Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: System aus Sicherheisgründen gesperrt OTL Logfiles

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 14.05.2012, 10:42   #1
user_
 
System aus Sicherheisgründen gesperrt OTL Logfiles - Standard

System aus Sicherheisgründen gesperrt OTL Logfiles



Hallo,
jetzt hat es mich auch erwischt. Beim Surven auf einer (vermeindlich) seriösen Internetseite habe ich mir den Virus eingefangen, welcher meinen Benutzer sperrt und die o.g. Nachricht bei der Anmeldung ausgibt.

Ich habe mich an bestehenden Anleitungen orientiert und im Abgesicherten Modus einen benutzerdefinierten Quick Scan mit OTL durchgeführt:
Dazu habe folgenden Text bei Benutzerdefinierten Scan eingetragen:


Code:
ATTFilter
 activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
Hier die erstellte Antwort (OTL.txt):

Code:
ATTFilter
OTL logfile created on: 5/14/2012 11:19:17 AM - Run 3
OTL by OldTimer - Version 3.2.43.0     Folder = E:\Tools\virenscanner
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7.94 Gb Total Physical Memory | 7.12 Gb Available Physical Memory | 89.69% Memory free
15.88 Gb Paging File | 15.10 Gb Available in Paging File | 95.06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 101.43 Gb Total Space | 5.41 Gb Free Space | 5.34% Space Free | Partition Type: NTFS
Drive E: | 931.51 Gb Total Space | 520.86 Gb Free Space | 55.92% Space Free | Partition Type: NTFS
Drive F: | 237.64 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive K: | 930.91 Gb Total Space | 430.87 Gb Free Space | 46.29% Space Free | Partition Type: NTFS
 
Computer Name: ENG_11 | User Name: THG | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/05/14 10:43:56 | 000,595,456 | ---- | M] (OldTimer Tools) -- E:\Tools\virenscanner\OTL.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2012/03/12 17:18:04 | 000,204,792 | ---- | M] (Nitro PDF Software) [Auto | Stopped] -- C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe -- (NitroReaderDriverReadSpool2)
SRV:64bit: - [2011/09/09 10:46:10 | 001,315,592 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2010/11/08 13:38:40 | 000,063,648 | ---- | M] (National Instruments Corporation) [Disabled | Stopped] -- C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe -- (NIApplicationWebServer64) NI Application Web Server (64-bit)
SRV:64bit: - [2010/01/20 00:59:12 | 000,087,336 | ---- | M] (Dassault Systèmes SolidWorks Corp.) [On_Demand | Stopped] -- C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe -- (CoordinatorServiceHost)
SRV:64bit: - [2009/11/23 20:31:22 | 000,093,992 | ---- | M] (Mentor Graphics Corporation) [On_Demand | Stopped] -- C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe -- (Remote Solver for Flow Simulation 2010)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/04/21 12:59:08 | 002,869,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Auto | Stopped] -- C:\Windows\SysNative\hasplms.exe -- (hasplms)
SRV - [2012/05/09 18:11:39 | 000,232,472 | ---- | M] (Sophos Plc) [Auto | Stopped] -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service)
SRV - [2012/05/07 09:19:05 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/03/16 10:30:08 | 001,543,704 | ---- | M] (Sophos Plc) [Auto | Stopped] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe -- (swi_service)
SRV - [2011/09/09 10:48:21 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/09/09 10:46:10 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2011/09/09 09:22:20 | 000,097,520 | ---- | M] (Sophos Plc) [Auto | Stopped] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService)
SRV - [2011/09/09 09:22:15 | 000,163,056 | ---- | M] (Sophos Plc) [Auto | Stopped] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService)
SRV - [2011/09/09 09:22:11 | 000,806,912 | ---- | M] (Sophos Plc) [Auto | Stopped] -- C:\Program Files (x86)\Sophos\Remote Management System\RouterNT.exe -- (Sophos Message Router)
SRV - [2011/09/09 09:22:10 | 000,282,624 | ---- | M] (Sophos Plc) [Auto | Stopped] -- C:\Program Files (x86)\Sophos\Remote Management System\ManagementAgentNT.exe -- (Sophos Agent)
SRV - [2011/07/07 19:43:20 | 000,018,584 | ---- | M] (National Instruments Corporation) [Auto | Stopped] -- C:\Windows\SysWOW64\nipxism.exe -- (nipxirmu)
SRV - [2011/06/14 17:57:10 | 000,012,696 | ---- | M] (National Instruments Corporation) [Auto | Stopped] -- C:\Program Files (x86)\National Instruments\MAX\nimxs.exe -- (mxssvr)
SRV - [2011/06/10 14:11:20 | 000,121,032 | ---- | M] (National Instruments Corporation) [Auto | Stopped] -- C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe -- (NINetworkDiscovery)
SRV - [2011/06/01 16:32:14 | 000,194,224 | ---- | M] (National Instruments Corporation) [Auto | Stopped] -- C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe -- (nimDNSResponder)
SRV - [2011/05/27 13:44:20 | 000,050,328 | ---- | M] (National Instruments Corporation) [Auto | Stopped] -- C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe -- (niSvcLoc)
SRV - [2011/04/28 19:58:20 | 001,423,264 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\MPI-RT\4.0.2.005\em64t\bin\smpd.exe -- (impi_smpd) Intel(R)
SRV - [2011/03/25 23:26:46 | 000,334,448 | ---- | M] (VMware, Inc.) [Auto | Stopped] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2011/03/25 23:26:28 | 000,404,080 | ---- | M] (VMware, Inc.) [Auto | Stopped] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2011/03/25 23:26:16 | 000,113,264 | ---- | M] (VMware, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2011/03/25 22:27:40 | 000,539,248 | ---- | M] (VMware, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2010/11/18 14:52:30 | 000,439,808 | ---- | M] (Conexant Systems, Inc.) [Auto | Stopped] -- C:\Windows\SysWOW64\SASrv.exe -- (SAService)
SRV - [2010/11/17 14:26:10 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010/11/17 14:26:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010/11/16 11:06:24 | 000,361,080 | ---- | M] (National Instruments Corporation) [Auto | Stopped] -- C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe -- (NIDomainService)
SRV - [2010/11/16 11:02:42 | 000,055,928 | ---- | M] (National Instruments Corporation) [Auto | Stopped] -- C:\Windows\SysWOW64\lktsrv.exe -- (lkTimeSync)
SRV - [2010/11/16 10:48:32 | 000,045,168 | ---- | M] (National Instruments Corporation) [Auto | Stopped] -- C:\Windows\SysWOW64\lkads.exe -- (lkClassAds)
SRV - [2010/11/08 13:38:18 | 000,047,776 | ---- | M] (National Instruments Corporation) [Auto | Stopped] -- C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe -- (NIApplicationWebServer)
SRV - [2010/10/20 13:59:28 | 000,752,304 | ---- | M] (National Instruments Corporation) [Auto | Stopped] -- C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe -- (NITaggerService)
SRV - [2010/09/30 10:22:54 | 000,695,136 | ---- | M] (National Instruments, Inc.) [Auto | Stopped] -- C:\Windows\SysWOW64\lkcitdl.exe -- (LkCitadelServer)
SRV - [2010/08/19 13:57:14 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe -- (ufad-ws60)
SRV - [2010/08/02 10:00:00 | 001,427,688 | ---- | M] (Macrovision Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe -- (NILM License Manager)
SRV - [2010/06/23 13:14:54 | 000,131,776 | ---- | M] (National Instruments Corporation) [Auto | Stopped] -- C:\Program Files (x86)\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe -- (niLXIDiscovery)
SRV - [2010/03/24 15:23:06 | 000,012,696 | ---- | M] (National Instruments Corporation) [Auto | Stopped] -- C:\Windows\SysWOW64\nipalsm.exe -- (nidevldu)
SRV - [2010/03/18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/03 10:26:34 | 000,098,304 | ---- | M] (OPC Foundation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Opcenum.exe -- (OpcEnum)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/09/09 09:22:30 | 000,025,592 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdcfilter.sys -- (sdcfilter)
DRV:64bit: - [2011/09/09 09:22:25 | 000,142,328 | ---- | M] (Sophos Plc) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\savonaccess.sys -- (SAVOnAccess)
DRV:64bit: - [2011/09/09 09:22:14 | 000,025,608 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\SophosBootDriver.sys -- (SophosBootDriver)
DRV:64bit: - [2011/08/22 23:19:22 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/08/22 23:19:22 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/07/21 17:50:46 | 000,011,384 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb6xxxkw.sys -- (usb6xxxkw)
DRV:64bit: - [2011/07/20 11:21:08 | 000,012,936 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\niswdkl.sys -- (niswdk)
DRV:64bit: - [2011/07/19 18:13:24 | 000,012,968 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\niufurkl.sys -- (niufurk)
DRV:64bit: - [2011/07/19 17:16:32 | 000,012,944 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nixsrkl.sys -- (nixsrk)
DRV:64bit: - [2011/07/19 16:45:04 | 000,012,944 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\niemrkl.sys -- (niemrk)
DRV:64bit: - [2011/07/19 16:45:02 | 000,012,432 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\niemrkw.sys -- (niemrkw)
DRV:64bit: - [2011/07/19 02:36:48 | 000,012,952 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nidsarkl.sys -- (nidsark)
DRV:64bit: - [2011/07/19 02:13:04 | 000,012,944 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nicsrkl.sys -- (nicsrk)
DRV:64bit: - [2011/07/19 01:36:46 | 000,012,936 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\niraptrkl.sys -- (niraptrk)
DRV:64bit: - [2011/07/19 01:21:24 | 000,012,936 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nicondrkl.sys -- (nicondrk)
DRV:64bit: - [2011/07/19 01:05:22 | 000,012,976 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nicmrkl.sys -- (nicmrk)
DRV:64bit: - [2011/07/18 22:22:18 | 000,012,944 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\niwfrkl.sys -- (niwfrk)
DRV:64bit: - [2011/07/18 22:07:10 | 000,012,944 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nissrkl.sys -- (nissrk)
DRV:64bit: - [2011/07/18 21:44:42 | 000,012,944 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\niesrkl.sys -- (niesrk)
DRV:64bit: - [2011/07/18 21:22:34 | 000,012,936 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nistc3rkl.sys -- (nistc3rk)
DRV:64bit: - [2011/07/18 21:01:56 | 000,012,960 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nisdigkl.sys -- (nisdigk)
DRV:64bit: - [2011/07/18 20:46:56 | 000,012,968 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nitiorkl.sys -- (nitiork)
DRV:64bit: - [2011/07/18 20:33:10 | 000,012,968 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nistcrkl.sys -- (nistcrk)
DRV:64bit: - [2011/07/18 20:15:36 | 000,012,952 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nicdcckl.sys -- (nicdcck)
DRV:64bit: - [2011/07/12 17:28:56 | 000,012,960 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nifslkl.sys -- (nifslk)
DRV:64bit: - [2011/07/12 17:09:12 | 000,013,000 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nimsdrkl.sys -- (nimsdrk)
DRV:64bit: - [2011/07/12 16:11:34 | 000,012,944 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nidmxfkl.sys -- (nidmxfk)
DRV:64bit: - [2011/07/12 15:39:40 | 000,012,976 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nimxpkl.sys -- (nimxpk)
DRV:64bit: - [2011/07/12 15:37:02 | 000,012,968 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nimstskl.sys -- (nimstsk)
DRV:64bit: - [2011/07/08 06:05:06 | 000,012,952 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nisftkl.sys -- (nisftk)
DRV:64bit: - [2011/07/07 20:03:46 | 000,022,680 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nipxigpk.sys -- (nipxigpk)
DRV:64bit: - [2011/07/07 19:49:54 | 000,012,952 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\nipxirmkl.sys -- (nipxirmk)
DRV:64bit: - [2011/07/01 15:50:34 | 000,012,968 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nimru2kl.sys -- (nimru2k)
DRV:64bit: - [2011/07/01 15:29:02 | 000,012,952 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nimxdfkl.sys -- (nimxdfk)
DRV:64bit: - [2011/07/01 14:54:40 | 000,012,968 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nidimkl.sys -- (nidimk)
DRV:64bit: - [2011/07/01 14:40:12 | 000,012,960 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nimdbgkl.sys -- (nimdbgk)
DRV:64bit: - [2011/07/01 14:21:04 | 000,012,952 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\niorbkl.sys -- (niorbk)
DRV:64bit: - [2011/06/29 13:50:00 | 000,012,992 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nipalfwedl.sys -- (nipalfwedl)
DRV:64bit: - [2011/06/29 13:48:26 | 000,012,992 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nipalusbedl.sys -- (nipalusbedl)
DRV:64bit: - [2011/06/29 13:39:18 | 000,914,072 | ---- | M] (National Instruments Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\nipalk.sys -- (NIPALK)
DRV:64bit: - [2011/06/23 10:39:52 | 000,341,680 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) Intel(R)
DRV:64bit: - [2011/05/17 06:04:26 | 000,012,968 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ninshsdkl.sys -- (ninshsdk)
DRV:64bit: - [2011/05/11 14:43:46 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/04/13 09:53:42 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2011/04/08 18:21:10 | 000,026,704 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ni1065k.sys -- (ni1065k)
DRV:64bit: - [2011/04/08 18:21:08 | 000,011,856 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ni1045kl.sys -- (ni1045k)
DRV:64bit: - [2011/04/08 18:21:06 | 000,054,424 | ---- | M] (National Instruments Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\nipxibrc.sys -- (nipxibrc)
DRV:64bit: - [2011/04/08 18:21:06 | 000,030,800 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ni1006k.sys -- (ni1006k)
DRV:64bit: - [2011/04/08 18:21:04 | 000,082,568 | ---- | M] (National Instruments Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\nipxibaf.sys -- (nipxibaf)
DRV:64bit: - [2011/03/25 23:27:36 | 000,068,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2011/03/25 23:27:34 | 000,081,008 | ---- | M] (VMware, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2011/03/25 23:27:28 | 000,030,832 | ---- | M] (VMware, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\VMparport.sys -- (VMparport)
DRV:64bit: - [2011/03/25 23:25:46 | 000,031,856 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2011/03/25 23:25:34 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2011/03/25 22:27:36 | 000,038,512 | ---- | M] (VMware, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2011/03/25 20:05:00 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb)
DRV:64bit: - [2011/03/25 20:04:58 | 000,045,104 | ---- | M] (VMware, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2011/03/25 20:04:58 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2011/03/10 13:15:04 | 001,576,576 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011/01/15 18:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010/12/17 00:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/11/21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/27 08:57:46 | 000,131,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010/10/19 17:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010/08/12 21:36:20 | 000,011,864 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nicdrkl.sys -- (nicdrk)
DRV:64bit: - [2010/07/12 21:54:06 | 000,012,984 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nispdkl.sys -- (nispdk)
DRV:64bit: - [2010/07/12 21:42:36 | 000,012,984 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\niscdkl.sys -- (niscdk)
DRV:64bit: - [2010/06/23 10:05:30 | 000,011,944 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\NiViPxiKl.sys -- (NiViPxiK)
DRV:64bit: - [2010/06/23 10:04:04 | 000,011,944 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NiViPciKl.sys -- (NiViPciK)
DRV:64bit: - [2010/06/15 17:15:46 | 000,038,064 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\niede.sys -- (NIEthernetDeviceEnumerator)
DRV:64bit: - [2010/03/24 12:27:44 | 000,016,984 | ---- | M] (National Instruments Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\nipbcfk.sys -- (nipbcfk)
DRV:64bit: - [2010/02/24 11:10:18 | 000,181,248 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/02/24 11:10:16 | 000,078,336 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/07/14 01:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/13 11:55:38 | 000,318,464 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\hardlock.sys -- (hardlock)
DRV:64bit: - [2009/01/08 11:55:04 | 000,129,280 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\aksfridge.sys -- (aksfridge)
DRV:64bit: - [2009/01/05 10:19:30 | 000,011,824 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nistc2kl.sys -- (nistc2k)
DRV:64bit: - [2008/12/18 09:13:26 | 000,032,336 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\eusk2par-amd64.sys -- (eusk2par)
DRV:64bit: - [2008/12/05 16:21:30 | 000,025,224 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvalarmk.sys -- (lvalarmk)
DRV:64bit: - [2008/02/11 16:57:10 | 000,070,272 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\aksdf.sys -- (aksdf)
DRV - [2010/08/19 13:56:38 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Stopped] -- C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {180183D3-9E6F-4825-B380-643775B96230}
IE:64bit: - HKLM\..\SearchScopes\{180183D3-9E6F-4825-B380-643775B96230}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSG
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {180183D3-9E6F-4825-B380-643775B96230}
IE - HKLM\..\SearchScopes\{180183D3-9E6F-4825-B380-643775B96230}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSG
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-478302627-315377797-3688634032-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ts.fujitsu.com
IE - HKU\S-1-5-21-478302627-315377797-3688634032-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-478302627-315377797-3688634032-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-478302627-315377797-3688634032-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ts.fujitsu.com
IE - HKU\S-1-5-21-478302627-315377797-3688634032-1000\..\SearchScopes,DefaultScope = {180183D3-9E6F-4825-B380-643775B96230}
IE - HKU\S-1-5-21-478302627-315377797-3688634032-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-478302627-315377797-3688634032-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ts.fujitsu.com
IE - HKU\S-1-5-21-478302627-315377797-3688634032-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-478302627-315377797-3688634032-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-478302627-315377797-3688634032-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ts.fujitsu.com/
IE - HKU\S-1-5-21-478302627-315377797-3688634032-1001\..\SearchScopes,DefaultScope = {180183D3-9E6F-4825-B380-643775B96230}
IE - HKU\S-1-5-21-478302627-315377797-3688634032-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-478302627-315377797-3688634032-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@autodesk.com/DWF: C:\Program Files (x86)\Autodesk\Autodesk Design Review Browser Add-on v1.2\npADRdwf.dll (Autodesk)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/21 17:21:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/11 15:18:58 | 000,000,000 | ---D | M]
 
