Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Trojan.GenericKD.942439 / Trojan.GenericKD.1305731 u.a. (https://www.trojaner-board.de/144375-trojan-generickd-942439-trojan-generickd-1305731-u-a.html)

Löwe1 11.11.2013 01:23
Trojan.GenericKD.942439 / Trojan.GenericKD.1305731 u.a.
 
Hi ...,
mein Virenscanner hat folgendes festgestellt:
Code:

PC01
Trojan.HTML.Phishing.ES, Trojan.GenericKD.1079057 (Engine A)
10.11.2013 20:29:29
Virus gefunden
Scanner

C:\Sicherungen\Mails_PC01\20130808\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1.de\Inbox



PC01
Trojan.GenericKD.1305731 (3x), Trojan.GenericKDV.1308367 (Engine A)
10.11.2013 20:24:33
Virus gefunden
Scanner

C:\Users\Ich\AppData\Roaming\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1.de\Inbox



PC01
Trojan.GenericKD.942439 (Engine A)
10.11.2013 20:17:23
Virus gefunden
Scanner

C:\Users\Ich\AppData\Roaming\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1.de\Sent



PC01
Trojan.GenericKD.942439 (Engine A)
10.11.2013 20:11:29
Virus gefunden
Scanner

C:\Users\Ich\AppData\Local\Temp\nsmail.zip



PC01
Trojan.GenericKD.1305731 (3x), Trojan.GenericKDV.1308367 (Engine A)
10.11.2013 20:08:04
Virus gefunden
Scanner

C:\Sicherungen\Mails_PC01\aktuell\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1.de\Inbox



PC01
Trojan.GenericKD.942439 (Engine A)
10.11.2013 19:58:33
Virus gefunden
Scanner

C:\Sicherungen\Mails_PC01\aktuell\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1.de\Sent



PC01
Trojan.HTML.Phishing.ES, Trojan.GenericKD.1079057, Trojan.GenericKD.1305731 (3x), Trojan.GenericKDV.1308367, Trojan.GenericKD.1331257 (Engine A)
10.11.2013 19:56:05
Virus gefunden
Scanner

C:\Sicherungen\Mails_PC01\20131109_nach_teilweiser_Virenbereinigung\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1.de\Inbox



PC01
Trojan.HTML.Phishing.ES, Trojan.GenericKD.1079057, Trojan.GenericKD.1305731 (3x), Trojan.GenericKDV.1308367, Trojan.GenericKD.1331257 (Engine A)
10.11.2013 17:54:50
Virus gefunden
Scanner

C:\Sicherungen\Mails_PC01\20131027\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1.de\Inbox



PC01
Trojan.GenericKD.942439 (Engine A)
10.11.2013 17:51:56
Virus gefunden
Scanner

C:\Sicherungen\Mails_PC01\20131109_nach_teilweiser_Virenbereinigung\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1.de\Sent



PC01
Trojan.GenericKD.1182057 (Engine A)
10.11.2013 17:43:25
Virus gefunden
Scanner

C:\Sicherungen\Mails_PC01\20131109_nach_teilweiser_Virenbereinigung\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1-5.de\Inbox



PC01
Trojan.GenericKD.1084619 (Engine A)
10.11.2013 17:43:13
Virus gefunden
Scanner

C:\Sicherungen\Mails_PC01\20131109_nach_teilweiser_Virenbereinigung\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1-2.de\Inbox



PC01
Trojan.GenericKD.942439 (Engine A)
10.11.2013 17:41:44
Virus gefunden
Scanner

C:\Sicherungen\Mails_PC01\20131027\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1.de\Sent



PC01
Trojan.HTML.Phishing.ES, Trojan.GenericKD.1079057 (Engine A)
10.11.2013 17:40:47
Virus gefunden
Scanner

C:\Sicherungen\Mails_PC01\20130913\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1.de\Inbox



PC01
Trojan.GenericKD.1182057 (Engine A)
10.11.2013 17:34:18
Virus gefunden
Scanner

C:\Sicherungen\Mails_PC01\20131027\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1-5.de\Inbox



PC01
Trojan.GenericKD.942439 (Engine A)
10.11.2013 17:33:52
Virus gefunden
Scanner

C:\Sicherungen\Mails_PC01\20130913\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1.de\Sent



PC01
Trojan.GenericKD.1084619 (Engine A)
10.11.2013 17:32:59
Virus gefunden
Scanner

C:\Sicherungen\Mails_PC01\20131027\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1-2.de\Inbox



PC01
Trojan.HTML.Phishing.ES (Engine A)
10.11.2013 17:31:56
Virus gefunden
Scanner

C:\Sicherungen\Mails_PC01\20130603\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1.de\Inbox



PC01
Trojan.GenericKD.1182057 (Engine A)
10.11.2013 16:09:44
Virus gefunden
Scanner

C:\Sicherungen\Mails_PC01\20130913\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1-5.de\Inbox



PC01
Trojan.GenericKD.1084619 (Engine A)
10.11.2013 16:09:23
Virus gefunden
Scanner

C:\Sicherungen\Mails_PC01\20130913\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1-2.de\Inbox



PC01
Trojan.GenericKD.942439 (Engine A)
10.11.2013 16:09:19
Virus gefunden
Scanner

C:\Sicherungen\Mails_PC01\20130808\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1.de\Sent



PC01
Trojan.GenericKD.942439 (Engine A)
10.11.2013 16:07:04
Virus gefunden
Scanner

C:\Sicherungen\Mails_PC01\20130603\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1.de\Sent



PC01
Trojan.GenericKD.1084619 (Engine A)
10.11.2013 16:04:34
Virus gefunden
Scanner

C:\Sicherungen\Mails_PC01\20130808\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1-2.de\Inbox



PC01
Trojan.HTML.Phishing.ES, Trojan.GenericKD.1079057 (Engine A)
09.11.2013 15:51:20
Virus gefunden
Scanner

C:\Sicherungen\Mails_PC01\20130808\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1.de\Inbox



PC01
Trojan.GenericKD.1305731 (3x), Trojan.GenericKDV.1308367 (Engine A)
09.11.2013 15:40:59
Virus gefunden
Scanner

C:\Users\Ich\AppData\Roaming\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1.de\Inbox



PC01
Trojan.GenericKD.1331257, Trojan.GenericKD.1079057 (Engine A)
09.11.2013 15:31:21
Virus gefunden
Scanner

C:\Users\Ich\AppData\Roaming\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1.de\Trash



PC01
Trojan.HTML.Phishing.ES, Trojan.GenericKD.1079057, Trojan.GenericKD.1305731 (3x), Trojan.GenericKDV.1308367, Trojan.GenericKD.1331257 (Engine A)
09.11.2013 15:30:15
Virus gefunden
Scanner

C:\Sicherungen\Mails_PC01\aktuell\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1.de\Inbox



PC01
Trojan.GenericKD.1182057 (Engine A)
09.11.2013 15:28:38
Datei in Quarantäne verschoben
Scanner

C:\Users\Ich\AppData\Roaming\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1-5.de\Inbox



PC01
Trojan.GenericKD.1182057 (Engine A)
09.11.2013 15:28:38
Virus gefunden
Scanner

C:\Users\Ich\AppData\Roaming\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1-5.de\Inbox



PC01
Trojan.GenericKD.942439 (Engine A)
09.11.2013 15:27:05
Virus gefunden
Scanner

C:\Users\Ich\AppData\Local\Temp\nsmail.zip



PC01
Trojan.HTML.Phishing.ES, Trojan.GenericKD.1079057, Trojan.GenericKD.1305731 (3x), Trojan.GenericKDV.1308367, Trojan.GenericKD.1331257 (Engine A)
09.11.2013 15:09:26
Virus gefunden
Scanner

C:\Sicherungen\Mails_PC01\20131027\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1.de\Inbox



PC01
Trojan.GenericKD.942439 (Engine A)
09.11.2013 15:08:56
Virus gefunden
Scanner

C:\Sicherungen\Mails_PC01\aktuell\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1.de\Sent



PC01
Trojan.GenericKD.1182057 (Engine A)
09.11.2013 15:02:19
Virus gefunden
Scanner

C:\Sicherungen\Mails_PC01\aktuell\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1-5.de\Inbox



PC01
Trojan.GenericKD.1084619 (Engine A)
09.11.2013 15:02:13
Virus gefunden
Scanner

C:\Sicherungen\Mails_PC01\aktuell\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1-2.de\Inbox



PC01
Trojan.GenericKD.942439 (Engine A)
09.11.2013 15:02:13
Virus gefunden
Scanner

C:\Sicherungen\Mails_PC01\20131027\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1.de\Sent



PC01
Trojan.HTML.Phishing.ES, Trojan.GenericKD.1079057 (Engine A)
09.11.2013 15:00:05
Virus gefunden
Scanner

C:\Sicherungen\Mails_PC01\20130913\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1.de\Inbox



PC01
Trojan.HTML.Phishing.ES (Engine A)
09.11.2013 14:54:40
Virus gefunden
Scanner

C:\Sicherungen\Mails_PC01\20130603\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1.de\Inbox



PC01
Trojan.GenericKD.1182057 (Engine A)
09.11.2013 14:48:34
Virus gefunden
Scanner

C:\Sicherungen\Mails_PC01\20131027\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1-5.de\Inbox



PC01
Trojan.GenericKD.1084619 (Engine A)
09.11.2013 14:48:30
Virus gefunden
Scanner

C:\Sicherungen\Mails_PC01\20131027\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1-2.de\Inbox



PC01
Trojan.GenericKD.942439 (Engine A)
09.11.2013 14:45:59
Virus gefunden
Scanner

C:\Sicherungen\Mails_PC01\20130913\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1.de\Sent



PC01
Trojan.GenericKD.1084619 (Engine A)
09.11.2013 14:41:41
Virus gefunden
Scanner

C:\Sicherungen\Mails_PC01\20130913\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1-2.de\Inbox



