| |
| |||||||
Log-Analyse und Auswertung: Trojan.GenericKD.942439 / Trojan.GenericKD.1305731 u.a.Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
11.11.2013, 01:23
| #1 |
 |  Trojan.GenericKD.942439 / Trojan.GenericKD.1305731 u.a. Hi ..., mein Virenscanner hat folgendes festgestellt: Code:
ATTFilter
PC01
Trojan.HTML.Phishing.ES, Trojan.GenericKD.1079057 (Engine A)
10.11.2013 20:29:29
Virus gefunden
Scanner
C:\Sicherungen\Mails_PC01\20130808\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1.de\Inbox
PC01
Trojan.GenericKD.1305731 (3x), Trojan.GenericKDV.1308367 (Engine A)
10.11.2013 20:24:33
Virus gefunden
Scanner
C:\Users\Ich\AppData\Roaming\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1.de\Inbox
PC01
Trojan.GenericKD.942439 (Engine A)
10.11.2013 20:17:23
Virus gefunden
Scanner
C:\Users\Ich\AppData\Roaming\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1.de\Sent
PC01
Trojan.GenericKD.942439 (Engine A)
10.11.2013 20:11:29
Virus gefunden
Scanner
C:\Users\Ich\AppData\Local\Temp\nsmail.zip
PC01
Trojan.GenericKD.1305731 (3x), Trojan.GenericKDV.1308367 (Engine A)
10.11.2013 20:08:04
Virus gefunden
Scanner
C:\Sicherungen\Mails_PC01\aktuell\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1.de\Inbox
PC01
Trojan.GenericKD.942439 (Engine A)
10.11.2013 19:58:33
Virus gefunden
Scanner
C:\Sicherungen\Mails_PC01\aktuell\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1.de\Sent
PC01
Trojan.HTML.Phishing.ES, Trojan.GenericKD.1079057, Trojan.GenericKD.1305731 (3x), Trojan.GenericKDV.1308367, Trojan.GenericKD.1331257 (Engine A)
10.11.2013 19:56:05
Virus gefunden
Scanner
C:\Sicherungen\Mails_PC01\20131109_nach_teilweiser_Virenbereinigung\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1.de\Inbox
PC01
Trojan.HTML.Phishing.ES, Trojan.GenericKD.1079057, Trojan.GenericKD.1305731 (3x), Trojan.GenericKDV.1308367, Trojan.GenericKD.1331257 (Engine A)
10.11.2013 17:54:50
Virus gefunden
Scanner
C:\Sicherungen\Mails_PC01\20131027\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1.de\Inbox
PC01
Trojan.GenericKD.942439 (Engine A)
10.11.2013 17:51:56
Virus gefunden
Scanner
C:\Sicherungen\Mails_PC01\20131109_nach_teilweiser_Virenbereinigung\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1.de\Sent
PC01
Trojan.GenericKD.1182057 (Engine A)
10.11.2013 17:43:25
Virus gefunden
Scanner
C:\Sicherungen\Mails_PC01\20131109_nach_teilweiser_Virenbereinigung\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1-5.de\Inbox
PC01
Trojan.GenericKD.1084619 (Engine A)
10.11.2013 17:43:13
Virus gefunden
Scanner
C:\Sicherungen\Mails_PC01\20131109_nach_teilweiser_Virenbereinigung\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1-2.de\Inbox
PC01
Trojan.GenericKD.942439 (Engine A)
10.11.2013 17:41:44
Virus gefunden
Scanner
C:\Sicherungen\Mails_PC01\20131027\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1.de\Sent
PC01
Trojan.HTML.Phishing.ES, Trojan.GenericKD.1079057 (Engine A)
10.11.2013 17:40:47
Virus gefunden
Scanner
C:\Sicherungen\Mails_PC01\20130913\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1.de\Inbox
PC01
Trojan.GenericKD.1182057 (Engine A)
10.11.2013 17:34:18
Virus gefunden
Scanner
C:\Sicherungen\Mails_PC01\20131027\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1-5.de\Inbox
PC01
Trojan.GenericKD.942439 (Engine A)
10.11.2013 17:33:52
Virus gefunden
Scanner
C:\Sicherungen\Mails_PC01\20130913\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1.de\Sent
PC01
Trojan.GenericKD.1084619 (Engine A)
10.11.2013 17:32:59
Virus gefunden
Scanner
C:\Sicherungen\Mails_PC01\20131027\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1-2.de\Inbox
PC01
Trojan.HTML.Phishing.ES (Engine A)
10.11.2013 17:31:56
Virus gefunden
Scanner
C:\Sicherungen\Mails_PC01\20130603\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1.de\Inbox
PC01
Trojan.GenericKD.1182057 (Engine A)
10.11.2013 16:09:44
Virus gefunden
Scanner
C:\Sicherungen\Mails_PC01\20130913\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1-5.de\Inbox
PC01
Trojan.GenericKD.1084619 (Engine A)
10.11.2013 16:09:23
Virus gefunden
Scanner
C:\Sicherungen\Mails_PC01\20130913\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1-2.de\Inbox
PC01
Trojan.GenericKD.942439 (Engine A)
10.11.2013 16:09:19
Virus gefunden
Scanner
C:\Sicherungen\Mails_PC01\20130808\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1.de\Sent
PC01
Trojan.GenericKD.942439 (Engine A)
10.11.2013 16:07:04
Virus gefunden
Scanner
C:\Sicherungen\Mails_PC01\20130603\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1.de\Sent
PC01
Trojan.GenericKD.1084619 (Engine A)
10.11.2013 16:04:34
Virus gefunden
Scanner
C:\Sicherungen\Mails_PC01\20130808\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1-2.de\Inbox
PC01
Trojan.HTML.Phishing.ES, Trojan.GenericKD.1079057 (Engine A)
09.11.2013 15:51:20
Virus gefunden
Scanner
C:\Sicherungen\Mails_PC01\20130808\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1.de\Inbox
PC01
Trojan.GenericKD.1305731 (3x), Trojan.GenericKDV.1308367 (Engine A)
09.11.2013 15:40:59
Virus gefunden
Scanner
C:\Users\Ich\AppData\Roaming\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1.de\Inbox
PC01
Trojan.GenericKD.1331257, Trojan.GenericKD.1079057 (Engine A)
09.11.2013 15:31:21
Virus gefunden
Scanner
C:\Users\Ich\AppData\Roaming\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1.de\Trash
PC01
Trojan.HTML.Phishing.ES, Trojan.GenericKD.1079057, Trojan.GenericKD.1305731 (3x), Trojan.GenericKDV.1308367, Trojan.GenericKD.1331257 (Engine A)
09.11.2013 15:30:15
Virus gefunden
Scanner
C:\Sicherungen\Mails_PC01\aktuell\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1.de\Inbox
PC01
Trojan.GenericKD.1182057 (Engine A)
09.11.2013 15:28:38
Datei in Quarantäne verschoben
Scanner
C:\Users\Ich\AppData\Roaming\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1-5.de\Inbox
PC01
Trojan.GenericKD.1182057 (Engine A)
09.11.2013 15:28:38
Virus gefunden
Scanner
C:\Users\Ich\AppData\Roaming\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1-5.de\Inbox
PC01
Trojan.GenericKD.942439 (Engine A)
09.11.2013 15:27:05
Virus gefunden
Scanner
C:\Users\Ich\AppData\Local\Temp\nsmail.zip
PC01
Trojan.HTML.Phishing.ES, Trojan.GenericKD.1079057, Trojan.GenericKD.1305731 (3x), Trojan.GenericKDV.1308367, Trojan.GenericKD.1331257 (Engine A)
09.11.2013 15:09:26
Virus gefunden
Scanner
C:\Sicherungen\Mails_PC01\20131027\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1.de\Inbox
PC01
Trojan.GenericKD.942439 (Engine A)
09.11.2013 15:08:56
Virus gefunden
Scanner
C:\Sicherungen\Mails_PC01\aktuell\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1.de\Sent
PC01
Trojan.GenericKD.1182057 (Engine A)
09.11.2013 15:02:19
Virus gefunden
Scanner
C:\Sicherungen\Mails_PC01\aktuell\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1-5.de\Inbox
PC01
Trojan.GenericKD.1084619 (Engine A)
09.11.2013 15:02:13
Virus gefunden
Scanner
C:\Sicherungen\Mails_PC01\aktuell\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1-2.de\Inbox
PC01
Trojan.GenericKD.942439 (Engine A)
09.11.2013 15:02:13
Virus gefunden
Scanner
C:\Sicherungen\Mails_PC01\20131027\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1.de\Sent
PC01
Trojan.HTML.Phishing.ES, Trojan.GenericKD.1079057 (Engine A)
09.11.2013 15:00:05
Virus gefunden
Scanner
C:\Sicherungen\Mails_PC01\20130913\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1.de\Inbox
PC01
Trojan.HTML.Phishing.ES (Engine A)
09.11.2013 14:54:40
Virus gefunden
Scanner
C:\Sicherungen\Mails_PC01\20130603\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1.de\Inbox
PC01
Trojan.GenericKD.1182057 (Engine A)
09.11.2013 14:48:34
Virus gefunden
Scanner
C:\Sicherungen\Mails_PC01\20131027\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1-5.de\Inbox
PC01
Trojan.GenericKD.1084619 (Engine A)
09.11.2013 14:48:30
Virus gefunden
Scanner
C:\Sicherungen\Mails_PC01\20131027\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1-2.de\Inbox
PC01
Trojan.GenericKD.942439 (Engine A)
09.11.2013 14:45:59
Virus gefunden
Scanner
C:\Sicherungen\Mails_PC01\20130913\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1.de\Sent
PC01
Trojan.GenericKD.1084619 (Engine A)
09.11.2013 14:41:41
Virus gefunden
Scanner
C:\Sicherungen\Mails_PC01\20130913\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1-2.de\Inbox
PC01
Trojan.GenericKD.1182057 (Engine A)
09.11.2013 14:41:31
Virus gefunden
Scanner
C:\Sicherungen\Mails_PC01\20130913\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1-5.de\Inbox
PC01
Trojan.GenericKD.942439 (Engine A)
09.11.2013 14:41:13
Virus gefunden
Scanner
C:\Sicherungen\Mails_PC01\20130808\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1.de\Sent
PC01
Trojan.GenericKD.942439 (Engine A)
09.11.2013 14:40:43
Virus gefunden
Scanner
C:\Sicherungen\Mails_PC01\20130603\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1.de\Sent
PC01
Trojan.GenericKD.1084619 (Engine A)
09.11.2013 14:38:53
Virus gefunden
Scanner
C:\Sicherungen\Mails_PC01\20130808\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1-2.de\Inbox
PC01
Trojan.GenericKD.942439 (Engine A)
09.11.2013 14:34:02
Datei in Quarantäne verschoben
Scanner
C:\Users\Ich\AppData\Roaming\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1.de\Sent
PC01
Trojan.GenericKD.942439 (Engine A)
09.11.2013 14:34:02
Virus gefunden
Scanner
C:\Users\Ich\AppData\Roaming\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1.de\Sent
PC01
Trojan.GenericKD.1084619 (Engine A)
09.11.2013 14:32:29
Virus gefunden
Scanner
C:\Users\Ich\AppData\Roaming\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1-2.de\Inbox
PC01
Trojan.GenericKD.1084619 (Engine A)
09.11.2013 14:30:43
Datei in Quarantäne verschoben
Scanner
C:\Users\Ich\AppData\Roaming\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1-2.de\Trash
PC01
Trojan.GenericKD.1084619 (Engine A)
09.11.2013 14:30:43
Virus gefunden
Scanner
C:\Users\Ich\AppData\Roaming\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1-2.de\Trash
PC01
Trojan.HTML.Phishing.ES, Trojan.GenericKD.1079057, Trojan.GenericKD.1305731 (3x), Trojan.GenericKDV.1308367, Trojan.GenericKD.1331257 (Engine A)
09.11.2013 10:24:05
Virus gefunden
Scanner
C:\Users\Ich\AppData\Roaming\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1.de\Inbox
PC01
Trojan.GenericKD.942439 (Engine A)
09.11.2013 10:17:50
Virus gefunden
Scanner
C:\Users\Ich\AppData\Roaming\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1.de\Sent
PC01
Trojan.GenericKD.1084619 (Engine A)
09.11.2013 10:15:56
Virus gefunden
Scanner
C:\Users\Ich\AppData\Roaming\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1-2.de\Inbox
PC01
Trojan.GenericKD.1182057 (Engine A)
09.11.2013 10:14:57
Virus gefunden
Scanner
C:\Users\Ich\AppData\Roaming\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1-5.de\Inbox
PC01
Trojan.GenericKD.942439 (Engine A)
09.11.2013 10:12:48
Virus gefunden
Scanner
C:\Users\Ich\AppData\Local\Temp\nsmail.zip
PC01
Trojan.HTML.Phishing.ES, Trojan.GenericKD.1079057 (Engine A)
09.11.2013 09:57:55
Virus gefunden
Scanner
C:\Sicherungen\Mails_PC01\20130913\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1.de\Inbox
PC01
Trojan.GenericKD.1182057 (Engine A)
09.11.2013 09:51:24
Virus gefunden
Scanner
C:\Sicherungen\Mails_PC01\aktuell\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1-5.de\Inbox
PC01
Trojan.GenericKD.942439 (Engine A)
09.11.2013 09:51:08
Virus gefunden
Scanner
C:\Sicherungen\Mails_PC01\20131027\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1.de\Sent
PC01
Trojan.GenericKD.1084619 (Engine A)
09.11.2013 09:49:37
Virus gefunden
Scanner
C:\Sicherungen\Mails_PC01\aktuell\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1-2.de\Inbox
PC01
Trojan.GenericKD.1084619 (Engine A)
09.11.2013 09:45:39
Virus gefunden
Scanner
C:\Sicherungen\Mails_PC01\20131027\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1-2.de\Inbox
PC01
Trojan.GenericKD.1182057 (Engine A)
09.11.2013 09:45:01
Virus gefunden
Scanner
C:\Sicherungen\Mails_PC01\20131027\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1-5.de\Inbox
PC01
Trojan.GenericKD.942439 (Engine A)
09.11.2013 09:44:29
Virus gefunden
Scanner
C:\Sicherungen\Mails_PC01\20130913\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1.de\Sent
PC01
Trojan.HTML.Phishing.ES (Engine A)
09.11.2013 09:44:22
Virus gefunden
Scanner
C:\Sicherungen\Mails_PC01\20130603\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1.de\Inbox
PC01
Trojan.GenericKD.1182057 (Engine A)
09.11.2013 09:41:10
Virus gefunden
Scanner
C:\Sicherungen\Mails_PC01\20130913\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1-5.de\Inbox
PC01
Trojan.GenericKD.942439 (Engine A)
09.11.2013 09:41:05
Virus gefunden
Scanner
C:\Sicherungen\Mails_PC01\20130808\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1.de\Sent
PC01
Trojan.GenericKD.1084619 (Engine A)
09.11.2013 09:41:02
Virus gefunden
Scanner
C:\Sicherungen\Mails_PC01\20130913\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1-2.de\Inbox
PC01
Trojan.GenericKD.942439 (Engine A)
09.11.2013 09:39:47
Virus gefunden
Scanner
C:\Sicherungen\Mails_PC01\20130603\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1.de\Sent
PC01
Trojan.GenericKD.1084619 (Engine A)
09.11.2013 09:37:57
Virus gefunden
Scanner
C:\Sicherungen\Mails_PC01\20130808\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1-2.de\Inbox
PC01
Trojan.HTML.Phishing.ES, Trojan.GenericKD.1079057 (Engine A)
09.11.2013 09:06:57
Virus gefunden
Scanner
C:\Sicherungen\Mails_PC01\20130808\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1.de\Inbox
PC01
Trojan.HTML.Phishing.ES, Trojan.GenericKD.1079057, Trojan.GenericKD.1305731 (3x), Trojan.GenericKDV.1308367, Trojan.GenericKD.1331257 (Engine A)
09.11.2013 08:22:12
Virus gefunden
Scanner
C:\Sicherungen\Mails_PC01\20131027\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1.de\Inbox
PC01
Trojan.HTML.Phishing.ES, Trojan.GenericKD.1079057, Trojan.GenericKD.1305731 (3x), Trojan.GenericKDV.1308367, Trojan.GenericKD.1331257 (Engine A)
09.11.2013 08:19:01
Virus gefunden
Scanner
C:\Sicherungen\Mails_PC01\aktuell\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1.de\Inbox
PC01
Trojan.GenericKD.942439 (Engine A)
09.11.2013 08:12:58
Virus gefunden
Scanner
C:\Sicherungen\Mails_PC01\aktuell\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1.de\Sent
PC01
Trojan.HTML.Phishing.ES, Trojan.GenericKD.1079057 (Engine A)
08.11.2013 19:09:30
Virus gefunden
Scanner
C:\Sicherungen\Mails_PC01\20130808\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1.de\Inbox
PC01
Trojan.HTML.Phishing.ES, Trojan.GenericKD.1079057, Trojan.GenericKD.1305731 (3x), Trojan.GenericKDV.1308367, Trojan.GenericKD.1331257 (Engine A)
08.11.2013 19:06:41
Virus gefunden
Scanner
C:\Users\Ich\AppData\Roaming\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1.de\Inbox
PC01
Trojan.GenericKD.1084619 (Engine A)
08.11.2013 18:56:42
Virus gefunden
Scanner
C:\Users\Ich\AppData\Roaming\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1-2.de\Inbox
PC01
Trojan.GenericKD.942439 (Engine A)
08.11.2013 18:53:39
Virus gefunden
Scanner
C:\Users\Ich\AppData\Local\Temp\nsmail.zip
PC01
Trojan.HTML.Phishing.ES, Trojan.GenericKD.1079057, Trojan.GenericKD.1305731 (3x), Trojan.GenericKDV.1308367, Trojan.GenericKD.1331257 (Engine A)
08.11.2013 18:38:16
Virus gefunden
Scanner
C:\Sicherungen\Mails_PC01\aktuell\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1.de\Inbox
PC01
Trojan.HTML.Phishing.ES, Trojan.GenericKD.1079057, Trojan.GenericKD.1305731 (3x), Trojan.GenericKDV.1308367, Trojan.GenericKD.1331257 (Engine A)
08.11.2013 18:29:22
Virus gefunden
Scanner
C:\Sicherungen\Mails_PC01\20131027\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1.de\Inbox
PC01
Trojan.GenericKD.942439 (Engine A)
08.11.2013 18:26:44
Virus gefunden
Scanner
C:\Sicherungen\Mails_PC01\aktuell\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1.de\Sent
PC01
Trojan.GenericKD.1182057 (Engine A)
08.11.2013 18:16:24
Virus gefunden
Scanner
C:\Sicherungen\Mails_PC01\aktuell\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1-5.de\Inbox
PC01
Trojan.GenericKD.1084619 (Engine A)
08.11.2013 18:15:57
Virus gefunden
Scanner
C:\Sicherungen\Mails_PC01\aktuell\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1-2.de\Inbox
PC01
Trojan.GenericKD.942439 (Engine A)
08.11.2013 18:13:21
Virus gefunden
Scanner
C:\Sicherungen\Mails_PC01\20131027\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1.de\Sent
PC01
Trojan.HTML.Phishing.ES, Trojan.GenericKD.1079057 (Engine A)
08.11.2013 18:12:05
Virus gefunden
Scanner
C:\Sicherungen\Mails_PC01\20130913\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1.de\Inbox
PC01
Trojan.GenericKD.1182057 (Engine A)
08.11.2013 18:04:29
Virus gefunden
Scanner
C:\Sicherungen\Mails_PC01\20131027\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1-5.de\Inbox
PC01
Trojan.GenericKD.1084619 (Engine A)
08.11.2013 18:03:18
Virus gefunden
Scanner
C:\Sicherungen\Mails_PC01\20131027\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1-2.de\Inbox
PC01
Trojan.HTML.Phishing.ES (Engine A)
08.11.2013 17:59:47
Virus gefunden
Scanner
C:\Sicherungen\Mails_PC01\20130603\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1.de\Inbox
PC01
Trojan.GenericKD.942439 (Engine A)
08.11.2013 17:57:52
Virus gefunden
Scanner
C:\Sicherungen\Mails_PC01\20130913\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1.de\Sent
PC01
Trojan.GenericKD.1182057 (Engine A)
08.11.2013 17:53:27
Virus gefunden
Scanner
C:\Sicherungen\Mails_PC01\20130913\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1-5.de\Inbox
PC01
Trojan.GenericKD.1084619 (Engine A)
08.11.2013 17:53:00
Virus gefunden
Scanner
C:\Sicherungen\Mails_PC01\20130913\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1-2.de\Inbox
PC01
Trojan.GenericKD.942439 (Engine A)
08.11.2013 17:51:56
Virus gefunden
Scanner
C:\Sicherungen\Mails_PC01\20130808\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1.de\Sent
PC01
Trojan.GenericKD.942439 (Engine A)
08.11.2013 17:50:13
Virus gefunden
Scanner
C:\Sicherungen\Mails_PC01\20130603\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1.de\Sent
PC01
Trojan.GenericKD.1084619 (Engine A)
08.11.2013 17:47:35
Virus gefunden
Scanner
C:\Sicherungen\Mails_PC01\20130808\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1-2.de\Inbox
PC01
Trojan.GenericKD.942439 (Engine A)
08.11.2013 16:58:09
Virus gefunden
Scanner
C:\Users\Ich\AppData\Roaming\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1.de\Sent
PC01
Trojan.GenericKD.1182057 (Engine A)
08.11.2013 16:53:43
Virus gefunden
Scanner
C:\Users\Ich\AppData\Roaming\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1-5.de\Inbox
PC01
HTML:Scammer-G [Trj] (Engine B)
05.11.2013 11:57:11
Datei in Quarantäne verschoben
Wächter
C:\Users\Ich\AppData\Roaming\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1.de\Trash
PC01
HTML:Scammer-G [Trj] (Engine B)
04.11.2013 09:27:46
Datei in Quarantäne verschoben
Wächter
C:\Users\Ich\AppData\Roaming\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1.de\Trash
PC01
JPG:MS04-028 [Expl] (Engine B)
07.08.2013 15:31:51
Datei in Quarantäne verschoben
Wächter
C:\Fotos\~0130716_161446_Gundelsberger Straße.tmp
PC01
JPG:MS04-028 [Expl] (Engine B)
07.08.2013 15:31:50
Datei in Quarantäne verschoben
Wächter
C:\Fotos\~0130716_161002_Wiechs.tmp
Danke für die Hilfe. |
|
11.11.2013, 07:57
| #2 |
| /// the machine /// TB-Ausbilder    | Trojan.GenericKD.942439 / Trojan.GenericKD.1305731 u.a. hi,
