Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   System aus Sicherheisgründen gesperrt OTL Logfiles (https://www.trojaner-board.de/115107-system-sicherheisgruenden-gesperrt-otl-logfiles.html)

user_ 14.05.2012 10:42
System aus Sicherheisgründen gesperrt OTL Logfiles
 
Hallo,
jetzt hat es mich auch erwischt. Beim Surven auf einer (vermeindlich) seriösen Internetseite habe ich mir den Virus eingefangen, welcher meinen Benutzer sperrt und die o.g. Nachricht bei der Anmeldung ausgibt.:pfui:

Ich habe mich an bestehenden Anleitungen orientiert und im Abgesicherten Modus einen benutzerdefinierten Quick Scan mit OTL durchgeführt:
Dazu habe folgenden Text bei Benutzerdefinierten Scan eingetragen:


Code:
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
Hier die erstellte Antwort (OTL.txt):

Code:
OTL logfile created on: 5/14/2012 11:19:17 AM - Run 3
OTL by OldTimer - Version 3.2.43.0    Folder = E:\Tools\virenscanner
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7.94 Gb Total Physical Memory | 7.12 Gb Available Physical Memory | 89.69% Memory free
15.88 Gb Paging File | 15.10 Gb Available in Paging File | 95.06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 101.43 Gb Total Space | 5.41 Gb Free Space | 5.34% Space Free | Partition Type: NTFS
Drive E: | 931.51 Gb Total Space | 520.86 Gb Free Space | 55.92% Space Free | Partition Type: NTFS
Drive F: | 237.64 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive K: | 930.91 Gb Total Space | 430.87 Gb Free Space | 46.29% Space Free | Partition Type: NTFS
 
Computer Name: ENG_11 | User Name: THG | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/05/14 10:43:56 | 000,595,456 | ---- | M] (OldTimer Tools) -- E:\Tools\virenscanner\OTL.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2012/03/12 17:18:04 | 000,204,792 | ---- | M] (Nitro PDF Software) [Auto | Stopped] -- C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe -- (NitroReaderDriverReadSpool2)
SRV:64bit: - [2011/09/09 10:46:10 | 001,315,592 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2010/11/08 13:38:40 | 000,063,648 | ---- | M] (National Instruments Corporation) [Disabled | Stopped] -- C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe -- (NIApplicationWebServer64) NI Application Web Server (64-bit)
SRV:64bit: - [2010/01/20 00:59:12 | 000,087,336 | ---- | M] (Dassault Systèmes SolidWorks Corp.) [On_Demand | Stopped] -- C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe -- (CoordinatorServiceHost)
SRV:64bit: - [2009/11/23 20:31:22 | 000,093,992 | ---- | M] (Mentor Graphics Corporation) [On_Demand | Stopped] -- C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe -- (Remote Solver for Flow Simulation 2010)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/04/21 12:59:08 | 002,869,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Auto | Stopped] -- C:\Windows\SysNative\hasplms.exe -- (hasplms)
SRV - [2012/05/09 18:11:39 | 000,232,472 | ---- | M] (Sophos Plc) [Auto | Stopped] -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service)
SRV - [2012/05/07 09:19:05 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/03/16 10:30:08 | 001,543,704 | ---- | M] (Sophos Plc) [Auto | Stopped] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe -- (swi_service)
SRV - [2011/09/09 10:48:21 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/09/09 10:46:10 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2011/09/09 09:22:20 | 000,097,520 | ---- | M] (Sophos Plc) [Auto | Stopped] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService)
SRV - [2011/09/09 09:22:15 | 000,163,056 | ---- | M] (Sophos Plc) [Auto | Stopped] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService)
SRV - [2011/09/09 09:22:11 | 000,806,912 | ---- | M] (Sophos Plc) [Auto | Stopped] -- C:\Program Files (x86)\Sophos\Remote Management System\RouterNT.exe -- (Sophos Message Router)
SRV - [2011/09/09 09:22:10 | 000,282,624 | ---- | M] (Sophos Plc) [Auto | Stopped] -- C:\Program Files (x86)\Sophos\Remote Management System\ManagementAgentNT.exe -- (Sophos Agent)
SRV - [2011/07/07 19:43:20 | 000,018,584 | ---- | M] (National Instruments Corporation) [Auto | Stopped] -- C:\Windows\SysWOW64\nipxism.exe -- (nipxirmu)
SRV - [2011/06/14 17:57:10 | 000,012,696 | ---- | M] (National Instruments Corporation) [Auto | Stopped] -- C:\Program Files (x86)\National Instruments\MAX\nimxs.exe -- (mxssvr)
SRV - [2011/06/10 14:11:20 | 000,121,032 | ---- | M] (National Instruments Corporation) [Auto | Stopped] -- C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe -- (NINetworkDiscovery)
SRV - [2011/06/01 16:32:14 | 000,194,224 | ---- | M] (National Instruments Corporation) [Auto | Stopped] -- C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe -- (nimDNSResponder)
SRV - [2011/05/27 13:44:20 | 000,050,328 | ---- | M] (National Instruments Corporation) [Auto | Stopped] -- C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe -- (niSvcLoc)
SRV - [2011/04/28 19:58:20 | 001,423,264 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\MPI-RT\4.0.2.005\em64t\bin\smpd.exe -- (impi_smpd) Intel(R)
SRV - [2011/03/25 23:26:46 | 000,334,448 | ---- | M] (VMware, Inc.) [Auto | Stopped] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2011/03/25 23:26:28 | 000,404,080 | ---- | M] (VMware, Inc.) [Auto | Stopped] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2011/03/25 23:26:16 | 000,113,264 | ---- | M] (VMware, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2011/03/25 22:27:40 | 000,539,248 | ---- | M] (VMware, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2010/11/18 14:52:30 | 000,439,808 | ---- | M] (Conexant Systems, Inc.) [Auto | Stopped] -- C:\Windows\SysWOW64\SASrv.exe -- (SAService)
SRV - [2010/11/17 14:26:10 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010/11/17 14:26:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010/11/16 11:06:24 | 000,361,080 | ---- | M] (National Instruments Corporation) [Auto | Stopped] -- C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe -- (NIDomainService)
SRV - [2010/11/16 11:02:42 | 000,055,928 | ---- | M] (National Instruments Corporation) [Auto | Stopped] -- C:\Windows\SysWOW64\lktsrv.exe -- (lkTimeSync)
SRV - [2010/11/16 10:48:32 | 000,045,168 | ---- | M] (National Instruments Corporation) [Auto | Stopped] -- C:\Windows\SysWOW64\lkads.exe -- (lkClassAds)
SRV - [2010/11/08 13:38:18 | 000,047,776 | ---- | M] (National Instruments Corporation) [Auto | Stopped] -- C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe -- (NIApplicationWebServer)
SRV - [2010/10/20 13:59:28 | 000,752,304 | ---- | M] (National Instruments Corporation) [Auto | Stopped] -- C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe -- (NITaggerService)
SRV - [2010/09/30 10:22:54 | 000,695,136 | ---- | M] (National Instruments, Inc.) [Auto | Stopped] -- C:\Windows\SysWOW64\lkcitdl.exe -- (LkCitadelServer)
SRV - [2010/08/19 13:57:14 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe -- (ufad-ws60)
SRV - [2010/08/02 10:00:00 | 001,427,688 | ---- | M] (Macrovision Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe -- (NILM License Manager)
SRV - [2010/06/23 13:14:54 | 000,131,776 | ---- | M] (National Instruments Corporation) [Auto | Stopped] -- C:\Program Files (x86)\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe -- (niLXIDiscovery)
SRV - [2010/03/24 15:23:06 | 000,012,696 | ---- | M] (National Instruments Corporation) [Auto | Stopped] -- C:\Windows\SysWOW64\nipalsm.exe -- (nidevldu)
SRV - [2010/03/18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/03 10:26:34 | 000,098,304 | ---- | M] (OPC Foundation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Opcenum.exe -- (OpcEnum)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/09/09 09:22:30 | 000,025,592 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdcfilter.sys -- (sdcfilter)
DRV:64bit: - [2011/09/09 09:22:25 | 000,142,328 | ---- | M] (Sophos Plc) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\savonaccess.sys -- (SAVOnAccess)
DRV:64bit: - [2011/09/09 09:22:14 | 000,025,608 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\SophosBootDriver.sys -- (SophosBootDriver)
DRV:64bit: - [2011/08/22 23:19:22 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/08/22 23:19:22 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/07/21 17:50:46 | 000,011,384 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb6xxxkw.sys -- (usb6xxxkw)
DRV:64bit: - [2011/07/20 11:21:08 | 000,012,936 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\niswdkl.sys -- (niswdk)
DRV:64bit: - [2011/07/19 18:13:24 | 000,012,968 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\niufurkl.sys -- (niufurk)
DRV:64bit: - [2011/07/19 17:16:32 | 000,012,944 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nixsrkl.sys -- (nixsrk)
DRV:64bit: - [2011/07/19 16:45:04 | 000,012,944 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\niemrkl.sys -- (niemrk)
DRV:64bit: - [2011/07/19 16:45:02 | 000,012,432 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\niemrkw.sys -- (niemrkw)
DRV:64bit: - [2011/07/19 02:36:48 | 000,012,952 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nidsarkl.sys -- (nidsark)
DRV:64bit: - [2011/07/19 02:13:04 | 000,012,944 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nicsrkl.sys -- (nicsrk)
DRV:64bit: - [2011/07/19 01:36:46 | 000,012,936 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\niraptrkl.sys -- (niraptrk)
DRV:64bit: - [2011/07/19 01:21:24 | 000,012,936 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nicondrkl.sys -- (nicondrk)
DRV:64bit: - [2011/07/19 01:05:22 | 000,012,976 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nicmrkl.sys -- (nicmrk)
DRV:64bit: - [2011/07/18 22:22:18 | 000,012,944 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\niwfrkl.sys -- (niwfrk)
DRV:64bit: - [2011/07/18 22:07:10 | 000,012,944 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nissrkl.sys -- (nissrk)
DRV:64bit: - [2011/07/18 21:44:42 | 000,012,944 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\niesrkl.sys -- (niesrk)
DRV:64bit: - [2011/07/18 21:22:34 | 000,012,936 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nistc3rkl.sys -- (nistc3rk)
DRV:64bit: - [2011/07/18 21:01:56 | 000,012,960 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nisdigkl.sys -- (nisdigk)
DRV:64bit: - [2011/07/18 20:46:56 | 000,012,968 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nitiorkl.sys -- (nitiork)
DRV:64bit: - [2011/07/18 20:33:10 | 000,012,968 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nistcrkl.sys -- (nistcrk)
DRV:64bit: - [2011/07/18 20:15:36 | 000,012,952 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nicdcckl.sys -- (nicdcck)
DRV:64bit: - [2011/07/12 17:28:56 | 000,012,960 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nifslkl.sys -- (nifslk)
DRV:64bit: - [2011/07/12 17:09:12 | 000,013,000 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nimsdrkl.sys -- (nimsdrk)
DRV:64bit: - [2011/07/12 16:11:34 | 000,012,944 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nidmxfkl.sys -- (nidmxfk)
DRV:64bit: - [2011/07/12 15:39:40 | 000,012,976 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nimxpkl.sys -- (nimxpk)
DRV:64bit: - [2011/07/12 15:37:02 | 000,012,968 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nimstskl.sys -- (nimstsk)
DRV:64bit: - [2011/07/08 06:05:06 | 000,012,952 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nisftkl.sys -- (nisftk)
DRV:64bit: - [2011/07/07 20:03:46 | 000,022,680 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nipxigpk.sys -- (nipxigpk)
DRV:64bit: - [2011/07/07 19:49:54 | 000,012,952 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\nipxirmkl.sys -- (nipxirmk)
DRV:64bit: - [2011/07/01 15:50:34 | 000,012,968 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nimru2kl.sys -- (nimru2k)
DRV:64bit: - [2011/07/01 15:29:02 | 000,012,952 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nimxdfkl.sys -- (nimxdfk)
DRV:64bit: - [2011/07/01 14:54:40 | 000,012,968 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nidimkl.sys -- (nidimk)
DRV:64bit: - [2011/07/01 14:40:12 | 000,012,960 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nimdbgkl.sys -- (nimdbgk)
DRV:64bit: - [2011/07/01 14:21:04 | 000,012,952 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\niorbkl.sys -- (niorbk)
DRV:64bit: - [2011/06/29 13:50:00 | 000,012,992 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nipalfwedl.sys -- (nipalfwedl)
DRV:64bit: - [2011/06/29 13:48:26 | 000,012,992 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nipalusbedl.sys -- (nipalusbedl)
DRV:64bit: - [2011/06/29 13:39:18 | 000,914,072 | ---- | M] (National Instruments Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\nipalk.sys -- (NIPALK)
DRV:64bit: - [2011/06/23 10:39:52 | 000,341,680 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) Intel(R)
DRV:64bit: - [2011/05/17 06:04:26 | 000,012,968 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ninshsdkl.sys -- (ninshsdk)
DRV:64bit: - [2011/05/11 14:43:46 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/04/13 09:53:42 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2011/04/08 18:21:10 | 000,026,704 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ni1065k.sys -- (ni1065k)
DRV:64bit: - [2011/04/08 18:21:08 | 000,011,856 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ni1045kl.sys -- (ni1045k)
DRV:64bit: - [2011/04/08 18:21:06 | 000,054,424 | ---- | M] (National Instruments Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\nipxibrc.sys -- (nipxibrc)
DRV:64bit: - [2011/04/08 18:21:06 | 000,030,800 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ni1006k.sys -- (ni1006k)
DRV:64bit: - [2011/04/08 18:21:04 | 000,082,568 | ---- | M] (National Instruments Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\nipxibaf.sys -- (nipxibaf)
DRV:64bit: - [2011/03/25 23:27:36 | 000,068,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2011/03/25 23:27:34 | 000,081,008 | ---- | M] (VMware, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2011/03/25 23:27:28 | 000,030,832 | ---- | M] (VMware, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\VMparport.sys -- (VMparport)
DRV:64bit: - [2011/03/25 23:25:46 | 000,031,856 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2011/03/25 23:25:34 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2011/03/25 22:27:36 | 000,038,512 | ---- | M] (VMware, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2011/03/25 20:05:00 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb)
DRV:64bit: - [2011/03/25 20:04:58 | 000,045,104 | ---- | M] (VMware, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2011/03/25 20:04:58 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2011/03/10 13:15:04 | 001,576,576 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011/01/15 18:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010/12/17 00:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/11/21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/27 08:57:46 | 000,131,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010/10/19 17:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010/08/12 21:36:20 | 000,011,864 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nicdrkl.sys -- (nicdrk)
DRV:64bit: - [2010/07/12 21:54:06 | 000,012,984 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nispdkl.sys -- (nispdk)
DRV:64bit: - [2010/07/12 21:42:36 | 000,012,984 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\niscdkl.sys -- (niscdk)
DRV:64bit: - [2010/06/23 10:05:30 | 000,011,944 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\NiViPxiKl.sys -- (NiViPxiK)
DRV:64bit: - [2010/06/23 10:04:04 | 000,011,944 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NiViPciKl.sys -- (NiViPciK)
DRV:64bit: - [2010/06/15 17:15:46 | 000,038,064 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\niede.sys -- (NIEthernetDeviceEnumerator)
DRV:64bit: - [2010/03/24 12:27:44 | 000,016,984 | ---- | M] (National Instruments Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\nipbcfk.sys -- (nipbcfk)
DRV:64bit: - [2010/02/24 11:10:18 | 000,181,248 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/02/24 11:10:16 | 000,078,336 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/07/14 01:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/13 11:55:38 | 000,318,464 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\hardlock.sys -- (hardlock)
DRV:64bit: - [2009/01/08 11:55:04 | 000,129,280 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\aksfridge.sys -- (aksfridge)
DRV:64bit: - [2009/01/05 10:19:30 | 000,011,824 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nistc2kl.sys -- (nistc2k)
DRV:64bit: - [2008/12/18 09:13:26 | 000,032,336 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\eusk2par-amd64.sys -- (eusk2par)
DRV:64bit: - [2008/12/05 16:21:30 | 000,025,224 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvalarmk.sys -- (lvalarmk)
DRV:64bit: - [2008/02/11 16:57:10 | 000,070,272 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\aksdf.sys -- (aksdf)
DRV - [2010/08/19 13:56:38 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Stopped] -- C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {180183D3-9E6F-4825-B380-643775B96230}
IE:64bit: - HKLM\..\SearchScopes\{180183D3-9E6F-4825-B380-643775B96230}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSG
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {180183D3-9E6F-4825-B380-643775B96230}
IE - HKLM\..\SearchScopes\{180183D3-9E6F-4825-B380-643775B96230}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSG
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-478302627-315377797-3688634032-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ts.fujitsu.com
IE - HKU\S-1-5-21-478302627-315377797-3688634032-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-478302627-315377797-3688634032-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-478302627-315377797-3688634032-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ts.fujitsu.com
IE - HKU\S-1-5-21-478302627-315377797-3688634032-1000\..\SearchScopes,DefaultScope = {180183D3-9E6F-4825-B380-643775B96230}
IE - HKU\S-1-5-21-478302627-315377797-3688634032-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-478302627-315377797-3688634032-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ts.fujitsu.com
IE - HKU\S-1-5-21-478302627-315377797-3688634032-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-478302627-315377797-3688634032-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-478302627-315377797-3688634032-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ts.fujitsu.com/
IE - HKU\S-1-5-21-478302627-315377797-3688634032-1001\..\SearchScopes,DefaultScope = {180183D3-9E6F-4825-B380-643775B96230}
IE - HKU\S-1-5-21-478302627-315377797-3688634032-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-478302627-315377797-3688634032-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@autodesk.com/DWF: C:\Program Files (x86)\Autodesk\Autodesk Design Review Browser Add-on v1.2\npADRdwf.dll (Autodesk)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/21 17:21:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/11 15:18:58 | 000,000,000 | ---D | M]
 
