\Windows\System32\drivers\cvintdrv.sys
[2011.10.27 13:25:41 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.10.18 12:54:48 | 000,034,308 | ---- | C] () -- C:\Windows\System32\bassmod.dll
[2011.08.23 12:32:09 | 000,015,565 | ---- | C] () -- C:\Windows\System32\drivers\fwlanusbn.bin
[2011.07.28 01:21:19 | 000,004,608 | ---- | C] () -- C:\Users\motzer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.07.28 01:16:54 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2011.07.27 13:56:11 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.07.27 13:54:39 | 000,053,248 | ---- | C] () -- C:\Windows\System32\asrussian.dll
[2011.07.27 13:54:39 | 000,053,248 | ---- | C] () -- C:\Windows\System32\askorean.dll
[2011.07.27 13:54:39 | 000,053,248 | ---- | C] () -- C:\Windows\System32\asjapan.dll
[2011.07.27 13:54:39 | 000,053,248 | ---- | C] () -- C:\Windows\System32\asgerman.dll
[2011.07.27 13:54:39 | 000,053,248 | ---- | C] () -- C:\Windows\System32\asfrench.dll
[2011.07.27 13:54:39 | 000,053,248 | ---- | C] () -- C:\Windows\System32\aseng.dll
[2011.07.27 13:54:39 | 000,053,248 | ---- | C] () -- C:\Windows\System32\ASCHT.dll
[2011.07.27 13:54:39 | 000,053,248 | ---- | C] () -- C:\Windows\System32\aschs.dll
[2011.07.27 13:54:38 | 000,761,856 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011.07.27 13:54:38 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011.07.26 16:26:46 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.07.26 16:26:46 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.07.26 16:26:46 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.07.26 16:26:46 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011.06.30 13:00:08 | 000,022,723 | ---- | C] () -- C:\Windows\System32\SUGG1l3.DLL
[2011.06.10 13:52:52 | 000,000,244 | ---- | C] () -- C:\Windows\System32\nirpc.ini
[2011.05.26 23:10:55 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2011.05.25 17:55:20 | 000,000,303 | ---- | C] () -- C:\Users\motzer\AppData\Roaming\myAVR_WorkpadPLUS_Demo.cfg
[2011.05.25 17:55:20 | 000,000,000 | ---- | C] () -- C:\ProgramData\myAVR_WorkpadPLUS_Demo.cfg
[2011.05.25 17:49:50 | 000,000,431 | ---- | C] () -- C:\Users\motzer\AppData\Roaming\myAVR_ProgTool.cfg
[2011.05.25 16:42:25 | 000,017,408 | ---- | C] () -- C:\Users\motzer\AppData\Local\WebpageIcons.db
[2011.05.25 15:51:29 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.10.22 01:00:00 | 000,097,360 | ---- | C] () -- C:\Windows\System32\drivers\Fwusb1b.bin
 