PC01
Trojan.GenericKD.1182057 (Engine A)
09.11.2013 14:41:31
Virus gefunden
Scanner

C:\Sicherungen\Mails_PC01\20130913\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1-5.de\Inbox



PC01
Trojan.GenericKD.942439 (Engine A)
09.11.2013 14:41:13
Virus gefunden
Scanner

C:\Sicherungen\Mails_PC01\20130808\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1.de\Sent



PC01
Trojan.GenericKD.942439 (Engine A)
09.11.2013 14:40:43
Virus gefunden
Scanner

C:\Sicherungen\Mails_PC01\20130603\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1.de\Sent



PC01
Trojan.GenericKD.1084619 (Engine A)
09.11.2013 14:38:53
Virus gefunden
Scanner

C:\Sicherungen\Mails_PC01\20130808\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1-2.de\Inbox



PC01
Trojan.GenericKD.942439 (Engine A)
09.11.2013 14:34:02
Datei in Quarantäne verschoben
Scanner

C:\Users\Ich\AppData\Roaming\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1.de\Sent



PC01
Trojan.GenericKD.942439 (Engine A)
09.11.2013 14:34:02
Virus gefunden
Scanner

C:\Users\Ich\AppData\Roaming\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1.de\Sent



PC01
Trojan.GenericKD.1084619 (Engine A)
09.11.2013 14:32:29
Virus gefunden
Scanner

C:\Users\Ich\AppData\Roaming\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1-2.de\Inbox



PC01
Trojan.GenericKD.1084619 (Engine A)
09.11.2013 14:30:43
Datei in Quarantäne verschoben
Scanner

C:\Users\Ich\AppData\Roaming\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1-2.de\Trash



PC01
Trojan.GenericKD.1084619 (Engine A)
09.11.2013 14:30:43
Virus gefunden
Scanner

C:\Users\Ich\AppData\Roaming\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1-2.de\Trash



PC01
Trojan.HTML.Phishing.ES, Trojan.GenericKD.1079057, Trojan.GenericKD.1305731 (3x), Trojan.GenericKDV.1308367, Trojan.GenericKD.1331257 (Engine A)
09.11.2013 10:24:05
Virus gefunden
Scanner

C:\Users\Ich\AppData\Roaming\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1.de\Inbox



PC01
Trojan.GenericKD.942439 (Engine A)
09.11.2013 10:17:50
Virus gefunden
Scanner

C:\Users\Ich\AppData\Roaming\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1.de\Sent



PC01
Trojan.GenericKD.1084619 (Engine A)
09.11.2013 10:15:56
Virus gefunden
Scanner

C:\Users\Ich\AppData\Roaming\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1-2.de\Inbox



PC01
Trojan.GenericKD.1182057 (Engine A)
09.11.2013 10:14:57
Virus gefunden
Scanner

C:\Users\Ich\AppData\Roaming\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1-5.de\Inbox



PC01
Trojan.GenericKD.942439 (Engine A)
09.11.2013 10:12:48
Virus gefunden
Scanner

C:\Users\Ich\AppData\Local\Temp\nsmail.zip



PC01
Trojan.HTML.Phishing.ES, Trojan.GenericKD.1079057 (Engine A)
09.11.2013 09:57:55
Virus gefunden
Scanner

C:\Sicherungen\Mails_PC01\20130913\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1.de\Inbox



PC01
Trojan.GenericKD.1182057 (Engine A)
09.11.2013 09:51:24
Virus gefunden
Scanner

C:\Sicherungen\Mails_PC01\aktuell\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1-5.de\Inbox



PC01
Trojan.GenericKD.942439 (Engine A)
09.11.2013 09:51:08
Virus gefunden
Scanner

C:\Sicherungen\Mails_PC01\20131027\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1.de\Sent



PC01
Trojan.GenericKD.1084619 (Engine A)
09.11.2013 09:49:37
Virus gefunden
Scanner

C:\Sicherungen\Mails_PC01\aktuell\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1-2.de\Inbox



PC01
Trojan.GenericKD.1084619 (Engine A)
09.11.2013 09:45:39
Virus gefunden
Scanner

C:\Sicherungen\Mails_PC01\20131027\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1-2.de\Inbox



PC01
Trojan.GenericKD.1182057 (Engine A)
09.11.2013 09:45:01
Virus gefunden
Scanner

C:\Sicherungen\Mails_PC01\20131027\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1-5.de\Inbox



PC01
Trojan.GenericKD.942439 (Engine A)
09.11.2013 09:44:29
Virus gefunden
Scanner

C:\Sicherungen\Mails_PC01\20130913\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1.de\Sent



PC01
Trojan.HTML.Phishing.ES (Engine A)
09.11.2013 09:44:22
Virus gefunden
Scanner

C:\Sicherungen\Mails_PC01\20130603\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1.de\Inbox



PC01
Trojan.GenericKD.1182057 (Engine A)
09.11.2013 09:41:10
Virus gefunden
Scanner

C:\Sicherungen\Mails_PC01\20130913\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1-5.de\Inbox



PC01
Trojan.GenericKD.942439 (Engine A)
09.11.2013 09:41:05
Virus gefunden
Scanner

C:\Sicherungen\Mails_PC01\20130808\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1.de\Sent



PC01
Trojan.GenericKD.1084619 (Engine A)
09.11.2013 09:41:02
Virus gefunden
Scanner

C:\Sicherungen\Mails_PC01\20130913\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1-2.de\Inbox



PC01
Trojan.GenericKD.942439 (Engine A)
09.11.2013 09:39:47
Virus gefunden
Scanner

C:\Sicherungen\Mails_PC01\20130603\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1.de\Sent



PC01
Trojan.GenericKD.1084619 (Engine A)
09.11.2013 09:37:57
Virus gefunden
Scanner

C:\Sicherungen\Mails_PC01\20130808\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1-2.de\Inbox



PC01
Trojan.HTML.Phishing.ES, Trojan.GenericKD.1079057 (Engine A)
09.11.2013 09:06:57
Virus gefunden
Scanner

C:\Sicherungen\Mails_PC01\20130808\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1.de\Inbox



PC01
Trojan.HTML.Phishing.ES, Trojan.GenericKD.1079057, Trojan.GenericKD.1305731 (3x), Trojan.GenericKDV.1308367, Trojan.GenericKD.1331257 (Engine A)
09.11.2013 08:22:12
Virus gefunden
Scanner

C:\Sicherungen\Mails_PC01\20131027\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1.de\Inbox



PC01
Trojan.HTML.Phishing.ES, Trojan.GenericKD.1079057, Trojan.GenericKD.1305731 (3x), Trojan.GenericKDV.1308367, Trojan.GenericKD.1331257 (Engine A)
09.11.2013 08:19:01
Virus gefunden
Scanner

C:\Sicherungen\Mails_PC01\aktuell\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1.de\Inbox



PC01
Trojan.GenericKD.942439 (Engine A)
09.11.2013 08:12:58
Virus gefunden
Scanner

C:\Sicherungen\Mails_PC01\aktuell\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1.de\Sent



PC01
Trojan.HTML.Phishing.ES, Trojan.GenericKD.1079057 (Engine A)
08.11.2013 19:09:30
Virus gefunden
Scanner

C:\Sicherungen\Mails_PC01\20130808\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1.de\Inbox



PC01
Trojan.HTML.Phishing.ES, Trojan.GenericKD.1079057, Trojan.GenericKD.1305731 (3x), Trojan.GenericKDV.1308367, Trojan.GenericKD.1331257 (Engine A)
08.11.2013 19:06:41
Virus gefunden
Scanner

C:\Users\Ich\AppData\Roaming\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1.de\Inbox



PC01
Trojan.GenericKD.1084619 (Engine A)
08.11.2013 18:56:42
Virus gefunden
Scanner

C:\Users\Ich\AppData\Roaming\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1-2.de\Inbox



PC01
Trojan.GenericKD.942439 (Engine A)
08.11.2013 18:53:39
Virus gefunden
Scanner

C:\Users\Ich\AppData\Local\Temp\nsmail.zip



PC01
Trojan.HTML.Phishing.ES, Trojan.GenericKD.1079057, Trojan.GenericKD.1305731 (3x), Trojan.GenericKDV.1308367, Trojan.GenericKD.1331257 (Engine A)
08.11.2013 18:38:16
Virus gefunden
Scanner

C:\Sicherungen\Mails_PC01\aktuell\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1.de\Inbox



PC01
Trojan.HTML.Phishing.ES, Trojan.GenericKD.1079057, Trojan.GenericKD.1305731 (3x), Trojan.GenericKDV.1308367, Trojan.GenericKD.1331257 (Engine A)
08.11.2013 18:29:22
Virus gefunden
Scanner

C:\Sicherungen\Mails_PC01\20131027\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1.de\Inbox



PC01
Trojan.GenericKD.942439 (Engine A)
08.11.2013 18:26:44
Virus gefunden
Scanner

C:\Sicherungen\Mails_PC01\aktuell\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1.de\Sent



PC01
Trojan.GenericKD.1182057 (Engine A)
08.11.2013 18:16:24
Virus gefunden
Scanner

C:\Sicherungen\Mails_PC01\aktuell\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1-5.de\Inbox



PC01
Trojan.GenericKD.1084619 (Engine A)
08.11.2013 18:15:57
Virus gefunden
Scanner

C:\Sicherungen\Mails_PC01\aktuell\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1-2.de\Inbox



PC01
Trojan.GenericKD.942439 (Engine A)
08.11.2013 18:13:21
Virus gefunden
Scanner

C:\Sicherungen\Mails_PC01\20131027\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1.de\Sent



PC01
Trojan.HTML.Phishing.ES, Trojan.GenericKD.1079057 (Engine A)
08.11.2013 18:12:05
Virus gefunden
Scanner

C:\Sicherungen\Mails_PC01\20130913\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1.de\Inbox



PC01
Trojan.GenericKD.1182057 (Engine A)
08.11.2013 18:04:29
Virus gefunden
Scanner