[2011/09/09 08:15:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\THG\AppData\Roaming\mozilla\Extensions
[2012/03/21 17:21:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012/03/21 17:21:46 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/06/09 18:05:10 | 000,025,088 | ---- | M] (National Instruments) -- C:\Program Files (x86)\mozilla firefox\plugins\nplv2010win32.dll
[2009/10/22 09:28:40 | 000,028,448 | ---- | M] (National Instruments) -- C:\Program Files (x86)\mozilla firefox\plugins\NPLV82Win32.dll
[2007/07/24 19:03:42 | 000,023,040 | ---- | M] (National Instruments) -- C:\Program Files (x86)\mozilla firefox\plugins\nplv85win32.dll
[2008/12/10 14:49:34 | 000,023,040 | ---- | M] (National Instruments) -- C:\Program Files (x86)\mozilla firefox\plugins\nplv86win32.dll
[2010/10/19 18:15:20 | 000,025,088 | ---- | M] (National Instruments) -- C:\Program Files (x86)\mozilla firefox\plugins\nplv90win32.dll
[2011/07/11 23:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012/03/21 17:21:45 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/03/21 17:21:45 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/03/21 17:21:45 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/03/21 17:21:45 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/03/21 17:21:45 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/03/21 17:21:45 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SophosBHOX64.dll (Sophos Plc)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Plc)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe (Sophos Plc)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-478302627-315377797-3688634032-1000..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler File not found
O4 - HKU\S-1-5-21-478302627-315377797-3688634032-1001..\Run: [Akamai NetSession Interface] "C:\Users\user\AppData\Local\Akamai\netsession_win.exe" File not found
O4 - HKU\S-1-5-21-478302627-315377797-3688634032-1001..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler File not found
O4 - HKU\S-1-5-21-478302627-315377797-3688634032-1001..\Run: [SkypePM] C:\Users\user\AppData\Local\Skype\SkypePM.exe (ESET)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk =  File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-478302627-315377797-3688634032-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-478302627-315377797-3688634032-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll (National Instruments Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000021 - C:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll (VMware, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll (National Instruments Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D1D1ABD8-FB7E-4FEE-800E-68D1A352F267}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DCAC7F1B-F2D0-4099-90AD-27966232CA8B}: NameServer = 10.25.1.64,10.94.36.170,10.100.1.64
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL) - C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL (Sophos Plc)
O20 - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Plc)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/01/08 11:21:56 | 000,000,091 | R--- | M] () - F:\Autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: BCSSync - hkey= - key= - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: cAudioFilterAgent - hkey= - key= - C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
MsConfig:64bit - StartUpReg: DataFinder - hkey= - key= - C:\Program Files (x86)\National Instruments\Shared\DataFinderDesktop\bin\DataFinder.exe (National Instruments Corporation)
MsConfig:64bit - StartUpReg: DeskUpdateNotifier - hkey= - key= - c:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe (Fujitsu Technology Solutions)
MsConfig:64bit - StartUpReg: IndexSearch - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: NI Update Service - hkey= - key= - C:\Program Files (x86)\National Instruments\Shared\Update Service\NIUpdateService.exe (National Instruments)
MsConfig:64bit - StartUpReg: niDevMon - hkey= - key= - C:\Program Files (x86)\National Instruments\NI-DAQ\HWConfig\nidevmon.exe (National Instruments Corporation)
MsConfig:64bit - StartUpReg: NIRegistrationWizard - hkey= - key= - C:\Program Files (x86)\National Instruments\Shared\RegistrationWizard\Bin\RegistrationWizard.exe ()
MsConfig:64bit - StartUpReg: PaperPort PTD - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: PDF5 Registry Controller - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: PDFHook - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: PPort12reminder - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: SmartAudio - hkey= - key= - C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant Systems, Inc.)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - StartUpReg: VirtualCloneDrive - hkey= - key= - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
MsConfig:64bit - StartUpReg: VMware hqtray - hkey= - key= - C:\Program Files (x86)\VMware\VMware Player\hqtray.exe (VMware, Inc.)
MsConfig:64bit - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1084
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/05/14 10:39:30 | 000,000,000 | ---D | C] -- C:\Users\THG\AppData\Local\Sophos
[2012/05/11 03:01:47 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/05/10 14:02:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraVNC
[2012/05/10 14:02:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UltraVNC
[2012/05/07 14:50:35 | 000,000,000 | ---D | C] -- C:\Users\THG\AppData\Roaming\IPU
[2012/05/07 14:50:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CoolPack
[2012/05/07 14:47:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CoolPack
 
========== Files - Modified Within 30 Days ==========
 
[2012/05/14 11:15:15 | 001,621,618 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/05/14 11:15:15 | 000,699,554 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012/05/14 11:15:15 | 000,654,872 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/05/14 11:15:15 | 000,149,376 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012/05/14 11:15:15 | 000,122,330 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/14 11:00:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/14 11:00:36 | 2101,284,863 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/14 11:00:02 | 000,016,768 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/14 11:00:02 | 000,016,768 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/14 10:39:14 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/14 10:20:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/14 10:19:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/11 03:22:28 | 000,363,368 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/05/10 14:02:41 | 000,000,974 | ---- | M] () -- C:\Users\THG\Desktop\UltraVNC Viewer Directx.lnk
[2012/05/10 14:02:41 | 000,000,954 | ---- | M] () -- C:\Users\THG\Desktop\UltraVNC Viewer.lnk
[2012/05/10 14:02:41 | 000,000,937 | ---- | M] () -- C:\Users\THG\Desktop\UltraVNC Server.lnk
 
========== Files Created - No Company Name ==========
 
[2012/05/10 14:02:41 | 000,000,974 | ---- | C] () -- C:\Users\THG\Desktop\UltraVNC Viewer Directx.lnk
[2012/05/10 14:02:41 | 000,000,954 | ---- | C] () -- C:\Users\THG\Desktop\UltraVNC Viewer.lnk
[2012/05/10 14:02:41 | 000,000,937 | ---- | C] () -- C:\Users\THG\Desktop\UltraVNC Server.lnk
[2012/05/07 14:38:10 | 039,685,325 | ---- | C] () -- \Opel Astra H Service And Repair Manual.pdf
[2012/05/07 13:40:55 | 037,606,996 | ---- | C] () -- \Op.As.H.Se._Re.Man.rar
[2012/05/07 11:32:48 | 000,000,081 | ---- | C] () -- \CTX.DAT
[2012/04/02 16:48:05 | 002,009,049 | ---- | C] () -- \Stadtwerke2.JPG
[2011/10/13 10:00:07 | 001,715,510 | ---- | C] () -- \P1120503.JPG
[2011/10/13 10:00:07 | 000,254,816 | ---- | C] () -- \P1120501.JPG
[2011/09/12 11:29:52 | 000,000,245 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2011/09/12 11:29:52 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2011/09/12 11:28:29 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2011/09/12 11:28:29 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2011/09/12 11:28:18 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2011/09/12 11:28:15 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2011/09/12 07:53:55 | 000,015,840 | ---- | C] () -- C:\Windows\SysWow64\Machnm1.exe
[2011/09/12 07:53:55 | 000,010,760 | ---- | C] () -- C:\Windows\SysWow64\Machnm64.sys
[2011/09/12 07:53:55 | 000,007,432 | ---- | C] () -- C:\Windows\SysWow64\Machnm32.sys
[2011/09/09 10:47:54 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2011/08/02 08:51:32 | 000,040,448 | ---- | C] () -- C:\Windows\REGOBJ.DLL
[2011/07/18 22:30:08 | 000,050,272 | ---- | C] () -- C:\Windows\SysWow64\nispdu.dll
[2011/06/10 13:52:52 | 000,000,244 | ---- | C] () -- C:\Windows\SysWow64\nirpc.ini
[2011/04/15 07:37:26 | 001,598,576 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/07/12 21:44:02 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\niscdrau.dll
 
========== LOP Check ==========
 
[2011/12/22 09:28:29 | 000,000,000 | ---D | M] -- C:\Users\THG\AppData\Roaming\Ansys
[2011/09/12 11:43:31 | 000,000,000 | ---D | M] -- C:\Users\THG\AppData\Roaming\ControlCenter4
[2011/09/13 16:03:06 | 000,000,000 | ---D | M] -- C:\Users\THG\AppData\Roaming\FreePDF
[2011/09/08 16:29:54 | 000,000,000 | ---D | M] -- C:\Users\THG\AppData\Roaming\Fujitsu Launch Center
[2012/05/07 14:50:35 | 000,000,000 | ---D | M] -- C:\Users\THG\AppData\Roaming\IPU
[2011/09/09 08:14:53 | 000,000,000 | ---D | M] -- C:\Users\THG\AppData\Roaming\JabRef 2.7
[2011/09/12 11:22:46 | 000,000,000 | ---D | M] -- C:\Users\THG\AppData\Roaming\Nuance
[2011/12/22 09:56:34 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Ansys
[2011/09/13 11:03:07 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ControlCenter4
[2012/03/20 11:47:09 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DassaultSystemes
[2012/03/22 11:21:35 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Downloaded Installations
[2012/03/20 11:47:34 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\EDrawings
[2012/02/10 11:26:37 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\EndNote
[2011/12/02 09:38:28 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Foxit Software
[2011/09/09 11:30:03 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Fujitsu Launch Center
[2011/11/14 18:08:45 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\InfraRecorder
[2012/05/07 14:47:14 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\IPU
[2012/02/10 14:42:42 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\JabRef 2.7
[2012/04/10 08:34:47 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Nitro PDF
[2011/09/13 15:04:50 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Nuance
[2012/01/25 13:21:52 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\SumatraPDF
[2012/02/07 08:49:49 | 000,032,624 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2011/09/09 11:29:39 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2011/02/11 16:33:09 | 000,000,000 | -HSD | M] -- C:\Boot
[2011/09/12 11:28:34 | 000,000,000 | ---D | M] -- C:\Brother
[2012/05/11 03:22:18 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2009/07/14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011/09/08 16:29:54 | 000,000,000 | ---D | M] -- C:\Fujitsu
[2011/09/08 16:25:18 | 000,000,000 | ---D | M] -- C:\Intel
[2011/09/09 10:12:40 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2011/09/27 07:45:08 | 000,000,000 | ---D | M] -- C:\National Instruments Downloads
[2012/01/31 16:06:35 | 000,000,000 | R--D | M] -- C:\Program Files
[2012/05/10 14:02:33 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012/03/22 11:22:09 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011/02/11 16:39:58 | 000,000,000 | -HSD | M] -- C:\Recovery
[2011/09/09 10:47:17 | 000,000,000 | ---D | M] -- C:\SolidWorks Data
[2012/05/14 07:52:01 | 000,000,000 | ---D | M] -- C:\System Volume Information
[2011/09/09 11:29:37 | 000,000,000 | R--D | M] -- C:\Users
[2012/03/30 08:48:06 | 000,000,000 | ---D | M] -- C:\Windows
[2011/12/06 11:35:27 | 000,000,000 | ---D | M] -- C:\_swagelok_downloads
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< MD5 for: AGP440.SYS  >
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2011/01/27 17:00:23 | 000,030,720 | ---- | M] () MD5=4A69F826D1B20B748DC9B40BCBD46A72 -- C:\Program Files\ANSYS Inc\v140\CFD-Post\tools\perl-5.9.5-vs2k8\site\lib\MSWin32-x86-perlio\auto\Win32\EventLog\EventLog.dll
[2011/01/27 17:00:23 | 000,030,720 | ---- | M] () MD5=4A69F826D1B20B748DC9B40BCBD46A72 -- C:\Program Files\ANSYS Inc\v140\CFX\tools\perl-5.9.5-vs2k8\site\lib\MSWin32-x86-perlio\auto\Win32\EventLog\EventLog.dll
[2011/01/27 17:00:23 | 000,030,720 | ---- | M] () MD5=4A69F826D1B20B748DC9B40BCBD46A72 -- C:\Program Files\ANSYS Inc\v140\TurboGrid\tools\perl-5.9.5-vs2k8\site\lib\MSWin32-x86-perlio\auto\Win32\EventLog\EventLog.dll
[2011/01/27 17:32:58 | 000,022,016 | ---- | M] () MD5=BE362A737DDA240462B4F0AD09F984C4 -- C:\Program Files\ANSYS Inc\v140\CFD-Post\tools\perl-5.9.5-vs2k8\site\lib\MSWin32-x64-perlio\auto\Win32\EventLog\EventLog.dll
[2011/01/27 17:32:58 | 000,022,016 | ---- | M] () MD5=BE362A737DDA240462B4F0AD09F984C4 -- C:\Program Files\ANSYS Inc\v140\CFX\tools\perl-5.9.5-vs2k8\site\lib\MSWin32-x64-perlio\auto\Win32\EventLog\EventLog.dll
[2011/01/27 17:32:58 | 000,022,016 | ---- | M] () MD5=BE362A737DDA240462B4F0AD09F984C4 -- C:\Program Files\ANSYS Inc\v140\TurboGrid\tools\perl-5.9.5-vs2k8\site\lib\MSWin32-x64-perlio\auto\Win32\EventLog\EventLog.dll
 
< MD5 for: EXPLORER.EXE  >
[2011/08/22 23:18:51 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/08/22 23:18:51 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/08/22 23:18:51 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/08/22 23:18:51 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/21 05:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/08/22 23:18:51 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/08/22 23:18:51 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/21 05:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2011/05/11 14:43:46 | 000,557,848 | ---- | M] (Intel Corporation) MD5=26CF4275034214ECEDD8EC17B0A18A99 -- C:\Fujitsu\Driver Pool\AtOnce\009\iaStor.sys
[2011/05/11 14:43:46 | 000,557,848 | ---- | M] (Intel Corporation) MD5=26CF4275034214ECEDD8EC17B0A18A99 -- C:\Windows\SysNative\drivers\iaStor.sys
[2011/05/11 14:43:46 | 000,557,848 | ---- | M] (Intel Corporation) MD5=26CF4275034214ECEDD8EC17B0A18A99 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_16d1c1de1eca8452\iaStor.sys
[2011/05/11 14:43:46 | 000,557,848 | ---- | M] (Intel Corporation) MD5=26CF4275034214ECEDD8EC17B0A18A99 -- C:\Windows\SysNative\DriverStore\FileRepository\iastor.inf_amd64_neutral_08d71942172d4761\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010/11/21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010/11/21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011/08/22 23:19:22 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/08/22 23:19:22 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011/08/22 23:19:22 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011/08/22 23:19:22 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010/11/21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010/11/21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010/11/21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011/08/22 23:19:22 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/08/22 23:19:22 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011/08/22 23:19:22 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/08/22 23:19:22 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010/11/21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010/11/21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010/11/21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010/11/21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010/11/21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010/11/21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010/11/21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010/11/21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009/07/14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2012/01/31 16:06:37 | 000,000,043 | ---- | M] () -- C:\Users\THG\gsview64.ini
[2012/05/14 11:12:18 | 001,310,720 | -HS- | M] () -- C:\Users\THG\NTUSER.DAT
[2012/05/14 11:12:18 | 000,262,144 | -HS- | M] () -- C:\Users\THG\ntuser.dat.LOG1
[2011/09/08 16:28:12 | 000,000,000 | -HS- | M] () -- C:\Users\THG\ntuser.dat.LOG2
[2011/09/08 16:31:56 | 000,065,536 | -HS- | M] () -- C:\Users\THG\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2011/09/08 16:31:56 | 000,524,288 | -HS- | M] () -- C:\Users\THG\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2011/09/08 16:31:56 | 000,524,288 | -HS- | M] () -- C:\Users\THG\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2011/09/12 13:00:00 | 000,065,536 | -HS- | M] () -- C:\Users\THG\NTUSER.DAT{19f28687-dd24-11e0-a13a-001999acf19b}.TM.blf
[2011/09/12 13:00:00 | 000,524,288 | -HS- | M] () -- C:\Users\THG\NTUSER.DAT{19f28687-dd24-11e0-a13a-001999acf19b}.TMContainer00000000000000000001.regtrans-ms
[2011/09/12 13:00:00 | 000,524,288 | -HS- | M] () -- C:\Users\THG\NTUSER.DAT{19f28687-dd24-11e0-a13a-001999acf19b}.TMContainer00000000000000000002.regtrans-ms
[2011/11/24 11:36:55 | 000,065,536 | -HS- | M] () -- C:\Users\THG\NTUSER.DAT{320d4b35-1667-11e1-bebe-005056c00008}.TM.blf
[2011/11/24 11:36:55 | 000,524,288 | -HS- | M] () -- C:\Users\THG\NTUSER.DAT{320d4b35-1667-11e1-bebe-005056c00008}.TMContainer00000000000000000001.regtrans-ms
[2011/11/24 11:36:55 | 000,524,288 | -HS- | M] () -- C:\Users\THG\NTUSER.DAT{320d4b35-1667-11e1-bebe-005056c00008}.TMContainer00000000000000000002.regtrans-ms
[2012/05/14 10:51:17 | 000,065,536 | -HS- | M] () -- C:\Users\THG\NTUSER.DAT{66e19bb7-9d88-11e1-9251-005056c00008}.TM.blf
[2012/05/14 10:51:17 | 000,524,288 | -HS- | M] () -- C:\Users\THG\NTUSER.DAT{66e19bb7-9d88-11e1-9251-005056c00008}.TMContainer00000000000000000001.regtrans-ms
[2012/05/14 10:51:17 | 000,524,288 | -HS- | M] () -- C:\Users\THG\NTUSER.DAT{66e19bb7-9d88-11e1-9251-005056c00008}.TMContainer00000000000000000002.regtrans-ms
[2012/04/02 07:48:56 | 000,065,536 | -HS- | M] () -- C:\Users\THG\NTUSER.DAT{6c2ad112-7c87-11e1-bf34-005056c00008}.TM.blf
[2012/04/02 07:48:56 | 000,524,288 | -HS- | M] () -- C:\Users\THG\NTUSER.DAT{6c2ad112-7c87-11e1-bf34-005056c00008}.TMContainer00000000000000000001.regtrans-ms
[2012/04/02 07:48:56 | 000,524,288 | -HS- | M] () -- C:\Users\THG\NTUSER.DAT{6c2ad112-7c87-11e1-bf34-005056c00008}.TMContainer00000000000000000002.regtrans-ms
[2011/12/02 08:29:31 | 000,065,536 | -HS- | M] () -- C:\Users\THG\NTUSER.DAT{d407e591-1cae-11e1-90ac-005056c00008}.TM.blf
[2011/12/02 08:29:31 | 000,524,288 | -HS- | M] () -- C:\Users\THG\NTUSER.DAT{d407e591-1cae-11e1-90ac-005056c00008}.TMContainer00000000000000000001.regtrans-ms
[2011/12/02 08:29:31 | 000,524,288 | -HS- | M] () -- C:\Users\THG\NTUSER.DAT{d407e591-1cae-11e1-90ac-005056c00008}.TMContainer00000000000000000002.regtrans-ms
[2011/09/28 17:07:07 | 000,065,536 | -HS- | M] () -- C:\Users\THG\NTUSER.DAT{e2284602-e98f-11e0-bf28-001999acf19b}.TM.blf
[2011/09/28 17:07:07 | 000,524,288 | -HS- | M] () -- C:\Users\THG\NTUSER.DAT{e2284602-e98f-11e0-bf28-001999acf19b}.TMContainer00000000000000000001.regtrans-ms
[2011/09/28 17:07:07 | 000,524,288 | -HS- | M] () -- C:\Users\THG\NTUSER.DAT{e2284602-e98f-11e0-bf28-001999acf19b}.TMContainer00000000000000000002.regtrans-ms
[2011/09/08 16:28:12 | 000,000,020 | -HS- | M] () -- C:\Users\THG\ntuser.ini
[2011/09/23 08:04:22 | 000,000,484 | RHS- | M] () -- C:\Users\THG\ntuser.pol
[2011/09/13 12:48:48 | 000,000,000 | ---- | M] () -- C:\Users\THG\Sti_Trace.log
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 312 bytes -> C:\Windows\Temp\ftsmount\mount\0:$WIMMOUNTDATA

< End of report >

Ich hoffe Ihr könnt mir weiter helfen.