__________________Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden ).
__________________ |
|
11.11.2013, 13:58
| #3 |
| | Trojan.GenericKD.942439 / Trojan.GenericKD.1305731 u.a. Hi Schrauber,
__________________vielen Dank für die Rückmeldung in der deutschen Version von OTL wird angeboten: „Scan“ und „Quick Scan“. Was soll ich laufen lassen? Gruß Löwe Hi Schrauber, nachfolgend der Report von OTL.txt (ausgeführt als Quickscan) OTL Logfile: Code:
ATTFilter OTL logfile created on: 11.11.2013 11:58:27 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Gnuj\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16721) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,96 Gb Total Physical Memory | 2,16 Gb Available Physical Memory | 54,51% Memory free 7,92 Gb Paging File | 5,49 Gb Available in Paging File | 69,34% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 458,50 Gb Total Space | 280,69 Gb Free Space | 61,22% Space Free | Partition Type: NTFS Drive D: | 7,17 Gb Total Space | 0,92 Gb Free Space | 12,80% Space Free | Partition Type: NTFS Drive K: | 55,85 Gb Total Space | 7,71 Gb Free Space | 13,81% Space Free | Partition Type: NTFS Drive L: | 55,85 Gb Total Space | 7,71 Gb Free Space | 13,81% Space Free | Partition Type: NTFS Drive P: | 55,85 Gb Total Space | 7,71 Gb Free Space | 13,81% Space Free | Partition Type: NTFS Drive Q: | 55,85 Gb Total Space | 7,71 Gb Free Space | 13,81% Space Free | Partition Type: NTFS Computer Name: PC01 | User Name: Gnuj | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found PRC - C:\Users\Gnuj\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\PhraseExpress\phraseexpress.exe (Bartels Media GmbH) PRC - C:\PROGRA~2\MIF5BA~1\Office14\WINWORD.EXE (Microsoft Corporation) PRC - C:\Program Files (x86)\Haufe\iDesk\iDeskService\iDeskService.exe () PRC - C:\Program Files (x86)\Haufe\iDesk\iDeskService\ideskpython.exe (Haufe Mediengruppe) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Vetad\PROGRAMM\B0001442\PSNTServ.exe (Vetad eG) PRC - C:\Vetad\SYSTEM\Vetad.Framework.RemoteServiceModel.GenericService2010.exe (Vetad eG) PRC - C:\Vetad\PROGRAMM\B0000150\ScServer\DVckService.exe (Vetad eG) PRC - C:\Vetad\PROGRAMM\B0000398\SiPaHost.exe (Vetad eG) PRC - C:\Vetad\PROGRAMM\B0000398\SiPaHostService.exe (Vetad eG) PRC - C:\Vetad\PROGRAMM\Install\DvInesASDMon.Exe (Vetad eG) PRC - C:\Vetad\PROGRAMM\Install\DvInesASDSvc.Exe (Vetad eG) PRC - C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG) PRC - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis) PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe () PRC - C:\Vetad\PROGRAMM\B0000000\DFUEMNGR\DfueMan.exe (Vetad eG) PRC - C:\Vetad\PROGRAMM\DFUEISDN\SSLClt\sslclt.exe (Vetad eG) PRC - C:\Vetad\PROGRAMM\B0000000\DFUEMNGR\DcManag.exe (Vetad eG) PRC - C:\Vetad\PROGRAMM\B0000299\AS\as.exe (VetadeG) PRC - C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe (G Data Software AG) PRC - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe (G Data Software AG) PRC - C:\Program Files (x86)\G Data\AVK\AVK.exe (G Data Software AG) PRC - C:\Program Files (x86)\AGFEO\Tk-Suite\tools\ctimon.exe (AGFEO ) PRC - C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe (HP) PRC - C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe (HP) PRC - C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe (HP) PRC - C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Acronis) PRC - C:\Vetad\PROGRAMM\B0000404\msdisrv.exe (KOBIL Systems GmbH) PRC - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Nuance\PDF Professional 7\PdfPro7Hook.exe (Nuance Communications, Inc.) PRC - C:\Program Files (x86)\Nuance\PDF Professional 7\PDFProFiltSrv.exe (Nuance Communications, Inc.) PRC - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) PRC - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) PRC - C:\Program Files (x86)\klickTel\klickTel OEM Frühjahr 2010\KSTART32.EXE (telegate MEDIA AG) PRC - C:\Vetad\PROGRAMM\A0000007\DHNC.exe () PRC - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation) PRC - C:\Vetad\SYSTEM\RzpjWtch.exe (Vetad eG) PRC - C:\lotus\organize\easyclip6.exe (Lotus Development Corporation) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\PhraseExpress\pexlang.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Network\05fb8add8ed309511d33005b64db51d8\Vetad.Network.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Framework.Mic#\9b17db1567cedc01fe2d6c7dc90b01ec\Vetad.Framework.MicroKernel.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Framework.Int#\86c0dfed414b4b1aa82d0352fc147763\Vetad.Framework.Interop.OfficeObjectModel.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Framework.Int#\97c7bcb8869c21ccc0a2edcf60afb731\Vetad.Framework.Interop.Office.MSOffice14.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Framework.Int#\3c76afd2827aae5e1a6a8aa52adea739\Vetad.Framework.Interop.Office.Goal.Common.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Framework.Int#\3c5ce8af61cc1e702fc89c39a89dc7c0\Vetad.Framework.Interop.Office.Goal.MSOTypes.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Framework.Int#\376bcb9ba86870ae17d3a63ea1fb5929\Vetad.Framework.Interop.Office.Goal.BSOffice.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Framework.Int#\5b6371c8a1008b55ca0a48f260b3f3e9\Vetad.Framework.Interop.Office.Goal.Base.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Framework.Dia#\c0887ced42561c0c2b9dc65b183fecc1\Vetad.Framework.Diagnostics.RealTimeTracing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.ConfigDB\d0a3586446af1f7aa101a31ac36dbc1d\Vetad.ConfigDB.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\e40d894a772b2cff5ffd5a84ef20d2d4\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dac1208781fdd0b960afc12efff42944\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\71d887ce964fb69b7f03c4fe7a3f28ff\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Framework.Int#\4e6c85823b769bc47024bb0a305e66f3\Vetad.Framework.Interop.Office.Word14.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Framework.Int#\b49314a634f98bf6d4b0c0fc15705316\Vetad.Framework.Interop.Office.Goal.ObjectFactory.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Framework.Int#\ac0a82d116c43dfa7556e0fa9830446e\Vetad.Framework.Interop.Office.Goal.Calc.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Framework.Int#\e2ec546ef40c590ca2c55a8d5006ca35\Vetad.Framework.Interop.Office.Goal.Basics.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Framework.Int#\797af1fef2e5f7f69a895b3ac7829b63\Vetad.Framework.Interop.Office.Extensions.OfficeUI.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Framework.Int#\87879028bdeeb98b5ab9bc7f3891c3e8\Vetad.Framework.Interop.Office.Extensions.Base.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\3a3fc0216674bdea0be809b305517c98\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\884bcbd22130ebeb1211bc7bcc3910c9\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\de853615c8224ba5d9aa9b76276c6d98\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Network.Inter#\f41b1c423b0773c656fad36adadd7931\Vetad.Network.Interfaces.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Framework.Int#\794f134fd574b106461b20b224b57df1\Vetad.Framework.Interop.Office.Goal.Text.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Framework.Int#\e9c1d3baac577ec5eac2d7a90437f1bb\Vetad.Framework.Interop.Office.Goal.Component.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Framework.Int#\6a851c744185a856a105954971d094ad\Vetad.Framework.Interop.Office.Goal.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Framework.Int#\de72f603bf94e9a94563c014c36404a2\Vetad.Framework.Interop.Office.Extensions.DDMA.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Framework.Int#\3aa681fb4055d3e03daaec3f9686c96c\Vetad.Framework.Interop.Office.Extensions.BSOfficeMenu.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.ConfigDB.Inte#\614b0fe9393254fba76ddb4bf0235a6c\Vetad.ConfigDB.Interfaces.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\cf58670896c5313b9b52f026f4455a5d\mscorlib.ni.dll () MOD - C:\PROGRA~2\CSH-SO~1\Ka\COLWOR~1.DLL () MOD - C:\Vetad\SYSTEM\DVCCSASCMtf001.dll () MOD - C:\Program Files (x86)\AGFEO\Tk-Suite\tools\imageformats\qgif4.dll () MOD - C:\Program Files (x86)\AGFEO\Tk-Suite\tools\imageformats\qjpeg4.dll () MOD - C:\Program Files (x86)\AGFEO\Tk-Suite\tools\sqldrivers\qsqlite4.dll () MOD - C:\Program Files (x86)\AGFEO\Tk-Suite\tools\QtWebKit4.dll () MOD - C:\Program Files (x86)\AGFEO\Tk-Suite\tools\QtScript4.dll () MOD - C:\Program Files (x86)\AGFEO\Tk-Suite\tools\phonon4.dll () MOD - C:\Program Files (x86)\AGFEO\Tk-Suite\tools\QtGui4.dll () MOD - C:\Program Files (x86)\AGFEO\Tk-Suite\tools\QtSql4.dll () MOD - C:\Program Files (x86)\AGFEO\Tk-Suite\tools\QtNetwork4.dll () MOD - C:\Program Files (x86)\AGFEO\Tk-Suite\tools\QtCore4.dll () MOD - C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf () MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf () MOD - C:\Program Files (x86)\Nuance\PDF Professional 7\PDFCOffice2007Addin.dll () MOD - C:\Vetad\PROGRAMM\A0000007\DHNC.exe () MOD - C:\Vetad\SYSTEM\DvDfvkBas002.dll () MOD - C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll () ========== Services (SafeList) ========== SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV:64bit: - (FirebirdGuardianDefaultInstance) -- C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe (Firebird Project) SRV:64bit: - (FirebirdServerDefaultInstance) -- C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe (Firebird Project) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (hasplms) -- C:\Windows\SysNative\hasplms.exe (SafeNet Inc.) SRV:64bit: - (Intel(R) -- C:\Windows\SysNative\IPROSetMonitor.exe (Intel Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (HRService) -- C:\Program Files (x86)\Haufe\iDesk\iDeskService\iDeskService.exe () SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (VetadPrintService) -- C:\Vetad\PROGRAMM\B0001442\PSNTServ.exe (Vetad eG) SRV - (DVckService) -- C:\Vetad\PROGRAMM\B0000150\ScServer\DVckService.exe (Vetad eG) SRV - (Sicherheitspaket-Dienst) -- C:\Vetad\PROGRAMM\B0000398\SiPaHostService.exe (Vetad eG) SRV - (Vetad Update-Service) -- C:\Vetad\PROGRAMM\Install\DvInesASDSvc.Exe (Vetad eG) SRV - (DBService) -- C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG) SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (Hewlett-Packard Company) SRV - (afcdpsrv) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis) SRV - (vToolbarUpdater12.2.0) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe () SRV - (Dcmanag) -- C:\Vetad\PROGRAMM\B0000000\DFUEMNGR\DcManag.exe (Vetad eG) SRV - (GDScan) -- C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe (G Data Software AG) SRV - (AVKProxy) -- C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe (G Data Software AG) SRV - (AntiVirusKit Client) -- C:\Program Files (x86)\G Data\AVK\AVK.exe (G Data Software AG) SRV - (AVKWCtl) -- C:\Program Files (x86)\G Data\AVK\AVKWCtlX64.exe (G Data Software AG) SRV - (GDBackupSvc) -- C:\Program Files (x86)\G Data\AVK\AVKBackupService.exe (G Data Software AG) SRV - (FPLService) -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe (HP) SRV - (syncagentsrv) -- C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Acronis) SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) SRV - (KOBIL_MSDI) -- C:\Vetad\PROGRAMM\B0000404\msdisrv.exe (KOBIL Systems GmbH) SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (PDFProFiltSrv) -- C:\Program Files (x86)\Nuance\PDF Professional 7\PDFProFiltSrv.exe (Nuance Communications, Inc.) SRV - (IviRegMgr) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (PSI_SVC_2) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (HookCentre) -- C:\Windows\SysNative\drivers\HookCentre.sys (G Data Software AG) DRV:64bit: - (GDMnIcpt) -- C:\Windows\SysNative\drivers\MiniIcpt.sys (G Data Software AG) DRV:64bit: - (GDBehave) -- C:\Windows\SysNative\drivers\GDBehave.sys (G Data Software AG) DRV:64bit: - (gdwfpcd) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys (G Data Software AG) DRV:64bit: - (GRD) -- C:\Windows\SysNative\drivers\GRD.sys (G Data Software) DRV:64bit: - (KOBCCID) -- C:\Windows\SysNative\drivers\KOBCCID.sys (KOBIL Systems GmbH) DRV:64bit: - (vidsflt58) -- C:\Windows\SysNative\drivers\vsflt58.sys (Acronis) DRV:64bit: - (afcdp) -- C:\Windows\SysNative\drivers\afcdp.sys (Acronis) DRV:64bit: - (tdrpman) -- C:\Windows\SysNative\drivers\tdrpman.sys (Acronis) DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis) DRV:64bit: - (vididr) -- C:\Windows\SysNative\drivers\vididr.sys (Acronis) DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis) DRV:64bit: - (fltsrv) -- C:\Windows\SysNative\drivers\fltsrv.sys (Acronis) DRV:64bit: - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies) DRV:64bit: - (SC_SERV3D) -- C:\Windows\SysNative\drivers\d3_kafm.sys (Vetad eG) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (KOBCCEX) -- C:\Windows\SysNative\drivers\KOBCCEX.sys (KOBIL Systems GmbH) DRV:64bit: - (pmxdrv) -- C:\Windows\SysNative\drivers\pmxdrv.sys () DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (aksfridge) -- C:\Windows\SysNative\drivers\aksfridge.sys (SafeNet Inc.) DRV:64bit: - (aksdf) -- C:\Windows\SysNative\drivers\aksdf.sys (SafeNet Inc.) DRV:64bit: - (hardlock) -- C:\Windows\SysNative\drivers\hardlock.sys (SafeNet Inc.) DRV:64bit: - (e1cexpress) -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (IFCoEVB) -- C:\Windows\SysNative\drivers\ifP52x64.sys (Intel(R) Corporation) DRV:64bit: - (IFCoEMP) -- C:\Windows\SysNative\drivers\ifM52x64.sys (Intel(R) Corporation) DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation) DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation) DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=110&systemid=102&sr=0&q={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMDTDF IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=110&systemid=102&sr=0&q={searchTerms} IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMDTDF IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3819896947-3942532061-1754202372-1137\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ IE - HKU\S-1-5-21-3819896947-3942532061-1754202372-1137\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} IE - HKU\S-1-5-21-3819896947-3942532061-1754202372-1137\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox IE - HKU\S-1-5-21-3819896947-3942532061-1754202372-1137\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=110&systemid=102&sr=0&q={searchTerms} IE - HKU\S-1-5-21-3819896947-3942532061-1754202372-1137\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMDTDF IE - HKU\S-1-5-21-3819896947-3942532061-1754202372-1137\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "https://www.google.de/|hxxp://www.ebay.de/|hxxp://www.web.de/|hxxp://www.geizkragen.de/preisvergleich/telefon-und-co/handys-ohne-vertrag/samsung/samsung-galaxy-s4-i9505/802087.html|hxxp://forum.chip.de/drucker-scanner-co-21/|hxxp://www.dilem.fr/de/simulator/monture:OJ090/branche:ZM#!monture:OJ090/branche:ZC246|hxxp://www.gegenfrage.com/category/gold/|hxxp://www.proaurum.de/home/aktuellwichtig/chartanalyse/chart-analyse_23-07-2013.html|https://www.gevestor-group.de/?id=512829&banner=HV_redLink2_12609_63075742030&nl_link=HV_redLink2_12609_63075742030&utm_medium=email&utm_campaign=63075742030_2013-08-28T17%253A00_%255BAC%255D+Newsletter+vom+28.08.2013&utm_source=4016638430&SYS=000&SCID=anVuZ0AxYS10b3AtYmVyYXR1bmcuZGU%253D" FF - prefs.js..extensions.enabledAddons: toolbar%40web.de:2.8 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll () FF - HKLM\Software\MozillaPlugins\@Vetad.de/Vetad_BestellManager,version=1.7: C:\Vetad\PROGRAMM\A0000015\npdvbm.dll ( Vetad eG) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Professional 7\bin\nppdf.dll (Zeon Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.11.08 10:32:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2008.02.22 16:24:06 | 000,095,832 | ---- | M] () FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.12.16 10:34:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2008.02.22 16:24:06 | 000,095,832 | ---- | M] () FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.12.16 10:34:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2008.02.22 16:24:06 | 000,095,832 | ---- | M] () FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.12.16 10:34:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2008.02.22 16:24:06 | 000,095,832 | ---- | M] () FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.12.16 10:34:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2008.02.22 16:24:06 | 000,095,832 | ---- | M] () FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.12.16 10:34:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2008.02.22 16:24:06 | 000,095,832 | ---- | M] () [2012.11.22 00:23:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gnuj\AppData\Roaming\mozilla\Extensions [2012.01.04 19:20:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gnuj\AppData\Roaming\mozilla\Extensions\ideskbrowser@haufe.de [2013.10.24 09:15:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gnuj\AppData\Roaming\mozilla\Firefox\Profiles\rd42lxr8.default\Extensions [2013.10.24 09:15:19 | 000,634,504 | ---- | M] () (No name found) -- C:\Users\Gnuj\AppData\Roaming\mozilla\firefox\profiles\rd42lxr8.default\Extensions\toolbar@web.de.xpi [2013.10.10 09:19:25 | 000,915,554 | ---- | M] () (No name found) -- C:\Users\Gnuj\AppData\Roaming\mozilla\firefox\profiles\rd42lxr8.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.10.24 09:15:22 | 000,001,003 | ---- | M] () -- C:\Users\Gnuj\AppData\Roaming\mozilla\firefox\profiles\rd42lxr8.default\searchplugins\11-suche.xml [2013.10.24 09:15:22 | 000,002,353 | ---- | M] () -- C:\Users\Gnuj\AppData\Roaming\mozilla\firefox\profiles\rd42lxr8.default\searchplugins\englische-ergebnisse.xml [2013.10.24 09:15:22 | 000,002,822 | ---- | M] () -- C:\Users\Gnuj\AppData\Roaming\mozilla\firefox\profiles\rd42lxr8.default\searchplugins\gmx-suche.xml [2013.10.24 09:15:22 | 000,002,432 | ---- | M] () -- C:\Users\Gnuj\AppData\Roaming\mozilla\firefox\profiles\rd42lxr8.default\searchplugins\lastminute.xml [2013.10.24 09:15:22 | 000,005,637 | ---- | M] () -- C:\Users\Gnuj\AppData\Roaming\mozilla\firefox\profiles\rd42lxr8.default\searchplugins\webde-suche.xml [2013.11.08 10:32:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.11.08 10:32:27 | 000,000,000 | ---D | M] (TrueSuite Website Logon) -- C:\Program Files (x86)\mozilla firefox\extensions\websitelogon@truesuite.com [2013.11.08 10:32:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.11.08 10:32:33 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - homepage: hxxp://www.google.com/ CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll CHR - plugin: Vetad Bestell-Manager Plug-in (Enabled) = C:\Vetad\PROGRAMM\A0000015\npdvbm.