Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Bundespolizei - Trojaner 1.13 - Window 7

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 24.07.2012, 11:04   #1
ibot87
 
Bundespolizei - Trojaner 1.13 - Window 7 - Standard

Bundespolizei - Trojaner 1.13 - Window 7



Hi,

ich habe seit heute auch den Trojaner, anscheinend Version 1.13. OS: Windows 7 64 Bit. Unten die Logs von Malwarebytes und OTL. Könnt ihr mir helfen?

Malwarebytes:
Code:
ATTFilter
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.24.03

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Tobi :: IBOT [Administrator]

24.07.2012 09:16:38
mbam-log-2012-07-24 (09-16-38).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 506381
Laufzeit: 15 Minute(n), 2 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKLM\SOFTWARE\Google\chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki (PUP.Funmoods) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Tobi\0.7164734256573202.exe (Trojan.Agent.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Otl.txt:
Code:
ATTFilter
OTL logfile created on: 24.07.2012 11:53:02 - Run 1
OTL by OldTimer - Version 3.2.54.1     Folder = C:\Users\Tobi\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7.85 Gb Total Physical Memory | 6.59 Gb Available Physical Memory | 83.96% Memory free
15.70 Gb Paging File | 14.58 Gb Available in Paging File | 92.86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111.79 Gb Total Space | 31.19 Gb Free Space | 27.90% Space Free | Partition Type: NTFS
 
Computer Name: IBOT | User Name: Tobi | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Tobi\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Programme\TortoiseSVN\bin\libsasl32.dll ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ()
MOD - C:\Program Files (x86)\Gemalto\PKCS11 for .NET V2 smart cards\gtop11dotnet.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (CxAudMsg) -- C:\Windows\SysNative\CxAudMsg64.exe (Conexant Systems Inc.)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (DirMngr) -- C:\Program Files (x86)\GnuPG\dirmngr.exe ()
SRV - (tvnserver) -- C:\Programme\TightVNC\tvnserver.exe (GlavSoft LLC.)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
SRV - (OpenVPNService) -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe ()
SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (AtherosSvc) -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe (Atheros Commnucations)
SRV - (niLXIDiscovery) -- C:\Program Files (x86)\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe (National Instruments Corporation)
SRV - (mxssvr) -- C:\Program Files (x86)\National Instruments\MAX\nimxs.exe (National Instruments Corporation)
SRV - (NITaggerService) -- C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe (National Instruments Corporation)
SRV - (NIDomainService) -- C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe (National Instruments Corporation)
SRV - (lkTimeSync) -- C:\Windows\SysWOW64\lktsrv.exe (National Instruments Corporation)
SRV - (lkClassAds) -- C:\Windows\SysWOW64\lkads.exe (National Instruments Corporation)
SRV - (NINetworkDiscovery) -- C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe (National Instruments Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (nimDNSResponder) -- C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe (National Instruments Corporation)
SRV - (niSvcLoc) -- C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe (National Instruments Corporation)
SRV - (NIApplicationWebServer64) -- C:\Programme\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe (National Instruments Corporation)
SRV - (NIApplicationWebServer) -- C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe (National Instruments Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (EgisTec Service) -- C:\Program Files (x86)\Acer Bio Protection\EgisService.exe (Egis Technology Inc. )
SRV - (EgisTec Ticket Service) -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe (Egis Technology Inc. )
SRV - (LkCitadelServer) -- C:\Windows\SysWOW64\lkcitdl.exe (National Instruments, Inc.)
SRV - (NILM License Manager) -- C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe (Macrovision Corporation)
SRV - (nipxirmu) -- C:\Windows\SysWOW64\nipxism.exe (National Instruments Corporation)
SRV - (nidevldu) -- C:\Windows\SysWOW64\nipalsm.exe (National Instruments Corporation)
SRV - (ni488enumsvc) -- C:\Windows\SysWOW64\nipalsm.exe (National Instruments Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (OpcEnum) -- C:\Windows\SysWOW64\Opcenum.exe (OPC Foundation)
SRV - (ANSYS, Inc. License Manager) -- C:\Programme\ANSYS Inc\Shared Files\Licensing\winx64\ansysli_server.exe (ANSYS, Inc.)
SRV - (GslShmSrvc) -- C:\Program Files (x86)\Gemalto\Classic Client\BIN\GslShmSrvc.exe (Gemalto)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (Ser2pl) -- C:\Windows\SysNative\drivers\ser2pl64.sys (Prolific Technology Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\drivers\btath_rcp.sys (Atheros)
DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\drivers\btath_lwflt.sys (Atheros)
DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\drivers\btath_hcrp.sys (Atheros)
DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\drivers\btath_flt.sys (Atheros)
DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\drivers\btath_bus.sys (Atheros)
DRV:64bit: - (btath_avdt) -- C:\Windows\SysNative\drivers\btath_avdt.sys (Atheros)
DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\drivers\btath_a2dp.sys (Atheros)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (NiViPxiK) -- C:\Windows\SysNative\drivers\NiViPxiKl.sys (National Instruments Corporation)
DRV:64bit: - (NiViPciK) -- C:\Windows\SysNative\drivers\NiViPciKl.sys (National Instruments Corporation)
DRV:64bit: - (nipalfwedl) -- C:\Windows\SysNative\drivers\nipalfwedl.sys (National Instruments Corporation)
DRV:64bit: - (nipalusbedl) -- C:\Windows\SysNative\drivers\nipalusbedl.sys (National Instruments Corporation)
DRV:64bit: - (NIPALK) -- C:\Windows\SysNative\drivers\nipalk.sys (National Instruments Corporation)
DRV:64bit: - (nifslk) -- C:\Windows\SysNative\drivers\nifslkl.sys (National Instruments Corporation)
DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (ni1065k) -- C:\Windows\SysNative\drivers\ni1065k.sys (National Instruments Corporation)
DRV:64bit: - (ni1045k) -- C:\Windows\SysNative\drivers\ni1045kl.sys (National Instruments Corporation)
DRV:64bit: - (nipxibrc) -- C:\Windows\SysNative\drivers\nipxibrc.sys (National Instruments Corporation)
DRV:64bit: - (ni1006k) -- C:\Windows\SysNative\drivers\ni1006k.sys (National Instruments Corporation)
DRV:64bit: - (nipxibaf) -- C:\Windows\SysNative\drivers\nipxibaf.sys (National Instruments Corporation)
DRV:64bit: - (nicsrk) -- C:\Windows\SysNative\drivers\nicsrkl.sys (National Instruments Corporation)
DRV:64bit: - (niraptrk) -- C:\Windows\SysNative\drivers\niraptrkl.sys (National Instruments Corporation)
DRV:64bit: - (nicondrk) -- C:\Windows\SysNative\drivers\nicondrkl.sys (National Instruments Corporation)
DRV:64bit: - (nicmrk) -- C:\Windows\SysNative\drivers\nicmrkl.sys (National Instruments Corporation)
DRV:64bit: - (niswdk) -- C:\Windows\SysNative\drivers\niswdkl.sys (National Instruments Corporation)
DRV:64bit: - (nidsark) -- C:\Windows\SysNative\drivers\nidsarkl.sys (National Instruments Corporation)
DRV:64bit: - (niufurk) -- C:\Windows\SysNative\drivers\niufurkl.sys (National Instruments Corporation)
DRV:64bit: - (nixsrk) -- C:\Windows\SysNative\drivers\nixsrkl.sys (National Instruments Corporation)
DRV:64bit: - (niemrk) -- C:\Windows\SysNative\drivers\niemrkl.sys (National Instruments Corporation)
DRV:64bit: - (niwfrk) -- C:\Windows\SysNative\drivers\niwfrkl.sys (National Instruments Corporation)
DRV:64bit: - (nissrk) -- C:\Windows\SysNative\drivers\nissrkl.sys (National Instruments Corporation)
DRV:64bit: - (niesrk) -- C:\Windows\SysNative\drivers\niesrkl.sys (National Instruments Corporation)
DRV:64bit: - (nistc3rk) -- C:\Windows\SysNative\drivers\nistc3rkl.sys (National Instruments Corporation)
DRV:64bit: - (nitiork) -- C:\Windows\SysNative\drivers\nitiorkl.sys (National Instruments Corporation)
DRV:64bit: - (nimsdrk) -- C:\Windows\SysNative\drivers\nimsdrkl.sys (National Instruments Corporation)
DRV:64bit: - (nidmxfk) -- C:\Windows\SysNative\drivers\nidmxfkl.sys (National Instruments Corporation)
DRV:64bit: - (nimxpk) -- C:\Windows\SysNative\drivers\nimxpkl.sys (National Instruments Corporation)
DRV:64bit: - (nimstsk) -- C:\Windows\SysNative\drivers\nimstskl.sys (National Instruments Corporation)
DRV:64bit: - (FTDIBUS) -- C:\Windows\SysNative\drivers\ftdibus.sys (FTDI Ltd.)
DRV:64bit: - (FTSER2K) -- C:\Windows\SysNative\drivers\ftser2k.sys (FTDI Ltd.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\drivers\RtsPStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (FPSensor) -- C:\Windows\SysNative\drivers\FPSensor.sys (Egis Technology Inc.)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (hhdspmc64) -- C:\Windows\SysNative\drivers\hhdspmc64.sys (HHD Software Ltd.)
DRV:64bit: - (nisdigk) -- C:\Windows\SysNative\drivers\nisdigkl.sys (National Instruments Corporation)
DRV:64bit: - (nicdrk) -- C:\Windows\SysNative\drivers\nicdrkl.sys (National Instruments Corporation)
DRV:64bit: - (ni488lock) -- C:\Windows\SysNative\drivers\ni488lock.sys (National Instruments Corporation)
DRV:64bit: - (nisftk) -- C:\Windows\SysNative\drivers\nisftkl.sys (National Instruments Corporation)
DRV:64bit: - (ninshsdk) -- C:\Windows\SysNative\drivers\ninshsdkl.sys (National Instruments Corporation)
DRV:64bit: - (nipxirmk) -- C:\Windows\SysNative\drivers\nipxirmkl.sys (National Instruments Corporation)
DRV:64bit: - (nispdk) -- C:\Windows\SysNative\drivers\nispdkl.sys (National Instruments Corporation)
DRV:64bit: - (niscdk) -- C:\Windows\SysNative\drivers\niscdkl.sys (National Instruments Corporation)
DRV:64bit: - (nimxdfk) -- C:\Windows\SysNative\drivers\nimxdfkl.sys (National Instruments Corporation)
DRV:64bit: - (NIEthernetDeviceEnumerator) -- C:\Windows\SysNative\drivers\niede.sys (National Instruments Corporation)
DRV:64bit: - (nipxigpk) -- C:\Windows\SysNative\drivers\nipxigpk.sys (National Instruments Corporation)
DRV:64bit: - (nidimk) -- C:\Windows\SysNative\drivers\nidimkl.sys (National Instruments Corporation)
DRV:64bit: - (nimdbgk) -- C:\Windows\SysNative\drivers\nimdbgkl.sys (National Instruments Corporation)
DRV:64bit: - (nipbcfk) -- C:\Windows\SysNative\drivers\nipbcfk.sys (National Instruments Corporation)
DRV:64bit: - (nistcrk) -- C:\Windows\SysNative\drivers\nistcrkl.sys (National Instruments Corporation)
DRV:64bit: - (nimru2k) -- C:\Windows\SysNative\drivers\nimru2kl.sys (National Instruments Corporation)
DRV:64bit: - (GemCCID) -- C:\Windows\SysNative\drivers\GemCCID.sys (Gemalto)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (niorbk) -- C:\Windows\SysNative\drivers\niorbkl.sys (National Instruments Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (nistc2k) -- C:\Windows\SysNative\drivers\nistc2kl.sys (National Instruments Corporation)
DRV:64bit: - (lvalarmk) -- C:\Windows\SysNative\drivers\lvalarmk.sys (National Instruments Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.funmoods.com/?f=1&a=ddrnw
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E2 FA C4 B7 47 29 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {C03BE1C2-5105-4E98-BDC0-3C437350A90F}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{C03BE1C2-5105-4E98-BDC0-3C437350A90F}: "URL" = hxxp://start.funmoods.com/results.php?f=4&a=ddrnw&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86
FF - prefs.js..extensions.enabledItems: firegestures@xuldev.org:1.5.7
FF - prefs.js..extensions.enabledItems: coc@ble.pl:2.2.0.3.7
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.6.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: autopager@mozilla.org:0.6.1.30
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..network.proxy.autoconfig_url: "hxxp://proxy.fem.tu-ilmenau.de/proxy.pac"
FF - prefs.js..network.proxy.backup.ftp: "141.24.53.249"
FF - prefs.js..network.proxy.backup.ftp_port: 3128
FF - prefs.js..network.proxy.backup.gopher: ""
FF - prefs.js..network.proxy.backup.gopher_port: 0
FF - prefs.js..network.proxy.backup.socks: "141.24.53.249"
FF - prefs.js..network.proxy.backup.socks_port: 3128
FF - prefs.js..network.proxy.backup.ssl: "141.24.53.249"
FF - prefs.js..network.proxy.backup.ssl_port: 3128
FF - prefs.js..network.proxy.ftp: "141.24.53.249"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.gopher: "www-proxy.t-online.de"
FF - prefs.js..network.proxy.gopher_port: 80
FF - prefs.js..network.proxy.http: "141.24.53.249"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "141.24.53.249"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.socks_version: 4
FF - prefs.js..network.proxy.ssl: "141.24.53.249"
FF - prefs.js..network.proxy.ssl_port: 3128
FF - prefs.js..network.proxy.type: 0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mozilla.zeniko.ch/SumatraPDF_Browser_Plugin: C:\Program Files (x86)\SumatraPDF\npPdfViewer.dll (Simon Bünzli)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKCU\Software\MozillaPlugins\@mozilla.zeniko.ch/SumatraPDF_Browser_Plugin: C:\Program Files (x86)\SumatraPDF\npPdfViewer.dll (Simon Bünzli)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Tobi\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Tobi\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{41ecbc0b-34d5-4cd4-935f-253a30e2cb7e}: C:\Program Files (x86)\Acer Bio Protection\FFExt [2012.05.03 18:48:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.20 19:23:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.07.11 07:30:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.06.16 13:29:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2012.05.03 18:14:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tobi\AppData\Roaming\mozilla\Extensions
[2012.07.14 22:40:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tobi\AppData\Roaming\mozilla\Firefox\Profiles\vtifbk7n.default\extensions
[2012.05.04 10:44:12 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Tobi\AppData\Roaming\mozilla\Firefox\Profiles\vtifbk7n.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2012.05.04 16:37:38 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\Tobi\AppData\Roaming\mozilla\Firefox\Profiles\vtifbk7n.default\extensions\DeviceDetection@logitech.com
[2012.05.06 22:16:34 | 000,001,799 | ---- | M] () -- C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\vtifbk7n.default\searchplugins\funmoods.xml
[2010.08.05 10:03:20 | 000,002,252 | ---- | M] () -- C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\vtifbk7n.default\searchplugins\ipv6-google-search.xml
[2009.09.23 16:21:50 | 000,000,952 | ---- | M] () -- C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\vtifbk7n.default\searchplugins\youtube-videosuche.xml
[2012.07.20 19:22:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.07.20 19:22:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions
[2012.06.04 12:18:35 | 000,505,801 | ---- | M] () (No name found) -- C:\USERS\TOBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTIFBK7N.DEFAULT\EXTENSIONS\{1280606B-2510-4FE0-97EF-9B5A22EAFE30}.XPI
[2012.06.24 12:26:25 | 000,344,664 | ---- | M] () (No name found) -- C:\USERS\TOBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTIFBK7N.DEFAULT\EXTENSIONS\AUTOPAGER@MOZILLA.ORG.XPI
[2012.02.14 01:26:20 | 000,131,094 | ---- | M] () (No name found) -- C:\USERS\TOBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTIFBK7N.DEFAULT\EXTENSIONS\SOCIALFIXER@MATTKRUSE.COM.XPI
[2012.07.17 23:15:12 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.06.09 18:05:10 | 000,025,088 | ---- | M] (National Instruments) -- C:\Program Files (x86)\mozilla firefox\plugins\nplv2010win32.dll
[2011.06.22 11:43:54 | 000,026,112 | ---- | M] (National Instruments) -- C:\Program Files (x86)\mozilla firefox\plugins\nplv2011win32.dll
[2009.10.22 09:28:40 | 000,028,448 | ---- | M] (National Instruments) -- C:\Program Files (x86)\mozilla firefox\plugins\NPLV82Win32.dll
[2008.12.10 14:49:34 | 000,023,040 | ---- | M] (National Instruments) -- C:\Program Files (x86)\mozilla firefox\plugins\nplv86win32.dll
[2010.10.19 18:15:20 | 000,025,088 | ---- | M] (National Instruments) -- C:\Program Files (x86)\mozilla firefox\plugins\nplv90win32.dll
[2012.07.17 23:52:25 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.07.17 23:52:25 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.07.17 23:52:25 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.17 23:52:26 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.17 23:52:25 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.17 23:52:25 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://start.funmoods.com/?f=1&a=ddrnw
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://start.funmoods.com/?f=1&a=ddrnw
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Tobi\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Tobi\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Tobi\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Java(TM) Platform SE 6 U32 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.320.5 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: SumatraPDF Browser Plugin (Enabled) = C:\Program Files (x86)\SumatraPDF\npPdfViewer.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Tobi\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Mail = C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (EgisPBIE Class) - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\Acer Bio Protection\x64\EgisPBIE.dll (Egis Technology Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (EgisPBIE Class) - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\Acer Bio Protection\EgisPBIE.dll (Egis Technology Inc.)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [tvncontrol] C:\Program Files\TightVNC\tvnserver.exe (GlavSoft LLC.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [NI Update Service] C:\Program Files (x86)\National Instruments\Shared\Update Service\NIUpdateService.exe (National Instruments)
O4 - HKLM..\Run: [niDevMon] C:\Program Files (x86)\National Instruments\NI-DAQ\HWConfig\nidevmon.exe (National Instruments Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [RegTool] C:\Program Files (x86)\Gemalto\Classic Client\BIN\RegTool.exe ()
O4 - HKLM..\Run: [VitaKeyTSR] C:\Program Files (x86)\Acer Bio Protection\EgisTSR.exe (Egis Technology Inc. )
O4 - HKCU..\Run: [Akamai NetSession Interface] "C:\Users\Tobi\AppData\Local\Akamai\netsession_win.exe" File not found
O4 - HKCU..\Run: [NIRegistrationWizard] C:\Program Files (x86)\National Instruments\Shared\RegistrationWizard\Bin\RegistrationWizard.exe ()
O4 - HKCU..\Run: [qdjwfoqfwctited] C:\ProgramData\qdjwfoqf.exe ()
O4 - HKCU..\Run: [StrokeIt] C:\Program Files (x86)\StrokeIt\StrokeIt.exe ()
O4 - Startup: C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Tobi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Psi.lnk = C:\Program Files (x86)\Psi\Psi.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll (National Instruments Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll (National Instruments Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 141.24.53.248 141.24.53.227
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5F08A7EE-2E62-4DA7-97F4-35E8590CDDF7}: DhcpNameServer = 141.24.53.248 141.24.53.227
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9F1DC218-ED83-43D8-AA5D-553FC02B8E21}: DhcpNameServer = 141.24.53.248 141.24.53.227
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9F1DC218-ED83-43D8-AA5D-553FC02B8E21}: Domain = fem.tu-ilmenau.de
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A9B1F1B3-A96F-4184-A918-084C10E8C9C6}: DhcpNameServer = 141.24.53.248 141.24.53.227
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A9B1F1B3-A96F-4184-A918-084C10E8C9C6}: Domain = fem.tu-ilmenau.de
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.24 11:39:36 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Tobi\Desktop\OTL.exe
[2012.07.24 09:15:56 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Roaming\Malwarebytes
[2012.07.24 09:15:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.24 09:15:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.24 09:15:53 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.24 09:15:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.07.24 08:47:32 | 000,000,000 | ---D | C] -- C:\ProgramData\lqdenbynwxmheay
[2012.07.19 17:29:18 | 000,000,000 | ---D | C] -- C:\Campus EM Griechenland
[2012.07.19 17:27:09 | 000,000,000 | ---D | C] -- C:\Fotos Campus EM Dänemark
[2012.07.19 15:34:56 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Roaming\MiKTeX
[2012.07.19 15:34:55 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Local\MiKTeX
[2012.07.19 15:33:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiKTeX 2.9
[2012.07.19 15:32:59 | 000,000,000 | ---D | C] -- C:\ProgramData\MiKTeX
[2012.07.19 15:32:02 | 000,000,000 | ---D | C] -- C:\Program Files\MiKTeX 2.9
[2012.07.19 13:01:11 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Roaming\xm1
[2012.07.19 12:54:53 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Texmaker
[2012.07.19 12:54:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Texmaker
[2012.07.19 12:54:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Texmaker
[2012.07.15 22:07:52 | 000,000,000 | ---D | C] -- C:\Users\Tobi\Documents\My Videos
[2012.07.15 22:07:51 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Local\CyberLink
[2012.07.15 22:05:33 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Crystal Eye Webcam
[2012.07.15 22:05:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acer
[2012.07.15 00:14:43 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Local\MetaGeek,_LLC
[2012.07.15 00:03:33 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MetaGeek
[2012.07.15 00:03:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MetaGeek
[2012.07.13 00:02:53 | 000,000,000 | ---D | C] -- C:\Users\Tobi\Desktop\Neuer Ordner
[2012.07.11 22:48:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JKI
[2012.07.11 22:48:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JKI
[2012.07.11 22:48:00 | 000,000,000 | ---D | C] -- C:\ProgramData\JKI
[2012.07.11 08:38:54 | 000,000,000 | ---D | C] -- C:\Users\Tobi\Documents\LabVIEW Data
[2012.07.11 07:25:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\cvirte
[2012.07.11 07:25:28 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\cvirte
[2012.07.11 07:24:58 | 000,000,000 | ---D | C] -- C:\ProgramData\IVI Foundation
[2012.07.11 07:24:58 | 000,000,000 | ---D | C] -- C:\Program Files\IVI Foundation
[2012.07.11 07:24:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IVI Foundation
[2012.07.11 07:22:56 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HI-TECH Software
[2012.07.11 07:22:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HI-TECH Software
[2012.07.11 07:22:02 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\National Instruments
[2012.07.11 07:16:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\National Instruments
[2012.07.11 07:16:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Merge Modules
[2012.07.11 07:16:27 | 000,000,000 | ---D | C] -- C:\Program Files\National Instruments
[2012.07.11 07:15:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\National Instruments
[2012.07.09 18:24:50 | 000,000,000 | ---D | C] -- C:\Users\Tobi\Documents\Arduino
[2012.07.09 18:24:50 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Roaming\Arduino
[2012.07.09 18:04:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tera Term
[2012.07.09 18:04:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\teraterm
[2012.07.09 16:46:30 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CommFront
[2012.07.09 16:46:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CommFront
[2012.07.09 16:41:59 | 000,039,472 | ---- | C] (HHD Software Ltd.) -- C:\Windows\SysNative\drivers\hhdspmc64.sys
[2012.07.09 16:41:59 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2012.07.09 16:41:58 | 000,000,000 | ---D | C] -- C:\Program Files\HHD Software
[2012.07.09 13:19:11 | 000,154,624 | ---- | C] (Prolific Technology Inc.) -- C:\Windows\SysNative\drivers\ser2pl64.sys
[2012.07.09 13:19:11 | 000,035,892 | ---- | C] (Prolific Technology Inc.) -- C:\Windows\SysWow64\SER9PL.sys
[2012.07.04 17:08:10 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Local\ElevatedDiagnostics
[2012.06.24 12:29:00 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012.06.24 12:27:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gemalto
[2012.06.24 12:27:50 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\GPinPad
[2012.06.24 12:27:50 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\gpccard
[2012.06.24 12:27:50 | 000,000,000 | ---D | C] -- C:\Program Files\Gemalto
[2012.05.04 17:23:55 | 001,157,352 | ---- | C] (SoftPerfect Research) -- C:\Program Files\netscan.exe
[2012.05.04 15:44:31 | 000,483,328 | ---- | C] (Simon Tatham) -- C:\Program Files\putty.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.24 11:51:53 | 000,000,168 | ---- | M] () -- C:\Users\Tobi\defogger_reenable
[2012.07.24 11:51:24 | 000,050,477 | ---- | M] () -- C:\Users\Tobi\Desktop\Defogger.exe
[2012.07.24 11:40:57 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.24 11:40:57 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.24 11:40:57 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.24 11:40:57 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.24 11:40:57 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.24 11:39:37 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Tobi\Desktop\OTL.exe
[2012.07.24 11:36:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.24 11:36:45 | 2028,212,223 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.24 09:16:13 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.24 08:59:25 | 000,020,496 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.24 08:59:25 | 000,020,496 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.24 08:47:33 | 000,000,051 | ---- | M] () -- C:\ProgramData\oizvggwsokvizxg
[2012.07.24 08:47:29 | 000,057,344 | ---- | M] () -- C:\ProgramData\qdjwfoqf.exe
[2012.07.24 08:32:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1075945210-3722903961-1690909599-1000UA.job
[2012.07.23 19:32:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1075945210-3722903961-1690909599-1000Core.job
[2012.07.23 15:15:05 | 000,000,600 | ---- | M] () -- C:\Users\Tobi\AppData\Local\PUTTY.RND
[2012.07.22 20:18:54 | 002,185,425 | ---- | M] () -- C:\Users\Tobi\Desktop\test.jpg
[2012.07.22 20:11:22 | 002,818,302 | ---- | M] () -- C:\Users\Tobi\Desktop\test.psd
[2012.07.20 01:11:40 | 007,918,974 | ---- | M] () -- C:\Users\Tobi\Desktop\dsc_1461.jpg
[2012.07.15 00:03:33 | 000,003,039 | ---- | M] () -- C:\Users\Tobi\Desktop\inSSIDer.lnk
[2012.07.14 00:17:20 | 005,220,627 | ---- | M] () -- C:\Users\Tobi\Desktop\ilm1-2010200304.pdf
[2012.07.12 13:24:34 | 000,095,920 | ---- | M] () -- C:\Users\Tobi\Desktop\Unbenannt-1.jpg
[2012.07.11 08:27:50 | 000,459,232 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.11 08:26:10 | 000,167,878 | ---- | M] () -- C:\Windows\SysWow64\niorbmap
[2012.07.11 07:20:26 | 000,001,092 | ---- | M] () -- C:\Users\Public\Desktop\Measurement & Automation.lnk
[2012.07.11 07:17:48 | 000,001,223 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NI Error Reporting.lnk
[2012.07.09 20:07:50 | 000,000,510 | ---- | M] () -- C:\Windows\SysNative\Simias.UninstallLog
[2012.07.09 20:07:50 | 000,000,468 | ---- | M] () -- C:\Windows\SysNative\iFolderApp.UninstallLog
[2012.07.09 20:07:32 | 000,000,024 | ---- | M] () -- C:\Users\Tobi\AppData\Local\domain.list
[2012.07.09 18:04:07 | 000,001,889 | ---- | M] () -- C:\Users\Tobi\Desktop\Tera Term.lnk
[2012.07.09 16:46:30 | 000,002,865 | ---- | M] () -- C:\Users\Tobi\Desktop\232Analyzer.lnk
[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.29 14:49:27 | 000,004,764 | ---- | M] () -- C:\Users\Tobi\Desktop\Unbenannt 1.csv
[2012.06.24 12:50:08 | 000,014,274 | ---- | M] () -- C:\Users\Tobi\Desktop\ImmatrikulationVS55362a74-fdfe-47a3-94e4-d68b9be99b6c.pdf
[2012.06.24 12:49:50 | 000,014,271 | ---- | M] () -- C:\Users\Tobi\Desktop\Immatrikulationfc795f5c-22f9-4e7e-a1a3-b5b639381b9e.pdf
 