Danke...

kira 14.05.2012 11:34
Hallo und Herzlich Willkommen! :)

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:
Zitat:
  • "Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
    - da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
    - also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
  • Charakteristische Merkmale/Profilinformationen:
    - aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du durch [X] oder Sternchen (*) ersetzen
  • Die Systemprüfung und Bereinigung:
    - kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
  • Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
  • Innerhalb der Betreuungszeit:
    - ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
  • Die Reihenfolge:
    - genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
  • GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
  • Ansonsten unsere Forumsregeln:
    - Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?
  • Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen:)
Zitat:
Wenn ein System kompromittiert wurde, ist das System nicht mehr vertrauenswürdig
Eine Neuinstallation garantiert die rückstandsfreie Entfernung der Infektion - Lesestoff: "Hilfe: Ich wurde das Opfer eines Hackerangriffs. Was soll ich tun?" - Säubern eines gefährdeten Systems
Falls du doch für die Systemreinigung entscheidest - Ein System zu bereinigen kann ein paar Tage dauern (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst::

Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.
Zitat:
Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)
Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript (also - nach dem "Code", alles was in der Codebox steht!:
Code:
:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {180183D3-9E6F-4825-B380-643775B96230}
IE:64bit: - HKLM\..\SearchScopes\{180183D3-9E6F-4825-B380-643775B96230}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSG
IE - HKLM\..\SearchScopes,DefaultScope = {180183D3-9E6F-4825-B380-643775B96230}
IE - HKLM\..\SearchScopes\{180183D3-9E6F-4825-B380-643775B96230}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSG
IE - HKU\S-1-5-21-478302627-315377797-3688634032-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ts.fujitsu.com
IE - HKU\S-1-5-21-478302627-315377797-3688634032-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ts.fujitsu.com
IE - HKU\S-1-5-21-478302627-315377797-3688634032-1000\..\SearchScopes,DefaultScope = {180183D3-9E6F-4825-B380-643775B96230}
IE - HKU\S-1-5-21-478302627-315377797-3688634032-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ts.fujitsu.com
IE - HKU\S-1-5-21-478302627-315377797-3688634032-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ts.fujitsu.com/
IE - HKU\S-1-5-21-478302627-315377797-3688634032-1001\..\SearchScopes,DefaultScope = {180183D3-9E6F-4825-B380-643775B96230}
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
[2012/03/21 17:21:45 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/03/21 17:21:45 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/03/21 17:21:45 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/03/21 17:21:45 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/03/21 17:21:45 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKU\S-1-5-21-478302627-315377797-3688634032-1001..\Run: [SkypePM] C:\Users\user\AppData\Local\Skype\SkypePM.exe (ESET)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
@Alternate Data Stream - 312 bytes -> C:\Windows\Temp\ftsmount\mount\0:$WIMMOUNTDATA

:Files
C:\Users\user\AppData\Local\Skype\SkypePM.exe
ipconfig /flushdns /c

:Commands
[purity]
[emptytemp]

2.
Lade Dir Malwarebytes Anti-Malware Lade Dir Malwarebytes Anti-Malwarevon hier herunter
  • Installieren und per Doppelklick starten.
  • Deutsch einstellen und gleich mal die Datenbanken zu aktualisieren - online updaten
  • "Komplett Scan durchführen" wählen (überall Haken setzen)
  • wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
  • Alle Funde - falls MBAM meldet in C:\System Volume Information - den Haken bitte entfernen - markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
  • Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"
eine bebilderte Anleitung findest Du hier: Anleitung

3.
Hast Du absichtlich die IP so als Proxy eingestellt?
Code:
IE - HKU\S-1-5-21-478302627-315377797-3688634032-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
Wenn ja, warum? Wenn nein:
wenn du keinen Proxyserver lokal installiert hast, nimm die Proxyeinstellungen aus den Interneteinstellungen raus
im Internet Explorer:
Extras => Internetoptionen => Verbindungen => Lan-Einstellungen
Haken bei Proxyserver für LAN verwenden und Proxyserver für lokale Adressen umgehen entfernen.

4.
Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:
  • Download den CCleaner herunter
  • Software-Lizenzvereinbarung lesen, falls irgendeine Toolbar angeboten wird, bitte abwählen!-> starten -> Falls nötig, auf "Deutsch" einstellen.
  • starten-> klick auf `Extras` (um auf deinem System installierte Software zu anzeigen)-> dann auf `Als Textdatei speichern...`
  • ein Textdatei wird automatisch erstellt, poste auch dieses Logfile (also die Liste alle installierten Programme...eine Textdatei)

5.
erneut einen Scan mit OTL:
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

Zitat:
Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B OTL-Logfile o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw
gruß
kira

user_ 14.05.2012 13:55
Vielen Dank für deine Antwort,
ich habe dein Skript ausgeführt und kann jetzt wieder auf mein Nutzerkonto zugreifen.
zu2.:
hier ist das log-file von MBAM:
Code:
Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.14.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
THG :: ENG_11 [Administrator]

Schutz: Aktiviert

14.05.2012 13:22:42
mbam-log-2012-05-14 (13-22-42).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 610488
Laufzeit: 55 Minute(n), 9 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
E:\$RECYCLE.BIN\S-1-5-21-478302627-315377797-3688634032-1001\$RXYPAIV.exe (PUP.Netcat) -> Erfolgreich gelöscht und in Quarantäne gestellt.
E:\FRITZ!Box\voip.exe (Spyware.Password) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
zu3.: Die von dir angesprochenen Einstallungen habe ich so auch nicht vorgenommen. Wenn ich deinen Pfad folge, sind die Einstallungen auch korrekt...

zu 4.:
Die gewünschte Datei:
Code:
7-Zip 9.20 (x64 edition)        Igor Pavlov        07.09.2011        4,53MB        9.20.00.0
Adobe Flash Player 11 ActiveX 64-bit        Adobe Systems Incorporated        06.05.2012        6,00MB        11.2.202.235
Adobe Flash Player 11 Plugin 64-bit        Adobe Systems Incorporated        06.05.2012        6,00MB        11.2.202.235
Adobe Reader X (10.1.3) - Deutsch        Adobe Systems Incorporated        10.04.2012        150,7MB        10.1.3
Apache FOP 0.20.5        Altova        11.09.2011        10,3MB        0.20.5100
Autodesk Design Review 2012        Autodesk, Inc.        30.11.2011                12.0.0.98
Autodesk Design Review Browser Add-on v1.2        Autodesk        30.11.2011        0,31MB        1.2.0
Brother MFL-Pro Suite MFC-7360N        Brother Industries, Ltd.        11.09.2011                1.0.0.0
CCleaner        Piriform        13.05.2012                3.18
Conexant HD Audio        Conexant        08.09.2011                8.32.26.0
CoolPack                06.05.2012               
DeskUpdate 4.11        Fujitsu Technology Solutions        07.09.2011        3,25MB        4.11.0074
FreePDF (Remove only)                12.09.2011               
Google Earth Plug-in        Google        15.12.2011        40,9MB        6.1.0.5001
GPL Ghostscript        Artifex Software Inc.        12.09.2011                9.04
GSview 5.0        Ghostgum Software Pty Ltd        30.01.2012                5.0
InfraRecorder 0.52 (x64 edition)        Christian Kindahl        08.09.2011        9,93MB        0.52.00.00
Intel(R) Management Engine Components        Intel Corporation        08.09.2011                7.0.0.1144
Intel(R) MPI Library Runtime Environment 4.0 Update 2 for Windows* OS        Intel Corporation        21.12.2011        61,4MB        4.0.2.005
IVI Shared Components                25.09.2011               
Java(TM) 6 Update 21 (64-bit)        Oracle        11.09.2011        90,5MB        6.0.210
Java(TM) 6 Update 27        Oracle        11.09.2011        95,0MB        6.0.270
Java(TM) 7 (64-bit)        Oracle        08.09.2011        93,3MB        7.0.0
Malwarebytes Anti-Malware Version 1.61.0.1400        Malwarebytes Corporation        13.05.2012        18,0MB        1.61.0.1400
Microsoft .NET Framework 4 Client Profile        Microsoft Corporation        14.04.2011        38,8MB        4.0.30319
Microsoft .NET Framework 4 Extended        Microsoft Corporation        14.04.2011        52,0MB        4.0.30319
Microsoft Office 2003 Web Components        Microsoft Corporation        10.05.2012        78,5MB        12.0.6213.1000
Microsoft Office Professional Plus 2010        Microsoft Corporation        12.09.2011                14.0.6029.1000
Microsoft Visual C++ 2005 Redistributable        Microsoft Corporation        08.09.2011        0,29MB        8.0.59193
Microsoft Visual C++ 2005 Redistributable (x64)        Microsoft Corporation        11.09.2011        3,00MB        8.0.61000
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17        Microsoft Corporation        08.09.2011        0,25MB        9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148        Microsoft Corporation        07.09.2011        0,77MB        9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161        Microsoft Corporation        08.09.2011        0,77MB        9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17        Microsoft Corporation        08.09.2011        0,23MB        9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148        Microsoft Corporation        07.09.2011        0,58MB        9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161        Microsoft Corporation        08.09.2011        0,59MB        9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319        Microsoft Corporation        30.11.2011        11,0MB        10.0.30319
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU        Microsoft Corporation        08.09.2011               
Microsoft Visual Studio 2005 Tools for Applications - ENU        Microsoft Corporation        08.09.2011               
MiKTeX 2.9        MiKTeX.org        23.01.2012                2.9
Mozilla Firefox 11.0 (x86 de)        Mozilla        20.03.2012        36,5MB        11.0
MSXML 4.0 SP2 (KB954430)        Microsoft Corporation        11.09.2011        1,28MB        4.20.9870.0
MSXML 4.0 SP2 (KB973688)        Microsoft Corporation        11.09.2011        1,33MB        4.20.9876.0
MSXML 4.0 SP3 Parser        Microsoft Corporation        11.09.2011        1,48MB        4.30.2100.0
MSXML 4.0 SP3 Parser (KB973685)        Microsoft Corporation        12.09.2011        1,53MB        4.30.2107.0
National Instruments - Software        National Instruments        26.09.2011               
NEC Electronics USB 3.0 Host Controller Driver        NEC Electronics Corporation        07.09.2011        1,02MB        1.0.20.0
Nitro Reader 2        Nitro PDF Software        21.03.2012        109,4MB        2.3.1.1
NVIDIA Display Control Panel        NVIDIA Corporation        08.09.2011        135,0MB        6.14.12.5957
NVIDIA Drivers        NVIDIA Corporation        08.09.2011        65,1MB        1.10.62.40
NVIDIA Grafiktreiber 275.33        NVIDIA Corporation        11.09.2011                275.33
NVIDIA nView 135.85        NVIDIA Corporation        11.09.2011                135.85
OpenProj        Serena Software Inc.        07.09.2011        7,15MB        1.4.0
Phase 5 HTML-Editor        Systemberatung Schommer        21.12.2011        3,72MB        5.6.2.3
RedMon - Redirection Port Monitor                12.09.2011               
ResearchSoft Direct Export Helper                09.02.2012               
SolidWorks 2010 x64 Edition SP02.1        SolidWorks Corporation        08.09.2011                18.2.1.12
Sophos Anti-Virus        Sophos Plc        08.05.2012        23,6MB        9.5.6
Sophos AutoUpdate        Sophos Plc        08.05.2012        8,82MB        2.5.13
Sophos Remote Management System        Sophos Plc        08.09.2011        8,26MB        3.2.0
SRWare Iron 14.0.850.0        SRWare        26.10.2011        74,3MB       
TeXnicCenter Version 1.0 Stable RC1        TeXnicCenter.org        23.01.2012                Version 1.0 Stable RC1
TeXnicCenter Version 2.0 Alpha 3        The TeXnicCenter Team        25.01.2012                2.0 Alpha 3
Trace Software - EUTRON SmartKey® Driver        Trace Software        11.09.2011                1.0.5
Trace Software - HASP Key Driver        Trace Software        11.09.2011                1.0.2
TraceParts Application                11.09.2011               
TraceParts Catalogs                11.09.2011               
UltraVNC 1.0.6.4        1.0.6.4        09.05.2012                1.0.6.4
Universal Library™ for LabVIEW™        Measurement Computing Corp.        26.09.2011        9,18MB        7.1.2
VirtualCloneDrive        Elaborate Bytes        29.09.2011               
VISA Shared Components 64-Bit                25.09.2011               
VMware Player        VMware, Inc        29.09.2011        391MB        3.1.4.16648
Winamp        Nullsoft, Inc        22.09.2011                5.621
Winamp Erkennungs-Plug-in        Nullsoft, Inc        22.09.2011        75,00KB        1.0.0.1
WinDirStat 1.1.2                21.12.2011               
Windows Media Player Firefox Plugin        Microsoft Corp        02.11.2011        0,29MB        1.0.0.8
weiter in Post Nr. 2....

der Rest:
Zu 5.: wurde erledigt.
Extras.otl:
Code:
OTL Extras logfile created on: 5/14/2012 2:37:23 PM - Run 4
OTL by OldTimer - Version 3.2.43.0    Folder = E:\Tools\virenscanner
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7.94 Gb Total Physical Memory | 6.03 Gb Available Physical Memory | 75.89% Memory free
15.88 Gb Paging File | 13.88 Gb Available in Paging File | 87.41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 101.43 Gb Total Space | 16.48 Gb Free Space | 16.24% Space Free | Partition Type: NTFS
Drive E: | 931.51 Gb Total Space | 520.85 Gb Free Space | 55.91% Space Free | Partition Type: NTFS
Drive F: | 237.64 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive K: | 930.91 Gb Total Space | 430.87 Gb Free Space | 46.29% Space Free | Partition Type: NTFS
 