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - plugin: DocuCom PDF Plus (Enabled) = C:\Program Files (x86)\Nuance\PDF Professional 7\bin\nppdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll CHR - Extension: Docs = C:\Users\Gnuj\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\ CHR - Extension: Google Drive = C:\Users\Gnuj\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\ CHR - Extension: YouTube = C:\Users\Gnuj\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\Gnuj\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Website Logon = C:\Users\Gnuj\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfaldikcoaplhepekpbngkepfcoiihef\1.0_0\ CHR - Extension: Google Mail = C:\Users\Gnuj\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2013.03.17 00:24:15 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (DtvIePwdSafeBHO Class) - {6EF6B546-25FB-455B-801F-FDB3B3D39F9E} - C:\Vetad\PROGRAMM\B0000397\DtvIePwdSafe64.dll (Vetad eG) O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP) O2:64bit: - BHO: (SCardBHOEvent Class) - {AF8CD625-E04A-4A8F-A90A-0C74846C2E30} - C:\Vetad\SYSTEM\DVCCSASCardBHO64002.dll (Vetad eG) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (no name) - {11111111-1111-1111-1111-110011441179} - No CLSID value found. O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\PlusIEContextMenu.dll (Zeon Corporation) O2 - BHO: (DtvIePwdSafeBHO Class) - {6EF6B546-25FB-455B-801F-FDB3B3D39F9E} - C:\Vetad\PROGRAMM\B0000397\DtvIePwdSafe.dll (Vetad eG) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP) O2 - BHO: (SCardBHOEvent Class) - {AF8CD625-E04A-4A8F-A90A-0C74846C2E30} - C:\Vetad\SYSTEM\DVCCSASCardBHO002.dll (Vetad eG) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll (Zeon Corporation) O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) O3 - HKLM\..\Toolbar: (Nuance PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll (Zeon Corporation) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKLM..\Run: [AVK Client] C:\Program Files (x86)\G Data\AVK\AVK.exe (G Data Software AG) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [Vetad Update-Monitor] C:\Vetad\PROGRAMM\Install\DvInesASDMon.exe (Vetad eG) O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation) O4 - HKLM..\Run: [PDF7 Registry Controller] C:\Program Files (x86)\Nuance\PDF Professional 7\RegistryController.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDFHook] C:\Program Files (x86)\Nuance\PDF Professional 7\pdfpro7hook.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [SiPaHost] C:\Vetad\PROGRAMM\B0000398\SiPaHost.exe (Vetad eG) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-21-3819896947-3942532061-1754202372-1137..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation) O4 - Startup: C:\Users\Gnuj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\klickTel OEM Frühjahr 2010 - Schnellstarter.lnk = C:\Program Files (x86)\klickTel\klickTel OEM Frühjahr 2010\KSTART32.EXE (telegate MEDIA AG) O4 - Startup: C:\Users\Gnuj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Lotus Organizer EasyClip.lnk = C:\lotus\organize\easyclip6.exe (Lotus Development Corporation) O4 - Startup: C:\Users\Gnuj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PhraseExpress Diagnose-Modus.lnk = C:\Program Files (x86)\PhraseExpress\phraseexpress.exe (Bartels Media GmbH) O4 - Startup: C:\Users\Gnuj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TK-Suite Client.lnk = C:\Program Files (x86)\AGFEO\Tk-Suite\tools\ctimon.exe (AGFEO ) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3819896947-3942532061-1754202372-1137\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3819896947-3942532061-1754202372-1137\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-3819896947-3942532061-1754202372-1137\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll (Zeon Corporation) O8:64bit: - Extra context menu item: Inhalt der ausgewählten Links an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll (Zeon Corporation) O8:64bit: - Extra context menu item: Linkinhalt an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll (Zeon Corporation) O8:64bit: - Extra context menu item: Mit Nuance PDF Converter 7.0 öffnen - C:\Program Files (x86)\Nuance\PDF Professional 7\cnvres_ger.dll (Nuance Communications, Inc.) O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: PDF-Datei aus Linkinhalt erstellen - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll (Zeon Corporation) O8:64bit: - Extra context menu item: PDF-Datei erstellen - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll (Zeon Corporation) O8:64bit: - Extra context menu item: PDF-Dateien aus den ausgewählten Links erstellen - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll (Zeon Corporation) O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: An vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll (Zeon Corporation) O8 - Extra context menu item: Inhalt der ausgewählten Links an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll (Zeon Corporation) O8 - Extra context menu item: Linkinhalt an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll (Zeon Corporation) O8 - Extra context menu item: Mit Nuance PDF Converter 7.0 öffnen - C:\Program Files (x86)\Nuance\PDF Professional 7\cnvres_ger.dll (Nuance Communications, Inc.) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: PDF-Datei aus Linkinhalt erstellen - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll (Zeon Corporation) O8 - Extra context menu item: PDF-Datei erstellen - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll (Zeon Corporation) O8 - Extra context menu item: PDF-Dateien aus den ausgewählten Links erstellen - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll (Zeon Corporation) O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9 - Extra Button: Web-Eintrag - {B4E30F61-16D9-11D3-85D1-005004229569} - c:\lotus\organize\bandobjs.dll () O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-3819896947-3942532061-1754202372-1137\..Trusted Domains: Vetad.com ([]http is out of zone range - 5) O15 - HKU\S-1-5-21-3819896947-3942532061-1754202372-1137\..Trusted Domains: Vetad.com ([]https is out of zone range - 5) O15 - HKU\S-1-5-21-3819896947-3942532061-1754202372-1137\..Trusted Domains: Vetad.de ([]http is out of zone range - 5) O15 - HKU\S-1-5-21-3819896947-3942532061-1754202372-1137\..Trusted Domains: Vetad.de ([]https is out of zone range - 5) O15 - HKU\S-1-5-21-3819896947-3942532061-1754202372-1137\..Trusted Domains: Vetad.de ([www] http is out of zone range - 5) O15 - HKU\S-1-5-21-3819896947-3942532061-1754202372-1137\..Trusted Domains: Vetad.de ([www] https is out of zone range - 5) O15 - HKU\S-1-5-21-3819896947-3942532061-1754202372-1137\..Trusted Domains: Vetadnet.de ([*.services] http is out of zone range - 5) O15 - HKU\S-1-5-21-3819896947-3942532061-1754202372-1137\..Trusted Domains: Vetadnet.de ([*.services] https is out of zone range - 5) O15 - HKU\S-1-5-21-3819896947-3942532061-1754202372-1137\..Trusted Domains: Vetadstadt.de ([]http is out of zone range - 5) O15 - HKU\S-1-5-21-3819896947-3942532061-1754202372-1137\..Trusted Domains: Vetadstadt.de ([]https is out of zone range - 5) O16:64bit: - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex64-2.2.6.0.cab (DLM Control) O16 - DPF: {15BE8BEE-4105-4A79-B385-25068AA967DB} hxxp://de1.iradiopop.com/IRD/pages/VBIMDPlayer.CAB (VBIRDPlayer.Player) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 10.45.2) O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 10.45.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.199.10 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Ka.local O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D3BA4BEC-0264-43CF-B7B3-57C797E79215}: DhcpNameServer = 192.168.199.10 O18:64bit: - Protocol\Handler\haufereader - No CLSID value found O18:64bit: - Protocol\Handler\ipp - No CLSID value found O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\haufereader - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.11.11 09:43:20 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Gnuj\Desktop\OTL.exe [2013.11.11 00:42:07 | 000,000,000 | ---D | C] -- C:\FRST [2013.11.11 00:41:12 | 001,957,590 | ---- | C] (Farbar) -- C:\Users\Gnuj\Desktop\FRST64.exe [2013.11.08 10:32:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.10.22 17:10:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle [2013.10.22 17:10:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.10.22 17:10:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java ========== Files - Modified Within 30 Days ========== [2013.11.11 11:56:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.11.11 11:16:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.11.11 09:43:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Gnuj\Desktop\OTL.exe [2013.11.11 09:16:48 | 000,027,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.11.11 09:16:48 | 000,027,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.11.11 09:15:23 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.11.11 09:15:23 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.11.11 09:15:23 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.11.11 09:15:23 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.11.11 09:15:23 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.11.11 09:09:17 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.11.11 09:08:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.11.11 09:08:14 | 3188,219,904 | -HS- | M] () -- C:\hiberfil.sys [2013.11.11 01:40:43 | 000,001,091 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PhraseExpress.lnk [2013.11.11 00:41:27 | 001,957,590 | ---- | M] (Farbar) -- C:\Users\Gnuj\Desktop\FRST64.exe [2013.11.11 00:02:36 | 000,086,142 | ---- | M] () -- C:\Users\Gnuj\Desktop\Viren_PC01_20131110.xml [2013.11.07 15:36:06 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForGnuj.job [2013.11.06 17:13:46 | 000,005,823 | ---- | M] () -- C:\Users\Gnuj\AppData\Local\EmptySettings.xml [2013.11.04 11:01:17 | 000,000,021 | ---- | M] () -- C:\Windows\DvInesKurusOleServer003.INI [2013.11.04 10:56:11 | 000,000,526 | ---- | M] () -- C:\Windows\ODBC.INI [2013.10.30 14:51:04 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForPC01$.job [2013.10.24 07:41:01 | 000,002,311 | ---- | M] () -- C:\Users\Public\Desktop\Haufe Steuer Office aufrufen.lnk [2013.10.24 07:28:45 | 000,002,875 | ---- | M] () -- C:\Users\Public\Desktop\Haufe Formular-Manager.lnk [2013.10.17 18:00:19 | 000,002,185 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk ========== Files Created - No Company Name ========== [2013.11.11 00:01:01 | 000,086,142 | ---- | C] () -- C:\Users\Gnuj\Desktop\Viren_PC01_20131110.xml [2013.10.24 07:41:01 | 000,002,311 | ---- | C] () -- C:\Users\Public\Desktop\Haufe Steuer Office aufrufen.lnk [2013.03.28 22:36:43 | 000,233,577 | ---- | C] () -- C:\Windows\SysWow64\vMainHook.dll [2013.03.28 22:36:43 | 000,196,608 | ---- | C] () -- C:\Windows\SysWow64\SCARCOUW.dll [2013.03.28 22:36:43 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\plausibili2.dll [2013.01.02 19:18:53 | 000,004,096 | -H-- | C] () -- C:\Users\Gnuj\AppData\Local\keyfile3.drm [2012.11.12 15:11:11 | 000,007,605 | ---- | C] () -- C:\Users\Gnuj\AppData\Local\Resmon.ResmonCfg [2012.11.11 10:03:42 | 000,001,505 | ---- | C] () -- C:\Windows\HBCIKRNL.INI [2012.11.11 09:55:20 | 000,000,227 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [2012.11.01 09:38:03 | 000,900,963 | ---- | C] () -- C:\Windows\SysWow64\sig.bin [2012.10.18 14:45:37 | 000,016,387 | ---- | C] () -- C:\Windows\German.ini [2012.10.18 13:26:59 | 000,446,464 | ---- | C] () -- C:\Windows\SysWow64\Tx32.dll [2012.10.18 13:26:59 | 000,000,151 | ---- | C] () -- C:\Windows\SysWow64\ic32.ini [2012.08.31 09:57:22 | 000,015,873 | ---- | C] () -- C:\Windows\SysWow64\Inetde.dll [2012.08.26 16:00:31 | 000,000,256 | ---- | C] () -- C:\Windows\Brpfx04a.ini [2012.08.26 16:00:31 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini [2012.08.26 16:00:14 | 000,000,416 | ---- | C] () -- C:\Windows\BRWMARK.INI [2012.08.26 16:00:13 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD8860DN.DAT [2012.08.26 15:59:25 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll [2012.08.26 15:59:25 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini [2012.08.26 15:59:25 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat [2012.08.26 15:59:22 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL [2012.08.26 15:59:15 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI [2012.06.13 16:37:51 | 000,000,000 | ---- | C] () -- C:\Users\Gnuj\defogger_reenable [2012.06.12 22:32:35 | 000,000,052 | ---- | C] () -- C:\ProgramData\ckpgxccjdmbsnlv [2012.05.14 06:27:49 | 000,010,595 | ---- | C] () -- C:\Windows\SysWow64\UpdateAction_30032012.exe.dmp [2012.03.09 05:31:26 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.03.09 05:31:26 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.03.09 00:26:20 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2012.03.07 18:32:57 | 001,335,296 | ---- | C] () -- C:\Windows\SysWow64\p2pfilter.dll [2012.03.07 18:32:57 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\DSPlayer.dll [2012.02.07 09:47:33 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll [2012.02.07 09:47:33 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\advd.dll [2012.02.07 09:47:33 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\auth.dll [2012.01.31 06:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.01.23 18:44:25 | 000,005,823 | ---- | C] () -- C:\Users\Gnuj\AppData\Local\EmptySettings.xml [2012.01.14 12:36:51 | 000,035,328 | ---- | C] () -- C:\Windows\SysWow64\INETWH32.DLL [2012.01.14 12:36:51 | 000,009,136 | ---- | C] () -- C:\Windows\SysWow64\INETWH16.DLL [2012.01.14 11:39:58 | 000,000,196 | ---- | C] () -- C:\Windows\ktel.ini [2012.01.03 14:47:17 | 000,001,471 | ---- | C] () -- C:\Windows\ODBCINST.INI [2012.01.03 14:42:58 | 000,000,046 | ---- | C] () -- C:\Windows\BRUNVPC.INI [2012.01.03 12:42:36 | 000,000,526 | ---- | C] () -- C:\Windows\ODBC.INI [2012.01.03 12:21:37 | 000,000,021 | ---- | C] () -- C:\Windows\DvInesKurusOleServer003.INI [2012.01.03 12:19:42 | 000,000,096 | ---- | C] () -- C:\Windows\dvinesinstalllocation001.INI [2012.01.03 12:12:14 | 000,000,097 | ---- | C] () -- C:\Windows\Startup.INI [2012.01.03 11:48:38 | 000,004,876 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2012.01.03 08:28:19 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.12.09 00:10:23 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011.12.09 00:10:23 | 000,206,952 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011.12.09 00:10:22 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.07.26 03:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.07.26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.01.16 07:41:58 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Haufe Mediengruppe [2012.03.01 11:21:54 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Zeon [2012.09.08 14:53:14 | 000,000,000 | ---D | M] -- C:\Users\Gnuj\AppData\Roaming\Acronis [2012.01.19 15:42:46 | 000,000,000 | ---D | M] -- C:\Users\Gnuj\AppData\Roaming\AGFEO [2012.07.05 23:16:05 | 000,000,000 | ---D | M] -- C:\Users\Gnuj\AppData\Roaming\AnvSoft [2013.11.11 11:54:47 | 000,000,000 | ---D | M] -- C:\Users\Gnuj\AppData\Roaming\BOM [2012.07.07 15:06:45 | 000,000,000 | ---D | M] -- C:\Users\Gnuj\AppData\Roaming\Canneverbe Limited [2012.02.07 09:48:24 | 000,000,000 | ---D | M] -- C:\Users\Gnuj\AppData\Roaming\concept design [2013.02.07 09:19:40 | 000,000,000 | ---D | M] -- C:\Users\Gnuj\AppData\Roaming\Vetad [2012.01.03 14:24:23 | 000,000,000 | ---D | M] -- C:\Users\Gnuj\AppData\Roaming\DMS [2013.06.02 23:20:39 | 000,000,000 | ---D | M] -- C:\Users\Gnuj\AppData\Roaming\DVASSV [2013.02.28 17:09:12 | 000,000,000 | ---D | M] -- C:\Users\Gnuj\AppData\Roaming\elsterformular [2012.02.07 10:38:54 | 000,000,000 | ---D | M] -- C:\Users\Gnuj\AppData\Roaming\Engelmann Media [2013.04.19 10:02:37 | 000,000,000 | ---D | M] -- C:\Users\Gnuj\AppData\Roaming\Erbschaftsteuer_Rechner [2012.12.06 00:05:36 | 000,000,000 | ---D | M] -- C:\Users\Gnuj\AppData\Roaming\FreeCommander [2012.01.04 19:20:42 | 000,000,000 | ---D | M] -- C:\Users\Gnuj\AppData\Roaming\Haufe Mediengruppe [2013.06.06 07:40:04 | 000,000,000 | ---D | M] -- C:\Users\Gnuj\AppData\Roaming\CSH-Software [2012.12.05 19:20:12 | 000,000,000 | ---D | M] -- C:\Users\Gnuj\AppData\Roaming\JDownloaderDownloadManagerPackages [2013.04.19 16:22:29 | 000,000,000 | ---D | M] -- C:\Users\Gnuj\AppData\Roaming\jpg-Illuminator [2012.01.14 11:46:05 | 000,000,000 | ---D | M] -- C:\Users\Gnuj\AppData\Roaming\klickTel [2013.09.29 10:12:03 | 000,000,000 | ---D | M] -- C:\Users\Gnuj\AppData\Roaming\MAGIX [2012.03.29 10:34:17 | 000,000,000 | ---D | M] -- C:\Users\Gnuj\AppData\Roaming\Nuance [2013.09.21 00:41:55 | 000,000,000 | ---D | M] -- C:\Users\Gnuj\AppData\Roaming\OpenCandy [2012.01.03 18:02:39 | 000,000,000 | ---D | M] -- C:\Users\Gnuj\AppData\Roaming\Opera [2013.09.30 09:28:45 | 000,000,000 | ---D | M] -- C:\Users\Gnuj\AppData\Roaming\PersBackup5 [2013.10.13 07:54:47 | 000,000,000 | ---D | M] -- C:\Users\Gnuj\AppData\Roaming\PhraseExpress [2012.12.16 12:48:30 | 000,000,000 | ---D | M] -- C:\Users\Gnuj\AppData\Roaming\ProtectDISC [2013.09.30 07:10:14 | 000,000,000 | ---D | M] -- C:\Users\Gnuj\AppData\Roaming\simplitec [2013.04.03 08:09:40 | 000,000,000 | ---D | M] -- C:\Users\Gnuj\AppData\Roaming\Systweak [2013.05.21 15:49:18 | 000,000,000 | ---D | M] -- C:\Users\Gnuj\AppData\Roaming\TeamViewer [2012.09.24 14:41:41 | 000,000,000 | ---D | M] -- C:\Users\Gnuj\AppData\Roaming\Thunderbird [2012.08.27 16:53:46 | 000,000,000 | ---D | M] -- C:\Users\Gnuj\AppData\Roaming\Thunderbird_Test_loeschen [2013.03.21 23:54:58 | 000,000,000 | ---D | M] -- C:\Users\Gnuj\AppData\Roaming\TuneUp Software [2012.03.01 11:34:50 | 000,000,000 | ---D | M] -- C:\Users\Gnuj\AppData\Roaming\Zeon ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 255 bytes -> C:\ProgramData\TEMP:0574215C @Alternate Data Stream - 247 bytes -> C:\ProgramData\TEMP:D95ACC7D < End of report > [/code] Die Extras.txt lautet: OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 11.11.2013 11:58:27 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Gnuj\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,96 Gb Total Physical Memory | 2,16 Gb Available Physical Memory | 54,51% Memory free
7,92 Gb Paging File | 5,49 Gb Available in Paging File | 69,34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 458,50 Gb Total Space | 280,69 Gb Free Space | 61,22% Space Free | Partition Type: NTFS
Drive D: | 7,17 Gb Total Space | 0,92 Gb Free Space | 12,80% Space Free | Partition Type: NTFS
Drive K: | 55,85 Gb Total Space | 7,71 Gb Free Space | 13,81% Space Free | Partition Type: NTFS
Drive L: | 55,85 Gb Total Space | 7,71 Gb Free Space | 13,81% Space Free | Partition Type: NTFS
Drive P: | 55,85 Gb Total Space | 7,71 Gb Free Space | 13,81% Space Free | Partition Type: NTFS
Drive Q: | 55,85 Gb Total Space | 7,71 Gb Free Space | 13,81% Space Free | Partition Type: NTFS
Computer Name: PC01 | User Name: Gnuj | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
[HKEY_USERS\S-1-5-21-3819896947-3942532061-1754202372-1137\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Vetad\PROGRAMM\Numzus\NumZus.exe" = C:\Vetad\PROGRAMM\NUMZUS\NumZus.exe:*:Enabled:NumZus.exe -- (Vetad eG)
"C:\Vetad\SYSTEM\DvpExe.exe" = C:\Vetad\SYSTEM\DvpExe.exe:*:Enabled:DvpExe.exe -- (Vetad eG)
"C:\Vetad\SYSTEM\DcomSrv.exe" = C:\Vetad\SYSTEM\DcomSrv.exe:*:Enabled:DcomSrv.exe -- (Vetad eG)
"C:\Vetad\PROGRAMM\RWApplic\Vetad.Irw.Managed.ServiceProvider.exe" = C:\Vetad\PROGRAMM\RWAPPLIC\Vetad.Irw.Managed.ServiceProvider.exe:*:Enabled:Vetad IRW ServiceProvider -- (Vetad eG)
"C:\Vetad\PROGRAMM\Mandant\Mandant.exe" = C:\Vetad\PROGRAMM\MANDANT\Mandant.exe:*:Enabled:Mandant.exe -- (Vetad eG)
"C:\Vetad\PROGRAMM\Numzus\NumZus.exe" = C:\Vetad\PROGRAMM\NUMZUS\NumZus.exe:*:Enabled:NumZus.exe -- (Vetad eG)
"C:\Vetad\SYSTEM\DvpExe.exe" = C:\Vetad\SYSTEM\DvpExe.exe:*:Enabled:DvpExe.exe -- (Vetad eG)
"C:\Vetad\SYSTEM\DcomSrv.exe" = C:\Vetad\SYSTEM\DcomSrv.exe:*:Enabled:DcomSrv.exe -- (Vetad eG)