========== Files Created - No Company Name ==========
 
[2012.07.24 11:51:53 | 000,000,168 | ---- | C] () -- C:\Users\Tobi\defogger_reenable
[2012.07.24 11:51:24 | 000,050,477 | ---- | C] () -- C:\Users\Tobi\Desktop\Defogger.exe
[2012.07.24 09:15:54 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.24 08:47:32 | 000,057,344 | ---- | C] () -- C:\ProgramData\qdjwfoqf.exe
[2012.07.24 08:47:29 | 000,000,051 | ---- | C] () -- C:\ProgramData\oizvggwsokvizxg
[2012.07.22 20:11:28 | 002,185,425 | ---- | C] () -- C:\Users\Tobi\Desktop\test.jpg
[2012.07.22 20:06:52 | 002,818,302 | ---- | C] () -- C:\Users\Tobi\Desktop\test.psd
[2012.07.20 01:11:39 | 007,918,974 | ---- | C] () -- C:\Users\Tobi\Desktop\dsc_1461.jpg
[2012.07.15 00:03:33 | 000,003,039 | ---- | C] () -- C:\Users\Tobi\Desktop\inSSIDer.lnk
[2012.07.14 00:17:20 | 005,220,627 | ---- | C] () -- C:\Users\Tobi\Desktop\ilm1-2010200304.pdf
[2012.07.12 11:10:49 | 000,095,920 | ---- | C] () -- C:\Users\Tobi\Desktop\Unbenannt-1.jpg
[2012.07.11 22:48:12 | 000,002,296 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LabVIEW Tools Network.lnk
[2012.07.11 22:48:11 | 000,002,067 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VI Package Manager.lnk
[2012.07.11 07:25:59 | 000,167,878 | ---- | C] () -- C:\Windows\SysWow64\niorbmap
[2012.07.11 07:20:26 | 000,001,092 | ---- | C] () -- C:\Users\Public\Desktop\Measurement & Automation.lnk
[2012.07.11 07:18:34 | 000,001,069 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\National Instruments LabVIEW 2011 (32 Bit).lnk
[2012.07.11 07:17:48 | 000,001,223 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NI Error Reporting.lnk
[2012.07.09 20:07:50 | 000,000,510 | ---- | C] () -- C:\Windows\SysNative\Simias.UninstallLog
[2012.07.09 20:07:50 | 000,000,468 | ---- | C] () -- C:\Windows\SysNative\iFolderApp.UninstallLog
[2012.07.09 18:04:07 | 000,001,889 | ---- | C] () -- C:\Users\Tobi\Desktop\Tera Term.lnk
[2012.07.09 16:46:30 | 000,002,865 | ---- | C] () -- C:\Users\Tobi\Desktop\232Analyzer.lnk
[2012.07.09 13:19:11 | 000,026,719 | ---- | C] () -- C:\Windows\SysWow64\SERSPL.VXD
[2012.06.29 14:26:09 | 000,004,764 | ---- | C] () -- C:\Users\Tobi\Desktop\Unbenannt 1.csv
[2012.06.24 12:50:09 | 000,014,274 | ---- | C] () -- C:\Users\Tobi\Desktop\ImmatrikulationVS55362a74-fdfe-47a3-94e4-d68b9be99b6c.pdf
[2012.06.24 12:49:55 | 000,014,271 | ---- | C] () -- C:\Users\Tobi\Desktop\Immatrikulationfc795f5c-22f9-4e7e-a1a3-b5b639381b9e.pdf
[2012.06.18 15:17:16 | 000,871,424 | ---- | C] () -- C:\Program Files\Vorlesungsverzeichnis-v1.19.exe
[2012.06.12 09:42:16 | 000,003,584 | ---- | C] () -- C:\Users\Tobi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.05.19 18:23:02 | 000,000,136 | ---- | C] () -- C:\Users\Tobi\file.err
[2012.05.13 14:07:31 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2012.05.13 14:07:31 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2012.05.13 14:07:31 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2012.05.08 19:46:28 | 001,590,378 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.05.06 17:29:35 | 000,000,600 | ---- | C] () -- C:\Users\Tobi\AppData\Roaming\winscp.rnd
[2012.05.05 09:37:10 | 000,000,024 | ---- | C] () -- C:\Users\Tobi\AppData\Local\domain.list
[2012.05.04 15:46:06 | 000,000,600 | ---- | C] () -- C:\Users\Tobi\AppData\Local\PUTTY.RND
[2012.05.03 21:53:48 | 000,007,605 | ---- | C] () -- C:\Users\Tobi\AppData\Local\Resmon.ResmonCfg
[2012.05.03 18:43:58 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2012.03.19 23:31:16 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012.03.19 23:31:16 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012.03.19 23:31:16 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012.03.19 23:25:58 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.03.19 22:21:14 | 013,212,672 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011.06.10 13:52:52 | 000,000,244 | ---- | C] () -- C:\Windows\SysWow64\nirpc.ini
[2011.03.23 11:54:44 | 000,050,272 | ---- | C] () -- C:\Windows\SysWow64\nispdu.dll
 
========== LOP Check ==========
 
[2012.05.08 20:39:42 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\.algor
[2012.05.19 18:26:19 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\Ansys
[2012.07.09 18:24:50 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\Arduino
[2012.05.08 21:00:29 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\Autodesk
[2012.05.11 13:40:18 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\DAEMON Tools Lite
[2012.05.08 17:33:21 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\DassaultSystemes
[2012.05.05 09:33:47 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\Downloaded Installations
[2012.07.24 09:33:34 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\Dropbox
[2012.05.04 16:34:45 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\e-academy Inc
[2012.05.08 19:38:11 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\EW4App
[2012.05.25 23:10:30 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\FileZilla
[2012.05.08 16:43:33 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\FreeCAD
[2012.07.23 01:05:32 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\gnupg
[2012.05.05 18:02:16 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\iFolder
[2012.06.06 09:48:35 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\InfraRecorder
[2012.06.01 16:56:20 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\IrfanView
[2012.05.04 16:39:30 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\Leadertech
[2012.05.22 20:09:47 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\LibreOffice
[2012.05.04 15:26:27 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\Notepad++
[2012.05.04 10:06:46 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\Psi+
[2012.05.05 09:36:59 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\simias
[2012.05.05 09:36:35 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\Subversion
[2012.05.03 22:00:22 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\SumatraPDF
[2012.05.04 12:28:09 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\TCB Networks
[2012.05.04 11:03:26 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\Thunderbird
[2012.05.26 12:07:13 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\TightVNC
[2012.07.19 15:29:44 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\xm1
[2009.07.14 07:08:49 | 000,015,750 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:1FB1CEE3
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:A1EDB939

< End of report >
         

Extras.txt:
Code:
ATTFilter
OTL Extras logfile created on: 24.07.2012 11:53:02 - Run 1
OTL by OldTimer - Version 3.2.54.1     Folder = C:\Users\Tobi\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7.85 Gb Total Physical Memory | 6.59 Gb Available Physical Memory | 83.96% Memory free
15.70 Gb Paging File | 14.58 Gb Available in Paging File | 92.86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111.79 Gb Total Space | 31.19 Gb Free Space | 27.90% Space Free | Partition Type: NTFS
 