[2011/09/09 08:15:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\THG\AppData\Roaming\mozilla\Extensions
[2012/03/21 17:21:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012/03/21 17:21:46 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/06/09 18:05:10 | 000,025,088 | ---- | M] (National Instruments) -- C:\Program Files (x86)\mozilla firefox\plugins\nplv2010win32.dll
[2009/10/22 09:28:40 | 000,028,448 | ---- | M] (National Instruments) -- C:\Program Files (x86)\mozilla firefox\plugins\NPLV82Win32.dll
[2007/07/24 19:03:42 | 000,023,040 | ---- | M] (National Instruments) -- C:\Program Files (x86)\mozilla firefox\plugins\nplv85win32.dll
[2008/12/10 14:49:34 | 000,023,040 | ---- | M] (National Instruments) -- C:\Program Files (x86)\mozilla firefox\plugins\nplv86win32.dll
[2010/10/19 18:15:20 | 000,025,088 | ---- | M] (National Instruments) -- C:\Program Files (x86)\mozilla firefox\plugins\nplv90win32.dll
[2011/07/11 23:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012/03/21 17:21:45 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/03/21 17:21:45 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/03/21 17:21:45 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/03/21 17:21:45 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/03/21 17:21:45 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/03/21 17:21:45 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SophosBHOX64.dll (Sophos Plc)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Plc)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe (Sophos Plc)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-478302627-315377797-3688634032-1000..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler File not found
O4 - HKU\S-1-5-21-478302627-315377797-3688634032-1001..\Run: [Akamai NetSession Interface] "C:\Users\user\AppData\Local\Akamai\netsession_win.exe" File not found
O4 - HKU\S-1-5-21-478302627-315377797-3688634032-1001..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler File not found
O4 - HKU\S-1-5-21-478302627-315377797-3688634032-1001..\Run: [SkypePM] C:\Users\user\AppData\Local\Skype\SkypePM.exe (ESET)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk =  File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-478302627-315377797-3688634032-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-478302627-315377797-3688634032-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll (National Instruments Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000021 - C:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll (VMware, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll (National Instruments Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D1D1ABD8-FB7E-4FEE-800E-68D1A352F267}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DCAC7F1B-F2D0-4099-90AD-27966232CA8B}: NameServer = 10.25.1.64,10.94.36.170,10.100.1.64
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL) - C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL (Sophos Plc)
O20 - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Plc)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/01/08 11:21:56 | 000,000,091 | R--- | M] () - F:\Autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: BCSSync - hkey= - key= - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: cAudioFilterAgent - hkey= - key= - C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
MsConfig:64bit - StartUpReg: DataFinder - hkey= - key= - C:\Program Files (x86)\National Instruments\Shared\DataFinderDesktop\bin\DataFinder.exe (National Instruments Corporation)
MsConfig:64bit - StartUpReg: DeskUpdateNotifier - hkey= - key= - c:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe (Fujitsu Technology Solutions)
MsConfig:64bit - StartUpReg: IndexSearch - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: NI Update Service - hkey= - key= - C:\Program Files (x86)\National Instruments\Shared\Update Service\NIUpdateService.exe (National Instruments)
MsConfig:64bit - StartUpReg: niDevMon - hkey= - key= - C:\Program Files (x86)\National Instruments\NI-DAQ\HWConfig\nidevmon.exe (National Instruments Corporation)
MsConfig:64bit - StartUpReg: NIRegistrationWizard - hkey= - key= - C:\Program Files (x86)\National Instruments\Shared\RegistrationWizard\Bin\RegistrationWizard.exe ()
MsConfig:64bit - StartUpReg: PaperPort PTD - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: PDF5 Registry Controller - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: PDFHook - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: PPort12reminder - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: SmartAudio - hkey= - key= - C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant Systems, Inc.)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - StartUpReg: VirtualCloneDrive - hkey= - key= - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
MsConfig:64bit - StartUpReg: VMware hqtray - hkey= - key= - C:\Program Files (x86)\VMware\VMware Player\hqtray.exe (VMware, Inc.)
MsConfig:64bit - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1084
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/05/14 10:39:30 | 000,000,000 | ---D | C] -- C:\Users\THG\AppData\Local\Sophos
[2012/05/11 03:01:47 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/05/10 14:02:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraVNC
[2012/05/10 14:02:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UltraVNC
[2012/05/07 14:50:35 | 000,000,000 | ---D | C] -- C:\Users\THG\AppData\Roaming\IPU
[2012/05/07 14:50:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CoolPack
[2012/05/07 14:47:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CoolPack
 
========== Files - Modified Within 30 Days ==========
 
[2012/05/14 11:15:15 | 001,621,618 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/05/14 11:15:15 | 000,699,554 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012/05/14 11:15:15 | 000,654,872 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/05/14 11:15:15 | 000,149,376 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012/05/14 11:15:15 | 000,122,330 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/14 11:00:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/14 11:00:36 | 2101,284,863 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/14 11:00:02 | 000,016,768 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/14 11:00:02 | 000,016,768 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/14 10:39:14 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/14 10:20:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/14 10:19:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/11 03:22:28 | 000,363,368 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/05/10 14:02:41 | 000,000,974 | ---- | M] () -- C:\Users\THG\Desktop\UltraVNC Viewer Directx.lnk
[2012/05/10 14:02:41 | 000,000,954 | ---- | M] () -- C:\Users\THG\Desktop\UltraVNC Viewer.lnk
[2012/05/10 14:02:41 | 000,000,937 | ---- | M] () -- C:\Users\THG\Desktop\UltraVNC Server.lnk
 
========== Files Created - No Company Name ==========
 
[2012/05/10 14:02:41 | 000,000,974 | ---- | C] () -- C:\Users\THG\Desktop\UltraVNC Viewer Directx.lnk
[2012/05/10 14:02:41 | 000,000,954 | ---- | C] () -- C:\Users\THG\Desktop\UltraVNC Viewer.lnk
[2012/05/10 14:02:41 | 000,000,937 | ---- | C] () -- C:\Users\THG\Desktop\UltraVNC Server.lnk
[2012/05/07 14:38:10 | 039,685,325 | ---- | C] () -- \Opel Astra H Service And Repair Manual.pdf
[2012/05/07 13:40:55 | 037,606,996 | ---- | C] () -- \Op.As.H.Se._Re.Man.rar
[2012/05/07 11:32:48 | 000,000,081 | ---- | C] () -- \CTX.DAT
[2012/04/02 16:48:05 | 002,009,049 | ---- | C] () -- \Stadtwerke2.JPG
[2011/10/13 10:00:07 | 001,715,510 | ---- | C] () -- \P1120503.JPG
[2011/10/13 10:00:07 | 000,254,816 | ---- | C] () -- \P1120501.JPG
[2011/09/12 11:29:52 | 000,000,245 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2011/09/12 11:29:52 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2011/09/12 11:28:29 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2011/09/12 11:28:29 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2011/09/12 11:28:18 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2011/09/12 11:28:15 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2011/09/12 07:53:55 | 000,015,840 | ---- | C] () -- C:\Windows\SysWow64\Machnm1.exe
[2011/09/12 07:53:55 | 000,010,760 | ---- | C] () -- C:\Windows\SysWow64\Machnm64.sys
[2011/09/12 07:53:55 | 000,007,432 | ---- | C] () -- C:\Windows\SysWow64\Machnm32.sys
[2011/09/09 10:47:54 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2011/08/02 08:51:32 | 000,040,448 | ---- | C] () -- C:\Windows\REGOBJ.DLL
[2011/07/18 22:30:08 | 000,050,272 | ---- | C] () -- C:\Windows\SysWow64\nispdu.dll
[2011/06/10 13:52:52 | 000,000,244 | ---- | C] () -- C:\Windows\SysWow64\nirpc.ini
[2011/04/15 07:37:26 | 001,598,576 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/07/12 21:44:02 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\niscdrau.dll
 
========== LOP Check ==========
 
[2011/12/22 09:28:29 | 000,000,000 | ---D | M] -- C:\Users\THG\AppData\Roaming\Ansys
[2011/09/12 11:43:31 | 000,000,000 | ---D | M] -- C:\Users\THG\AppData\Roaming\ControlCenter4
[2011/09/13 16:03:06 | 000,000,000 | ---D | M] -- C:\Users\THG\AppData\Roaming\FreePDF
[2011/09/08 16:29:54 | 000,000,000 | ---D | M] -- C:\Users\THG\AppData\Roaming\Fujitsu Launch Center
[2012/05/07 14:50:35 | 000,000,000 | ---D | M] -- C:\Users\THG\AppData\Roaming\IPU
[2011/09/09 08:14:53 | 000,000,000 | ---D | M] -- C:\Users\THG\AppData\Roaming\JabRef 2.7
[2011/09/12 11:22:46 | 000,000,000 | ---D | M] -- C:\Users\THG\AppData\Roaming\Nuance
[2011/12/22 09:56:34 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Ansys
[2011/09/13 11:03:07 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ControlCenter4
[2012/03/20 11:47:09 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DassaultSystemes
[2012/03/22 11:21:35 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Downloaded Installations
[2012/03/20 11:47:34 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\EDrawings
[2012/02/10 11:26:37 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\EndNote
[2011/12/02 09:38:28 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Foxit Software
[2011/09/09 11:30:03 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Fujitsu Launch Center
[2011/11/14 18:08:45 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\InfraRecorder
[2012/05/07 14:47:14 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\IPU
[2012/02/10 14:42:42 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\JabRef 2.7
[2012/04/10 08:34:47 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Nitro PDF
[2011/09/13 15:04:50 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Nuance
[2012/01/25 13:21:52 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\SumatraPDF
[2012/02/07 08:49:49 | 000,032,624 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2011/09/09 11:29:39 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2011/02/11 16:33:09 | 000,000,000 | -HSD | M] -- C:\Boot
[2011/09/12 11:28:34 | 000,000,000 | ---D | M] -- C:\Brother
[2012/05/11 03:22:18 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2009/07/14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011/09/08 16:29:54 | 000,000,000 | ---D | M] -- C:\Fujitsu
[2011/09/08 16:25:18 | 000,000,000 | ---D | M] -- C:\Intel
[2011/09/09 10:12:40 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2011/09/27 07:45:08 | 000,000,000 | ---D | M] -- C:\National Instruments Downloads
[2012/01/31 16:06:35 | 000,000,000 | R--D | M] -- C:\Program Files
[2012/05/10 14:02:33 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012/03/22 11:22:09 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011/02/11 16:39:58 | 000,000,000 | -HSD | M] -- C:\Recovery
[2011/09/09 10:47:17 | 000,000,000 | ---D | M] -- C:\SolidWorks Data
[2012/05/14 07:52:01 | 000,000,000 | ---D | M] -- C:\System Volume Information
[2011/09/09 11:29:37 | 000,000,000 | R--D | M] -- C:\Users
[2012/03/30 08:48:06 | 000,000,000 | ---D | M] -- C:\Windows
[2011/12/06 11:35:27 | 000,000,000 | ---D | M] -- C:\_swagelok_downloads
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< MD5 for: AGP440.SYS  >
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2011/01/27 17:00:23 | 000,030,720 | ---- | M] () MD5=4A69F826D1B20B748DC9B40BCBD46A72 -- C:\Program Files\ANSYS Inc\v140\CFD-Post\tools\perl-5.9.5-vs2k8\site\lib\MSWin32-x86-perlio\auto\Win32\EventLog\EventLog.dll
[2011/01/27 17:00:23 | 000,030,720 | ---- | M] () MD5=4A69F826D1B20B748DC9B40BCBD46A72 -- C:\Program Files\ANSYS Inc\v140\CFX\tools\perl-5.9.5-vs2k8\site\lib\MSWin32-x86-perlio\auto\Win32\EventLog\EventLog.dll
[2011/01/27 17:00:23 | 000,030,720 | ---- | M] () MD5=4A69F826D1B20B748DC9B40BCBD46A72 -- C:\Program Files\ANSYS Inc\v140\TurboGrid\tools\perl-5.9.5-vs2k8\site\lib\MSWin32-x86-perlio\auto\Win32\EventLog\EventLog.dll
[2011/01/27 17:32:58 | 000,022,016 | ---- | M] () MD5=BE362A737DDA240462B4F0AD09F984C4 -- C:\Program Files\ANSYS Inc\v140\CFD-Post\tools\perl-5.9.5-vs2k8\site\lib\MSWin32-x64-perlio\auto\Win32\EventLog\EventLog.dll
[2011/01/27 17:32:58 | 000,022,016 | ---- | M] () MD5=BE362A737DDA240462B4F0AD09F984C4 -- C:\Program Files\ANSYS Inc\v140\CFX\tools\perl-5.9.5-vs2k8\site\lib\MSWin32-x64-perlio\auto\Win32\EventLog\EventLog.dll
[2011/01/27 17:32:58 | 000,022,016 | ---- | M] () MD5=BE362A737DDA240462B4F0AD09F984C4 -- C:\Program Files\ANSYS Inc\v140\TurboGrid\tools\perl-5.9.5-vs2k8\site\lib\MSWin32-x64-perlio\auto\Win32\EventLog\EventLog.dll
 
< MD5 for: EXPLORER.EXE  >
[2011/08/22 23:18:51 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/08/22 23:18:51 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/08/22 23:18:51 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/08/22 23:18:51 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/21 05:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/08/22 23:18:51 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/08/22 23:18:51 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/21 05:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2011/05/11 14:43:46 | 000,557,848 | ---- | M] (Intel Corporation) MD5=26CF4275034214ECEDD8EC17B0A18A99 -- C:\Fujitsu\Driver Pool\AtOnce\009\iaStor.sys
[2011/05/11 14:43:46 | 000,557,848 | ---- | M] (Intel Corporation) MD5=26CF4275034214ECEDD8EC17B0A18A99 -- C:\Windows\SysNative\drivers\iaStor.sys
[2011/05/11 14:43:46 | 000,557,848 | ---- | M] (Intel Corporation) MD5=26CF4275034214ECEDD8EC17B0A18A99 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_16d1c1de1eca8452\iaStor.sys
[2011/05/11 14:43:46 | 000,557,848 | ---- | M] (Intel Corporation) MD5=26CF4275034214ECEDD8EC17B0A18A99 -- C:\Windows\SysNative\DriverStore\FileRepository\iastor.inf_amd64_neutral_08d71942172d4761\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010/11/21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010/11/21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011/08/22 23:19:22 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/08/22 23:19:22 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011/08/22 23:19:22 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011/08/22 23:19:22 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010/11/21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010/11/21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010/11/21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011/08/22 23:19:22 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/08/22 23:19:22 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011/08/22 23:19:22 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/08/22 23:19:22 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010/11/21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010/11/21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010/11/21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010/11/21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010/11/21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010/11/21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010/11/21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010/11/21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009/07/14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2012/01/31 16:06:37 | 000,000,043 | ---- | M] () -- C:\Users\THG\gsview64.ini
[2012/05/14 11:12:18 | 001,310,720 | -HS- | M] () -- C:\Users\THG\NTUSER.DAT
[2012/05/14 11:12:18 | 000,262,144 | -HS- | M] () -- C:\Users\THG\ntuser.dat.LOG1
[2011/09/08 16:28:12 | 000,000,000 | -HS- | M] () -- C:\Users\THG\ntuser.dat.LOG2
[2011/09/08 16:31:56 | 000,065,536 | -HS- | M] () -- C:\Users\THG\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2011/09/08 16:31:56 | 000,524,288 | -HS- | M] () -- C:\Users\THG\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2011/09/08 16:31:56 | 000,524,288 | -HS- | M] () -- C:\Users\THG\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2011/09/12 13:00:00 | 000,065,536 | -HS- | M] () -- C:\Users\THG\NTUSER.DAT{19f28687-dd24-11e0-a13a-001999acf19b}.TM.blf
[2011/09/12 13:00:00 | 000,524,288 | -HS- | M] () -- C:\Users\THG\NTUSER.DAT{19f28687-dd24-11e0-a13a-001999acf19b}.TMContainer00000000000000000001.regtrans-ms
[2011/09/12 13:00:00 | 000,524,288 | -HS- | M] () -- C:\Users\THG\NTUSER.DAT{19f28687-dd24-11e0-a13a-001999acf19b}.TMContainer00000000000000000002.regtrans-ms
[2011/11/24 11:36:55 | 000,065,536 | -HS- | M] () -- C:\Users\THG\NTUSER.DAT{320d4b35-1667-11e1-bebe-005056c00008}.TM.blf
[2011/11/24 11:36:55 | 000,524,288 | -HS- | M] () -- C:\Users\THG\NTUSER.DAT{320d4b35-1667-11e1-bebe-005056c00008}.TMContainer00000000000000000001.regtrans-ms
[2011/11/24 11:36:55 | 000,524,288 | -HS- | M] () -- C:\Users\THG\NTUSER.DAT{320d4b35-1667-11e1-bebe-005056c00008}.TMContainer00000000000000000002.regtrans-ms
[2012/05/14 10:51:17 | 000,065,536 | -HS- | M] () -- C:\Users\THG\NTUSER.DAT{66e19bb7-9d88-11e1-9251-005056c00008}.TM.blf
[2012/05/14 10:51:17 | 000,524,288 | -HS- | M] () -- C:\Users\THG\NTUSER.DAT{66e19bb7-9d88-11e1-9251-005056c00008}.TMContainer00000000000000000001.regtrans-ms
[2012/05/14 10:51:17 | 000,524,288 | -HS- | M] () -- C:\Users\THG\NTUSER.DAT{66e19bb7-9d88-11e1-9251-005056c00008}.TMContainer00000000000000000002.regtrans-ms
[2012/04/02 07:48:56 | 000,065,536 | -HS- | M] () -- C:\Users\THG\NTUSER.DAT{6c2ad112-7c87-11e1-bf34-005056c00008}.TM.blf
[2012/04/02 07:48:56 | 000,524,288 | -HS- | M] () -- C:\Users\THG\NTUSER.DAT{6c2ad112-7c87-11e1-bf34-005056c00008}.TMContainer00000000000000000001.regtrans-ms
[2012/04/02 07:48:56 | 000,524,288 | -HS- | M] () -- C:\Users\THG\NTUSER.DAT{6c2ad112-7c87-11e1-bf34-005056c00008}.TMContainer00000000000000000002.regtrans-ms
[2011/12/02 08:29:31 | 000,065,536 | -HS- | M] () -- C:\Users\THG\NTUSER.DAT{d407e591-1cae-11e1-90ac-005056c00008}.TM.blf
[2011/12/02 08:29:31 | 000,524,288 | -HS- | M] () -- C:\Users\THG\NTUSER.DAT{d407e591-1cae-11e1-90ac-005056c00008}.TMContainer00000000000000000001.regtrans-ms
[2011/12/02 08:29:31 | 000,524,288 | -HS- | M] () -- C:\Users\THG\NTUSER.DAT{d407e591-1cae-11e1-90ac-005056c00008}.TMContainer00000000000000000002.regtrans-ms
[2011/09/28 17:07:07 | 000,065,536 | -HS- | M] () -- C:\Users\THG\NTUSER.DAT{e2284602-e98f-11e0-bf28-001999acf19b}.TM.blf
[2011/09/28 17:07:07 | 000,524,288 | -HS- | M] () -- C:\Users\THG\NTUSER.DAT{e2284602-e98f-11e0-bf28-001999acf19b}.TMContainer00000000000000000001.regtrans-ms
[2011/09/28 17:07:07 | 000,524,288 | -HS- | M] () -- C:\Users\THG\NTUSER.DAT{e2284602-e98f-11e0-bf28-001999acf19b}.TMContainer00000000000000000002.regtrans-ms
[2011/09/08 16:28:12 | 000,000,020 | -HS- | M] () -- C:\Users\THG\ntuser.ini
[2011/09/23 08:04:22 | 000,000,484 | RHS- | M] () -- C:\Users\THG\ntuser.pol
[2011/09/13 12:48:48 | 000,000,000 | ---- | M] () -- C:\Users\THG\Sti_Trace.log
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 312 bytes -> C:\Windows\Temp\ftsmount\mount\0:$WIMMOUNTDATA

< End of report >
         

Ich hoffe Ihr könnt mir weiter helfen.