========== LOP Check ==========
 
[2011.06.21 12:23:23 | 000,000,000 | ---D | M] -- C:\Users\motzer\AppData\Roaming\Amazon
[2011.05.25 17:43:53 | 000,000,000 | ---D | M] -- C:\Users\motzer\AppData\Roaming\Atmel
[2011.11.29 20:37:45 | 000,000,000 | ---D | M] -- C:\Users\motzer\AppData\Roaming\Autodesk
[2011.10.27 17:32:20 | 000,000,000 | ---D | M] -- C:\Users\motzer\AppData\Roaming\CADClick
[2011.09.12 18:34:11 | 000,000,000 | ---D | M] -- C:\Users\motzer\AppData\Roaming\Das Fussball Studio
[2012.03.20 16:27:56 | 000,000,000 | ---D | M] -- C:\Users\motzer\AppData\Roaming\Dropbox
[2012.01.09 18:15:58 | 000,000,000 | ---D | M] -- C:\Users\motzer\AppData\Roaming\DVDVideoSoft
[2012.01.09 18:15:53 | 000,000,000 | ---D | M] -- C:\Users\motzer\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.06.21 10:51:15 | 000,000,000 | ---D | M] -- C:\Users\motzer\AppData\Roaming\go
[2012.03.02 21:02:37 | 000,000,000 | ---D | M] -- C:\Users\motzer\AppData\Roaming\ICQ
[2011.09.22 00:15:44 | 000,000,000 | ---D | M] -- C:\Users\motzer\AppData\Roaming\ImgBurn
[2011.09.15 16:23:07 | 000,000,000 | ---D | M] -- C:\Users\motzer\AppData\Roaming\IrfanView
[2011.09.15 16:13:04 | 000,000,000 | ---D | M] -- C:\Users\motzer\AppData\Roaming\MAGIX
[2011.05.25 20:07:34 | 000,000,000 | ---D | M] -- C:\Users\motzer\AppData\Roaming\MCS Electronics
[2011.07.05 23:24:23 | 000,000,000 | ---D | M] -- C:\Users\motzer\AppData\Roaming\mkvtoolnix
[2011.06.23 14:51:05 | 000,000,000 | ---D | M] -- C:\Users\motzer\AppData\Roaming\OpenOffice.org
[2011.05.25 15:07:10 | 000,000,000 | ---D | M] -- C:\Users\motzer\AppData\Roaming\Opera
[2011.08.22 12:42:48 | 000,000,000 | ---D | M] -- C:\Users\motzer\AppData\Roaming\Samsung
[2011.07.07 18:44:23 | 000,000,000 | ---D | M] -- C:\Users\motzer\AppData\Roaming\TeamViewer
[2011.05.25 15:51:29 | 000,000,000 | ---D | M] -- C:\Users\motzer\AppData\Roaming\Thunderbird
[2012.01.12 13:25:07 | 000,000,000 | ---D | M] -- C:\Users\motzer\AppData\Roaming\toolplugin
[2012.03.12 21:07:41 | 000,000,000 | ---D | M] -- C:\Users\motzer\AppData\Roaming\TS3Client
[2011.08.16 22:20:40 | 000,000,000 | ---D | M] -- C:\Users\motzer\AppData\Roaming\Unified Remote
[2011.05.25 21:02:49 | 000,000,000 | ---D | M] -- C:\Users\motzer\AppData\Roaming\VisualAssist
[2011.06.24 17:54:31 | 000,000,000 | ---D | M] -- C:\Users\motzer\AppData\Roaming\X-Chat 2
[2011.11.14 15:36:33 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.03.19 20:14:05 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2011.07.25 13:22:33 | 000,000,000 | ---D | M] -- C:\AdobeAcrobat
[2011.10.25 22:23:56 | 000,000,000 | ---D | M] -- C:\Autodesk
[2012.03.15 18:50:02 | 000,000,000 | ---D | M] -- C:\Boot
[2012.03.19 20:23:32 | 000,000,000 | ---D | M] -- C:\ComboFix
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011.05.25 12:47:22 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2012.03.16 21:57:02 | 000,000,000 | ---D | M] -- C:\FRST
[2011.10.24 15:32:32 | 000,000,000 | ---D | M] -- C:\Inventor
[2011.10.10 23:22:42 | 000,000,000 | ---D | M] -- C:\MITSI 2012 Temporary Files
[2011.10.25 13:43:05 | 000,000,000 | R--D | M] -- C:\MSOCache
[2012.03.12 00:42:15 | 000,000,000 | ---D | M] -- C:\National Instruments Downloads
[2009.07.14 03:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.03.13 20:27:31 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.03.19 19:25:52 | 000,000,000 | ---D | M] -- C:\ProgramData
[2011.05.25 12:47:22 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.11.21 18:16:00 | 000,000,000 | ---D | M] -- C:\Python24
[2012.03.19 20:23:31 | 000,000,000 | ---D | M] -- C:\Qoobox
[2011.05.25 12:47:23 | 000,000,000 | ---D | M] -- C:\Recovery
[2011.05.25 21:00:45 | 000,000,000 | ---D | M] -- C:\SiLabs
[2011.07.06 21:41:49 | 000,000,000 | ---D | M] -- C:\stick
[2012.03.20 16:53:21 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.06.30 12:59:54 | 000,000,000 | ---D | M] -- C:\Temp
[2011.05.25 12:47:32 | 000,000,000 | R--D | M] -- C:\Users
[2012.03.19 20:23:32 | 000,000,000 | ---D | M] -- C:\Windows
[2012.03.19 19:25:51 | 000,000,000 | ---D | M] -- C:\_OTL
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\ERDNT\cache\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\ERDNT\cache\regedit.exe
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_f4050b883d2c3c08\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\ERDNT\cache\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-03-16 01:35:06
 
<           >

< End of report >

Extra.txt wurde diesmal nicht erstellt oder ich finde sie nicht.

mfg
motzer

Psychotic · 21.03.2012, 23:57

Schritt 1: Fix mit OTL

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

:OTL
FF - prefs.js..browser.search.defaultenginename: "Search the web"
FF - prefs.js..browser.search.order.1: "Search the web"
FF - prefs.js..browser.search.selectedEngine: "Search the web"
FF - prefs.js..keyword.URL: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
FF - user.js..browser.search.selectedEngine: "Search the web"
FF - user.js..browser.search.order.1: "Search the web"
FF - user.js..browser.search.defaultenginename: "Search the web"
FF - user.js..keyword.URL: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
[2011.10.10 20:07:03 | 000,000,158 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search the web.src
NetSvcs: rbfilter -  File not found
NetSvcs: SNC -  File not found
NetSvcs: cmuda -  File not found
NetSvcs: ntservice1 -  File not found
NetSvcs: mcontrol -  File not found
NetSvcs: vmm -  File not found
[2012.03.19 19:20:00 | 000,000,016 | ---- | M] () -- C:\Users\motzer\AppData\Roaming\blckdom.res
:COMMANDS
[emptytemp]