Computer Name: IBOT | User Name: Tobi | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{968E3142-D80F-4EA2-9168-DF8A05E9D62E}" = lport=3389 | protocol=6 | dir=in | svc=termservice | app=%systemroot%\system32\svchost.exe | 
"{ECFB09EE-417F-48D0-A1E4-7380D5736BBD}" = lport=3389 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4F08CF52-B016-4A68-944C-1304C9C0BE35}" = protocol=6 | dir=in | app=c:\program files\national instruments\shared\ni webserver\applicationwebserver.exe | 
"{7D1BFEA2-7EB6-428A-B92E-11B160B6DF3B}" = protocol=17 | dir=in | app=c:\users\tobi\appdata\roaming\dropbox\bin\dropbox.exe | 
"{A1B3113F-9286-4EA1-BAA0-2168570E977B}" = dir=in | app=c:\program files\tightvnc\tvnserver.exe | 
"{C229CA86-D1D2-4089-A45B-2E31E803BAF1}" = protocol=17 | dir=in | app=c:\program files\national instruments\shared\ni webserver\applicationwebserver.exe | 
"{CD4A55A3-AC69-4910-B11D-11764353D2A1}" = protocol=17 | dir=in | app=c:\program files (x86)\national instruments\shared\ni webserver\systemwebserver.exe | 
"{D0E1BBB1-27FB-4791-AAB7-E3D6B6E1FD1B}" = protocol=6 | dir=in | app=c:\users\tobi\appdata\roaming\dropbox\bin\dropbox.exe | 
"{E9F3CA92-CAD3-46F6-BDA4-C9D733553497}" = protocol=6 | dir=in | app=c:\program files (x86)\national instruments\shared\ni webserver\systemwebserver.exe | 
"{EA30D05A-9AE8-4D94-8273-CA755C3AE4CD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"TCP Query User{0E99B79A-042B-4A52-8CBB-EE6687858FFB}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"TCP Query User{1E087AE5-1BB1-438B-AEF5-8656882557D6}C:\program files (x86)\psi\psi.exe" = protocol=6 | dir=in | app=c:\program files (x86)\psi\psi.exe | 
"TCP Query User{29CB8122-EA18-4986-B32E-377056373A9E}C:\program files (x86)\openvpn\bin\openvpn.exe" = protocol=6 | dir=in | app=c:\program files (x86)\openvpn\bin\openvpn.exe | 
"TCP Query User{2D7D562A-5637-49BE-9FA8-E427F5C95738}C:\users\tobi\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\tobi\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{3358AB32-3803-4E61-8C21-EB57BA0CEB06}C:\program files\ansys inc\v120\framework\bin\win64\ansysfww.exe" = protocol=6 | dir=in | app=c:\program files\ansys inc\v120\framework\bin\win64\ansysfww.exe | 
"TCP Query User{338FEF44-12F7-4900-AC6B-41C43380836F}C:\program files\ansys inc\v120\rsm\bin\ans.rsm.jmhost.exe" = protocol=6 | dir=in | app=c:\program files\ansys inc\v120\rsm\bin\ans.rsm.jmhost.exe | 
"TCP Query User{387674EA-0AB3-4630-B8B5-79BE6C8E0E79}C:\program files\ansys inc\v120\aisol\bin\winx64\ansyswbu.exe" = protocol=6 | dir=in | app=c:\program files\ansys inc\v120\aisol\bin\winx64\ansyswbu.exe | 
"TCP Query User{62972858-9BA5-4176-9287-365969C041D6}C:\program files\ansys inc\v120\rsm\bin\ans.rsm.shhost.exe" = protocol=6 | dir=in | app=c:\program files\ansys inc\v120\rsm\bin\ans.rsm.shhost.exe | 
"TCP Query User{65E5BC96-B0AB-446F-A765-947D3C63546C}C:\program files (x86)\psi+\psi-plus.exe" = protocol=6 | dir=in | app=c:\program files (x86)\psi+\psi-plus.exe | 
"TCP Query User{769339A7-75DA-4A44-85B3-F066C8EC244C}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{78A457D3-AB89-4FB8-9DC5-7AD15C1E01CB}C:\program files\ansys inc\v120\commonfiles\jre\winx64\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\ansys inc\v120\commonfiles\jre\winx64\bin\java.exe | 
"TCP Query User{7A0EB05A-BC05-4816-84C8-596FE97485FD}C:\users\tobi\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\tobi\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{846B335B-7ADC-45EF-B36E-CC4809FF110B}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"TCP Query User{84F222B0-DED4-43C8-9D77-BCD8CD9A9AA7}C:\program files (x86)\psi\psi.exe" = protocol=6 | dir=in | app=c:\program files (x86)\psi\psi.exe | 
"TCP Query User{88EEB672-5F98-4A5F-ADDD-5C747AC97E1C}C:\program files\ansys inc\v120\commonfiles\tcl\bin\winx64\wish.exe" = protocol=6 | dir=in | app=c:\program files\ansys inc\v120\commonfiles\tcl\bin\winx64\wish.exe | 
"TCP Query User{9130554A-FF6B-46D8-83F8-CED1042277EA}C:\program files\ansys inc\shared files\licensing\winx64\ansysli_client.exe" = protocol=6 | dir=in | app=c:\program files\ansys inc\shared files\licensing\winx64\ansysli_client.exe | 
"TCP Query User{99A829CE-A001-49D0-AECC-22E32AADA3B7}C:\program files\ansys inc\v120\aisol\bin\winx64\ansys.solvermanager.exe" = protocol=6 | dir=in | app=c:\program files\ansys inc\v120\aisol\bin\winx64\ansys.solvermanager.exe | 
"TCP Query User{A375F456-5763-447A-BADD-0B048CEAB687}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"TCP Query User{A40856FC-353E-4845-A764-15E3318DA84E}C:\program files\ansys inc\shared files\licensing\winx64\ansysli_client.exe" = protocol=6 | dir=in | app=c:\program files\ansys inc\shared files\licensing\winx64\ansysli_client.exe | 
"TCP Query User{A970DA90-1010-43DF-98A4-4DF918F4B4DE}C:\program files (x86)\national instruments\labview 2011\labview.exe" = protocol=6 | dir=in | app=c:\program files (x86)\national instruments\labview 2011\labview.exe | 
"TCP Query User{B50E475B-0C61-4F33-8D2A-0663BD46D79C}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{B6B1D14F-0152-4D17-B749-88D7FE4BF291}C:\program files\ansys inc\v120\rsm\bin\ans.rsm.jmhost.exe" = protocol=6 | dir=in | app=c:\program files\ansys inc\v120\rsm\bin\ans.rsm.jmhost.exe | 
"TCP Query User{C3217CD8-DDED-4130-8EBA-CE6505FE58D6}C:\program files\ansys inc\v120\framework\bin\win64\ansysfww.exe" = protocol=6 | dir=in | app=c:\program files\ansys inc\v120\framework\bin\win64\ansysfww.exe | 
"TCP Query User{C38201E2-7766-4E8E-8C3E-45CA78C4F21C}C:\program files\ansys inc\v120\commonfiles\tcl\bin\winx64\wish.exe" = protocol=6 | dir=in | app=c:\program files\ansys inc\v120\commonfiles\tcl\bin\winx64\wish.exe | 
"TCP Query User{D2C680C4-BD16-4B31-AF06-9C01C19543F3}C:\program files\ansys inc\v120\rsm\bin\ans.rsm.shhost.exe" = protocol=6 | dir=in | app=c:\program files\ansys inc\v120\rsm\bin\ans.rsm.shhost.exe | 
"TCP Query User{D820191C-5954-4142-8D55-DCF29567AFCF}C:\program files (x86)\openvpn\bin\openvpn.exe" = protocol=6 | dir=in | app=c:\program files (x86)\openvpn\bin\openvpn.exe | 
"TCP Query User{DB62BB06-7553-4EF4-9C4D-E215AB826E85}C:\program files (x86)\filezilla ftp client\filezilla.exe" = protocol=6 | dir=in | app=c:\program files (x86)\filezilla ftp client\filezilla.exe | 
"TCP Query User{ED8A04DE-3AC9-4CD0-B6C3-CF529DDFB4EA}C:\program files\ansys inc\v120\aisol\bin\winx64\ansyswbu.exe" = protocol=6 | dir=in | app=c:\program files\ansys inc\v120\aisol\bin\winx64\ansyswbu.exe | 
"TCP Query User{F0188D0F-60DD-4B3A-80C1-882E97A34E60}C:\program files\ansys inc\v120\aisol\bin\winx64\ansys.solvermanager.exe" = protocol=6 | dir=in | app=c:\program files\ansys inc\v120\aisol\bin\winx64\ansys.solvermanager.exe | 
"TCP Query User{FA8BFBCC-E47E-41B3-9944-800603765F34}C:\program files (x86)\filezilla ftp client\filezilla.exe" = protocol=6 | dir=in | app=c:\program files (x86)\filezilla ftp client\filezilla.exe | 
"TCP Query User{FF1B2041-858E-4249-8565-FA30BEB6935B}C:\users\tobi\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\tobi\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{0BE82192-3B06-4F3D-8ABA-9686A50E2D89}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{0BEFB6CE-3E7F-49BF-B777-FB63CC202E7D}C:\program files (x86)\psi+\psi-plus.exe" = protocol=17 | dir=in | app=c:\program files (x86)\psi+\psi-plus.exe | 
"UDP Query User{0EDFD3C8-39DE-4857-9E80-CF8569A63EBF}C:\program files\ansys inc\v120\rsm\bin\ans.rsm.jmhost.exe" = protocol=17 | dir=in | app=c:\program files\ansys inc\v120\rsm\bin\ans.rsm.jmhost.exe | 
"UDP Query User{1E8993AA-9381-40E5-A996-0D97E9213EAA}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{1FB58EE1-8F90-475B-9465-E15A3ABF5B6F}C:\program files\ansys inc\shared files\licensing\winx64\ansysli_client.exe" = protocol=17 | dir=in | app=c:\program files\ansys inc\shared files\licensing\winx64\ansysli_client.exe | 
"UDP Query User{21FAF04C-163F-4735-A4DE-4791B7AD8D76}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"UDP Query User{3202F427-A592-4B31-97E1-BF34376897CB}C:\users\tobi\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\tobi\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{33E2DD11-E064-4B11-A1C2-C3841E7B42DC}C:\program files\ansys inc\v120\commonfiles\jre\winx64\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\ansys inc\v120\commonfiles\jre\winx64\bin\java.exe | 
"UDP Query User{3D52A538-C013-4864-8EF6-A267E8440A07}C:\program files\ansys inc\v120\rsm\bin\ans.rsm.jmhost.exe" = protocol=17 | dir=in | app=c:\program files\ansys inc\v120\rsm\bin\ans.rsm.jmhost.exe | 
"UDP Query User{49595CF0-68F6-4139-9985-509A883954CD}C:\program files (x86)\psi\psi.exe" = protocol=17 | dir=in | app=c:\program files (x86)\psi\psi.exe | 
"UDP Query User{5957B05B-8063-4AA8-9184-57C38593E46A}C:\program files\ansys inc\v120\aisol\bin\winx64\ansys.solvermanager.exe" = protocol=17 | dir=in | app=c:\program files\ansys inc\v120\aisol\bin\winx64\ansys.solvermanager.exe | 
"UDP Query User{5CCBD879-4438-4FED-A87C-6DC4118E4788}C:\program files\ansys inc\v120\aisol\bin\winx64\ansys.solvermanager.exe" = protocol=17 | dir=in | app=c:\program files\ansys inc\v120\aisol\bin\winx64\ansys.solvermanager.exe | 
"UDP Query User{6FE06232-195B-49DC-B177-102C31E22622}C:\program files\ansys inc\v120\rsm\bin\ans.rsm.shhost.exe" = protocol=17 | dir=in | app=c:\program files\ansys inc\v120\rsm\bin\ans.rsm.shhost.exe | 
"UDP Query User{7392714C-DDDE-4997-82A3-2A3BCF21ABB9}C:\program files\ansys inc\v120\commonfiles\tcl\bin\winx64\wish.exe" = protocol=17 | dir=in | app=c:\program files\ansys inc\v120\commonfiles\tcl\bin\winx64\wish.exe | 
"UDP Query User{7B0058D7-4703-440A-AC43-CC83FF0FF936}C:\program files\ansys inc\shared files\licensing\winx64\ansysli_client.exe" = protocol=17 | dir=in | app=c:\program files\ansys inc\shared files\licensing\winx64\ansysli_client.exe | 
"UDP Query User{87DB5A61-986D-4521-9F8E-99F7ECE8EB6C}C:\program files\ansys inc\v120\commonfiles\tcl\bin\winx64\wish.exe" = protocol=17 | dir=in | app=c:\program files\ansys inc\v120\commonfiles\tcl\bin\winx64\wish.exe | 
"UDP Query User{880D42AA-A2FB-4D24-9059-E2D55FABCFA6}C:\program files (x86)\filezilla ftp client\filezilla.exe" = protocol=17 | dir=in | app=c:\program files (x86)\filezilla ftp client\filezilla.exe | 
"UDP Query User{9596493A-2705-415E-B52C-8A255BB29458}C:\users\tobi\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\tobi\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{A255568C-8A5A-47B2-A031-D5849A6C8519}C:\users\tobi\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\tobi\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{AD52665C-E7E2-47C4-AA14-35C7A23F505A}C:\program files (x86)\openvpn\bin\openvpn.exe" = protocol=17 | dir=in | app=c:\program files (x86)\openvpn\bin\openvpn.exe | 
"UDP Query User{B68F25FC-33BD-4418-8504-AE8311D2B694}C:\program files (x86)\filezilla ftp client\filezilla.exe" = protocol=17 | dir=in | app=c:\program files (x86)\filezilla ftp client\filezilla.exe | 
"UDP Query User{B7309AE0-4FD6-479B-9782-A34393C613EC}C:\program files\ansys inc\v120\aisol\bin\winx64\ansyswbu.exe" = protocol=17 | dir=in | app=c:\program files\ansys inc\v120\aisol\bin\winx64\ansyswbu.exe | 
"UDP Query User{D6A20F15-ABC7-4533-9CF6-780A708531AD}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{DDE95222-0051-4862-83F9-2A372FECD8D9}C:\program files (x86)\psi\psi.exe" = protocol=17 | dir=in | app=c:\program files (x86)\psi\psi.exe | 
"UDP Query User{DEF20748-8130-4C10-8CF3-D7698ABE6C83}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{E6A4BAB7-F008-49B7-A3D8-0B38D67D174A}C:\program files\ansys inc\v120\framework\bin\win64\ansysfww.exe" = protocol=17 | dir=in | app=c:\program files\ansys inc\v120\framework\bin\win64\ansysfww.exe | 
"UDP Query User{E7EADF3C-D947-4510-BD6D-A9F05E97752C}C:\program files\ansys inc\v120\rsm\bin\ans.rsm.shhost.exe" = protocol=17 | dir=in | app=c:\program files\ansys inc\v120\rsm\bin\ans.rsm.shhost.exe | 
"UDP Query User{F60DCBB4-28AD-4AFE-A042-AC552828CDBA}C:\program files\ansys inc\v120\framework\bin\win64\ansysfww.exe" = protocol=17 | dir=in | app=c:\program files\ansys inc\v120\framework\bin\win64\ansysfww.exe | 
"UDP Query User{FBD10287-6FAB-4BED-A917-9F1F75C7C758}C:\program files\ansys inc\v120\aisol\bin\winx64\ansyswbu.exe" = protocol=17 | dir=in | app=c:\program files\ansys inc\v120\aisol\bin\winx64\ansyswbu.exe | 
"UDP Query User{FC357F0D-40DC-444E-A0D5-4B56773E34D2}C:\program files (x86)\openvpn\bin\openvpn.exe" = protocol=17 | dir=in | app=c:\program files (x86)\openvpn\bin\openvpn.exe | 
"UDP Query User{FDC42AD8-D97F-474F-ACDC-2C0D44F602F8}C:\program files (x86)\national instruments\labview 2011\labview.exe" = protocol=17 | dir=in | app=c:\program files (x86)\national instruments\labview 2011\labview.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{020DFD6B-8032-4237-9B68-BC5B1E42A684}" = NI Ethernet Device Enumerator 64-Bit
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0548BBBB-0511-4EF0-93E5-1234B023CB09}" = NI-DAQmx Switch Core for 64 Bit Windows 2.2.0
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0B7AFE8D-1265-4025-AD23-3624CEAD4F3C}" = NI Xalan Delay Load 1.10.1 64-bit
"{0B94017B-7924-4774-8444-16B992B4EA4E}" = NI STC for 64 Bit Windows 1.10.0
"{0D5534F6-AF96-489F-A69F-082199EE027F}" = NI Authentication 2.0 (64-bit)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{133458D4-55CA-4D3C-A83E-52156CCE3ACB}" = NI IVI Class Drivers (64-bit)
"{15707222-66D9-4053-B0B3-4F1071565E1A}" = NI-488.2 for Windows x64 version 2.8.1
"{1778742E-59D3-4090-AB8A-DAA281D66772}" = NI Assistant Framework 64-bit
"{1BA584C3-654B-4162-B1A3-386B05C3C2BC}" = NI IVI Compliance Package 4.4 (64-bit)
"{1C174277-CE5D-44A2-888F-2522A8B4739D}" = NI DataSocket 4.9 (64 Bit)
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{253843AC-CF8F-4F4C-B942-59FE46BD7C84}" = NI PXI Platform Framework 1.3.2 64-bit
"{29D5C4E9-1956-4F06-AA30-88CAEA33E1C1}" = NI-DAQmx MAX Support 64-bit 2.2.0
"{2C304E7A-A1E0-4E56-8679-7B7FC80BE6BE}" = NI-RPC 4.2.2f0 for 64 Bit Windows
"{3268C8FE-AEA7-48A0-ACA5-776CF8A9852F}" = NI-MDBG 1.10.0f0 for 64 Bit Windows
"{33E1FE8C-739F-479C-BDB2-E4D3D6BC1C54}" = NI FSL Installer for 64-Bit Windows 1.13.0
"{36399014-1508-46F3-A31B-379C3B1FC451}" = NI-DAQmx/LabVIEW shared documentation for 64 Bit Windows 1.9.5
"{36EA334E-C5A9-4A63-8C6C-0145A1242760}" = NI-MRU 2.11.1f0 for 64 Bit Windows
"{394E442A-637D-43EF-B402-4CFD88263CF0}" = Broadcom Gigabit Integrated Controller
"{3AFD5259-24B6-4332-8EEF-9947200DF693}" = NI GMP Windows 64-bit Installer 11.0.0
"{4168FF33-8D45-40B3-B2A8-FD91BB2A1BA0}" = NI mDNS Responder 1.6 for Windows 64-bit
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4E07E126-991F-4BA4-A0B9-35A54DAB3B33}" = NI-ORB 1.9.3f0 for 64 Bit Windows
"{4EBBC187-6988-4B10-A846-E1DBD2AD2B8D}" = NI Math Kernel Libraries (64-bit)
"{4EE0B022-366F-432B-98C6-4EB27C87774E}" = NI Math Kernel Libraries (64-bit)
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{50B2D9D8-87B6-49EE-BC5C-874119FD6B7B}" = NI Xerces Delay Load 2.7.3 64-bit
"{53794485-921A-4C71-8E82-6F5A15E9ECBA}" = NI Network Discovery 5.0 for Windows 64-bit
"{55C0A3D4-E95F-4C7D-98CE-2A01353B06EF}" = NI Common Digital for 64 Bit Windows 1.13.0
"{5780B596-E0C0-4E78-8671-6C80D2913366}" = NI TDMS (64-bit)
"{5783F2D7-B028-0409-0100-0060B0CE6BBA}" = DWG TrueView 2013
"{59AEDF7C-0D51-48A1-8829-3B4343319B68}" = NI-MXDF 1.11.5f1 for 64 Bit Windows
"{5C720EE4-F6A5-4BAD-ABC4-745D3D720EC9}" = NI Timing for 64 Bit Windows 2.3.0
"{5E3886A4-EAFC-40F6-A03E-14E594B1037D}" = NI Curl 1.1 (64-bit)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{678EB05F-D317-48C9-9C67-E33AE7C0F900}" = NI MXS 5.0.0 for 64 Bit Windows
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{723DFC01-183D-40E9-AE2E-4314ABC558D7}" = NI-653x Installer for 64 Bit Windows 1.9.4
"{75DD2A7A-D54F-4C1F-AE1F-5F023EDCCB26}" = NI RTSI UI Provider for 64 Bit Windows 1.0.0
"{8011A67E-2702-4A4E-867E-F491EF8A04B3}" = TightVNC
"{803E7FD0-02FE-440E-990A-77B0E50EC30B}" = NI Web Application Server 2.0 (64-bit)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{82DA2AE0-AC4B-4D34-BE7D-B4C720A1E7D2}" = NI VC2008MSMs x64
"{85B6FB54-339C-497E-80D5-1FC27E31CD27}" = NI-MX Expert Framework for 64 Bit Windows 2.8.0
"{86D21310-28DA-4843-83A8-17807E6A846B}" = NI MIO Device Drivers for 64 Bit Windows 2.6.0
"{88E18DCA-12DF-477F-9921-A804BC43AD3B}" = NI Calibration Provider Help for 64 Bit Windows
"{895C2A25-8CB1-4DFE-9816-030841464F74}" = NI-DIM 1.11.0f0 for 64 Bit Windows
"{899576E7-3569-417F-8EFE-EB881BE22EDE}" = NI MAX Remote Configuration 64-bit Installer 5.0
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D4DAF79-8A5A-4469-9AB6-FC8B411AD8F7}" = Classic Client 6.0 for 64 bits
"{8E245224-4496-44F3-8229-69AD3000BA28}" = NI RTSI Cable Core Installer for 64 Bit Windows 1.0.0
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{922317D8-F321-4F43-9D50-03399CECD597}" = NI MAX Support for 64 Bit Windows
"{93142995-F7F2-41A3-990C-0A9041E8A788}" = NI-DAQmx Documentation for 64 bit Windows 9.3.5
"{974391A4-9358-4122-951C-CE73EF490A40}" = NI System Configuration Runtime 5.0.0 for Windows 64-bit
"{9852ECEE-C1A0-4D3B-9702-00097BD8BE80}" = NI System State Publisher (64-bit)
"{99ACA06A-648E-4045-BF5C-A79EC35DBEE9}" = NI Trace Engine (64-bit)
"{9CE96256-FAF1-4E48-9CA1-02F7ED80A2E6}" = NI Logos64 5.3.0
"{A000F75A-A246-44A7-8079-9E9E7F9054B2}" = BioExcess
"{A2B07F9D-69FA-4BE8-A6B0-C0F13B5EDE62}" = NI USI 1.9.0 64-Bit
"{A336BF29-66E7-429E-A879-90B63A597496}" = NI IVI Engine (64-bit)
"{AC4088C0-E5F7-45F1-ACAB-0FB1C78AFA3F}" = NI Variable Engine (64-bit)
"{ACDE2A50-97CF-47FE-B92C-ED8147F85A9D}" = NI VC2005MSMs x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B0E1F009-F570-4114-AA2D-95788A3E3EAA}" = NI-APAL 2.1 64-Bit Error Files
"{B262144E-0AD8-44DF-A733-82409F88A3C8}" = NI IVI Class Simulation Drivers (64-bit)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 268.83
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 268.83
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 268.83
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.22.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B3ACDAEB-08E0-41F8-8789-D0A333AE4964}" = NI System Web Server Base 2.0 (64-bit)
"{B8F5F1F7-0A7B-4265-AAD5-AACFC4EA8E73}" = NI Dynamic Signal Acquisition for 64 Bit Windows 2.2.0
"{B9254715-D10D-4B4B-B002-54CBA61E6F64}" = NI LabVIEW Broker (64 bit)
"{C8786BF1-0278-4DAF-8015-EAF94CDF2F0C}" = NI-MXLC LabVIEW 2011 Support
"{CCC79B52-19CF-4A50-BE60-AEE3DE96B3EA}" = NI Web Pipeline 2.0.1 64-bit support
"{CCD7A659-74D4-4577-A3FE-4E5C8C3AEF14}" = NI-PAL 2.7.0f0 for 64 Bit Windows
"{CFCC7864-15DB-46AB-96A2-69F716E7D963}" = NI Logos64 XT Support
"{CFE1A50A-762C-4802-82F0-AD3F2B08CF7A}" = NI-VISA 5.1.0 64-bit Support
"{D198B514-B24E-43FC-AE19-E634F48B928C}" = NI System API Windows 64-bit 5.0.0
"{D2D22BEE-B7F1-49D0-9ED6-86D0B2CEDFAD}" = TortoiseSVN 1.7.6.22632 (64 bit)
"{D5D8BFCD-C9F4-488A-B660-8876D02AA572}" = NI Portable Configuration for 64 Bit Windows 5.0.0
"{D6B2A074-836C-47C2-88B0-270C29192F3D}" = NI RTSI PAL Device Library Installer for 64 Bit Windows 1.0.0
"{D7CCDF1B-6819-4003-87BB-F6F1BDC48C2E}" = NI-MXLC LabVIEW 2009 Support
"{D91ACEAA-C14F-4172-8AF1-AD40FEE8E325}" = NI-MXLC Core (64-bit)
"{D9F81649-D7A6-4FA0-856C-76CDB1120F9D}" = NI Spy Windows 64 Support 3.0.0
"{DA798CB8-D760-47CC-BC55-AA864E8D22F1}" = NI DAQ Assistant 64-bit 2.0.0
"{DD9D1FE4-43FC-4FE2-940A-33A95F2AB348}" = NI LabWindows/CVI 2009 Run-Time Engine (64-bit)
"{E3867DF9-81D4-40BC-880C-1F134FECF995}" = NI Help Assistant (64bit)
"{E45B7F5F-A814-4C15-A0D6-14CEE02AD72D}" = NI SSL Support (64-bit)
"{E6819B9C-7279-4EFC-8426-968DB116F545}" = NI-VISA 5.1.0 Provider 64-bit Support
"{E807BDD0-9A9F-453B-992A-927F9499B668}" = NI PXI Hardware 64-bit Support 2.6.2
"{E9F226A6-A0FB-4077-B47E-DFB44825C659}" = NI-MXLC LabVIEW 2010 Support
"{EDC7187A-CA7C-472E-81CD-84806FDB1B6F}" = NI Math Kernel Libraries (64-bit)
"{F35499BF-B4E7-4C3F-8769-229D9DE3E07E}" = IVI Shared Component 64-bit
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F63D3568-80A4-47AB-B97D-8988DF18BD0C}" = NI TDM Excel Add-In 3.3 64-bit
"{F71335BF-CF6B-4ACC-ABCE-BA9DF2031DB8}" = VISA Shared Components 64-Bit
"{F9F02D3A-2CF2-496A-B6BF-C63BD11738A2}" = NI SCXI for 64 Bit Windows 1.15.0
"{FB585470-EFFC-461E-9302-27CA43DD3A74}" = NI PXI SystemAPI Expert 64-bit 2.6.2
"{FDA5F940-CC93-4F8C-9316-A0E887A6FDAD}" = NI-VISA x64 support 5.1.1
"Broadcom 802.11 Network Adapter" = Broadcom 802.11 Network Adapter
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"MiKTeX 2.9" = MiKTeX 2.9
"sp6" = Logitech SetPoint 6.32
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 2.0.1
"WinRAR archiver" = WinRAR 4.11 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0093CF58-3A00-46E0-A3E2-3E684E20C6A6}" = NI Instrument I/O Assistant
"{010A2C18-0830-45A0-BE2B-DD37A2D8A2FE}" = NI LabVIEW Run-Time Engine Interop 2011
"{0123C12C-3DEC-4428-ACE3-2E6676BAB894}" = NI STC 1.10.0
"{01415FEA-D7D9-40CF-9370-AF74ABC1AE39}" = NI System API Web-Servce 32-bit 5.0.0
"{01AC4D6A-05F0-4158-95E7-FC299961B50A}" = NI Math Kernel Libraries
"{033F0FD6-07E0-414A-8367-51EB862EFE12}" = Runtime für den NI-Systemkonfigurator 5.0.0
"{043955AD-7E11-4B6D-A317-B72F7BB87736}" = NI Assistant Framework LabVIEW 2011 Support
"{05617B99-0727-4FFB-AC8E-8F6427799C8F}" = NI-DAQmx/LabVIEW shared documentation 1.9.5
"{05C030B8-DC4F-489D-B86B-FC6B7DB3F607}" = NI SSL LabVIEW 2011 Support