Danke...

Alt 14.05.2012, 11:34   #2
kira
/// Helfer-Team
 
System aus Sicherheisgründen gesperrt OTL Logfiles - Standard

System aus Sicherheisgründen gesperrt OTL Logfiles



Hallo und Herzlich Willkommen!

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:
Zitat:
  • "Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
    - da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
    - also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
  • Charakteristische Merkmale/Profilinformationen:
    - aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du durch [X] oder Sternchen (*) ersetzen
  • Die Systemprüfung und Bereinigung:
    - kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
  • Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
  • Innerhalb der Betreuungszeit:
    - ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
  • Die Reihenfolge:
    - genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
  • GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
  • Ansonsten unsere Forumsregeln:
    - Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?
  • Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen
Zitat:
Wenn ein System kompromittiert wurde, ist das System nicht mehr vertrauenswürdig
Eine Neuinstallation garantiert die rückstandsfreie Entfernung der Infektion - Lesestoff: "Hilfe: Ich wurde das Opfer eines Hackerangriffs. Was soll ich tun?" - Säubern eines gefährdeten Systems
Falls du doch für die Systemreinigung entscheidest - Ein System zu bereinigen kann ein paar Tage dauern (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst::

Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.
Zitat:
Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)
Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript (also - nach dem "Code", alles was in der Codebox steht!:
Code:
ATTFilter
:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {180183D3-9E6F-4825-B380-643775B96230}
IE:64bit: - HKLM\..\SearchScopes\{180183D3-9E6F-4825-B380-643775B96230}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSG
IE - HKLM\..\SearchScopes,DefaultScope = {180183D3-9E6F-4825-B380-643775B96230}
IE - HKLM\..\SearchScopes\{180183D3-9E6F-4825-B380-643775B96230}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSG
IE - HKU\S-1-5-21-478302627-315377797-3688634032-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ts.fujitsu.com
IE - HKU\S-1-5-21-478302627-315377797-3688634032-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ts.fujitsu.com
IE - HKU\S-1-5-21-478302627-315377797-3688634032-1000\..\SearchScopes,DefaultScope = {180183D3-9E6F-4825-B380-643775B96230}
IE - HKU\S-1-5-21-478302627-315377797-3688634032-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ts.fujitsu.com
IE - HKU\S-1-5-21-478302627-315377797-3688634032-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ts.fujitsu.com/
IE - HKU\S-1-5-21-478302627-315377797-3688634032-1001\..\SearchScopes,DefaultScope = {180183D3-9E6F-4825-B380-643775B96230}
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
[2012/03/21 17:21:45 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/03/21 17:21:45 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/03/21 17:21:45 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/03/21 17:21:45 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/03/21 17:21:45 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKU\S-1-5-21-478302627-315377797-3688634032-1001..\Run: [SkypePM] C:\Users\user\AppData\Local\Skype\SkypePM.exe (ESET)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
@Alternate Data Stream - 312 bytes -> C:\Windows\Temp\ftsmount\mount\0:$WIMMOUNTDATA

:Files
C:\Users\user\AppData\Local\Skype\SkypePM.exe 
ipconfig /flushdns /c

:Commands
[purity]
[emptytemp]
         
  • und füge es hier ein:
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Klick auf .
  • OTL verlangt einen Neustart. Bitte zulassen.
  • Nach dem Neustart findest Du ein Textdokument.
    Kopiere den Inhalt hier in Code-Tags in Deinen Thread.

2.
Lade Dir Malwarebytes Anti-Malware Lade Dir Malwarebytes Anti-Malware von hier herunter
  • Installieren und per Doppelklick starten.
  • Deutsch einstellen und gleich mal die Datenbanken zu aktualisieren - online updaten
  • "Komplett Scan durchführen" wählen (überall Haken setzen)
  • wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
  • Alle Funde - falls MBAM meldet in C:\System Volume Information - den Haken bitte entfernen - markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
  • Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"
eine bebilderte Anleitung findest Du hier: Anleitung

3.
Hast Du absichtlich die IP so als Proxy eingestellt?
Code:
ATTFilter
IE - HKU\S-1-5-21-478302627-315377797-3688634032-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
         
Wenn ja, warum? Wenn nein:
wenn du keinen Proxyserver lokal installiert hast, nimm die Proxyeinstellungen aus den Interneteinstellungen raus
im Internet Explorer:
Extras => Internetoptionen => Verbindungen => Lan-Einstellungen
Haken bei Proxyserver für LAN verwenden und Proxyserver für lokale Adressen umgehen entfernen.

4.
Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:
  • Download den CCleaner herunter
  • Software-Lizenzvereinbarung lesen, falls irgendeine Toolbar angeboten wird, bitte abwählen!-> starten -> Falls nötig, auf "Deutsch" einstellen.
  • starten-> klick auf `Extras` (um auf deinem System installierte Software zu anzeigen)-> dann auf `Als Textdatei speichern...`
  • ein Textdatei wird automatisch erstellt, poste auch dieses Logfile (also die Liste alle installierten Programme...eine Textdatei)

5.
erneut einen Scan mit OTL:
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

Zitat:
Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B OTL-Logfile o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw
gruß
kira
__________________

__________________

Alt 14.05.2012, 13:55   #3
user_
 
System aus Sicherheisgründen gesperrt OTL Logfiles - Standard

System aus Sicherheisgründen gesperrt OTL Logfiles



Vielen Dank für deine Antwort,
ich habe dein Skript ausgeführt und kann jetzt wieder auf mein Nutzerkonto zugreifen.
zu2.:
hier ist das log-file von MBAM:
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.14.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
THG :: ENG_11 [Administrator]

Schutz: Aktiviert

14.05.2012 13:22:42
mbam-log-2012-05-14 (13-22-42).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 610488
Laufzeit: 55 Minute(n), 9 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
E:\$RECYCLE.BIN\S-1-5-21-478302627-315377797-3688634032-1001\$RXYPAIV.exe (PUP.Netcat) -> Erfolgreich gelöscht und in Quarantäne gestellt.
E:\FRITZ!Box\voip.exe (Spyware.Password) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
zu3.: Die von dir angesprochenen Einstallungen habe ich so auch nicht vorgenommen. Wenn ich deinen Pfad folge, sind die Einstallungen auch korrekt...

zu 4.:
Die gewünschte Datei:
Code:
ATTFilter
7-Zip 9.20 (x64 edition)	Igor Pavlov	07.09.2011	4,53MB	9.20.00.0
Adobe Flash Player 11 ActiveX 64-bit	Adobe Systems Incorporated	06.05.2012	6,00MB	11.2.202.235
Adobe Flash Player 11 Plugin 64-bit	Adobe Systems Incorporated	06.05.2012	6,00MB	11.2.202.235
Adobe Reader X (10.1.3) - Deutsch	Adobe Systems Incorporated	10.04.2012	150,7MB	10.1.3
Apache FOP 0.20.5	Altova	11.09.2011	10,3MB	0.20.5100
Autodesk Design Review 2012	Autodesk, Inc.	30.11.2011		12.0.0.98
Autodesk Design Review Browser Add-on v1.2 	Autodesk	30.11.2011	0,31MB	1.2.0
Brother MFL-Pro Suite MFC-7360N	Brother Industries, Ltd.	11.09.2011		1.0.0.0
CCleaner	Piriform	13.05.2012		3.18
Conexant HD Audio	Conexant	08.09.2011		8.32.26.0
CoolPack		06.05.2012		
DeskUpdate 4.11	Fujitsu Technology Solutions	07.09.2011	3,25MB	4.11.0074
FreePDF (Remove only)		12.09.2011		
Google Earth Plug-in	Google	15.12.2011	40,9MB	6.1.0.5001
GPL Ghostscript	Artifex Software Inc.	12.09.2011		9.04
GSview 5.0	Ghostgum Software Pty Ltd	30.01.2012		5.0
InfraRecorder 0.52 (x64 edition)	Christian Kindahl	08.09.2011	9,93MB	0.52.00.00
Intel(R) Management Engine Components	Intel Corporation	08.09.2011		7.0.0.1144
Intel(R) MPI Library Runtime Environment 4.0 Update 2 for Windows* OS	Intel Corporation	21.12.2011	61,4MB	4.0.2.005
IVI Shared Components		25.09.2011		
Java(TM) 6 Update 21 (64-bit)	Oracle	11.09.2011	90,5MB	6.0.210
Java(TM) 6 Update 27	Oracle	11.09.2011	95,0MB	6.0.270
Java(TM) 7 (64-bit)	Oracle	08.09.2011	93,3MB	7.0.0
Malwarebytes Anti-Malware Version 1.61.0.1400	Malwarebytes Corporation	13.05.2012	18,0MB	1.61.0.1400
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	14.04.2011	38,8MB	4.0.30319
Microsoft .NET Framework 4 Extended	Microsoft Corporation	14.04.2011	52,0MB	4.0.30319
Microsoft Office 2003 Web Components	Microsoft Corporation	10.05.2012	78,5MB	12.0.6213.1000
Microsoft Office Professional Plus 2010	Microsoft Corporation	12.09.2011		14.0.6029.1000
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	08.09.2011	0,29MB	8.0.59193
Microsoft Visual C++ 2005 Redistributable (x64)	Microsoft Corporation	11.09.2011	3,00MB	8.0.61000
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17	Microsoft Corporation	08.09.2011	0,25MB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148	Microsoft Corporation	07.09.2011	0,77MB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161	Microsoft Corporation	08.09.2011	0,77MB	9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	08.09.2011	0,23MB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	07.09.2011	0,58MB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	08.09.2011	0,59MB	9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319	Microsoft Corporation	30.11.2011	11,0MB	10.0.30319
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU	Microsoft Corporation	08.09.2011		
Microsoft Visual Studio 2005 Tools for Applications - ENU	Microsoft Corporation	08.09.2011		
MiKTeX 2.9	MiKTeX.org	23.01.2012		2.9
Mozilla Firefox 11.0 (x86 de)	Mozilla	20.03.2012	36,5MB	11.0
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	11.09.2011	1,28MB	4.20.9870.0
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	11.09.2011	1,33MB	4.20.9876.0
MSXML 4.0 SP3 Parser	Microsoft Corporation	11.09.2011	1,48MB	4.30.2100.0
MSXML 4.0 SP3 Parser (KB973685)	Microsoft Corporation	12.09.2011	1,53MB	4.30.2107.0
National Instruments - Software	National Instruments	26.09.2011		
NEC Electronics USB 3.0 Host Controller Driver	NEC Electronics Corporation	07.09.2011	1,02MB	1.0.20.0
Nitro Reader 2	Nitro PDF Software	21.03.2012	109,4MB	2.3.1.1
NVIDIA Display Control Panel	NVIDIA Corporation	08.09.2011	135,0MB	6.14.12.5957
NVIDIA Drivers	NVIDIA Corporation	08.09.2011	65,1MB	1.10.62.40
NVIDIA Grafiktreiber 275.33	NVIDIA Corporation	11.09.2011		275.33
NVIDIA nView 135.85	NVIDIA Corporation	11.09.2011		135.85
OpenProj	Serena Software Inc.	07.09.2011	7,15MB	1.4.0
Phase 5 HTML-Editor	Systemberatung Schommer	21.12.2011	3,72MB	5.6.2.3
RedMon - Redirection Port Monitor		12.09.2011		
ResearchSoft Direct Export Helper		09.02.2012		
SolidWorks 2010 x64 Edition SP02.1	SolidWorks Corporation	08.09.2011		18.2.1.12
Sophos Anti-Virus	Sophos Plc	08.05.2012	23,6MB	9.5.6
Sophos AutoUpdate	Sophos Plc	08.05.2012	8,82MB	2.5.13
Sophos Remote Management System	Sophos Plc	08.09.2011	8,26MB	3.2.0
SRWare Iron 14.0.850.0	SRWare	26.10.2011	74,3MB	
TeXnicCenter Version 1.0 Stable RC1	TeXnicCenter.org	23.01.2012		Version 1.0 Stable RC1
TeXnicCenter Version 2.0 Alpha 3	The TeXnicCenter Team	25.01.2012		2.0 Alpha 3
Trace Software - EUTRON SmartKey® Driver	Trace Software	11.09.2011		1.0.5
Trace Software - HASP Key Driver	Trace Software	11.09.2011		1.0.2
TraceParts Application		11.09.2011		
TraceParts Catalogs		11.09.2011		
UltraVNC 1.0.6.4	1.0.6.4	09.05.2012		1.0.6.4
Universal Library™ for LabVIEW™	Measurement Computing Corp.	26.09.2011	9,18MB	7.1.2
VirtualCloneDrive	Elaborate Bytes	29.09.2011		
VISA Shared Components 64-Bit		25.09.2011		
VMware Player	VMware, Inc	29.09.2011	391MB	3.1.4.16648
Winamp	Nullsoft, Inc	22.09.2011		5.621 
Winamp Erkennungs-Plug-in	Nullsoft, Inc	22.09.2011	75,00KB	1.0.0.1
WinDirStat 1.1.2		21.12.2011		
Windows Media Player Firefox Plugin	Microsoft Corp	02.11.2011	0,29MB	1.0.0.8
         
weiter in Post Nr. 2....

der Rest:
Zu 5.: wurde erledigt.
Extras.otl:
Code:
ATTFilter
OTL Extras logfile created on: 5/14/2012 2:37:23 PM - Run 4
OTL by OldTimer - Version 3.2.43.0     Folder = E:\Tools\virenscanner
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7.94 Gb Total Physical Memory | 6.03 Gb Available Physical Memory | 75.89% Memory free
15.88 Gb Paging File | 13.88 Gb Available in Paging File | 87.41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 101.43 Gb Total Space | 16.48 Gb Free Space | 16.24% Space Free | Partition Type: NTFS
Drive E: | 931.51 Gb Total Space | 520.85 Gb Free Space | 55.91% Space Free | Partition Type: NTFS
Drive F: | 237.64 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive K: | 930.91 Gb Total Space | 430.87 Gb Free Space | 46.29% Space Free | Partition Type: NTFS
 