Computer Name: ENG_11 | User Name: THG | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromiumHTML] -- "E:\Tools\Browser\Iron\IronPortable\Iron\Iron.exe" -- "%1"
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"" =
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{061E585E-5065-4B40-A3A7-9045591B6C8B}" = lport=10243 | protocol=6 | dir=in | app=system |
"{40F719D8-2B6F-4BB2-B0C4-08337FF9C32E}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{4874F940-95C1-475A-80FF-BAC59DF725C7}" = lport=5900 | protocol=6 | dir=in | name=vnc5900 |
"{53B5EC25-ED02-4C08-A367-A5706D3936FD}" = lport=5800 | protocol=6 | dir=in | name=vnc5800 |
"{9BE8A573-8C9B-43AA-8FB8-A0F612D5D3FF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A26343CA-1A15-4B2A-9871-74D36F302BF2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AF8FCD9C-EF83-4D26-A7C8-489149FBBF34}" = lport=1947 | protocol=17 | dir=in | name=hasp srm  |
"{B24F41B3-9B6E-42B0-BD92-3662322FDC2D}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner |
"{B619F8DF-F0D9-4222-9E65-6465E6D7D10F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B6D216CE-8B2A-40E9-8957-9D01139CC535}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BC553161-CF08-4DF8-8BB0-08480D2F652D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BD408C80-58A4-4591-9D2C-FF62C76ED4E1}" = lport=5800 | protocol=6 | dir=in | name=vnc5800 |
"{C2E33A85-92C3-4E03-8EF0-8A7D0082188C}" = lport=1947 | protocol=6 | dir=in | name=hasp srm  |
"{E5AF5A55-5CDB-4975-9DF3-5A0B135DDFA4}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{E8FEBC53-E1E9-43E3-B4D6-1E9E26CF792B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F2229682-FFF1-470B-B0E0-557C1B9347A8}" = rport=10243 | protocol=6 | dir=out | app=system |
"{F2EBAE98-6223-40BC-B884-DD7367623E97}" = lport=5900 | protocol=6 | dir=in | name=vnc5900 |
"{F6071C1C-E66C-46EA-9256-1781229D023B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04EB83B4-F86A-4F2C-B150-607FA734115E}" = protocol=6 | dir=in | app=c:\program files\solidworks corp\solidworks\swscheduler\dtscoordinatorservice.exe |
"{05160252-62ED-49E4-A8A3-4FC8D0BDF20C}" = protocol=6 | dir=in | app=c:\program files\ansys inc\v140\fluent\fluent14.0.0\win64\3d_node\fl_mpi1400.exe |
"{09D92B05-0A27-49F4-8DC8-DC2CF0383E9E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{0F53E6FC-9DD8-42C5-9482-4FB0F93055C1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{129D7D39-449D-4D00-B3C9-3D96770B67F1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{14B18FBC-3A4D-4946-B603-EF17E375126A}" = protocol=6 | dir=in | app=c:\program files (x86)\ultravnc\vncviewer.exe |
"{16110D97-FEC9-4742-8A59-F6317D8D617B}" = protocol=6 | dir=in | app=c:\program files\ansys inc\v140\fluent\fluent14.0.0\cortex\win64\cx1400.exe |
"{18E53443-2508-4678-98AD-D3F86561C1F7}" = protocol=17 | dir=in | app=c:\program files\ansys inc\v140\fluent\fluent14.0.0\win64\3ddp_host\fl1400.exe |
"{1CE14060-D4A7-496E-8C2C-86E3D51787FA}" = protocol=6 | dir=in | app=c:\program files\ansys inc\v140\aisol\bin\winx64\ansmeshingserver.exe |
"{2CD7CD56-7654-4F53-8FE2-ABB58E541A54}" = protocol=6 | dir=in | app=c:\program files\ansys inc\v140\rsm\bin\ans.rsm.jmhost.exe |
"{2E24194C-0DAA-4053-BDBD-7254A345902F}" = protocol=17 | dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe |
"{3809BE39-E0AD-4894-9922-CAB4225E0902}" = protocol=6 | dir=out | app=system |
"{3D45B48C-A82E-4E76-B836-8C54F6560E0E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{44998C82-A508-4222-80E9-645377AE12A4}" = protocol=6 | dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe |
"{4B83884B-C18D-46CF-8F2D-E6A652C598E0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4F08CF52-B016-4A68-944C-1304C9C0BE35}" = protocol=6 | dir=in | app=c:\program files\national instruments\shared\ni webserver\applicationwebserver.exe |
"{57C13142-3AF1-40A8-B636-F4FDF2F60F9D}" = protocol=6 | dir=in | app=c:\program files\ansys inc\v140\fluent\fluent14.0.0\win64\3ddp_host\fl1400.exe |
"{58A491BB-DF59-402A-B9BD-1BFAAB65DC92}" = protocol=6 | dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe |
"{58B4F667-083B-435C-95A0-589920BA8F2A}" = protocol=17 | dir=in | app=c:\program files\ansys inc\v140\fluent\fluent14.0.0\win64\3d_host\fl1400.exe |
"{5A665C86-477A-4A1C-86C5-D1089024B020}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5D61B49A-9AAB-45E0-AAF3-846713A49A8C}" = protocol=6 | dir=in | app=c:\program files\ansys inc\shared files\licensing\winx64\ansysli_client.exe |
"{5E5AF583-20AE-4812-8D4E-70C627043D5A}" = protocol=17 | dir=in | app=c:\program files\ansys inc\v140\fluent\fluent14.0.0\win64\3ddp_node\fl_mpi1400.exe |
"{5FD17F25-3D3C-46E8-AD0D-A45E40562183}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6A0D7949-C342-4564-8645-4A73910B818F}" = protocol=17 | dir=in | app=c:\program files (x86)\ultravnc\vncviewer.exe |
"{6D89122A-2031-42E4-9D18-2A04C4885D09}" = protocol=6 | dir=in | app=c:\program files (x86)\ultravnc\vncviewer.exe |
"{71394E2B-969B-47DA-8CF3-919EA2076F5C}" = protocol=17 | dir=in | app=c:\program files (x86)\ultravnc\vncviewer.exe |
"{75775345-FEFE-4CF8-A1E6-1EF77A3D0360}" = protocol=6 | dir=in | app=c:\program files\solidworks corp\solidworks\sldworks.exe |
"{7B1B1799-E2AC-473E-BBA8-80EB608DCFB0}" = protocol=17 | dir=in | app=c:\users\user\appdata\local\akamai\netsession_win.exe |
"{7C66FDE0-01BA-45CB-9FF3-2B9D98C64370}" = protocol=17 | dir=in | app=c:\program files\ansys inc\shared files\licensing\winx64\ansysli_client.exe |
"{80EB059C-1199-46EF-8827-3EBA99156E9A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{85079CBA-3B3C-4865-80E6-D54C486774E2}" = protocol=6 | dir=in | app=c:\program files\ansys inc\v140\fluent\fluent14.0.0\win64\2ddp_node\fl_mpi1400.exe |
"{85C96075-C150-4D29-8DC1-6A7A1A70F3EB}" = protocol=6 | dir=in | app=c:\program files\ansys inc\v140\fluent\fluent14.0.0\win64\3ddp_node\fl_mpi1400.exe |
"{8C1C6EC7-36F7-49F9-8D45-2A513486D967}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8F63CAC6-9FDC-4C86-8149-F66FAB9C4871}" = protocol=17 | dir=in | app=c:\program files\solidworks corp\solidworks\swscheduler\dtscoordinatorservice.exe |
"{8FD2DFBF-9A21-4B50-A1B1-504EB59B93E3}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{908C41CF-7D04-4007-AFDC-F5681B439734}" = protocol=17 | dir=in | app=c:\program files\ansys inc\v140\fluent\fluent14.0.0\win64\2ddp_host\fl1400.exe |
"{93CDE9F3-1B29-43C2-9737-979C2591F0B4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A2CE86C4-42AF-400C-9338-8F3AD1DA0E78}" = protocol=17 | dir=in | app=c:\program files\ansys inc\v140\fluent\fluent14.0.0\multiport\mpi\win64\pcmpi\bin\mpirun.exe |
"{A2DB981B-A73D-4CBB-83BA-FE759A3DF617}" = protocol=6 | dir=in | app=c:\program files (x86)\brother\brmfl10f\faxrx.exe |
"{A4F9D371-85F1-49FA-B2C1-F61524863FEC}" = protocol=6 | dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe |
"{A8D7FCD0-721D-424B-845B-B7363B04C28D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3CF4B3-397E-4744-90E7-6CE18E720742}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{ABE3C84C-4C28-4EF9-AD9D-1E6B173465D7}" = protocol=17 | dir=in | app=c:\program files\solidworks corp\solidworks\sldworks.exe |
"{B141CF9A-E435-4AB9-819A-4DCF4F2A35DE}" = protocol=6 | dir=in | app=c:\program files\ansys inc\v140\fluent\fluent14.0.0\multiport\mpi\win64\pcmpi\bin\mpid.exe |
"{B38EC528-BE01-4355-B79A-93DD61DFB66B}" = protocol=17 | dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe |
"{B5ADB86F-4788-4597-B622-7AC15BF919CB}" = protocol=17 | dir=in | app=c:\program files\ansys inc\v140\fluent\fluent14.0.0\multiport\mpi\win64\pcmpi\bin\mpid.exe |
"{BAC289D9-1FB6-48DE-9033-936D1B003727}" = protocol=17 | dir=in | app=c:\program files\ansys inc\v140\rsm\bin\ans.rsm.jmhost.exe |
"{BB930EBF-CC06-4AC6-A068-2D7851E02141}" = protocol=17 | dir=in | app=c:\program files\ansys inc\v140\framework\bin\win64\ansysfww.exe |
"{C1762AF8-ABA5-4B3B-B707-391805053E74}" = protocol=6 | dir=in | app=c:\program files\ansys inc\v140\aisol\bin\winx64\ansyswbu.exe |
"{C229CA86-D1D2-4089-A45B-2E31E803BAF1}" = protocol=17 | dir=in | app=c:\program files\national instruments\shared\ni webserver\applicationwebserver.exe |
"{C6320743-E688-4C7F-8A4C-0FC059254B22}" = protocol=17 | dir=in | app=c:\program files\ansys inc\v140\fluent\fluent14.0.0\cortex\win64\cx1400.exe |
"{C66247E7-5ACE-4421-B5EE-B3A7D25D3023}" = protocol=17 | dir=in | app=c:\program files\ansys inc\v140\fluent\fluent14.0.0\win64\2ddp_node\fl_mpi1400.exe |
"{C795386F-BF1B-4F35-A2AE-8400971B8002}" = protocol=17 | dir=in | app=c:\program files\ansys inc\v140\fluent\fluent14.0.0\win64\3d_node\fl_mpi1400.exe |
"{CCAEE8B4-6688-4BB6-AC1C-5AAF5829D2F5}" = protocol=17 | dir=in | app=c:\program files\ansys inc\v140\aisol\bin\winx64\ansyswbu.exe |
"{CD4A55A3-AC69-4910-B11D-11764353D2A1}" = protocol=17 | dir=in | app=c:\program files (x86)\national instruments\shared\ni webserver\systemwebserver.exe |
"{D4E4268A-1AC7-41CB-825A-966A3FA86CD9}" = protocol=17 | dir=in | app=c:\program files\ansys inc\v140\aisol\bin\winx64\ansmeshingserver.exe |
"{D4F5E5CB-257B-48D9-B100-91EDF6DECA9D}" = protocol=6 | dir=in | app=c:\users\user\appdata\local\akamai\netsession_win.exe |
"{D83A3D68-3283-4D1D-8718-D14FD4F63BE3}" = protocol=17 | dir=in | app=c:\program files\ansys inc\v140\commonfiles\jre\winx64\bin\java.exe |
"{D8850CDC-1FD0-49AE-AC54-456FC4F83A96}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DD7EFDAD-B8F3-40A3-AE64-1413306F3843}" = protocol=6 | dir=in | app=c:\program files\ansys inc\v140\fluent\fluent14.0.0\win64\2ddp_host\fl1400.exe |
"{DEFD13D2-2066-4C27-8881-D613A15BB554}" = protocol=17 | dir=in | app=c:\program files (x86)\brother\brmfl10f\faxrx.exe |
"{E059CF1F-DD19-4BD7-8E50-1C1DF5A264AC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E2ECCBE8-4709-4637-A88A-2C9A76D35837}" = protocol=6 | dir=in | app=c:\program files\ansys inc\v140\framework\bin\win64\ansysfww.exe |
"{E5371DC7-ADB0-4AA5-8A96-A8F79F88C1E0}" = protocol=6 | dir=in | app=c:\program files\ansys inc\v140\commonfiles\jre\winx64\bin\java.exe |
"{E75DFE92-2A93-45AD-A200-539859507E1E}" = protocol=6 | dir=in | app=c:\program files\ansys inc\v140\fluent\fluent14.0.0\multiport\mpi\win64\pcmpi\bin\mpirun.exe |
"{E9F3CA92-CAD3-46F6-BDA4-C9D733553497}" = protocol=6 | dir=in | app=c:\program files (x86)\national instruments\shared\ni webserver\systemwebserver.exe |
"{EB084268-1090-4E6C-8B07-4D87E0EC0181}" = protocol=6 | dir=in | app=c:\program files\ansys inc\v140\fluent\fluent14.0.0\win64\3d_host\fl1400.exe |
"{FD86D555-0195-4517-9C15-AE2167457EC5}" = protocol=17 | dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe |
"{FF3B5772-FDEA-481A-B3C4-4641418745F4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{027C5F0C-B16A-406C-8441-07E5C9B2F423}C:\program files\ansys inc\v140\fluent\fluent14.0.0\cortex\win64\cx1400.exe" = protocol=6 | dir=in | app=c:\program files\ansys inc\v140\fluent\fluent14.0.0\cortex\win64\cx1400.exe |
"TCP Query User{07D2EA06-0845-4885-A746-4FEF9DD09338}C:\program files\ansys inc\v140\fluent\fluent14.0.0\win64\3d_node\fl_mpi1400.exe" = protocol=6 | dir=in | app=c:\program files\ansys inc\v140\fluent\fluent14.0.0\win64\3d_node\fl_mpi1400.exe |
"TCP Query User{502D164C-2D6D-460B-BB5A-6AE335CFF675}C:\program files\ansys inc\v140\aisol\bin\winx64\ansyswbu.exe" = protocol=6 | dir=in | app=c:\program files\ansys inc\v140\aisol\bin\winx64\ansyswbu.exe |
"TCP Query User{5DBAB522-1189-4E0C-9884-5C21F24310B2}C:\program files\ansys inc\v140\fluent\fluent14.0.0\win64\2ddp_node\fl_mpi1400.exe" = protocol=6 | dir=in | app=c:\program files\ansys inc\v140\fluent\fluent14.0.0\win64\2ddp_node\fl_mpi1400.exe |
"TCP Query User{67E2ED38-B7A4-427B-894A-691F2F81911E}C:\program files\ansys inc\v140\fluent\fluent14.0.0\win64\3ddp_host\fl1400.exe" = protocol=6 | dir=in | app=c:\program files\ansys inc\v140\fluent\fluent14.0.0\win64\3ddp_host\fl1400.exe |
"TCP Query User{68E6CFB6-531B-4D3A-882A-AA01AB1D0804}C:\program files\ansys inc\v140\commonfiles\jre\winx64\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\ansys inc\v140\commonfiles\jre\winx64\bin\java.exe |
"TCP Query User{79E6B65D-5634-478E-B7B6-F19FCFAACE12}C:\program files\ansys inc\shared files\licensing\winx64\ansysli_client.exe" = protocol=6 | dir=in | app=c:\program files\ansys inc\shared files\licensing\winx64\ansysli_client.exe |
"TCP Query User{9DE61DAA-189B-4E6F-88C8-8BEFF07733AE}C:\program files\ansys inc\v140\fluent\fluent14.0.0\win64\2ddp_host\fl1400.exe" = protocol=6 | dir=in | app=c:\program files\ansys inc\v140\fluent\fluent14.0.0\win64\2ddp_host\fl1400.exe |
"TCP Query User{A38A1F62-3B7C-40CF-B20C-4BC55F895B21}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{A7FB5B26-D8A5-483E-9738-4435DE5E9757}C:\program files\ansys inc\v140\rsm\bin\ans.rsm.jmhost.exe" = protocol=6 | dir=in | app=c:\program files\ansys inc\v140\rsm\bin\ans.rsm.jmhost.exe |
"TCP Query User{B52F138F-9D48-4AA8-8EA8-1B82BA1C661C}C:\program files\ansys inc\v140\fluent\fluent14.0.0\multiport\mpi\win64\pcmpi\bin\mpid.exe" = protocol=6 | dir=in | app=c:\program files\ansys inc\v140\fluent\fluent14.0.0\multiport\mpi\win64\pcmpi\bin\mpid.exe |
"TCP Query User{C39DDFBD-B27A-400F-ADAA-5C71A91CF184}C:\program files\ansys inc\v140\fluent\fluent14.0.0\multiport\mpi\win64\pcmpi\bin\mpirun.exe" = protocol=6 | dir=in | app=c:\program files\ansys inc\v140\fluent\fluent14.0.0\multiport\mpi\win64\pcmpi\bin\mpirun.exe |
"TCP Query User{C8D69B95-82A9-4FED-A954-D72B02D5BB5F}C:\program files\ansys inc\v140\fluent\fluent14.0.0\win64\3ddp_node\fl_mpi1400.exe" = protocol=6 | dir=in | app=c:\program files\ansys inc\v140\fluent\fluent14.0.0\win64\3ddp_node\fl_mpi1400.exe |
"TCP Query User{CF022BBD-FC42-4F90-A334-63FFC1A9779E}C:\program files\ansys inc\v140\fluent\fluent14.0.0\win64\3d_host\fl1400.exe" = protocol=6 | dir=in | app=c:\program files\ansys inc\v140\fluent\fluent14.0.0\win64\3d_host\fl1400.exe |
"TCP Query User{D6EA8A9B-FE9E-457D-901A-2498C8363329}C:\program files\ansys inc\v140\aisol\bin\winx64\ansmeshingserver.exe" = protocol=6 | dir=in | app=c:\program files\ansys inc\v140\aisol\bin\winx64\ansmeshingserver.exe |
"TCP Query User{E6780189-DBDC-4BD0-A3D6-5BDD49EB13BA}C:\program files (x86)\national instruments\shared\datafinderdesktop\bin\datafinder.exe" = protocol=6 | dir=in | app=c:\program files (x86)\national instruments\shared\datafinderdesktop\bin\datafinder.exe |
"TCP Query User{EC2DF596-2E3E-44FE-9A22-2A8C92F3E039}C:\program files\solidworks corp\solidworks\sldworks.exe" = protocol=6 | dir=in | app=c:\program files\solidworks corp\solidworks\sldworks.exe |
"TCP Query User{F466BC7D-4A56-4C37-A659-7D2E0ED1FD9A}C:\program files\ansys inc\v140\framework\bin\win64\ansysfww.exe" = protocol=6 | dir=in | app=c:\program files\ansys inc\v140\framework\bin\win64\ansysfww.exe |
"UDP Query User{060CEE6B-7F09-4114-A270-8EC33C944276}C:\program files\ansys inc\v140\fluent\fluent14.0.0\win64\2ddp_node\fl_mpi1400.exe" = protocol=17 | dir=in | app=c:\program files\ansys inc\v140\fluent\fluent14.0.0\win64\2ddp_node\fl_mpi1400.exe |