"{0605BA5B-7041-482E-A7DC-C1B55DB6046A}" = NI-MXLC LabVIEW 2011 Support
"{066F687E-1CA0-4D94-A2C9-F8E6E817F4CB}" = NI LabVIEW Run-Time Engine 2011
"{070E052E-8D36-4B7E-B640-C75F12B2A76E}" = NI LabVIEW SignalExpress 2011 Licenses
"{08B760EF-E028-45B1-80E2-624F9C54F4CE}" = NI-MXLC Core (32-bit)
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{0B851303-5BA7-4C49-A9E1-59AAE27F663C}" = NI Ethernet Device Enumerator
"{0BD06981-453D-4336-9A47-5A0231B5CB22}" = NI-Netzwerkbrowser 5.0.0
"{0F49F0AC-B14D-40B7-9848-EBA6B3A5C123}" = NI LabWindows/CVI 2009 Run-Time Engine
"{0FD812C9-3BBE-4CC5-A43C-B7304E3EC581}" = NI Web Pipeline 2.0.1
"{105271B2-81E8-4C84-B820-590BFBC5F958}" = NI IVI Compliance Package 4.4
"{112FE5D5-EB7A-4795-B906-79FB08E936C6}" = NI-RPC 4.2.0f0 for Phar Lap ETS
"{126A258A-DF8C-4EF2-9780-0EEA4C76CE6D}" = NI Logos LabVIEW 2011 Support
"{1534B787-736A-404A-9983-B6952846E057}" = NI-DAQmx Documentation 9.3.5
"{16AE16D2-8895-4E4A-A6D5-7EB9055B6517}" = NI I/O Trace API LV2011
"{16DF18C7-7F56-48A4-9CDE-CB699DBB5B16}" = NI IVI Class Driver LabVIEW 2011 Support
"{1848995E-B449-4549-A914-2CEBC0BA27F2}" = NI IVI Online Help
"{1A609A84-71AF-4D96-962B-E060D34FD4AB}" = NI MetaSuite Installer
"{1B5ABB51-8AAB-4FBA-8987-9A8820756E2B}" = NI USI 1.9.0
"{1C6CED43-A5C1-4291-AA5C-912F26B90150}" = NI RTSI Cable Core Installer 1.0.0
"{1CC6055C-CF22-4FF3-A92E-2B8F7B505173}" = NI-MDBG 1.10.0f0
"{1D4843A4-5AE6-4CDF-BBC6-62DB47F5B381}" = NI RTSI PAL Device Library Installer 1.0.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200927E3-5E45-493A-9343-508613BC59CE}" = NI LabVIEW Web Services Runtime
"{21816DDC-3737-4CD2-914A-82567EF6B928}" = NI-DAQ C and VB6 API 2.3.0
"{22923F17-B592-4A7F-84A8-18F3BFC13B94}" = NI Microsoft Silverlight Wrapper
"{22940D8E-2DE3-4A0E-A75C-1F1A9F5C5190}" = NI-MXLC LabVIEW 2010 Support
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{24EEDE86-3CB5-485D-91E3-F630273A08FF}" = NI LabVIEW SignalExpress 2011 Core LabVIEW Support
"{268B0789-E2BF-4836-BF05-A6140B4983CA}" = NI MAX Remote Configuration Installer 5.0
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{27111B7A-97FE-46BD-81F9-4E87737DF803}" = NI LabVIEW 2011 MeasAppChm File
"{27286309-2433-4B7E-93AA-95C6D25DA08A}" = NI-MX Expert Framework 2.8.0
"{28C70D19-6DE9-43EF-BFA3-342F4A11B727}" = LibreOffice 3.5
"{292382C0-61F7-458A-9008-55F272A4DD9C}" = NI Logos 5.3.0
"{298008B1-AD82-4791-9BB8-863AD1408492}" = NI Uninstaller
"{2ADC660A-77C9-4A6C-9D4B-5E48A27BCA10}" = NI Help Assistant
"{2BC9B2CE-D569-4ADC-A8A0-170F2FD57139}" = NI LabVIEW 2010 Real-Time NBFifo
"{2DBC8A34-0646-4F3D-B005-414E317FB281}" = NI Circuit Design Suite 11.0.2 Edu Licenses
"{326913E3-E0AF-42A0-8860-BC4B9026DFA3}" = NI System Configuration 5.0.0 LabVIEW Support
"{32C26756-A756-43D2-900D-92CB44316602}" = NI Calibration Provider for MAX 5.0.0
"{3363E5BE-7FBF-424B-B26C-0041CE837DD0}" = NI LabVIEW SignalExpress 2011 Core LabVIEW 2011 Support
"{33AAA123-A24A-46A7-8CD6-F03C5B375033}" = NI TDM Excel Add-In 3.3
"{397E268E-FB51-4C23-A496-1031B8F1CCEE}" = NI AFW UI Assemblies
"{3A1504FB-7067-4E46-9AFA-A3C29C95E4DC}" = NI LabVIEW Run-Time Engine 8.2.1
"{3AC01660-F640-4AFB-A25E-082B260C025C}" = WIF Core Dependencies Windows 5.0.0
"{3AE9153C-1E52-4B6B-9405-FE403342A3C8}" = NI-Update-Dienst 2.0
"{3B12BE74-0FE6-4296-9ACC-C909CEAD8BB9}" = NI-DAQmx ADE Support 9.3.5
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3CF95105-5857-4852-BF20-764B69C1881D}" = NI LabVIEW 2011
"{3D1F6E51-C98C-4C01-8170-D2DBF2837F13}" = NI LabVIEW Merge Utility 11.0.0
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{4067DBF1-91AF-445E-A34E-00707F214B49}" = NI IVI Class Simulation Drivers
"{40A3EF24-FBB9-4261-84BF-D1C312680C5B}" = NI FSL Installer 1.13.0
"{415780C0-4A19-4567-AAAE-10CCB9832B13}" = NI-RPC 4.2.2f0 for Phar Lap ETS
"{4159DD60-49C1-4323-A1A5-FB060CBA35C5}" = NI Measurement Studio Recipe Processor
"{416B50BB-64CE-46C5-81A6-7F842CC35CDC}" = NI LabVIEW MAX XML
"{45C5DE6E-85AB-466E-9A6F-8BAB11EE0EDD}" = NI Web Interface Framework 2.0
"{46ADBF7F-868A-4625-9546-14355105AC50}" = NI IVI Provider for MAX
"{46BF7707-A511-47E7-B118-0E53DCA1A0EA}" = NI Remote PXI Provider for MAX 5.0.0
"{4967DB4F-07FC-4443-8287-C9C1B0D1C8FA}" = NI Variable Engine LabVIEW 2011 Support
"{49F05354-04F7-4AE4-8434-9E7B5462C727}" = NI DN 2.0 SP1 installer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA402A7-4547-4E1A-A034-1DF609A6CCA9}" = NI LabVIEW SignalExpress 2011 Datatypes LabVIEW 2011 Support
"{4BDAF6F8-8C28-49FD-8FA7-CEE3E9E9BAD4}" = NI LabVIEW 2011 Simulation
"{4BEFB7C6-F103-42FB-9482-861C6D9690A0}" = NI LabVIEW Compare Utility 11.0.0
"{4C16AC07-1EEE-48E5-8DAE-CCB1BA9F90E9}" = NI-DAQmx Switch Core 2.2.0
"{4C6F8199-E1B2-4F60-9099-A9298D8EA4D6}" = NI-MXDF 1.11.5f1
"{501DACFF-9399-4DBC-AA59-F35C9C6970D2}" = NI-DIM 1.11.0f0
"{502F10D2-9096-4D2E-BC71-4DFF995159F3}" = NI-DAQ Document Set 9.3.5
"{50F728C0-9A37-4868-B9E1-42565C228B12}" = Reset NI Config 5.0.0
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{52252F5C-58CD-48ED-8C88-9AAD6FE887B4}" = NI Trace Engine
"{523B5D39-C209-41C8-9075-F6C14C2394D2}" = NI LabVIEW 2011 Search
"{523F21B6-D325-4515-9416-04A166437C43}" = NI LabVIEW SignalExpress 2011 Steps
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5545EEE4-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2701.01)
"{555B2ADE-B3CB-4C95-A789-8A7C03A004B7}" = NI LabVIEW 2011 Deployment Framework
"{578A6214-6CC6-4043-A9A8-C045DDAE2B39}" = NI Remote Provider for MAX 5.0.0
"{580FB2E4-A159-4F9B-82C8-1ACE179686B9}" = NI-653x Installer 1.9.4
"{5866AEFB-0037-49DA-8F2C-ED7E7E21636E}" = NI LabVIEW 2011
"{5C0BBD9F-2D3F-4093-AD7B-3F7377E0EDCA}" = NI LabVIEW Real-Time NBFifo
"{5C468B0A-6DB3-402E-B4C0-6CA4CEFAE0AF}" = NI Sound and Vibration Frequency Analysis 2010
"{5F123C21-A5E2-4CFB-A6A7-034C9087099F}" = NI Logos XT Support
"{63BB51BB-C078-4960-B624-087651E8D526}" = NI LabVIEW 2011
"{644DAD90-2083-4871-BD49-721BF8FAE295}" = NI LabVIEW Run-Time Engine 8.6.1
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{67A00571-3985-4051-97D1-5EA81F9F1319}" = NI LabVIEW SignalExpress 2011 LabVIEW 2011 Support
"{68DE7BF6-AFA9-4609-9C96-8C15E46E2093}" = NI Example Finder 11.0
"{69FAF7E0-6E43-4845-9BB7-A9D9F7440084}" = NI PXI Platform Services 2.6.2 Expert
"{6C520D64-E109-4A73-82A3-7808592051BC}" = NI Circuit Design Suite 11.0.2 Core
"{6CAADA3B-2513-4BEC-96EE-A7DF908E5B1E}" = NI PXI Platform Framework 1.3.2
"{6E84AECC-91B8-4738-97D2-0E8083A093F2}" = NI Measurement Studio Common .NET Assemblies for .NET 2.0
"{70BA7761-629A-4118-BFE0-02753B9019C8}" = NI MXS 5.0.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{712723FB-BF99-4406-8F91-A2DB766AB2C9}" = NI VC2008MSMs x86
"{71355055-64A7-44AB-8C4C-9E893AC4FA40}" = NI-488.2 Provider for MAX version 2.8.1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73854BF9-E78E-4D6F-B8C2-A7A3CD855124}" = NI LabVIEW 2011 Help File
"{75C812EE-06B8-4A47-B37D-9777BE9A644C}" = NI SSL Support
"{786C5747-0C40-4930-9AFE-113BCE553101}" = Adobe Stock Photos 1.0
"{7A29AA0C-202A-467E-9257-DE2E8DBC60B3}" = NI LabVIEW 2011 License
"{7BE5AA0C-E564-430F-B297-2B01121A1C5A}" = NI LabVIEW Real-Time NBFifo
"{7C62B54A-E524-4F3D-83E7-0F2ABAFC978A}" = NI Xalan Delay Load 1.10.1
"{7C6869BF-6CBE-4CB0-8869-2743B419343C}" = NI LabVIEW 2011 Real-Time NBFifo
"{7D64A463-C3C9-40B6-BC46-4DD7D0DE2BFD}" = NI Unterstützung für nicht englische Versionen der Runtime-Engine von LabVIEW 2011.
"{7D826D95-7FEE-4FC6-A3CC-BE4A53810441}" = NI IVI Engine
"{7D89ECEB-7E27-4898-812E-80862E91AB94}" = NI Portable Configuration 5.0.0
"{7E3668CB-1228-416E-B721-C2FA3247B985}" = NI LabVIEW Real-Time FIFO for Runtime
"{80C792E1-78BC-4F4A-839E-BCD107770938}" = NI System API Windows 32-bit 5.0.0
"{8283E8AC-3CF9-4712-B56D-FFE9D47F88E1}" = NI LabVIEW 2011
"{82D29FE9-9F5A-4EF7-BBA1-EF107DDB2E64}" = NI Certificates Deployment Support
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83A4DBE2-1AAA-42F1-BAB3-C873C2F5DD81}" = NI System Configuration LV2011 Support 5.0.0
"{886C3E95-4032-45C8-92F6-57861871635A}" = NI Software Provider for MAX 5.0.0
"{89089F33-94D7-4E9C-918F-75CC933FC88F}" = NI DataSocket 4.9
"{8923D179-24D1-475D-A381-0B8C1AF1A206}" = NI LabVIEW 2011 Web Server
"{896849EE-EEE6-4E45-B20B-9F4DDCF805DA}" = NI Assistant Framework
"{8B3E6AA0-992F-4957-A1DB-CC2CA521F790}" = NI LabVIEW SignalExpress 2011 Core
"{8B88204E-6446-4F7F-9379-F1A982C9D07C}" = NI LabVIEW 2011
"{8D9F6EFD-6EAF-4327-AD59-92DEA050BDAF}" = NI Instrument IO Assistant for LabVIEW 2011 32-bit
"{8EDBA74D-0686-4C99-BFDD-F894678E5101}" = Adobe Common File Installer
"{8F1B9FE1-5777-4118-B982-B50B030101FF}" = NI LabVIEW 2011
"{90120000-0016-0000-0000-0000000FF1CE}" = Microsoft Office Excel 2007
"{90120000-0016-0000-0000-0000000FF1CE}_EXCEL_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_EXCEL_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0000-0000-0000000FF1CE}" = Microsoft Office PowerPoint 2007
"{90120000-0018-0000-0000-0000000FF1CE}_POWERPOINT_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_POWERPOINT_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2007
"{90120000-001B-0000-0000-0000000FF1CE}_WORD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_WORD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_EXCEL_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_POWERPOINT_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_WORD_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_EXCEL_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_POWERPOINT_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_WORD_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_EXCEL_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_POWERPOINT_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_WORD_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_EXCEL_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_POWERPOINT_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_WORD_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_EXCEL_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_POWERPOINT_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_WORD_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_EXCEL_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_POWERPOINT_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_WORD_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_EXCEL_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_POWERPOINT_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_WORD_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PRJPROR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PRJPROR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PRJPROR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PRJPROR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PRJPROR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PRJPROR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PRJPROR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2010
"{90140000-0054-0407-0000-0000000FF1CE}_Office14.VISIOR_{1FEAC070-BB09-4055-9BD0-48CF52023F92}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PRJPROR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00B4-0407-0000-0000000FF1CE}" = Microsoft Office Project MUI (German) 2010
"{90140000-00B4-0407-0000-0000000FF1CE}_Office14.PRJPROR_{86D01646-1942-4253-B11F-68F5ED259B17}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{91140000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2010
"{91140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPROR_{8A8F117F-8EDB-440D-B679-F08909D729F7}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{91140000-0057-0000-0000-0000000FF1CE}" = Microsoft Office Visio 2010
"{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{01D8AE4B-A04D-47E5-81BF-E3F98B81B8C3}" = Microsoft Visio 2010 Service Pack 1 (SP1)
"{9320E1F0-31CB-4095-B430-017A35406E40}" = NI LabVIEW SignalExpress 2011 Datatypes
"{9492A5F3-FDA5-4CE9-9B96-AB5881046CB6}" = NI LabVIEW 2011 Help
"{95C26FA7-5FDD-4C6D-AD6F-3D4B3FEB0D70}" = NI AFW Custom UI Assemblies
"{975F2F8A-CB6C-48CB-AF02-CEA55B194DDA}" = NI MIO Device Drivers 2.6.0
"{98B874D4-D8A4-40BE-B82A-36E902C84289}" = NI-ORB 1.9.3f0
"{98F4DC3F-958E-4DE5-BE1D-DBD72B05A204}" = NI Search Shared
"{9B05C597-5509-47C6-87B8-461E1BB6AF5C}" = NI LabVIEW Run-Time Engine 2009
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9BF9F0A2-2CF9-4165-9A36-639381F54BE3}" = NI IO Trace 3.0.0
"{9C2113B6-30DC-4827-9166-E6F4889D7594}" = NI LabVIEW 2011 Deployable License
"{9D500758-F84E-4B0D-85CC-579DD1F579ED}" = NI PXI Platform Services 2.6.2
"{9EEA4977-878D-4ECA-8DF2-7C8BF37AE5B9}" = NI-488.2 2.8.1
"{9FCEDDD0-4FEA-41CE-9739-565F39B2F607}" = NI MDF Support
"{A0382E3C-7384-429A-9BFA-AF5888E5A193}" = Acer Crystal Eye Webcam
"{A0A20C35-FA6C-471D-ADA6-FFB1604157BD}" = NI-PAL 2.7.0f0
"{A108E5C1-C45E-4EA4-A395-CF61F959AC82}" = NI-DAQmx MAX Configuration Support 9.3.5
"{A11A542A-37BF-4943-9810-3F1DC0AD4A1C}" = NI LabWindows/CVI 2010 Code Generator
"{A1A3C998-7D53-4BE2-A4DC-57A115DB0AD3}" = NI DAQ Assistant 2.0.0
"{A1B35B59-B8B4-47C8-B4D6-3F90FB1997CC}" = NI LabVIEW 2011
"{A29EC1AF-7077-4E6E-B4EB-30A719117268}" = NI System Web Server 2.0
"{A363C314-2242-4BBE-9ADE-B427AF646EFF}" = NI mDNS Responder 1.6.0
"{A3752527-E9F5-4EE5-9A09-D6582AFE1D35}" = NI Circuit Design Suite 11.0.2 Education
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5FB6F3A-2120-45C8-B5E5-476BD5580BD6}" = NI LabVIEW EWB DeviceHandler 2010
"{A736A59D-FFAD-4EE5-962F-510DE151D6AA}" = NI AFW Channel Configuration Tool
"{A7B1ABA8-E2A2-4565-A8AF-F01657FF5CEA}" = NI LabVIEW Web Services Runtime
"{A98841B5-69CF-4D81-9BF1-5EA8968B3A1E}" = 232Analyzer
"{AB47630B-C1BF-4A0A-93EF-3492A59A4704}" = NI LabVIEW Run-Time Engine Interop 2010
"{AB55A100-AAC9-43EA-845E-2DCDC0D4D2B8}" = NI Math Kernel Libraries
"{AB9BBC2E-83F6-47A9-9FA3-08D3774F8E45}" = NI-RPC 4.2.2f0
"{ABD79E99-F9E3-413B-8D18-11070754355F}" = NI Math Kernel Libraries
"{AD118C09-CD56-4676-80D3-25221BA9A3E9}" = NI IVI Class Drivers
"{AD3F600F-EF24-4145-9514-B4F8A685F944}" = NI PXI Platform Services 2.6.2 Configuration Support
"{AE4167B0-F589-4D2A-BF05-E181D543C49F}" = ES603 WDM Driver
"{AE593237-3C8E-44F2-A9AA-2DDE0A472CDE}" = NI LabVIEW Web Server for Run-Time Engine
"{AFFE41B4-6FB6-4E64-811C-5F57D05DF70F}" = NI Sound and Vibration Frequency Analysis LabVIEW 2011 Support
"{B10F8C17-3DB8-4093-92F6-9F85C263D51A}" = NI LabVIEW Run-Time Engine Interop 2009
"{B15B400A-19ED-4CC7-B3E4-9295D8470CBE}" = Secure Download Manager
"{B179B6ED-5D5B-49B8-8929-5144738B81C3}" = NI LabVIEW SignalExpress 2011 Tools
"{B1DCBBC7-8ECE-497F-926F-02FE4E42216B}" = NI-DSM 2011
"{B1EE55C1-F98B-40AB-AF0C-422ECCC88454}" = NI Measurement & Automation Explorer 5.0.0
"{B2BDA3BC-29BE-49C1-A30E-15DA8D041601}" = NI License Manager
"{B74D4E10-6884-0000-0000-000000000101}" = Adobe Bridge 1.0
"{B96A1127-96B8-403A-BD57-0C4CD008A434}" = NI-DAQmx support for LabVIEW 2.1.0
"{BA0C74BC-3CE2-4BDE-BEC8-C330EAB9A3B1}" = NI-MRU 2.11.1f0
"{BB3EBB9E-1CA1-4B7F-9E67-09540CCE9F45}" = NI Assistant Framework LabVIEW Code Generator 2011
"{BD2BD62A-444B-4838-8931-B3E9679144AB}" = NI LabVIEW SignalExpress 2011 LabVIEW Support
"{C0DE25AE-B0E5-4D4B-96CE-EE757066D0BA}" = NI Network Discovery 5.0
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C462AA63-FD78-485B-9FA8-F66ED2248DE1}" = NI SCXI 1.15.0
"{C673968D-BBC5-4A5E-AFF4-60F538388775}" = NI-VISA 5.1.0 MAX Provider
"{C856BC45-C56B-43B5-BFBE-0AEE1035C370}" = NI System Configuration CVI Support 5.0.0
"{C9A91453-88C1-49A0-A719-86DA2D463734}" = NI-VISA Server 5.1.0
"{CAC9188C-83A0-4F9F-858A-DA430DC2E401}" = NI AFW Custom UI
"{CC17CE69-4AB6-4434-ADB4-27DB49D36080}" = NI Curl 1.1
"{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool
"{CF30E2B5-A7A7-47AD-8B03-22A27D4E9971}" = NI LabVIEW 2011 Real-Time Error Dialog
"{D30CB7A9-2B45-4C90-9D6B-A2DDED7AAF9B}" = NI Timing Installer 2.3.0
"{D35F1304-4FA0-40AB-9EEF-13F15EFC207D}" = NI-VISA Runtime 5.1.1
"{D361B9E5-E918-48CB-BEC3-8E44A5F6E624}" = NI LabVIEW 2009 SP1 Run-Time Engine Web Services
"{D3D8A298-9C08-43DD-A9C0-7D32BF68CAC9}" = NI-VISA 5.1.0
"{D5BB7AAE-62F4-4C4F-B272-F27AEE16BA7F}" = NI TDMS
"{D5EE063C-12BF-4D36-BFD1-D7E2AC1E2566}" = NI-APAL 2.1 Error Files
"{D6D68ABC-954B-4373-92A2-0FE7FA59AC1A}" = NI EulaDepot
"{D7CC49D5-FC42-4082-8F2D-CCAAF9390E7F}" = NI LabVIEW 2011
"{DB0D5AFF-0B60-4287-9BC2-F4AE797B02F4}" = NI Authentication 2.0
"{DB29F1F4-113E-45E0-B1E9-90A188DAF0AD}" = NI-APAL 2.1 Error Files for LabVIEW RT
"{DB2C5648-700D-4AEF-83E1-70C72F0C34FA}" = NI Math Kernel Libraries
"{DB68B420-5382-48EE-9A2A-CB984FEBB192}" = NI LabVIEW Web Server for Run-Time Engine
"{DBAF9288-7503-48AC-A43F-B00B4EA0F145}" = NI PXI SystemAPI Expert 2.6.2
"{DC7F8117-3D5A-4848-AA4F-2A61BE4A5094}" = NI-MXLC LabVIEW 2009 Support
"{DEC25D81-2317-47F6-8B26-D54A939DA1EE}" = NI LabVIEW C Interface
"{E0D8CD4E-4771-4848-A09D-60A31D883883}" = NI VC2005MSMs x86
"{E125DE33-5564-4531-A4EF-BBC7C78031BA}" = NI LabVIEW SignalExpress 2011
"{E1D60C68-016C-4951-8C1F-52E24DFE7836}" = NI CodeSignAPI
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E5102348-951B-4375-A582-2E0675180517}" = NI LabVIEW 2011
"{E5C8FBCD-F2F1-4FD0-9FA1-EF9F277400D7}" = NI-DAQmx 9.3.5
"{E6068691-1FBC-4EF0-87E8-609CDB32038A}" = NI Xerces Delay Load 2.7.3
"{E648AF0B-A340-4AEE-8275-D47688D25613}" = NI RTSI UI Provider 1.0.0
"{E69A31C9-F24F-4A1A-BEAD-B1AA255760C1}" = NI Registration Wizard
"{E7BDC0BC-583B-4193-9460-BDF51D131695}" = NI LabVIEW 2011
"{E8550330-7EAF-46CC-AE68-25A3AC6B1AE4}" = NI LabVIEW 2011 Manuals
"{E91960AA-EB6A-418C-B6C3-6FDF7C166B59}" = NI Dynamic Signal Acquisition Installer 2.2.0
"{E9787678-119F-4D52-B551-6739B2B22101}" = Adobe Help Center 1.0
"{EA37AB72-EC8C-432C-A1C6-186850FB0559}" = NI System State Publisher
"{EA903EDC-4358-4F98-AFB2-14991144DE1D}" = NI Common Digital 1.13.0
"{EB708DAB-CD04-46E4-88C9-E3BC80595982}" = NI System Web Server Base 2.0
"{EB8D0A82-E02A-437C-A7C4-90516F1CFB39}" = NI Web Application Server 2.0
"{EC45867D-83A8-4ECF-911A-154CD98BD592}" = NI Measurement Studio 8.6 Enterprise RunTime for VS2005
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EDFC39D7-B782-4B43-BF9C-D1B80ADEA863}" = NI LabVIEW Runtime Engine 2010 SP1
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF1B1A68-988E-4A68-8504-774373A4651C}" = NI OPC Support
"{F04A89CB-A185-4263-85ED-4BAD766F7DAE}" = NI Error Reporting 2011
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F37CC885-1E37-4F2A-93F3-7F1E1EEBBEBB}" = NI LabVIEW Broker
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F45CE5E8-4A60-4292-8FD5-1807DFEBE221}" = NI LabWindows/CVI 2010 LabVIEW DLL Builder
"{F6C682B6-7714-41CC-80B6-3288364910AF}" = NI GMP Windows 32-bit Installer 11.0.0
"{F8A10A25-D8DD-4661-9A1E-7F6DBAAA3C5E}" = inSSIDer
"{F97CB7B0-28D2-4E33-A806-9475EB134DC7}" = NI-DAQ INF Files 19.3.5
"{F9A74F70-7597-47B8-B04C-044824C23B15}" = NI LabVIEW 2011 VIPM Helper
"{F9E0880D-B263-48F9-B8E5-BAFCAE9BE150}" = NI System API Client for WIF 5.0.0
"{FA7E1ADB-CEB4-4710-A1FA-8CFF4025AAB0}" = NI-MXLC LabVIEW 8.6 Support
"{FD588AD4-9150-4A41-83E8-61596E0954E4}" = Fingerprint Solution
"{FDED748C-432B-4B44-BB33-3BB8550A2AD2}" = NI Variable Engine 2.5.0
"{FE24BCDF-9231-450D-AA08-D3550B81EE41}" = NI LabVIEW Web Server for Run-Time Engine
"{FE7EA637-9C65-4D57-9342-DDD98315AA58}" = Gemalto PKCS#11 For .NET Smart Cards V2+
"{FEFA778A-05D2-4D0F-80A3-7AE24B8161C0}" = NI LabVIEW Web Server for Run-Time Engine
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Avira AntiVir Desktop" = Avira Free Antivirus
"DAEMON Tools Lite" = DAEMON Tools Lite
"EXCEL" = Microsoft Office Excel 2007
"FileZilla Client" = FileZilla Client 3.5.3
"GPG4Win" = Gpg4win (2.1.1-34299-beta)
"HC51 9.60PL0" = HI-TECH C51-lite V9.60PL0
"InfraRecorder" = InfraRecorder
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{A0382E3C-7384-429A-9BFA-AF5888E5A193}" = Acer Crystal Eye Webcam
"InstallShield_{AE4167B0-F589-4D2A-BF05-E181D543C49F}" = EgisTec ES603 WDM Driver
"InstallShield_{FD588AD4-9150-4A41-83E8-61596E0954E4}" = Acer Bio Protection
"IviSharedComponent" = IVI Shared Components 2.2.1
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"MozBackup" = MozBackup 1.5.1
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"Mozilla Thunderbird 14.0 (x86 de)" = Mozilla Thunderbird 14.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NI Uninstaller" = National Instruments - Software
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PRJPROR" = Microsoft Project Professional 2010
"Office14.VISIOR" = Microsoft Visio Professional 2010
"OpenVPN" = OpenVPN 2.2.2
"Picasa 3" = Picasa 3
"PICC 9.60PL0" = HI-TECH PICC lite V9.60PL0
"POWERPOINT" = Microsoft Office PowerPoint 2007
"Psi" = Psi (remove only)
"SecureW2 EAP Suite" = SecureW2 EAP Suite 1.1.3 for Windows
"StrokeIt" = StrokeIt
"SumatraPDF" = SumatraPDF
"Tera Term_is1" = Tera Term 4.74
"Texmaker" = Texmaker
"VI Package Manager" = VI Package Manager
"VISASharedComponents" = VISA Shared Components 64-Bit
"winscp3_is1" = WinSCP 4.3.7
"WORD" = Microsoft Office Word 2007
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 20.07.2012 13:23:56 | Computer Name = ibot | Source = LabVIEW | ID = 3299
Description = LabVIEW information:  Error: 404 "Not Found" for "national instruments/ni-rpc/interface/eadfc80d-1e6f-425b-8986-12ccef98f646",
 file "c:/program files (x86)/national instruments/shared/ni webserver/www/national
 instruments/ni-rpc/interface/eadfc80d-1e6f-425b-8986-12ccef98f646": Can't access
 URL       .
 