C:\Sicherungen\Mails_PC01\20131027\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1-5.de\Inbox



PC01
Trojan.GenericKD.1084619 (Engine A)
08.11.2013 18:03:18
Virus gefunden
Scanner

C:\Sicherungen\Mails_PC01\20131027\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1-2.de\Inbox



PC01
Trojan.HTML.Phishing.ES (Engine A)
08.11.2013 17:59:47
Virus gefunden
Scanner

C:\Sicherungen\Mails_PC01\20130603\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1.de\Inbox



PC01
Trojan.GenericKD.942439 (Engine A)
08.11.2013 17:57:52
Virus gefunden
Scanner

C:\Sicherungen\Mails_PC01\20130913\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1.de\Sent



PC01
Trojan.GenericKD.1182057 (Engine A)
08.11.2013 17:53:27
Virus gefunden
Scanner

C:\Sicherungen\Mails_PC01\20130913\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1-5.de\Inbox



PC01
Trojan.GenericKD.1084619 (Engine A)
08.11.2013 17:53:00
Virus gefunden
Scanner

C:\Sicherungen\Mails_PC01\20130913\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1-2.de\Inbox



PC01
Trojan.GenericKD.942439 (Engine A)
08.11.2013 17:51:56
Virus gefunden
Scanner

C:\Sicherungen\Mails_PC01\20130808\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1.de\Sent



PC01
Trojan.GenericKD.942439 (Engine A)
08.11.2013 17:50:13
Virus gefunden
Scanner

C:\Sicherungen\Mails_PC01\20130603\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1.de\Sent



PC01
Trojan.GenericKD.1084619 (Engine A)
08.11.2013 17:47:35
Virus gefunden
Scanner

C:\Sicherungen\Mails_PC01\20130808\Daten\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1-2.de\Inbox



PC01
Trojan.GenericKD.942439 (Engine A)
08.11.2013 16:58:09
Virus gefunden
Scanner

C:\Users\Ich\AppData\Roaming\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1.de\Sent



PC01
Trojan.GenericKD.1182057 (Engine A)
08.11.2013 16:53:43
Virus gefunden
Scanner

C:\Users\Ich\AppData\Roaming\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1-5.de\Inbox



PC01
HTML:Scammer-G [Trj] (Engine B)
05.11.2013 11:57:11
Datei in Quarantäne verschoben
Wächter

C:\Users\Ich\AppData\Roaming\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1.de\Trash



PC01
HTML:Scammer-G [Trj] (Engine B)
04.11.2013 09:27:46
Datei in Quarantäne verschoben
Wächter

C:\Users\Ich\AppData\Roaming\Thunderbird\Profiles\n2ljjdzo.default\Mail\pop.1und1.de\Trash



PC01
JPG:MS04-028 [Expl] (Engine B)
07.08.2013 15:31:51
Datei in Quarantäne verschoben
Wächter

C:\Fotos\~0130716_161446_Gundelsberger Straße.tmp



PC01
JPG:MS04-028 [Expl] (Engine B)
07.08.2013 15:31:50
Datei in Quarantäne verschoben
Wächter

C:\Fotos\~0130716_161002_Wiechs.tmp
FRST ist eine Zeitlang gelaufen, ist dann aber abgebrochen.
Danke für die Hilfe.

schrauber 11.11.2013 07:57
hi,

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden ).
  • Doppelklick auf die OTL.exe
  • Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimal Ausgabe
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

Löwe1 11.11.2013 13:58
Hi Schrauber,
vielen Dank für die Rückmeldung
in der deutschen Version von OTL wird angeboten: „Scan“ und „Quick Scan“.
Was soll ich laufen lassen?
Gruß Löwe

Hi Schrauber,
nachfolgend der Report von OTL.txt (ausgeführt als Quickscan)
OTL Logfile:
Code:
OTL logfile created on: 11.11.2013 11:58:27 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Gnuj\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,96 Gb Total Physical Memory | 2,16 Gb Available Physical Memory | 54,51% Memory free
7,92 Gb Paging File | 5,49 Gb Available in Paging File | 69,34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 458,50 Gb Total Space | 280,69 Gb Free Space | 61,22% Space Free | Partition Type: NTFS
Drive D: | 7,17 Gb Total Space | 0,92 Gb Free Space | 12,80% Space Free | Partition Type: NTFS
Drive K: | 55,85 Gb Total Space | 7,71 Gb Free Space | 13,81% Space Free | Partition Type: NTFS
Drive L: | 55,85 Gb Total Space | 7,71 Gb Free Space | 13,81% Space Free | Partition Type: NTFS
Drive P: | 55,85 Gb Total Space | 7,71 Gb Free Space | 13,81% Space Free | Partition Type: NTFS
Drive Q: | 55,85 Gb Total Space | 7,71 Gb Free Space | 13,81% Space Free | Partition Type: NTFS
 