"UDP Query User{1ADDF2B7-C179-439F-B5AF-9BF2EA05631F}C:\program files\ansys inc\v140\fluent\fluent14.0.0\win64\3ddp_node\fl_mpi1400.exe" = protocol=17 | dir=in | app=c:\program files\ansys inc\v140\fluent\fluent14.0.0\win64\3ddp_node\fl_mpi1400.exe |
"UDP Query User{1F1CDBD7-CD8B-4CA9-B6A8-55CD4BA855CF}C:\program files\ansys inc\v140\fluent\fluent14.0.0\multiport\mpi\win64\pcmpi\bin\mpid.exe" = protocol=17 | dir=in | app=c:\program files\ansys inc\v140\fluent\fluent14.0.0\multiport\mpi\win64\pcmpi\bin\mpid.exe |
"UDP Query User{404305CF-DC47-49A5-B640-9B30590030C0}C:\program files\ansys inc\v140\aisol\bin\winx64\ansmeshingserver.exe" = protocol=17 | dir=in | app=c:\program files\ansys inc\v140\aisol\bin\winx64\ansmeshingserver.exe |
"UDP Query User{517A1B5B-C864-464A-B909-3D2145E18407}C:\program files\ansys inc\shared files\licensing\winx64\ansysli_client.exe" = protocol=17 | dir=in | app=c:\program files\ansys inc\shared files\licensing\winx64\ansysli_client.exe |
"UDP Query User{53A5CCE6-A581-4F49-A326-425A97E92654}C:\program files\ansys inc\v140\fluent\fluent14.0.0\cortex\win64\cx1400.exe" = protocol=17 | dir=in | app=c:\program files\ansys inc\v140\fluent\fluent14.0.0\cortex\win64\cx1400.exe |
"UDP Query User{53D5BAF5-68A6-4526-BBEC-6CC3716D5E72}C:\program files\ansys inc\v140\framework\bin\win64\ansysfww.exe" = protocol=17 | dir=in | app=c:\program files\ansys inc\v140\framework\bin\win64\ansysfww.exe |
"UDP Query User{7A27F6B1-B881-4C17-92D8-1733D99607C2}C:\program files\ansys inc\v140\rsm\bin\ans.rsm.jmhost.exe" = protocol=17 | dir=in | app=c:\program files\ansys inc\v140\rsm\bin\ans.rsm.jmhost.exe |
"UDP Query User{84A1D109-3BAA-4869-B2BE-88DAA00A231A}C:\program files\ansys inc\v140\fluent\fluent14.0.0\win64\3d_host\fl1400.exe" = protocol=17 | dir=in | app=c:\program files\ansys inc\v140\fluent\fluent14.0.0\win64\3d_host\fl1400.exe |
"UDP Query User{B684355D-DC57-4688-81F3-E901D4CDDF8E}C:\program files (x86)\national instruments\shared\datafinderdesktop\bin\datafinder.exe" = protocol=17 | dir=in | app=c:\program files (x86)\national instruments\shared\datafinderdesktop\bin\datafinder.exe |
"UDP Query User{B935A751-F4A9-4CF5-9F6F-BE73667C487F}C:\program files\ansys inc\v140\fluent\fluent14.0.0\multiport\mpi\win64\pcmpi\bin\mpirun.exe" = protocol=17 | dir=in | app=c:\program files\ansys inc\v140\fluent\fluent14.0.0\multiport\mpi\win64\pcmpi\bin\mpirun.exe |
"UDP Query User{C06A95E1-FEB9-42E8-AFFE-1EE5AA4E6BC2}C:\program files\ansys inc\v140\fluent\fluent14.0.0\win64\3ddp_host\fl1400.exe" = protocol=17 | dir=in | app=c:\program files\ansys inc\v140\fluent\fluent14.0.0\win64\3ddp_host\fl1400.exe |
"UDP Query User{DE2FE989-7DC9-4185-8999-34A002265DFD}C:\program files\ansys inc\v140\fluent\fluent14.0.0\win64\2ddp_host\fl1400.exe" = protocol=17 | dir=in | app=c:\program files\ansys inc\v140\fluent\fluent14.0.0\win64\2ddp_host\fl1400.exe |
"UDP Query User{E1B61655-B6FC-4614-9A75-934BBAA85892}C:\program files\ansys inc\v140\fluent\fluent14.0.0\win64\3d_node\fl_mpi1400.exe" = protocol=17 | dir=in | app=c:\program files\ansys inc\v140\fluent\fluent14.0.0\win64\3d_node\fl_mpi1400.exe |
"UDP Query User{E25D95F7-F468-49BE-8A4D-B43F7E78BEF5}C:\program files\solidworks corp\solidworks\sldworks.exe" = protocol=17 | dir=in | app=c:\program files\solidworks corp\solidworks\sldworks.exe |
"UDP Query User{E5FC469C-FE1C-4508-8157-2EB96E740ED0}C:\program files\ansys inc\v140\aisol\bin\winx64\ansyswbu.exe" = protocol=17 | dir=in | app=c:\program files\ansys inc\v140\aisol\bin\winx64\ansyswbu.exe |
"UDP Query User{FAA5DD41-036E-49E2-B662-23B4BDC9C477}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{FDAFB84C-B656-4681-903E-B9E08321F8FB}C:\program files\ansys inc\v140\commonfiles\jre\winx64\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\ansys inc\v140\commonfiles\jre\winx64\bin\java.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{020DFD6B-8032-4237-9B68-BC5B1E42A684}" = NI Ethernet Device Enumerator 64-Bit
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{076FE483-3897-4A54-8F02-441BCE7EDE47}" = NI-DAQmx SCXI for 64 Bit Windows 2.0.0
"{0A1073AF-038B-4FC2-B85B-2C38D17F6936}" = NI RTSI Cable Core Installer for 64 Bit Windows 1.1.0
"{0B7AFE8D-1265-4025-AD23-3624CEAD4F3C}" = NI Xalan Delay Load 1.10.1 64-bit
"{0D5534F6-AF96-489F-A69F-082199EE027F}" = NI Authentication 2.0 (64-bit)
"{0F0034D8-BF51-46BA-BC9E-64C220DC480C}" = NI-DAQmx Switch Core for 64 Bit Windows 2.3.0
"{1778742E-59D3-4090-AB8A-DAA281D66772}" = NI Assistant Framework 64-bit
"{18AA575C-D2EE-4AFC-A684-BF85DAFF4B19}" = NI-MRU 2.12.0f0 for 64 Bit Windows
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{2616018C-1E77-48E3-BB9B-7FC79D849CAB}" = NI-DAQmx STC for 64 Bit Windows 1.11.0
"{26A24AE4-039D-4CA4-87B4-2F86416021FF}" = Java(TM) 6 Update 21 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417000FF}" = Java(TM) 7 (64-bit)
"{2C22EA92-CB30-4932-0052-000001000000}" = InfraRecorder 0.52 (x64 edition)
"{2C304E7A-A1E0-4E56-8679-7B7FC80BE6BE}" = NI-RPC 4.2.2f0 for 64 Bit Windows
"{2DD460A2-336C-4CCB-8F8C-68ACDBDF0A97}" = NI-DAQmx MIO Device Drivers for 64 Bit Windows 2.7.0
"{3AFD5259-24B6-4332-8EEF-9947200DF693}" = NI GMP Windows 64-bit Installer 11.0.0
"{3B68641B-4EBD-4EBE-917D-6E91DB1E5636}" = NI System State Publisher (64-bit)
"{4168FF33-8D45-40B3-B2A8-FD91BB2A1BA0}" = NI mDNS Responder 1.6 for Windows 64-bit
"{4339C8F4-BB15-49D8-BC51-EAB5D10325A8}" = NI Curl 1.0.1 (64-bit)
"{47194CDC-0EFC-4EF8-BD8C-6E9D8EF67224}" = NI RTSI PAL Device Library Installer for 64 Bit Windows 1.1.0
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4EBBC187-6988-4B10-A846-E1DBD2AD2B8D}" = NI Math Kernel Libraries (64-bit)
"{4EE0B022-366F-432B-98C6-4EB27C87774E}" = NI Math Kernel Libraries (64-bit)
"{50B2D9D8-87B6-49EE-BC5C-874119FD6B7B}" = NI Xerces Delay Load 2.7.3 64-bit
"{53794485-921A-4C71-8E82-6F5A15E9ECBA}" = NI Network Discovery 5.0 for Windows 64-bit
"{542DDF04-9F91-4F36-B2F4-2638B788A4C8}" = Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU
"{5B38524E-3702-446C-AE93-1C28F2926374}" = NI-DAQmx MAX Support 64-bit 2.3.0
"{5EAD12AB-9875-4BCC-A3C3-1E5401191FE3}" = NI-DAQmx Dynamic Signal Acquisition for 64 Bit Windows 2.3.0
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{607C8A6B-77E5-46D5-BB86-9D6FF813A77F}" = NI Web Application Server 1.1 (64-bit)
"{678EB05F-D317-48C9-9C67-E33AE7C0F900}" = NI MXS 5.0.0 for 64 Bit Windows
"{67B8A1C7-4A94-41C7-B215-0AF2750AB8DD}" = NI-DAQmx Documentation for 64 bit Windows 9.4.0
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6D9B6E39-18E5-4B05-92B3-83B5B483131B}" = NI IVI Class Simulation Drivers (64-bit)
"{7694EC8F-88B3-4656-BBAC-41B87DDC3E8B}" = IVI Shared Component 64-bit
"{792F51F9-C200-445D-AC7A-15C2F082A715}" = SolidWorks Flow Simulation 2010 SP02.1 x64 Edition
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{82DA2AE0-AC4B-4D34-BE7D-B4C720A1E7D2}" = NI VC2008MSMs x64
"{830CCF4A-11CF-4A3C-85EE-98002E97572E}" = NI-VISA x64 support ..
"{84AC95C9-D358-4626-BD18-2D0A16BC8A82}" = NI Logos64 5.2.1
"{863FD265-AF6E-4CBC-A66A-CC551E214C3B}" = NI-DAQmx DAQ Assistant 64-bit 2.1.0
"{88E18DCA-12DF-477F-9921-A804BC43AD3B}" = NI Calibration Provider Help for 64 Bit Windows
"{8972BE76-AC79-4108-AE3C-59A0211025F0}" = NI IVI Compliance Package 4.2 (64-bit)
"{899576E7-3569-417F-8EFE-EB881BE22EDE}" = NI MAX Remote Configuration 64-bit Installer 5.0
"{8A29BB80-DD34-4893-A0AD-A13C17E38A87}" = NI-MDBG 1.11.0f0 for 64 Bit Windows
"{8C089519-64BD-48F5-AFDB-CACB1FF51FC4}" = NI-APAL 2.0 64-Bit Error Files
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{922317D8-F321-4F43-9D50-03399CECD597}" = NI MAX Support for 64 Bit Windows
"{974391A4-9358-4122-951C-CE73EF490A40}" = NI System Configuration Runtime 5.0.0 for Windows 64-bit
"{99ACA06A-648E-4045-BF5C-A79EC35DBEE9}" = NI Trace Engine (64-bit)
"{9C8D90AE-70CB-47B7-8230-B5F6250F0CC1}" = NI-DAQmx Common Digital for 64 Bit Windows 1.14.0
"{9FEAE7CD-7BF1-4FAB-95F8-FC12C395B82C}" = NI IVI Class Drivers 64-bit
"{A08E9F7F-D07D-4029-973D-D9DB7DF4A285}" = Nitro Reader 2
"{A7560590-5EBA-40BA-85E4-6D9BA6D6C1B4}" = NI TDMS (64-bit)
"{ACDE2A50-97CF-47FE-B92C-ED8147F85A9D}" = NI VC2005MSMs x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{AF4525BB-39AE-4D9F-AE66-0D70E20DDBB0}" = NI-ORB 1.10.0f0 for 64 Bit Windows
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.85
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B3ACDAEB-08E0-41F8-8789-D0A333AE4964}" = NI System Web Server Base 2.0 (64-bit)
"{B9254715-D10D-4B4B-B002-54CBA61E6F64}" = NI LabVIEW Broker (64 bit)
"{BCC9F205-2B10-41EB-9365-7988824B3748}" = NI PXI Platform Framework 1.5.0 64-bit
"{BE0C6A88-C93C-4BA0-9BDB-DB12FFF1EC98}" = NI Logos64 XT Support
"{C015A236-48E4-4291-A7A7-0AD0E5300DAA}" = NI USI 1.8.1 64-Bit
"{C056F8E5-6ACD-4B71-BC1A-E5948E515EE7}" = NI IVI Engine 64-bit
"{C8786BF1-0278-4DAF-8015-EAF94CDF2F0C}" = NI-MXLC LabVIEW 2011 Support
"{C885A235-9C71-4D7B-BA0D-A3FD76F7313E}" = NI-DIM 1.12.0f0 for 64 Bit Windows
"{CCC79B52-19CF-4A50-BE60-AEE3DE96B3EA}" = NI Web Pipeline 2.0.1 64-bit support
"{CCD7A659-74D4-4577-A3FE-4E5C8C3AEF14}" = NI-PAL 2.7.0f0 for 64 Bit Windows
"{CD763FF0-B449-4692-B999-5434D3D5374C}" = NI-DAQmx/LabVIEW shared documentation for 64 Bit Windows 1.10.0
"{CEC987B2-4531-48CC-B87C-2D355A90943A}" = NI Variable Engine (64-bit)
"{D198B514-B24E-43FC-AE19-E634F48B928C}" = NI System API Windows 64-bit 5.0.0
"{D5D8BFCD-C9F4-488A-B660-8876D02AA572}" = NI Portable Configuration for 64 Bit Windows 5.0.0
"{D7CCDF1B-6819-4003-87BB-F6F1BDC48C2E}" = NI-MXLC LabVIEW 2009 Support
"{D91ACEAA-C14F-4172-8AF1-AD40FEE8E325}" = NI-MXLC Core (64-bit)
"{D9F81649-D7A6-4FA0-856C-76CDB1120F9D}" = NI Spy Windows 64 Support 3.0.0
"{DA359EC3-2861-4529-97B2-55A5F6A69A47}" = NI-DAQmx FSL Installer for 64-Bit Windows 2.0.0
"{DDB6CCD4-65B3-4B91-8C71-1AE6FCD77E02}" = NI-MXDF 1.12.0f0 for 64 Bit Windows
"{E3867DF9-81D4-40BC-880C-1F134FECF995}" = NI Help Assistant (64bit)
"{E45B7F5F-A814-4C15-A0D6-14CEE02AD72D}" = NI SSL Support (64-bit)
"{E807BDD0-9A9F-453B-992A-927F9499B668}" = NI PXI Hardware 64-bit Support 2.6.2
"{E9173A5F-22A6-4152-848E-45851DB99162}" = SolidWorks 2010 x64 Edition SP02.1
"{E9F226A6-A0FB-4077-B47E-DFB44825C659}" = NI-MXLC LabVIEW 2010 Support
"{EB4F834C-DD0D-42E3-A43D-D61A86246FEB}" = NI-DAQmx 653x Installer for 64 Bit Windows 1.9.5
"{EF7DDF1F-5CE8-46D0-993F-D8170C221FCB}" = NI-DAQmx MX Expert Framework for 64 Bit Windows 2.9.0
"{F27DCB7D-AB55-4A4C-927A-27E4217EFBA5}" = NI DataSocket 4.8 (64 Bit)
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F63D3568-80A4-47AB-B97D-8988DF18BD0C}" = NI TDM Excel Add-In 3.3 64-bit
"{F9EBCD68-8BCC-4C66-9F1A-94E62ABB67A8}" = NI RTSI UI Provider for 64 Bit Windows 1.1.0
"{FB585470-EFFC-461E-9302-27CA43DD3A74}" = NI PXI SystemAPI Expert 64-bit 2.6.2
"{FC50EE2A-A55D-437E-A5BD-D0EBFB1323CC}" = NI-DAQmx Timing for 64 Bit Windows 2.4.0
"{FE85EDAA-F445-4E11-804E-4CB314D1C8E4}" = VISA Shared Components 64-Bit
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"GPL Ghostscript 9.04" = GPL Ghostscript
"GSview 5.0" = GSview 5.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU" = Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00191333-34DE-4B54-BEDD-701793920E82}" = NI RTSI UI Provider 1.1.0
"{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd
"{01415FEA-D7D9-40CF-9370-AF74ABC1AE39}" = NI System API Web-Servce 32-bit 5.0.0
"{027763BA-707E-4E88-9631-7837EE715E96}" = NI DataSocket 4.8
"{033F0FD6-07E0-414A-8367-51EB862EFE12}" = Runtime für den NI-Systemkonfigurator 5.0.0
"{0504F3D0-F1CF-4FC7-AC18-7C157EAE65F6}" = NI LabVIEW 2010 Service Pack 1 (SP1)
"{0605BA5B-7041-482E-A7DC-C1B55DB6046A}" = NI-MXLC LabVIEW 2011 Support
"{06BF046D-7CDE-495B-82F3-52E185DC0714}" = NI LabVIEW SignalExpress 2010 LabVIEW Support
"{08B760EF-E028-45B1-80E2-624F9C54F4CE}" = NI-MXLC Core (32-bit)
"{0A0877CD-3EB7-4C87-AC14-B343018528F8}" = NI LabVIEW 2010 SP1 Search
"{0B851303-5BA7-4C49-A9E1-59AAE27F663C}" = NI Ethernet Device Enumerator
"{0BD06981-453D-4336-9A47-5A0231B5CB22}" = NI-Netzwerkbrowser 5.0.0
"{0C2D9E6F-575F-4FD3-AD2A-B44FACDDD707}" = NI LabVIEW SignalExpress 2011 Datatypes LabVIEW 2010 Support
"{0F22D0D0-0D43-42B4-8C9D-0CC14A99F9DC}" = NI LabVIEW 2010 SP1 Simulation
"{0FB31DF8-38DF-4C9D-B313-AFAFC3FBA02B}" = NI LVBrokerAux 8.2.1
"{0FD812C9-3BBE-4CC5-A43C-B7304E3EC581}" = NI Web Pipeline 2.0.1
"{112FE5D5-EB7A-4795-B906-79FB08E936C6}" = NI-RPC 4.2.0f0 for Phar Lap ETS
"{1280D2F7-75AF-4C05-A188-42F899102F8B}" = Apache FOP 0.20.5
"{13702021-43FB-480C-912F-D9B74A538288}" = OpenProj
"{1538B06D-3F62-4622-B9D2-27B894C3496C}" = NI LVBrokerAux 8.5.0
"{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate
"{18493A5A-1D24-4A71-BBD3-67348B68C3B1}" = NI-ORB 1.10.0f0
"{1912B9EC-BA84-4616-8053-2C61927732AC}" = NI-DAQmx 9.4.0
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{19F59734-0740-49E6-818D-53C1CA6B4ABE}" = NI System State Publisher
"{1A609A84-71AF-4D96-962B-E060D34FD4AB}" = NI MetaSuite Installer
"{1AD4286C-80CC-422E-92A4-BFC01931142D}" = NI-MRU 2.12.0f0
"{1D2A8A73-27F6-401A-BD25-7AEDC58EBAA6}" = NI-DAQmx MAX Configuration Support 9.4.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200927E3-5E45-493A-9343-508613BC59CE}" = NI LabVIEW Web Services Runtime
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{22923F17-B592-4A7F-84A8-18F3BFC13B94}" = NI Microsoft Silverlight Wrapper
"{22940D8E-2DE3-4A0E-A75C-1F1A9F5C5190}" = NI-MXLC LabVIEW 2010 Support
"{24737928-2810-474F-A004-22CDBD234279}" = NI-DAQmx Switch Core 2.3.0
"{251D2597-6C45-4D03-9B75-0FD0078AFC55}" = Universal Library™ for LabVIEW™
"{268B0789-E2BF-4836-BF05-A6140B4983CA}" = NI MAX Remote Configuration Installer 5.0
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 27
"{28AE4F38-F610-4BDD-AB56-E9BE800A0D36}" = NI-DAQmx Documentation 9.4.0
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{298008B1-AD82-4791-9BB8-863AD1408492}" = NI Uninstaller
"{2ADC660A-77C9-4A6C-9D4B-5E48A27BCA10}" = NI Help Assistant
"{2BC9B2CE-D569-4ADC-A8A0-170F2FD57139}" = NI LabVIEW 2010 Real-Time NBFifo
"{2FB984B6-0521-4449-A9D1-5659666B1489}" = NI-MDBG 1.11.0f0
"{31BAF1F9-E048-4D81-9716-80F4D3FF7594}" = NI I/O Trace API LV2010
"{326913E3-E0AF-42A0-8860-BC4B9026DFA3}" = NI System Configuration 5.0.0 LabVIEW Support
"{32C26756-A756-43D2-900D-92CB44316602}" = NI Calibration Provider for MAX 5.0.0
"{33AAA123-A24A-46A7-8CD6-F03C5B375033}" = NI TDM Excel Add-In 3.3
"{397E268E-FB51-4C23-A496-1031B8F1CCEE}" = NI AFW UI Assemblies
"{39D5152B-ED79-4117-B781-A4E3A7AB0EBB}" = NI LabVIEW SignalExpress 2010 Core
"{3A1504FB-7067-4E46-9AFA-A3C29C95E4DC}" = NI LabVIEW Run-Time Engine 8.2.1
"{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}" = Brother MFL-Pro Suite MFC-7360N
"{3AE9153C-1E52-4B6B-9405-FE403342A3C8}" = NI-Update-Dienst 2.0
"{40977008-FCEF-4E03-A541-F2108A74810A}" = NI-DAQmx C and VB6 API 2.4.0
"{415780C0-4A19-4567-AAAE-10CCB9832B13}" = NI-RPC 4.2.2f0 for Phar Lap ETS