Computer Name: ENG_11 | User Name: THG | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromiumHTML] -- "E:\Tools\Browser\Iron\IronPortable\Iron\Iron.exe" -- "%1"
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"" = 
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{061E585E-5065-4B40-A3A7-9045591B6C8B}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{40F719D8-2B6F-4BB2-B0C4-08337FF9C32E}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{4874F940-95C1-475A-80FF-BAC59DF725C7}" = lport=5900 | protocol=6 | dir=in | name=vnc5900 | 
"{53B5EC25-ED02-4C08-A367-A5706D3936FD}" = lport=5800 | protocol=6 | dir=in | name=vnc5800 | 
"{9BE8A573-8C9B-43AA-8FB8-A0F612D5D3FF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A26343CA-1A15-4B2A-9871-74D36F302BF2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{AF8FCD9C-EF83-4D26-A7C8-489149FBBF34}" = lport=1947 | protocol=17 | dir=in | name=hasp srm  | 
"{B24F41B3-9B6E-42B0-BD92-3662322FDC2D}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner | 
"{B619F8DF-F0D9-4222-9E65-6465E6D7D10F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B6D216CE-8B2A-40E9-8957-9D01139CC535}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{BC553161-CF08-4DF8-8BB0-08480D2F652D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{BD408C80-58A4-4591-9D2C-FF62C76ED4E1}" = lport=5800 | protocol=6 | dir=in | name=vnc5800 | 
"{C2E33A85-92C3-4E03-8EF0-8A7D0082188C}" = lport=1947 | protocol=6 | dir=in | name=hasp srm  | 
"{E5AF5A55-5CDB-4975-9DF3-5A0B135DDFA4}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{E8FEBC53-E1E9-43E3-B4D6-1E9E26CF792B}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{F2229682-FFF1-470B-B0E0-557C1B9347A8}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{F2EBAE98-6223-40BC-B884-DD7367623E97}" = lport=5900 | protocol=6 | dir=in | name=vnc5900 | 
"{F6071C1C-E66C-46EA-9256-1781229D023B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04EB83B4-F86A-4F2C-B150-607FA734115E}" = protocol=6 | dir=in | app=c:\program files\solidworks corp\solidworks\swscheduler\dtscoordinatorservice.exe | 
"{05160252-62ED-49E4-A8A3-4FC8D0BDF20C}" = protocol=6 | dir=in | app=c:\program files\ansys inc\v140\fluent\fluent14.0.0\win64\3d_node\fl_mpi1400.exe | 
"{09D92B05-0A27-49F4-8DC8-DC2CF0383E9E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{0F53E6FC-9DD8-42C5-9482-4FB0F93055C1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{129D7D39-449D-4D00-B3C9-3D96770B67F1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{14B18FBC-3A4D-4946-B603-EF17E375126A}" = protocol=6 | dir=in | app=c:\program files (x86)\ultravnc\vncviewer.exe | 
"{16110D97-FEC9-4742-8A59-F6317D8D617B}" = protocol=6 | dir=in | app=c:\program files\ansys inc\v140\fluent\fluent14.0.0\cortex\win64\cx1400.exe | 
"{18E53443-2508-4678-98AD-D3F86561C1F7}" = protocol=17 | dir=in | app=c:\program files\ansys inc\v140\fluent\fluent14.0.0\win64\3ddp_host\fl1400.exe | 
"{1CE14060-D4A7-496E-8C2C-86E3D51787FA}" = protocol=6 | dir=in | app=c:\program files\ansys inc\v140\aisol\bin\winx64\ansmeshingserver.exe | 
"{2CD7CD56-7654-4F53-8FE2-ABB58E541A54}" = protocol=6 | dir=in | app=c:\program files\ansys inc\v140\rsm\bin\ans.rsm.jmhost.exe | 
"{2E24194C-0DAA-4053-BDBD-7254A345902F}" = protocol=17 | dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe | 
"{3809BE39-E0AD-4894-9922-CAB4225E0902}" = protocol=6 | dir=out | app=system | 
"{3D45B48C-A82E-4E76-B836-8C54F6560E0E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{44998C82-A508-4222-80E9-645377AE12A4}" = protocol=6 | dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe | 
"{4B83884B-C18D-46CF-8F2D-E6A652C598E0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{4F08CF52-B016-4A68-944C-1304C9C0BE35}" = protocol=6 | dir=in | app=c:\program files\national instruments\shared\ni webserver\applicationwebserver.exe | 
"{57C13142-3AF1-40A8-B636-F4FDF2F60F9D}" = protocol=6 | dir=in | app=c:\program files\ansys inc\v140\fluent\fluent14.0.0\win64\3ddp_host\fl1400.exe | 
"{58A491BB-DF59-402A-B9BD-1BFAAB65DC92}" = protocol=6 | dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe | 
"{58B4F667-083B-435C-95A0-589920BA8F2A}" = protocol=17 | dir=in | app=c:\program files\ansys inc\v140\fluent\fluent14.0.0\win64\3d_host\fl1400.exe | 
"{5A665C86-477A-4A1C-86C5-D1089024B020}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5D61B49A-9AAB-45E0-AAF3-846713A49A8C}" = protocol=6 | dir=in | app=c:\program files\ansys inc\shared files\licensing\winx64\ansysli_client.exe | 
"{5E5AF583-20AE-4812-8D4E-70C627043D5A}" = protocol=17 | dir=in | app=c:\program files\ansys inc\v140\fluent\fluent14.0.0\win64\3ddp_node\fl_mpi1400.exe | 
"{5FD17F25-3D3C-46E8-AD0D-A45E40562183}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{6A0D7949-C342-4564-8645-4A73910B818F}" = protocol=17 | dir=in | app=c:\program files (x86)\ultravnc\vncviewer.exe | 
"{6D89122A-2031-42E4-9D18-2A04C4885D09}" = protocol=6 | dir=in | app=c:\program files (x86)\ultravnc\vncviewer.exe | 
"{71394E2B-969B-47DA-8CF3-919EA2076F5C}" = protocol=17 | dir=in | app=c:\program files (x86)\ultravnc\vncviewer.exe | 
"{75775345-FEFE-4CF8-A1E6-1EF77A3D0360}" = protocol=6 | dir=in | app=c:\program files\solidworks corp\solidworks\sldworks.exe | 
"{7B1B1799-E2AC-473E-BBA8-80EB608DCFB0}" = protocol=17 | dir=in | app=c:\users\user\appdata\local\akamai\netsession_win.exe | 
"{7C66FDE0-01BA-45CB-9FF3-2B9D98C64370}" = protocol=17 | dir=in | app=c:\program files\ansys inc\shared files\licensing\winx64\ansysli_client.exe | 
"{80EB059C-1199-46EF-8827-3EBA99156E9A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{85079CBA-3B3C-4865-80E6-D54C486774E2}" = protocol=6 | dir=in | app=c:\program files\ansys inc\v140\fluent\fluent14.0.0\win64\2ddp_node\fl_mpi1400.exe | 
"{85C96075-C150-4D29-8DC1-6A7A1A70F3EB}" = protocol=6 | dir=in | app=c:\program files\ansys inc\v140\fluent\fluent14.0.0\win64\3ddp_node\fl_mpi1400.exe | 
"{8C1C6EC7-36F7-49F9-8D45-2A513486D967}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8F63CAC6-9FDC-4C86-8149-F66FAB9C4871}" = protocol=17 | dir=in | app=c:\program files\solidworks corp\solidworks\swscheduler\dtscoordinatorservice.exe | 
"{8FD2DFBF-9A21-4B50-A1B1-504EB59B93E3}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{908C41CF-7D04-4007-AFDC-F5681B439734}" = protocol=17 | dir=in | app=c:\program files\ansys inc\v140\fluent\fluent14.0.0\win64\2ddp_host\fl1400.exe | 
"{93CDE9F3-1B29-43C2-9737-979C2591F0B4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A2CE86C4-42AF-400C-9338-8F3AD1DA0E78}" = protocol=17 | dir=in | app=c:\program files\ansys inc\v140\fluent\fluent14.0.0\multiport\mpi\win64\pcmpi\bin\mpirun.exe | 
"{A2DB981B-A73D-4CBB-83BA-FE759A3DF617}" = protocol=6 | dir=in | app=c:\program files (x86)\brother\brmfl10f\faxrx.exe | 
"{A4F9D371-85F1-49FA-B2C1-F61524863FEC}" = protocol=6 | dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe | 
"{A8D7FCD0-721D-424B-845B-B7363B04C28D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{AB3CF4B3-397E-4744-90E7-6CE18E720742}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{ABE3C84C-4C28-4EF9-AD9D-1E6B173465D7}" = protocol=17 | dir=in | app=c:\program files\solidworks corp\solidworks\sldworks.exe | 
"{B141CF9A-E435-4AB9-819A-4DCF4F2A35DE}" = protocol=6 | dir=in | app=c:\program files\ansys inc\v140\fluent\fluent14.0.0\multiport\mpi\win64\pcmpi\bin\mpid.exe | 
"{B38EC528-BE01-4355-B79A-93DD61DFB66B}" = protocol=17 | dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe | 
"{B5ADB86F-4788-4597-B622-7AC15BF919CB}" = protocol=17 | dir=in | app=c:\program files\ansys inc\v140\fluent\fluent14.0.0\multiport\mpi\win64\pcmpi\bin\mpid.exe | 
"{BAC289D9-1FB6-48DE-9033-936D1B003727}" = protocol=17 | dir=in | app=c:\program files\ansys inc\v140\rsm\bin\ans.rsm.jmhost.exe | 
"{BB930EBF-CC06-4AC6-A068-2D7851E02141}" = protocol=17 | dir=in | app=c:\program files\ansys inc\v140\framework\bin\win64\ansysfww.exe | 
"{C1762AF8-ABA5-4B3B-B707-391805053E74}" = protocol=6 | dir=in | app=c:\program files\ansys inc\v140\aisol\bin\winx64\ansyswbu.exe | 
"{C229CA86-D1D2-4089-A45B-2E31E803BAF1}" = protocol=17 | dir=in | app=c:\program files\national instruments\shared\ni webserver\applicationwebserver.exe | 
"{C6320743-E688-4C7F-8A4C-0FC059254B22}" = protocol=17 | dir=in | app=c:\program files\ansys inc\v140\fluent\fluent14.0.0\cortex\win64\cx1400.exe | 
"{C66247E7-5ACE-4421-B5EE-B3A7D25D3023}" = protocol=17 | dir=in | app=c:\program files\ansys inc\v140\fluent\fluent14.0.0\win64\2ddp_node\fl_mpi1400.exe | 
"{C795386F-BF1B-4F35-A2AE-8400971B8002}" = protocol=17 | dir=in | app=c:\program files\ansys inc\v140\fluent\fluent14.0.0\win64\3d_node\fl_mpi1400.exe | 
"{CCAEE8B4-6688-4BB6-AC1C-5AAF5829D2F5}" = protocol=17 | dir=in | app=c:\program files\ansys inc\v140\aisol\bin\winx64\ansyswbu.exe | 
"{CD4A55A3-AC69-4910-B11D-11764353D2A1}" = protocol=17 | dir=in | app=c:\program files (x86)\national instruments\shared\ni webserver\systemwebserver.exe | 
"{D4E4268A-1AC7-41CB-825A-966A3FA86CD9}" = protocol=17 | dir=in | app=c:\program files\ansys inc\v140\aisol\bin\winx64\ansmeshingserver.exe | 
"{D4F5E5CB-257B-48D9-B100-91EDF6DECA9D}" = protocol=6 | dir=in | app=c:\users\user\appdata\local\akamai\netsession_win.exe | 
"{D83A3D68-3283-4D1D-8718-D14FD4F63BE3}" = protocol=17 | dir=in | app=c:\program files\ansys inc\v140\commonfiles\jre\winx64\bin\java.exe | 
"{D8850CDC-1FD0-49AE-AC54-456FC4F83A96}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{DD7EFDAD-B8F3-40A3-AE64-1413306F3843}" = protocol=6 | dir=in | app=c:\program files\ansys inc\v140\fluent\fluent14.0.0\win64\2ddp_host\fl1400.exe | 
"{DEFD13D2-2066-4C27-8881-D613A15BB554}" = protocol=17 | dir=in | app=c:\program files (x86)\brother\brmfl10f\faxrx.exe | 
"{E059CF1F-DD19-4BD7-8E50-1C1DF5A264AC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E2ECCBE8-4709-4637-A88A-2C9A76D35837}" = protocol=6 | dir=in | app=c:\program files\ansys inc\v140\framework\bin\win64\ansysfww.exe | 
"{E5371DC7-ADB0-4AA5-8A96-A8F79F88C1E0}" = protocol=6 | dir=in | app=c:\program files\ansys inc\v140\commonfiles\jre\winx64\bin\java.exe | 
"{E75DFE92-2A93-45AD-A200-539859507E1E}" = protocol=6 | dir=in | app=c:\program files\ansys inc\v140\fluent\fluent14.0.0\multiport\mpi\win64\pcmpi\bin\mpirun.exe | 
"{E9F3CA92-CAD3-46F6-BDA4-C9D733553497}" = protocol=6 | dir=in | app=c:\program files (x86)\national instruments\shared\ni webserver\systemwebserver.exe | 
"{EB084268-1090-4E6C-8B07-4D87E0EC0181}" = protocol=6 | dir=in | app=c:\program files\ansys inc\v140\fluent\fluent14.0.0\win64\3d_host\fl1400.exe | 
"{FD86D555-0195-4517-9C15-AE2167457EC5}" = protocol=17 | dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe | 
"{FF3B5772-FDEA-481A-B3C4-4641418745F4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"TCP Query User{027C5F0C-B16A-406C-8441-07E5C9B2F423}C:\program files\ansys inc\v140\fluent\fluent14.0.0\cortex\win64\cx1400.exe" = protocol=6 | dir=in | app=c:\program files\ansys inc\v140\fluent\fluent14.0.0\cortex\win64\cx1400.exe | 
"TCP Query User{07D2EA06-0845-4885-A746-4FEF9DD09338}C:\program files\ansys inc\v140\fluent\fluent14.0.0\win64\3d_node\fl_mpi1400.exe" = protocol=6 | dir=in | app=c:\program files\ansys inc\v140\fluent\fluent14.0.0\win64\3d_node\fl_mpi1400.exe | 
"TCP Query User{502D164C-2D6D-460B-BB5A-6AE335CFF675}C:\program files\ansys inc\v140\aisol\bin\winx64\ansyswbu.exe" = protocol=6 | dir=in | app=c:\program files\ansys inc\v140\aisol\bin\winx64\ansyswbu.exe | 
"TCP Query User{5DBAB522-1189-4E0C-9884-5C21F24310B2}C:\program files\ansys inc\v140\fluent\fluent14.0.0\win64\2ddp_node\fl_mpi1400.exe" = protocol=6 | dir=in | app=c:\program files\ansys inc\v140\fluent\fluent14.0.0\win64\2ddp_node\fl_mpi1400.exe | 
"TCP Query User{67E2ED38-B7A4-427B-894A-691F2F81911E}C:\program files\ansys inc\v140\fluent\fluent14.0.0\win64\3ddp_host\fl1400.exe" = protocol=6 | dir=in | app=c:\program files\ansys inc\v140\fluent\fluent14.0.0\win64\3ddp_host\fl1400.exe | 
"TCP Query User{68E6CFB6-531B-4D3A-882A-AA01AB1D0804}C:\program files\ansys inc\v140\commonfiles\jre\winx64\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\ansys inc\v140\commonfiles\jre\winx64\bin\java.exe | 
"TCP Query User{79E6B65D-5634-478E-B7B6-F19FCFAACE12}C:\program files\ansys inc\shared files\licensing\winx64\ansysli_client.exe" = protocol=6 | dir=in | app=c:\program files\ansys inc\shared files\licensing\winx64\ansysli_client.exe | 
"TCP Query User{9DE61DAA-189B-4E6F-88C8-8BEFF07733AE}C:\program files\ansys inc\v140\fluent\fluent14.0.0\win64\2ddp_host\fl1400.exe" = protocol=6 | dir=in | app=c:\program files\ansys inc\v140\fluent\fluent14.0.0\win64\2ddp_host\fl1400.exe | 
"TCP Query User{A38A1F62-3B7C-40CF-B20C-4BC55F895B21}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"TCP Query User{A7FB5B26-D8A5-483E-9738-4435DE5E9757}C:\program files\ansys inc\v140\rsm\bin\ans.rsm.jmhost.exe" = protocol=6 | dir=in | app=c:\program files\ansys inc\v140\rsm\bin\ans.rsm.jmhost.exe | 
"TCP Query User{B52F138F-9D48-4AA8-8EA8-1B82BA1C661C}C:\program files\ansys inc\v140\fluent\fluent14.0.0\multiport\mpi\win64\pcmpi\bin\mpid.exe" = protocol=6 | dir=in | app=c:\program files\ansys inc\v140\fluent\fluent14.0.0\multiport\mpi\win64\pcmpi\bin\mpid.exe | 
"TCP Query User{C39DDFBD-B27A-400F-ADAA-5C71A91CF184}C:\program files\ansys inc\v140\fluent\fluent14.0.0\multiport\mpi\win64\pcmpi\bin\mpirun.exe" = protocol=6 | dir=in | app=c:\program files\ansys inc\v140\fluent\fluent14.0.0\multiport\mpi\win64\pcmpi\bin\mpirun.exe | 
"TCP Query User{C8D69B95-82A9-4FED-A954-D72B02D5BB5F}C:\program files\ansys inc\v140\fluent\fluent14.0.0\win64\3ddp_node\fl_mpi1400.exe" = protocol=6 | dir=in | app=c:\program files\ansys inc\v140\fluent\fluent14.0.0\win64\3ddp_node\fl_mpi1400.exe | 
"TCP Query User{CF022BBD-FC42-4F90-A334-63FFC1A9779E}C:\program files\ansys inc\v140\fluent\fluent14.0.0\win64\3d_host\fl1400.exe" = protocol=6 | dir=in | app=c:\program files\ansys inc\v140\fluent\fluent14.0.0\win64\3d_host\fl1400.exe | 
"TCP Query User{D6EA8A9B-FE9E-457D-901A-2498C8363329}C:\program files\ansys inc\v140\aisol\bin\winx64\ansmeshingserver.exe" = protocol=6 | dir=in | app=c:\program files\ansys inc\v140\aisol\bin\winx64\ansmeshingserver.exe | 
"TCP Query User{E6780189-DBDC-4BD0-A3D6-5BDD49EB13BA}C:\program files (x86)\national instruments\shared\datafinderdesktop\bin\datafinder.exe" = protocol=6 | dir=in | app=c:\program files (x86)\national instruments\shared\datafinderdesktop\bin\datafinder.exe | 
"TCP Query User{EC2DF596-2E3E-44FE-9A22-2A8C92F3E039}C:\program files\solidworks corp\solidworks\sldworks.exe" = protocol=6 | dir=in | app=c:\program files\solidworks corp\solidworks\sldworks.exe | 
"TCP Query User{F466BC7D-4A56-4C37-A659-7D2E0ED1FD9A}C:\program files\ansys inc\v140\framework\bin\win64\ansysfww.exe" = protocol=6 | dir=in | app=c:\program files\ansys inc\v140\framework\bin\win64\ansysfww.exe | 