"C:\Vetad\PROGRAMM\RWApplic\Vetad.Irw.Managed.ServiceProvider.exe" = C:\Vetad\PROGRAMM\RWAPPLIC\Vetad.Irw.Managed.ServiceProvider.exe:*:Enabled:Vetad IRW ServiceProvider -- (Vetad eG)
"C:\Vetad\PROGRAMM\Mandant\Mandant.exe" = C:\Vetad\PROGRAMM\MANDANT\Mandant.exe:*:Enabled:Mandant.exe -- (Vetad eG)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Vetad\PROGRAMM\Numzus\NumZus.exe" = C:\Vetad\PROGRAMM\NUMZUS\NumZus.exe:*:Enabled:NumZus.exe -- (Vetad eG)
"C:\Vetad\SYSTEM\DvpExe.exe" = C:\Vetad\SYSTEM\DvpExe.exe:*:Enabled:DvpExe.exe -- (Vetad eG)
"C:\Vetad\SYSTEM\DcomSrv.exe" = C:\Vetad\SYSTEM\DcomSrv.exe:*:Enabled:DcomSrv.exe -- (Vetad eG)
"C:\Vetad\PROGRAMM\RWApplic\Vetad.Irw.Managed.ServiceProvider.exe" = C:\Vetad\PROGRAMM\RWAPPLIC\Vetad.Irw.Managed.ServiceProvider.exe:*:Enabled:Vetad IRW ServiceProvider -- (Vetad eG)
"C:\Vetad\PROGRAMM\Mandant\Mandant.exe" = C:\Vetad\PROGRAMM\MANDANT\Mandant.exe:*:Enabled:Mandant.exe -- (Vetad eG)
"C:\Vetad\PROGRAMM\Numzus\NumZus.exe" = C:\Vetad\PROGRAMM\NUMZUS\NumZus.exe:*:Enabled:NumZus.exe -- (Vetad eG)
"C:\Vetad\SYSTEM\DvpExe.exe" = C:\Vetad\SYSTEM\DvpExe.exe:*:Enabled:DvpExe.exe -- (Vetad eG)
"C:\Vetad\SYSTEM\DcomSrv.exe" = C:\Vetad\SYSTEM\DcomSrv.exe:*:Enabled:DcomSrv.exe -- (Vetad eG)
"C:\Vetad\PROGRAMM\RWApplic\Vetad.Irw.Managed.ServiceProvider.exe" = C:\Vetad\PROGRAMM\RWAPPLIC\Vetad.Irw.Managed.ServiceProvider.exe:*:Enabled:Vetad IRW ServiceProvider -- (Vetad eG)
"C:\Vetad\PROGRAMM\Mandant\Mandant.exe" = C:\Vetad\PROGRAMM\MANDANT\Mandant.exe:*:Enabled:Mandant.exe -- (Vetad eG)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10C4A4DC-DC10-4D70-8DEE-4B5D2B3B2248}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{2385222C-BFB6-465B-BCF4-9C90A174FB77}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8ED5ED28-E9CA-48AF-9CE8-DC98A0EC921F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{937163CE-ACE4-42F6-806C-6559F8AEAF6F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A6B95237-364D-4D92-83C8-9428C055572A}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{A990BFEE-E16C-4CCB-9DAD-8F49E8CE8252}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{D5D2FE1F-7D32-4E8D-8EB1-0246E90EECC4}" = lport=1947 | protocol=17 | dir=in | name=hasp srm |
"{E912A675-D7AD-4B1F-B6C9-B589B1646E1C}" = lport=1947 | protocol=6 | dir=in | name=hasp srm |
"{EF9CDC5C-1F9F-4F3E-963C-7E7AAC7FF6B9}" = lport=58432 | protocol=6 | dir=in | app=c:\Vetad\programm\sws\limaservice.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A774F85-049F-4009-A669-51F6513D0F2D}" = dir=in | app=c:\program files (x86)\phraseexpress\phraseexpress.exe |
"{0C29C4AF-2379-476E-A769-29B22F27DAAB}" = protocol=6 | dir=in | app=c:\Vetad\programm\b0000195\addman\Vetadaddman.exe |
"{138A363D-C706-436A-8D20-19CFBB07B55B}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\acronis\syncagent\syncagentsrv.exe |
"{145BE8C9-20FA-48F5-AD71-EEBB06E97CC7}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{163EDC05-D6CE-414F-AB80-95473ADA63F2}" = protocol=6 | dir=in | app=c:\Vetad\system\ccsrv3.exe |
"{22546E69-EA1A-4762-BD0E-059D53A08911}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\acronis\syncagent\syncagentsrv.exe |
"{37853316-8405-4D28-A25C-8D478CC96B46}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{3D9B21EB-2E06-49F0-A639-800B73DB3A2D}" = protocol=6 | dir=in | app=c:\Vetad\programm\b0000000\dfuemngr\dfueman.exe |
"{433CAD54-798E-4C3F-8C54-5BCD39463810}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{46D73661-4D30-44F4-930A-88A8764A96FC}" = protocol=6 | dir=in | app=c:\Vetad\programm\dfueisdn\sslclt\sslclt.exe |
"{54B3D0B4-C729-4A8D-ADE4-8258FAD9CAD6}" = protocol=6 | dir=in | app=c:\Vetad\programm\rwapplic\Vetad.irw.managed.serviceprovider.exe |
"{6EEB5B22-08BC-4F2F-A5E6-879AD0683BFD}" = protocol=6 | dir=in | app=c:\Vetad\programm\b0000398\sipahost.exe |
"{74442853-BAD6-4C65-A083-DDAEBF40FC4D}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{74BB54F9-E6EC-4B4D-BD36-8F58C1A28DCC}" = protocol=6 | dir=in | app=c:\Vetad\programm\dfuews\mntbna\mntbna.exe |
"{82B24634-B99E-479D-A000-F6F96F508B46}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{876656E4-3BC6-48BE-9C98-1FADCB81C76F}" = protocol=6 | dir=in | app=c:\Vetad\programm\b0000391\Vetad.security.dokumentenschutz.exe |
"{8A6B822F-7368-4AC2-9043-3769A8BF205F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{8E0BDC2A-E338-4FEB-809A-F44B0AF3FDA1}" = protocol=6 | dir=in | app=c:\Vetad\programm\b0000000\dfuemngr\dcmanag.exe |
"{93E338CA-D75E-4AF6-B309-593E5424E936}" = protocol=6 | dir=in | app=c:\program files (x86)\g data\AVK\AVK.exe |
"{9D414D0B-2D9D-4EE1-B2A7-6CEBE76D75A8}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{9F2CB48E-0684-4A11-9852-3663B50426E1}" = protocol=6 | dir=in | app=c:\Vetad\programm\rzkomm\dfuesammlerdienst.exe |
"{A8D70594-FDB4-48DE-9586-E9350957BBA6}" = dir=in | app=c:\windows\system32\hasplms.exe |
"{B6CBC4A3-032E-4C4B-8498-85B7F21DC81C}" = dir=in | app=c:\program files (x86)\phraseexpress\phraseexpress.exe |
"{C75E63FC-04B6-45D0-8E0B-DE595BCC3D27}" = dir=in | app=c:\users\Gnuj\appdata\local\microsoft\skydrive\skydrive.exe |
"{C798D0FB-6FA7-4529-A78A-B469681EEBA5}" = dir=in | app=c:\program files (x86)\phraseexpress\phraseexpress.exe |
"{CEE6D5F1-4F6B-4D1B-BDB6-00F7A065FB3E}" = protocol=6 | dir=in | app=c:\Vetad\programm\rzkomm\funkt_fv.exe |
"{D962534B-16F6-4F17-AC8F-208D61DE2299}" = dir=in | app=c:\windows\system32\hasplms.exe |
"{E046DFB2-F083-473B-AD57-ED7E637112EF}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{E1872177-5C4C-48B7-9B52-81AF886E767E}" = protocol=6 | dir=in | app=c:\Vetad\programm\k0005000\arbeitsplatz.exe |
"{E1FAD1C2-0C51-49B8-B68F-6FE3F6C751EB}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{E8F9144E-2C44-47F0-A8D2-01945C002780}" = protocol=17 | dir=in | app=c:\program files (x86)\g data\AVK\AVK.exe |
"{EBA9312D-1198-4AE2-B475-5854A8A613E9}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{EF66A39B-C95C-42F1-8572-76719324EEA1}" = dir=in | app=c:\program files (x86)\phraseexpress\phraseexpress.exe |
"{F71AB79D-F997-4A28-8197-BEA2299ECC96}" = dir=in | app=c:\program files (x86)\phraseexpress\phraseexpress.exe |
"TCP Query User{2CD8E70E-6CBD-4C25-BFDF-F8A0E140B050}C:\users\Gnuj\appdata\local\data becker\web to date 6.0\apache\apache.exe" = protocol=6 | dir=in | app=c:\users\Gnuj\appdata\local\data becker\web to date 6.0\apache\apache.exe |
"TCP Query User{2DE4F6D0-E676-4B10-A585-357516B63CC3}C:\program files (x86)\g data\AVK\AVK.exe" = protocol=6 | dir=in | app=c:\program files (x86)\g data\AVK\AVK.exe |
"TCP Query User{46041A11-F91C-4003-89EF-FF3321388378}C:\program files (x86)\acronis\trueimagehome\trueimage.exe" = protocol=6 | dir=in | app=c:\program files (x86)\acronis\trueimagehome\trueimage.exe |
"TCP Query User{58BEF8A0-A005-4777-BC57-295BB38CCD85}C:\Vetad\programm\dfueisdn\sslclt\sslclt.exe" = protocol=6 | dir=in | app=c:\Vetad\programm\dfueisdn\sslclt\sslclt.exe |
"TCP Query User{D1629DD7-28E6-4EF7-821B-F603739249C3}C:\program files (x86)\g data\AVK\AVK.exe" = protocol=6 | dir=in | app=c:\program files (x86)\g data\AVK\AVK.exe |
"TCP Query User{F8BAC537-545E-49AA-A628-0E017D445F69}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{1DA03D52-7559-4F7C-B2CB-A263D5BBFBA5}C:\program files (x86)\g data\AVK\AVK.exe" = protocol=17 | dir=in | app=c:\program files (x86)\g data\AVK\AVK.exe |
"UDP Query User{1E6B0306-CFC4-4A6F-B774-E1BB6C677DB0}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{44B8ED4F-BB55-4CCE-83A0-E9516688A66C}C:\Vetad\programm\dfueisdn\sslclt\sslclt.exe" = protocol=17 | dir=in | app=c:\Vetad\programm\dfueisdn\sslclt\sslclt.exe |
"UDP Query User{C059E750-6156-4010-84C0-5CFBF97EDB94}C:\program files (x86)\acronis\trueimagehome\trueimage.exe" = protocol=17 | dir=in | app=c:\program files (x86)\acronis\trueimagehome\trueimage.exe |
"UDP Query User{CD30E9B5-C078-4449-8780-D294E4866F95}C:\program files (x86)\g data\AVK\AVK.exe" = protocol=17 | dir=in | app=c:\program files (x86)\g data\AVK\AVK.exe |
"UDP Query User{D1D5FBEC-B73C-4D8B-B5AA-7468E14D716E}C:\users\Gnuj\appdata\local\data becker\web to date 6.0\apache\apache.exe" = protocol=17 | dir=in | app=c:\users\Gnuj\appdata\local\data becker\web to date 6.0\apache\apache.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{054EF02F-95D8-48F4-9EEB-2F9CE3072ED8}" = AuthenTec TrueAPI
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{13815D81-44B6-7ADA-2A41-FFFC64DD6FAB}" = ccc-utility64
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{2FD0FA0A-7A21-4C4A-B268-1142B54E035E}" = Windows Live Family Safety
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{36B72E6E-E433-45FC-A929-C416FF63415A}" = Microsoft SQL Server 2005-Abwärtskompatibilität
"{3987279A-3504-2916-D063-741B910F0747}" = AMD Accelerated Video Transcoding
"{4D533F05-A3F6-F8A9-F1F6-FA6812089D36}" = AMD Drag and Drop Transcoding
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5EEC477F-8E9B-4420-8829-16E7426227DB}" = Windows Live MIME IFilter
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{73FE2F35-D23F-4AAD-8187-5BE58547DE9B}" = MAGIX Foto & Grafik Designer 9
"{7C39E0D1-E138-42B1-B083-213EC2CF7692}" = Microsoft SQL Server Native Client
"{7C5CAFD6-F51C-0011-410B-001EF3E342A7}" = AMD Media Foundation Decoders
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C9B6B1F-0A8E-402A-A60C-110BBB38D67E}" = Intel(R) Network Connections 15.7.176.0
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{90CB2C55-426D-0752-968D-9B0F1110202A}" = AMD Catalyst Install Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B625EA74-59BE-4F69-9400-357F453368FD}" = Nuance PDF Converter Professional 7
"{BFBF33B5-AEFE-454B-A189-DF5013028535}" = SQLXML4
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"FBDBServer_2_1_x64_is1" = Firebird 2.1.5.18496 (x64)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"PROSetDX" = Intel(R) Network Connections 15.7.176.0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03046EBB-CB7C-4B98-BEFB-690EB955DA22}" = HP Setup
"{03D562B5-C4E2-4846-A920-33178788BE00}" = Windows Live Communications Platform
"{063368C4-1F03-46C7-92A8-9066AF67B372}" = SPR532 SmartCard Reader V1.87
"{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0881ECE5-DCA1-462D-B515-F1732875EC74}" = Vetad Infragistics Runtime V.3.2
"{0A590981-75A9-B968-4A29-718E5A8E1416}" = CCC Help Dutch
"{0E6B8EA7-4FDF-F730-8F28-05720874BE71}" = CCC Help Chinese Traditional
"{0F929651-F516-4956-90F2-FFBD2CD5D30E}" = Photo Gallery
"{0FD66C6F-4023-4C74-AF8E-9B8B2053868E}" = Fotogalerie
"{0FF9CC94-EF23-401E-BDBD-37403D1A2B38}" = Windows Live SOXE Definitions
"{1003E625-BE5B-390B-7B60-D483D0B75A26}" = CCC Help Russian
"{124c474e-4f08-4c38-893a-7e77721f197c}" = Haufe Steuer Office
"{140653F5-8175-4783-AD5C-4E29C5F346EA}" = Haufe Steuer Office
"{1690611F-D4EA-A00D-DAAD-91D216869679}" = CCC Help Polish
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1EFB835F-DD75-48EC-BB3D-1A71CF604457}" = Windows Live Writer
"{22C58DA3-FA02-4DD3-8C5B-23570411E95B}" = Windows Live Writer Resources
"{23B93929-FAD4-40E5-96C6-0E977BB87204}" = Windows Live Essentials
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 45
"{26EED5E6-EC40-35A9-602A-C3CF03A9C1E6}" = CCC Help Portuguese
"{2C33E65D-9187-8F2E-40D8-BD9E24E341FB}" = CCC Help Italian
"{36B6FF8B-38E3-E64C-F840-75F6AAEBE3EA}" = Catalyst Control Center Graphics Previews Common
"{38F6C932-2274-4897-479D-03AA6BA5B567}" = CCC Help Turkish
"{3AB00888-CA03-0BFD-3F3C-C877767192B0}" = CCC Help Swedish
"{3ACA2563-E786-BDD4-C87B-09909BB3F61C}" = CCC Help Thai
"{3BC2C64B-0DA0-974B-6311-AED4F3711DCE}" = CCC Help Danish
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{45898170-E68C-4F02-AA35-C2186BF347A3}" = Movie Maker
"{46BADE08-F9BE-4365-8B91-11FDCE73FF9D}" = Windows Live Family Safety
"{49DC9658-D26A-4AAB-A83A-2655B8033056}" = Photo Common
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{505AFDC0-5E72-4928-8368-5DEA385E3647}" = CorelDRAW Graphics Suite 12
"{5A0EE0F0-E909-4F3B-B437-AAD9252427CB}" = Windows Live Installer
"{5BAC4DE5-4062-EE34-3337-5F92FE5D5032}" = CCC Help Spanish
"{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD
"{5FCFEBE0-EBDA-42A5-BC6E-67B94A47D6F0}" = kobdfu x64x86 driver installation
"{6007A8A9-231B-44B9-961F-639428E6C3B8}" = DFL2010 Microkernel
"{6066D3FE-3692-4449-A3C8-D1EAA2C0E9E7}" = Movie Maker
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B6923B9-8719-425B-916C-CD2908F31AAF}" = Windows Live SOXE
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{735DEB9C-61BD-4D31-994B-92395BBB4E45}" = Microsoft XML Parser
"{7ADCABE0-E651-6EA5-5128-26E203DAA5E1}" = CCC Help Korean
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F26BC94-9AAA-4FD2-A38A-F13B3ECA3426}" = Crystal Reports Runtime XI
"{83d09e25-22a6-4477-861e-ba8fb7503674}" = Haufe Personal Office Standard
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8815F011-43AF-4F50-BBD8-D78ED3D6F5B9}" = VR-NetWorld
"{8A261769-9640-4DB4-B877-3E00C61967F3}_is1" = SAD onlineTV 5
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8F80DAA3-8A1D-09E9-57E6-DB0223CF2CE4}" = CCC Help French
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2010 Primary Interop Assemblies
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9211CCBB-BEFE-4A0C-9199-D7A535DBFE5F}" = Brother MFL-Pro Suite MFC-8860DN
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A5509EE-5579-46C1-B566-5065545547F9}" = Media Add-ons für Acronis True Image Home 2012
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C411EF9-6EBA-46E3-8132-EDADF1CC0B16}" = SCR3xxx Smart Card Reader
"{9FECD1F1-4B1E-499D-BAF4-B9BDE655554D}" = HP SimplePass PE 2011
"{A8D93648-9F7F-407D-915C-62044644C3DA}" = MSI to redistribute MS VS2005 CRT libraries
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAA94EAA-40A4-458C-9D86-D1DA765B51D5}" = Windows Live Writer
"{AC172E9C-D9E6-4853-BEDB-FB6D72042F42}" = klickTel OEM Frühjahr 2010
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.05) - Deutsch
"{AD0E43FE-7BBA-4CEA-93E4-233695CD8AA2}" = Haufe iDesk-Browser
"{ADDBCF37-9534-42EE-A874-4BF1199AF4CE}" = Haufe Personal Office Standard
"{AFC71277-DE19-6505-8CBC-71D29163F44A}" = CCC Help German
"{B286BAC3-CBE6-4854-BF68-EB72A34CEA56}" = Windows Live Messenger
"{B2B7B1C8-7C8B-476C-BE2C-049731C55992}" = HP Support Information
"{B2F21D11-631B-33C2-8E1A-73EA57FDFE33}" = Microsoft ReportViewer 2010 Redistributable - Language Pack - deu
"{B305A97D-E41F-4CA5-889D-E312F8D167D8}" = DFL2010 ConfigDB
"{B3406262-5701-E9CC-D6B3-BA38C34125A9}" = CCC Help English
"{B8719A77-EAE1-47CC-81C9-C6E4AE9470D9}" = WebUpdate - Steuererklärungen
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{BBC2068D-CE9C-48F5-A6EA-4B44B9DB14A5}" = Catalyst Control Center - Branding
"{BD136CE7-6666-4273-A056-8D92F8625AAB}" = Sun ODF Plugin for Microsoft Office 3.2
"{BF1E337F-72E3-4F1A-8017-DFBE83365A15}" = Haufe Formular-Manager
"{C01A86F5-56E7-101F-9BC9-E3F1025EB779}" = Intel(R) Identity Protection Technology 1.1.2.0
"{C185AB5E-55CF-471D-8131-DAE00C13B326}" = WebUpdate - Einkommensteuer
"{C5B6078F-5D37-A122-2E6E-EDC623E8C787}" = CCC Help Czech
"{C5CBEBFF-3DB4-4271-A706-757BBE3BD5AE}" = KOBIL CCID driver x64x86
"{C6B0EE9E-2128-4448-B7AE-5E2B46E0F0E7}" = Windows Live Photo Common
"{C7068E1F-22C6-9408-7B24-584F32F66D70}" = CCC Help Finnish
"{C87B855D-DD8F-E419-C640-34936E813EA9}" = CCC Help Greek
"{CAD7F8D4-49C3-4101-BE7E-F1EEBF810AC2}" = Skov - Bts Edition
"{CC2BAF9A-926F-791D-772C-F582CD8A47B0}" = Catalyst Control Center InstallProxy
"{CCC7C18E-1BEA-409F-B7A9-6C9740B99119}" = Windows Live UX Platform Language Pack
"{CE1CA06F-0AD8-CA2A-3A3A-872E8191C198}" = CCC Help Norwegian
"{CECECCED-B7F3-B1A3-3241-0C5D775F8E70}" = CCC Help Chinese Standard
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D29B0575-C3DE-4746-A893-4FDF0F7D68B2}" = Windows Live Mail
"{D3CEF909-78DC-9D3D-37BD-52F5324C01DA}" = CCC Help Hungarian
"{D3D88E2B-0853-4C17-8FAF-962D0A93D776}" = Agelloc Ka
"{D496F7BC-6AE5-4A3E-85E6-605BDF92AFD8}" = Acronis True Image Home 2012
"{D496F7BC-6AE5-4A3E-85E6-605BDF92AFD8}Visible" = Acronis True Image Home 2012
"{D604900F-A275-416C-AF9D-CDEDF58B72DB}" = Windows Live Mail
"{D8230418-C44B-4AF8-A53C-05E8EE10D9CE}" = Haufe iDesk-Service
"{DD4CEACE-8B19-4B1C-AE82-DE0FC5787D4C}" = Iminent
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3445598-4424-4EE2-B71C-C23325F7FB71}" = Windows Live PIMT Platform
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E5135084-32A5-497A-B4CD-80A502C40A90}" = Plus Pack für Acronis True Image Home 2012
"{E71AFF36-199E-4013-0001-8DB5FD1561EC}" = audio converter 2.0
"{E7A679C2-2A9C-4008-9CF9-178A6C13D923}" = Dialogseminar online V.3.02
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{EAA9023E-4091-4285-8BD5-F84D8E83469A}" = Skov OS Upgrade
"{EBFC96E5-4409-426E-88B7-650ADB342E78}" = MSI to redistribute MS VS2005 CRT libraries
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{EFBCA571-617D-484A-9ECA-E301BB6D0750}" = Windows Live Writer
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F0E58739-2B4C-498F-9B0D-FF0F2FD52B61}" = Windows Live UX Platform
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1EA61A2-B88F-44AD-3143-419ECB6C7E9A}" = CCC Help Japanese
"{F6567C5A-C3EA-2E05-E89E-C8C52E33150D}" = Catalyst Control Center
"{F6F30C28-38AA-4DBA-AE0B-7E30238E61BB}" = Junk Mail filter update
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F8AEA743-A9CB-453C-9B3C-53D7F1D0CC22}" = B1315AppGuid
"{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1" = StreamTransport version: 1.0.2.2171
"{FB3FA4C6-98A3-41C0-8713-6BADBBCB4FBC}" = ADAC Gebrauchtwagen 2010-2011
"{FC5F20C5-C44E-40DE-927C-4C7D7994912F}" = Windows Live Messenger
"{FE54AF33-9364-7053-670F-A15AD658214C}" = Catalyst Control Center Localization All
"{FF50CC0F-0759-418A-0001-8C8AF87A60AC}" = Notifier
"3D Traumhaus Designer 7 Pro_is1" = DATA BECKER 3D Traumhaus Designer 7 Pro
"5513-1208-7298-9440" = JDownloader 0.9
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Any Video Converter_is1" = Any Video Converter 5.0.9
"Ashampoo Snap 3_is1" = Ashampoo Snap 3.50
"Biet-O-Matic v2.14.8" = Biet-O-Matic v2.14.8
"Agelloc-Ka_is1" = Agelloc Ka
"VetadB00000482.0" = Vetad Installation V.3.1
"ElsterFormular 12.4.1.7699k" = ElsterFormular
"FreeCommander_is1" = FreeCommander 2009.02b
"Google Chrome" = Google Chrome
"Mozilla Firefox 25.0 (x86 de)" = Mozilla Firefox 25.0 (x86 de)
"Mozilla Thunderbird 17.0 (x86 de)" = Mozilla Thunderbird 17.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MX.{73FE2F35-D23F-4AAD-8187-5BE58547DE9B}" = MAGIX Foto & Grafik Designer 9
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Opera 12.16.1860" = Opera 12.16
"Organizer V99.1" = Lotus Organizer 6.0
"PhraseExpress_is1" = PhraseExpress v9.1.47
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"test und FINANZtest Archiv CD-Rom 2010" = test und FINANZtest Archiv CD-Rom 2010
"test und FINANZtest Archiv CD-Rom 2011" = test und FINANZtest Archiv CD-Rom 2011
"test und FINANZtest Archiv CD-Rom 2012" = test und FINANZtest Archiv CD-Rom 2012
"tksuite_tksuite_client" = AGFEO TK-Suite Client
"VIP Access SDK" = VIP Access SDK (1.0.1.4)
"web to date 6.0_is1" = DATA BECKER web to date 6.0
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3819896947-3942532061-1754202372-1137\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"prüfungs-Kartei" = Prüfungs-Kartei
"JDownloader Download Manager Packages" = JDownloader Download Manager Packages
"jZip" = jZip
"SkyDriveSetup.exe" = Microsoft SkyDrive
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 04.12.2012 11:22:34 | Computer Name = PC01.Ka.local | Source = DFÜ-Manager | ID = 2
Description = Das DFÜ-System ist inkonsistent.