Computer Name: PC01 | User Name: Gnuj | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC -  File not found
PRC - C:\Users\Gnuj\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\PhraseExpress\phraseexpress.exe (Bartels Media GmbH)
PRC - C:\PROGRA~2\MIF5BA~1\Office14\WINWORD.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Haufe\iDesk\iDeskService\iDeskService.exe ()
PRC - C:\Program Files (x86)\Haufe\iDesk\iDeskService\ideskpython.exe (Haufe Mediengruppe)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Vetad\PROGRAMM\B0001442\PSNTServ.exe (Vetad eG)
PRC - C:\Vetad\SYSTEM\Vetad.Framework.RemoteServiceModel.GenericService2010.exe (Vetad eG)
PRC - C:\Vetad\PROGRAMM\B0000150\ScServer\DVckService.exe (Vetad eG)
PRC - C:\Vetad\PROGRAMM\B0000398\SiPaHost.exe (Vetad eG)
PRC - C:\Vetad\PROGRAMM\B0000398\SiPaHostService.exe (Vetad eG)
PRC - C:\Vetad\PROGRAMM\Install\DvInesASDMon.Exe (Vetad eG)
PRC - C:\Vetad\PROGRAMM\Install\DvInesASDSvc.Exe (Vetad eG)
PRC - C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG)
PRC - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe ()
PRC - C:\Vetad\PROGRAMM\B0000000\DFUEMNGR\DfueMan.exe (Vetad eG)
PRC - C:\Vetad\PROGRAMM\DFUEISDN\SSLClt\sslclt.exe (Vetad eG)
PRC - C:\Vetad\PROGRAMM\B0000000\DFUEMNGR\DcManag.exe (Vetad eG)
PRC - C:\Vetad\PROGRAMM\B0000299\AS\as.exe (VetadeG)
PRC - C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe (G Data Software AG)
PRC - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe (G Data Software AG)
PRC - C:\Program Files (x86)\G Data\AVK\AVK.exe (G Data Software AG)
PRC - C:\Program Files (x86)\AGFEO\Tk-Suite\tools\ctimon.exe (AGFEO      )
PRC - C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe (HP)
PRC - C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe (HP)
PRC - C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe (HP)
PRC - C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Acronis)
PRC - C:\Vetad\PROGRAMM\B0000404\msdisrv.exe (KOBIL Systems GmbH)
PRC - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Nuance\PDF Professional 7\PdfPro7Hook.exe (Nuance Communications, Inc.)
PRC - C:\Program Files (x86)\Nuance\PDF Professional 7\PDFProFiltSrv.exe (Nuance Communications, Inc.)
PRC - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Program Files (x86)\klickTel\klickTel OEM Frühjahr 2010\KSTART32.EXE (telegate MEDIA AG)
PRC - C:\Vetad\PROGRAMM\A0000007\DHNC.exe ()
PRC - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
PRC - C:\Vetad\SYSTEM\RzpjWtch.exe (Vetad eG)
PRC - C:\lotus\organize\easyclip6.exe (Lotus Development Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\PhraseExpress\pexlang.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Network\05fb8add8ed309511d33005b64db51d8\Vetad.Network.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Framework.Mic#\9b17db1567cedc01fe2d6c7dc90b01ec\Vetad.Framework.MicroKernel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Framework.Int#\86c0dfed414b4b1aa82d0352fc147763\Vetad.Framework.Interop.OfficeObjectModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Framework.Int#\97c7bcb8869c21ccc0a2edcf60afb731\Vetad.Framework.Interop.Office.MSOffice14.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Framework.Int#\3c76afd2827aae5e1a6a8aa52adea739\Vetad.Framework.Interop.Office.Goal.Common.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Framework.Int#\3c5ce8af61cc1e702fc89c39a89dc7c0\Vetad.Framework.Interop.Office.Goal.MSOTypes.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Framework.Int#\376bcb9ba86870ae17d3a63ea1fb5929\Vetad.Framework.Interop.Office.Goal.BSOffice.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Framework.Int#\5b6371c8a1008b55ca0a48f260b3f3e9\Vetad.Framework.Interop.Office.Goal.Base.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Framework.Dia#\c0887ced42561c0c2b9dc65b183fecc1\Vetad.Framework.Diagnostics.RealTimeTracing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.ConfigDB\d0a3586446af1f7aa101a31ac36dbc1d\Vetad.ConfigDB.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\e40d894a772b2cff5ffd5a84ef20d2d4\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dac1208781fdd0b960afc12efff42944\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\71d887ce964fb69b7f03c4fe7a3f28ff\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Framework.Int#\4e6c85823b769bc47024bb0a305e66f3\Vetad.Framework.Interop.Office.Word14.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Framework.Int#\b49314a634f98bf6d4b0c0fc15705316\Vetad.Framework.Interop.Office.Goal.ObjectFactory.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Framework.Int#\ac0a82d116c43dfa7556e0fa9830446e\Vetad.Framework.Interop.Office.Goal.Calc.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Framework.Int#\e2ec546ef40c590ca2c55a8d5006ca35\Vetad.Framework.Interop.Office.Goal.Basics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Framework.Int#\797af1fef2e5f7f69a895b3ac7829b63\Vetad.Framework.Interop.Office.Extensions.OfficeUI.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Framework.Int#\87879028bdeeb98b5ab9bc7f3891c3e8\Vetad.Framework.Interop.Office.Extensions.Base.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\3a3fc0216674bdea0be809b305517c98\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\884bcbd22130ebeb1211bc7bcc3910c9\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\de853615c8224ba5d9aa9b76276c6d98\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Network.Inter#\f41b1c423b0773c656fad36adadd7931\Vetad.Network.Interfaces.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Framework.Int#\794f134fd574b106461b20b224b57df1\Vetad.Framework.Interop.Office.Goal.Text.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Framework.Int#\e9c1d3baac577ec5eac2d7a90437f1bb\Vetad.Framework.Interop.Office.Goal.Component.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Framework.Int#\6a851c744185a856a105954971d094ad\Vetad.Framework.Interop.Office.Goal.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Framework.Int#\de72f603bf94e9a94563c014c36404a2\Vetad.Framework.Interop.Office.Extensions.DDMA.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Framework.Int#\3aa681fb4055d3e03daaec3f9686c96c\Vetad.Framework.Interop.Office.Extensions.BSOfficeMenu.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.ConfigDB.Inte#\614b0fe9393254fba76ddb4bf0235a6c\Vetad.ConfigDB.Interfaces.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\cf58670896c5313b9b52f026f4455a5d\mscorlib.ni.dll ()
MOD - C:\PROGRA~2\CSH-SO~1\Ka\COLWOR~1.DLL ()
MOD - C:\Vetad\SYSTEM\DVCCSASCMtf001.dll ()
MOD - C:\Program Files (x86)\AGFEO\Tk-Suite\tools\imageformats\qgif4.dll ()
MOD - C:\Program Files (x86)\AGFEO\Tk-Suite\tools\imageformats\qjpeg4.dll ()
MOD - C:\Program Files (x86)\AGFEO\Tk-Suite\tools\sqldrivers\qsqlite4.dll ()
MOD - C:\Program Files (x86)\AGFEO\Tk-Suite\tools\QtWebKit4.dll ()
MOD - C:\Program Files (x86)\AGFEO\Tk-Suite\tools\QtScript4.dll ()
MOD - C:\Program Files (x86)\AGFEO\Tk-Suite\tools\phonon4.dll ()
MOD - C:\Program Files (x86)\AGFEO\Tk-Suite\tools\QtGui4.dll ()
MOD - C:\Program Files (x86)\AGFEO\Tk-Suite\tools\QtSql4.dll ()
MOD - C:\Program Files (x86)\AGFEO\Tk-Suite\tools\QtNetwork4.dll ()
MOD - C:\Program Files (x86)\AGFEO\Tk-Suite\tools\QtCore4.dll ()
MOD - C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf ()
MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf ()
MOD - C:\Program Files (x86)\Nuance\PDF Professional 7\PDFCOffice2007Addin.dll ()
MOD - C:\Vetad\PROGRAMM\A0000007\DHNC.exe ()
MOD - C:\Vetad\SYSTEM\DvDfvkBas002.dll ()
MOD - C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV:64bit: - (FirebirdGuardianDefaultInstance) -- C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe (Firebird Project)
SRV:64bit: - (FirebirdServerDefaultInstance) -- C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe (Firebird Project)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (hasplms) -- C:\Windows\SysNative\hasplms.exe (SafeNet Inc.)
SRV:64bit: - (Intel(R) -- C:\Windows\SysNative\IPROSetMonitor.exe (Intel Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (HRService) -- C:\Program Files (x86)\Haufe\iDesk\iDeskService\iDeskService.exe ()
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (VetadPrintService) -- C:\Vetad\PROGRAMM\B0001442\PSNTServ.exe (Vetad eG)
SRV - (DVckService) -- C:\Vetad\PROGRAMM\B0000150\ScServer\DVckService.exe (Vetad eG)
SRV - (Sicherheitspaket-Dienst) -- C:\Vetad\PROGRAMM\B0000398\SiPaHostService.exe (Vetad eG)
SRV - (Vetad Update-Service) -- C:\Vetad\PROGRAMM\Install\DvInesASDSvc.Exe (Vetad eG)
SRV - (DBService) -- C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (Hewlett-Packard Company)
SRV - (afcdpsrv) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
SRV - (vToolbarUpdater12.2.0) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe ()
SRV - (Dcmanag) -- C:\Vetad\PROGRAMM\B0000000\DFUEMNGR\DcManag.exe (Vetad eG)
SRV - (GDScan) -- C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe (G Data Software AG)
SRV - (AVKProxy) -- C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe (G Data Software AG)
SRV - (AntiVirusKit Client) -- C:\Program Files (x86)\G Data\AVK\AVK.exe (G Data Software AG)
SRV - (AVKWCtl) -- C:\Program Files (x86)\G Data\AVK\AVKWCtlX64.exe (G Data Software AG)
SRV - (GDBackupSvc) -- C:\Program Files (x86)\G Data\AVK\AVKBackupService.exe (G Data Software AG)
SRV - (FPLService) -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe (HP)
SRV - (syncagentsrv) -- C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Acronis)
SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (KOBIL_MSDI) -- C:\Vetad\PROGRAMM\B0000404\msdisrv.exe (KOBIL Systems GmbH)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (PDFProFiltSrv) -- C:\Program Files (x86)\Nuance\PDF Professional 7\PDFProFiltSrv.exe (Nuance Communications, Inc.)
SRV - (IviRegMgr) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (PSI_SVC_2) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (HookCentre) -- C:\Windows\SysNative\drivers\HookCentre.sys (G Data Software AG)
DRV:64bit: - (GDMnIcpt) -- C:\Windows\SysNative\drivers\MiniIcpt.sys (G Data Software AG)
DRV:64bit: - (GDBehave) -- C:\Windows\SysNative\drivers\GDBehave.sys (G Data Software AG)
DRV:64bit: - (gdwfpcd) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys (G Data Software AG)
DRV:64bit: - (GRD) -- C:\Windows\SysNative\drivers\GRD.sys (G Data Software)
DRV:64bit: - (KOBCCID) -- C:\Windows\SysNative\drivers\KOBCCID.sys (KOBIL Systems GmbH)
DRV:64bit: - (vidsflt58) -- C:\Windows\SysNative\drivers\vsflt58.sys (Acronis)
DRV:64bit: - (afcdp) -- C:\Windows\SysNative\drivers\afcdp.sys (Acronis)
DRV:64bit: - (tdrpman) -- C:\Windows\SysNative\drivers\tdrpman.sys (Acronis)
DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis)
DRV:64bit: - (vididr) -- C:\Windows\SysNative\drivers\vididr.sys (Acronis)
DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis)
DRV:64bit: - (fltsrv) -- C:\Windows\SysNative\drivers\fltsrv.sys (Acronis)
DRV:64bit: - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies)
DRV:64bit: - (SC_SERV3D) -- C:\Windows\SysNative\drivers\d3_kafm.sys (Vetad eG)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (KOBCCEX) -- C:\Windows\SysNative\drivers\KOBCCEX.sys (KOBIL Systems GmbH)
DRV:64bit: - (pmxdrv) -- C:\Windows\SysNative\drivers\pmxdrv.sys ()
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (aksfridge) -- C:\Windows\SysNative\drivers\aksfridge.sys (SafeNet Inc.)
DRV:64bit: - (aksdf) -- C:\Windows\SysNative\drivers\aksdf.sys (SafeNet Inc.)
DRV:64bit: - (hardlock) -- C:\Windows\SysNative\drivers\hardlock.sys (SafeNet Inc.)
DRV:64bit: - (e1cexpress) -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (IFCoEVB) -- C:\Windows\SysNative\drivers\ifP52x64.sys (Intel(R) Corporation)
DRV:64bit: - (IFCoEMP) -- C:\Windows\SysNative\drivers\ifM52x64.sys (Intel(R) Corporation)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=110&systemid=102&sr=0&q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMDTDF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=110&systemid=102&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMDTDF
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-3819896947-3942532061-1754202372-1137\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
IE - HKU\S-1-5-21-3819896947-3942532061-1754202372-1137\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}
IE - HKU\S-1-5-21-3819896947-3942532061-1754202372-1137\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-3819896947-3942532061-1754202372-1137\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=110&systemid=102&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-3819896947-3942532061-1754202372-1137\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMDTDF
IE - HKU\S-1-5-21-3819896947-3942532061-1754202372-1137\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.google.de/|hxxp://www.ebay.de/|hxxp://www.web.de/|hxxp://www.geizkragen.de/preisvergleich/telefon-und-co/handys-ohne-vertrag/samsung/samsung-galaxy-s4-i9505/802087.html|hxxp://forum.chip.de/drucker-scanner-co-21/|hxxp://www.dilem.fr/de/simulator/monture:OJ090/branche:ZM#!monture:OJ090/branche:ZC246|hxxp://www.gegenfrage.com/category/gold/|hxxp://www.proaurum.de/home/aktuellwichtig/chartanalyse/chart-analyse_23-07-2013.html|https://www.gevestor-group.de/?id=512829&banner=HV_redLink2_12609_63075742030&nl_link=HV_redLink2_12609_63075742030&utm_medium=email&utm_campaign=63075742030_2013-08-28T17%253A00_%255BAC%255D+Newsletter+vom+28.08.2013&utm_source=4016638430&SYS=000&SCID=anVuZ0AxYS10b3AtYmVyYXR1bmcuZGU%253D"
FF - prefs.js..extensions.enabledAddons: toolbar%40web.de:2.8
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@Vetad.de/Vetad_BestellManager,version=1.7: C:\Vetad\PROGRAMM\A0000015\npdvbm.dll ( Vetad eG)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Professional 7\bin\nppdf.dll (Zeon Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.11.08 10:32:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2008.02.22 16:24:06 | 000,095,832 | ---- | M] ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.12.16 10:34:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2008.02.22 16:24:06 | 000,095,832 | ---- | M] ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.12.16 10:34:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2008.02.22 16:24:06 | 000,095,832 | ---- | M] ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.12.16 10:34:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2008.02.22 16:24:06 | 000,095,832 | ---- | M] ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.12.16 10:34:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2008.02.22 16:24:06 | 000,095,832 | ---- | M] ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.12.16 10:34:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2008.02.22 16:24:06 | 000,095,832 | ---- | M] ()
 