"UDP Query User{060CEE6B-7F09-4114-A270-8EC33C944276}C:\program files\ansys inc\v140\fluent\fluent14.0.0\win64\2ddp_node\fl_mpi1400.exe" = protocol=17 | dir=in | app=c:\program files\ansys inc\v140\fluent\fluent14.0.0\win64\2ddp_node\fl_mpi1400.exe | 
"UDP Query User{1ADDF2B7-C179-439F-B5AF-9BF2EA05631F}C:\program files\ansys inc\v140\fluent\fluent14.0.0\win64\3ddp_node\fl_mpi1400.exe" = protocol=17 | dir=in | app=c:\program files\ansys inc\v140\fluent\fluent14.0.0\win64\3ddp_node\fl_mpi1400.exe | 
"UDP Query User{1F1CDBD7-CD8B-4CA9-B6A8-55CD4BA855CF}C:\program files\ansys inc\v140\fluent\fluent14.0.0\multiport\mpi\win64\pcmpi\bin\mpid.exe" = protocol=17 | dir=in | app=c:\program files\ansys inc\v140\fluent\fluent14.0.0\multiport\mpi\win64\pcmpi\bin\mpid.exe | 
"UDP Query User{404305CF-DC47-49A5-B640-9B30590030C0}C:\program files\ansys inc\v140\aisol\bin\winx64\ansmeshingserver.exe" = protocol=17 | dir=in | app=c:\program files\ansys inc\v140\aisol\bin\winx64\ansmeshingserver.exe | 
"UDP Query User{517A1B5B-C864-464A-B909-3D2145E18407}C:\program files\ansys inc\shared files\licensing\winx64\ansysli_client.exe" = protocol=17 | dir=in | app=c:\program files\ansys inc\shared files\licensing\winx64\ansysli_client.exe | 
"UDP Query User{53A5CCE6-A581-4F49-A326-425A97E92654}C:\program files\ansys inc\v140\fluent\fluent14.0.0\cortex\win64\cx1400.exe" = protocol=17 | dir=in | app=c:\program files\ansys inc\v140\fluent\fluent14.0.0\cortex\win64\cx1400.exe | 
"UDP Query User{53D5BAF5-68A6-4526-BBEC-6CC3716D5E72}C:\program files\ansys inc\v140\framework\bin\win64\ansysfww.exe" = protocol=17 | dir=in | app=c:\program files\ansys inc\v140\framework\bin\win64\ansysfww.exe | 
"UDP Query User{7A27F6B1-B881-4C17-92D8-1733D99607C2}C:\program files\ansys inc\v140\rsm\bin\ans.rsm.jmhost.exe" = protocol=17 | dir=in | app=c:\program files\ansys inc\v140\rsm\bin\ans.rsm.jmhost.exe | 
"UDP Query User{84A1D109-3BAA-4869-B2BE-88DAA00A231A}C:\program files\ansys inc\v140\fluent\fluent14.0.0\win64\3d_host\fl1400.exe" = protocol=17 | dir=in | app=c:\program files\ansys inc\v140\fluent\fluent14.0.0\win64\3d_host\fl1400.exe | 
"UDP Query User{B684355D-DC57-4688-81F3-E901D4CDDF8E}C:\program files (x86)\national instruments\shared\datafinderdesktop\bin\datafinder.exe" = protocol=17 | dir=in | app=c:\program files (x86)\national instruments\shared\datafinderdesktop\bin\datafinder.exe | 
"UDP Query User{B935A751-F4A9-4CF5-9F6F-BE73667C487F}C:\program files\ansys inc\v140\fluent\fluent14.0.0\multiport\mpi\win64\pcmpi\bin\mpirun.exe" = protocol=17 | dir=in | app=c:\program files\ansys inc\v140\fluent\fluent14.0.0\multiport\mpi\win64\pcmpi\bin\mpirun.exe | 
"UDP Query User{C06A95E1-FEB9-42E8-AFFE-1EE5AA4E6BC2}C:\program files\ansys inc\v140\fluent\fluent14.0.0\win64\3ddp_host\fl1400.exe" = protocol=17 | dir=in | app=c:\program files\ansys inc\v140\fluent\fluent14.0.0\win64\3ddp_host\fl1400.exe | 
"UDP Query User{DE2FE989-7DC9-4185-8999-34A002265DFD}C:\program files\ansys inc\v140\fluent\fluent14.0.0\win64\2ddp_host\fl1400.exe" = protocol=17 | dir=in | app=c:\program files\ansys inc\v140\fluent\fluent14.0.0\win64\2ddp_host\fl1400.exe | 
"UDP Query User{E1B61655-B6FC-4614-9A75-934BBAA85892}C:\program files\ansys inc\v140\fluent\fluent14.0.0\win64\3d_node\fl_mpi1400.exe" = protocol=17 | dir=in | app=c:\program files\ansys inc\v140\fluent\fluent14.0.0\win64\3d_node\fl_mpi1400.exe | 
"UDP Query User{E25D95F7-F468-49BE-8A4D-B43F7E78BEF5}C:\program files\solidworks corp\solidworks\sldworks.exe" = protocol=17 | dir=in | app=c:\program files\solidworks corp\solidworks\sldworks.exe | 
"UDP Query User{E5FC469C-FE1C-4508-8157-2EB96E740ED0}C:\program files\ansys inc\v140\aisol\bin\winx64\ansyswbu.exe" = protocol=17 | dir=in | app=c:\program files\ansys inc\v140\aisol\bin\winx64\ansyswbu.exe | 
"UDP Query User{FAA5DD41-036E-49E2-B662-23B4BDC9C477}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"UDP Query User{FDAFB84C-B656-4681-903E-B9E08321F8FB}C:\program files\ansys inc\v140\commonfiles\jre\winx64\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\ansys inc\v140\commonfiles\jre\winx64\bin\java.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{020DFD6B-8032-4237-9B68-BC5B1E42A684}" = NI Ethernet Device Enumerator 64-Bit
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{076FE483-3897-4A54-8F02-441BCE7EDE47}" = NI-DAQmx SCXI for 64 Bit Windows 2.0.0
"{0A1073AF-038B-4FC2-B85B-2C38D17F6936}" = NI RTSI Cable Core Installer for 64 Bit Windows 1.1.0
"{0B7AFE8D-1265-4025-AD23-3624CEAD4F3C}" = NI Xalan Delay Load 1.10.1 64-bit
"{0D5534F6-AF96-489F-A69F-082199EE027F}" = NI Authentication 2.0 (64-bit)
"{0F0034D8-BF51-46BA-BC9E-64C220DC480C}" = NI-DAQmx Switch Core for 64 Bit Windows 2.3.0
"{1778742E-59D3-4090-AB8A-DAA281D66772}" = NI Assistant Framework 64-bit
"{18AA575C-D2EE-4AFC-A684-BF85DAFF4B19}" = NI-MRU 2.12.0f0 for 64 Bit Windows
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{2616018C-1E77-48E3-BB9B-7FC79D849CAB}" = NI-DAQmx STC for 64 Bit Windows 1.11.0
"{26A24AE4-039D-4CA4-87B4-2F86416021FF}" = Java(TM) 6 Update 21 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417000FF}" = Java(TM) 7 (64-bit)
"{2C22EA92-CB30-4932-0052-000001000000}" = InfraRecorder 0.52 (x64 edition)
"{2C304E7A-A1E0-4E56-8679-7B7FC80BE6BE}" = NI-RPC 4.2.2f0 for 64 Bit Windows
"{2DD460A2-336C-4CCB-8F8C-68ACDBDF0A97}" = NI-DAQmx MIO Device Drivers for 64 Bit Windows 2.7.0
"{3AFD5259-24B6-4332-8EEF-9947200DF693}" = NI GMP Windows 64-bit Installer 11.0.0
"{3B68641B-4EBD-4EBE-917D-6E91DB1E5636}" = NI System State Publisher (64-bit)
"{4168FF33-8D45-40B3-B2A8-FD91BB2A1BA0}" = NI mDNS Responder 1.6 for Windows 64-bit
"{4339C8F4-BB15-49D8-BC51-EAB5D10325A8}" = NI Curl 1.0.1 (64-bit)
"{47194CDC-0EFC-4EF8-BD8C-6E9D8EF67224}" = NI RTSI PAL Device Library Installer for 64 Bit Windows 1.1.0
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4EBBC187-6988-4B10-A846-E1DBD2AD2B8D}" = NI Math Kernel Libraries (64-bit)
"{4EE0B022-366F-432B-98C6-4EB27C87774E}" = NI Math Kernel Libraries (64-bit)
"{50B2D9D8-87B6-49EE-BC5C-874119FD6B7B}" = NI Xerces Delay Load 2.7.3 64-bit
"{53794485-921A-4C71-8E82-6F5A15E9ECBA}" = NI Network Discovery 5.0 for Windows 64-bit
"{542DDF04-9F91-4F36-B2F4-2638B788A4C8}" = Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU
"{5B38524E-3702-446C-AE93-1C28F2926374}" = NI-DAQmx MAX Support 64-bit 2.3.0
"{5EAD12AB-9875-4BCC-A3C3-1E5401191FE3}" = NI-DAQmx Dynamic Signal Acquisition for 64 Bit Windows 2.3.0
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{607C8A6B-77E5-46D5-BB86-9D6FF813A77F}" = NI Web Application Server 1.1 (64-bit)
"{678EB05F-D317-48C9-9C67-E33AE7C0F900}" = NI MXS 5.0.0 for 64 Bit Windows
"{67B8A1C7-4A94-41C7-B215-0AF2750AB8DD}" = NI-DAQmx Documentation for 64 bit Windows 9.4.0
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6D9B6E39-18E5-4B05-92B3-83B5B483131B}" = NI IVI Class Simulation Drivers (64-bit)
"{7694EC8F-88B3-4656-BBAC-41B87DDC3E8B}" = IVI Shared Component 64-bit
"{792F51F9-C200-445D-AC7A-15C2F082A715}" = SolidWorks Flow Simulation 2010 SP02.1 x64 Edition
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{82DA2AE0-AC4B-4D34-BE7D-B4C720A1E7D2}" = NI VC2008MSMs x64
"{830CCF4A-11CF-4A3C-85EE-98002E97572E}" = NI-VISA x64 support ..
"{84AC95C9-D358-4626-BD18-2D0A16BC8A82}" = NI Logos64 5.2.1
"{863FD265-AF6E-4CBC-A66A-CC551E214C3B}" = NI-DAQmx DAQ Assistant 64-bit 2.1.0
"{88E18DCA-12DF-477F-9921-A804BC43AD3B}" = NI Calibration Provider Help for 64 Bit Windows
"{8972BE76-AC79-4108-AE3C-59A0211025F0}" = NI IVI Compliance Package 4.2 (64-bit)
"{899576E7-3569-417F-8EFE-EB881BE22EDE}" = NI MAX Remote Configuration 64-bit Installer 5.0
"{8A29BB80-DD34-4893-A0AD-A13C17E38A87}" = NI-MDBG 1.11.0f0 for 64 Bit Windows
"{8C089519-64BD-48F5-AFDB-CACB1FF51FC4}" = NI-APAL 2.0 64-Bit Error Files
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{922317D8-F321-4F43-9D50-03399CECD597}" = NI MAX Support for 64 Bit Windows
"{974391A4-9358-4122-951C-CE73EF490A40}" = NI System Configuration Runtime 5.0.0 for Windows 64-bit
"{99ACA06A-648E-4045-BF5C-A79EC35DBEE9}" = NI Trace Engine (64-bit)
"{9C8D90AE-70CB-47B7-8230-B5F6250F0CC1}" = NI-DAQmx Common Digital for 64 Bit Windows 1.14.0
"{9FEAE7CD-7BF1-4FAB-95F8-FC12C395B82C}" = NI IVI Class Drivers 64-bit
"{A08E9F7F-D07D-4029-973D-D9DB7DF4A285}" = Nitro Reader 2
"{A7560590-5EBA-40BA-85E4-6D9BA6D6C1B4}" = NI TDMS (64-bit)
"{ACDE2A50-97CF-47FE-B92C-ED8147F85A9D}" = NI VC2005MSMs x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{AF4525BB-39AE-4D9F-AE66-0D70E20DDBB0}" = NI-ORB 1.10.0f0 for 64 Bit Windows
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.85
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B3ACDAEB-08E0-41F8-8789-D0A333AE4964}" = NI System Web Server Base 2.0 (64-bit)
"{B9254715-D10D-4B4B-B002-54CBA61E6F64}" = NI LabVIEW Broker (64 bit)
"{BCC9F205-2B10-41EB-9365-7988824B3748}" = NI PXI Platform Framework 1.5.0 64-bit
"{BE0C6A88-C93C-4BA0-9BDB-DB12FFF1EC98}" = NI Logos64 XT Support
"{C015A236-48E4-4291-A7A7-0AD0E5300DAA}" = NI USI 1.8.1 64-Bit
"{C056F8E5-6ACD-4B71-BC1A-E5948E515EE7}" = NI IVI Engine 64-bit
"{C8786BF1-0278-4DAF-8015-EAF94CDF2F0C}" = NI-MXLC LabVIEW 2011 Support
"{C885A235-9C71-4D7B-BA0D-A3FD76F7313E}" = NI-DIM 1.12.0f0 for 64 Bit Windows
"{CCC79B52-19CF-4A50-BE60-AEE3DE96B3EA}" = NI Web Pipeline 2.0.1 64-bit support
"{CCD7A659-74D4-4577-A3FE-4E5C8C3AEF14}" = NI-PAL 2.7.0f0 for 64 Bit Windows
"{CD763FF0-B449-4692-B999-5434D3D5374C}" = NI-DAQmx/LabVIEW shared documentation for 64 Bit Windows 1.10.0
"{CEC987B2-4531-48CC-B87C-2D355A90943A}" = NI Variable Engine (64-bit)
"{D198B514-B24E-43FC-AE19-E634F48B928C}" = NI System API Windows 64-bit 5.0.0
"{D5D8BFCD-C9F4-488A-B660-8876D02AA572}" = NI Portable Configuration for 64 Bit Windows 5.0.0
"{D7CCDF1B-6819-4003-87BB-F6F1BDC48C2E}" = NI-MXLC LabVIEW 2009 Support
"{D91ACEAA-C14F-4172-8AF1-AD40FEE8E325}" = NI-MXLC Core (64-bit)
"{D9F81649-D7A6-4FA0-856C-76CDB1120F9D}" = NI Spy Windows 64 Support 3.0.0
"{DA359EC3-2861-4529-97B2-55A5F6A69A47}" = NI-DAQmx FSL Installer for 64-Bit Windows 2.0.0
"{DDB6CCD4-65B3-4B91-8C71-1AE6FCD77E02}" = NI-MXDF 1.12.0f0 for 64 Bit Windows
"{E3867DF9-81D4-40BC-880C-1F134FECF995}" = NI Help Assistant (64bit)
"{E45B7F5F-A814-4C15-A0D6-14CEE02AD72D}" = NI SSL Support (64-bit)
"{E807BDD0-9A9F-453B-992A-927F9499B668}" = NI PXI Hardware 64-bit Support 2.6.2
"{E9173A5F-22A6-4152-848E-45851DB99162}" = SolidWorks 2010 x64 Edition SP02.1
"{E9F226A6-A0FB-4077-B47E-DFB44825C659}" = NI-MXLC LabVIEW 2010 Support
"{EB4F834C-DD0D-42E3-A43D-D61A86246FEB}" = NI-DAQmx 653x Installer for 64 Bit Windows 1.9.5
"{EF7DDF1F-5CE8-46D0-993F-D8170C221FCB}" = NI-DAQmx MX Expert Framework for 64 Bit Windows 2.9.0
"{F27DCB7D-AB55-4A4C-927A-27E4217EFBA5}" = NI DataSocket 4.8 (64 Bit)
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F63D3568-80A4-47AB-B97D-8988DF18BD0C}" = NI TDM Excel Add-In 3.3 64-bit
"{F9EBCD68-8BCC-4C66-9F1A-94E62ABB67A8}" = NI RTSI UI Provider for 64 Bit Windows 1.1.0
"{FB585470-EFFC-461E-9302-27CA43DD3A74}" = NI PXI SystemAPI Expert 64-bit 2.6.2
"{FC50EE2A-A55D-437E-A5BD-D0EBFB1323CC}" = NI-DAQmx Timing for 64 Bit Windows 2.4.0
"{FE85EDAA-F445-4E11-804E-4CB314D1C8E4}" = VISA Shared Components 64-Bit
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"GPL Ghostscript 9.04" = GPL Ghostscript
"GSview 5.0" = GSview 5.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU" = Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00191333-34DE-4B54-BEDD-701793920E82}" = NI RTSI UI Provider 1.1.0
"{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd
"{01415FEA-D7D9-40CF-9370-AF74ABC1AE39}" = NI System API Web-Servce 32-bit 5.0.0
"{027763BA-707E-4E88-9631-7837EE715E96}" = NI DataSocket 4.8
"{033F0FD6-07E0-414A-8367-51EB862EFE12}" = Runtime für den NI-Systemkonfigurator 5.0.0
"{0504F3D0-F1CF-4FC7-AC18-7C157EAE65F6}" = NI LabVIEW 2010 Service Pack 1 (SP1)
"{0605BA5B-7041-482E-A7DC-C1B55DB6046A}" = NI-MXLC LabVIEW 2011 Support
"{06BF046D-7CDE-495B-82F3-52E185DC0714}" = NI LabVIEW SignalExpress 2010 LabVIEW Support
"{08B760EF-E028-45B1-80E2-624F9C54F4CE}" = NI-MXLC Core (32-bit)
"{0A0877CD-3EB7-4C87-AC14-B343018528F8}" = NI LabVIEW 2010 SP1 Search
"{0B851303-5BA7-4C49-A9E1-59AAE27F663C}" = NI Ethernet Device Enumerator
"{0BD06981-453D-4336-9A47-5A0231B5CB22}" = NI-Netzwerkbrowser 5.0.0
"{0C2D9E6F-575F-4FD3-AD2A-B44FACDDD707}" = NI LabVIEW SignalExpress 2011 Datatypes LabVIEW 2010 Support
"{0F22D0D0-0D43-42B4-8C9D-0CC14A99F9DC}" = NI LabVIEW 2010 SP1 Simulation
"{0FB31DF8-38DF-4C9D-B313-AFAFC3FBA02B}" = NI LVBrokerAux 8.2.1
"{0FD812C9-3BBE-4CC5-A43C-B7304E3EC581}" = NI Web Pipeline 2.0.1
"{112FE5D5-EB7A-4795-B906-79FB08E936C6}" = NI-RPC 4.2.0f0 for Phar Lap ETS
"{1280D2F7-75AF-4C05-A188-42F899102F8B}" = Apache FOP 0.20.5
"{13702021-43FB-480C-912F-D9B74A538288}" = OpenProj
"{1538B06D-3F62-4622-B9D2-27B894C3496C}" = NI LVBrokerAux 8.5.0
"{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate
"{18493A5A-1D24-4A71-BBD3-67348B68C3B1}" = NI-ORB 1.10.0f0
"{1912B9EC-BA84-4616-8053-2C61927732AC}" = NI-DAQmx 9.4.0
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{19F59734-0740-49E6-818D-53C1CA6B4ABE}" = NI System State Publisher
"{1A609A84-71AF-4D96-962B-E060D34FD4AB}" = NI MetaSuite Installer
"{1AD4286C-80CC-422E-92A4-BFC01931142D}" = NI-MRU 2.12.0f0
"{1D2A8A73-27F6-401A-BD25-7AEDC58EBAA6}" = NI-DAQmx MAX Configuration Support 9.4.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200927E3-5E45-493A-9343-508613BC59CE}" = NI LabVIEW Web Services Runtime
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{22923F17-B592-4A7F-84A8-18F3BFC13B94}" = NI Microsoft Silverlight Wrapper
"{22940D8E-2DE3-4A0E-A75C-1F1A9F5C5190}" = NI-MXLC LabVIEW 2010 Support
"{24737928-2810-474F-A004-22CDBD234279}" = NI-DAQmx Switch Core 2.3.0
"{251D2597-6C45-4D03-9B75-0FD0078AFC55}" = Universal Library™ for LabVIEW™
"{268B0789-E2BF-4836-BF05-A6140B4983CA}" = NI MAX Remote Configuration Installer 5.0
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 27
"{28AE4F38-F610-4BDD-AB56-E9BE800A0D36}" = NI-DAQmx Documentation 9.4.0
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{298008B1-AD82-4791-9BB8-863AD1408492}" = NI Uninstaller
"{2ADC660A-77C9-4A6C-9D4B-5E48A27BCA10}" = NI Help Assistant
"{2BC9B2CE-D569-4ADC-A8A0-170F2FD57139}" = NI LabVIEW 2010 Real-Time NBFifo
"{2FB984B6-0521-4449-A9D1-5659666B1489}" = NI-MDBG 1.11.0f0
"{31BAF1F9-E048-4D81-9716-80F4D3FF7594}" = NI I/O Trace API LV2010
"{326913E3-E0AF-42A0-8860-BC4B9026DFA3}" = NI System Configuration 5.0.0 LabVIEW Support
"{32C26756-A756-43D2-900D-92CB44316602}" = NI Calibration Provider for MAX 5.0.0
"{33AAA123-A24A-46A7-8CD6-F03C5B375033}" = NI TDM Excel Add-In 3.3
"{397E268E-FB51-4C23-A496-1031B8F1CCEE}" = NI AFW UI Assemblies
"{39D5152B-ED79-4117-B781-A4E3A7AB0EBB}" = NI LabVIEW SignalExpress 2010 Core
"{3A1504FB-7067-4E46-9AFA-A3C29C95E4DC}" = NI LabVIEW Run-Time Engine 8.2.1
"{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}" = Brother MFL-Pro Suite MFC-7360N
"{3AE9153C-1E52-4B6B-9405-FE403342A3C8}" = NI-Update-Dienst 2.0
"{40977008-FCEF-4E03-A541-F2108A74810A}" = NI-DAQmx C and VB6 API 2.4.0