Error - 20.07.2012 13:23:56 | Computer Name = ibot | Source = LabVIEW | ID = 3299
Description = LabVIEW information:  Error: 404 "Not Found" for "national instruments/ni-rpc/interface/eadfc80d-1e6f-425b-8986-12ccef98f646",
 file "c:/program files (x86)/national instruments/shared/ni webserver/www/national
 instruments/ni-rpc/interface/eadfc80d-1e6f-425b-8986-12ccef98f646": Can't access
 URL       .
 
Error - 20.07.2012 13:24:00 | Computer Name = ibot | Source = WinMgmt | ID = 10
Description = 
 
Error - 22.07.2012 12:32:21 | Computer Name = ibot | Source = WinMgmt | ID = 10
Description = 
 
Error - 24.07.2012 02:52:36 | Computer Name = ibot | Source = WinMgmt | ID = 10
Description = 
 
Error - 24.07.2012 03:12:23 | Computer Name = ibot | Source = WinMgmt | ID = 10
Description = 
 
Error - 24.07.2012 03:15:10 | Computer Name = ibot | Source = WinMgmt | ID = 10
Description = 
 
Error - 24.07.2012 03:33:33 | Computer Name = ibot | Source = WinMgmt | ID = 10
Description = 
 
Error - 24.07.2012 03:36:51 | Computer Name = ibot | Source = WinMgmt | ID = 10
Description = 
 
Error - 24.07.2012 05:38:42 | Computer Name = ibot | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 24.07.2012 05:36:52 | Computer Name = ibot | Source = DCOM | ID = 10005
Description = 
 
Error - 24.07.2012 05:36:57 | Computer Name = ibot | Source = DCOM | ID = 10005
Description = 
 
Error - 24.07.2012 05:36:58 | Computer Name = ibot | Source = DCOM | ID = 10005
Description = 
 
Error - 24.07.2012 05:36:58 | Computer Name = ibot | Source = DCOM | ID = 10005
Description = 
 
Error - 24.07.2012 05:37:08 | Computer Name = ibot | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.    Modulpfad:
 C:\Windows\System32\bcmihvsrv64.dll  Fehlercode: 21  
 
Error - 24.07.2012 05:37:24 | Computer Name = ibot | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 24.07.2012 05:37:25 | Computer Name = ibot | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 24.07.2012 05:37:25 | Computer Name = ibot | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 24.07.2012 05:37:27 | Computer Name = ibot | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 24.07.2012 05:37:27 | Computer Name = ibot | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
 
< End of report >
         
Vielen Dank schonmal!

Alt 24.07.2012, 17:27   #2
markusg
/// Malware-holic
 
Bundespolizei - Trojaner 1.13 - Window 7 - Standard

Bundespolizei - Trojaner 1.13 - Window 7



dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
ATTFilter
:OTL
O4 - HKCU..\Run: [qdjwfoqfwctited] C:\ProgramData\qdjwfoqf.exe ()
[2012.07.24 08:47:33 | 000,000,051 | ---- | M] () -- C:\ProgramData\oizvggwsokvizxg
 :Files
C:\ProgramData\qdjwfoqf.exe
:Commands
[purity]
[EMPTYFLASH] 
[emptytemp]
[Reboot]
         


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!




Drücke bitte die + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus
__________________

__________________

Alt 24.07.2012, 17:53   #3
ibot87
 
Bundespolizei - Trojaner 1.13 - Window 7 - Standard

Bundespolizei - Trojaner 1.13 - Window 7



Hi,

danke! Ich kann wieder normal starten ohne Trojaner-Bildschirm

Anbei die OTL-Textdatei.. Die Movedfiles.zip habe ich hochgeladen, hat ohne Probleme geklappt. Ist jetzt noch etwas zu tun?

Code:
ATTFilter
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\qdjwfoqfwctited deleted successfully.
C:\ProgramData\qdjwfoqf.exe moved successfully.
C:\ProgramData\oizvggwsokvizxg moved successfully.
========== COMMANDS ==========
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Public
 
User: Tobi
->Flash cache emptied: 12418 bytes
 
User: UpdatusUser
 
Total Flash Files Cleaned = 0.00 mb
 
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: Tobi
->Temp folder emptied: 239870042 bytes
->Temporary Internet Files folder emptied: 98919948 bytes
->Java cache emptied: 210065 bytes
->FireFox cache emptied: 223486742 bytes
->Google Chrome cache emptied: 13663431 bytes
->Flash cache emptied: 0 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1837695027 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36031079 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 2,336.00 mb
 
 
OTL by OldTimer - Version 3.2.54.1 log created on 07242012_184138

Files\Folders moved on Reboot...
C:\Users\Tobi\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
File C:\Users\Tobi\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...
         
__________________

Alt 25.07.2012, 17:05   #4
markusg
/// Malware-holic
 
Bundespolizei - Trojaner 1.13 - Window 7 - Standard

Bundespolizei - Trojaner 1.13 - Window 7



hi
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 26.07.2012, 12:06   #5
ibot87
 
Bundespolizei - Trojaner 1.13 - Window 7 - Standard

Bundespolizei - Trojaner 1.13 - Window 7



hey,

hab ich gemacht, siehe Log. Die Datei befindet sich aber in C:/ComboFix/ComboFix.txt

Danke für die Hilfe!

Code:
ATTFilter
ComboFix 12-07-27.01 - Tobi 26.07.2012  12:36:34.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.8040.5513 [GMT 2:00]
ausgeführt von:: C:\Users\Tobi\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt


((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))


C:\Users\Tobi\AppData\Local\TempDIR
C:\Windows\Downloaded Program Files\IDropPTB.dll


(((((((((((((((((((((((   Dateien erstellt von 2012-06-26 bis 2012-07-26  ))))))))))))))))))))))))))))))


2012-07-24 16:41:38 . 2012-07-24 16:49:35	--------	d-----w-	C:\_OTL
2012-07-24 11:23:55 . 2012-07-24 11:23:55	--------	d-----w-	C:\Program Files (x86)\IrfanView
2012-07-24 07:15:56 . 2012-07-24 07:15:56	--------	d-----w-	C:\Users\Tobi\AppData\Roaming\Malwarebytes
2012-07-24 07:15:54 . 2012-07-24 07:15:54	--------	d-----w-	C:\ProgramData\Malwarebytes
2012-07-24 07:15:53 . 2012-07-24 07:16:13	--------	d-----w-	C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-24 07:15:53 . 2012-07-03 11:46:44	24904	----a-w-	C:\Windows\system32\drivers\mbam.sys
2012-07-24 06:47:32 . 2012-07-24 06:47:32	--------	d-----w-	C:\ProgramData\lqdenbynwxmheay
2012-07-24 06:37:25 . 2012-06-29 10:04:29	9133488	----a-w-	C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A3C862D2-CFEE-4834-B34E-EF91B080F0A2}\mpengine.dll
2012-07-20 17:22:47 . 2012-07-17 21:13:53	73696	----a-w-	C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-07-19 15:29:18 . 2012-07-19 15:29:18	--------	d-----w-	C:\Campus EM Griechenland
2012-07-19 15:27:09 . 2012-07-19 15:34:21	--------	d-----w-	C:\Fotos Campus EM Dänemark
2012-07-19 13:34:56 . 2012-07-19 13:34:56	--------	d-----w-	C:\Users\Tobi\AppData\Roaming\MiKTeX
2012-07-19 13:34:55 . 2012-07-19 13:34:55	--------	d-----w-	C:\Users\Tobi\AppData\Local\MiKTeX
2012-07-19 13:32:59 . 2012-07-19 13:32:59	--------	d-----w-	C:\ProgramData\MiKTeX
2012-07-19 13:32:02 . 2012-07-19 13:32:38	--------	d-----w-	C:\Program Files\MiKTeX 2.9
2012-07-19 11:01:11 . 2012-07-19 13:29:44	--------	d-----w-	C:\Users\Tobi\AppData\Roaming\xm1
2012-07-19 10:54:51 . 2012-07-19 10:54:53	--------	d-----w-	C:\Program Files (x86)\Texmaker
2012-07-15 20:07:51 . 2012-07-15 20:07:51	--------	d-----w-	C:\Users\Tobi\AppData\Local\CyberLink
2012-07-15 20:05:20 . 2012-07-15 20:05:20	--------	d-----w-	C:\Program Files (x86)\Acer
2012-07-14 22:14:43 . 2012-07-14 22:14:43	--------	d-----w-	C:\Users\Tobi\AppData\Local\MetaGeek,_LLC
2012-07-14 22:03:33 . 2012-07-14 22:03:33	--------	d-----w-	C:\Program Files (x86)\MetaGeek
2012-07-11 20:48:07 . 2012-07-11 20:48:07	--------	d-----w-	C:\Program Files (x86)\JKI
2012-07-11 20:48:00 . 2012-07-11 20:48:07	--------	d-----w-	C:\ProgramData\JKI
2012-07-11 05:25:32 . 2012-07-11 05:25:32	--------	d-----w-	C:\Windows\system32\cvirte
2012-07-11 05:25:28 . 2012-07-11 05:25:29	--------	d-----w-	C:\Windows\SysWow64\cvirte
2012-07-11 05:24:58 . 2012-07-11 05:25:19	--------	d-----w-	C:\ProgramData\IVI Foundation
2012-07-11 05:24:58 . 2012-07-11 05:25:19	--------	d-----w-	C:\Program Files\IVI Foundation
2012-07-11 05:24:58 . 2012-07-11 05:25:19	--------	d-----w-	C:\Program Files (x86)\IVI Foundation
2012-07-11 05:22:55 . 2012-07-11 05:22:56	--------	d-----w-	C:\Program Files (x86)\HI-TECH Software
2012-07-11 05:22:36 . 2000-01-28 16:17:28	557328	----a-w-	C:\Program Files\Common Files\Microsoft Shared\dao\dao360.dll
2012-07-11 05:16:30 . 2012-07-11 05:26:35	--------	d-----w-	C:\Program Files (x86)\Common Files\Merge Modules
2012-07-11 05:16:27 . 2012-07-11 05:27:28	--------	d-----w-	C:\Program Files\National Instruments
2012-07-11 05:15:59 . 2012-07-11 06:25:55	--------	d-----w-	C:\Program Files (x86)\National Instruments
2012-07-10 17:53:01 . 2012-06-12 03:08:36	3148800	----a-w-	C:\Windows\system32\win32k.sys
2012-07-10 17:22:36 . 2012-06-06 06:06:16	2004480	----a-w-	C:\Windows\system32\msxml6.dll
2012-07-09 16:24:50 . 2012-07-09 16:24:50	--------	d-----w-	C:\Users\Tobi\AppData\Roaming\Arduino
2012-07-09 16:04:06 . 2012-07-09 16:04:07	--------	d-----w-	C:\Program Files (x86)\teraterm
2012-07-09 14:46:30 . 2012-07-09 14:46:30	--------	d-----w-	C:\Program Files (x86)\CommFront
2012-07-09 14:41:59 . 2012-07-09 14:41:59	--------	dc----w-	C:\Windows\system32\DRVSTORE
2012-07-09 14:41:59 . 2010-10-13 11:10:22	39472	----a-w-	C:\Windows\system32\drivers\hhdspmc64.sys
2012-07-09 14:41:58 . 2012-07-09 14:41:58	--------	d-----w-	C:\Program Files\HHD Software
2012-07-09 11:19:11 . 2012-04-02 12:23:42	154624	----a-w-	C:\Windows\system32\drivers\ser2pl64.sys
2012-07-09 11:19:11 . 2005-08-03 14:05:02	35892	----a-w-	C:\Windows\SysWow64\SER9PL.sys
2012-07-09 11:19:11 . 2005-08-03 14:04:22	26719	----a-w-	C:\Windows\SysWow64\SERSPL.VXD
2012-07-04 15:08:10 . 2012-07-04 15:08:10	--------	d-----w-	C:\Users\Tobi\AppData\Local\ElevatedDiagnostics
2012-07-03 15:36:11 . 2010-02-23 08:16:17	294912	----a-w-	C:\Windows\system32\browserchoice.exe
.


((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-07-20 17:24:20 . 2012-05-03 19:46:25	70344	----a-w-	C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-20 17:24:20 . 2012-05-03 19:46:25	426184	----a-w-	C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-10 17:50:35 . 2012-05-03 16:18:54	59701280	----a-w-	C:\Windows\system32\MRT.exe
2012-06-18 13:17:16 . 2012-06-18 13:17:16	871424	----a-w-	C:\Program Files\Vorlesungsverzeichnis-v1.19.exe
2012-06-02 22:19:46 . 2012-06-08 22:59:01	38424	----a-w-	C:\Windows\system32\wups.dll
2012-06-02 22:19:43 . 2012-06-08 22:59:03	2428952	----a-w-	C:\Windows\system32\wuaueng.dll
2012-06-02 22:19:42 . 2012-06-08 22:59:03	57880	----a-w-	C:\Windows\system32\wuauclt.exe
2012-06-02 22:19:42 . 2012-06-08 22:59:03	44056	----a-w-	C:\Windows\system32\wups2.dll
2012-06-02 22:19:23 . 2012-06-08 22:59:01	701976	----a-w-	C:\Windows\system32\wuapi.dll
2012-06-02 22:15:31 . 2012-06-08 22:59:03	2622464	----a-w-	C:\Windows\system32\wucltux.dll
2012-06-02 22:15:08 . 2012-06-08 22:59:01	99840	----a-w-	C:\Windows\system32\wudriver.dll
2012-06-02 13:19:42 . 2012-06-08 22:59:00	186752	----a-w-	C:\Windows\system32\wuwebv.dll
2012-06-02 13:15:12 . 2012-06-08 22:59:00	36864	----a-w-	C:\Windows\system32\wuapp.exe
2012-05-31 10:25:12 . 2010-11-21 03:27:21	279656	------w-	C:\Windows\system32\MpSigStub.exe
2012-05-26 13:45:56 . 2012-05-26 13:45:56	119808	----a-r-	C:\Users\Tobi\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe
2012-05-24 21:18:40 . 2012-05-24 21:18:40	4472832	----a-w-	C:\Windows\SysWow64\GPhotos.scr
2012-05-13 12:07:40 . 2012-05-13 12:07:31	21840	----atw-	C:\Windows\SysWow64\SIntfNT.dll
2012-05-13 12:07:40 . 2012-05-13 12:07:31	17212	----atw-	C:\Windows\SysWow64\SIntf32.dll
2012-05-13 12:07:40 . 2012-05-13 12:07:31	12067	----atw-	C:\Windows\SysWow64\SIntf16.dll
2012-05-08 16:26:34 . 2012-05-03 16:25:54	98848	----a-w-	C:\Windows\system32\drivers\avgntflt.sys
2012-05-08 16:26:34 . 2012-05-03 16:25:54	132832	----a-w-	C:\Windows\system32\drivers\avipbb.sys
2012-05-05 16:08:26 . 2012-05-05 16:08:26	65536	----a-r-	C:\Users\Tobi\AppData\Roaming\Microsoft\Installer\{FE7EA637-9C65-4D57-9342-DDD98315AA58}\ARPPRODUCTICON.exe
2012-05-04 14:39:30 . 2012-05-04 14:39:30	53248	----a-r-	C:\Users\Tobi\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-05-04 14:39:27 . 2012-05-04 14:39:27	18960	----a-w-	C:\Windows\system32\drivers\LNonPnP.sys
2012-05-04 14:16:13 . 2012-05-04 14:16:13	283200	----a-w-	C:\Windows\system32\drivers\dtsoftbus01.sys
2012-05-04 13:48:52 . 2012-05-04 13:48:56	476960	----a-w-	C:\Windows\SysWow64\npdeployJava1.dll
2012-05-04 13:48:52 . 2012-05-04 13:48:56	472864	----a-w-	C:\Windows\SysWow64\deployJava1.dll
2012-05-04 13:44:32 . 2012-05-04 13:44:31	483328	----a-w-	C:\Program Files\putty.exe
2012-05-04 11:06:22 . 2012-06-14 09:43:05	5559664	----a-w-	C:\Windows\system32\ntoskrnl.exe
2012-05-04 11:00:43 . 2012-06-18 08:34:50	366592	----a-w-	C:\Windows\system32\qdvd.dll
2012-05-04 10:03:53 . 2012-06-14 09:43:04	3968368	----a-w-	C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 . 2012-06-14 09:43:04	3913072	----a-w-	C:\Windows\SysWow64\ntoskrnl.exe
2012-05-04 09:59:54 . 2012-06-18 08:34:50	514560	----a-w-	C:\Windows\SysWow64\qdvd.dll
2012-05-03 16:38:25 . 2012-05-03 16:38:36	606000	----a-w-	C:\Windows\SysWow64\NBMatS1SDK.dll
2012-05-03 16:32:33 . 2012-05-03 16:32:33	91648	----a-w-	C:\Windows\system32\SetIEInstalledDate.exe
2012-05-03 16:32:33 . 2012-05-03 16:32:33	89088	----a-w-	C:\Windows\system32\RegisterIEPKEYs.exe
2012-05-03 16:32:33 . 2012-05-03 16:32:33	89088	----a-w-	C:\Windows\system32\ie4uinit.exe
2012-05-03 16:32:33 . 2012-05-03 16:32:33	86528	----a-w-	C:\Windows\SysWow64\iesysprep.dll
2012-05-03 16:32:33 . 2012-05-03 16:32:33	82432	----a-w-	C:\Windows\system32\icardie.dll
2012-05-03 16:32:33 . 2012-05-03 16:32:33	76800	----a-w-	C:\Windows\SysWow64\SetIEInstalledDate.exe
2012-05-03 16:32:33 . 2012-05-03 16:32:33	76800	----a-w-	C:\Windows\system32\tdc.ocx
2012-05-03 16:32:33 . 2012-05-03 16:32:33	74752	----a-w-	C:\Windows\SysWow64\RegisterIEPKEYs.exe
2012-05-03 16:32:33 . 2012-05-03 16:32:33	74752	----a-w-	C:\Windows\SysWow64\iesetup.dll
2012-05-03 16:32:33 . 2012-05-03 16:32:33	65024	----a-w-	C:\Windows\system32\pngfilt.dll
2012-05-03 16:32:33 . 2012-05-03 16:32:33	63488	----a-w-	C:\Windows\SysWow64\tdc.ocx
2012-05-03 16:32:33 . 2012-05-03 16:32:33	55296	----a-w-	C:\Windows\system32\msfeedsbs.dll
2012-05-03 16:32:33 . 2012-05-03 16:32:33	534528	----a-w-	C:\Windows\system32\ieapfltr.dll
2012-05-03 16:32:33 . 2012-05-03 16:32:33	49664	----a-w-	C:\Windows\system32\imgutil.dll
2012-05-03 16:32:33 . 2012-05-03 16:32:33	48640	----a-w-	C:\Windows\SysWow64\mshtmler.dll
2012-05-03 16:32:33 . 2012-05-03 16:32:33	48640	----a-w-	C:\Windows\system32\mshtmler.dll
2012-05-03 16:32:33 . 2012-05-03 16:32:33	452608	----a-w-	C:\Windows\system32\dxtmsft.dll
2012-05-03 16:32:33 . 2012-05-03 16:32:33	448512	----a-w-	C:\Windows\system32\html.iec
2012-05-03 16:32:33 . 2012-05-03 16:32:33	420864	----a-w-	C:\Windows\SysWow64\vbscript.dll
2012-05-03 16:32:33 . 2012-05-03 16:32:33	39936	----a-w-	C:\Windows\system32\iernonce.dll
2012-05-03 16:32:33 . 2012-05-03 16:32:33	3695416	----a-w-	C:\Windows\system32\ieapfltr.dat
2012-05-03 16:32:33 . 2012-05-03 16:32:33	367104	----a-w-	C:\Windows\SysWow64\html.iec
2012-05-03 16:32:33 . 2012-05-03 16:32:33	35840	----a-w-	C:\Windows\SysWow64\imgutil.dll
2012-05-03 16:32:33 . 2012-05-03 16:32:33	282112	----a-w-	C:\Windows\system32\dxtrans.dll
2012-05-03 16:32:33 . 2012-05-03 16:32:33	267776	----a-w-	C:\Windows\system32\ieaksie.dll
2012-05-03 16:32:33 . 2012-05-03 16:32:33	23552	----a-w-	C:\Windows\SysWow64\licmgr10.dll
2012-05-03 16:32:33 . 2012-05-03 16:32:33	222208	----a-w-	C:\Windows\system32\msls31.dll
2012-05-03 16:32:33 . 2012-05-03 16:32:33	197120	----a-w-	C:\Windows\system32\msrating.dll
2012-05-03 16:32:33 . 2012-05-03 16:32:33	163840	----a-w-	C:\Windows\system32\ieakui.dll
2012-05-03 16:32:33 . 2012-05-03 16:32:33	161792	----a-w-	C:\Windows\SysWow64\msls31.dll
2012-05-03 16:32:33 . 2012-05-03 16:32:33	160256	----a-w-	C:\Windows\system32\ieakeng.dll
2012-05-03 16:32:33 . 2012-05-03 16:32:33	152064	----a-w-	C:\Windows\SysWow64\wextract.exe
2012-05-03 16:32:33 . 2012-05-03 16:32:33	150528	----a-w-	C:\Windows\SysWow64\iexpress.exe
2012-05-03 16:32:33 . 2012-05-03 16:32:33	149504	----a-w-	C:\Windows\system32\occache.dll
2012-05-03 16:32:33 . 2012-05-03 16:32:33	145920	----a-w-	C:\Windows\system32\iepeers.dll
2012-05-03 16:32:33 . 2012-05-03 16:32:33	135168	----a-w-	C:\Windows\system32\IEAdvpack.dll
2012-05-03 16:32:33 . 2012-05-03 16:32:33	12288	----a-w-	C:\Windows\system32\mshta.exe
2012-05-03 16:32:33 . 2012-05-03 16:32:33	11776	----a-w-	C:\Windows\SysWow64\mshta.exe
2012-05-03 16:32:33 . 2012-05-03 16:32:33	114176	----a-w-	C:\Windows\system32\admparse.dll
2012-05-03 16:32:33 . 2012-05-03 16:32:33	111616	----a-w-	C:\Windows\system32\iesysprep.dll
2012-05-03 16:32:33 . 2012-05-03 16:32:33	110592	----a-w-	C:\Windows\SysWow64\IEAdvpack.dll
2012-05-03 16:32:33 . 2012-05-03 16:32:33	10752	----a-w-	C:\Windows\system32\msfeedssync.exe
2012-05-03 16:32:33 . 2012-05-03 16:32:33	101888	----a-w-	C:\Windows\SysWow64\admparse.dll
2012-05-03 16:32:32 . 2012-05-03 16:32:32	85504	----a-w-	C:\Windows\system32\iesetup.dll
2012-05-03 16:32:32 . 2012-05-03 16:32:32	697344	----a-w-	C:\Windows\system32\msfeeds.dll
2012-05-03 16:32:32 . 2012-05-03 16:32:32	603648	----a-w-	C:\Windows\system32\vbscript.dll
2012-05-03 16:32:32 . 2012-05-03 16:32:32	403248	----a-w-	C:\Windows\system32\iedkcs32.dll
2012-05-03 16:32:32 . 2012-05-03 16:32:32	30720	----a-w-	C:\Windows\system32\licmgr10.dll
2012-05-03 16:32:32 . 2012-05-03 16:32:32	249344	----a-w-	C:\Windows\system32\webcheck.dll
2012-05-03 16:32:32 . 2012-05-03 16:32:32	165888	----a-w-	C:\Windows\system32\iexpress.exe
2012-05-03 16:32:32 . 2012-05-03 16:32:32	160256	----a-w-	C:\Windows\system32\wextract.exe
2012-05-03 16:32:32 . 2012-05-03 16:32:32	103936	----a-w-	C:\Windows\system32\inseng.dll
2012-05-03 16:11:42 . 2012-05-03 16:11:50	95544	----a-w-	C:\Windows\system32\bcmwlcoi.dll
2012-05-03 16:11:42 . 2012-05-03 16:11:50	6656	----a-w-	C:\Windows\system32\bcmwlrc.dll
2012-05-03 16:11:42 . 2012-05-03 16:11:50	4720704	----a-w-	C:\Windows\system32\drivers\BCMWL664.SYS
2012-05-03 16:11:42 . 2012-05-03 16:11:50	3905848	----a-w-	C:\Windows\system32\bcmihvsrv64.dll
2012-05-03 16:11:42 . 2012-05-03 16:11:50	3571512	----a-w-	C:\Windows\system32\bcmihvui64.dll
2012-05-01 05:40:20 . 2012-06-14 09:43:05	209920	----a-w-	C:\Windows\system32\profsvc.dll
2012-04-28 03:55:21 . 2012-06-14 09:43:04	210944	----a-w-	C:\Windows\system32\drivers\rdpwd.sys
2012-04-11 09:55:32 . 2012-05-04 15:23:55	1157352	----a-w-	C:\Program Files\netscan.exe