Error - 04.12.2012 11:22:44 | Computer Name = PC01.Ka.local | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc3c1 Name des fehlerhaften Moduls: wmisvc.dll, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5be102 Ausnahmecode: 0xc0000006 Fehleroffset: 0x0000000000014360
ID
des fehlerhaften Prozesses: 0x4c8 Startzeit der fehlerhaften Anwendung: 0x01cdd22c8f45c3fc
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\svchost.exe Pfad des fehlerhaften
Moduls: c:\windows\system32\wbem\wmisvc.dll Berichtskennung: 733b9f47-3e26-11e2-a4c9-2c4138ac8f87
Error - 04.12.2012 11:22:44 | Computer Name = PC01.Ka.local | Source = Application Error | ID = 1005
Description = Aus einem der folgenden Gründe kann nicht auf die Datei "C:\Windows\System32\wbem\WMIsvc.dll"
zugegriffen werden: Es besteht ein Problem mit der Verbindung, dem Datenträger
mit der gespeicherten Datei bzw. den auf dem Computer installierten Speichertreibern,
oder der Datenträger fehlt. Das Programm Hostprozess für Windows-Dienste wurde wegen
dieses Fehlers geschlossen. Programm: Hostprozess für Windows-Dienste Datei: C:\Windows\System32\wbem\WMIsvc.dll
Der
Fehlerwert ist im Abschnitt "Zusätzliche Dateien" aufgelistet. Benutzeraktion 1.
Öffnen Sie die Datei erneut. Diese Situation ist eventuell ein temporäres Problem,
das selbstständig behoben wird, wenn das Programm erneut ausgeführt wird. 2. Wenn
Sie weiterhin nicht auf die Datei zugreifen können und - diese sich im Lokal
befindet, dann sollte der Lokaladministrator überprüfen, dass kein Lokalproblem
besteht und dass eine Verbindung mit dem Server hergestellt werden kann. - diese
sich auf einem Wechseldatenträger, wie z. B. einer Diskette oder einer CD, befindet,
überprüfen Sie, ob der Datenträger richtig in den Computer eingelegt ist. 3. Überprüfen
und reparieren Sie das Dateisystem, indem Sie CHKDSK ausführen. Klicken Sie dazu
im Menü "Start" auf "Ausführen", geben Sie CMD ein, und klicken Sie auf "OK". Geben
Sie an der Eingabeaufforderung CHKDSK /F ein, und drücken Sie die EINGABETASTE.
4.
Stellen Sie die Datei von einer Sicherungskopie wieder her, wenn das Problem weiterhin
besteht. 5. Überprüfen Sie, ob andere Dateien auf demselben Datenträger geöffnet
werden können. Falls dies nicht möglich ist, ist der Datenträger eventuell beschädigt.
Wenden Sie sich an den Administrator oder den Hersteller der Computerhardware,
um weitere Unterstützung zu erhalten, wenn es sich um eine Festplatte handelt. Zusätzliche
Daten Fehlerwert: E000000F Datenträgertyp: 3
Error - 04.12.2012 11:30:46 | Computer Name = PC01.Ka.local | Source = AVKWCtl | ID = 0
Description = Thread konnte nicht gestartet werden
Error - 04.12.2012 11:36:28 | Computer Name = PC01.Ka.local | Source = AVKWCtl | ID = 0
Description = Thread konnte nicht gestartet werden
Error - 04.12.2012 11:41:58 | Computer Name = PC01.Ka.local | Source = AVKWCtl | ID = 0
Description = Thread konnte nicht gestartet werden
Error - 04.12.2012 13:31:08 | Computer Name = PC01.Ka.local | Source = Brother BrLog | ID = 1001
Description = TWN BrtTWN: [2012/12/04 18:31:08.250]: [00005728]: Read S-Key information
failed!
Error - 04.12.2012 13:37:02 | Computer Name = PC01.Ka.local | Source = Brother BrLog | ID = 1001
Description = TWN BrtTWN: [2012/12/04 18:37:02.601]: [00005728]: Read S-Key information
failed!
Error - 04.12.2012 18:37:10 | Computer Name = PC01.Ka.local | Source = DFÜ-Manager | ID = 2
Description = Das DFÜ-System ist inkonsistent.
Error - 05.12.2012 03:08:27 | Computer Name = PC01.Ka.local | Source = AVKWCtl | ID = 0
Description = Thread konnte nicht gestartet werden
[ Hewlett-Packard Events ]
Error - 20.11.2012 17:13:22 | Computer Name = PC01.Ka.local | Source = HPSF.exe | ID = 4000
Description =
Error - 20.11.2012 17:14:12 | Computer Name = PC01.Ka.local | Source = HPSF.exe | ID = 4000
Description =
Error - 20.11.2012 17:15:02 | Computer Name = PC01.Ka.local | Source = HPSF.exe | ID = 4000
Description =
Error - 20.11.2012 17:15:52 | Computer Name = PC01.Ka.local | Source = HPSF.exe | ID = 4000
Description =
Error - 20.11.2012 17:17:17 | Computer Name = PC01.Ka.local | Source = HPSF.exe | ID = 4000
Description =
Error - 20.11.2012 17:17:32 | Computer Name = PC01.Ka.local | Source = HPSF.exe | ID = 4000
Description =
Error - 20.11.2012 17:18:22 | Computer Name = PC01.Ka.local | Source = HPSF.exe | ID = 4000
Description =
Error - 20.11.2012 17:18:34 | Computer Name = PC01.Ka.local | Source = HPSF.exe | ID = 4000
Description =
Error - 22.11.2012 20:10:15 | Computer Name = PC01.Ka.local | Source = HPSF.exe | ID = 4000
Description =
Error - 12.03.2013 16:45:42 | Computer Name = PC01.Ka.local | Source = HPSF.exe | ID = 4000
Description =
[ System Events ]
Error - 28.10.2013 13:30:41 | Computer Name = PC01.Ka.local | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 01.11.2013 03:23:28 | Computer Name = PC01.Ka.local | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description = Überprüfung des verschlüsselten Volumes: Die Volumeinformationen auf
"" können nicht gelesen werden.
Error - 02.11.2013 05:27:34 | Computer Name = PC01.Ka.local | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Vetad DFL-Service-Manager" wurde nicht richtig gestartet.
Error - 05.11.2013 09:28:31 | Computer Name = PC01.Ka.local | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
Error - 05.11.2013 09:28:31 | Computer Name = PC01.Ka.local | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
Error - 05.11.2013 09:28:32 | Computer Name = PC01.Ka.local | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
Error - 06.11.2013 19:32:36 | Computer Name = PC01.Ka.local | Source = DCOM | ID = 10010
Description =
Error - 07.11.2013 06:23:59 | Computer Name = PC01.Ka.local | Source = NETLOGON | ID = 5719
Description = Der Computer konnte eine sichere Sitzung mit einem Domänencontroller
in der Domäne Ka aufgrund der folgenden Ursache nicht einrichten: %%1311 Dies
kann zu Authentifizierungsproblemen führen. Stellen Sie sicher, dass der Computer
mit dem Lokal verbunden ist. Wenden Sie sich an den Domänenadministrator, wenn
das Problem weiterhin besteht. ZUSÄTZLICHE INFORMATIONEN Wenn dieser Computer ein
Domänencontroller der bestimmten Domäne ist, wird eine sichere Sitzung zum primären
Domänencontrolleremulator
in der bestimmten Domäne eingerichtet. Andernfalls richtet dieser Computer eine
sichere Sitzung zu einem beliebigen Domänencontroller in der bestimmten Domäne ein.
Error - 09.11.2013 06:09:14 | Computer Name = PC01.Ka.local | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description = Überprüfung des verschlüsselten Volumes: Die Volumeinformationen auf
"" können nicht gelesen werden.
Error - 11.11.2013 04:14:00 | Computer Name = PC01.Ka.local | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description = Überprüfung des verschlüsselten Volumes: Die Volumeinformationen auf
"" können nicht gelesen werden.
< End of report >
[/code] Gruß von Löwe |
|
12.11.2013, 09:44
| #4 |
| /// the machine /// TB-Ausbilder | Trojan.GenericKD.942439 / Trojan.GenericKD.1305731 u.a. hi, Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
12.11.2013, 23:51
| #5 |
| | Trojan.GenericKD.942439 / Trojan.GenericKD.1305731 u.a. hi, hier das Ergebnis von ComboFix: [code] Combofix Logfile: Code:
ATTFilter ComboFix 13-11-12.01 - Gnuj 12.11.2013 23:15:07.4.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.4054.2310 [GMT 1:00]
ausgeführt von:: c:\users\Gnuj\Desktop\ComboFix.exe
AV: G Data AntiVirus *Disabled/Updated* {39B780B4-63C2-05B0-3B40-8F7A21E4F496}
SP: G Data AntiVirus *Disabled/Updated* {82D66150-45F8-0A3E-01F0-B4085A63BE2B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\AGFEO\Tk-Suite\tools\ctimon.exe
c:\windows\SysWow64\FlashPlayerApp.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-10-12 bis 2013-11-12 ))))))))))))))))))))))))))))))
.
.