[2012.11.22 00:23:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gnuj\AppData\Roaming\mozilla\Extensions
[2012.01.04 19:20:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gnuj\AppData\Roaming\mozilla\Extensions\ideskbrowser@haufe.de
[2013.10.24 09:15:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gnuj\AppData\Roaming\mozilla\Firefox\Profiles\rd42lxr8.default\Extensions
[2013.10.24 09:15:19 | 000,634,504 | ---- | M] () (No name found) -- C:\Users\Gnuj\AppData\Roaming\mozilla\firefox\profiles\rd42lxr8.default\Extensions\toolbar@web.de.xpi
[2013.10.10 09:19:25 | 000,915,554 | ---- | M] () (No name found) -- C:\Users\Gnuj\AppData\Roaming\mozilla\firefox\profiles\rd42lxr8.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.10.24 09:15:22 | 000,001,003 | ---- | M] () -- C:\Users\Gnuj\AppData\Roaming\mozilla\firefox\profiles\rd42lxr8.default\searchplugins\11-suche.xml
[2013.10.24 09:15:22 | 000,002,353 | ---- | M] () -- C:\Users\Gnuj\AppData\Roaming\mozilla\firefox\profiles\rd42lxr8.default\searchplugins\englische-ergebnisse.xml
[2013.10.24 09:15:22 | 000,002,822 | ---- | M] () -- C:\Users\Gnuj\AppData\Roaming\mozilla\firefox\profiles\rd42lxr8.default\searchplugins\gmx-suche.xml
[2013.10.24 09:15:22 | 000,002,432 | ---- | M] () -- C:\Users\Gnuj\AppData\Roaming\mozilla\firefox\profiles\rd42lxr8.default\searchplugins\lastminute.xml
[2013.10.24 09:15:22 | 000,005,637 | ---- | M] () -- C:\Users\Gnuj\AppData\Roaming\mozilla\firefox\profiles\rd42lxr8.default\searchplugins\webde-suche.xml
[2013.11.08 10:32:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.11.08 10:32:27 | 000,000,000 | ---D | M] (TrueSuite Website Logon) -- C:\Program Files (x86)\mozilla firefox\extensions\websitelogon@truesuite.com
[2013.11.08 10:32:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.11.08 10:32:33 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Vetad Bestell-Manager Plug-in (Enabled) = C:\Vetad\PROGRAMM\A0000015\npdvbm.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: DocuCom PDF Plus (Enabled) = C:\Program Files (x86)\Nuance\PDF Professional 7\bin\nppdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - Extension: Docs = C:\Users\Gnuj\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google Drive = C:\Users\Gnuj\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: YouTube = C:\Users\Gnuj\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Gnuj\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Website Logon = C:\Users\Gnuj\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfaldikcoaplhepekpbngkepfcoiihef\1.0_0\
CHR - Extension: Google Mail = C:\Users\Gnuj\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013.03.17 00:24:15 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2:64bit: - BHO: (DtvIePwdSafeBHO Class) - {6EF6B546-25FB-455B-801F-FDB3B3D39F9E} - C:\Vetad\PROGRAMM\B0000397\DtvIePwdSafe64.dll (Vetad eG)
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
O2:64bit: - BHO: (SCardBHOEvent Class) - {AF8CD625-E04A-4A8F-A90A-0C74846C2E30} - C:\Vetad\SYSTEM\DVCCSASCardBHO64002.dll (Vetad eG)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (no name) - {11111111-1111-1111-1111-110011441179} - No CLSID value found.
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (DtvIePwdSafeBHO Class) - {6EF6B546-25FB-455B-801F-FDB3B3D39F9E} - C:\Vetad\PROGRAMM\B0000397\DtvIePwdSafe.dll (Vetad eG)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
O2 - BHO: (SCardBHOEvent Class) - {AF8CD625-E04A-4A8F-A90A-0C74846C2E30} - C:\Vetad\SYSTEM\DVCCSASCardBHO002.dll (Vetad eG)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3 - HKLM\..\Toolbar: (Nuance PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AVK Client] C:\Program Files (x86)\G Data\AVK\AVK.exe (G Data Software AG)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Vetad Update-Monitor] C:\Vetad\PROGRAMM\Install\DvInesASDMon.exe (Vetad eG)
O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
O4 - HKLM..\Run: [PDF7 Registry Controller] C:\Program Files (x86)\Nuance\PDF Professional 7\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFHook] C:\Program Files (x86)\Nuance\PDF Professional 7\pdfpro7hook.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SiPaHost] C:\Vetad\PROGRAMM\B0000398\SiPaHost.exe (Vetad eG)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-3819896947-3942532061-1754202372-1137..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - Startup: C:\Users\Gnuj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\klickTel OEM Frühjahr 2010 - Schnellstarter.lnk = C:\Program Files (x86)\klickTel\klickTel OEM Frühjahr 2010\KSTART32.EXE (telegate MEDIA AG)
O4 - Startup: C:\Users\Gnuj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Lotus Organizer EasyClip.lnk = C:\lotus\organize\easyclip6.exe (Lotus Development Corporation)
O4 - Startup: C:\Users\Gnuj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PhraseExpress Diagnose-Modus.lnk = C:\Program Files (x86)\PhraseExpress\phraseexpress.exe (Bartels Media GmbH)
O4 - Startup: C:\Users\Gnuj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TK-Suite Client.lnk = C:\Program Files (x86)\AGFEO\Tk-Suite\tools\ctimon.exe (AGFEO      )
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3819896947-3942532061-1754202372-1137\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3819896947-3942532061-1754202372-1137\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3819896947-3942532061-1754202372-1137\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8:64bit: - Extra context menu item: Inhalt der ausgewählten Links an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8:64bit: - Extra context menu item: Linkinhalt an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8:64bit: - Extra context menu item: Mit Nuance PDF Converter 7.0 öffnen - C:\Program Files (x86)\Nuance\PDF Professional 7\cnvres_ger.dll (Nuance Communications, Inc.)
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: PDF-Datei aus Linkinhalt erstellen - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8:64bit: - Extra context menu item: PDF-Datei erstellen - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8:64bit: - Extra context menu item: PDF-Dateien aus den ausgewählten Links erstellen - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: An vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Inhalt der ausgewählten Links an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Linkinhalt an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Mit Nuance PDF Converter 7.0 öffnen - C:\Program Files (x86)\Nuance\PDF Professional 7\cnvres_ger.dll (Nuance Communications, Inc.)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: PDF-Datei aus Linkinhalt erstellen - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: PDF-Datei erstellen - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: PDF-Dateien aus den ausgewählten Links erstellen - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Web-Eintrag - {B4E30F61-16D9-11D3-85D1-005004229569} - c:\lotus\organize\bandobjs.dll ()
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3819896947-3942532061-1754202372-1137\..Trusted Domains: Vetad.com ([]http is out of zone range - 5)
O15 - HKU\S-1-5-21-3819896947-3942532061-1754202372-1137\..Trusted Domains: Vetad.com ([]https is out of zone range - 5)
O15 - HKU\S-1-5-21-3819896947-3942532061-1754202372-1137\..Trusted Domains: Vetad.de ([]http is out of zone range - 5)
O15 - HKU\S-1-5-21-3819896947-3942532061-1754202372-1137\..Trusted Domains: Vetad.de ([]https is out of zone range - 5)
O15 - HKU\S-1-5-21-3819896947-3942532061-1754202372-1137\..Trusted Domains: Vetad.de ([www] http is out of zone range -  5)
O15 - HKU\S-1-5-21-3819896947-3942532061-1754202372-1137\..Trusted Domains: Vetad.de ([www] https is out of zone range -  5)
O15 - HKU\S-1-5-21-3819896947-3942532061-1754202372-1137\..Trusted Domains: Vetadnet.de ([*.services] http is out of zone range -  5)
O15 - HKU\S-1-5-21-3819896947-3942532061-1754202372-1137\..Trusted Domains: Vetadnet.de ([*.services] https is out of zone range -  5)
O15 - HKU\S-1-5-21-3819896947-3942532061-1754202372-1137\..Trusted Domains: Vetadstadt.de ([]http is out of zone range - 5)
O15 - HKU\S-1-5-21-3819896947-3942532061-1754202372-1137\..Trusted Domains: Vetadstadt.de ([]https is out of zone range - 5)
O16:64bit: - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex64-2.2.6.0.cab (DLM Control)
O16 - DPF: {15BE8BEE-4105-4A79-B385-25068AA967DB} hxxp://de1.iradiopop.com/IRD/pages/VBIMDPlayer.CAB (VBIRDPlayer.Player)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 10.45.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.199.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Ka.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D3BA4BEC-0264-43CF-B7B3-57C797E79215}: DhcpNameServer = 192.168.199.10
O18:64bit: - Protocol\Handler\haufereader - No CLSID value found
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\haufereader - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.11.11 09:43:20 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Gnuj\Desktop\OTL.exe
[2013.11.11 00:42:07 | 000,000,000 | ---D | C] -- C:\FRST
[2013.11.11 00:41:12 | 001,957,590 | ---- | C] (Farbar) -- C:\Users\Gnuj\Desktop\FRST64.exe
[2013.11.08 10:32:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.10.22 17:10:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013.10.22 17:10:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.10.22 17:10:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
 