((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))


*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20:44	64792	----a-w-	C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20:44	64792	----a-w-	C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20:44	64792	----a-w-	C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20:44	64792	----a-w-	C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20:44	64792	----a-w-	C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20:44	64792	----a-w-	C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20:44	64792	----a-w-	C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20:44	64792	----a-w-	C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20:44	64792	----a-w-	C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32:48	94208	----a-w-	C:\Users\Tobi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32:48	94208	----a-w-	C:\Users\Tobi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32:48	94208	----a-w-	C:\Users\Tobi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StrokeIt"="C:\Program Files (x86)\StrokeIt\StrokeIt.exe" [2010-01-03 17:27:58 26248]
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe" [2012-07-03 11:23:52 17417392]
"NIRegistrationWizard"="C:\Program Files (x86)\National Instruments\Shared\RegistrationWizard\Bin\RegistrationWizard.exe" [2010-06-21 12:53:18 846520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 16:26:34 348624]
"NUSB3MON"="C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 07:53:16 113288]
"EgisTecPMMUpdate"="C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-10-19 13:39:58 407920]
"EgisUpdate"="C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-10-19 13:39:42 201584]
"VitaKeyTSR"="C:\Program Files (x86)\Acer Bio Protection\EgisTSR.exe" [2010-11-05 20:41:28 189296]
"LManager"="C:\Program Files (x86)\Launch Manager\LManager.exe" [2012-01-19 15:07:54 1106512]
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 12:02:04 254696]
"RegTool"="C:\Program Files (x86)\Gemalto\Classic Client\BIN\RegTool.exe" [2009-11-06 09:55:00 861696]
"NI Update Service"="C:\Program Files (x86)\National Instruments\Shared\Update Service\NIUpdateService.exe" [2011-06-07 10:41:54 3002976]
"niDevMon"="C:\Program Files (x86)\National Instruments\NI-DAQ\HWConfig\nidevmon.exe" [2010-04-20 07:21:12 109712]

C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Dropbox.lnk - C:\Users\Tobi\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
Psi.lnk - C:\Program Files (x86)\Psi\Psi.exe [2009-12-3 8456704]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
NI Error Reporting.lnk - C:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\nierserver.exe [2011-6-19 619672]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\Windows\SysWOW64\nvinit.dll

2;2 nvUpdatusService;NVIDIA Update Service Daemon [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 12:27:14 138576]
R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-06-07 17:12:14 160944]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-22 10:19:12 2656280]
R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\system32\DRIVERS\btath_flt.sys [2011-09-16 13:59:48 36000]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\system32\drivers\btath_a2dp.sys [2011-09-16 13:59:02 330912]
R3 btath_avdt;Atheros Bluetooth AVDT Service;C:\Windows\system32\drivers\btath_avdt.sys [2011-09-16 13:59:18 110240]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\system32\DRIVERS\btath_hcrp.sys [2011-09-16 14:00:04 167584]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\system32\DRIVERS\btath_lwflt.sys [2011-09-16 14:00:34 68256]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\system32\DRIVERS\btath_rcp.sys [2011-09-16 14:00:50 280992]
R3 cphs;Intel(R) Content Protection HECI Service;C:\Windows\SysWow64\IntelCpHeciSvc.exe [2012-03-19 21:44:20 276248]
R3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 03:23:48 71168]
R3 hhdspmc64;HHD Software Serial Port Monitoring Control Filter Driver;C:\Windows\system32\DRIVERS\hhdspmc64.sys [2010-10-13 11:10:22 39472]
R3 lvalarmk;lvalarmk;C:\Windows\system32\drivers\lvalarmk.sys [2008-12-05 14:21:30 25224]
R3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-17 21:14:05 114144]
R3 ni1006k;NI PXI-1006 Chassis Pilot;C:\Windows\system32\drivers\ni1006k.sys [2011-04-08 16:21:06 30800]
R3 ni1045k;NI PXI-1045 Chassis Pilot;C:\Windows\system32\drivers\ni1045kl.sys [2011-04-08 16:21:08 11856]
R3 ni1065k;NI PXIe-1065 Chassis Pilot;C:\Windows\system32\drivers\ni1065k.sys [2011-04-08 16:21:10 26704]
R3 nicdrk;nicdrk;C:\Windows\system32\drivers\nicdrkl.sys [2010-08-12 19:36:20 11864]
R3 nicmrk;nicmrk;C:\Windows\system32\drivers\nicmrkl.sys [2011-04-01 12:54:30 12976]
R3 nicondrk;nicondrk;C:\Windows\system32\drivers\nicondrkl.sys [2011-04-01 13:09:28 12936]
R3 nicsrk;nicsrk;C:\Windows\system32\drivers\nicsrkl.sys [2011-04-01 13:56:52 12944]
R3 nidmxfk;nidmxfk;C:\Windows\system32\drivers\nidmxfkl.sys [2011-03-22 21:52:14 12944]
R3 nidsark;nidsark;C:\Windows\system32\drivers\nidsarkl.sys [2011-03-23 13:59:50 12952]
R3 niemrk;niemrk;C:\Windows\system32\drivers\niemrkl.sys [2011-03-23 12:24:22 12944]
R3 niesrk;niesrk;C:\Windows\system32\drivers\niesrkl.sys [2011-03-23 09:08:24 12944]
R3 nifslk;nifslk;C:\Windows\system32\drivers\nifslkl.sys [2011-06-15 08:41:26 12960]
R3 nimsdrk;nimsdrk;C:\Windows\system32\drivers\nimsdrkl.sys [2011-03-22 22:50:56 13000]
R3 nimxpk;nimxpk;C:\Windows\system32\drivers\nimxpkl.sys [2011-03-22 21:21:28 12976]
R3 ninshsdk;ninshsdk;C:\Windows\system32\drivers\ninshsdkl.sys [2010-07-14 09:03:38 12968]
R3 nipalfwedl;nipalfwedl;C:\Windows\system32\drivers\nipalfwedl.sys [2011-06-29 11:50:00 12992]
R3 nipalusbedl;nipalusbedl;C:\Windows\system32\drivers\nipalusbedl.sys [2011-06-29 11:48:26 12992]
R3 nipxigpk;NI PXI Generic Chassis Pilot;C:\Windows\system32\drivers\nipxigpk.sys [2010-06-14 12:30:30 22680]
R3 niraptrk;niraptrk;C:\Windows\system32\drivers\niraptrkl.sys [2011-04-01 13:24:38 12936]
R3 niscdk;niscdk;C:\Windows\system32\drivers\niscdkl.sys [2010-07-12 19:42:36 12984]
R3 nisdigk;nisdigk;C:\Windows\system32\drivers\nisdigkl.sys [2010-10-01 07:52:04 12960]
R3 nisftk;nisftk;C:\Windows\system32\drivers\nisftkl.sys [2010-07-14 09:26:10 12952]
R3 nispdk;nispdk;C:\Windows\system32\drivers\nispdkl.sys [2010-07-12 19:54:06 12984]
R3 nissrk;nissrk;C:\Windows\system32\drivers\nissrkl.sys [2011-03-23 09:31:26 12944]
R3 nistc2k;nistc2k;C:\Windows\system32\drivers\nistc2kl.sys [2009-01-05 08:19:30 11824]
R3 nistc3rk;nistc3rk;C:\Windows\system32\drivers\nistc3rkl.sys [2011-03-23 08:49:40 12936]
R3 nistcrk;nistcrk;C:\Windows\system32\drivers\nistcrkl.sys [2009-08-31 12:15:48 11872]
R3 niswdk;niswdk;C:\Windows\system32\drivers\niswdkl.sys [2011-03-23 17:43:52 12936]
R3 nitiork;nitiork;C:\Windows\system32\drivers\nitiorkl.sys [2011-03-23 08:23:08 12968]
R3 niufurk;niufurk;C:\Windows\system32\drivers\niufurkl.sys [2011-03-23 13:38:54 12968]
R3 niwfrk;niwfrk;C:\Windows\system32\drivers\niwfrkl.sys [2011-03-23 09:47:06 12944]
R3 nixsrk;nixsrk;C:\Windows\system32\drivers\nixsrkl.sys [2011-03-23 12:56:34 12944]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys [2011-03-03 19:29:20 174184]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 19:34:24 4925184]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 03:24:33 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 03:23:47 31232]
R3 usb6xxxk;usb6xxxk;C:\Windows\system32\drivers\usb6xxxkl.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 00:07:28 17920]
R4 NIApplicationWebServer64;NI Application Web Server (64-bit);C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [2011-05-27 11:43:58 68256]
S0 nipbcfk;National Instruments Class Upper Filter Driver;C:\Windows\System32\drivers\nipbcfk.sys [2010-03-24 10:27:44 16984]
S0 nipxibaf;National Instruments PXI Bridge Access Driver;C:\Windows\System32\drivers\nipxibaf.sys [2011-04-08 16:21:04 82568]
S0 nipxibrc;National Instruments PXI Bridge Configuration Driver;C:\Windows\System32\drivers\nipxibrc.sys [2011-04-08 16:21:06 54424]
S0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys [2011-06-05 17:52:00 25960]
S1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys [2011-09-16 14:08:07 27760]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2012-05-04 14:16:13 283200]
S1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 00:07:22 59904]
S2 ANSYS, Inc. License Manager;ANSYS, Inc. License Manager;C:\Program Files\ANSYS Inc\Shared Files\Licensing\winx64\ansysli_server.exe [2009-04-14 10:56:11 3536896]
S2 AntiVirSchedulerService;Avira Planer;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 16:26:34 86224]
S2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [2011-09-16 13:52:06 105120]
S2 CxAudMsg;Conexant Audio Message Service;C:\Windows\system32\CxAudMsg64.exe [2011-05-05 15:08:04 198784]
S2 DirMngr;DirMngr;C:\Program Files (x86)\GnuPG\dirmngr.exe [2012-05-02 15:08:40 221696]
S2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2012-01-19 15:07:54 355920]
S2 EgisTec Service;EgisTec Service;C:\Program Files (x86)\Acer Bio Protection\EgisService.exe [2010-11-05 20:42:30 315248]
S2 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-11-05 20:41:40 257904]
S2 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys);C:\Windows\system32\Drivers\FPSensor.sys [2010-10-31 08:36:56 35952]
S2 GslShmSrvc;GSL Share Memory;C:\Program Files (x86)\Gemalto\Classic Client\BIN\GslShmSrvc.exe [2009-02-26 12:45:34 69632]
S2 ni488enumsvc;NI-488.2 Enumeration Service;C:\Windows\SysWOW64\nipalsm.exe [2010-03-24 13:23:06 12696]
S2 NIApplicationWebServer;NI Application Web Server;C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [2011-05-27 11:43:48 50336]
S2 nidevldu;NI Device Loader;C:\Windows\SysWOW64\nipalsm.exe [2010-03-24 13:23:06 12696]
S2 niLXIDiscovery;National Instruments LXI Discovery Service;C:\Program Files (x86)\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe [2011-06-20 12:53:08 233664]
S2 nimDNSResponder;National Instruments mDNS Responder Service;C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [2011-06-01 14:32:14 194224]
S2 NINetworkDiscovery;NI Network Discovery;C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe [2011-06-10 12:11:20 121032]
S2 nipxirmk;nipxirmk;C:\Windows\system32\drivers\nipxirmkl.sys [2010-07-13 15:32:46 11928]
S2 NiViPxiK;NI-VISA PXI Driver;C:\Windows\system32\drivers\NiViPxiKl.sys [2011-08-17 14:52:22 12968]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-06-05 03:31:30 378472]
S2 tvnserver;TightVNC Server;C:\Program Files\TightVNC\tvnserver.exe [2012-04-26 19:45:06 1633296]
S3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\DRIVERS\btath_bus.sys [2011-09-16 13:59:32 30368]
S3 GemCCID;GemCCID;C:\Windows\system32\Drivers\GemCCID.sys [2009-08-10 10:07:40 119680]
S3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys [2010-10-19 21:34:26 56344]
S3 ni488lock;NI-488.2 Locking Service;C:\Windows\system32\drivers\ni488lock.sys [2010-07-27 18:29:00 18568]
S3 nidimk;nidimk;C:\Windows\system32\drivers\nidimkl.sys [2010-06-11 12:32:32 11944]
S3 NIEthernetDeviceEnumerator;NI Ethernet Device Enumerator Driver;C:\Windows\system32\DRIVERS\niede.sys [2010-06-15 15:15:46 38064]
S3 nimru2k;nimru2k;C:\Windows\system32\drivers\nimru2kl.sys [2009-08-24 13:08:28 11872]
S3 nimstsk;nimstsk;C:\Windows\system32\drivers\nimstskl.sys [2011-03-22 21:18:44 12968]
S3 NiViPciK;NI-VISA PCI Driver;C:\Windows\system32\drivers\NiViPciKl.sys [2011-08-17 14:51:16 12968]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys [2010-11-19 08:34:26 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys [2010-11-19 08:34:26 181248]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys [2010-12-08 11:30:08 329832]


--- Andere Dienste/Treiber im Speicher ---

*NewlyCreated* - WS2IFSL

Inhalt des "geplante Tasks" Ordners

2012-07-25 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1075945210-3722903961-1690909599-1000Core.job
- C:\Users\Tobi\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-05 19:22:10 . 2012-05-05 19:22:10]

2012-07-26 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1075945210-3722903961-1690909599-1000UA.job
- C:\Users\Tobi\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-05 19:22:10 . 2012-05-05 19:22:10]


--------- X64 Entries -----------


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20:44	75544	----a-w-	C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20:44	75544	----a-w-	C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20:44	75544	----a-w-	C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20:44	75544	----a-w-	C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20:44	75544	----a-w-	C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20:44	75544	----a-w-	C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20:44	75544	----a-w-	C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20:44	75544	----a-w-	C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20:44	75544	----a-w-	C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32:50	97792	----a-w-	C:\Users\Tobi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32:50	97792	----a-w-	C:\Users\Tobi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32:50	97792	----a-w-	C:\Users\Tobi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32:50	97792	----a-w-	C:\Users\Tobi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2012-03-19 21:44:20 170264]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2012-03-19 21:44:20 398616]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2012-03-19 21:44:20 439064]
"cAudioFilterAgent"="C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2011-05-06 21:03:40 524928]
"AtherosBtStack"="C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" [2011-09-16 13:56:12 976032]
"AthBtTray"="C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-09-16 13:52:36 799904]
"EvtMgr6"="C:\Program Files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 09:38:38 1744152]
"tvncontrol"="C:\Program Files\TightVNC\tvnserver.exe" [2012-04-26 19:45:06 1633296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=C:\Windows\System32\nvinitx.dll
         


Alt 26.07.2012, 12:21   #6
markusg
/// Malware-holic
 
Bundespolizei - Trojaner 1.13 - Window 7 - Standard

Bundespolizei - Trojaner 1.13 - Window 7



das log scheint unvollständig, hänge es mal als txt an
__________________
--> Bundespolizei - Trojaner 1.13 - Window 7

Alt 26.07.2012, 12:36   #7
ibot87
 
Bundespolizei - Trojaner 1.13 - Window 7 - Standard

Bundespolizei - Trojaner 1.13 - Window 7



hmm, komisch.. Zur not kann ich es auch nochmal ausführen

Alt 26.07.2012, 12:56   #8
markusg
/// Malware-holic
 
Bundespolizei - Trojaner 1.13 - Window 7 - Standard

Bundespolizei - Trojaner 1.13 - Window 7



starte mal neu, drücke f8 wähle abgesicherter modus mit netzwerk, melde dich in deinem konto an und versuchs da erneut
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 29.07.2012, 19:03   #9
ibot87
 
Bundespolizei - Trojaner 1.13 - Window 7 - Standard

Bundespolizei - Trojaner 1.13 - Window 7



Hat etwas gedauert, aber hier ist die komplette Log-Datei:

Combofix Logfile:
Code:
ATTFilter
ComboFix 12-07-27.03 - Tobi 27.07.2012  21:31:25.3.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.8040.6047 [GMT 2:00]
ausgeführt von:: c:\users\Tobi\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-06-27 bis 2012-07-27  ))))))))))))))))))))))))))))))
.
.
2012-07-27 19:34 . 2012-07-27 19:34	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2012-07-27 19:34 . 2012-07-27 19:34	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-07-27 05:47 . 2012-07-27 05:49	--------	d-----w-	c:\users\Tobi\AppData\Roaming\Swiss Academic Software
2012-07-27 05:47 . 2012-07-27 05:47	--------	d-----w-	c:\program files (x86)\Citavi 3
2012-07-27 05:46 . 2012-07-27 05:47	--------	d-----w-	c:\programdata\Swiss Academic Software
2012-07-24 16:41 . 2012-07-24 16:49	--------	d-----w-	C:\_OTL
2012-07-24 11:23 . 2012-07-24 11:23	--------	d-----w-	c:\program files (x86)\IrfanView
2012-07-24 07:15 . 2012-07-24 07:15	--------	d-----w-	c:\users\Tobi\AppData\Roaming\Malwarebytes
2012-07-24 07:15 . 2012-07-24 07:15	--------	d-----w-	c:\programdata\Malwarebytes
2012-07-24 07:15 . 2012-07-24 07:16	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-24 07:15 . 2012-07-03 11:46	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-07-24 06:47 . 2012-07-24 06:47	--------	d-----w-	c:\programdata\lqdenbynwxmheay
2012-07-24 06:37 . 2012-06-29 10:04	9133488	------w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{A3C862D2-CFEE-4834-B34E-EF91B080F0A2}\mpengine.dll
2012-07-20 17:22 . 2012-07-17 21:13	73696	----a-w-	c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-07-19 15:29 . 2012-07-19 15:29	--------	d-----w-	C:\Campus EM Griechenland
2012-07-19 15:27 . 2012-07-19 15:34	--------	d-----w-	C:\Fotos Campus EM Dänemark
2012-07-19 13:34 . 2012-07-19 13:34	--------	d-----w-	c:\users\Tobi\AppData\Roaming\MiKTeX
2012-07-19 13:34 . 2012-07-19 13:34	--------	d-----w-	c:\users\Tobi\AppData\Local\MiKTeX
2012-07-19 13:32 . 2012-07-19 13:32	--------	d-----w-	c:\programdata\MiKTeX
2012-07-19 13:32 . 2012-07-19 13:32	--------	d-----w-	c:\program files\MiKTeX 2.9
2012-07-19 11:01 . 2012-07-19 13:29	--------	d-----w-	c:\users\Tobi\AppData\Roaming\xm1
2012-07-19 10:54 . 2012-07-19 10:54	--------	d-----w-	c:\program files (x86)\Texmaker
2012-07-15 20:07 . 2012-07-15 20:07	--------	d-----w-	c:\users\Tobi\AppData\Local\CyberLink
2012-07-15 20:05 . 2012-07-15 20:05	--------	d-----w-	c:\program files (x86)\Acer
2012-07-14 22:14 . 2012-07-14 22:14	--------	d-----w-	c:\users\Tobi\AppData\Local\MetaGeek,_LLC
2012-07-14 22:03 . 2012-07-14 22:03	--------	d-----w-	c:\program files (x86)\MetaGeek
2012-07-11 20:48 . 2012-07-11 20:48	--------	d-----w-	c:\program files (x86)\JKI
2012-07-11 20:48 . 2012-07-11 20:48	--------	d-----w-	c:\programdata\JKI
2012-07-11 05:25 . 2012-07-11 05:25	--------	d-----w-	c:\windows\system32\cvirte
2012-07-11 05:25 . 2012-07-11 05:25	--------	d-----w-	c:\windows\SysWow64\cvirte
2012-07-11 05:24 . 2012-07-11 05:25	--------	d-----w-	c:\programdata\IVI Foundation
2012-07-11 05:24 . 2012-07-11 05:25	--------	d-----w-	c:\program files\IVI Foundation
2012-07-11 05:24 . 2012-07-11 05:25	--------	d-----w-	c:\program files (x86)\IVI Foundation
2012-07-11 05:22 . 2012-07-11 05:22	--------	d-----w-	c:\program files (x86)\HI-TECH Software
2012-07-11 05:22 . 2000-01-28 16:17	557328	----a-w-	c:\program files\Common Files\Microsoft Shared\dao\dao360.dll
2012-07-11 05:16 . 2012-07-11 05:26	--------	d-----w-	c:\program files (x86)\Common Files\Merge Modules
2012-07-11 05:16 . 2012-07-11 05:27	--------	d-----w-	c:\program files\National Instruments
2012-07-11 05:15 . 2012-07-11 06:25	--------	d-----w-	c:\program files (x86)\National Instruments
2012-07-10 17:53 . 2012-06-12 03:08	3148800	----a-w-	c:\windows\system32\win32k.sys
2012-07-10 17:22 . 2012-06-06 06:06	2004480	----a-w-	c:\windows\system32\msxml6.dll
2012-07-09 16:24 . 2012-07-09 16:24	--------	d-----w-	c:\users\Tobi\AppData\Roaming\Arduino
2012-07-09 16:04 . 2012-07-09 16:04	--------	d-----w-	c:\program files (x86)\teraterm
2012-07-09 14:46 . 2012-07-09 14:46	--------	d-----w-	c:\program files (x86)\CommFront
2012-07-09 14:41 . 2012-07-09 14:41	--------	dc----w-	c:\windows\system32\DRVSTORE
2012-07-09 14:41 . 2010-10-13 11:10	39472	----a-w-	c:\windows\system32\drivers\hhdspmc64.sys
2012-07-09 14:41 . 2012-07-09 14:41	--------	d-----w-	c:\program files\HHD Software
2012-07-09 11:19 . 2012-04-02 12:23	154624	----a-w-	c:\windows\system32\drivers\ser2pl64.sys
2012-07-09 11:19 . 2005-08-03 14:05	35892	----a-w-	c:\windows\SysWow64\SER9PL.sys
2012-07-09 11:19 . 2005-08-03 14:04	26719	----a-w-	c:\windows\SysWow64\SERSPL.VXD
2012-07-04 15:08 . 2012-07-04 15:08	--------	d-----w-	c:\users\Tobi\AppData\Local\ElevatedDiagnostics
2012-07-03 15:36 . 2010-02-23 08:16	294912	----a-w-	c:\windows\system32\browserchoice.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-20 17:24 . 2012-05-03 19:46	70344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-20 17:24 . 2012-05-03 19:46	426184	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-10 17:50 . 2012-05-03 16:18	59701280	----a-w-	c:\windows\system32\MRT.exe
2012-06-18 13:17 . 2012-06-18 13:17	871424	----a-w-	c:\program files\Vorlesungsverzeichnis-v1.19.exe
2012-06-02 22:19 . 2012-06-08 22:59	38424	----a-w-	c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-08 22:59	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-08 22:59	57880	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-08 22:59	44056	----a-w-	c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-08 22:59	701976	----a-w-	c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-08 22:59	2622464	----a-w-	c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-08 22:59	99840	----a-w-	c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-08 22:59	186752	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-08 22:59	36864	----a-w-	c:\windows\system32\wuapp.exe
2012-05-31 10:25 . 2010-11-21 03:27	279656	------w-	c:\windows\system32\MpSigStub.exe
2012-05-26 13:45 . 2012-05-26 13:45	119808	----a-r-	c:\users\Tobi\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe
2012-05-24 21:18 . 2012-05-24 21:18	4472832	----a-w-	c:\windows\SysWow64\GPhotos.scr
2012-05-13 12:07 . 2012-05-13 12:07	21840	----atw-	c:\windows\SysWow64\SIntfNT.dll
2012-05-13 12:07 . 2012-05-13 12:07	17212	----atw-	c:\windows\SysWow64\SIntf32.dll
2012-05-13 12:07 . 2012-05-13 12:07	12067	----atw-	c:\windows\SysWow64\SIntf16.dll
2012-05-05 16:08 . 2012-05-05 16:08	65536	----a-r-	c:\users\Tobi\AppData\Roaming\Microsoft\Installer\{FE7EA637-9C65-4D57-9342-DDD98315AA58}\ARPPRODUCTICON.exe
2012-05-04 14:39 . 2012-05-04 14:39	53248	----a-r-	c:\users\Tobi\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-05-04 14:39 . 2012-05-04 14:39	18960	----a-w-	c:\windows\system32\drivers\LNonPnP.sys
2012-05-04 14:16 . 2012-05-04 14:16	283200	----a-w-	c:\windows\system32\drivers\dtsoftbus01.sys
2012-05-04 13:48 . 2012-05-04 13:48	476960	----a-w-	c:\windows\SysWow64\npdeployJava1.dll
2012-05-04 13:48 . 2012-05-04 13:48	472864	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-05-04 13:44 . 2012-05-04 13:44	483328	----a-w-	c:\program files\putty.exe
2012-05-04 11:06 . 2012-06-14 09:43	5559664	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-05-04 11:00 . 2012-06-18 08:34	366592	----a-w-	c:\windows\system32\qdvd.dll
2012-05-04 10:03 . 2012-06-14 09:43	3968368	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-14 09:43	3913072	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2012-05-04 09:59 . 2012-06-18 08:34	514560	----a-w-	c:\windows\SysWow64\qdvd.dll
2012-05-03 16:38 . 2012-05-03 16:38	606000	----a-w-	c:\windows\SysWow64\NBMatS1SDK.dll
2012-05-03 16:32 . 2012-05-03 16:32	91648	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2012-05-03 16:32 . 2012-05-03 16:32	89088	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2012-05-03 16:32 . 2012-05-03 16:32	89088	----a-w-	c:\windows\system32\ie4uinit.exe
2012-05-03 16:32 . 2012-05-03 16:32	86528	----a-w-	c:\windows\SysWow64\iesysprep.dll
2012-05-03 16:32 . 2012-05-03 16:32	82432	----a-w-	c:\windows\system32\icardie.dll
2012-05-03 16:32 . 2012-05-03 16:32	76800	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2012-05-03 16:32 . 2012-05-03 16:32	76800	----a-w-	c:\windows\system32\tdc.ocx
2012-05-03 16:32 . 2012-05-03 16:32	74752	----a-w-	c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-05-03 16:32 . 2012-05-03 16:32	74752	----a-w-	c:\windows\SysWow64\iesetup.dll
2012-05-03 16:32 . 2012-05-03 16:32	65024	----a-w-	c:\windows\system32\pngfilt.dll
2012-05-03 16:32 . 2012-05-03 16:32	63488	----a-w-	c:\windows\SysWow64\tdc.ocx
2012-05-03 16:32 . 2012-05-03 16:32	55296	----a-w-	c:\windows\system32\msfeedsbs.dll
2012-05-03 16:32 . 2012-05-03 16:32	534528	----a-w-	c:\windows\system32\ieapfltr.dll
2012-05-03 16:32 . 2012-05-03 16:32	49664	----a-w-	c:\windows\system32\imgutil.dll
2012-05-03 16:32 . 2012-05-03 16:32	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2012-05-03 16:32 . 2012-05-03 16:32	48640	----a-w-	c:\windows\system32\mshtmler.dll
2012-05-03 16:32 . 2012-05-03 16:32	452608	----a-w-	c:\windows\system32\dxtmsft.dll
2012-05-03 16:32 . 2012-05-03 16:32	448512	----a-w-	c:\windows\system32\html.iec
2012-05-03 16:32 . 2012-05-03 16:32	420864	----a-w-	c:\windows\SysWow64\vbscript.dll
2012-05-03 16:32 . 2012-05-03 16:32	39936	----a-w-	c:\windows\system32\iernonce.dll
2012-05-03 16:32 . 2012-05-03 16:32	3695416	----a-w-	c:\windows\system32\ieapfltr.dat
2012-05-03 16:32 . 2012-05-03 16:32	367104	----a-w-	c:\windows\SysWow64\html.iec
2012-05-03 16:32 . 2012-05-03 16:32	35840	----a-w-	c:\windows\SysWow64\imgutil.dll
2012-05-03 16:32 . 2012-05-03 16:32	282112	----a-w-	c:\windows\system32\dxtrans.dll
2012-05-03 16:32 . 2012-05-03 16:32	267776	----a-w-	c:\windows\system32\ieaksie.dll
2012-05-03 16:32 . 2012-05-03 16:32	23552	----a-w-	c:\windows\SysWow64\licmgr10.dll
2012-05-03 16:32 . 2012-05-03 16:32	222208	----a-w-	c:\windows\system32\msls31.dll
2012-05-03 16:32 . 2012-05-03 16:32	197120	----a-w-	c:\windows\system32\msrating.dll
2012-05-03 16:32 . 2012-05-03 16:32	163840	----a-w-	c:\windows\system32\ieakui.dll
2012-05-03 16:32 . 2012-05-03 16:32	161792	----a-w-	c:\windows\SysWow64\msls31.dll
2012-05-03 16:32 . 2012-05-03 16:32	160256	----a-w-	c:\windows\system32\ieakeng.dll
2012-05-03 16:32 . 2012-05-03 16:32	152064	----a-w-	c:\windows\SysWow64\wextract.exe
2012-05-03 16:32 . 2012-05-03 16:32	150528	----a-w-	c:\windows\SysWow64\iexpress.exe
2012-05-03 16:32 . 2012-05-03 16:32	149504	----a-w-	c:\windows\system32\occache.dll
2012-05-03 16:32 . 2012-05-03 16:32	145920	----a-w-	c:\windows\system32\iepeers.dll
2012-05-03 16:32 . 2012-05-03 16:32	135168	----a-w-	c:\windows\system32\IEAdvpack.dll
2012-05-03 16:32 . 2012-05-03 16:32	12288	----a-w-	c:\windows\system32\mshta.exe
2012-05-03 16:32 . 2012-05-03 16:32	11776	----a-w-	c:\windows\SysWow64\mshta.exe
2012-05-03 16:32 . 2012-05-03 16:32	114176	----a-w-	c:\windows\system32\admparse.dll
2012-05-03 16:32 . 2012-05-03 16:32	111616	----a-w-	c:\windows\system32\iesysprep.dll
2012-05-03 16:32 . 2012-05-03 16:32	110592	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2012-05-03 16:32 . 2012-05-03 16:32	10752	----a-w-	c:\windows\system32\msfeedssync.exe
2012-05-03 16:32 . 2012-05-03 16:32	101888	----a-w-	c:\windows\SysWow64\admparse.dll
2012-05-03 16:32 . 2012-05-03 16:32	85504	----a-w-	c:\windows\system32\iesetup.dll
2012-05-03 16:32 . 2012-05-03 16:32	697344	----a-w-	c:\windows\system32\msfeeds.dll
2012-05-03 16:32 . 2012-05-03 16:32	603648	----a-w-	c:\windows\system32\vbscript.dll
2012-05-03 16:32 . 2012-05-03 16:32	403248	----a-w-	c:\windows\system32\iedkcs32.dll
2012-05-03 16:32 . 2012-05-03 16:32	30720	----a-w-	c:\windows\system32\licmgr10.dll
2012-05-03 16:32 . 2012-05-03 16:32	249344	----a-w-	c:\windows\system32\webcheck.dll
2012-05-03 16:32 . 2012-05-03 16:32	165888	----a-w-	c:\windows\system32\iexpress.exe
2012-05-03 16:32 . 2012-05-03 16:32	160256	----a-w-	c:\windows\system32\wextract.exe
2012-05-03 16:32 . 2012-05-03 16:32	103936	----a-w-	c:\windows\system32\inseng.dll
2012-05-03 16:11 . 2012-05-03 16:11	95544	----a-w-	c:\windows\system32\bcmwlcoi.dll
2012-05-03 16:11 . 2012-05-03 16:11	6656	----a-w-	c:\windows\system32\bcmwlrc.dll
2012-05-03 16:11 . 2012-05-03 16:11	4720704	----a-w-	c:\windows\system32\drivers\BCMWL664.SYS
2012-05-03 16:11 . 2012-05-03 16:11	3905848	----a-w-	c:\windows\system32\bcmihvsrv64.dll
2012-05-03 16:11 . 2012-05-03 16:11	3571512	----a-w-	c:\windows\system32\bcmihvui64.dll
2012-05-01 05:40 . 2012-06-14 09:43	209920	----a-w-	c:\windows\system32\profsvc.dll
2012-04-11 09:55 . 2012-05-04 15:23	1157352	----a-w-	c:\program files\netscan.exe
.
.
(((((((((((((((((((((((((((((   SnapShot@2012-07-26_10.41.48   )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-07-26 12:53	49302              c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-27 15:06	35348              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-07-27 05:46 . 2012-07-27 05:46	86912              c:\windows\Installer\{e12c6653-1ff0-4686-adb8-589c13ae761f}\_6FEFF9B68218417F98F549.exe
+ 2012-05-03 16:14 . 2012-07-27 15:06	4738              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1075945210-3722903961-1690909599-1000_UserData.bin
+ 2012-07-27 15:12 . 2012-07-27 15:12	9560              c:\windows\system32\NetworkList\Icons\{B208BEBC-1BCD-4EF9-96D6-73DB6130E80A}_48.bin
+ 2012-07-27 15:12 . 2012-07-27 15:12	4280              c:\windows\system32\NetworkList\Icons\{B208BEBC-1BCD-4EF9-96D6-73DB6130E80A}_32.bin
+ 2012-07-27 15:12 . 2012-07-27 15:12	2456              c:\windows\system32\NetworkList\Icons\{B208BEBC-1BCD-4EF9-96D6-73DB6130E80A}_24.bin
+ 2012-07-26 16:34 . 2012-07-26 16:34	9560              c:\windows\system32\NetworkList\Icons\{374FB214-CFFA-478C-B924-41BA059357DF}_48.bin
+ 2012-07-26 16:34 . 2012-07-26 16:34	4280              c:\windows\system32\NetworkList\Icons\{374FB214-CFFA-478C-B924-41BA059357DF}_32.bin
+ 2012-07-26 16:34 . 2012-07-26 16:34	2456              c:\windows\system32\NetworkList\Icons\{374FB214-CFFA-478C-B924-41BA059357DF}_24.bin
+ 2012-07-27 16:28 . 2012-07-27 16:28	9560              c:\windows\system32\NetworkList\Icons\{2F246B04-1756-44CE-B5E0-2D7ADF293A9F}_48.bin
+ 2012-07-27 16:28 . 2012-07-27 16:28	4280              c:\windows\system32\NetworkList\Icons\{2F246B04-1756-44CE-B5E0-2D7ADF293A9F}_32.bin
+ 2012-07-27 16:28 . 2012-07-27 16:28	2456              c:\windows\system32\NetworkList\Icons\{2F246B04-1756-44CE-B5E0-2D7ADF293A9F}_24.bin
+ 2012-07-27 15:49 . 2012-07-27 15:49	9560              c:\windows\system32\NetworkList\Icons\{2A8331D7-E73C-4310-A5AF-58536D584B0F}_48.bin
+ 2012-07-27 15:49 . 2012-07-27 15:49	4280              c:\windows\system32\NetworkList\Icons\{2A8331D7-E73C-4310-A5AF-58536D584B0F}_32.bin
+ 2012-07-27 15:49 . 2012-07-27 15:49	2456              c:\windows\system32\NetworkList\Icons\{2A8331D7-E73C-4310-A5AF-58536D584B0F}_24.bin
+ 2012-07-27 19:27 . 2012-07-27 19:28	1736              c:\windows\SoftwareDistribution\EventCache\{C39EBC08-38D3-4E81-B271-AC07FAAF5948}.bin
- 2012-07-26 10:40 . 2012-07-26 10:40	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-27 15:04 . 2012-07-27 15:04	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-26 10:40 . 2012-07-26 10:40	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-27 15:04 . 2012-07-27 15:04	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-05-05 15:47 . 2012-07-27 19:16	327596              c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
- 2009-07-14 02:36 . 2012-07-25 14:53	652148              c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-27 15:08	652148              c:\windows\system32\perfh009.dat
- 2011-04-12 07:43 . 2012-07-25 14:53	696870              c:\windows\system32\perfh007.dat
+ 2011-04-12 07:43 . 2012-07-27 15:08	696870              c:\windows\system32\perfh007.dat
- 2009-07-14 02:36 . 2012-07-25 14:53	121080              c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-07-27 15:08	121080              c:\windows\system32\perfc009.dat
+ 2011-04-12 07:43 . 2012-07-27 15:08	148134              c:\windows\system32\perfc007.dat
- 2011-04-12 07:43 . 2012-07-25 14:53	148134              c:\windows\system32\perfc007.dat
- 2009-07-14 05:01 . 2012-07-26 10:40	396900              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-07-27 15:03	396900              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-05-03 16:30 . 2012-07-27 15:03	54670204              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1075945210-3722903961-1690909599-1000-8192.dat
- 2012-05-03 16:30 . 2012-07-26 10:40	54670204              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1075945210-3722903961-1690909599-1000-8192.dat
+ 2012-07-27 05:46 . 2012-07-27 05:46	70992896              c:\windows\Installer\2f0566c.msi
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32	94208	----a-w-	c:\users\Tobi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32	94208	----a-w-	c:\users\Tobi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32	94208	----a-w-	c:\users\Tobi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StrokeIt"="c:\program files (x86)\StrokeIt\StrokeIt.exe" [2010-01-03 26248]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-03 17417392]
"Akamai NetSession Interface"="c:\users\Tobi\AppData\Local\Akamai\netsession_win.exe" [BU]
"NIRegistrationWizard"="c:\program files (x86)\National Instruments\Shared\RegistrationWizard\Bin\RegistrationWizard.exe" [2010-06-21 846520]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-10-19 407920]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-10-19 201584]
"VitaKeyTSR"="c:\program files (x86)\Acer Bio Protection\EgisTSR.exe" [2010-11-05 189296]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2012-01-19 1106512]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"RegTool"="c:\program files (x86)\Gemalto\Classic Client\BIN\RegTool.exe" [2009-11-06 861696]
"NI Update Service"="c:\program files (x86)\National Instruments\Shared\Update Service\NIUpdateService.exe" [2011-06-07 3002976]
"niDevMon"="c:\program files (x86)\National Instruments\NI-DAQ\HWConfig\nidevmon.exe" [2010-04-20 109712]
.
c:\users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Dropbox.lnk - c:\users\Tobi\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
Psi.lnk - c:\program files (x86)\Psi\Psi.exe [2009-12-3 8456704]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NI Error Reporting.lnk - c:\program files (x86)\National Instruments\Shared\NI Error Reporting\nierserver.exe [2011-6-19 619672]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
R2 ANSYS, Inc. License Manager;ANSYS, Inc. License Manager;c:\program files\ANSYS Inc\Shared Files\Licensing\winx64\ansysli_server.exe [2009-04-14 3536896]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DirMngr;DirMngr;c:\program files (x86)\GnuPG\dirmngr.exe [2012-05-02 221696]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-09-16 36000]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-09-16 330912]
R3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [2011-09-16 110240]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-09-16 167584]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-09-16 68256]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-09-16 280992]
R3 cphs;Intel(R) Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-03-19 276248]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 hhdspmc64;HHD Software Serial Port Monitoring Control Filter Driver;c:\windows\system32\DRIVERS\hhdspmc64.sys [2010-10-13 39472]
R3 lvalarmk;lvalarmk;c:\windows\system32\drivers\lvalarmk.sys [2008-12-05 25224]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-17 114144]
R3 ni1006k;NI PXI-1006 Chassis Pilot;c:\windows\system32\drivers\ni1006k.sys [2011-04-08 30800]
R3 ni1045k;NI PXI-1045 Chassis Pilot;c:\windows\system32\drivers\ni1045kl.sys [2011-04-08 11856]
R3 ni1065k;NI PXIe-1065 Chassis Pilot;c:\windows\system32\drivers\ni1065k.sys [2011-04-08 26704]
R3 nicdrk;nicdrk;c:\windows\system32\drivers\nicdrkl.sys [2010-08-12 11864]
R3 nicmrk;nicmrk;c:\windows\system32\drivers\nicmrkl.sys [2011-04-01 12976]
R3 nicondrk;nicondrk;c:\windows\system32\drivers\nicondrkl.sys [2011-04-01 12936]
R3 nicsrk;nicsrk;c:\windows\system32\drivers\nicsrkl.sys [2011-04-01 12944]
R3 nidmxfk;nidmxfk;c:\windows\system32\drivers\nidmxfkl.sys [2011-03-22 12944]
R3 nidsark;nidsark;c:\windows\system32\drivers\nidsarkl.sys [2011-03-23 12952]
R3 niemrk;niemrk;c:\windows\system32\drivers\niemrkl.sys [2011-03-23 12944]
R3 niesrk;niesrk;c:\windows\system32\drivers\niesrkl.sys [2011-03-23 12944]
R3 nifslk;nifslk;c:\windows\system32\drivers\nifslkl.sys [2011-06-15 12960]
R3 nimsdrk;nimsdrk;c:\windows\system32\drivers\nimsdrkl.sys [2011-03-22 13000]
R3 nimxpk;nimxpk;c:\windows\system32\drivers\nimxpkl.sys [2011-03-22 12976]
R3 ninshsdk;ninshsdk;c:\windows\system32\drivers\ninshsdkl.sys [2010-07-14 12968]
R3 nipalfwedl;nipalfwedl;c:\windows\system32\drivers\nipalfwedl.sys [2011-06-29 12992]
R3 nipalusbedl;nipalusbedl;c:\windows\system32\drivers\nipalusbedl.sys [2011-06-29 12992]
R3 nipxigpk;NI PXI Generic Chassis Pilot;c:\windows\system32\drivers\nipxigpk.sys [2010-06-14 22680]
R3 niraptrk;niraptrk;c:\windows\system32\drivers\niraptrkl.sys [2011-04-01 12936]
R3 niscdk;niscdk;c:\windows\system32\drivers\niscdkl.sys [2010-07-12 12984]
R3 nisdigk;nisdigk;c:\windows\system32\drivers\nisdigkl.sys [2010-10-01 12960]
R3 nisftk;nisftk;c:\windows\system32\drivers\nisftkl.sys [2010-07-14 12952]
R3 nispdk;nispdk;c:\windows\system32\drivers\nispdkl.sys [2010-07-12 12984]
R3 nissrk;nissrk;c:\windows\system32\drivers\nissrkl.sys [2011-03-23 12944]
R3 nistc2k;nistc2k;c:\windows\system32\drivers\nistc2kl.sys [2009-01-05 11824]
R3 nistc3rk;nistc3rk;c:\windows\system32\drivers\nistc3rkl.sys [2011-03-23 12936]
R3 nistcrk;nistcrk;c:\windows\system32\drivers\nistcrkl.sys [2009-08-31 11872]
R3 niswdk;niswdk;c:\windows\system32\drivers\niswdkl.sys [2011-03-23 12936]
R3 nitiork;nitiork;c:\windows\system32\drivers\nitiorkl.sys [2011-03-23 12968]
R3 niufurk;niufurk;c:\windows\system32\drivers\niufurkl.sys [2011-03-23 12968]
R3 niwfrk;niwfrk;c:\windows\system32\drivers\niwfrkl.sys [2011-03-23 12944]
R3 nixsrk;nixsrk;c:\windows\system32\drivers\nixsrkl.sys [2011-03-23 12944]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2011-03-03 174184]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 usb6xxxk;usb6xxxk;c:\windows\system32\drivers\usb6xxxkl.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R4 NIApplicationWebServer64;NI Application Web Server (64-bit);c:\program files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [2011-05-27 68256]
S0 nipbcfk;National Instruments Class Upper Filter Driver;c:\windows\System32\drivers\nipbcfk.sys [2010-03-24 16984]
S0 nipxibaf;National Instruments PXI Bridge Access Driver;c:\windows\System32\drivers\nipxibaf.sys [2011-04-08 82568]
S0 nipxibrc;National Instruments PXI Bridge Configuration Driver;c:\windows\System32\drivers\nipxibrc.sys [2011-04-08 54424]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-06-05 25960]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-05-04 283200]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-09-16 105120]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe [2011-05-05 198784]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2012-01-19 355920]
S2 EgisTec Service;EgisTec Service;c:\program files (x86)\Acer Bio Protection\EgisService.exe [2010-11-05 315248]
S2 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-11-05 257904]
S2 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys);c:\windows\system32\Drivers\FPSensor.sys [2010-10-31 35952]
S2 GslShmSrvc;GSL Share Memory;c:\program files (x86)\Gemalto\Classic Client\BIN\GslShmSrvc.exe [2009-02-26 69632]
S2 ni488enumsvc;NI-488.2 Enumeration Service;c:\windows\SysWOW64\nipalsm.exe [2010-03-24 12696]
S2 NIApplicationWebServer;NI Application Web Server;c:\program files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [2011-05-27 50336]
S2 nidevldu;NI Device Loader;c:\windows\SysWOW64\nipalsm.exe [2010-03-24 12696]
S2 niLXIDiscovery;National Instruments LXI Discovery Service;c:\program files (x86)\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe [2011-06-20 233664]
S2 nimDNSResponder;National Instruments mDNS Responder Service;c:\program files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [2011-06-01 194224]
S2 NINetworkDiscovery;NI Network Discovery;c:\program files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe [2011-06-10 121032]
S2 nipxirmk;nipxirmk;c:\windows\system32\drivers\nipxirmkl.sys [2010-07-13 11928]
S2 NiViPxiK;NI-VISA PXI Driver;c:\windows\system32\drivers\NiViPxiKl.sys [2011-08-17 12968]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-06-05 1997416]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-06-05 378472]
S2 tvnserver;TightVNC Server;c:\program files\TightVNC\tvnserver.exe [2012-04-26 1633296]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-22 2656280]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-09-16 30368]
S3 GemCCID;GemCCID;c:\windows\system32\Drivers\GemCCID.sys [2009-08-10 119680]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 ni488lock;NI-488.2 Locking Service;c:\windows\system32\drivers\ni488lock.sys [2010-07-27 18568]
S3 nidimk;nidimk;c:\windows\system32\drivers\nidimkl.sys [2010-06-11 11944]
S3 NIEthernetDeviceEnumerator;NI Ethernet Device Enumerator Driver;c:\windows\system32\DRIVERS\niede.sys [2010-06-15 38064]
S3 nimru2k;nimru2k;c:\windows\system32\drivers\nimru2kl.sys [2009-08-24 11872]
S3 nimstsk;nimstsk;c:\windows\system32\drivers\nimstskl.sys [2011-03-22 12968]
S3 NiViPciK;NI-VISA PCI Driver;c:\windows\system32\drivers\NiViPciKl.sys [2011-08-17 12968]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-11-19 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-11-19 181248]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2010-12-08 329832]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1075945210-3722903961-1690909599-1000Core.job
- c:\users\Tobi\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-05 19:22]
.
2012-07-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1075945210-3722903961-1690909599-1000UA.job
- c:\users\Tobi\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-05 19:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32	97792	----a-w-	c:\users\Tobi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32	97792	----a-w-	c:\users\Tobi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32	97792	----a-w-	c:\users\Tobi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32	97792	----a-w-	c:\users\Tobi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-19 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-19 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-19 439064]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2011-05-06 524928]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-09-16 976032]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-09-16 799904]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
"tvncontrol"="c:\program files\TightVNC\tvnserver.exe" [2012-04-26 1633296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.funmoods.com/?f=1&a=ddrnw
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\vtifbk7n.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.ftp - 141.24.53.249
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.gopher - www-proxy.t-online.de
FF - prefs.js: network.proxy.gopher_port - 80
FF - prefs.js: network.proxy.http - 141.24.53.249
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - 141.24.53.249
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - 141.24.53.249
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.funmoods_i.hmpg - true
FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=ddrnw
FF - user.js: extensions.funmoods_i.dfltSrch - true
FF - user.js: extensions.funmoods_i.srchPrvdr - Search
FF - user.js: extensions.funmoods_i.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods_i.newTabUrl - hxxp://start.funmoods.com/?f=2&a=ddrnw
FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=ddrnw&q=
FF - user.js: extensions.funmoods_i.id - 4cfb558600000000000000ff5f08a7ee
FF - user.js: extensions.funmoods_i.instlDay - 15466
FF - user.js: extensions.funmoods_i.vrsn - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsni - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.11.1622:16
FF - user.js: extensions.funmoods_i.prtnrId - funmoods
FF - user.js: extensions.funmoods_i.prdct - funmoods
FF - user.js: extensions.funmoods_i.aflt - ddrnw
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods_i.tlbrId - base
FF - user.js: extensions.funmoods_i.instlRef - 
FF - user.js: extensions.funmoods_i.dfltLng - 
FF - user.js: extensions.funmoods_i.excTlbr - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-combofix - c:\combofix\CF16140.3XE
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-07-27  22:31:59
ComboFix-quarantined-files.txt  2012-07-27 20:31
.
Vor Suchlauf: 20 Verzeichnis(se), 33,530,179,584 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 33,339,035,648 Bytes frei
.
- - End Of File - - 4D1C4032C2A4A0F7E11C8BEA142263DE
         