Schliesse bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Schritt 2: MBAM vollständig

Downloade Dir bitte Malwarebytes

Installiere das Programm in den vorgegebenen Pfad.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
Wenn das Update beendet wurde, aktiviere Vollständigen Scan durchführen und drücke auf Scannen.(Hinweis: Alle Festplatten anhaken!
Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter "Log Dateien" finden.

motzerrobo · 23.03.2012, 21:13

OTL File

Code:

ATTFilter

All processes killed
========== OTL ==========
Prefs.js: "Search the web" removed from browser.search.defaultenginename
Prefs.js: "Search the web" removed from browser.search.order.1
Prefs.js: "Search the web" removed from browser.search.selectedEngine
Prefs.js: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" removed from keyword.URL
C:\Users\motzer\AppData\Roaming\Mozilla\FireFox\Profiles\vcob6byz.default\user.js moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\Search the web.src moved successfully.
rbfilter removed from NetSvcs value successfully!
SNC removed from NetSvcs value successfully!
cmuda removed from NetSvcs value successfully!
ntservice1 removed from NetSvcs value successfully!
mcontrol removed from NetSvcs value successfully!
vmm removed from NetSvcs value successfully!
C:\Users\motzer\AppData\Roaming\blckdom.res moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: motzer
->Temp folder emptied: 216889 bytes
->Temporary Internet Files folder emptied: 263072 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Opera cache emptied: 21350763 bytes
->Flash cache emptied: 1182 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2432 bytes
RecycleBin emptied: 3710096265 bytes
 
Total Files Cleaned = 3.559,00 mb
 
 
OTL by OldTimer - Version 3.2.39.1 log created on 03222012_000129

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Malware

Code:

ATTFilter

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.20.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
motzer :: STEEL [Administrator]

23.03.2012 19:01:08
mbam-log-2012-03-23 (21-06-15).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 647468
Laufzeit: 2 Stunde(n), 4 Minute(n), 33 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{975670D0-7EFB-4fa8-90FA-3AE575B9FB77} (Trojan.Banker) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|gema. (Trojan.Ransom.ICL) -> Daten: C:\ProgramData\gema\gema.exe -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|gema (Trojan.Ransom.ICL) -> Daten: C:\Users\motzer\AppData\Roaming\gema\gema.exe -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|gema (Trojan.Ransom) -> Daten: C:\Windows\system32\gema.exe -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|shell (Trojan.Ransom.ICL) -> Daten: C:\Users\motzer\AppData\Roaming\gema\gema.exe,Explorer.exe, -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 3
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Userinit (Trojan.Ransom.ICL) -> Bösartig: (C:\ProgramData\gema\gema.exe) Gut: () -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Userinit (Trojan.Ransom) -> Bösartig: (C:\Windows\system32\gema.exe) Gut: () -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Userinit (Hijack.UserInit) -> Bösartig: (C:\ProgramData\gema\gema.exe,C:\Windows\system32\gema.exe,C:\Windows\system32\userinit.exe,) Gut: (userinit.exe) -> Keine Aktion durchgeführt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 7
C:\Qoobox\Quarantine\C\Users\motzer\AppData\Roaming\AcroIEHelpe.dll.vir (Trojan.Banker.H) -> Keine Aktion durchgeführt.
C:\_OTL\MovedFiles\03192012_192551\C_ProgramData\gema\gema.exe (Trojan.Agent.H) -> Keine Aktion durchgeführt.
C:\_OTL\MovedFiles\03192012_192551\C_Users\motzer\AppData\Roaming\gema\gema.exe (Trojan.Agent.H) -> Keine Aktion durchgeführt.
C:\_OTL\MovedFiles\03192012_192551\C_Windows\System32\gema.exe (Trojan.Agent.H) -> Keine Aktion durchgeführt.
C:\ProgramData\gema\gema.exe (Trojan.Ransom.ICL) -> Keine Aktion durchgeführt.
C:\Users\motzer\AppData\Roaming\gema\gema.exe (Trojan.Ransom.ICL) -> Keine Aktion durchgeführt.
C:\Windows\System32\gema.exe (Trojan.Ransom) -> Keine Aktion durchgeführt.