2013-11-12 22:27 . 2013-11-12 22:27 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-11-12 22:27 . 2013-11-12 22:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-11-12 22:27 . 2013-11-12 22:27 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2013-11-12 22:27 . 2013-11-12 22:27 -------- d-----w- c:\users\Admin\AppData\Local\temp
2013-11-10 23:42 . 2013-11-10 23:42 -------- d-----w- C:\FRST
2013-10-22 16:10 . 2013-10-22 16:10 -------- d-----w- c:\programdata\Oracle
2013-10-22 16:10 . 2013-10-22 16:10 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-10-22 16:10 . 2013-10-08 05:50 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-10 23:07 . 2012-01-02 14:39 80541720 ----a-w- c:\windows\system32\MRT.exe
2013-10-10 09:18 . 2012-11-14 12:59 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-29 09:11 . 2007-04-27 08:43 120200 ----a-w- c:\windows\SysWow64\DLLDEV32i.dll
2013-09-22 23:28 . 2013-10-10 23:15 1767936 ----a-w- c:\windows\SysWow64\wininet.dll
2013-09-22 23:27 . 2013-10-10 23:15 2876928 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-09-22 23:27 . 2013-10-10 23:15 61440 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-09-22 23:27 . 2013-10-10 23:15 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-09-22 22:55 . 2013-10-10 23:15 51712 ----a-w- c:\windows\system32\ie4uinit.exe
2013-09-22 22:55 . 2013-10-10 23:15 2241024 ----a-w- c:\windows\system32\wininet.dll
2013-09-22 22:55 . 2013-10-10 23:15 1365504 ----a-w- c:\windows\system32\urlmon.dll
2013-09-22 22:54 . 2013-10-10 23:15 603136 ----a-w- c:\windows\system32\msfeeds.dll
2013-09-22 22:54 . 2013-10-10 23:15 19252224 ----a-w- c:\windows\system32\mshtml.dll
2013-09-22 22:54 . 2013-10-10 23:15 855552 ----a-w- c:\windows\system32\jscript.dll
2013-09-22 22:54 . 2013-10-10 23:15 3959296 ----a-w- c:\windows\system32\jscript9.dll
2013-09-22 22:54 . 2013-10-10 23:15 53248 ----a-w- c:\windows\system32\jsproxy.dll
2013-09-22 22:54 . 2013-10-10 23:15 526336 ----a-w- c:\windows\system32\ieui.dll
2013-09-22 22:54 . 2013-10-10 23:15 67072 ----a-w- c:\windows\system32\iesetup.dll
2013-09-22 22:54 . 2013-10-10 23:15 39936 ----a-w- c:\windows\system32\iernonce.dll
2013-09-22 22:54 . 2013-10-10 23:15 2647552 ----a-w- c:\windows\system32\iertutil.dll
2013-09-22 22:54 . 2013-10-10 23:15 136704 ----a-w- c:\windows\system32\iesysprep.dll
2013-09-22 22:54 . 2013-10-10 23:15 15404544 ----a-w- c:\windows\system32\ieframe.dll
2013-09-21 03:38 . 2013-10-10 23:15 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-09-21 03:30 . 2013-10-10 23:15 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-09-21 02:48 . 2013-10-10 23:15 89600 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-09-21 02:39 . 2013-10-10 23:15 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-09-14 01:10 . 2013-10-10 08:19 497152 ----a-w- c:\windows\system32\drivers\afd.sys
2013-09-08 02:30 . 2013-10-10 08:19 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-09-08 02:27 . 2013-10-10 08:19 327168 ----a-w- c:\windows\system32\mswsock.dll
2013-09-08 02:03 . 2013-10-10 08:19 231424 ----a-w- c:\windows\SysWow64\mswsock.dll
2013-08-29 02:17 . 2013-10-10 08:19 5549504 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-29 02:16 . 2013-10-10 08:19 1732032 ----a-w- c:\windows\system32\ntdll.dll
2013-08-29 02:16 . 2013-10-10 08:19 243712 ----a-w- c:\windows\system32\wow64.dll
2013-08-29 02:16 . 2013-10-10 08:19 859648 ----a-w- c:\windows\system32\tdh.dll
2013-08-29 02:13 . 2013-10-10 08:19 878080 ----a-w- c:\windows\system32\advapi32.dll
2013-08-29 01:51 . 2013-10-10 08:19 3969472 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51 . 2013-10-10 08:19 3914176 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50 . 2013-10-10 08:19 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-08-29 01:50 . 2013-10-10 08:19 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll
2013-08-29 01:50 . 2013-10-10 08:19 619520 ----a-w- c:\windows\SysWow64\tdh.dll
2013-08-29 01:48 . 2013-10-10 08:19 640512 ----a-w- c:\windows\SysWow64\advapi32.dll
2013-08-29 01:48 . 2013-10-10 08:19 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-08-29 00:49 . 2013-10-10 08:19 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-08-29 00:49 . 2013-10-10 08:19 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-08-29 00:49 . 2013-10-10 08:19 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-08-29 00:49 . 2013-10-10 08:19 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-08-28 01:21 . 2013-10-10 08:19 3155968 ----a-w- c:\windows\system32\win32k.sys
2013-08-28 01:12 . 2013-10-10 08:18 461312 ----a-w- c:\windows\system32\scavengeui.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-06-24 11:28 222832 ----a-w- c:\users\Gnuj\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-06-24 11:28 222832 ----a-w- c:\users\Gnuj\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-06-24 11:28 222832 ----a-w- c:\users\Gnuj\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2011-01-17 112152]
"AVK Client"="c:\program files (x86)\G Data\AVK\AVK.exe" [2012-02-28 1800696]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"PDFHook"="c:\program files (x86)\Nuance\PDF Professional 7\pdfpro7hook.exe" [2010-10-16 1275168]
"PDF7 Registry Controller"="c:\program files (x86)\Nuance\PDF Professional 7\RegistryController.exe" [2010-10-16 121120]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-03-09 636032]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"Vetad Update-Monitor"="c:\Vetad\PROGRAMM\Install\DvInesASDMon.exe" [2012-12-20 288352]
"SiPaHost"="c:\Vetad\PROGRAMM\B0000398\SiPaHost.exe" [2013-01-18 551464]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\users\Gnuj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
klickTel OEM Frühjahr 2010 - Schnellstarter.lnk - c:\program files (x86)\klickTel\klickTel OEM Frühjahr 2010\KSTART32.EXE [2012-1-14 464384]
Lotus Organizer EasyClip.lnk - c:\lotus\organize\easyclip6.exe /LDE [1999-9-15 229432]
PhraseExpress Diagnose-Modus.lnk - c:\program files (x86)\PhraseExpress\phraseexpress.exe -debug [2012-8-29 14144320]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Basisschnittstelle Office Initialisierung.lnk - c:\Vetad\PROGRAMM\BSoffice\service\OfficeDiag.exe /EnsureUI [2013-5-8 42536]
CleanupPrintJobs.lnk - c:\Vetad\PROGRAMM\B0001401\CleanupPrintJobs.exe [2013-2-18 22624]
Vetad-Hinweis Mitteilungsdienst.lnk - c:\Vetad\PROGRAMM\A0000007\DHNC.exe [2009-5-27 45056]
DFÜ-Manager.lnk - c:\Vetad\PROGRAMM\B0000000\DFUEMNGR\DfueMan.exe [2012-7-27 358048]
PhraseExpress.lnk - c:\program files (x86)\PhraseExpress\phraseexpress.exe [2012-8-29 14144320]
RZ-Druckertreiber V.2.3.lnk - c:\Vetad\SYSTEM\rzpjwtch.exe [2008-6-18 36448]
SkyUserDevmode-Update.lnk - c:\Vetad\PROGRAMM\B0001401\UpdateDevmode.exe [2013-2-18 22624]
VR-NetWorld Auftragsprüfung.lnk - c:\program files (x86)\VR-NetWorld\VRToolCheckOrder.exe /autostart [2012-2-20 1136640]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
"ConsentPromptBehaviorAdmin"= 5 (0x5)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Nuance PDF Converter Professional 7-reminder"="c:\program files (x86)\Nuance\PDF Professional 7\Ereg\Ereg.exe" -r "c:\programdata\Nuance\PDF Converter Professional 7\Ereg\Ereg.ini"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"Vetad_SCardMan"=
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HRService;Haufe iDesk-Service in c:\program files (x86)\Haufe\iDesk\iDeskService\Zope;c:\program files (x86)\Haufe\iDesk\iDeskService\iDeskService.exe;c:\program files (x86)\Haufe\iDesk\iDeskService\iDeskService.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 GDBackupSvc;G Data Backup Service;c:\program files (x86)\G Data\AVK\AVKBackupService.exe;c:\program files (x86)\G Data\AVK\AVKBackupService.exe [x]
R3 IFCoEMP;IFCoEMP;c:\windows\system32\drivers\ifM52x64.sys;c:\windows\SYSNATIVE\drivers\ifM52x64.sys [x]
R3 IFCoEVB;IFCoEVB;c:\windows\system32\drivers\ifP52X64.sys;c:\windows\SYSNATIVE\drivers\ifP52X64.sys [x]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 KOBCCEX;KOBCCEX;c:\windows\system32\drivers\KOBCCEX.sys;c:\windows\SYSNATIVE\drivers\KOBCCEX.sys [x]
R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys;c:\windows\SYSNATIVE\drivers\pmxdrv.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys;c:\windows\SYSNATIVE\DRIVERS\fltsrv.sys [x]
S0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys;c:\windows\SYSNATIVE\drivers\GDBehave.sys [x]
S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys;c:\windows\SYSNATIVE\DRIVERS\vididr.sys [x]
S0 vidsflt58;Acronis Disk Storage Filter (58);c:\windows\system32\DRIVERS\vsflt58.sys;c:\windows\SYSNATIVE\DRIVERS\vsflt58.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys;c:\windows\SYSNATIVE\drivers\MiniIcpt.sys [x]
S1 gdwfpcd;G Data WFP CD;c:\windows\system32\drivers\gdwfpcd64.sys;c:\windows\SYSNATIVE\drivers\gdwfpcd64.sys [x]
S1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys;c:\windows\SYSNATIVE\drivers\GRD.sys [x]
S1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys;c:\windows\SYSNATIVE\drivers\HookCentre.sys [x]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys;c:\windows\SYSNATIVE\drivers\acedrv11.sys [x]
S2 afcdpsrv;Acronis Nonstop Backup-Dienst;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [x]
S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys;c:\windows\SYSNATIVE\drivers\aksdf.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirusKit Client;G DATA AntiVirus Client;c:\program files (x86)\G Data\AVK\AVK.exe;c:\program files (x86)\G Data\AVK\AVK.exe [x]
S2 AVKProxy;G Data AntiVirus Proxy;c:\program files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe;c:\program files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe [x]
S2 AVKWCtl;G Data Dateisystem Wächter;c:\program files (x86)\G Data\AVK\AVKWCtlX64.exe;c:\program files (x86)\G Data\AVK\AVKWCtlX64.exe [x]
S2 Vetad Update-Service;Vetad Update-Service;c:\Vetad\PROGRAMM\INSTALL\DvInesASDSvc.Exe;c:\Vetad\PROGRAMM\INSTALL\DvInesASDSvc.Exe [x]
S2 Vetad.Framework.RemoteServiceModel.EnablerService;Vetad DFL-Service-Manager;c:\Vetad\SYSTEM\Vetad.Framework.RemoteServiceModel.GenericService2010.exe Vetad.Framework.RemoteServiceModel.EnablerService -SvcRunLevel=9999 -Single;c:\Vetad\SYSTEM\Vetad.Framework.RemoteServiceModel.GenericService2010.exe Vetad.Framework.RemoteServiceModel.EnablerService -SvcRunLevel=9999 -Single [x]
S2 VetadPrintService;Vetad Druckservice;c:\Vetad\PROGRAMM\B0001442\PSNTSERV.EXE;c:\Vetad\PROGRAMM\B0001442\PSNTSERV.EXE [x]
S2 DBService;DATA BECKER Update Service;c:\program files (x86)\Common Files\DATA BECKER Shared\DBService.exe;c:\program files (x86)\Common Files\DATA BECKER Shared\DBService.exe [x]
S2 Dcmanag;Vetad DFÜ-System Dienst;c:\Vetad\PROGRAMM\B0000000\DFUEMNGR\DcManag.exe;c:\Vetad\PROGRAMM\B0000000\DFUEMNGR\DcManag.exe [x]
S2 DVckService;DVckService;c:\Vetad\PROGRAMM\B0000150\ScServer\DVckService.exe;c:\Vetad\PROGRAMM\B0000150\ScServer\DVckService.exe [x]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbguard.exe;c:\program files\Firebird\Firebird_2_1\bin\fbguard.exe [x]
S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [x]
S2 hasplms;Sentinel Local License Manager;c:\windows\system32\hasplms.exe -run;c:\windows\SYSNATIVE\hasplms.exe -run [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [x]
S2 KOBIL_MSDI;KOBIL_MSDI;c:\Vetad\PROGRAMM\B0000404\msdisrv.exe;c:\Vetad\PROGRAMM\B0000404\msdisrv.exe [x]
S2 PDFProFiltSrv;PDFProFiltSrv;c:\program files (x86)\Nuance\PDF Professional 7\PDFProFiltSrv.exe;c:\program files (x86)\Nuance\PDF Professional 7\PDFProFiltSrv.exe [x]
S2 SC_SERV3D;SC_SERV3D;c:\windows\system32\drivers\d3_kafm.sys;c:\windows\SYSNATIVE\drivers\d3_kafm.sys [x]
S2 Sicherheitspaket-Dienst;Sicherheitspaket-Dienst;c:\Vetad\PROGRAMM\B0000398\SiPaHostService.exe;c:\Vetad\PROGRAMM\B0000398\SiPaHostService.exe [x]
S2 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 vToolbarUpdater12.2.0;vToolbarUpdater12.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe [x]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys;c:\windows\SYSNATIVE\DRIVERS\afcdp.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 Vetad.Framework.RemoteServices;Vetad DFL Infrastruktur-Dienst;c:\Vetad\SYSTEM\Vetad.Framework.RemoteServiceModel.GenericService2010.exe Vetad.Framework.RemoteServices -SvcRunLevel=1000 -Single;c:\Vetad\SYSTEM\Vetad.Framework.RemoteServiceModel.GenericService2010.exe Vetad.Framework.RemoteServices -SvcRunLevel=1000 -Single [x]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbserver.exe;c:\program files\Firebird\Firebird_2_1\bin\fbserver.exe [x]
S3 GDScan;G Data Scanner;c:\program files (x86)\Common Files\G DATA\GDScan\GDScan.exe;c:\program files (x86)\Common Files\G DATA\GDScan\GDScan.exe [x]
S3 KOBCCID;KOBCCID;c:\windows\system32\drivers\KOBCCID.sys;c:\windows\SYSNATIVE\drivers\KOBCCID.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-17 16:57 1185744 ----a-w- c:\program files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-11-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-14 09:18]
.
2013-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-26 12:26]
.
2013-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-26 12:26]
.
2013-11-11 c:\windows\Tasks\HPCeeScheduleForGnuj.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
2013-10-30 c:\windows\Tasks\HPCeeScheduleForPC01$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-06-24 11:28 261744 ----a-w- c:\users\Gnuj\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-06-24 11:28 261744 ----a-w- c:\users\Gnuj\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-06-24 11:28 261744 ----a-w- c:\users\Gnuj\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-11 167960]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-11 417304]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-30 11660904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"="c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe" [2013-11-07 21720]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: An vorhandene PDF-Datei anhängen - c:\program files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Inhalt der ausgewählten Links an vorhandene PDF-Datei anhängen - c:\program files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
IE: Linkinhalt an vorhandene PDF-Datei anhängen - c:\program files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Mit Nuance PDF Converter 7.0 öffnen - c:\program files (x86)\Nuance\PDF Professional 7\cnvres_ger.dll /100
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: PDF-Datei aus Linkinhalt erstellen - c:\program files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: PDF-Datei erstellen - c:\program files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: PDF-Dateien aus den ausgewählten Links erstellen - c:\program files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
IE: {{B4E30F61-16D9-11D3-85D1-005004229569} - {85E0B172-04FA-11D1-B7DA-00A0C90348D6} - c:\lotus\organize\bandobjs.dll
TCP: DhcpNameServer = 192.168.199.10
DPF: {15BE8BEE-4105-4A79-B385-25068AA967DB} - hxxp://de1.iradiopop.com/IRD/pages/VBIMDPlayer.CAB
FF - ProfilePath - c:\users\Gnuj\AppData\Roaming\Mozilla\Firefox\Profiles\rd42lxr8.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.de/|hxxp://www.ebay.de/|hxxp://www.web.de/|hxxp://www.geizkragen.de/preisvergleich/telefon-und-co/handys-ohne-vertrag/samsung/samsung-galaxy-s4-i9505/802087.html|hxxp://forum.chip.de/drucker-scanner-co-21/|hxxp://www.dilem.fr/de/simulator/monture:OJ090/branche:ZM#!monture:OJ090/branche:ZC246|hxxp://www.gegenfrage.com/category/gold/|hxxp://www.proaurum.de/home/aktuellwichtig/chartanalyse/chart-analyse_23-07-2013.html|https://www.gevestor-group.de/?id=512829&banner=HV_redLink2_12609_63075742030&nl_link=HV_redLink2_12609_63075742030&utm_medium=email&utm_campaign=63075742030_2013-08-28T17%253A00_%255BAC%255D+Newsletter+vom+28.08.2013&utm_source=4016638430&SYS=000&SCID=anVuZ0AxYS10b3AtYmVyYXR1bmcuZGU%253D
FF - ExtSQL: 2013-10-10 10:40; toolbar@web.de; c:\users\Gnuj\AppData\Roaming\Mozilla\Firefox\Profiles\rd42lxr8.default\extensions\toolbar@web.de.xpi
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{11111111-1111-1111-1111-110011441179} - (no file)
Toolbar-10 - (no file)
c:\users\Gnuj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TK-Suite Client.lnk - c:\program files (x86)\AGFEO\Tk-Suite\tools\ctimon.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\TK-Suite Client.lnk - c:\program files (x86)\AGFEO\Tk-Suite\tools\ctimon.exe -m
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
ShellIconOverlayIdentifiers- - (no file)
ShellIconOverlayIdentifiers- - (no file)
ShellIconOverlayIdentifiers- - (no file)
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-11-12 23:30:23
ComboFix-quarantined-files.txt 2013-11-12 22:30
.
Vor Suchlauf: 61 Verzeichnis(se), 299.834.392.576 Bytes frei
Nach Suchlauf: 62 Verzeichnis(se), 301.436.907.520 Bytes frei
.
- - End Of File - - AE00A9389325BC84441A2C1C9DAD5D85
Gruß von Löwe |
|
13.11.2013, 10:19
| #6 |
| /// the machine /// TB-Ausbilder | Trojan.GenericKD.942439 / Trojan.GenericKD.1305731 u.a. Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> Trojan.GenericKD.942439 / Trojan.GenericKD.1305731 u.a. |
|
14.11.2013, 08:28
| #7 |
| | Trojan.GenericKD.942439 / Trojan.GenericKD.1305731 u.a. Hi, hier Malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.11.13.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16721 Gnuj :: PC01 [Administrator] 13.11.2013 19:03:27 mbam-log-2013-11-13 (19-03-27).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 272097 Laufzeit: 6 Minute(n), 23 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 9 HKCR\CrossriderApp0004479.BHO (PUP.Optional.CrossRider.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CrossriderApp0004479.Sandbox (PUP.Optional.CrossRider.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CrossriderApp0004479.Sandbox.1 (PUP.Optional.CrossRider.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\IminentWebBooster.Web2IMBHandler (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011441179} (PUP.Optional.CrossRider.M) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{11111111-1111-1111-1111-110011441179} (PUP.Optional.CrossRider.M) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011441179} (PUP.Optional.CrossRider.M) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441179} (PUP.Optional.CrossRider.M) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 1 HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Daten: yEzy1P1J0S1I1G0ZtG0F -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 2 C:\Users\Gnuj\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Gnuj\AppData\Roaming\OpenCandy\53DECCF57D3C4A68A34217BEE9F17779 (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 3 C:\Windows\Installer\8c516d.msi (PUP.Optional.SweetIM) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Gnuj\AppData\Roaming\Mozilla\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433} (PUP.Optional.Searchqu.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Gnuj\AppData\Roaming\OpenCandy\53DECCF57D3C4A68A34217BEE9F17779\TuneUpUtilities2013-2200218_de-DE.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.012 - Bericht erstellt am 14/11/2013 um 01:26:32
# Updated 11/11/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : Gnuj - PC01
# Gestartet von : C:\Users\Gnuj\Desktop\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\simplitec
Ordner Gelöscht : C:\Program Files (x86)\jZip
Ordner Gelöscht : C:\Program Files (x86)\Common Files\AVG Secure Search
Ordner Gelöscht : C:\Users\Gnuj\AppData\Local\jZip
Ordner Gelöscht : C:\Users\Gnuj\AppData\Roaming\simplitec
Ordner Gelöscht : C:\Users\Gnuj\AppData\Roaming\Systweak
Datei Gelöscht : C:\Windows\System32\roboot64.exe
Datei Gelöscht : C:\Users\Gnuj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\jZip.lnk
Datei Gelöscht : C:\Users\Gnuj\Desktop\jZip.lnk
Datei Gelöscht : C:\Users\Gnuj\AppData\Roaming\Mozilla\Firefox\Profiles\rd42lxr8.default\searchplugins\11-suche.xml
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\DNSBHO.dll
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\Iminent.MMServer.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\Iminent.WebBooster.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BrowserConnection.Loader
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DnsBHO.BHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Business.TinyUrl.UrlTinyfier
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IminentMMServer.ACPlayer
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\jZip.file
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings-InternalInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings-InternalInstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\jZip_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\jZip_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetimsetup_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetimsetup_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetpacksupdatemanager_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppPath\jZip.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{13C8734A-1AD2-4500-9F65-10D99AD80F54}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8E948448-E97B-4864-8177-546200709672}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220022442279}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{913FAA37-8CDB-4144-9047-E2A950CD967E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055445579}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066446679}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3614D305-2DBB-4991-9297-750DD60FFC73}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{913FAA37-8CDB-4144-9047-E2A950CD967E}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055445579}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066446679}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Schlüssel Gelöscht : HKCU\Software\jZip
Schlüssel Gelöscht : HKLM\Software\jZip
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\jZip
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\254796BF4AC84B64891B61C529A2E23F
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\254796BF4AC84B64891B61C529A2E23F
***** [ Browser ] *****
-\\ Internet Explorer v10.0.9200.16736
-\\ Mozilla Firefox v25.0 (de)
[ Datei : C:\Users\Gnuj\AppData\Roaming\Mozilla\Firefox\Profiles\rd42lxr8.default\prefs.js ]
Zeile gelöscht : user_pref("extensions.crossrider.bic", "13ba87d3eb7f9d8a90ad1a2050b7bc7f");
-\\ Google Chrome v30.0.1599.101
[ Datei : C:\Users\Gnuj\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [7218 octets] - [14/11/2013 01:14:19]
AdwCleaner[S0].txt - [6824 octets] - [14/11/2013 01:26:32]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6884 octets] ##########
Hier der Bericht von Junkware Romoval: Code:
ATTFilter
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Professional x64
Ran by Gnuj on 14.11.2013 at 1:38:52,43
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3819896947-3942532061-1754202372-1137\Software\sweetim
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Users\Gnuj\appdata\locallow\datamngr"
~~~ FireFox
Emptied folder: C:\Users\Gnuj\AppData\Roaming\mozilla\firefox\profiles\rd42lxr8.default\minidumps [83 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 14.11.2013 at 1:43:46,85
End of JRT log
|
|
14.11.2013, 13:50
| #8 |
| /// the machine /// TB-Ausbilder | Trojan.GenericKD.942439 / Trojan.GenericKD.1305731 u.a.ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
16.11.2013, 18:10
| #9 |
| | Trojan.GenericKD.942439 / Trojan.GenericKD.1305731 u.a. Hi, hier das Ergebnis von eset Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=9998c4da9157d04d8f410101b364da50
# engine=15907
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-11-16 10:38:45
# local_time=2013-11-16 11:38:45 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 10985880 136228175 0 0
# scanned=345385
# found=2
# cleaned=0
# scan_time=7742
sh=DE65BEDE7D1DB30B18E1C93ABD831FABC3E4305A ft=1 fh=3628295ec7f21e0d vn="probably unknown NewHeur_PE virus" ac=I fn="C:\Program Files (x86)\skov\vPStart.exe"
sh=D21006747ED2AFFD4E3A4CB0DFFD6C6030965750 ft=1 fh=c74f7ccb8a44fe6d vn="probably unknown NewHeur_PE virus" ac=I fn="C:\Program Files (x86)\skov\vPStartHSO.exe"
Code:
ATTFilter Results of screen317's Security Check version 0.99.76 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` G Data AntiVirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 Java 7 Update 45 Adobe Flash Player 11.9.900.117 Adobe Reader XI Mozilla Firefox (25.0) Mozilla Thunderbird (17.0.) Google Chrome 31.0.1650.48 Google Chrome 31.0.1650.57 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` Gruß Löwe |