--- --- ---

Alt 30.07.2012, 20:08   #10
markusg
/// Malware-holic
 
Bundespolizei - Trojaner 1.13 - Window 7 - Standard

Bundespolizei - Trojaner 1.13 - Window 7



hi
lade den CCleaner standard:
CCleaner Download - CCleaner 3.21.1767
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 30.07.2012, 20:37   #11
ibot87
 
Bundespolizei - Trojaner 1.13 - Window 7 - Standard

Bundespolizei - Trojaner 1.13 - Window 7



servus,

hier ist die Liste vom CCCleaner:

Code:
ATTFilter
232Analyzer	CommFront Communications	09.07.2012	4.76MB	5.6.0.0  notwendig
7-Zip 9.20 (x64 edition)	Igor Pavlov	03.05.2012	4.53MB	9.20.00.0  notwendig
Acer Bio Protection	Egis Technology Inc.	03.05.2012	23.3MB	7.0.60.0  notwendig
Acer Crystal Eye Webcam	CyberLink Corp.	15.07.2012	42.4MB	1.5.2904.00  notwendig
Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	20.07.2012	6.00MB	11.3.300.265  notwendig
Adobe Photoshop CS2	Adobe Systems, Inc.	15.05.2012		9.0  notwendig
Bluetooth Win7 Suite (64)	Atheros Communications	03.05.2012	118MB	7.4.0.96  notwendig
Broadcom 802.11 Network Adapter	Broadcom Corporation	03.05.2012		5.100.235.19  notwendig
Broadcom Gigabit Integrated Controller	Broadcom Corporation	03.05.2012	1.58MB	14.6.1.5  notwendig
CCleaner	Piriform	24.07.2012		3.21  notwendig
Citavi	Swiss Academic Software	27.07.2012	69.2MB	3.2.0.0  notwendig
Classic Client 6.0 for 64 bits	Gemalto	24.06.2012	38.5MB	6.00.000.002  notwendig
Conexant HD Audio	Conexant	03.05.2012		8.54.6.0  notwendig
DAEMON Tools Lite	DT Soft Ltd	04.05.2012		4.45.4.0315  notwendig
Dropbox	Dropbox, Inc.	27.05.2012		1.4.7  notwendig
EgisTec ES603 WDM Driver	Egis Technology Inc.	03.05.2012	1.36MB	3.0.16.0  notwendig
FileZilla Client 3.5.3	FileZilla Project	04.05.2012	16.5MB	3.5.3  notwendig
Gemalto PKCS#11 For .NET Smart Cards V2+	Gemalto	05.05.2012	4.46MB	2.1.3.201  notwendig
Google Chrome	Google Inc.	05.05.2012		20.0.1132.57  notwendig
Gpg4win (2.1.1-34299-beta)	The Gpg4win Project	04.05.2012		2.1.1-34299-beta  notwendig
HI-TECH C51-lite V9.60PL0	HI-TECH Software	11.07.2012		9.60  unbekannt
HI-TECH PICC lite V9.60PL0	HI-TECH Software	11.07.2012		9.60  unbekannt
InfraRecorder	Christian Kindahl	06.06.2012  notwendig
inSSIDer	MetaGeek	15.07.2012	4.31MB	2.1.5  notwendig
Intel(R) Management Engine Components	Intel Corporation	03.05.2012		7.0.0.1144  notwendig
IrfanView (remove only)	Irfan Skiljan	24.07.2012	1.50MB	4.32  notwendig
IVI Shared Components 2.2.1	IVI Foundation	11.07.2012		2.21.49152  notwendig
Java(TM) 6 Update 32	Oracle	04.05.2012	95.7MB	6.0.320  notwendig
Launch Manager	Acer Inc.	03.05.2012		6.0.11  notwendig
LibreOffice 3.5	The Document Foundation	04.05.2012	368MB	3.5.3.2  notwendig
Logitech SetPoint 6.32	Logitech	04.05.2012	39.0MB	6.32.20  notwendig
Malwarebytes Anti-Malware Version 1.62.0.1300	Malwarebytes Corporation	24.07.2012	18.7MB	1.62.0.1300  notwendig
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	03.05.2012	38.8MB	4.0.30319  notwendig
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	03.05.2012	2.93MB	4.0.30319  notwendig
Microsoft .NET Framework 4 Extended	Microsoft Corporation	08.05.2012	51.9MB	4.0.30319  notwendig
Microsoft .NET Framework 4 Extended DEU Language Pack	Microsoft Corporation	08.05.2012	10.6MB	4.0.30319  notwendig
Microsoft Office Excel 2007	Microsoft Corporation	09.05.2012		12.0.6612.1000  notwendig
Microsoft Office Live Add-in 1.5	Microsoft Corporation	08.05.2012	508KB	2.0.4024.1  notwendig
Microsoft Office PowerPoint 2007	Microsoft Corporation	09.05.2012		12.0.6612.1000  notwendig
Microsoft Office Word 2007	Microsoft Corporation	09.05.2012		12.0.6612.1000  notwendig
Microsoft Project Professional 2010	Microsoft Corporation	04.05.2012		14.0.6029.1000  notwendig
Microsoft Silverlight	Microsoft Corporation	11.05.2012	50.6MB	5.1.10411.0  notwendig
Microsoft Visio Professional 2010	Microsoft Corporation	18.06.2012		14.0.6029.1000  notwendig
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	19.05.2012	2.38MB	8.0.59193  notwendig
Microsoft Visual C++ 2005 Redistributable (x64)	Microsoft Corporation	08.05.2012	620KB	8.0.61000  notwendig
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729	Microsoft Corporation	08.05.2012	242KB	9.0.30729  notwendig
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17	Microsoft Corporation	04.05.2012	788KB	9.0.30729  notwendig
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148	Microsoft Corporation	08.05.2012	232KB	9.0.30729.4148  notwendig
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161	Microsoft Corporation	08.05.2012	786KB	9.0.30729.6161  notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022	Microsoft Corporation	05.05.2012	1.25MB	9.0.21022  notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729	Microsoft Corporation	08.05.2012	238KB	9.0.30729  notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	08.05.2012	224KB	9.0.30729.4148  notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	08.05.2012	598KB	9.0.30729.6161  notwendig
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219	Microsoft Corporation	11.05.2012	1.22MB	10.0.40219  notwendig
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	08.05.2012	15.0MB	10.0.40219  notwendig
Microsoft WSE 3.0 Runtime	Microsoft Corp.	08.05.2012	942KB	3.0.5305.0  notwendig
Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme	Microsoft Corporation	08.05.2012	132KB	12.0.4518.1014  notwendig
MiKTeX 2.9	MiKTeX.org	19.07.2012		2.9  notwendig
MozBackup 1.5.1	Pavel Cvrcek	04.05.2012  notwendig
Mozilla Firefox 15.0 (x86 de)	Mozilla	20.07.2012	69.0MB	15.0  notwendig
Mozilla Maintenance Service	Mozilla	20.07.2012	327KB	15.0  notwendig
Mozilla Thunderbird 14.0 (x86 de)	Mozilla	17.07.2012	39.4MB	14.0  notwendig
National Instruments - Software	National Instruments	11.07.2012  notwendig
Notepad++		04.05.2012		6.1.2  notwendig
NVIDIA 3D Vision Treiber 268.83	NVIDIA Corporation	03.05.2012		268.83  notwendig
NVIDIA Grafiktreiber 268.83	NVIDIA Corporation	03.05.2012		268.83  notwendig
NVIDIA HD-Audiotreiber 1.2.22.1	NVIDIA Corporation	03.05.2012		1.2.22.1  notwendig
OpenVPN 2.2.2		04.05.2012		2.2.2  notwendig
Picasa 3	Google, Inc.	09.06.2012		3.8  notwendig
PL-2303 USB-to-Serial	Prolific Technology INC	09.07.2012		1.6.0  notwendig
Psi (remove only)		04.05.2012  notwendig
Realtek PCIE Card Reader	Realtek Semiconductor Corp.	03.05.2012		6.1.7600.69  notwendig
Renesas Electronics USB 3.0 Host Controller Driver	Renesas Electronics Corporation	03.05.2012	1.00MB	2.0.30.0  notwendig
Secure Download Manager	e-academy Inc.	26.05.2012	1.14MB	3.0.3  notwendig
SecureW2 EAP Suite 1.1.3 for Windows		11.05.2012  notwendig
Skype™ 5.10	Skype Technologies S.A.	20.07.2012	19.5MB	5.10.115  notwendig
StrokeIt		04.05.2012  notwendig
SumatraPDF	Krzysztof Kowalczyk	12.05.2012	8.19MB	2.1.1  notwendig
Synaptics Pointing Device Driver	Synaptics Incorporated	03.05.2012	46.4MB	15.2.14.0  notwendig
Tera Term 4.74		09.07.2012	9.20MB  notwendig
Texmaker		19.07.2012  notwendig
TightVNC	GlavSoft LLC.	26.05.2012	2.86MB	2.5.1.0  notwendig
TortoiseSVN 1.7.6.22632 (64 bit)	TortoiseSVN	05.05.2012	52.2MB	1.7.22632  notwendig
VI Package Manager	JKI	11.07.2012	68.3MB	2012.0.0 (build 1780)  notwendig
VISA Shared Components 64-Bit		11.07.2012  notwendig
VLC media player 2.0.1	VideoLAN	03.05.2012		2.0.1  notwendig
Windows 7 USB/DVD Download Tool	Microsoft Corporation	26.05.2012	2.71MB	1.0.30  notwendig
WinRAR 4.11 (64-Bit)	win.rar GmbH	11.05.2012		4.11.0  notwendig
WinSCP 4.3.7	Martin Prikryl	06.05.2012	8.76MB	4.3.7  notwendig
         

Antwort

Themen zu Bundespolizei - Trojaner 1.13 - Window 7
32 bit, 7-zip, akamai, autorun, avira, bho, compare, document, error, firefox, flash player, format, google, helper, install.exe, jdownloader, langs, launch, logfile, microsoft office word, mozilla, national, nvidia update, nvpciflt.sys, office 2007, photoshop, plug-in, pmmupdate.exe, port, realtek, registry, rundll, scan, searchscopes, security, server, software, svchost.exe, trojan.agent.ge, trojaner, tvnserver, udp, usb 3.0, win64, window 7, windows




Ähnliche Themen: Bundespolizei - Trojaner 1.13 - Window 7


  1. Window XP neu herunterladen
    Alles rund um Windows - 17.10.2014 (6)
  2. Window 7: spyhunter 4 entfernen
    Log-Analyse und Auswertung - 24.10.2013 (19)
  3. Window XP tastatur gesperrt durch GVU Trojaner
    Log-Analyse und Auswertung - 10.09.2013 (3)
  4. Trojaner Bundespolizei 2.07 (unter Window 7)
    Log-Analyse und Auswertung - 19.01.2013 (16)
  5. Bundespolizei - Ihr Computer wurde gesperrt - Window 7
    Log-Analyse und Auswertung - 08.08.2012 (13)
  6. Netsession Hidden Window
    Log-Analyse und Auswertung - 06.07.2012 (13)
  7. Trojaner | Window wird blockiert, aufgrund von inizierten Seiten....zahlen
    Log-Analyse und Auswertung - 25.04.2012 (5)
  8. Window blockiert, 50€ Trojaner
    Plagegeister aller Art und deren Bekämpfung - 28.03.2012 (13)
  9. Trojaner sbcvvhost_win86 blockiert komplett mein Window 7 Notebook
    Log-Analyse und Auswertung - 29.12.2011 (6)
  10. Window angehalten 50€ bezahlen!
    Log-Analyse und Auswertung - 16.12.2011 (10)
  11. window xp 64 bit version
    Alles rund um Windows - 01.07.2007 (4)
  12. Hide Window
    Alles rund um Windows - 21.01.2007 (11)
  13. Unkontrolliertes Window Scrolling
    Plagegeister aller Art und deren Bekämpfung - 21.12.2005 (1)
  14. Probleme mit Window und Laufwerk ?
    Alles rund um Windows - 25.05.2005 (1)
  15. pop up window blocked
    Plagegeister aller Art und deren Bekämpfung - 27.02.2005 (1)
  16. Pop-up window blocked
    Plagegeister aller Art und deren Bekämpfung - 24.02.2005 (6)
  17. Window-ERxplorer will in Internet
    Plagegeister aller Art und deren Bekämpfung - 22.02.2005 (3)

Zum Thema Bundespolizei - Trojaner 1.13 - Window 7 - Hi, ich habe seit heute auch den Trojaner, anscheinend Version 1.13. OS: Windows 7 64 Bit. Unten die Logs von Malwarebytes und OTL. Könnt ihr mir helfen? Malwarebytes: Code: Alles - Bundespolizei - Trojaner 1.13 - Window 7...
Archiv
Du betrachtest: Bundespolizei - Trojaner 1.13 - Window 7 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.