"{4159DD60-49C1-4323-A1A5-FB060CBA35C5}" = NI Measurement Studio Recipe Processor
"{416B50BB-64CE-46C5-81A6-7F842CC35CDC}" = NI LabVIEW MAX XML
"{41F55B19-0EE6-486A-8DAD-099715447DA9}" = NI-DAQmx/LabVIEW shared documentation 1.10.0
"{46BF7707-A511-47E7-B118-0E53DCA1A0EA}" = NI Remote PXI Provider for MAX 5.0.0
"{49F05354-04F7-4AE4-8434-9E7B5462C727}" = NI DN 2.0 SP1 installer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C252146-AAD7-486F-84A1-835E3CFAE0DA}" = NI LabVIEW 2010 SP1 Help File
"{4DD3346F-5819-4FE1-8230-FB06B29832F2}" = NI-DAQmx DAQ Assistant 2.1.0
"{50F728C0-9A37-4868-B9E1-42565C228B12}" = Reset NI Config 5.0.0
"{51C2BCE4-2014-44F5-9F94-D32685712504}" = NI LabVIEW SignalExpress 2010 Core LabVIEW 2010 Support
"{52252F5C-58CD-48ED-8C88-9AAD6FE887B4}" = NI Trace Engine
"{52B86E8B-25C9-4C7F-9178-F5BE82FD9C76}" = NI Variable Engine LabVIEW 2010 Support
"{55D6FBF6-2912-4C05-BD7D-A94C7CA0CA64}" = NI LabVIEW 2010 SP1 Deployment Framework
"{578A6214-6CC6-4043-A9A8-C045DDAE2B39}" = NI Remote Provider for MAX 5.0.0
"{5795409A-3154-41E1-BA26-99050D4FA9AE}" = NI LabVIEW SignalExpress 2010 Core LabVIEW Support
"{581498B4-41DE-4D49-BB34-962369C461EF}" = NI IVI Online Help
"{59698423-89BD-4CB8-B444-004F1CE8725F}" = NI LabVIEW 2010 SP1 MeasAppChm File
"{59A4D1C4-BB47-4AB5-9851-372BD1643EFD}" = NI Instrument IO Assistant for LabVIEW 2010 32-bit
"{5C0BBD9F-2D3F-4093-AD7B-3F7377E0EDCA}" = NI LabVIEW Real-Time NBFifo
"{5D7BC4A6-C72B-4D35-B5E5-5CE9A7DAF457}" = Intel(R) MPI Library Runtime Environment 4.0 Update 2 for Windows* OS
"{5F61A089-FF4B-4489-9551-2AE3C3D4890B}" = NI Curl 1.0.1
"{6087B3A8-1B55-4B7F-94CC-2115DBDEFE56}" = NI-DSM 2010
"{61C5D53F-A358-4288-AC9C-260A8E43BD55}" = NI LabVIEW SignalExpress 2010 Licenses
"{644DAD90-2083-4871-BD49-721BF8FAE295}" = NI LabVIEW Run-Time Engine 8.6.1
"{650423EA-69D1-4E89-94A6-17D481ACD26B}" = NI LabVIEW 2010 SP1 License
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6521D171-9C7F-4BE1-8061-A9D0C5BB4BB0}" = NI LabVIEW 2010 Service Pack 1 (SP1)
"{6671B525-83B9-4A0F-89F9-7BE90C138EA8}" = NI IVI Class Drivers
"{668E3C05-1BA0-46C9-ABE9-EE2344493EFA}" = NI-MXDF 1.12.0f0
"{66FE173F-4F58-4E5D-99C4-EF82735D2B1F}" = NI Logos XT Support
"{69ED3983-7649-423D-BEBA-45AA980C39FF}" = NI LabVIEW 2010 SP1 Manuals
"{69FAF7E0-6E43-4845-9BB7-A9D9F7440084}" = NI PXI Platform Services 2.6.2 Expert
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6CD694A0-BA86-48B0-B158-DDE541E06946}" = NI LabVIEW 2010 Service Pack 1 (SP1)
"{6DDB8F91-754B-419C-BC34-14A908370A7E}" = NI-DAQmx ADE Support 9.4.0
"{6E60000F-D096-486B-A04D-3B823F7CC0B4}" = NI TDMS
"{6E605604-E2CE-4331-AA19-5FEF273F3CFD}" = NI LabVIEW Real-Time FIFO for Runtime
"{6E84AECC-91B8-4738-97D2-0E8083A093F2}" = NI Measurement Studio Common .NET Assemblies for .NET 2.0
"{70BA7761-629A-4118-BFE0-02753B9019C8}" = NI MXS 5.0.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{712723FB-BF99-4406-8F91-A2DB766AB2C9}" = NI VC2008MSMs x86
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{736D2DAD-3D87-4CAA-8646-83D238AD68E0}" = PhotoView 360
"{75C812EE-06B8-4A47-B37D-9777BE9A644C}" = NI SSL Support
"{7813F4F4-41E6-4DD3-9661-6CC5FDC72946}" = NI LabVIEW Web Services Runtime
"{7BB22289-73C8-4416-9F14-260463CD88E3}" = NI IVI Class Simulation Drivers
"{7BE5AA0C-E564-430F-B297-2B01121A1C5A}" = NI LabVIEW Real-Time NBFifo
"{7C62B54A-E524-4F3D-83E7-0F2ABAFC978A}" = NI Xalan Delay Load 1.10.1
"{7D89ECEB-7E27-4898-812E-80862E91AB94}" = NI Portable Configuration 5.0.0
"{7DBBA02A-05C3-45B5-870D-4E107ECF71F4}" = NI-DAQmx and NI-DAQ Common Documents 9.4.0
"{7E3668CB-1228-416E-B721-C2FA3247B985}" = NI LabVIEW Real-Time FIFO for Runtime
"{7E910A6B-E4A0-4AF2-8F42-402AAD065E28}" = NI LabVIEW 2010 Service Pack 1 (SP1)
"{80195FEA-D89E-4DBC-AB52-088994BF181C}" = NI-DAQmx Common Digital 1.14.0
"{80888412-6319-4388-A3EC-31F46613957C}" = NI SSL LabVIEW 2010 Support
"{80C792E1-78BC-4F4A-839E-BCD107770938}" = NI System API Windows 32-bit 5.0.0
"{82685C60-8C49-4235-9E71-95BCA17ECCEC}" = NI PXI Platform Framework 1.5.0
"{82D29FE9-9F5A-4EF7-BBA1-EF107DDB2E64}" = NI Certificates Deployment Support
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84C5A842-FF2F-4483-BAF0-898730F44452}" = NI LabVIEW 2010 SP1
"{854F1FA6-3EC9-4108-BE1D-F7D2307BAE81}" = NI IVI Provider for MAX
"{86CD8FBB-39DA-4E20-B258-EC34D6437D88}" = NI-APAL 2.0 Error Files
"{87D36139-6716-4A81-AC63-8D32E2E87B68}" = NI LabVIEW 2010 SP1 Deployable License
"{886C3E95-4032-45C8-92F6-57861871635A}" = NI Software Provider for MAX 5.0.0
"{896849EE-EEE6-4E45-B20B-9F4DDCF805DA}" = NI Assistant Framework
"{8A64A285-37B2-44F0-A019-2A3B589E52E0}" = NI Logos 5.2.1
"{8A65F1E6-A82F-4E50-8CE0-1FCF85BA9005}" = NI RTSI PAL Device Library Installer 1.1.0
"{8CDBEB73-4A40-4480-A32C-D9B57F8B3B1B}" = NI LabVIEW Merge Utility 10.1.0
"{8D57780E-42A2-438C-9977-E2CDF3F02D07}" = NI IVI Compliance Package 4.2
"{8D63E8B8-83BE-4982-AE08-0E50A795D2D9}" = NI LabVIEW 2010 Service Pack 1 (SP1)
"{8E48AA5D-BEF5-464B-82A6-FE4FCE1E1CF3}" = NI DataFinder Toolkit 2010 Development System
"{8F908EB7-C8FA-4128-BAF2-76D89F5C4DD0}" = NI LabVIEW SignalExpress 2010 Steps
"{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9320E1F0-31CB-4095-B430-017A35406E40}" = NI LabVIEW SignalExpress 2011 Datatypes
"{95C26FA7-5FDD-4C6D-AD6F-3D4B3FEB0D70}" = NI AFW Custom UI Assemblies
"{979308D8-0616-46E3-8269-E4C6661CB946}" = NI-DAQmx 653x Installer 1.9.5
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A52EEFB-CCDA-4CDA-8F8E-BEF3BB63B245}" = NI-DAQmx MX Expert Framework 2.9.0
"{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}" = Sophos Anti-Virus
"{9B05C597-5509-47C6-87B8-461E1BB6AF5C}" = NI LabVIEW Run-Time Engine 2009
"{9B52914C-704D-4FF9-8A78-2897540D2E0E}" = NI LabVIEW EWB DeviceHandler 2010
"{9BC9F84D-DF93-4AE5-A5F7-FB3A39D86CF6}" = NI LabVIEW Run-Time Engine 8.5.1
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9BF9F0A2-2CF9-4165-9A36-639381F54BE3}" = NI IO Trace 3.0.0
"{9D500758-F84E-4B0D-85CC-579DD1F579ED}" = NI PXI Platform Services 2.6.2
"{9E4D5A41-1051-4F1A-8342-ECB26CA0C86C}" = Autodesk Design Review 2012
"{9E5641B0-E764-4716-9181-D9F3ABB09139}" = NI LabVIEW 2010 SP1 Help
"{9E6EF1B0-906A-437A-8513-EB066DACC9E9}" = NI LabVIEW SignalExpress 2010
"{9FCEDDD0-4FEA-41CE-9739-565F39B2F607}" = NI MDF Support
"{A0A20C35-FA6C-471D-ADA6-FFB1604157BD}" = NI-PAL 2.7.0f0
"{A11A542A-37BF-4943-9810-3F1DC0AD4A1C}" = NI LabWindows/CVI 2010 Code Generator
"{A1D99DC3-2BB9-4B84-B061-E127486AEB46}" = NI IVI Engine
"{A29EC1AF-7077-4E6E-B4EB-30A719117268}" = NI System Web Server 2.0
"{A363C314-2242-4BBE-9ADE-B427AF646EFF}" = NI mDNS Responder 1.6.0
"{A53A11EA-0095-493F-86FA-A15E8A86A405}" = VMware Player
"{A633FB85-66CF-4472-9B5D-7D97E4170E21}" = NI Sound and Vibration Frequency Analysis LabVIEW 2010 Support
"{A6A73752-722D-41FA-89FB-010E2EE394A3}" = NI System Configuration LV2010 Support 5.0.0
"{A736A59D-FFAD-4EE5-962F-510DE151D6AA}" = NI AFW Channel Configuration Tool
"{A786161E-959C-4B4B-AA6D-7424C13CCCF2}" = SolidWorks eDrawings 2010
"{A8BF0B46-D6FB-4927-B5F9-020C2D527421}" = NI OPC Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96F34CD-8049-43F5-94EF-DA7716E8E34A}" = NI Assistant Framework LabVIEW 2010 Support
"{A999B934-1EBA-415F-BA5B-5036E0811956}" = NI Example Finder 10.0
"{AB47630B-C1BF-4A0A-93EF-3492A59A4704}" = NI LabVIEW Run-Time Engine Interop 2010
"{AB55A100-AAC9-43EA-845E-2DCDC0D4D2B8}" = NI Math Kernel Libraries
"{AB9BBC2E-83F6-47A9-9FA3-08D3774F8E45}" = NI-RPC 4.2.2f0
"{ABD79E99-F9E3-413B-8D18-11070754355F}" = NI Math Kernel Libraries
"{AC13955E-29CD-45B5-BF23-E096E8E7A730}" = NI-DAQmx MIO Device Drivers 2.7.0
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AD3F600F-EF24-4145-9514-B4F8A685F944}" = NI PXI Platform Services 2.6.2 Configuration Support
"{ADABA17A-4E08-4DBE-A3ED-D3FE4E1471C2}" = NI LabVIEW 2010 Service Pack 1 (SP1)
"{AEE86B43-EDF2-4836-8BE0-6713006E416E}" = NI-DAQmx SCXI 2.0.0
"{B10F8C17-3DB8-4093-92F6-9F85C263D51A}" = NI LabVIEW Run-Time Engine Interop 2009
"{B16E5D41-425C-4EF1-A37B-632C0AA2EE0B}" = NI Variable Engine 2.4.1
"{B179B6ED-5D5B-49B8-8929-5144738B81C3}" = NI LabVIEW SignalExpress 2011 Tools
"{B17B4474-0CED-4369-B3F1-2BE9C2C9514B}" = WIF Core Dependencies Windows 1.0.6
"{B1EE55C1-F98B-40AB-AF0C-422ECCC88454}" = NI Measurement & Automation Explorer 5.0.0
"{B2B35179-C18D-449F-A076-4ED63CEE0CBA}" = NI DataFinder Demo Data 2.2
"{B2BDA3BC-29BE-49C1-A30E-15DA8D041601}" = NI License Manager
"{B3618016-5FD4-4C93-B222-D702A276C675}" = NI RTSI Cable Core Installer 1.1.0
"{B3D8D834-E9D5-414F-BDBE-D04968980336}" = Intel(R) MPI Library Runtime Environment 4.0 Update 2 for Windows* OS
"{B40882AD-CDEF-4861-856B-4230F45B3BAB}" = NI LabVIEW 2010 SP1 Web Server
"{BC480E47-96F6-4C03-9502-DD8D2DCD7E22}" = NI USI 1.8.1
"{C0DE25AE-B0E5-4D4B-96CE-EE757066D0BA}" = NI Network Discovery 5.0
"{C14E9FB2-C869-4345-AE83-0ED11970C79A}" = NI DataFinder Toolkit 2010 Run-Time
"{C4108512-C5CF-420B-BDD0-8EE971B5A6EB}" = NI LabVIEW SignalExpress 2010 LabVIEW 2010 Support
"{C431B110-67A1-4724-9600-89AA5D851B5A}" = NI LabVIEW Compare Utility 10.1.0
"{C4F78BCC-71DD-4081-BF8F-FB96EE5051E6}" = NI System API Client for WIF 1.1.6
"{C574C270-984B-4AA7-A902-E0768FD216EF}" = NI Web Application Server 1.1
"{C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1" = SRWare Iron 14.0.850.0
"{C5EFB7E4-2C2D-4295-938D-2E615D111C19}" = NI Sound and Vibration Frequency Analysis 2010
"{C856BC45-C56B-43B5-BFBE-0AEE1035C370}" = NI System Configuration CVI Support 5.0.0
"{CAC9188C-83A0-4F9F-858A-DA430DC2E401}" = NI AFW Custom UI
"{CD49E43B-88B1-48AD-A3AF-43FAAAB41CB8}" = Autodesk Design Review Browser Add-on v1.2
"{CF30E2B5-A7A7-47AD-8B03-22A27D4E9971}" = NI LabVIEW 2011 Real-Time Error Dialog
"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
"{D1444C70-4E9B-4A92-993F-1E418CE66232}" = Distributed Installer
"{D2811F1A-B1AE-4581-B0F2-415279C94283}" = NI LabVIEW 2010 Service Pack 1 (SP1)
"{D36148F5-6462-4FFE-806C-9D8180E8B38E}" = NI-DAQmx support for LabVIEW 2.2.0
"{D361B9E5-E918-48CB-BEC3-8E44A5F6E624}" = NI LabVIEW 2009 SP1 Run-Time Engine Web Services
"{D481EA96-2313-4A7C-98EE-710D1AF884AC}" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"{D6D68ABC-954B-4373-92A2-0FE7FA59AC1A}" = NI EulaDepot
"{D7687639-5B24-4D57-B449-2AAD2F189964}" = NI LabVIEW 2010 Service Pack 1 (SP1)
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{DA5AB554-F9F1-43F2-BA57-620BD0300601}" = NI-DAQmx FSL Installer 2.0.0
"{DB0D5AFF-0B60-4287-9BC2-F4AE797B02F4}" = NI Authentication 2.0
"{DB2C5648-700D-4AEF-83E1-70C72F0C34FA}" = NI Math Kernel Libraries
"{DB68B420-5382-48EE-9A2A-CB984FEBB192}" = NI LabVIEW Web Server for Run-Time Engine
"{DBAF9288-7503-48AC-A43F-B00B4EA0F145}" = NI PXI SystemAPI Expert 2.6.2
"{DC7F8117-3D5A-4848-AA4F-2A61BE4A5094}" = NI-MXLC LabVIEW 2009 Support
"{DEC25D81-2317-47F6-8B26-D54A939DA1EE}" = NI LabVIEW C Interface
"{DF2AC813-5956-43A1-A5F0-318C20F27BF1}" = NI-VISA Runtime 5.0.0
"{E0D8CD4E-4771-4848-A09D-60A31D883883}" = NI VC2005MSMs x86
"{E1C072D3-0842-4C35-9BB3-634A440AD45B}" = NI-DIM 1.12.0f0
"{E1D60C68-016C-4951-8C1F-52E24DFE7836}" = NI CodeSignAPI
"{E2512778-54B1-4968-A4A1-5894E701C53C}" = NI Web Interface Framework 1.1
"{E5C1AC7F-05BB-4F4B-975D-D5165BB41332}" = NI-DAQmx Timing Installer 2.4.0
"{E6068691-1FBC-4EF0-87E8-609CDB32038A}" = NI Xerces Delay Load 2.7.3
"{E69A31C9-F24F-4A1A-BEAD-B1AA255760C1}" = NI Registration Wizard
"{E6C0EA48-8AF1-4A1C-9383-8F0706F22431}" = NI LabWindows/CVI DLL Builder for LabVIEW
"{E7C42C98-7DD2-4E9C-AB29-A7659458B97D}" = NI IVI Class Driver LabVIEW 2010 Support
"{EB708DAB-CD04-46E4-88C9-E3BC80595982}" = NI System Web Server Base 2.0
"{EC45867D-83A8-4ECF-911A-154CD98BD592}" = NI Measurement Studio 8.6 Enterprise RunTime for VS2005
"{ED53EBC4-9EFC-4EC3-AC91-DADBC95B68AA}" = NI LabVIEW 2010 Service Pack 1 (SP1)
"{EDD23D6A-401E-479E-8B20-071182D373B8}" = NI-DAQ INF Files 19.4.0
"{EDFC39D7-B782-4B43-BF9C-D1B80ADEA863}" = NI LabVIEW Runtime Engine 2010 SP1
"{EEC2944E-A512-47CA-A10C-906A1A327D72}" = NI Assistant Framework LabVIEW Code Generator 2010
"{EFD1918F-B6E1-4813-A641-C5475F481501}" = NI DataFinder Desktop 2.2
"{F055B0A4-8F75-4F85-B6FF-1C5BE10A72DC}" = NI LabWindows/CVI 9.0 Run-Time Engine
"{F108E126-FC8D-4685-A8D4-58C8FA11BD1A}" = NI DataFinder Client 2.2
"{F2296CAF-ADF2-49ED-9A58-58E411425278}" = NI-DAQmx Dynamic Signal Acquisition Installer 2.3.0
"{F25EC416-A553-4EC4-B06E-F805C36E1FAB}" = NI-DAQmx STC 1.11.0
"{F37CC885-1E37-4F2A-93F3-7F1E1EEBBEBB}" = NI LabVIEW Broker
"{F6326021-0958-4699-A1C4-B18F37F4218B}" = NI Logos LabVIEW 2010 Support
"{F6C682B6-7714-41CC-80B6-3288364910AF}" = NI GMP Windows 32-bit Installer 11.0.0
"{F8ECD2D6-659C-49EB-8454-5F8F7B526FCF}" = NI DN 2.0 Language Pack installer
"{FA7E1ADB-CEB4-4710-A1FA-8CFF4025AAB0}" = NI-MXLC LabVIEW 8.6 Support
"{FE24BCDF-9231-450D-AA08-D3550B81EE41}" = NI LabVIEW Web Server for Run-Time Engine
"{FED1005D-CBC8-45D5-A288-FFC7BB304121}" = Sophos Remote Management System
"{FEFA778A-05D2-4D0F-80A3-7AE24B8161C0}" = NI LabVIEW Web Server for Run-Time Engine
"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
"Autodesk Design Review 2012" = Autodesk Design Review 2012
"CoolPack_is1" = CoolPack
"DeskUpdate_is1" = DeskUpdate 4.11
"FreePDF_XP" = FreePDF (Remove only)
"InstallShield_{251D2597-6C45-4D03-9B75-0FD0078AFC55}" = Universal Library™ for LabVIEW™
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"IviSharedComponent" = IVI Shared Components
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft Visual Studio 2005 Tools for Applications - ENU" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"MiKTeX 2.9" = MiKTeX 2.9
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"NI Uninstaller" = National Instruments - Software
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"ResearchSoft Direct Export Helper" = ResearchSoft Direct Export Helper
"SolidWorks Installation Manager 20100-40201-1100-100" = SolidWorks 2010 x64 Edition SP02.1
"SS_{B3D8D834-E9D5-414F-BDBE-D04968980336}" = Intel(R) MPI Library Runtime Environment 4.0 Update 2 for Windows* OS
"TeXnicCenter Alpha_is1" = TeXnicCenter Version 2.0 Alpha 3
"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1
"Trace Software - EUTRON SmartKey® Driver" = Trace Software - EUTRON SmartKey® Driver
"Trace Software - HASP Key Driver" = Trace Software - HASP Key Driver
"TraceParts Application" = TraceParts Application
"TraceParts Catalogs" = TraceParts Catalogs
"Ultravnc2_is1" = UltraVNC 1.0.6.4
"VirtualCloneDrive" = VirtualCloneDrive
"VISASharedComponents" = VISA Shared Components 64-Bit
"VMware_Player" = VMware Player
"Winamp" = Winamp
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
"WinDirStat" = WinDirStat 1.1.2
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 4/18/2012 4:34:45 AM | Computer Name = eng_11 | Source = LabVIEW | ID = 3299
Description = LabVIEW information:  Error: 400 "Bad Request" for "deletetree", file
 "": Unsupported protocol      .
 