"{415780C0-4A19-4567-AAAE-10CCB9832B13}" = NI-RPC 4.2.2f0 for Phar Lap ETS
"{4159DD60-49C1-4323-A1A5-FB060CBA35C5}" = NI Measurement Studio Recipe Processor
"{416B50BB-64CE-46C5-81A6-7F842CC35CDC}" = NI LabVIEW MAX XML
"{41F55B19-0EE6-486A-8DAD-099715447DA9}" = NI-DAQmx/LabVIEW shared documentation 1.10.0
"{46BF7707-A511-47E7-B118-0E53DCA1A0EA}" = NI Remote PXI Provider for MAX 5.0.0
"{49F05354-04F7-4AE4-8434-9E7B5462C727}" = NI DN 2.0 SP1 installer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C252146-AAD7-486F-84A1-835E3CFAE0DA}" = NI LabVIEW 2010 SP1 Help File
"{4DD3346F-5819-4FE1-8230-FB06B29832F2}" = NI-DAQmx DAQ Assistant 2.1.0
"{50F728C0-9A37-4868-B9E1-42565C228B12}" = Reset NI Config 5.0.0
"{51C2BCE4-2014-44F5-9F94-D32685712504}" = NI LabVIEW SignalExpress 2010 Core LabVIEW 2010 Support
"{52252F5C-58CD-48ED-8C88-9AAD6FE887B4}" = NI Trace Engine
"{52B86E8B-25C9-4C7F-9178-F5BE82FD9C76}" = NI Variable Engine LabVIEW 2010 Support
"{55D6FBF6-2912-4C05-BD7D-A94C7CA0CA64}" = NI LabVIEW 2010 SP1 Deployment Framework
"{578A6214-6CC6-4043-A9A8-C045DDAE2B39}" = NI Remote Provider for MAX 5.0.0
"{5795409A-3154-41E1-BA26-99050D4FA9AE}" = NI LabVIEW SignalExpress 2010 Core LabVIEW Support
"{581498B4-41DE-4D49-BB34-962369C461EF}" = NI IVI Online Help
"{59698423-89BD-4CB8-B444-004F1CE8725F}" = NI LabVIEW 2010 SP1 MeasAppChm File
"{59A4D1C4-BB47-4AB5-9851-372BD1643EFD}" = NI Instrument IO Assistant for LabVIEW 2010 32-bit
"{5C0BBD9F-2D3F-4093-AD7B-3F7377E0EDCA}" = NI LabVIEW Real-Time NBFifo
"{5D7BC4A6-C72B-4D35-B5E5-5CE9A7DAF457}" = Intel(R) MPI Library Runtime Environment 4.0 Update 2 for Windows* OS
"{5F61A089-FF4B-4489-9551-2AE3C3D4890B}" = NI Curl 1.0.1
"{6087B3A8-1B55-4B7F-94CC-2115DBDEFE56}" = NI-DSM 2010
"{61C5D53F-A358-4288-AC9C-260A8E43BD55}" = NI LabVIEW SignalExpress 2010 Licenses
"{644DAD90-2083-4871-BD49-721BF8FAE295}" = NI LabVIEW Run-Time Engine 8.6.1
"{650423EA-69D1-4E89-94A6-17D481ACD26B}" = NI LabVIEW 2010 SP1 License
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6521D171-9C7F-4BE1-8061-A9D0C5BB4BB0}" = NI LabVIEW 2010 Service Pack 1 (SP1)
"{6671B525-83B9-4A0F-89F9-7BE90C138EA8}" = NI IVI Class Drivers
"{668E3C05-1BA0-46C9-ABE9-EE2344493EFA}" = NI-MXDF 1.12.0f0
"{66FE173F-4F58-4E5D-99C4-EF82735D2B1F}" = NI Logos XT Support
"{69ED3983-7649-423D-BEBA-45AA980C39FF}" = NI LabVIEW 2010 SP1 Manuals
"{69FAF7E0-6E43-4845-9BB7-A9D9F7440084}" = NI PXI Platform Services 2.6.2 Expert
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6CD694A0-BA86-48B0-B158-DDE541E06946}" = NI LabVIEW 2010 Service Pack 1 (SP1)
"{6DDB8F91-754B-419C-BC34-14A908370A7E}" = NI-DAQmx ADE Support 9.4.0
"{6E60000F-D096-486B-A04D-3B823F7CC0B4}" = NI TDMS
"{6E605604-E2CE-4331-AA19-5FEF273F3CFD}" = NI LabVIEW Real-Time FIFO for Runtime
"{6E84AECC-91B8-4738-97D2-0E8083A093F2}" = NI Measurement Studio Common .NET Assemblies for .NET 2.0
"{70BA7761-629A-4118-BFE0-02753B9019C8}" = NI MXS 5.0.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{712723FB-BF99-4406-8F91-A2DB766AB2C9}" = NI VC2008MSMs x86
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{736D2DAD-3D87-4CAA-8646-83D238AD68E0}" = PhotoView 360
"{75C812EE-06B8-4A47-B37D-9777BE9A644C}" = NI SSL Support
"{7813F4F4-41E6-4DD3-9661-6CC5FDC72946}" = NI LabVIEW Web Services Runtime
"{7BB22289-73C8-4416-9F14-260463CD88E3}" = NI IVI Class Simulation Drivers
"{7BE5AA0C-E564-430F-B297-2B01121A1C5A}" = NI LabVIEW Real-Time NBFifo
"{7C62B54A-E524-4F3D-83E7-0F2ABAFC978A}" = NI Xalan Delay Load 1.10.1
"{7D89ECEB-7E27-4898-812E-80862E91AB94}" = NI Portable Configuration 5.0.0
"{7DBBA02A-05C3-45B5-870D-4E107ECF71F4}" = NI-DAQmx and NI-DAQ Common Documents 9.4.0
"{7E3668CB-1228-416E-B721-C2FA3247B985}" = NI LabVIEW Real-Time FIFO for Runtime
"{7E910A6B-E4A0-4AF2-8F42-402AAD065E28}" = NI LabVIEW 2010 Service Pack 1 (SP1)
"{80195FEA-D89E-4DBC-AB52-088994BF181C}" = NI-DAQmx Common Digital 1.14.0
"{80888412-6319-4388-A3EC-31F46613957C}" = NI SSL LabVIEW 2010 Support
"{80C792E1-78BC-4F4A-839E-BCD107770938}" = NI System API Windows 32-bit 5.0.0
"{82685C60-8C49-4235-9E71-95BCA17ECCEC}" = NI PXI Platform Framework 1.5.0
"{82D29FE9-9F5A-4EF7-BBA1-EF107DDB2E64}" = NI Certificates Deployment Support
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84C5A842-FF2F-4483-BAF0-898730F44452}" = NI LabVIEW 2010 SP1
"{854F1FA6-3EC9-4108-BE1D-F7D2307BAE81}" = NI IVI Provider for MAX
"{86CD8FBB-39DA-4E20-B258-EC34D6437D88}" = NI-APAL 2.0 Error Files
"{87D36139-6716-4A81-AC63-8D32E2E87B68}" = NI LabVIEW 2010 SP1 Deployable License
"{886C3E95-4032-45C8-92F6-57861871635A}" = NI Software Provider for MAX 5.0.0
"{896849EE-EEE6-4E45-B20B-9F4DDCF805DA}" = NI Assistant Framework
"{8A64A285-37B2-44F0-A019-2A3B589E52E0}" = NI Logos 5.2.1
"{8A65F1E6-A82F-4E50-8CE0-1FCF85BA9005}" = NI RTSI PAL Device Library Installer 1.1.0
"{8CDBEB73-4A40-4480-A32C-D9B57F8B3B1B}" = NI LabVIEW Merge Utility 10.1.0
"{8D57780E-42A2-438C-9977-E2CDF3F02D07}" = NI IVI Compliance Package 4.2
"{8D63E8B8-83BE-4982-AE08-0E50A795D2D9}" = NI LabVIEW 2010 Service Pack 1 (SP1)
"{8E48AA5D-BEF5-464B-82A6-FE4FCE1E1CF3}" = NI DataFinder Toolkit 2010 Development System
"{8F908EB7-C8FA-4128-BAF2-76D89F5C4DD0}" = NI LabVIEW SignalExpress 2010 Steps
"{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9320E1F0-31CB-4095-B430-017A35406E40}" = NI LabVIEW SignalExpress 2011 Datatypes
"{95C26FA7-5FDD-4C6D-AD6F-3D4B3FEB0D70}" = NI AFW Custom UI Assemblies
"{979308D8-0616-46E3-8269-E4C6661CB946}" = NI-DAQmx 653x Installer 1.9.5
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A52EEFB-CCDA-4CDA-8F8E-BEF3BB63B245}" = NI-DAQmx MX Expert Framework 2.9.0
"{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}" = Sophos Anti-Virus
"{9B05C597-5509-47C6-87B8-461E1BB6AF5C}" = NI LabVIEW Run-Time Engine 2009
"{9B52914C-704D-4FF9-8A78-2897540D2E0E}" = NI LabVIEW EWB DeviceHandler 2010
"{9BC9F84D-DF93-4AE5-A5F7-FB3A39D86CF6}" = NI LabVIEW Run-Time Engine 8.5.1
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9BF9F0A2-2CF9-4165-9A36-639381F54BE3}" = NI IO Trace 3.0.0
"{9D500758-F84E-4B0D-85CC-579DD1F579ED}" = NI PXI Platform Services 2.6.2
"{9E4D5A41-1051-4F1A-8342-ECB26CA0C86C}" = Autodesk Design Review 2012
"{9E5641B0-E764-4716-9181-D9F3ABB09139}" = NI LabVIEW 2010 SP1 Help
"{9E6EF1B0-906A-437A-8513-EB066DACC9E9}" = NI LabVIEW SignalExpress 2010
"{9FCEDDD0-4FEA-41CE-9739-565F39B2F607}" = NI MDF Support
"{A0A20C35-FA6C-471D-ADA6-FFB1604157BD}" = NI-PAL 2.7.0f0
"{A11A542A-37BF-4943-9810-3F1DC0AD4A1C}" = NI LabWindows/CVI 2010 Code Generator
"{A1D99DC3-2BB9-4B84-B061-E127486AEB46}" = NI IVI Engine
"{A29EC1AF-7077-4E6E-B4EB-30A719117268}" = NI System Web Server 2.0
"{A363C314-2242-4BBE-9ADE-B427AF646EFF}" = NI mDNS Responder 1.6.0
"{A53A11EA-0095-493F-86FA-A15E8A86A405}" = VMware Player
"{A633FB85-66CF-4472-9B5D-7D97E4170E21}" = NI Sound and Vibration Frequency Analysis LabVIEW 2010 Support
"{A6A73752-722D-41FA-89FB-010E2EE394A3}" = NI System Configuration LV2010 Support 5.0.0
"{A736A59D-FFAD-4EE5-962F-510DE151D6AA}" = NI AFW Channel Configuration Tool
"{A786161E-959C-4B4B-AA6D-7424C13CCCF2}" = SolidWorks eDrawings 2010
"{A8BF0B46-D6FB-4927-B5F9-020C2D527421}" = NI OPC Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96F34CD-8049-43F5-94EF-DA7716E8E34A}" = NI Assistant Framework LabVIEW 2010 Support
"{A999B934-1EBA-415F-BA5B-5036E0811956}" = NI Example Finder 10.0
"{AB47630B-C1BF-4A0A-93EF-3492A59A4704}" = NI LabVIEW Run-Time Engine Interop 2010
"{AB55A100-AAC9-43EA-845E-2DCDC0D4D2B8}" = NI Math Kernel Libraries
"{AB9BBC2E-83F6-47A9-9FA3-08D3774F8E45}" = NI-RPC 4.2.2f0
"{ABD79E99-F9E3-413B-8D18-11070754355F}" = NI Math Kernel Libraries
"{AC13955E-29CD-45B5-BF23-E096E8E7A730}" = NI-DAQmx MIO Device Drivers 2.7.0
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AD3F600F-EF24-4145-9514-B4F8A685F944}" = NI PXI Platform Services 2.6.2 Configuration Support
"{ADABA17A-4E08-4DBE-A3ED-D3FE4E1471C2}" = NI LabVIEW 2010 Service Pack 1 (SP1)
"{AEE86B43-EDF2-4836-8BE0-6713006E416E}" = NI-DAQmx SCXI 2.0.0
"{B10F8C17-3DB8-4093-92F6-9F85C263D51A}" = NI LabVIEW Run-Time Engine Interop 2009
"{B16E5D41-425C-4EF1-A37B-632C0AA2EE0B}" = NI Variable Engine 2.4.1
"{B179B6ED-5D5B-49B8-8929-5144738B81C3}" = NI LabVIEW SignalExpress 2011 Tools
"{B17B4474-0CED-4369-B3F1-2BE9C2C9514B}" = WIF Core Dependencies Windows 1.0.6
"{B1EE55C1-F98B-40AB-AF0C-422ECCC88454}" = NI Measurement & Automation Explorer 5.0.0
"{B2B35179-C18D-449F-A076-4ED63CEE0CBA}" = NI DataFinder Demo Data 2.2
"{B2BDA3BC-29BE-49C1-A30E-15DA8D041601}" = NI License Manager
"{B3618016-5FD4-4C93-B222-D702A276C675}" = NI RTSI Cable Core Installer 1.1.0
"{B3D8D834-E9D5-414F-BDBE-D04968980336}" = Intel(R) MPI Library Runtime Environment 4.0 Update 2 for Windows* OS
"{B40882AD-CDEF-4861-856B-4230F45B3BAB}" = NI LabVIEW 2010 SP1 Web Server
"{BC480E47-96F6-4C03-9502-DD8D2DCD7E22}" = NI USI 1.8.1
"{C0DE25AE-B0E5-4D4B-96CE-EE757066D0BA}" = NI Network Discovery 5.0
"{C14E9FB2-C869-4345-AE83-0ED11970C79A}" = NI DataFinder Toolkit 2010 Run-Time
"{C4108512-C5CF-420B-BDD0-8EE971B5A6EB}" = NI LabVIEW SignalExpress 2010 LabVIEW 2010 Support
"{C431B110-67A1-4724-9600-89AA5D851B5A}" = NI LabVIEW Compare Utility 10.1.0
"{C4F78BCC-71DD-4081-BF8F-FB96EE5051E6}" = NI System API Client for WIF 1.1.6
"{C574C270-984B-4AA7-A902-E0768FD216EF}" = NI Web Application Server 1.1
"{C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1" = SRWare Iron 14.0.850.0
"{C5EFB7E4-2C2D-4295-938D-2E615D111C19}" = NI Sound and Vibration Frequency Analysis 2010
"{C856BC45-C56B-43B5-BFBE-0AEE1035C370}" = NI System Configuration CVI Support 5.0.0
"{CAC9188C-83A0-4F9F-858A-DA430DC2E401}" = NI AFW Custom UI
"{CD49E43B-88B1-48AD-A3AF-43FAAAB41CB8}" = Autodesk Design Review Browser Add-on v1.2 
"{CF30E2B5-A7A7-47AD-8B03-22A27D4E9971}" = NI LabVIEW 2011 Real-Time Error Dialog
"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
"{D1444C70-4E9B-4A92-993F-1E418CE66232}" = Distributed Installer
"{D2811F1A-B1AE-4581-B0F2-415279C94283}" = NI LabVIEW 2010 Service Pack 1 (SP1)
"{D36148F5-6462-4FFE-806C-9D8180E8B38E}" = NI-DAQmx support for LabVIEW 2.2.0
"{D361B9E5-E918-48CB-BEC3-8E44A5F6E624}" = NI LabVIEW 2009 SP1 Run-Time Engine Web Services
"{D481EA96-2313-4A7C-98EE-710D1AF884AC}" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"{D6D68ABC-954B-4373-92A2-0FE7FA59AC1A}" = NI EulaDepot
"{D7687639-5B24-4D57-B449-2AAD2F189964}" = NI LabVIEW 2010 Service Pack 1 (SP1)
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{DA5AB554-F9F1-43F2-BA57-620BD0300601}" = NI-DAQmx FSL Installer 2.0.0
"{DB0D5AFF-0B60-4287-9BC2-F4AE797B02F4}" = NI Authentication 2.0
"{DB2C5648-700D-4AEF-83E1-70C72F0C34FA}" = NI Math Kernel Libraries
"{DB68B420-5382-48EE-9A2A-CB984FEBB192}" = NI LabVIEW Web Server for Run-Time Engine
"{DBAF9288-7503-48AC-A43F-B00B4EA0F145}" = NI PXI SystemAPI Expert 2.6.2
"{DC7F8117-3D5A-4848-AA4F-2A61BE4A5094}" = NI-MXLC LabVIEW 2009 Support
"{DEC25D81-2317-47F6-8B26-D54A939DA1EE}" = NI LabVIEW C Interface
"{DF2AC813-5956-43A1-A5F0-318C20F27BF1}" = NI-VISA Runtime 5.0.0
"{E0D8CD4E-4771-4848-A09D-60A31D883883}" = NI VC2005MSMs x86
"{E1C072D3-0842-4C35-9BB3-634A440AD45B}" = NI-DIM 1.12.0f0
"{E1D60C68-016C-4951-8C1F-52E24DFE7836}" = NI CodeSignAPI
"{E2512778-54B1-4968-A4A1-5894E701C53C}" = NI Web Interface Framework 1.1
"{E5C1AC7F-05BB-4F4B-975D-D5165BB41332}" = NI-DAQmx Timing Installer 2.4.0
"{E6068691-1FBC-4EF0-87E8-609CDB32038A}" = NI Xerces Delay Load 2.7.3
"{E69A31C9-F24F-4A1A-BEAD-B1AA255760C1}" = NI Registration Wizard
"{E6C0EA48-8AF1-4A1C-9383-8F0706F22431}" = NI LabWindows/CVI DLL Builder for LabVIEW
"{E7C42C98-7DD2-4E9C-AB29-A7659458B97D}" = NI IVI Class Driver LabVIEW 2010 Support
"{EB708DAB-CD04-46E4-88C9-E3BC80595982}" = NI System Web Server Base 2.0
"{EC45867D-83A8-4ECF-911A-154CD98BD592}" = NI Measurement Studio 8.6 Enterprise RunTime for VS2005
"{ED53EBC4-9EFC-4EC3-AC91-DADBC95B68AA}" = NI LabVIEW 2010 Service Pack 1 (SP1)
"{EDD23D6A-401E-479E-8B20-071182D373B8}" = NI-DAQ INF Files 19.4.0
"{EDFC39D7-B782-4B43-BF9C-D1B80ADEA863}" = NI LabVIEW Runtime Engine 2010 SP1
"{EEC2944E-A512-47CA-A10C-906A1A327D72}" = NI Assistant Framework LabVIEW Code Generator 2010
"{EFD1918F-B6E1-4813-A641-C5475F481501}" = NI DataFinder Desktop 2.2
"{F055B0A4-8F75-4F85-B6FF-1C5BE10A72DC}" = NI LabWindows/CVI 9.0 Run-Time Engine
"{F108E126-FC8D-4685-A8D4-58C8FA11BD1A}" = NI DataFinder Client 2.2
"{F2296CAF-ADF2-49ED-9A58-58E411425278}" = NI-DAQmx Dynamic Signal Acquisition Installer 2.3.0
"{F25EC416-A553-4EC4-B06E-F805C36E1FAB}" = NI-DAQmx STC 1.11.0
"{F37CC885-1E37-4F2A-93F3-7F1E1EEBBEBB}" = NI LabVIEW Broker
"{F6326021-0958-4699-A1C4-B18F37F4218B}" = NI Logos LabVIEW 2010 Support
"{F6C682B6-7714-41CC-80B6-3288364910AF}" = NI GMP Windows 32-bit Installer 11.0.0
"{F8ECD2D6-659C-49EB-8454-5F8F7B526FCF}" = NI DN 2.0 Language Pack installer
"{FA7E1ADB-CEB4-4710-A1FA-8CFF4025AAB0}" = NI-MXLC LabVIEW 8.6 Support
"{FE24BCDF-9231-450D-AA08-D3550B81EE41}" = NI LabVIEW Web Server for Run-Time Engine
"{FED1005D-CBC8-45D5-A288-FFC7BB304121}" = Sophos Remote Management System
"{FEFA778A-05D2-4D0F-80A3-7AE24B8161C0}" = NI LabVIEW Web Server for Run-Time Engine
"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
"Autodesk Design Review 2012" = Autodesk Design Review 2012
"CoolPack_is1" = CoolPack
"DeskUpdate_is1" = DeskUpdate 4.11
"FreePDF_XP" = FreePDF (Remove only)
"InstallShield_{251D2597-6C45-4D03-9B75-0FD0078AFC55}" = Universal Library™ for LabVIEW™
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"IviSharedComponent" = IVI Shared Components
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft Visual Studio 2005 Tools for Applications - ENU" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"MiKTeX 2.9" = MiKTeX 2.9
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"NI Uninstaller" = National Instruments - Software
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"ResearchSoft Direct Export Helper" = ResearchSoft Direct Export Helper
"SolidWorks Installation Manager 20100-40201-1100-100" = SolidWorks 2010 x64 Edition SP02.1
"SS_{B3D8D834-E9D5-414F-BDBE-D04968980336}" = Intel(R) MPI Library Runtime Environment 4.0 Update 2 for Windows* OS
"TeXnicCenter Alpha_is1" = TeXnicCenter Version 2.0 Alpha 3
"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1
"Trace Software - EUTRON SmartKey® Driver" = Trace Software - EUTRON SmartKey® Driver
"Trace Software - HASP Key Driver" = Trace Software - HASP Key Driver
"TraceParts Application" = TraceParts Application
"TraceParts Catalogs" = TraceParts Catalogs
"Ultravnc2_is1" = UltraVNC 1.0.6.4
"VirtualCloneDrive" = VirtualCloneDrive
"VISASharedComponents" = VISA Shared Components 64-Bit
"VMware_Player" = VMware Player
"Winamp" = Winamp
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
"WinDirStat" = WinDirStat 1.1.2
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 4/18/2012 4:34:45 AM | Computer Name = eng_11 | Source = LabVIEW | ID = 3299
Description = LabVIEW information:  Error: 400 "Bad Request" for "deletetree", file
 "": Unsupported protocol       .
 