|
17.11.2013, 07:25
| #10 | |
| /// the machine /// TB-Ausbilder | Trojan.GenericKD.942439 / Trojan.GenericKD.1305731 u.a.Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
18.11.2013, 10:49
| #11 |
| | Trojan.GenericKD.942439 / Trojan.GenericKD.1305731 u.a. Hi, vom Hersteller wurde mir mitgeteilt, dass die betroffenen Dateien bei www.virustotal.com hochgeladen wurden. Es handelt sich um Falschmeldungen des Virenscanners. Gruß Löwe |
|
19.11.2013, 08:34
| #12 |
| /// the machine /// TB-Ausbilder | Trojan.GenericKD.942439 / Trojan.GenericKD.1305731 u.a. Gut, dann bitte ein frisches OTL log. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
14.12.2013, 10:33
| #13 |
| | Trojan.GenericKD.942439 / Trojan.GenericKD.1305731 u.a. Hi, hier das Ergebnis, OTL Logfile: Code:
ATTFilter OTL logfile created on: 14.12.2013 08:38:01 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Gnuj\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.16428) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,96 Gb Total Physical Memory | 1,95 Gb Available Physical Memory | 49,15% Memory free 7,92 Gb Paging File | 5,29 Gb Available in Paging File | 66,84% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 458,50 Gb Total Space | 270,34 Gb Free Space | 58,96% Space Free | Partition Type: NTFS Drive D: | 7,17 Gb Total Space | 0,92 Gb Free Space | 12,80% Space Free | Partition Type: NTFS Drive K: | 55,85 Gb Total Space | 7,63 Gb Free Space | 13,66% Space Free | Partition Type: NTFS Drive L: | 55,85 Gb Total Space | 7,63 Gb Free Space | 13,66% Space Free | Partition Type: NTFS Drive P: | 55,85 Gb Total Space | 7,63 Gb Free Space | 13,66% Space Free | Partition Type: NTFS Drive Q: | 55,85 Gb Total Space | 7,63 Gb Free Space | 13,66% Space Free | Partition Type: NTFS Computer Name: PC01 | User Name: Gnuj | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found PRC - C:\Users\Gnuj\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe (Babylon Ltd.) PRC - C:\Program Files (x86)\Haufe\iDesk\iDeskService\iDeskService.exe () PRC - C:\Program Files (x86)\Haufe\iDesk\iDeskService\ideskpython.exe (Haufe Mediengruppe) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Vetad\PROGRAMM\B0001442\PSNTServ.exe (Vetad eG) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Vetad\SYSTEM\Vetad.Framework.RemoteServiceModel.GenericService2010.exe (Vetad eG) PRC - C:\Vetad\PROGRAMM\B0000150\ScServer\DVckService.exe (Vetad eG) PRC - C:\Vetad\PROGRAMM\B0000398\SiPaHost.exe (Vetad eG) PRC - C:\Vetad\PROGRAMM\B0000398\SiPaHostService.exe (Vetad eG) PRC - C:\Vetad\PROGRAMM\Install\DvInesASDMon.Exe (Vetad eG) PRC - C:\Vetad\PROGRAMM\Install\DvInesASDSvc.Exe (Vetad eG) PRC - C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG) PRC - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis) PRC - C:\Vetad\PROGRAMM\B0000000\DFUEMNGR\DfueMan.exe (Vetad eG) PRC - C:\Vetad\PROGRAMM\DFUEISDN\SSLClt\sslclt.exe (Vetad eG) PRC - C:\Vetad\PROGRAMM\B0000000\DFUEMNGR\DcManag.exe (Vetad eG) PRC - C:\Vetad\PROGRAMM\B0000299\AS\as.exe (VetadeG) PRC - C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe (G Data Software AG) PRC - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe (G Data Software AG) PRC - C:\Program Files (x86)\G Data\AVK\AVK.exe (G Data Software AG) PRC - C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe (HP) PRC - C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe (HP) PRC - C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe (HP) PRC - C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Acronis) PRC - C:\Vetad\PROGRAMM\B0000404\msdisrv.exe (KOBIL Systems GmbH) PRC - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Nuance\PDF Professional 7\PdfPro7Hook.exe (Nuance Communications, Inc.) PRC - C:\Program Files (x86)\Nuance\PDF Professional 7\PDFProFiltSrv.exe (Nuance Communications, Inc.) PRC - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) PRC - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) PRC - C:\Program Files (x86)\klickTel\klickTel OEM Frühjahr 2010\KSTART32.EXE (telegate MEDIA AG) PRC - C:\Vetad\PROGRAMM\A0000007\DHNC.exe () PRC - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation) PRC - C:\Vetad\SYSTEM\RzpjWtch.exe (Vetad eG) PRC - C:\lotus\organize\easyclip6.exe (Lotus Development Corporation) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Network\05fb8add8ed309511d33005b64db51d8\Vetad.Network.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Framework.Mic#\9b17db1567cedc01fe2d6c7dc90b01ec\Vetad.Framework.MicroKernel.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Framework.Int#\86c0dfed414b4b1aa82d0352fc147763\Vetad.Framework.Interop.OfficeObjectModel.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Framework.Int#\97c7bcb8869c21ccc0a2edcf60afb731\Vetad.Framework.Interop.Office.MSOffice14.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Framework.Int#\3c76afd2827aae5e1a6a8aa52adea739\Vetad.Framework.Interop.Office.Goal.Common.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Framework.Int#\3c5ce8af61cc1e702fc89c39a89dc7c0\Vetad.Framework.Interop.Office.Goal.MSOTypes.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Framework.Int#\376bcb9ba86870ae17d3a63ea1fb5929\Vetad.Framework.Interop.Office.Goal.BSOffice.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Framework.Int#\5b6371c8a1008b55ca0a48f260b3f3e9\Vetad.Framework.Interop.Office.Goal.Base.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Framework.Int#\f3428ba1ec8c42ba6f69339dde313c97\Vetad.Framework.Interop.Office.Extensions.Compatibility.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Framework.Dia#\c0887ced42561c0c2b9dc65b183fecc1\Vetad.Framework.Diagnostics.RealTimeTracing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.ConfigDB\d0a3586446af1f7aa101a31ac36dbc1d\Vetad.ConfigDB.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\e40d894a772b2cff5ffd5a84ef20d2d4\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dac1208781fdd0b960afc12efff42944\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\71d887ce964fb69b7f03c4fe7a3f28ff\System.Configuration.ni.dll () MOD - C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Framework.Int#\4e6c85823b769bc47024bb0a305e66f3\Vetad.Framework.Interop.Office.Word14.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Framework.Int#\b49314a634f98bf6d4b0c0fc15705316\Vetad.Framework.Interop.Office.Goal.ObjectFactory.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Framework.Int#\ac0a82d116c43dfa7556e0fa9830446e\Vetad.Framework.Interop.Office.Goal.Calc.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Framework.Int#\e2ec546ef40c590ca2c55a8d5006ca35\Vetad.Framework.Interop.Office.Goal.Basics.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Framework.Int#\797af1fef2e5f7f69a895b3ac7829b63\Vetad.Framework.Interop.Office.Extensions.OfficeUI.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Framework.Int#\87879028bdeeb98b5ab9bc7f3891c3e8\Vetad.Framework.Interop.Office.Extensions.Base.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\3a3fc0216674bdea0be809b305517c98\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\884bcbd22130ebeb1211bc7bcc3910c9\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\de853615c8224ba5d9aa9b76276c6d98\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Network.Inter#\f41b1c423b0773c656fad36adadd7931\Vetad.Network.Interfaces.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Framework.Int#\794f134fd574b106461b20b224b57df1\Vetad.Framework.Interop.Office.Goal.Text.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Framework.Int#\e9c1d3baac577ec5eac2d7a90437f1bb\Vetad.Framework.Interop.Office.Goal.Component.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Framework.Int#\fb4c14fe2c99a3a704485c4261ca0e3e\Vetad.Framework.Interop.Office.Goal.Business.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Framework.Int#\6a851c744185a856a105954971d094ad\Vetad.Framework.Interop.Office.Goal.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Framework.Int#\de72f603bf94e9a94563c014c36404a2\Vetad.Framework.Interop.Office.Extensions.DDMA.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Framework.Int#\3aa681fb4055d3e03daaec3f9686c96c\Vetad.Framework.Interop.Office.Extensions.BSOfficeMenu.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.ConfigDB.Inte#\614b0fe9393254fba76ddb4bf0235a6c\Vetad.ConfigDB.Interfaces.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\c9786062fbb311c543497e28c1e1a0c5\CustomMarshalers.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\cf58670896c5313b9b52f026f4455a5d\mscorlib.ni.dll () MOD - C:\PROGRA~2\HSC-SO~1\Ka\COLWOR~1.DLL () MOD - C:\Vetad\SYSTEM\DVCCSASCMtf001.dll () MOD - C:\Program Files (x86)\Nuance\PDF Professional 7\PDFCOffice2007Addin.dll () MOD - C:\Vetad\PROGRAMM\A0000007\DHNC.exe () MOD - C:\Vetad\SYSTEM\DvDfvkBas002.dll () MOD - C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll () ========== Services (SafeList) ========== SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV:64bit: - (FirebirdGuardianDefaultInstance) -- C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe (Firebird Project) SRV:64bit: - (FirebirdServerDefaultInstance) -- C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe (Firebird Project) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (hasplms) -- C:\Windows\SysNative\hasplms.exe (SafeNet Inc.) SRV:64bit: - (Intel(R) -- C:\Windows\SysNative\IPROSetMonitor.exe (Intel Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (HRService) -- C:\Program Files (x86)\Haufe\iDesk\iDeskService\iDeskService.exe () SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (VetadPrintService) -- C:\Vetad\PROGRAMM\B0001442\PSNTServ.exe (Vetad eG) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (DVckService) -- C:\Vetad\PROGRAMM\B0000150\ScServer\DVckService.exe (Vetad eG) SRV - (Sicherheitspaket-Dienst) -- C:\Vetad\PROGRAMM\B0000398\SiPaHostService.exe (Vetad eG) SRV - (Vetad Update-Service) -- C:\Vetad\PROGRAMM\Install\DvInesASDSvc.Exe (Vetad eG) SRV - (DBService) -- C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG) SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (Hewlett-Packard Company) SRV - (afcdpsrv) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis) SRV - (Dcmanag) -- C:\Vetad\PROGRAMM\B0000000\DFUEMNGR\DcManag.exe (Vetad eG) SRV - (GDScan) -- C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe (G Data Software AG) SRV - (AVKProxy) -- C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe (G Data Software AG) SRV - (AntiVirusKit ) -- C:\Program Files (x86)\G Data\AVK\AVK.exe (G Data Software AG) SRV - (AVKWCtl) -- C:\Program Files (x86)\G Data\AVK\AVKWCtlX64.exe (G Data Software AG) SRV - (GDBackupSvc) -- C:\Program Files (x86)\G Data\AVK\AVKBackupService.exe (G Data Software AG) SRV - (FPLService) -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe (HP) SRV - (syncagentsrv) -- C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Acronis) SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) SRV - (KOBIL_MSDI) -- C:\Vetad\PROGRAMM\B0000404\msdisrv.exe (KOBIL Systems GmbH) SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (PDFProFiltSrv) -- C:\Program Files (x86)\Nuance\PDF Professional 7\PDFProFiltSrv.exe (Nuance Communications, Inc.) SRV - (IviRegMgr) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (PSI_SVC_2) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (HookCentre) -- C:\Windows\SysNative\drivers\HookCentre.sys (G Data Software AG) DRV:64bit: - (GDMnIcpt) -- C:\Windows\SysNative\drivers\MiniIcpt.sys (G Data Software AG) DRV:64bit: - (GDBehave) -- C:\Windows\SysNative\drivers\GDBehave.sys (G Data Software AG) DRV:64bit: - (gdwfpcd) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys (G Data Software AG) DRV:64bit: - (GRD) -- C:\Windows\SysNative\drivers\GRD.sys (G Data Software) DRV:64bit: - (KOBCCID) -- C:\Windows\SysNative\drivers\KOBCCID.sys (KOBIL Systems GmbH) DRV:64bit: - (vidsflt58) -- C:\Windows\SysNative\drivers\vsflt58.sys (Acronis) DRV:64bit: - (afcdp) -- C:\Windows\SysNative\drivers\afcdp.sys (Acronis) DRV:64bit: - (tdrpman) -- C:\Windows\SysNative\drivers\tdrpman.sys (Acronis) DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis) DRV:64bit: - (vididr) -- C:\Windows\SysNative\drivers\vididr.sys (Acronis) DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis) DRV:64bit: - (fltsrv) -- C:\Windows\SysNative\drivers\fltsrv.sys (Acronis) DRV:64bit: - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies) DRV:64bit: - (SC_SERV3D) -- C:\Windows\SysNative\drivers\d3_kafm.sys (Vetad eG) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (KOBCCEX) -- C:\Windows\SysNative\drivers\KOBCCEX.sys (KOBIL Systems GmbH) DRV:64bit: - (pmxdrv) -- C:\Windows\SysNative\drivers\pmxdrv.sys () DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (aksfridge) -- C:\Windows\SysNative\drivers\aksfridge.sys (SafeNet Inc.) DRV:64bit: - (aksdf) -- C:\Windows\SysNative\drivers\aksdf.sys (SafeNet Inc.) DRV:64bit: - (hardlock) -- C:\Windows\SysNative\drivers\hardlock.sys (SafeNet Inc.) DRV:64bit: - (e1cexpress) -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (IFCoEVB) -- C:\Windows\SysNative\drivers\ifP52x64.sys (Intel(R) Corporation) DRV:64bit: - (IFCoEMP) -- C:\Windows\SysNative\drivers\ifM52x64.sys (Intel(R) Corporation) DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation) DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation) DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "https://www.google.de/|hxxp://www.ebay.de/|hxxp://www.web.de/|hxxp://www.geizkragen.de/preisvergleich/telefon-und-co/handys-ohne-vertrag/samsung/samsung-galaxy-s4-i9505/802087.html|hxxp://forum.chip.de/drucker-scanner-co-21/|hxxp://www.dilem.fr/de/simulator/monture:OJ090/branche:ZM#!monture:OJ090/branche:ZC246|hxxp://www.gegenfrage.com/category/gold/|hxxp://www.proaurum.de/home/aktuellwichtig/chartanalyse/chart-analyse_23-07-2013.html|https://www.gevestor-group.de/?id=512829&banner=HV_redLink2_12609_63075742030&nl_link=HV_redLink2_12609_63075742030&utm_medium=email&utm_campaign=63075742030_2013-08-28T17%253A00_%255BAC%255D+Newsletter+vom+28.08.2013&utm_source=4016638430&SYS=000&SCID=anVuZ0AxYS10b3AtYmVyYXR1bmcuZGU%253D" FF - prefs.js..extensions.enabledAddons: toolbar%40web.de:2.8.1 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF - HKLM\Software\MozillaPlugins\@Vetad.de/Vetad_BestellManager,version=1.7: C:\Vetad\PROGRAMM\A0000015\npdvbm.dll ( Vetad eG) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Professional 7\bin\nppdf.dll (Zeon Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\ocr@babylon.com: C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\ocr@babylon.com [2013.12.02 00:02:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.11.17 18:24:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2008.02.22 16:24:06 | 000,095,832 | ---- | M] () FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.12.16 10:34:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2008.02.22 16:24:06 | 000,095,832 | ---- | M] () FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.12.16 10:34:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2008.02.22 16:24:06 | 000,095,832 | ---- | M] () FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.12.16 10:34:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2008.02.22 16:24:06 | 000,095,832 | ---- | M] () FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.12.16 10:34:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2008.02.22 16:24:06 | 000,095,832 | ---- | M] () FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.12.16 10:34:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2008.02.22 16:24:06 | 000,095,832 | ---- | M] () [2013.11.14 00:35:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gnuj\AppData\Roaming\mozilla\Extensions [2012.01.04 19:20:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gnuj\AppData\Roaming\mozilla\Extensions\ideskbrowser@haufe.de [2013.11.14 01:09:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gnuj\AppData\Roaming\mozilla\Firefox\Profiles\rd42lxr8.default\Extensions [2013.11.14 01:09:53 | 000,639,485 | ---- | M] () (No name found) -- C:\Users\Gnuj\AppData\Roaming\mozilla\firefox\profiles\rd42lxr8.default\Extensions\toolbar@web.de.xpi [2013.10.10 09:19:25 | 000,915,554 | ---- | M] () (No name found) -- C:\Users\Gnuj\AppData\Roaming\mozilla\firefox\profiles\rd42lxr8.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.11.14 01:10:05 | 000,002,353 | ---- | M] () -- C:\Users\Gnuj\AppData\Roaming\mozilla\firefox\profiles\rd42lxr8.default\searchplugins\englische-ergebnisse.xml [2013.11.14 01:10:04 | 000,002,822 | ---- | M] () -- C:\Users\Gnuj\AppData\Roaming\mozilla\firefox\profiles\rd42lxr8.default\searchplugins\gmx-suche.xml [2013.11.14 01:10:05 | 000,002,432 | ---- | M] () -- C:\Users\Gnuj\AppData\Roaming\mozilla\firefox\profiles\rd42lxr8.default\searchplugins\lastminute.xml [2013.11.14 01:10:04 | 000,005,637 | ---- | M] () -- C:\Users\Gnuj\AppData\Roaming\mozilla\firefox\profiles\rd42lxr8.default\searchplugins\webde-suche.xml [2013.11.17 18:24:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.11.17 18:24:51 | 000,000,000 | ---D | M] (TrueSuite Website Logon) -- C:\Program Files (x86)\mozilla firefox\extensions\websitelogon@truesuite.com [2013.11.17 18:24:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.11.17 18:24:56 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:search}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - homepage: hxxp://www.google.com/ CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll CHR - plugin: Vetad Bestell-Manager Plug-in (Enabled) = C:\Vetad\PROGRAMM\A0000015\npdvbm.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - plugin: DocuCom PDF Plus (Enabled) = C:\Program Files (x86)\Nuance\PDF Professional 7\bin\nppdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll CHR - Extension: Docs = C:\Users\Gnuj\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\ CHR - Extension: Google Drive = C:\Users\Gnuj\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\ CHR - Extension: YouTube = C:\Users\Gnuj\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\Gnuj\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Website Logon = C:\Users\Gnuj\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfaldikcoaplhepekpbngkepfcoiihef\1.0_0\ CHR - Extension: Google Mail = C:\Users\Gnuj\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2013.11.12 23:27:58 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (DtvIePwdSafeBHO Class) - {6EF6B546-25FB-455B-801F-FDB3B3D39F9E} - C:\Vetad\PROGRAMM\B0000397\DtvIePwdSafe64.dll (Vetad eG) O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP) O2:64bit: - BHO: (SCardBHOEvent Class) - {AF8CD625-E04A-4A8F-A90A-0C74846C2E30} - C:\Vetad\SYSTEM\DVCCSASCardBHO64002.dll (Vetad eG) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard) O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\PlusIEContextMenu.dll (Zeon Corporation) O2 - BHO: (DtvIePwdSafeBHO Class) - {6EF6B546-25FB-455B-801F-FDB3B3D39F9E} - C:\Vetad\PROGRAMM\B0000397\DtvIePwdSafe.dll (Vetad eG) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP) O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) O2 - BHO: (SCardBHOEvent Class) - {AF8CD625-E04A-4A8F-A90A-0C74846C2E30} - C:\Vetad\SYSTEM\DVCCSASCardBHO002.dll (Vetad eG) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFav.dll (Zeon Corporation) O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) O3 - HKLM\..\Toolbar: (Nuance PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFav.dll (Zeon Corporation) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKLM..\Run: [AVK ] C:\Program Files (x86)\G Data\AVK\AVK.exe (G Data Software AG) O4 - HKLM..\Run: [Babylon ] C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe (Babylon Ltd.) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [Vetad Update-Monitor] C:\Vetad\PROGRAMM\Install\DvInesASDMon.exe (Vetad eG) O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation) O4 - HKLM..\Run: [PDF7 Registry Controller] C:\Program Files (x86)\Nuance\PDF Professional 7\RegistryController.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDFHook] C:\Program Files (x86)\Nuance\PDF Professional 7\pdfpro7hook.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [SiPaHost] C:\Vetad\PROGRAMM\B0000398\SiPaHost.exe (Vetad eG) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation) O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard) O4 - Startup: C:\Users\Gnuj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\klickTel OEM Frühjahr 2010 - Schnellstarter.lnk = C:\Program Files (x86)\klickTel\klickTel OEM Frühjahr 2010\KSTART32.EXE (telegate MEDIA AG) O4 - Startup: C:\Users\Gnuj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Lotus Organizer EasyClip.lnk = C:\lotus\organize\easyclip6.exe (Lotus Development Corporation) O4 - Startup: C:\Users\Gnuj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PhraseExpress Diagnose-Modus.lnk = C:\Program Files (x86)\PhraseExpress\phraseexpress.exe (Bartels Media GmbH) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFav.dll (Zeon Corporation) O8:64bit: - Extra context menu item: Inhalt der ausgewählten Links an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFav.dll (Zeon Corporation) O8:64bit: - Extra context menu item: Linkinhalt an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFav.dll (Zeon Corporation) O8:64bit: - Extra context menu item: Mit Nuance PDF Converter 7.0 öffnen - C:\Program Files (x86)\Nuance\PDF Professional 7\cnvres_ger.dll (Nuance Communications, Inc.) O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: PDF-Datei aus Linkinhalt erstellen - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFav.dll (Zeon Corporation) O8:64bit: - Extra context menu item: PDF-Datei erstellen - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFav.dll (Zeon Corporation) O8:64bit: - Extra context menu item: PDF-Dateien aus den ausgewählten Links erstellen - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFav.dll (Zeon Corporation) O8:64bit: - Extra context menu item: Translate this web page with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) O8:64bit: - Extra context menu item: Translate with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: An vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFav.dll (Zeon Corporation) O8 - Extra context menu item: Inhalt der ausgewählten Links an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFav.dll (Zeon Corporation) O8 - Extra context menu item: Linkinhalt an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFav.dll (Zeon Corporation) O8 - Extra context menu item: Mit Nuance PDF Converter 7.0 öffnen - C:\Program Files (x86)\Nuance\PDF Professional 7\cnvres_ger.dll (Nuance Communications, Inc.) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: PDF-Datei aus Linkinhalt erstellen - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFav.dll (Zeon Corporation) O8 - Extra context menu item: PDF-Datei erstellen - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFav.dll (Zeon Corporation) O8 - Extra context menu item: PDF-Dateien aus den ausgewählten Links erstellen - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFav.dll (Zeon Corporation) O8 - Extra context menu item: Translate this web page with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) O8 - Extra context menu item: Translate with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9 - Extra Button: Web-Eintrag - {B4E30F61-16D9-11D3-85D1-005004229569} - c:\lotus\organize\bandobjs.dll () O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: Vetad.com ([]http is out of zone range - 5) O15 - HKCU\..Trusted Domains: Vetad.com ([]https is out of zone range - 5) O15 - HKCU\..Trusted Domains: Vetad.de ([]http is out of zone range - 5) O15 - HKCU\..Trusted Domains: Vetad.de ([]https is out of zone range - 5) O15 - HKCU\..Trusted Domains: Vetad.de ([www] http is out of zone range - 5) O15 - HKCU\..Trusted Domains: Vetad.de ([www] https is out of zone range - 5) O15 - HKCU\..Trusted Domains: Vetadnet.de ([*.services] http is out of zone range - 5) O15 - HKCU\..Trusted Domains: Vetadnet.de ([*.services] https is out of zone range - 5) O15 - HKCU\..Trusted Domains: Vetadstadt.de ([]http is out of zone range - 5) O15 - HKCU\..Trusted Domains: Vetadstadt.de ([]https is out of zone range - 5) O16:64bit: - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex64-2.2.6.0.cab (DLM Control) O16 - DPF: {15BE8BEE-4105-4A79-B385-25068AA967DB} hxxp://de1.iradiopop.com/IRD/pages/VBIMDPlayer.CAB (VBIRDPlayer.Player) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 10.45.2) O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 10.45.