Error - 4/18/2012 9:34:40 AM | Computer Name = eng_11 | Source = LabVIEW | ID = 3299
Description = LabVIEW information:  Error: 400 "Bad Request" for "deletetree", file
 "": Unsupported protocol      .
 
Error - 4/20/2012 1:54:40 AM | Computer Name = eng_11 | Source = Sophos Anti-Virus | ID = 2424841
Description = Der Scan von 'Boot Record, Laufwerk F:' führte zu SAV Interface-Fehler
 0xa0040210: Kein Zugriff auf Datei.
 
Error - 4/20/2012 1:56:12 AM | Computer Name = eng_11 | Source = WinMgmt | ID = 10
Description =
 
Error - 4/20/2012 8:12:53 AM | Computer Name = eng_11 | Source = LabVIEW | ID = 3299
Description = LabVIEW information:  Error: 400 "Bad Request" for "deletetree", file
 "": Unsupported protocol      .
 
Error - 4/20/2012 8:13:09 AM | Computer Name = eng_11 | Source = Sophos Anti-Virus | ID = 131073
Description = Es sind keine Versionen der Komponente 'MessageResDSFactory' registriert.
 MessageResDSFactory kann nicht ausgegeben werden.
 
Error - 4/20/2012 8:13:09 AM | Computer Name = eng_11 | Source = Sophos Anti-Virus | ID = 131073
Description = Es sind keine Versionen der Komponente 'MessageResDSFactory' registriert.
 MessageResDSFactory kann nicht ausgegeben werden.
 
Error - 4/23/2012 1:58:56 AM | Computer Name = eng_11 | Source = WinMgmt | ID = 10
Description =
 
Error - 4/23/2012 2:48:40 AM | Computer Name = eng_11 | Source = Sophos Anti-Virus | ID = 2424841
Description = Der Scan von 'Boot Record, Laufwerk N:' führte zu SAV Interface-Fehler
 0xa0040210: Kein Zugriff auf Datei.
 
Error - 4/25/2012 1:34:30 PM | Computer Name = eng_11 | Source = WinMgmt | ID = 10
Description =
 
[ System Events ]
Error - 4/11/2012 9:20:08 PM | Computer Name = eng_11 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "M4-Service" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%2
 
Error - 4/16/2012 1:37:43 AM | Computer Name = eng_11 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "M4-Service" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%2
 
Error - 4/17/2012 1:35:47 AM | Computer Name = eng_11 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "M4-Service" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%2
 
Error - 4/18/2012 2:08:54 AM | Computer Name = eng_11 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "M4-Service" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%2
 
Error - 4/20/2012 1:54:27 AM | Computer Name = eng_11 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "M4-Service" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%2
 
Error - 4/23/2012 1:57:10 AM | Computer Name = eng_11 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "M4-Service" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%2
 
Error - 4/25/2012 1:32:45 PM | Computer Name = eng_11 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "M4-Service" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%2
 
Error - 5/2/2012 1:32:17 AM | Computer Name = eng_11 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "M4-Service" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%2
 
Error - 5/7/2012 1:45:41 AM | Computer Name = eng_11 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "M4-Service" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%2
 
Error - 5/8/2012 9:06:22 AM | Computer Name = eng_11 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "M4-Service" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%2
 
 
< End of report >

user_ 14.05.2012 13:58
und der Rest:

und otl.txt:
Code:
OTL logfile created on: 5/14/2012 2:37:23 PM - Run 4
OTL by OldTimer - Version 3.2.43.0    Folder = E:\Tools\virenscanner
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7.94 Gb Total Physical Memory | 6.03 Gb Available Physical Memory | 75.89% Memory free
15.88 Gb Paging File | 13.88 Gb Available in Paging File | 87.41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 101.43 Gb Total Space | 16.48 Gb Free Space | 16.24% Space Free | Partition Type: NTFS
Drive E: | 931.51 Gb Total Space | 520.85 Gb Free Space | 55.91% Space Free | Partition Type: NTFS
Drive F: | 237.64 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive K: | 930.91 Gb Total Space | 430.87 Gb Free Space | 46.29% Space Free | Partition Type: NTFS
 