Error - 4/18/2012 9:34:40 AM | Computer Name = eng_11 | Source = LabVIEW | ID = 3299
Description = LabVIEW information:  Error: 400 "Bad Request" for "deletetree", file
 "": Unsupported protocol       .
 
Error - 4/20/2012 1:54:40 AM | Computer Name = eng_11 | Source = Sophos Anti-Virus | ID = 2424841
Description = Der Scan von 'Boot Record, Laufwerk F:' führte zu SAV Interface-Fehler
 0xa0040210: Kein Zugriff auf Datei.
 
Error - 4/20/2012 1:56:12 AM | Computer Name = eng_11 | Source = WinMgmt | ID = 10
Description = 
 
Error - 4/20/2012 8:12:53 AM | Computer Name = eng_11 | Source = LabVIEW | ID = 3299
Description = LabVIEW information:  Error: 400 "Bad Request" for "deletetree", file
 "": Unsupported protocol       .
 
Error - 4/20/2012 8:13:09 AM | Computer Name = eng_11 | Source = Sophos Anti-Virus | ID = 131073
Description = Es sind keine Versionen der Komponente 'MessageResDSFactory' registriert.
 MessageResDSFactory kann nicht ausgegeben werden.
 
Error - 4/20/2012 8:13:09 AM | Computer Name = eng_11 | Source = Sophos Anti-Virus | ID = 131073
Description = Es sind keine Versionen der Komponente 'MessageResDSFactory' registriert.
 MessageResDSFactory kann nicht ausgegeben werden.
 
Error - 4/23/2012 1:58:56 AM | Computer Name = eng_11 | Source = WinMgmt | ID = 10
Description = 
 
Error - 4/23/2012 2:48:40 AM | Computer Name = eng_11 | Source = Sophos Anti-Virus | ID = 2424841
Description = Der Scan von 'Boot Record, Laufwerk N:' führte zu SAV Interface-Fehler
 0xa0040210: Kein Zugriff auf Datei.
 
Error - 4/25/2012 1:34:30 PM | Computer Name = eng_11 | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 4/11/2012 9:20:08 PM | Computer Name = eng_11 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "M4-Service" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 4/16/2012 1:37:43 AM | Computer Name = eng_11 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "M4-Service" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 4/17/2012 1:35:47 AM | Computer Name = eng_11 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "M4-Service" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 4/18/2012 2:08:54 AM | Computer Name = eng_11 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "M4-Service" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 4/20/2012 1:54:27 AM | Computer Name = eng_11 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "M4-Service" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 4/23/2012 1:57:10 AM | Computer Name = eng_11 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "M4-Service" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 4/25/2012 1:32:45 PM | Computer Name = eng_11 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "M4-Service" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 5/2/2012 1:32:17 AM | Computer Name = eng_11 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "M4-Service" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 5/7/2012 1:45:41 AM | Computer Name = eng_11 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "M4-Service" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 5/8/2012 9:06:22 AM | Computer Name = eng_11 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "M4-Service" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
 
< End of report >
         
__________________

Alt 14.05.2012, 13:58   #4
user_
 
System aus Sicherheisgründen gesperrt OTL Logfiles - Standard

System aus Sicherheisgründen gesperrt OTL Logfiles



und der Rest:

und otl.txt:
Code:
ATTFilter
OTL logfile created on: 5/14/2012 2:37:23 PM - Run 4
OTL by OldTimer - Version 3.2.43.0     Folder = E:\Tools\virenscanner
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7.94 Gb Total Physical Memory | 6.03 Gb Available Physical Memory | 75.89% Memory free
15.88 Gb Paging File | 13.88 Gb Available in Paging File | 87.41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 101.43 Gb Total Space | 16.48 Gb Free Space | 16.24% Space Free | Partition Type: NTFS
Drive E: | 931.51 Gb Total Space | 520.85 Gb Free Space | 55.91% Space Free | Partition Type: NTFS
Drive F: | 237.64 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive K: | 930.91 Gb Total Space | 430.87 Gb Free Space | 46.29% Space Free | Partition Type: NTFS
 
Computer Name: ENG_11 | User Name: THG | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found -- 
PRC - [2012/05/14 10:43:56 | 000,595,456 | ---- | M] (OldTimer Tools) -- E:\Tools\virenscanner\OTL.exe
PRC - [2012/05/09 18:11:39 | 000,232,472 | ---- | M] (Sophos Plc) -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/04/04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/03/21 17:21:46 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/03/16 10:30:08 | 001,543,704 | ---- | M] (Sophos Plc) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
PRC - [2011/09/09 09:22:29 | 001,465,584 | ---- | M] (Sophos Plc) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavMain.exe
PRC - [2011/09/09 09:22:20 | 000,097,520 | ---- | M] (Sophos Plc) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
PRC - [2011/09/09 09:22:15 | 000,163,056 | ---- | M] (Sophos Plc) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
PRC - [2011/09/09 09:22:11 | 000,806,912 | ---- | M] (Sophos Plc) -- C:\Program Files (x86)\Sophos\Remote Management System\RouterNT.exe
PRC - [2011/09/09 09:22:10 | 000,282,624 | ---- | M] (Sophos Plc) -- C:\Program Files (x86)\Sophos\Remote Management System\ManagementAgentNT.exe
PRC - [2011/07/07 19:43:20 | 000,018,584 | ---- | M] (National Instruments Corporation) -- C:\Windows\SysWOW64\nipxism.exe
PRC - [2011/06/14 17:57:10 | 000,012,696 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\National Instruments\MAX\nimxs.exe
PRC - [2011/06/10 14:11:20 | 000,121,032 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe
PRC - [2011/06/01 16:32:14 | 000,194,224 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
PRC - [2011/05/27 13:44:20 | 000,050,328 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe
PRC - [2011/03/25 23:26:46 | 000,334,448 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2011/03/25 23:26:28 | 000,404,080 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2011/03/25 23:26:16 | 000,113,264 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
PRC - [2011/03/25 22:27:40 | 000,539,248 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2011/02/23 22:19:22 | 000,371,200 | ---- | M] (shbox.de) -- C:\Program Files (x86)\FreePDF_XP\fpassist.exe
PRC - [2010/11/18 14:52:30 | 000,439,808 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\SysWOW64\SASrv.exe
PRC - [2010/11/17 14:26:10 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/11/17 14:26:08 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/11/16 11:06:24 | 000,361,080 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
PRC - [2010/11/16 11:02:42 | 000,055,928 | ---- | M] (National Instruments Corporation) -- C:\Windows\SysWOW64\lktsrv.exe
PRC - [2010/11/16 10:48:32 | 000,045,168 | ---- | M] (National Instruments Corporation) -- C:\Windows\SysWOW64\lkads.exe
PRC - [2010/11/08 13:38:18 | 000,047,776 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
PRC - [2010/10/20 13:59:28 | 000,752,304 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe
PRC - [2010/09/30 14:08:31 | 000,439,536 | ---- | M] (Sophos Plc) -- C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
PRC - [2010/09/30 10:22:54 | 000,695,136 | ---- | M] (National Instruments, Inc.) -- C:\Windows\SysWOW64\lkcitdl.exe
PRC - [2010/06/23 13:14:54 | 000,131,776 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe
PRC - [2010/03/30 08:40:20 | 000,113,296 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010/03/24 15:23:06 | 000,012,696 | ---- | M] (National Instruments Corporation) -- C:\Windows\SysWOW64\nipalsm.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012/05/07 09:19:05 | 008,797,856 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
MOD - [2012/03/21 17:21:46 | 001,969,080 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2012/03/12 17:18:04 | 000,204,792 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe -- (NitroReaderDriverReadSpool2)
SRV:64bit: - [2011/09/09 10:46:10 | 001,315,592 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2010/11/08 13:38:40 | 000,063,648 | ---- | M] (National Instruments Corporation) [Disabled | Stopped] -- C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe -- (NIApplicationWebServer64) NI Application Web Server (64-bit)
SRV:64bit: - [2010/01/20 00:59:12 | 000,087,336 | ---- | M] (Dassault Systèmes SolidWorks Corp.) [On_Demand | Stopped] -- C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe -- (CoordinatorServiceHost)
SRV:64bit: - [2009/11/23 20:31:22 | 000,093,992 | ---- | M] (Mentor Graphics Corporation) [On_Demand | Stopped] -- C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe -- (Remote Solver for Flow Simulation 2010)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/04/21 12:59:08 | 002,869,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Auto | Running] -- C:\Windows\SysNative\hasplms.exe -- (hasplms)
SRV - [2012/05/09 18:11:39 | 000,232,472 | ---- | M] (Sophos Plc) [Auto | Running] -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service)
SRV - [2012/05/07 09:19:05 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/04/04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/03/16 10:30:08 | 001,543,704 | ---- | M] (Sophos Plc) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe -- (swi_service)
SRV - [2011/09/09 10:48:21 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/09/09 10:46:10 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2011/09/09 09:22:20 | 000,097,520 | ---- | M] (Sophos Plc) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService)
SRV - [2011/09/09 09:22:15 | 000,163,056 | ---- | M] (Sophos Plc) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService)
SRV - [2011/09/09 09:22:11 | 000,806,912 | ---- | M] (Sophos Plc) [Auto | Running] -- C:\Program Files (x86)\Sophos\Remote Management System\RouterNT.exe -- (Sophos Message Router)
SRV - [2011/09/09 09:22:10 | 000,282,624 | ---- | M] (Sophos Plc) [Auto | Running] -- C:\Program Files (x86)\Sophos\Remote Management System\ManagementAgentNT.exe -- (Sophos Agent)
SRV - [2011/07/07 19:43:20 | 000,018,584 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\SysWOW64\nipxism.exe -- (nipxirmu)
SRV - [2011/06/14 17:57:10 | 000,012,696 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files (x86)\National Instruments\MAX\nimxs.exe -- (mxssvr)
SRV - [2011/06/10 14:11:20 | 000,121,032 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe -- (NINetworkDiscovery)
SRV - [2011/06/01 16:32:14 | 000,194,224 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe -- (nimDNSResponder)
SRV - [2011/05/27 13:44:20 | 000,050,328 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe -- (niSvcLoc)
SRV - [2011/04/28 19:58:20 | 001,423,264 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\MPI-RT\4.0.2.005\em64t\bin\smpd.exe -- (impi_smpd) Intel(R)
SRV - [2011/03/25 23:26:46 | 000,334,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2011/03/25 23:26:28 | 000,404,080 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2011/03/25 23:26:16 | 000,113,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2011/03/25 22:27:40 | 000,539,248 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2010/11/18 14:52:30 | 000,439,808 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\SASrv.exe -- (SAService)
SRV - [2010/11/17 14:26:10 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010/11/17 14:26:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010/11/16 11:06:24 | 000,361,080 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe -- (NIDomainService)
SRV - [2010/11/16 11:02:42 | 000,055,928 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\SysWOW64\lktsrv.exe -- (lkTimeSync)
SRV - [2010/11/16 10:48:32 | 000,045,168 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\SysWOW64\lkads.exe -- (lkClassAds)
SRV - [2010/11/08 13:38:18 | 000,047,776 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe -- (NIApplicationWebServer)
SRV - [2010/10/20 13:59:28 | 000,752,304 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe -- (NITaggerService)
SRV - [2010/09/30 10:22:54 | 000,695,136 | ---- | M] (National Instruments, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\lkcitdl.exe -- (LkCitadelServer)
SRV - [2010/08/19 13:57:14 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe -- (ufad-ws60)
SRV - [2010/08/02 10:00:00 | 001,427,688 | ---- | M] (Macrovision Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe -- (NILM License Manager)
SRV - [2010/06/23 13:14:54 | 000,131,776 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files (x86)\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe -- (niLXIDiscovery)
SRV - [2010/03/24 15:23:06 | 000,012,696 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\SysWOW64\nipalsm.exe -- (nidevldu)
SRV - [2010/03/18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/03 10:26:34 | 000,098,304 | ---- | M] (OPC Foundation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Opcenum.exe -- (OpcEnum)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/09/09 09:22:30 | 000,025,592 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdcfilter.sys -- (sdcfilter)
DRV:64bit: - [2011/09/09 09:22:25 | 000,142,328 | ---- | M] (Sophos Plc) [File_System | System | Running] -- C:\Windows\SysNative\drivers\savonaccess.sys -- (SAVOnAccess)
DRV:64bit: - [2011/09/09 09:22:14 | 000,025,608 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\SophosBootDriver.sys -- (SophosBootDriver)
DRV:64bit: - [2011/08/22 23:19:22 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/08/22 23:19:22 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/07/21 17:50:46 | 000,011,384 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb6xxxkw.sys -- (usb6xxxkw)
DRV:64bit: - [2011/07/20 11:21:08 | 000,012,936 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\niswdkl.sys -- (niswdk)
DRV:64bit: - [2011/07/19 18:13:24 | 000,012,968 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\niufurkl.sys -- (niufurk)
DRV:64bit: - [2011/07/19 17:16:32 | 000,012,944 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nixsrkl.sys -- (nixsrk)
DRV:64bit: - [2011/07/19 16:45:04 | 000,012,944 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\niemrkl.sys -- (niemrk)
DRV:64bit: - [2011/07/19 16:45:02 | 000,012,432 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\niemrkw.sys -- (niemrkw)
DRV:64bit: - [2011/07/19 02:36:48 | 000,012,952 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nidsarkl.sys -- (nidsark)
DRV:64bit: - [2011/07/19 02:13:04 | 000,012,944 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nicsrkl.sys -- (nicsrk)
DRV:64bit: - [2011/07/19 01:36:46 | 000,012,936 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\niraptrkl.sys -- (niraptrk)
DRV:64bit: - [2011/07/19 01:21:24 | 000,012,936 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nicondrkl.sys -- (nicondrk)
DRV:64bit: - [2011/07/19 01:05:22 | 000,012,976 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nicmrkl.sys -- (nicmrk)
DRV:64bit: - [2011/07/18 22:22:18 | 000,012,944 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\niwfrkl.sys -- (niwfrk)
DRV:64bit: - [2011/07/18 22:07:10 | 000,012,944 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nissrkl.sys -- (nissrk)
DRV:64bit: - [2011/07/18 21:44:42 | 000,012,944 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\niesrkl.sys -- (niesrk)
DRV:64bit: - [2011/07/18 21:22:34 | 000,012,936 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nistc3rkl.sys -- (nistc3rk)
DRV:64bit: - [2011/07/18 21:01:56 | 000,012,960 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nisdigkl.sys -- (nisdigk)
DRV:64bit: - [2011/07/18 20:46:56 | 000,012,968 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nitiorkl.sys -- (nitiork)
DRV:64bit: - [2011/07/18 20:33:10 | 000,012,968 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nistcrkl.sys -- (nistcrk)
DRV:64bit: - [2011/07/18 20:15:36 | 000,012,952 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nicdcckl.sys -- (nicdcck)
DRV:64bit: - [2011/07/12 17:28:56 | 000,012,960 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nifslkl.sys -- (nifslk)
DRV:64bit: - [2011/07/12 17:09:12 | 000,013,000 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nimsdrkl.sys -- (nimsdrk)
DRV:64bit: - [2011/07/12 16:11:34 | 000,012,944 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nidmxfkl.sys -- (nidmxfk)
DRV:64bit: - [2011/07/12 15:39:40 | 000,012,976 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nimxpkl.sys -- (nimxpk)
DRV:64bit: - [2011/07/12 15:37:02 | 000,012,968 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nimstskl.sys -- (nimstsk)
DRV:64bit: - [2011/07/08 06:05:06 | 000,012,952 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nisftkl.sys -- (nisftk)
DRV:64bit: - [2011/07/07 20:03:46 | 000,022,680 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nipxigpk.sys -- (nipxigpk)
DRV:64bit: - [2011/07/07 19:49:54 | 000,012,952 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\nipxirmkl.sys -- (nipxirmk)
DRV:64bit: - [2011/07/01 15:50:34 | 000,012,968 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nimru2kl.sys -- (nimru2k)
DRV:64bit: - [2011/07/01 15:29:02 | 000,012,952 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nimxdfkl.sys -- (nimxdfk)
DRV:64bit: - [2011/07/01 14:54:40 | 000,012,968 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nidimkl.sys -- (nidimk)
DRV:64bit: - [2011/07/01 14:40:12 | 000,012,960 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nimdbgkl.sys -- (nimdbgk)
DRV:64bit: - [2011/07/01 14:21:04 | 000,012,952 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\niorbkl.sys -- (niorbk)
DRV:64bit: - [2011/06/29 13:50:00 | 000,012,992 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nipalfwedl.sys -- (nipalfwedl)
DRV:64bit: - [2011/06/29 13:48:26 | 000,012,992 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nipalusbedl.sys -- (nipalusbedl)
DRV:64bit: - [2011/06/29 13:39:18 | 000,914,072 | ---- | M] (National Instruments Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nipalk.sys -- (NIPALK)
DRV:64bit: - [2011/06/23 10:39:52 | 000,341,680 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) Intel(R)
DRV:64bit: - [2011/05/17 06:04:26 | 000,012,968 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ninshsdkl.sys -- (ninshsdk)
DRV:64bit: - [2011/05/11 14:43:46 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/04/13 09:53:42 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2011/04/08 18:21:10 | 000,026,704 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ni1065k.sys -- (ni1065k)
DRV:64bit: - [2011/04/08 18:21:08 | 000,011,856 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ni1045kl.sys -- (ni1045k)
DRV:64bit: - [2011/04/08 18:21:06 | 000,054,424 | ---- | M] (National Instruments Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nipxibrc.sys -- (nipxibrc)
DRV:64bit: - [2011/04/08 18:21:06 | 000,030,800 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ni1006k.sys -- (ni1006k)
DRV:64bit: - [2011/04/08 18:21:04 | 000,082,568 | ---- | M] (National Instruments Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nipxibaf.sys -- (nipxibaf)
DRV:64bit: - [2011/03/25 23:27:36 | 000,068,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2011/03/25 23:27:34 | 000,081,008 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2011/03/25 23:27:28 | 000,030,832 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\VMparport.sys -- (VMparport)
DRV:64bit: - [2011/03/25 23:25:46 | 000,031,856 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2011/03/25 23:25:34 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2011/03/25 22:27:36 | 000,038,512 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2011/03/25 20:05:00 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb)
DRV:64bit: - [2011/03/25 20:04:58 | 000,045,104 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2011/03/25 20:04:58 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2011/03/10 13:15:04 | 001,576,576 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011/01/15 18:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010/12/17 00:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/11/21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/27 08:57:46 | 000,131,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010/10/19 17:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010/08/12 21:36:20 | 000,011,864 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nicdrkl.sys -- (nicdrk)
DRV:64bit: - [2010/07/12 21:54:06 | 000,012,984 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nispdkl.sys -- (nispdk)
DRV:64bit: - [2010/07/12 21:42:36 | 000,012,984 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\niscdkl.sys -- (niscdk)
DRV:64bit: - [2010/06/23 10:05:30 | 000,011,944 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NiViPxiKl.sys -- (NiViPxiK)
DRV:64bit: - [2010/06/23 10:04:04 | 000,011,944 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NiViPciKl.sys -- (NiViPciK)
DRV:64bit: - [2010/06/15 17:15:46 | 000,038,064 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\niede.sys -- (NIEthernetDeviceEnumerator)
DRV:64bit: - [2010/03/24 12:27:44 | 000,016,984 | ---- | M] (National Instruments Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nipbcfk.sys -- (nipbcfk)
DRV:64bit: - [2010/02/24 11:10:18 | 000,181,248 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/02/24 11:10:16 | 000,078,336 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/07/14 01:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/13 11:55:38 | 000,318,464 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hardlock.sys -- (hardlock)
DRV:64bit: - [2009/01/08 11:55:04 | 000,129,280 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksfridge.sys -- (aksfridge)
DRV:64bit: - [2009/01/05 10:19:30 | 000,011,824 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nistc2kl.sys -- (nistc2k)
DRV:64bit: - [2008/12/18 09:13:26 | 000,032,336 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\eusk2par-amd64.sys -- (eusk2par)
DRV:64bit: - [2008/12/05 16:21:30 | 000,025,224 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvalarmk.sys -- (lvalarmk)
DRV:64bit: - [2008/02/11 16:57:10 | 000,070,272 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksdf.sys -- (aksdf)
DRV - [2010/08/19 13:56:38 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6F 0F 92 95 C2 31 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll ( )
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@autodesk.com/DWF: C:\Program Files (x86)\Autodesk\Autodesk Design Review Browser Add-on v1.2\npADRdwf.dll (Autodesk)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/21 17:21:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/11 15:18:58 | 000,000,000 | ---D | M]
 