========== Files - Modified Within 30 Days ==========
 
[2013.11.11 11:56:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.11.11 11:16:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.11.11 09:43:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Gnuj\Desktop\OTL.exe
[2013.11.11 09:16:48 | 000,027,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.11.11 09:16:48 | 000,027,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.11.11 09:15:23 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.11.11 09:15:23 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.11.11 09:15:23 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.11.11 09:15:23 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.11.11 09:15:23 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.11.11 09:09:17 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.11.11 09:08:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.11.11 09:08:14 | 3188,219,904 | -HS- | M] () -- C:\hiberfil.sys
[2013.11.11 01:40:43 | 000,001,091 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PhraseExpress.lnk
[2013.11.11 00:41:27 | 001,957,590 | ---- | M] (Farbar) -- C:\Users\Gnuj\Desktop\FRST64.exe
[2013.11.11 00:02:36 | 000,086,142 | ---- | M] () -- C:\Users\Gnuj\Desktop\Viren_PC01_20131110.xml
[2013.11.07 15:36:06 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForGnuj.job
[2013.11.06 17:13:46 | 000,005,823 | ---- | M] () -- C:\Users\Gnuj\AppData\Local\EmptySettings.xml
[2013.11.04 11:01:17 | 000,000,021 | ---- | M] () -- C:\Windows\DvInesKurusOleServer003.INI
[2013.11.04 10:56:11 | 000,000,526 | ---- | M] () -- C:\Windows\ODBC.INI
[2013.10.30 14:51:04 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForPC01$.job
[2013.10.24 07:41:01 | 000,002,311 | ---- | M] () -- C:\Users\Public\Desktop\Haufe Steuer Office aufrufen.lnk
[2013.10.24 07:28:45 | 000,002,875 | ---- | M] () -- C:\Users\Public\Desktop\Haufe Formular-Manager.lnk
[2013.10.17 18:00:19 | 000,002,185 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
 
========== Files Created - No Company Name ==========
 
[2013.11.11 00:01:01 | 000,086,142 | ---- | C] () -- C:\Users\Gnuj\Desktop\Viren_PC01_20131110.xml
[2013.10.24 07:41:01 | 000,002,311 | ---- | C] () -- C:\Users\Public\Desktop\Haufe Steuer Office aufrufen.lnk
[2013.03.28 22:36:43 | 000,233,577 | ---- | C] () -- C:\Windows\SysWow64\vMainHook.dll
[2013.03.28 22:36:43 | 000,196,608 | ---- | C] () -- C:\Windows\SysWow64\SCARCOUW.dll
[2013.03.28 22:36:43 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\plausibili2.dll
[2013.01.02 19:18:53 | 000,004,096 | -H-- | C] () -- C:\Users\Gnuj\AppData\Local\keyfile3.drm
[2012.11.12 15:11:11 | 000,007,605 | ---- | C] () -- C:\Users\Gnuj\AppData\Local\Resmon.ResmonCfg
[2012.11.11 10:03:42 | 000,001,505 | ---- | C] () -- C:\Windows\HBCIKRNL.INI
[2012.11.11 09:55:20 | 000,000,227 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2012.11.01 09:38:03 | 000,900,963 | ---- | C] () -- C:\Windows\SysWow64\sig.bin
[2012.10.18 14:45:37 | 000,016,387 | ---- | C] () -- C:\Windows\German.ini
[2012.10.18 13:26:59 | 000,446,464 | ---- | C] () -- C:\Windows\SysWow64\Tx32.dll
[2012.10.18 13:26:59 | 000,000,151 | ---- | C] () -- C:\Windows\SysWow64\ic32.ini
[2012.08.31 09:57:22 | 000,015,873 | ---- | C] () -- C:\Windows\SysWow64\Inetde.dll
[2012.08.26 16:00:31 | 000,000,256 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2012.08.26 16:00:31 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2012.08.26 16:00:14 | 000,000,416 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012.08.26 16:00:13 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD8860DN.DAT
[2012.08.26 15:59:25 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
[2012.08.26 15:59:25 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2012.08.26 15:59:25 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2012.08.26 15:59:22 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2012.08.26 15:59:15 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2012.06.13 16:37:51 | 000,000,000 | ---- | C] () -- C:\Users\Gnuj\defogger_reenable
[2012.06.12 22:32:35 | 000,000,052 | ---- | C] () -- C:\ProgramData\ckpgxccjdmbsnlv
[2012.05.14 06:27:49 | 000,010,595 | ---- | C] () -- C:\Windows\SysWow64\UpdateAction_30032012.exe.dmp
[2012.03.09 05:31:26 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.03.09 05:31:26 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.03.09 00:26:20 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2012.03.07 18:32:57 | 001,335,296 | ---- | C] () -- C:\Windows\SysWow64\p2pfilter.dll
[2012.03.07 18:32:57 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\DSPlayer.dll
[2012.02.07 09:47:33 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2012.02.07 09:47:33 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\advd.dll
[2012.02.07 09:47:33 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\auth.dll
[2012.01.31 06:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.01.23 18:44:25 | 000,005,823 | ---- | C] () -- C:\Users\Gnuj\AppData\Local\EmptySettings.xml
[2012.01.14 12:36:51 | 000,035,328 | ---- | C] () -- C:\Windows\SysWow64\INETWH32.DLL
[2012.01.14 12:36:51 | 000,009,136 | ---- | C] () -- C:\Windows\SysWow64\INETWH16.DLL
[2012.01.14 11:39:58 | 000,000,196 | ---- | C] () -- C:\Windows\ktel.ini
[2012.01.03 14:47:17 | 000,001,471 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2012.01.03 14:42:58 | 000,000,046 | ---- | C] () -- C:\Windows\BRUNVPC.INI
[2012.01.03 12:42:36 | 000,000,526 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.01.03 12:21:37 | 000,000,021 | ---- | C] () -- C:\Windows\DvInesKurusOleServer003.INI
[2012.01.03 12:19:42 | 000,000,096 | ---- | C] () -- C:\Windows\dvinesinstalllocation001.INI
[2012.01.03 12:12:14 | 000,000,097 | ---- | C] () -- C:\Windows\Startup.INI
[2012.01.03 11:48:38 | 000,004,876 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012.01.03 08:28:19 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.12.09 00:10:23 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.12.09 00:10:23 | 000,206,952 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.12.09 00:10:22 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.07.26 03:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.07.26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.01.16 07:41:58 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Haufe Mediengruppe
[2012.03.01 11:21:54 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Zeon
[2012.09.08 14:53:14 | 000,000,000 | ---D | M] -- C:\Users\Gnuj\AppData\Roaming\Acronis
[2012.01.19 15:42:46 | 000,000,000 | ---D | M] -- C:\Users\Gnuj\AppData\Roaming\AGFEO
[2012.07.05 23:16:05 | 000,000,000 | ---D | M] -- C:\Users\Gnuj\AppData\Roaming\AnvSoft
[2013.11.11 11:54:47 | 000,000,000 | ---D | M] -- C:\Users\Gnuj\AppData\Roaming\BOM
[2012.07.07 15:06:45 | 000,000,000 | ---D | M] -- C:\Users\Gnuj\AppData\Roaming\Canneverbe Limited
[2012.02.07 09:48:24 | 000,000,000 | ---D | M] -- C:\Users\Gnuj\AppData\Roaming\concept design
[2013.02.07 09:19:40 | 000,000,000 | ---D | M] -- C:\Users\Gnuj\AppData\Roaming\Vetad
[2012.01.03 14:24:23 | 000,000,000 | ---D | M] -- C:\Users\Gnuj\AppData\Roaming\DMS
[2013.06.02 23:20:39 | 000,000,000 | ---D | M] -- C:\Users\Gnuj\AppData\Roaming\DVASSV
[2013.02.28 17:09:12 | 000,000,000 | ---D | M] -- C:\Users\Gnuj\AppData\Roaming\elsterformular
[2012.02.07 10:38:54 | 000,000,000 | ---D | M] -- C:\Users\Gnuj\AppData\Roaming\Engelmann Media
[2013.04.19 10:02:37 | 000,000,000 | ---D | M] -- C:\Users\Gnuj\AppData\Roaming\Erbschaftsteuer_Rechner
[2012.12.06 00:05:36 | 000,000,000 | ---D | M] -- C:\Users\Gnuj\AppData\Roaming\FreeCommander
[2012.01.04 19:20:42 | 000,000,000 | ---D | M] -- C:\Users\Gnuj\AppData\Roaming\Haufe Mediengruppe
[2013.06.06 07:40:04 | 000,000,000 | ---D | M] -- C:\Users\Gnuj\AppData\Roaming\CSH-Software
[2012.12.05 19:20:12 | 000,000,000 | ---D | M] -- C:\Users\Gnuj\AppData\Roaming\JDownloaderDownloadManagerPackages
[2013.04.19 16:22:29 | 000,000,000 | ---D | M] -- C:\Users\Gnuj\AppData\Roaming\jpg-Illuminator
[2012.01.14 11:46:05 | 000,000,000 | ---D | M] -- C:\Users\Gnuj\AppData\Roaming\klickTel
[2013.09.29 10:12:03 | 000,000,000 | ---D | M] -- C:\Users\Gnuj\AppData\Roaming\MAGIX
[2012.03.29 10:34:17 | 000,000,000 | ---D | M] -- C:\Users\Gnuj\AppData\Roaming\Nuance
[2013.09.21 00:41:55 | 000,000,000 | ---D | M] -- C:\Users\Gnuj\AppData\Roaming\OpenCandy
[2012.01.03 18:02:39 | 000,000,000 | ---D | M] -- C:\Users\Gnuj\AppData\Roaming\Opera
[2013.09.30 09:28:45 | 000,000,000 | ---D | M] -- C:\Users\Gnuj\AppData\Roaming\PersBackup5
[2013.10.13 07:54:47 | 000,000,000 | ---D | M] -- C:\Users\Gnuj\AppData\Roaming\PhraseExpress
[2012.12.16 12:48:30 | 000,000,000 | ---D | M] -- C:\Users\Gnuj\AppData\Roaming\ProtectDISC
[2013.09.30 07:10:14 | 000,000,000 | ---D | M] -- C:\Users\Gnuj\AppData\Roaming\simplitec
[2013.04.03 08:09:40 | 000,000,000 | ---D | M] -- C:\Users\Gnuj\AppData\Roaming\Systweak
[2013.05.21 15:49:18 | 000,000,000 | ---D | M] -- C:\Users\Gnuj\AppData\Roaming\TeamViewer
[2012.09.24 14:41:41 | 000,000,000 | ---D | M] -- C:\Users\Gnuj\AppData\Roaming\Thunderbird
[2012.08.27 16:53:46 | 000,000,000 | ---D | M] -- C:\Users\Gnuj\AppData\Roaming\Thunderbird_Test_loeschen
[2013.03.21 23:54:58 | 000,000,000 | ---D | M] -- C:\Users\Gnuj\AppData\Roaming\TuneUp Software
[2012.03.01 11:34:50 | 000,000,000 | ---D | M] -- C:\Users\Gnuj\AppData\Roaming\Zeon
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 255 bytes -> C:\ProgramData\TEMP:0574215C
@Alternate Data Stream - 247 bytes -> C:\ProgramData\TEMP:D95ACC7D