(Ende)

mfg motzer

Psychotic · 25.03.2012, 10:04

Schritt 1: MBAM-Funde entfernen

Die Funde von MBAM müssen entfernt werden! Scanne erneut vollständig und klicke nach Abschluß auf "Entferne Auswahl".

Schritt 2: ESET

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Hallo, benötigst Du noch weiterhin Hilfe ? Sollte ich innerhalb der nächsten 24 Stunden keine Antwort von dir erhalten, werde ich dein Thema aus meinen Abos nehmen und bekomme dadurch keine Nachricht über neue Antworten. Das Verschwinden der Symptome bedeutet nicht, dass dein System schon sauber ist

motzerrobo · 26.03.2012, 00:26

Hey Marius tut mir leid war das Wochenede nicht zu Hause.

Also Malware scan erneut durchgeführt und alles entfernt und hier die ESET File

[code]
C:\Documents and Settings\motzer\AppData\Local\temp\mor.exe Win32/Injector.PKD trojan
C:\Users\motzer\AppData\Local\temp\mor.exe Win32/Injector.PKD trojan
C:\_OTL\MovedFiles\03192012_192551\C_Users\motzer\AppData\Roaming\appconf32.exe a variant of Win32/Kryptik.ACVS trojan
C:\_OTL\MovedFiles\03192012_192551\C_Users\motzer\AppData\Roaming\07016\components\AcroFF.dll probably a variant of Win32/Spy.Banker.WZJ trojan
[/code}

mfg motzer

Psychotic · 26.03.2012, 08:13

Schritt 1: Adobe Flash Player update

Dein Flash-Player ist veraltet. Da gerade diese Software gerne von Schädlingen als Sprungbrett ins System genutzt wird, muss sie immer aktuell gehalten werden.
Um den Flash Player zu aktualisieren, gehe bitte wie folgt vor:

Lade dir den aktuellen Adobe Flash Player von hier herunter. Wichtig: Entferne den Haken für optionale Software (z.B. Google Chrome), der auf der Seite angezeigt wird, bevor du auf "Jetzt herunterladen" klickst.
Starte das Setup und folge den Anweisungen auf dem Bildschirm.
Melde dich umgehend, falls Schwierigkeiten auftreten.

Schritt 2: Java update

Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.

Downloade dir bitte die neueste Java-Version von hier
Speichere die jxpiinstall.exe
Schließe alle laufenden Programme. Speziell deinen Browser.
Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 6 Update 30 ) herunter laden.
Wenn die installation beendet wurde
Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.

Nach dem Neustart

Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
Klicke auf Dateien löschen....
Gehe sicher das überall ein Hacken gesetzt ist und klicke OK.
Klicke erneut OK.

Schritt 3: Mozilla Firefox update

Dein Firefox-Browser ist veraltet. Gehe wie folgt vor, um ihn zu aktualisieren:

Lade dir den aktuellen Firefox von hier herunter.
Starte das Setup und folge den Anweisungen auf dem Bildschirm.
Drücke die Windows- und die R-Taste, gib im folgenden Fenster appwiz.cpl ein und klicke auf OK.
Entferne alle älteren Firefox-Versionen.
Melde dich umgehend, falls Schwierigkeiten auftreten.

Schritt 4: VLC-Player update

Dein VLC-Player ist veraltet. Um ihn zu aktualisieren, gehe bitte wie folgt vor:

Lade dir den aktuellen Player von hier]VLC media player - Browse Files at SourceForge.net herunter.
Starte das Setup und folge den Anweisungen auf dem Bildschrim. Setup wird die alte Version des Players erkennen und dich fragen, ob vor der Installation die alte Version entfernt werden soll. Bestätige dies mit Ja.
Nachdem die alte Version des Programms entfernt wurde, startet die Neuinstallation. Belasse alles bei den vorgegebenen Werten - es sei denn, du willst daran etwas ändern (z.B. die Dateizuordnung o.ä.).
Melde dich umgehend, falls Schwierigkeiten auftreten.

Schritt 5: TFC

Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.

Macht der Rechner noch Probleme?

motzerrobo · 27.03.2012, 18:42

Okay alles erledigt.

Rechner scheint keine Mucken mehr zu machen.

Ich danke Dir vielmals für die lange ausdauernde kompetente Hilfe !

mfg motzer

Psychotic · 27.03.2012, 19:20

Mach noch ein letztes ESET!

ESET

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

19.03.2012, 00:13	#18
Psychotic /// Malwareteam	Weiterleitung nach google Suche + amazon Daten ausgepäht Alles klar, melde mich morgen früh! warte ab und führe keine anderen Tools aus! __________________ __________________

Weiterleitung nach google Suche + amazon Daten ausgepäht

Log-Analyse und Auswertung: Weiterleitung nach google Suche + amazon Daten ausgepäht