[2011/09/09 08:15:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\THG\AppData\Roaming\mozilla\Extensions
[2012/03/21 17:21:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012/03/21 17:21:46 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/06/09 18:05:10 | 000,025,088 | ---- | M] (National Instruments) -- C:\Program Files (x86)\mozilla firefox\plugins\nplv2010win32.dll
[2009/10/22 09:28:40 | 000,028,448 | ---- | M] (National Instruments) -- C:\Program Files (x86)\mozilla firefox\plugins\NPLV82Win32.dll
[2007/07/24 19:03:42 | 000,023,040 | ---- | M] (National Instruments) -- C:\Program Files (x86)\mozilla firefox\plugins\nplv85win32.dll
[2008/12/10 14:49:34 | 000,023,040 | ---- | M] (National Instruments) -- C:\Program Files (x86)\mozilla firefox\plugins\nplv86win32.dll
[2010/10/19 18:15:20 | 000,025,088 | ---- | M] (National Instruments) -- C:\Program Files (x86)\mozilla firefox\plugins\nplv90win32.dll
[2011/07/11 23:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012/03/21 17:21:45 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
 
O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SophosBHOX64.dll (Sophos Plc)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Plc)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe (Sophos Plc)
O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler File not found
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll (National Instruments Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000021 - C:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll (VMware, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll (National Instruments Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D1D1ABD8-FB7E-4FEE-800E-68D1A352F267}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DCAC7F1B-F2D0-4099-90AD-27966232CA8B}: NameServer = 10.25.1.64,10.94.36.170,10.100.1.64
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL) - C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL (Sophos Plc)
O20 - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Plc)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/01/08 11:21:56 | 000,000,091 | R--- | M] () - F:\Autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/05/14 14:27:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/05/14 14:27:00 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/05/14 13:18:53 | 000,000,000 | ---D | C] -- C:\Users\THG\AppData\Roaming\Malwarebytes
[2012/05/14 13:18:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/14 13:18:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/05/14 13:18:44 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/05/14 13:18:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/05/14 13:07:12 | 000,000,000 | ---D | C] -- \_OTL
[2012/05/14 10:39:30 | 000,000,000 | ---D | C] -- C:\Users\THG\AppData\Local\Sophos
[2012/05/11 03:01:47 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/05/11 02:03:07 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/05/11 02:03:07 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/05/11 02:03:07 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/05/11 02:03:07 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/05/10 14:02:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraVNC
[2012/05/10 14:02:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UltraVNC
[2012/05/07 14:50:35 | 000,000,000 | ---D | C] -- C:\Users\THG\AppData\Roaming\IPU
[2012/05/07 14:50:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CoolPack
[2012/05/07 14:47:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CoolPack
 
========== Files - Modified Within 30 Days ==========
 
[2012/05/14 14:36:13 | 001,621,618 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/05/14 14:36:13 | 000,699,554 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012/05/14 14:36:13 | 000,654,872 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/05/14 14:36:13 | 000,149,376 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012/05/14 14:36:13 | 000,122,330 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/14 14:32:02 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/14 14:31:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/14 14:31:48 | 2101,284,863 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/14 14:27:01 | 000,000,828 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/05/14 14:20:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/14 14:19:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/14 13:18:45 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/05/14 13:16:21 | 000,016,768 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/14 13:16:21 | 000,016,768 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/11 03:22:28 | 000,363,368 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/05/10 14:02:41 | 000,000,974 | ---- | M] () -- C:\Users\THG\Desktop\UltraVNC Viewer Directx.lnk
[2012/05/10 14:02:41 | 000,000,954 | ---- | M] () -- C:\Users\THG\Desktop\UltraVNC Viewer.lnk
[2012/05/10 14:02:41 | 000,000,937 | ---- | M] () -- C:\Users\THG\Desktop\UltraVNC Server.lnk
[2012/05/07 09:19:05 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/05/07 09:19:05 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/05/07 09:19:03 | 008,744,608 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
 
========== Files Created - No Company Name ==========
 
[2012/05/14 14:27:01 | 000,000,828 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/05/14 13:18:45 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/05/10 14:02:41 | 000,000,974 | ---- | C] () -- C:\Users\THG\Desktop\UltraVNC Viewer Directx.lnk
[2012/05/10 14:02:41 | 000,000,954 | ---- | C] () -- C:\Users\THG\Desktop\UltraVNC Viewer.lnk
[2012/05/10 14:02:41 | 000,000,937 | ---- | C] () -- C:\Users\THG\Desktop\UltraVNC Server.lnk
[2012/05/07 14:38:10 | 039,685,325 | ---- | C] () -- \Opel Astra H Service And Repair Manual.pdf
[2012/05/07 13:40:55 | 037,606,996 | ---- | C] () -- \Op.As.H.Se._Re.Man.rar
[2012/05/07 11:32:48 | 000,000,081 | ---- | C] () -- \CTX.DAT
[2012/04/02 16:48:05 | 002,009,049 | ---- | C] () -- \Stadtwerke2.JPG
[2011/10/13 10:00:07 | 001,715,510 | ---- | C] () -- \P1120503.JPG
[2011/10/13 10:00:07 | 000,254,816 | ---- | C] () -- \P1120501.JPG
[2011/09/12 11:29:52 | 000,000,245 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2011/09/12 11:29:52 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2011/09/12 11:28:29 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2011/09/12 11:28:29 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2011/09/12 11:28:18 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2011/09/12 11:28:15 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2011/09/12 07:53:55 | 000,015,840 | ---- | C] () -- C:\Windows\SysWow64\Machnm1.exe
[2011/09/12 07:53:55 | 000,010,760 | ---- | C] () -- C:\Windows\SysWow64\Machnm64.sys
[2011/09/12 07:53:55 | 000,007,432 | ---- | C] () -- C:\Windows\SysWow64\Machnm32.sys
[2011/09/09 10:47:54 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2011/08/02 08:51:32 | 000,040,448 | ---- | C] () -- C:\Windows\REGOBJ.DLL
[2011/07/18 22:30:08 | 000,050,272 | ---- | C] () -- C:\Windows\SysWow64\nispdu.dll
[2011/06/10 13:52:52 | 000,000,244 | ---- | C] () -- C:\Windows\SysWow64\nirpc.ini
[2011/04/15 07:37:26 | 001,598,576 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/07/12 21:44:02 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\niscdrau.dll
 
========== LOP Check ==========
 
[2011/12/22 09:28:29 | 000,000,000 | ---D | M] -- C:\Users\THG\AppData\Roaming\Ansys
[2011/09/12 11:43:31 | 000,000,000 | ---D | M] -- C:\Users\THG\AppData\Roaming\ControlCenter4
[2011/09/13 16:03:06 | 000,000,000 | ---D | M] -- C:\Users\THG\AppData\Roaming\FreePDF
[2011/09/08 16:29:54 | 000,000,000 | ---D | M] -- C:\Users\THG\AppData\Roaming\Fujitsu Launch Center
[2012/05/07 14:50:35 | 000,000,000 | ---D | M] -- C:\Users\THG\AppData\Roaming\IPU
[2011/09/09 08:14:53 | 000,000,000 | ---D | M] -- C:\Users\THG\AppData\Roaming\JabRef 2.7
[2011/09/12 11:22:46 | 000,000,000 | ---D | M] -- C:\Users\THG\AppData\Roaming\Nuance
[2012/02/07 08:49:49 | 000,032,624 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
Ist mein System jetzt wieder i.O.?

Viele Grüße...

Alt 15.05.2012, 08:51   #5
kira
/// Helfer-Team
 
System aus Sicherheisgründen gesperrt OTL Logfiles - Standard

System aus Sicherheisgründen gesperrt OTL Logfiles



Systemreinigung und Prüfung:

1.
Zitat:
Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)
Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript also - nach dem "Code", alles was in der Codebox steht:
Code:
ATTFilter
:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\..\SearchScopes,DefaultScope = 
[2012/05/14 14:32:02 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/14 14:20:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
         
  • und füge es hier ein:
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Klick auf .
  • OTL verlangt einen Neustart. Bitte zulassen.
  • Nach dem Neustart findest Du ein Textdokument.
    Kopiere den Inhalt hier in Deinen Thread.

2.
Java aktualisieren- über Systemsteuerung-> Nach Update suchen...
oder:
Downloade nun die Offline-Version von Java "Empfohlen Version 6 Update 32 " von Oracle und installiere sie. Achte darauf, eventuell angebotene Toolbars nicht mitzuinstallieren, also während der Installation den Haken bei der Toolbar entfernen.

3.
Tipps (unabhängig davon ob man den Internet Explorer benutzt oder nicht!):
-> Tipps zu Internet Explorer
-> Standard Suchmaschine des Explorers ändern
-> Wie kann ich den Cache im Internet Explorer leeren?

4.
reinige dein System mit CCleaner:
  • "CCleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
  • "Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
  • Starte dein System neu auf

5.
  • lade Dir SUPERAntiSpyware FREE Edition herunter.
    Achte darauf, eventuell angebotene Toolbar nicht mitzuinstallieren, also während der Installation den Haken bei der Toolbar (falls nötig), entfernen.
  • installiere das Programm und update online.
  • starte SUPERAntiSpyware und klicke auf "Ihren Computer durchsuchen"
  • setze ein Häkchen bei "Kompletter Scan" und klicke auf "Weiter"
  • anschließend alle gefundenen Schadprogramme werden aufgelistet, bei alle Funde Häkchen setzen und mit "OK" bestätigen
  • auf "Weiter" klicken dann "OK" und auf "Fertig stellen"
  • um die Ergebnisse anzuzeigen: auf "Präferenzen" dann auf den "Statistiken und Protokolle" klicken
  • drücke auf "Protokoll anzeigen" - anschließend diesen Bericht bitte speichern und hier posten

6.
Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen.
Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung

7.
-> Führe dann einen Komplett-Systemcheck mit Eset Online Scanner (NOD32)Kostenlose Online Scanner durch
Achtung!: >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<<

9.
erneut einen Scan mit OTL:
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?

__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Antwort

Themen zu System aus Sicherheisgründen gesperrt OTL Logfiles
adobe, adobe flash player, akamai, alternate, bho, defender, document, error, firefox, flash player, format, gesperrt, google earth, helper, logfile, monitor, national, nvidia, object, otl logfile, pdf, registry, required, rundll, scan, searchscopes, security, software, system, temp, usb, usb 3.0, virus



Ähnliche Themen: System aus Sicherheisgründen gesperrt OTL Logfiles


  1. 2x Computer gesperrt durch "BKA" ...Logfiles erstellt, aber konnten nicht gesendet werden -
    Mülltonne - 18.03.2014 (1)
  2. Nach Mail vom Abuse ist mein Ausgangsport für Mailversenden gesperrt-hier meine GMER Logfiles
    Log-Analyse und Auswertung - 11.03.2014 (5)
  3. Windows 7, Advanced System Protector hat sich selbst installiert, LogFiles nach Anleitung erstellt
    Log-Analyse und Auswertung - 29.11.2013 (13)
  4. Ungebetener Gast: "system care antivirus", Logfiles sind erstellt
    Plagegeister aller Art und deren Bekämpfung - 23.07.2013 (48)
  5. System Progressive Protection Logfiles nach entfehrnung
    Log-Analyse und Auswertung - 24.11.2012 (3)
  6. GVU-Trojaner, Rechner gesperrt, mit OTL schon Logfiles erstellt
    Plagegeister aller Art und deren Bekämpfung - 27.09.2012 (8)
  7. Bundespolizei hat ihren PC gesperrt - Erste Logfiles hängen an
    Log-Analyse und Auswertung - 19.08.2012 (3)
  8. 2. Rechner nach GVU Trojaner Entfernung: System jetzt sauber?(LogFiles dabei)
    Log-Analyse und Auswertung - 15.07.2012 (8)
  9. System Check Trojaner -> Logfiles angehängt
    Log-Analyse und Auswertung - 29.03.2012 (8)
  10. Windows gesperrt, 50 Euro-Abzocke, Logfiles
    Log-Analyse und Auswertung - 20.02.2012 (15)
  11. System gesperrt!
    Plagegeister aller Art und deren Bekämpfung - 20.02.2012 (5)
  12. Sicherheitswarnung - System gesperrt
    Plagegeister aller Art und deren Bekämpfung - 08.02.2012 (10)
  13. Windows VISTA aus sicherheisgründen gesperrt
    Plagegeister aller Art und deren Bekämpfung - 17.01.2012 (43)
  14. "Aus Sicherheitsgründen wurde ihr System (...)" Trojaner & mehr - Logfiles bereits vorhanden
    Log-Analyse und Auswertung - 12.01.2012 (21)
  15. Viele File not found in Logfiles, System befallen oder sauber?
    Log-Analyse und Auswertung - 01.06.2011 (9)
  16. Logfiles vorher/nachher, System wieder benutzbar??
    Log-Analyse und Auswertung - 19.03.2009 (0)
  17. TR/Dropper.Gen auf USB entdeckt - Rootkit im System! Bitte Logfiles checken!
    Log-Analyse und Auswertung - 22.01.2009 (3)

Zum Thema System aus Sicherheisgründen gesperrt OTL Logfiles - Hallo, jetzt hat es mich auch erwischt. Beim Surven auf einer (vermeindlich) seriösen Internetseite habe ich mir den Virus eingefangen, welcher meinen Benutzer sperrt und die o.g. Nachricht bei der - System aus Sicherheisgründen gesperrt OTL Logfiles...
Archiv
Du betrachtest: System aus Sicherheisgründen gesperrt OTL Logfiles auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.