< End of report >
--- --- ---
[/code]

Die Extras.txt lautet:

OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 11.11.2013 11:58:27 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Gnuj\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,96 Gb Total Physical Memory | 2,16 Gb Available Physical Memory | 54,51% Memory free
7,92 Gb Paging File | 5,49 Gb Available in Paging File | 69,34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 458,50 Gb Total Space | 280,69 Gb Free Space | 61,22% Space Free | Partition Type: NTFS
Drive D: | 7,17 Gb Total Space | 0,92 Gb Free Space | 12,80% Space Free | Partition Type: NTFS
Drive K: | 55,85 Gb Total Space | 7,71 Gb Free Space | 13,81% Space Free | Partition Type: NTFS
Drive L: | 55,85 Gb Total Space | 7,71 Gb Free Space | 13,81% Space Free | Partition Type: NTFS
Drive P: | 55,85 Gb Total Space | 7,71 Gb Free Space | 13,81% Space Free | Partition Type: NTFS
Drive Q: | 55,85 Gb Total Space | 7,71 Gb Free Space | 13,81% Space Free | Partition Type: NTFS
 
Computer Name: PC01 | User Name: Gnuj | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
 
[HKEY_USERS\S-1-5-21-3819896947-3942532061-1754202372-1137\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Vetad\PROGRAMM\Numzus\NumZus.exe" = C:\Vetad\PROGRAMM\NUMZUS\NumZus.exe:*:Enabled:NumZus.exe -- (Vetad eG)
"C:\Vetad\SYSTEM\DvpExe.exe" = C:\Vetad\SYSTEM\DvpExe.exe:*:Enabled:DvpExe.exe -- (Vetad eG)
"C:\Vetad\SYSTEM\DcomSrv.exe" = C:\Vetad\SYSTEM\DcomSrv.exe:*:Enabled:DcomSrv.exe -- (Vetad eG)
"C:\Vetad\PROGRAMM\RWApplic\Vetad.Irw.Managed.ServiceProvider.exe" = C:\Vetad\PROGRAMM\RWAPPLIC\Vetad.Irw.Managed.ServiceProvider.exe:*:Enabled:Vetad IRW ServiceProvider -- (Vetad eG)
"C:\Vetad\PROGRAMM\Mandant\Mandant.exe" = C:\Vetad\PROGRAMM\MANDANT\Mandant.exe:*:Enabled:Mandant.exe -- (Vetad eG)
"C:\Vetad\PROGRAMM\Numzus\NumZus.exe" = C:\Vetad\PROGRAMM\NUMZUS\NumZus.exe:*:Enabled:NumZus.exe -- (Vetad eG)
"C:\Vetad\SYSTEM\DvpExe.exe" = C:\Vetad\SYSTEM\DvpExe.exe:*:Enabled:DvpExe.exe -- (Vetad eG)
"C:\Vetad\SYSTEM\DcomSrv.exe" = C:\Vetad\SYSTEM\DcomSrv.exe:*:Enabled:DcomSrv.exe -- (Vetad eG)
"C:\Vetad\PROGRAMM\RWApplic\Vetad.Irw.Managed.ServiceProvider.exe" = C:\Vetad\PROGRAMM\RWAPPLIC\Vetad.Irw.Managed.ServiceProvider.exe:*:Enabled:Vetad IRW ServiceProvider -- (Vetad eG)
"C:\Vetad\PROGRAMM\Mandant\Mandant.exe" = C:\Vetad\PROGRAMM\MANDANT\Mandant.exe:*:Enabled:Mandant.exe -- (Vetad eG)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Vetad\PROGRAMM\Numzus\NumZus.exe" = C:\Vetad\PROGRAMM\NUMZUS\NumZus.exe:*:Enabled:NumZus.exe -- (Vetad eG)
"C:\Vetad\SYSTEM\DvpExe.exe" = C:\Vetad\SYSTEM\DvpExe.exe:*:Enabled:DvpExe.exe -- (Vetad eG)
"C:\Vetad\SYSTEM\DcomSrv.exe" = C:\Vetad\SYSTEM\DcomSrv.exe:*:Enabled:DcomSrv.exe -- (Vetad eG)
"C:\Vetad\PROGRAMM\RWApplic\Vetad.Irw.Managed.ServiceProvider.exe" = C:\Vetad\PROGRAMM\RWAPPLIC\Vetad.Irw.Managed.ServiceProvider.exe:*:Enabled:Vetad IRW ServiceProvider -- (Vetad eG)
"C:\Vetad\PROGRAMM\Mandant\Mandant.exe" = C:\Vetad\PROGRAMM\MANDANT\Mandant.exe:*:Enabled:Mandant.exe -- (Vetad eG)
"C:\Vetad\PROGRAMM\Numzus\NumZus.exe" = C:\Vetad\PROGRAMM\NUMZUS\NumZus.exe:*:Enabled:NumZus.exe -- (Vetad eG)
"C:\Vetad\SYSTEM\DvpExe.exe" = C:\Vetad\SYSTEM\DvpExe.exe:*:Enabled:DvpExe.exe -- (Vetad eG)
"C:\Vetad\SYSTEM\DcomSrv.exe" = C:\Vetad\SYSTEM\DcomSrv.exe:*:Enabled:DcomSrv.exe -- (Vetad eG)
"C:\Vetad\PROGRAMM\RWApplic\Vetad.Irw.Managed.ServiceProvider.exe" = C:\Vetad\PROGRAMM\RWAPPLIC\Vetad.Irw.Managed.ServiceProvider.exe:*:Enabled:Vetad IRW ServiceProvider -- (Vetad eG)
"C:\Vetad\PROGRAMM\Mandant\Mandant.exe" = C:\Vetad\PROGRAMM\MANDANT\Mandant.exe:*:Enabled:Mandant.exe -- (Vetad eG)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10C4A4DC-DC10-4D70-8DEE-4B5D2B3B2248}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{2385222C-BFB6-465B-BCF4-9C90A174FB77}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8ED5ED28-E9CA-48AF-9CE8-DC98A0EC921F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{937163CE-ACE4-42F6-806C-6559F8AEAF6F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A6B95237-364D-4D92-83C8-9428C055572A}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{A990BFEE-E16C-4CCB-9DAD-8F49E8CE8252}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{D5D2FE1F-7D32-4E8D-8EB1-0246E90EECC4}" = lport=1947 | protocol=17 | dir=in | name=hasp srm  |
"{E912A675-D7AD-4B1F-B6C9-B589B1646E1C}" = lport=1947 | protocol=6 | dir=in | name=hasp srm  |
"{EF9CDC5C-1F9F-4F3E-963C-7E7AAC7FF6B9}" = lport=58432 | protocol=6 | dir=in | app=c:\Vetad\programm\sws\limaservice.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A774F85-049F-4009-A669-51F6513D0F2D}" = dir=in | app=c:\program files (x86)\phraseexpress\phraseexpress.exe |
"{0C29C4AF-2379-476E-A769-29B22F27DAAB}" = protocol=6 | dir=in | app=c:\Vetad\programm\b0000195\addman\Vetadaddman.exe |
"{138A363D-C706-436A-8D20-19CFBB07B55B}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\acronis\syncagent\syncagentsrv.exe |
"{145BE8C9-20FA-48F5-AD71-EEBB06E97CC7}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{163EDC05-D6CE-414F-AB80-95473ADA63F2}" = protocol=6 | dir=in | app=c:\Vetad\system\ccsrv3.exe |
"{22546E69-EA1A-4762-BD0E-059D53A08911}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\acronis\syncagent\syncagentsrv.exe |
"{37853316-8405-4D28-A25C-8D478CC96B46}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{3D9B21EB-2E06-49F0-A639-800B73DB3A2D}" = protocol=6 | dir=in | app=c:\Vetad\programm\b0000000\dfuemngr\dfueman.exe |
"{433CAD54-798E-4C3F-8C54-5BCD39463810}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{46D73661-4D30-44F4-930A-88A8764A96FC}" = protocol=6 | dir=in | app=c:\Vetad\programm\dfueisdn\sslclt\sslclt.exe |
"{54B3D0B4-C729-4A8D-ADE4-8258FAD9CAD6}" = protocol=6 | dir=in | app=c:\Vetad\programm\rwapplic\Vetad.irw.managed.serviceprovider.exe |
"{6EEB5B22-08BC-4F2F-A5E6-879AD0683BFD}" = protocol=6 | dir=in | app=c:\Vetad\programm\b0000398\sipahost.exe |
"{74442853-BAD6-4C65-A083-DDAEBF40FC4D}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{74BB54F9-E6EC-4B4D-BD36-8F58C1A28DCC}" = protocol=6 | dir=in | app=c:\Vetad\programm\dfuews\mntbna\mntbna.exe |
"{82B24634-B99E-479D-A000-F6F96F508B46}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{876656E4-3BC6-48BE-9C98-1FADCB81C76F}" = protocol=6 | dir=in | app=c:\Vetad\programm\b0000391\Vetad.security.dokumentenschutz.exe |
"{8A6B822F-7368-4AC2-9043-3769A8BF205F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{8E0BDC2A-E338-4FEB-809A-F44B0AF3FDA1}" = protocol=6 | dir=in | app=c:\Vetad\programm\b0000000\dfuemngr\dcmanag.exe |
"{93E338CA-D75E-4AF6-B309-593E5424E936}" = protocol=6 | dir=in | app=c:\program files (x86)\g data\AVK\AVK.exe |
"{9D414D0B-2D9D-4EE1-B2A7-6CEBE76D75A8}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{9F2CB48E-0684-4A11-9852-3663B50426E1}" = protocol=6 | dir=in | app=c:\Vetad\programm\rzkomm\dfuesammlerdienst.exe |