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.199.10 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Ka.local O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D3BA4BEC-0264-43CF-B7B3-57C797E79215}: DhcpNameServer = 192.168.199.10 O18:64bit: - Protocol\Handler\haufereader - No CLSID value found O18:64bit: - Protocol\Handler\ipp - No CLSID value found O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\haufereader - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.12.12 01:37:18 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL [2013.12.12 01:37:17 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL [2013.12.12 01:37:17 | 011,410,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll [2013.12.12 01:37:16 | 014,631,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll [2013.12.12 01:35:47 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.12.12 01:35:47 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll [2013.12.12 01:35:46 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.12.12 01:35:46 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013.12.12 01:35:46 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.12.12 01:35:46 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe [2013.12.12 01:35:46 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013.12.12 01:35:46 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll [2013.12.12 01:35:46 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013.12.12 01:35:45 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2013.12.12 01:35:45 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll [2013.12.12 01:35:45 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2013.12.12 01:35:45 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll [2013.12.12 01:35:43 | 001,995,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.12.12 01:35:43 | 001,928,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.12.12 01:35:41 | 005,769,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.12.11 10:37:36 | 000,000,000 | ---D | C] -- C:\Users\Gnuj\AppData\Roaming\TaxNMore [2013.12.11 09:37:20 | 000,335,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msieftp.dll [2013.12.11 09:37:20 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msieftp.dll [2013.12.11 09:37:16 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll [2013.12.11 09:37:16 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll [2013.12.11 09:37:08 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll [2013.12.11 09:32:06 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\portcls.sys [2013.12.11 09:32:06 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wshom.ocx [2013.12.11 09:32:06 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshom.ocx [2013.12.11 09:32:06 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\drmk.sys [2013.12.11 09:32:05 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scrrun.dll [2013.12.11 09:32:05 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scrrun.dll [2013.12.11 09:32:05 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cscript.exe [2013.12.11 09:32:05 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cscript.exe [2013.12.02 00:02:52 | 000,000,000 | ---D | C] -- C:\Users\Gnuj\AppData\Local\Babylon [2013.12.02 00:02:27 | 000,000,000 | ---D | C] -- C:\Users\Gnuj\AppData\Roaming\Babylon [2013.12.02 00:02:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Babylon [2013.12.02 00:01:55 | 000,000,000 | ---D | C] -- C:\Program Files\Babylon [2013.12.02 00:01:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Babylon [2013.12.02 00:00:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2013.11.27 00:09:45 | 000,028,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEUDINIT.EXE [2013.11.27 00:06:19 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe [2013.11.27 00:06:19 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll [2013.11.27 00:06:16 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsIntl.dll [2013.11.27 00:06:16 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat [2013.11.27 00:06:16 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2013.11.27 00:06:16 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll [2013.11.27 00:06:16 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.11.27 00:06:16 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2013.11.27 00:06:16 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013.11.27 00:06:16 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll [2013.11.27 00:06:16 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx [2013.11.27 00:06:16 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll [2013.11.27 00:06:16 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2013.11.27 00:06:15 | 001,051,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll [2013.11.27 00:06:15 | 000,610,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.11.27 00:06:15 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe [2013.11.27 00:06:15 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe [2013.11.27 00:06:15 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2013.11.27 00:06:15 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2013.11.27 00:06:15 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.11.27 00:06:15 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll [2013.11.27 00:06:15 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013.11.27 00:06:15 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2013.11.27 00:06:15 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe [2013.11.27 00:06:15 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.11.27 00:06:15 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll [2013.11.27 00:06:15 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013.11.27 00:06:15 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll [2013.11.27 00:06:15 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll [2013.11.27 00:06:15 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll [2013.11.27 00:06:15 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013.11.27 00:06:15 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2013.11.27 00:06:14 | 000,942,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jsIntl.dll [2013.11.27 00:06:14 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll [2013.11.27 00:06:14 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2013.11.27 00:06:14 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013.11.27 00:06:13 | 001,228,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll [2013.11.27 00:06:13 | 000,774,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.11.27 00:06:13 | 000,626,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.11.27 00:06:13 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat [2013.11.27 00:06:13 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.11.27 00:06:13 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2013.11.27 00:06:13 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2013.11.27 00:06:13 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2013.11.27 00:06:13 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.11.27 00:06:13 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe [2013.11.27 00:06:13 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2013.11.27 00:06:13 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe [2013.11.27 00:06:13 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2013.11.27 00:06:13 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll [2013.11.27 00:06:13 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013.11.27 00:06:13 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll [2013.11.27 00:06:13 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe [2013.11.27 00:06:13 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.11.27 00:06:13 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll [2013.11.27 00:06:13 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll [2013.11.27 00:06:13 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx [2013.11.27 00:06:13 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll [2013.11.27 00:06:13 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll [2013.11.27 00:06:13 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll [2013.11.27 00:06:13 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll [2013.11.27 00:06:13 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2013.11.27 00:06:13 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe [2013.11.27 00:06:13 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2013.11.24 18:57:03 | 000,692,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.11.17 18:24:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.11.16 18:00:34 | 001,957,794 | ---- | C] (Farbar) -- C:\Users\Gnuj\Desktop\FRST64.exe [2013.11.16 09:20:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2013.11.14 15:49:50 | 002,347,384 | ---- | C] (ESET) -- C:\Users\Gnuj\Desktop\esetsmartinstaller_enu.exe ========== Files - Modified Within 30 Days ========== [2013.12.14 08:37:15 | 000,027,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.12.14 08:37:15 | 000,027,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.12.14 08:30:18 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.12.14 08:29:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.12.14 08:28:59 | 3188,219,904 | -HS- | M] () -- C:\hiberfil.sys [2013.12.14 00:16:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.12.14 00:02:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.12.13 09:23:42 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.12.13 09:23:42 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.12.13 09:23:42 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.12.13 09:23:42 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.12.13 09:23:42 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.12.12 09:31:31 | 000,529,584 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.12.11 18:19:44 | 000,005,706 | ---- | M] () -- C:\Users\Gnuj\AppData\Local\EmptySettings.xml [2013.12.11 14:45:58 | 000,007,606 | ---- | M] () -- C:\Users\Gnuj\AppData\Local\Resmon.ResmonCfg [2013.12.11 10:36:58 | 002,271,064 | ---- | M] () -- C:\Users\Gnuj\Desktop\Zinsberechnungsprogramm_NWB_Kredite.exe [2013.12.10 21:36:03 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForGnuj.job [2013.12.10 21:17:22 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.12.10 21:17:22 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.12.10 08:41:20 | 000,002,311 | ---- | M] () -- C:\Users\Public\Desktop\Haufe Steuer Office aufrufen.lnk [2013.12.09 18:13:39 | 000,001,937 | ---- | M] () -- C:\Users\Gnuj\Desktop\Jahresrundschreiben 2013.lnk [2013.12.05 09:58:34 | 000,002,177 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013.12.02 00:02:04 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Babylon.lnk [2013.11.29 14:51:07 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForPC01$.job [2013.11.27 00:06:19 | 000,940,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe [2013.11.27 00:06:19 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll [2013.11.27 00:06:16 | 000,645,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jsIntl.dll [2013.11.27 00:06:16 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat [2013.11.27 00:06:16 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2013.11.27 00:06:16 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll [2013.11.27 00:06:16 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.11.27 00:06:16 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2013.11.27 00:06:16 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013.11.27 00:06:16 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll [2013.11.27 00:06:16 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx [2013.11.27 00:06:16 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll [2013.11.27 00:06:16 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013.11.27 00:06:16 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2013.11.27 00:06:15 | 001,051,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll [2013.11.27 00:06:15 | 000,610,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.11.27 00:06:15 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe [2013.11.27 00:06:15 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe [2013.11.27 00:06:15 | 000,127,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2013.11.27 00:06:15 | 000,116,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2013.11.27 00:06:15 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.11.27 00:06:15 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll [2013.11.27 00:06:15 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013.11.27 00:06:15 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2013.11.27 00:06:15 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe [2013.11.27 00:06:15 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.11.27 00:06:15 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll [2013.11.27 00:06:15 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013.11.27 00:06:15 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll [2013.11.27 00:06:15 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll [2013.11.27 00:06:15 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll [2013.11.27 00:06:15 | 000,016,284 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2013.11.27 00:06:15 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2013.11.27 00:06:14 | 000,942,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jsIntl.dll [2013.11.27 00:06:14 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll [2013.11.27 00:06:14 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2013.11.27 00:06:14 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013.11.27 00:06:13 | 001,228,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll [2013.11.27 00:06:13 | 000,774,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.11.27 00:06:13 | 000,626,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.11.27 00:06:13 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat [2013.11.27 00:06:13 | 000,548,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.11.27 00:06:13 | 000,453,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2013.11.27 00:06:13 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2013.11.27 00:06:13 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2013.11.27 00:06:13 | 000,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.11.27 00:06:13 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe [2013.11.27 00:06:13 | 000,147,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2013.11.27 00:06:13 | 000,143,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe [2013.11.27 00:06:13 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2013.11.27 00:06:13 | 000,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll [2013.11.27 00:06:13 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013.11.27 00:06:13 | 000,101,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll [2013.11.27 00:06:13 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe [2013.11.27 00:06:13 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.11.27 00:06:13 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll [2013.11.27 00:06:13 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll [2013.11.27 00:06:13 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx [2013.11.27 00:06:13 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll [2013.11.27 00:06:13 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll [2013.11.27 00:06:13 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll [2013.11.27 00:06:13 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll [2013.11.27 00:06:13 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2013.11.27 00:06:13 | 000,016,284 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2013.11.27 00:06:13 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe [2013.11.27 00:06:13 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2013.11.26 11:18:23 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll [2013.11.26 10:48:07 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013.11.26 10:46:25 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll [2013.11.26 10:27:54 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013.11.26 10:21:24 | 000,574,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.11.26 10:18:39 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.11.26 10:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe [2013.11.26 10:16:57 | 000,708,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll [2013.11.26 09:57:44 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013.11.26 09:35:02 | 005,769,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.11.26 09:32:08 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.11.26 09:28:16 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll [2013.11.26 09:02:16 | 001,995,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.11.26 08:32:06 | 001,928,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.11.26 07:34:55 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2013.11.26 07:34:27 | 000,817,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2013.11.25 20:13:53 | 000,002,311 | ---- | M] () -- C:\Users\Public\Desktop\Haufe Personal Office Standard.lnk [2013.11.23 19:26:20 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll [2013.11.23 18:47:34 | 000,465,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll [2013.11.22 17:35:25 | 061,617,831 | ---- | M] () -- C:\Users\Gnuj\Documents\Ready to sexercise.flv [2013.11.22 16:55:29 | 092,231,556 | ---- | M] () -- C:\Users\Gnuj\Documents\Katie St Ives and Manuel Ferrara.flv [2013.11.22 16:02:06 | 055,240,560 | ---- | M] () -- C:\Users\Gnuj\Documents\Nanny bucked by a beast.flv [2013.11.16 18:00:46 | 001,957,794 | ---- | M] (Farbar) -- C:\Users\Gnuj\Desktop\FRST64.exe [2013.11.15 10:20:57 | 000,002,111 | ---- | M] () -- C:\Users\Gnuj\Desktop\TK-Suite .lnk [2013.11.14 15:53:20 | 000,891,184 | ---- | M] () -- C:\Users\Gnuj\Desktop\SecurityCheck.exe [2013.11.14 15:49:50 | 002,347,384 | ---- | M] (ESET) -- C:\Users\Gnuj\Desktop\esetsmartinstaller_enu.exe ========== Files Created - No Company Name ========== [2013.12.11 10:36:39 | 002,271,064 | ---- | C] () -- C:\Users\Gnuj\Desktop\Zinsberechnungsprogramm_NWB_Kredite.exe [2013.12.10 08:41:20 | 000,002,311 | ---- | C] () -- C:\Users\Public\Desktop\Haufe Steuer Office aufrufen.lnk [2013.12.05 15:54:23 | 000,001,937 | ---- | C] () -- C:\Users\Gnuj\Desktop\Jahresrundschreiben 2013.lnk [2013.12.02 00:02:04 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Babylon.lnk [2013.11.27 00:06:15 | 000,016,284 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2013.11.27 00:06:13 | 000,016,284 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2013.11.25 20:13:52 | 000,002,311 | ---- | C] () -- C:\Users\Public\Desktop\Haufe Personal Office Standard.lnk [2013.11.22 17:09:02 | 061,617,831 | ---- | C] () -- C:\Users\Gnuj\Documents\Ready to sexercise.flv [2013.11.22 16:06:05 | 092,231,556 | ---- | C] () -- C:\Users\Gnuj\Documents\Katie St Ives and Manuel Ferrara.flv [2013.11.22 15:43:19 | 055,240,560 | ---- | C] () -- C:\Users\Gnuj\Documents\Nanny bucked by a beast.flv [2013.11.14 15:53:13 | 000,891,184 | ---- | C] () -- C:\Users\Gnuj\Desktop\SecurityCheck.exe [2013.11.12 23:12:58 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.11.12 23:12:58 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.11.12 23:12:58 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.11.12 23:12:58 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.11.12 23:12:58 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.03.28 22:36:43 | 000,233,577 | ---- | C] () -- C:\Windows\SysWow64\vMainHook.dll [2013.03.28 22:36:43 | 000,196,608 | ---- | C] () -- C:\Windows\SysWow64\SCARCOUW.dll [2013.03.28 22:36:43 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\plausibili2.dll [2013.01.02 19:18:53 | 000,004,096 | -H-- | C] () -- C:\Users\Gnuj\AppData\Local\keyfile3.drm [2012.11.12 15:11:11 | 000,007,606 | ---- | C] () -- C:\Users\Gnuj\AppData\Local\Resmon.ResmonCfg [2012.11.11 10:03:42 | 000,001,505 | ---- | C] () -- C:\Windows\HBCIKRNL.INI [2012.11.11 09:55:20 | 000,000,227 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [2012.11.01 09:38:03 | 000,900,963 | ---- | C] () -- C:\Windows\SysWow64\sig.bin [2012.10.18 14:45:37 | 000,016,387 | ---- | C] () -- C:\Windows\German.ini [2012.10.18 13:26:59 | 000,446,464 | ---- | C] () -- C:\Windows\SysWow64\Tx32.dll [2012.10.18 13:26:59 | 000,000,151 | ---- | C] () -- C:\Windows\SysWow64\ic32.ini [2012.08.31 09:57:22 | 000,015,873 | ---- | C] () -- C:\Windows\SysWow64\Inetde.dll [2012.08.26 16:00:31 | 000,000,256 | ---- | C] () -- C:\Windows\Brpfx04a.ini [2012.08.26 16:00:31 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini [2012.08.26 16:00:14 | 000,000,416 | ---- | C] () -- C:\Windows\BRWMARK.INI [2012.08.26 16:00:13 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD8860DN.DAT [2012.08.26 15:59:25 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll [2012.08.26 15:59:25 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini [2012.08.26 15:59:25 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat [2012.08.26 15:59:22 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL [2012.08.26 15:59:15 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI [2012.06.13 16:37:51 | 000,000,000 | ---- | C] () -- C:\Users\Gnuj\defogger_reenable [2012.06.12 22:32:35 | 000,000,052 | ---- | C] () -- C:\ProgramData\ckpgxccjdmbsnlv [2012.05.14 06:27:49 | 000,010,595 | ---- | C] () -- C:\Windows\SysWow64\UpdateAction_30032012.exe.dmp [2012.03.09 05:31:26 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.03.09 05:31:26 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.03.09 00:26:20 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2012.03.07 18:32:57 | 001,335,296 | ---- | C] () -- C:\Windows\SysWow64\p2pfilter.dll [2012.03.07 18:32:57 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\DSPlayer.dll [2012.02.07 09:47:33 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll [2012.02.07 09:47:33 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\advd.dll [2012.02.07 09:47:33 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\auth.dll [2012.01.31 06:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.01.23 18:44:25 | 000,005,706 | ---- | C] () -- C:\Users\Gnuj\AppData\Local\EmptySettings.xml [2012.01.14 12:36:51 | 000,035,328 | ---- | C] () -- C:\Windows\SysWow64\INETWH32.DLL [2012.01.14 12:36:51 | 000,009,136 | ---- | C] () -- C:\Windows\SysWow64\INETWH16.DLL [2012.01.14 11:39:58 | 000,000,196 | ---- | C] () -- C:\Windows\ktel.ini [2012.01.03 14:47:17 | 000,001,471 | ---- | C] () -- C:\Windows\ODBCINST.INI [2012.01.03 14:42:58 | 000,000,046 | ---- | C] () -- C:\Windows\BRUNVPC.INI [2012.01.03 12:42:36 | 000,000,526 | ---- | C] () -- C:\Windows\ODBC.INI [2012.01.03 12:21:37 | 000,000,021 | ---- | C] () -- C:\Windows\DvInesKurusOleServer003.INI [2012.01.03 12:19:42 | 000,000,096 | ---- | C] () -- C:\Windows\dvinesinstalllocation001.INI [2012.01.03 12:12:14 | 000,000,097 | ---- | C] () -- C:\Windows\Startup.INI [2012.01.03 11:48:38 | 000,004,876 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2012.01.03 08:28:19 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.07.26 03:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.07.26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 255 bytes -> C:\ProgramData\TEMP:0574215C @Alternate Data Stream - 247 bytes -> C:\ProgramData\TEMP:D95ACC7D < End of report > Gruß Löwe |
|
14.12.2013, 16:20
| #14 |
| /// the machine /// TB-Ausbilder | Trojan.GenericKD.942439 / Trojan.GenericKD.1305731 u.a. Warum werden meine Fragen immer ignoriert.....
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
14.12.2013, 18:21
| #15 |
| | Trojan.GenericKD.942439 / Trojan.GenericKD.1305731 u.a. Hi, welche Fragen sind noch offen? Ob es noch Probleme gibt, kann ich als Laie nicht beurteilen. Soll ich einen Virenscan mit meinem Virenprogramm laufen lassen oder wie ist der letzte Hinweis „Noch Probleme“ gemeint? Ich kann das OTL-Ergebnis nicht interpretieren. Gruß Löwe |
|
| Themen zu Trojan.GenericKD.942439 / Trojan.GenericKD.1305731 u.a. |
| aktuell, bereinigung, code, engine, festgestellt, folgendes, fotos, gelaufen, local, pup.optional.crossrider.a, pup.optional.crossrider.m, pup.optional.iminent.a, pup.optional.installcore.a, pup.optional.opencandy, pup.optional.searchqu.a, pup.optional.sweetim, quarantäne, roaming, scanner, sicherungen, thunderbird, troja, virenscan, virenscanner |
WARNUNG an die MITLESER: 
Linear-Darstellung