Computer Name: ENG_11 | User Name: THG | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found --
PRC - [2012/05/14 10:43:56 | 000,595,456 | ---- | M] (OldTimer Tools) -- E:\Tools\virenscanner\OTL.exe
PRC - [2012/05/09 18:11:39 | 000,232,472 | ---- | M] (Sophos Plc) -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/04/04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/03/21 17:21:46 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/03/16 10:30:08 | 001,543,704 | ---- | M] (Sophos Plc) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
PRC - [2011/09/09 09:22:29 | 001,465,584 | ---- | M] (Sophos Plc) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavMain.exe
PRC - [2011/09/09 09:22:20 | 000,097,520 | ---- | M] (Sophos Plc) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
PRC - [2011/09/09 09:22:15 | 000,163,056 | ---- | M] (Sophos Plc) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
PRC - [2011/09/09 09:22:11 | 000,806,912 | ---- | M] (Sophos Plc) -- C:\Program Files (x86)\Sophos\Remote Management System\RouterNT.exe
PRC - [2011/09/09 09:22:10 | 000,282,624 | ---- | M] (Sophos Plc) -- C:\Program Files (x86)\Sophos\Remote Management System\ManagementAgentNT.exe
PRC - [2011/07/07 19:43:20 | 000,018,584 | ---- | M] (National Instruments Corporation) -- C:\Windows\SysWOW64\nipxism.exe
PRC - [2011/06/14 17:57:10 | 000,012,696 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\National Instruments\MAX\nimxs.exe
PRC - [2011/06/10 14:11:20 | 000,121,032 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe
PRC - [2011/06/01 16:32:14 | 000,194,224 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
PRC - [2011/05/27 13:44:20 | 000,050,328 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe
PRC - [2011/03/25 23:26:46 | 000,334,448 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2011/03/25 23:26:28 | 000,404,080 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2011/03/25 23:26:16 | 000,113,264 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
PRC - [2011/03/25 22:27:40 | 000,539,248 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2011/02/23 22:19:22 | 000,371,200 | ---- | M] (shbox.de) -- C:\Program Files (x86)\FreePDF_XP\fpassist.exe
PRC - [2010/11/18 14:52:30 | 000,439,808 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\SysWOW64\SASrv.exe
PRC - [2010/11/17 14:26:10 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/11/17 14:26:08 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/11/16 11:06:24 | 000,361,080 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
PRC - [2010/11/16 11:02:42 | 000,055,928 | ---- | M] (National Instruments Corporation) -- C:\Windows\SysWOW64\lktsrv.exe
PRC - [2010/11/16 10:48:32 | 000,045,168 | ---- | M] (National Instruments Corporation) -- C:\Windows\SysWOW64\lkads.exe
PRC - [2010/11/08 13:38:18 | 000,047,776 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
PRC - [2010/10/20 13:59:28 | 000,752,304 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe
PRC - [2010/09/30 14:08:31 | 000,439,536 | ---- | M] (Sophos Plc) -- C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
PRC - [2010/09/30 10:22:54 | 000,695,136 | ---- | M] (National Instruments, Inc.) -- C:\Windows\SysWOW64\lkcitdl.exe
PRC - [2010/06/23 13:14:54 | 000,131,776 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe
PRC - [2010/03/30 08:40:20 | 000,113,296 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010/03/24 15:23:06 | 000,012,696 | ---- | M] (National Instruments Corporation) -- C:\Windows\SysWOW64\nipalsm.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012/05/07 09:19:05 | 008,797,856 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
MOD - [2012/03/21 17:21:46 | 001,969,080 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2012/03/12 17:18:04 | 000,204,792 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe -- (NitroReaderDriverReadSpool2)
SRV:64bit: - [2011/09/09 10:46:10 | 001,315,592 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2010/11/08 13:38:40 | 000,063,648 | ---- | M] (National Instruments Corporation) [Disabled | Stopped] -- C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe -- (NIApplicationWebServer64) NI Application Web Server (64-bit)
SRV:64bit: - [2010/01/20 00:59:12 | 000,087,336 | ---- | M] (Dassault Systèmes SolidWorks Corp.) [On_Demand | Stopped] -- C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe -- (CoordinatorServiceHost)
SRV:64bit: - [2009/11/23 20:31:22 | 000,093,992 | ---- | M] (Mentor Graphics Corporation) [On_Demand | Stopped] -- C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe -- (Remote Solver for Flow Simulation 2010)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/04/21 12:59:08 | 002,869,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Auto | Running] -- C:\Windows\SysNative\hasplms.exe -- (hasplms)
SRV - [2012/05/09 18:11:39 | 000,232,472 | ---- | M] (Sophos Plc) [Auto | Running] -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service)
SRV - [2012/05/07 09:19:05 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/04/04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/03/16 10:30:08 | 001,543,704 | ---- | M] (Sophos Plc) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe -- (swi_service)
SRV - [2011/09/09 10:48:21 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/09/09 10:46:10 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2011/09/09 09:22:20 | 000,097,520 | ---- | M] (Sophos Plc) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService)
SRV - [2011/09/09 09:22:15 | 000,163,056 | ---- | M] (Sophos Plc) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService)
SRV - [2011/09/09 09:22:11 | 000,806,912 | ---- | M] (Sophos Plc) [Auto | Running] -- C:\Program Files (x86)\Sophos\Remote Management System\RouterNT.exe -- (Sophos Message Router)
SRV - [2011/09/09 09:22:10 | 000,282,624 | ---- | M] (Sophos Plc) [Auto | Running] -- C:\Program Files (x86)\Sophos\Remote Management System\ManagementAgentNT.exe -- (Sophos Agent)
SRV - [2011/07/07 19:43:20 | 000,018,584 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\SysWOW64\nipxism.exe -- (nipxirmu)
SRV - [2011/06/14 17:57:10 | 000,012,696 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files (x86)\National Instruments\MAX\nimxs.exe -- (mxssvr)
SRV - [2011/06/10 14:11:20 | 000,121,032 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe -- (NINetworkDiscovery)
SRV - [2011/06/01 16:32:14 | 000,194,224 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe -- (nimDNSResponder)
SRV - [2011/05/27 13:44:20 | 000,050,328 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe -- (niSvcLoc)
SRV - [2011/04/28 19:58:20 | 001,423,264 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\MPI-RT\4.0.2.005\em64t\bin\smpd.exe -- (impi_smpd) Intel(R)
SRV - [2011/03/25 23:26:46 | 000,334,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2011/03/25 23:26:28 | 000,404,080 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2011/03/25 23:26:16 | 000,113,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2011/03/25 22:27:40 | 000,539,248 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2010/11/18 14:52:30 | 000,439,808 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\SASrv.exe -- (SAService)
SRV - [2010/11/17 14:26:10 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010/11/17 14:26:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010/11/16 11:06:24 | 000,361,080 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe -- (NIDomainService)
SRV - [2010/11/16 11:02:42 | 000,055,928 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\SysWOW64\lktsrv.exe -- (lkTimeSync)
SRV - [2010/11/16 10:48:32 | 000,045,168 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\SysWOW64\lkads.exe -- (lkClassAds)
SRV - [2010/11/08 13:38:18 | 000,047,776 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe -- (NIApplicationWebServer)
SRV - [2010/10/20 13:59:28 | 000,752,304 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe -- (NITaggerService)
SRV - [2010/09/30 10:22:54 | 000,695,136 | ---- | M] (National Instruments, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\lkcitdl.exe -- (LkCitadelServer)
SRV - [2010/08/19 13:57:14 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe -- (ufad-ws60)
SRV - [2010/08/02 10:00:00 | 001,427,688 | ---- | M] (Macrovision Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe -- (NILM License Manager)
SRV - [2010/06/23 13:14:54 | 000,131,776 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files (x86)\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe -- (niLXIDiscovery)
SRV - [2010/03/24 15:23:06 | 000,012,696 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\SysWOW64\nipalsm.exe -- (nidevldu)
SRV - [2010/03/18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/03 10:26:34 | 000,098,304 | ---- | M] (OPC Foundation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Opcenum.exe -- (OpcEnum)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/09/09 09:22:30 | 000,025,592 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdcfilter.sys -- (sdcfilter)
DRV:64bit: - [2011/09/09 09:22:25 | 000,142,328 | ---- | M] (Sophos Plc) [File_System | System | Running] -- C:\Windows\SysNative\drivers\savonaccess.sys -- (SAVOnAccess)
DRV:64bit: - [2011/09/09 09:22:14 | 000,025,608 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\SophosBootDriver.sys -- (SophosBootDriver)
DRV:64bit: - [2011/08/22 23:19:22 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/08/22 23:19:22 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/07/21 17:50:46 | 000,011,384 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb6xxxkw.sys -- (usb6xxxkw)
DRV:64bit: - [2011/07/20 11:21:08 | 000,012,936 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\niswdkl.sys -- (niswdk)
DRV:64bit: - [2011/07/19 18:13:24 | 000,012,968 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\niufurkl.sys -- (niufurk)
DRV:64bit: - [2011/07/19 17:16:32 | 000,012,944 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nixsrkl.sys -- (nixsrk)
DRV:64bit: - [2011/07/19 16:45:04 | 000,012,944 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\niemrkl.sys -- (niemrk)
DRV:64bit: - [2011/07/19 16:45:02 | 000,012,432 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\niemrkw.sys -- (niemrkw)
DRV:64bit: - [2011/07/19 02:36:48 | 000,012,952 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nidsarkl.sys -- (nidsark)
DRV:64bit: - [2011/07/19 02:13:04 | 000,012,944 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nicsrkl.sys -- (nicsrk)
DRV:64bit: - [2011/07/19 01:36:46 | 000,012,936 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\niraptrkl.sys -- (niraptrk)
DRV:64bit: - [2011/07/19 01:21:24 | 000,012,936 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nicondrkl.sys -- (nicondrk)
DRV:64bit: - [2011/07/19 01:05:22 | 000,012,976 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nicmrkl.sys -- (nicmrk)
DRV:64bit: - [2011/07/18 22:22:18 | 000,012,944 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\niwfrkl.sys -- (niwfrk)
DRV:64bit: - [2011/07/18 22:07:10 | 000,012,944 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nissrkl.sys -- (nissrk)
DRV:64bit: - [2011/07/18 21:44:42 | 000,012,944 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\niesrkl.sys -- (niesrk)
DRV:64bit: - [2011/07/18 21:22:34 | 000,012,936 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nistc3rkl.sys -- (nistc3rk)
DRV:64bit: - [2011/07/18 21:01:56 | 000,012,960 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nisdigkl.sys -- (nisdigk)
DRV:64bit: - [2011/07/18 20:46:56 | 000,012,968 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nitiorkl.sys -- (nitiork)
DRV:64bit: - [2011/07/18 20:33:10 | 000,012,968 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nistcrkl.sys -- (nistcrk)
DRV:64bit: - [2011/07/18 20:15:36 | 000,012,952 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nicdcckl.sys -- (nicdcck)
DRV:64bit: - [2011/07/12 17:28:56 | 000,012,960 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nifslkl.sys -- (nifslk)
DRV:64bit: - [2011/07/12 17:09:12 | 000,013,000 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nimsdrkl.sys -- (nimsdrk)
DRV:64bit: - [2011/07/12 16:11:34 | 000,012,944 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nidmxfkl.sys -- (nidmxfk)
DRV:64bit: - [2011/07/12 15:39:40 | 000,012,976 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nimxpkl.sys -- (nimxpk)
DRV:64bit: - [2011/07/12 15:37:02 | 000,012,968 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nimstskl.sys -- (nimstsk)
DRV:64bit: - [2011/07/08 06:05:06 | 000,012,952 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nisftkl.sys -- (nisftk)
DRV:64bit: - [2011/07/07 20:03:46 | 000,022,680 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nipxigpk.sys -- (nipxigpk)
DRV:64bit: - [2011/07/07 19:49:54 | 000,012,952 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\nipxirmkl.sys -- (nipxirmk)
DRV:64bit: - [2011/07/01 15:50:34 | 000,012,968 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nimru2kl.sys -- (nimru2k)
DRV:64bit: - [2011/07/01 15:29:02 | 000,012,952 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nimxdfkl.sys -- (nimxdfk)
DRV:64bit: - [2011/07/01 14:54:40 | 000,012,968 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nidimkl.sys -- (nidimk)
DRV:64bit: - [2011/07/01 14:40:12 | 000,012,960 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nimdbgkl.sys -- (nimdbgk)
DRV:64bit: - [2011/07/01 14:21:04 | 000,012,952 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\niorbkl.sys -- (niorbk)
DRV:64bit: - [2011/06/29 13:50:00 | 000,012,992 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nipalfwedl.sys -- (nipalfwedl)
DRV:64bit: - [2011/06/29 13:48:26 | 000,012,992 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nipalusbedl.sys -- (nipalusbedl)
DRV:64bit: - [2011/06/29 13:39:18 | 000,914,072 | ---- | M] (National Instruments Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nipalk.sys -- (NIPALK)
DRV:64bit: - [2011/06/23 10:39:52 | 000,341,680 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) Intel(R)
DRV:64bit: - [2011/05/17 06:04:26 | 000,012,968 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ninshsdkl.sys -- (ninshsdk)
DRV:64bit: - [2011/05/11 14:43:46 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/04/13 09:53:42 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2011/04/08 18:21:10 | 000,026,704 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ni1065k.sys -- (ni1065k)
DRV:64bit: - [2011/04/08 18:21:08 | 000,011,856 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ni1045kl.sys -- (ni1045k)
DRV:64bit: - [2011/04/08 18:21:06 | 000,054,424 | ---- | M] (National Instruments Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nipxibrc.sys -- (nipxibrc)
DRV:64bit: - [2011/04/08 18:21:06 | 000,030,800 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ni1006k.sys -- (ni1006k)
DRV:64bit: - [2011/04/08 18:21:04 | 000,082,568 | ---- | M] (National Instruments Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nipxibaf.sys -- (nipxibaf)
DRV:64bit: - [2011/03/25 23:27:36 | 000,068,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2011/03/25 23:27:34 | 000,081,008 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2011/03/25 23:27:28 | 000,030,832 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\VMparport.sys -- (VMparport)
DRV:64bit: - [2011/03/25 23:25:46 | 000,031,856 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2011/03/25 23:25:34 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2011/03/25 22:27:36 | 000,038,512 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2011/03/25 20:05:00 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb)
DRV:64bit: - [2011/03/25 20:04:58 | 000,045,104 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2011/03/25 20:04:58 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2011/03/10 13:15:04 | 001,576,576 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011/01/15 18:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010/12/17 00:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/11/21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/27 08:57:46 | 000,131,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010/10/19 17:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010/08/12 21:36:20 | 000,011,864 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nicdrkl.sys -- (nicdrk)
DRV:64bit: - [2010/07/12 21:54:06 | 000,012,984 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nispdkl.sys -- (nispdk)
DRV:64bit: - [2010/07/12 21:42:36 | 000,012,984 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\niscdkl.sys -- (niscdk)
DRV:64bit: - [2010/06/23 10:05:30 | 000,011,944 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NiViPxiKl.sys -- (NiViPxiK)
DRV:64bit: - [2010/06/23 10:04:04 | 000,011,944 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NiViPciKl.sys -- (NiViPciK)
DRV:64bit: - [2010/06/15 17:15:46 | 000,038,064 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\niede.sys -- (NIEthernetDeviceEnumerator)
DRV:64bit: - [2010/03/24 12:27:44 | 000,016,984 | ---- | M] (National Instruments Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nipbcfk.sys -- (nipbcfk)
DRV:64bit: - [2010/02/24 11:10:18 | 000,181,248 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/02/24 11:10:16 | 000,078,336 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/07/14 01:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/13 11:55:38 | 000,318,464 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hardlock.sys -- (hardlock)
DRV:64bit: - [2009/01/08 11:55:04 | 000,129,280 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksfridge.sys -- (aksfridge)
DRV:64bit: - [2009/01/05 10:19:30 | 000,011,824 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nistc2kl.sys -- (nistc2k)
DRV:64bit: - [2008/12/18 09:13:26 | 000,032,336 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\eusk2par-amd64.sys -- (eusk2par)
DRV:64bit: - [2008/12/05 16:21:30 | 000,025,224 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvalarmk.sys -- (lvalarmk)
DRV:64bit: - [2008/02/11 16:57:10 | 000,070,272 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksdf.sys -- (aksdf)
DRV - [2010/08/19 13:56:38 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6F 0F 92 95 C2 31 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll ( )
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@autodesk.com/DWF: C:\Program Files (x86)\Autodesk\Autodesk Design Review Browser Add-on v1.2\npADRdwf.dll (Autodesk)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/21 17:21:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/11 15:18:58 | 000,000,000 | ---D | M]
 
[2011/09/09 08:15:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\THG\AppData\Roaming\mozilla\Extensions
[2012/03/21 17:21:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012/03/21 17:21:46 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/06/09 18:05:10 | 000,025,088 | ---- | M] (National Instruments) -- C:\Program Files (x86)\mozilla firefox\plugins\nplv2010win32.dll
[2009/10/22 09:28:40 | 000,028,448 | ---- | M] (National Instruments) -- C:\Program Files (x86)\mozilla firefox\plugins\NPLV82Win32.dll
[2007/07/24 19:03:42 | 000,023,040 | ---- | M] (National Instruments) -- C:\Program Files (x86)\mozilla firefox\plugins\nplv85win32.dll
[2008/12/10 14:49:34 | 000,023,040 | ---- | M] (National Instruments) -- C:\Program Files (x86)\mozilla firefox\plugins\nplv86win32.dll
[2010/10/19 18:15:20 | 000,025,088 | ---- | M] (National Instruments) -- C:\Program Files (x86)\mozilla firefox\plugins\nplv90win32.dll
[2011/07/11 23:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012/03/21 17:21:45 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
 
O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SophosBHOX64.dll (Sophos Plc)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Plc)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe (Sophos Plc)
O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler File not found
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll (National Instruments Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000021 - C:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll (VMware, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll (National Instruments Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D1D1ABD8-FB7E-4FEE-800E-68D1A352F267}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DCAC7F1B-F2D0-4099-90AD-27966232CA8B}: NameServer = 10.25.1.64,10.94.36.170,10.100.1.64
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL) - C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL (Sophos Plc)
O20 - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Plc)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/01/08 11:21:56 | 000,000,091 | R--- | M] () - F:\Autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/05/14 14:27:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/05/14 14:27:00 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/05/14 13:18:53 | 000,000,000 | ---D | C] -- C:\Users\THG\AppData\Roaming\Malwarebytes
[2012/05/14 13:18:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/14 13:18:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/05/14 13:18:44 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/05/14 13:18:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/05/14 13:07:12 | 000,000,000 | ---D | C] -- \_OTL
[2012/05/14 10:39:30 | 000,000,000 | ---D | C] -- C:\Users\THG\AppData\Local\Sophos
[2012/05/11 03:01:47 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/05/11 02:03:07 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/05/11 02:03:07 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/05/11 02:03:07 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/05/11 02:03:07 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/05/10 14:02:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraVNC
[2012/05/10 14:02:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UltraVNC
[2012/05/07 14:50:35 | 000,000,000 | ---D | C] -- C:\Users\THG\AppData\Roaming\IPU
[2012/05/07 14:50:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CoolPack
[2012/05/07 14:47:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CoolPack
 
========== Files - Modified Within 30 Days ==========
 
[2012/05/14 14:36:13 | 001,621,618 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/05/14 14:36:13 | 000,699,554 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012/05/14 14:36:13 | 000,654,872 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/05/14 14:36:13 | 000,149,376 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012/05/14 14:36:13 | 000,122,330 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/14 14:32:02 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/14 14:31:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/14 14:31:48 | 2101,284,863 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/14 14:27:01 | 000,000,828 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/05/14 14:20:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/14 14:19:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/14 13:18:45 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/14 13:16:21 | 000,016,768 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/14 13:16:21 | 000,016,768 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/11 03:22:28 | 000,363,368 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/05/10 14:02:41 | 000,000,974 | ---- | M] () -- C:\Users\THG\Desktop\UltraVNC Viewer Directx.lnk
[2012/05/10 14:02:41 | 000,000,954 | ---- | M] () -- C:\Users\THG\Desktop\UltraVNC Viewer.lnk
[2012/05/10 14:02:41 | 000,000,937 | ---- | M] () -- C:\Users\THG\Desktop\UltraVNC Server.lnk
[2012/05/07 09:19:05 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/05/07 09:19:05 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/05/07 09:19:03 | 008,744,608 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
 
========== Files Created - No Company Name ==========
 
[2012/05/14 14:27:01 | 000,000,828 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/05/14 13:18:45 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/10 14:02:41 | 000,000,974 | ---- | C] () -- C:\Users\THG\Desktop\UltraVNC Viewer Directx.lnk
[2012/05/10 14:02:41 | 000,000,954 | ---- | C] () -- C:\Users\THG\Desktop\UltraVNC Viewer.lnk
[2012/05/10 14:02:41 | 000,000,937 | ---- | C] () -- C:\Users\THG\Desktop\UltraVNC Server.lnk
[2012/05/07 14:38:10 | 039,685,325 | ---- | C] () -- \Opel Astra H Service And Repair Manual.pdf
[2012/05/07 13:40:55 | 037,606,996 | ---- | C] () -- \Op.As.H.Se._Re.Man.rar
[2012/05/07 11:32:48 | 000,000,081 | ---- | C] () -- \CTX.DAT
[2012/04/02 16:48:05 | 002,009,049 | ---- | C] () -- \Stadtwerke2.JPG
[2011/10/13 10:00:07 | 001,715,510 | ---- | C] () -- \P1120503.JPG
[2011/10/13 10:00:07 | 000,254,816 | ---- | C] () -- \P1120501.JPG
[2011/09/12 11:29:52 | 000,000,245 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2011/09/12 11:29:52 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2011/09/12 11:28:29 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2011/09/12 11:28:29 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2011/09/12 11:28:18 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2011/09/12 11:28:15 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2011/09/12 07:53:55 | 000,015,840 | ---- | C] () -- C:\Windows\SysWow64\Machnm1.exe
[2011/09/12 07:53:55 | 000,010,760 | ---- | C] () -- C:\Windows\SysWow64\Machnm64.sys
[2011/09/12 07:53:55 | 000,007,432 | ---- | C] () -- C:\Windows\SysWow64\Machnm32.sys
[2011/09/09 10:47:54 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2011/08/02 08:51:32 | 000,040,448 | ---- | C] () -- C:\Windows\REGOBJ.DLL
[2011/07/18 22:30:08 | 000,050,272 | ---- | C] () -- C:\Windows\SysWow64\nispdu.dll
[2011/06/10 13:52:52 | 000,000,244 | ---- | C] () -- C:\Windows\SysWow64\nirpc.ini
[2011/04/15 07:37:26 | 001,598,576 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/07/12 21:44:02 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\niscdrau.dll
 
========== LOP Check ==========
 
[2011/12/22 09:28:29 | 000,000,000 | ---D | M] -- C:\Users\THG\AppData\Roaming\Ansys
[2011/09/12 11:43:31 | 000,000,000 | ---D | M] -- C:\Users\THG\AppData\Roaming\ControlCenter4
[2011/09/13 16:03:06 | 000,000,000 | ---D | M] -- C:\Users\THG\AppData\Roaming\FreePDF
[2011/09/08 16:29:54 | 000,000,000 | ---D | M] -- C:\Users\THG\AppData\Roaming\Fujitsu Launch Center
[2012/05/07 14:50:35 | 000,000,000 | ---D | M] -- C:\Users\THG\AppData\Roaming\IPU
[2011/09/09 08:14:53 | 000,000,000 | ---D | M] -- C:\Users\THG\AppData\Roaming\JabRef 2.7
[2011/09/12 11:22:46 | 000,000,000 | ---D | M] -- C:\Users\THG\AppData\Roaming\Nuance
[2012/02/07 08:49:49 | 000,032,624 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
Ist mein System jetzt wieder i.O.?

Viele Grüße...

kira 15.05.2012 08:51
Systemreinigung und Prüfung:

1.
Zitat:
Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)
Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript also - nach dem "Code", alles was in der Codebox steht:
Code:
:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\..\SearchScopes,DefaultScope =
[2012/05/14 14:32:02 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/14 14:20:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]

2.
Java aktualisieren- über Systemsteuerung-> Nach Update suchen...
oder:
Downloade nun die Offline-Version von Java "Empfohlen Version 6 Update 32 " von Oracle und installiere sie. Achte darauf, eventuell angebotene Toolbars nicht mitzuinstallieren, also während der Installation den Haken bei der Toolbar entfernen.

3.
Tipps (unabhängig davon ob man den Internet Explorer benutzt oder nicht!):
-> Tipps zu Internet Explorer
-> Standard Suchmaschine des Explorers ändern
-> Wie kann ich den Cache im Internet Explorer leeren?

4.
reinige dein System mit CCleaner:
  • "CCleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
  • "Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
  • Starte dein System neu auf

5.
  • lade Dir SUPERAntiSpyware FREE Edition herunter.
    Achte darauf, eventuell angebotene Toolbar nicht mitzuinstallieren, also während der Installation den Haken bei der Toolbar (falls nötig), entfernen.
  • installiere das Programm und update online.
  • starte SUPERAntiSpyware und klicke auf "Ihren Computer durchsuchen"
  • setze ein Häkchen bei "Kompletter Scan" und klicke auf "Weiter"
  • anschließend alle gefundenen Schadprogramme werden aufgelistet, bei alle Funde Häkchen setzen und mit "OK" bestätigen
  • auf "Weiter" klicken dann "OK" und auf "Fertig stellen"
  • um die Ergebnisse anzuzeigen: auf "Präferenzen" dann auf den "Statistiken und Protokolle" klicken
  • drücke auf "Protokoll anzeigen" - anschließend diesen Bericht bitte speichern und hier posten

6.
Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen.
Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung

7.
-> Führe dann einen Komplett-Systemcheck mit Eset Online Scanner (NOD32)Kostenlose Online Scanner durch
Achtung!: >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<<

9.
erneut einen Scan mit OTL:
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?


Alle Zeitangaben in WEZ +1. Es ist jetzt 07:50 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131