"{A8D70594-FDB4-48DE-9586-E9350957BBA6}" = dir=in | app=c:\windows\system32\hasplms.exe |
"{B6CBC4A3-032E-4C4B-8498-85B7F21DC81C}" = dir=in | app=c:\program files (x86)\phraseexpress\phraseexpress.exe |
"{C75E63FC-04B6-45D0-8E0B-DE595BCC3D27}" = dir=in | app=c:\users\Gnuj\appdata\local\microsoft\skydrive\skydrive.exe |
"{C798D0FB-6FA7-4529-A78A-B469681EEBA5}" = dir=in | app=c:\program files (x86)\phraseexpress\phraseexpress.exe |
"{CEE6D5F1-4F6B-4D1B-BDB6-00F7A065FB3E}" = protocol=6 | dir=in | app=c:\Vetad\programm\rzkomm\funkt_fv.exe |
"{D962534B-16F6-4F17-AC8F-208D61DE2299}" = dir=in | app=c:\windows\system32\hasplms.exe |
"{E046DFB2-F083-473B-AD57-ED7E637112EF}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{E1872177-5C4C-48B7-9B52-81AF886E767E}" = protocol=6 | dir=in | app=c:\Vetad\programm\k0005000\arbeitsplatz.exe |
"{E1FAD1C2-0C51-49B8-B68F-6FE3F6C751EB}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{E8F9144E-2C44-47F0-A8D2-01945C002780}" = protocol=17 | dir=in | app=c:\program files (x86)\g data\AVK\AVK.exe |
"{EBA9312D-1198-4AE2-B475-5854A8A613E9}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{EF66A39B-C95C-42F1-8572-76719324EEA1}" = dir=in | app=c:\program files (x86)\phraseexpress\phraseexpress.exe |
"{F71AB79D-F997-4A28-8197-BEA2299ECC96}" = dir=in | app=c:\program files (x86)\phraseexpress\phraseexpress.exe |
"TCP Query User{2CD8E70E-6CBD-4C25-BFDF-F8A0E140B050}C:\users\Gnuj\appdata\local\data becker\web to date 6.0\apache\apache.exe" = protocol=6 | dir=in | app=c:\users\Gnuj\appdata\local\data becker\web to date 6.0\apache\apache.exe |
"TCP Query User{2DE4F6D0-E676-4B10-A585-357516B63CC3}C:\program files (x86)\g data\AVK\AVK.exe" = protocol=6 | dir=in | app=c:\program files (x86)\g data\AVK\AVK.exe |
"TCP Query User{46041A11-F91C-4003-89EF-FF3321388378}C:\program files (x86)\acronis\trueimagehome\trueimage.exe" = protocol=6 | dir=in | app=c:\program files (x86)\acronis\trueimagehome\trueimage.exe |
"TCP Query User{58BEF8A0-A005-4777-BC57-295BB38CCD85}C:\Vetad\programm\dfueisdn\sslclt\sslclt.exe" = protocol=6 | dir=in | app=c:\Vetad\programm\dfueisdn\sslclt\sslclt.exe |
"TCP Query User{D1629DD7-28E6-4EF7-821B-F603739249C3}C:\program files (x86)\g data\AVK\AVK.exe" = protocol=6 | dir=in | app=c:\program files (x86)\g data\AVK\AVK.exe |
"TCP Query User{F8BAC537-545E-49AA-A628-0E017D445F69}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{1DA03D52-7559-4F7C-B2CB-A263D5BBFBA5}C:\program files (x86)\g data\AVK\AVK.exe" = protocol=17 | dir=in | app=c:\program files (x86)\g data\AVK\AVK.exe |
"UDP Query User{1E6B0306-CFC4-4A6F-B774-E1BB6C677DB0}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{44B8ED4F-BB55-4CCE-83A0-E9516688A66C}C:\Vetad\programm\dfueisdn\sslclt\sslclt.exe" = protocol=17 | dir=in | app=c:\Vetad\programm\dfueisdn\sslclt\sslclt.exe |
"UDP Query User{C059E750-6156-4010-84C0-5CFBF97EDB94}C:\program files (x86)\acronis\trueimagehome\trueimage.exe" = protocol=17 | dir=in | app=c:\program files (x86)\acronis\trueimagehome\trueimage.exe |
"UDP Query User{CD30E9B5-C078-4449-8780-D294E4866F95}C:\program files (x86)\g data\AVK\AVK.exe" = protocol=17 | dir=in | app=c:\program files (x86)\g data\AVK\AVK.exe |
"UDP Query User{D1D5FBEC-B73C-4D8B-B5AA-7468E14D716E}C:\users\Gnuj\appdata\local\data becker\web to date 6.0\apache\apache.exe" = protocol=17 | dir=in | app=c:\users\Gnuj\appdata\local\data becker\web to date 6.0\apache\apache.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{054EF02F-95D8-48F4-9EEB-2F9CE3072ED8}" = AuthenTec TrueAPI
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{13815D81-44B6-7ADA-2A41-FFFC64DD6FAB}" = ccc-utility64
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{2FD0FA0A-7A21-4C4A-B268-1142B54E035E}" = Windows Live Family Safety
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{36B72E6E-E433-45FC-A929-C416FF63415A}" = Microsoft SQL Server 2005-Abwärtskompatibilität
"{3987279A-3504-2916-D063-741B910F0747}" = AMD Accelerated Video Transcoding
"{4D533F05-A3F6-F8A9-F1F6-FA6812089D36}" = AMD Drag and Drop Transcoding
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5EEC477F-8E9B-4420-8829-16E7426227DB}" = Windows Live MIME IFilter
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{73FE2F35-D23F-4AAD-8187-5BE58547DE9B}" = MAGIX Foto & Grafik Designer 9
"{7C39E0D1-E138-42B1-B083-213EC2CF7692}" = Microsoft SQL Server Native Client
"{7C5CAFD6-F51C-0011-410B-001EF3E342A7}" = AMD Media Foundation Decoders
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C9B6B1F-0A8E-402A-A60C-110BBB38D67E}" = Intel(R) Network Connections 15.7.176.0
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{90CB2C55-426D-0752-968D-9B0F1110202A}" = AMD Catalyst Install Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B625EA74-59BE-4F69-9400-357F453368FD}" = Nuance PDF Converter Professional 7
"{BFBF33B5-AEFE-454B-A189-DF5013028535}" = SQLXML4
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"FBDBServer_2_1_x64_is1" = Firebird 2.1.5.18496 (x64)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"PROSetDX" = Intel(R) Network Connections 15.7.176.0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03046EBB-CB7C-4B98-BEFB-690EB955DA22}" = HP Setup
"{03D562B5-C4E2-4846-A920-33178788BE00}" = Windows Live Communications Platform
"{063368C4-1F03-46C7-92A8-9066AF67B372}" = SPR532 SmartCard Reader V1.87
"{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0881ECE5-DCA1-462D-B515-F1732875EC74}" = Vetad Infragistics Runtime V.3.2
"{0A590981-75A9-B968-4A29-718E5A8E1416}" = CCC Help Dutch
"{0E6B8EA7-4FDF-F730-8F28-05720874BE71}" = CCC Help Chinese Traditional
"{0F929651-F516-4956-90F2-FFBD2CD5D30E}" = Photo Gallery
"{0FD66C6F-4023-4C74-AF8E-9B8B2053868E}" = Fotogalerie
"{0FF9CC94-EF23-401E-BDBD-37403D1A2B38}" = Windows Live SOXE Definitions
"{1003E625-BE5B-390B-7B60-D483D0B75A26}" = CCC Help Russian
"{124c474e-4f08-4c38-893a-7e77721f197c}" = Haufe Steuer Office
"{140653F5-8175-4783-AD5C-4E29C5F346EA}" = Haufe Steuer Office
"{1690611F-D4EA-A00D-DAAD-91D216869679}" = CCC Help Polish
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1EFB835F-DD75-48EC-BB3D-1A71CF604457}" = Windows Live Writer
"{22C58DA3-FA02-4DD3-8C5B-23570411E95B}" = Windows Live Writer Resources
"{23B93929-FAD4-40E5-96C6-0E977BB87204}" = Windows Live Essentials
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 45
"{26EED5E6-EC40-35A9-602A-C3CF03A9C1E6}" = CCC Help Portuguese
"{2C33E65D-9187-8F2E-40D8-BD9E24E341FB}" = CCC Help Italian
"{36B6FF8B-38E3-E64C-F840-75F6AAEBE3EA}" = Catalyst Control Center Graphics Previews Common
"{38F6C932-2274-4897-479D-03AA6BA5B567}" = CCC Help Turkish
"{3AB00888-CA03-0BFD-3F3C-C877767192B0}" = CCC Help Swedish
"{3ACA2563-E786-BDD4-C87B-09909BB3F61C}" = CCC Help Thai
"{3BC2C64B-0DA0-974B-6311-AED4F3711DCE}" = CCC Help Danish
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{45898170-E68C-4F02-AA35-C2186BF347A3}" = Movie Maker
"{46BADE08-F9BE-4365-8B91-11FDCE73FF9D}" = Windows Live Family Safety
"{49DC9658-D26A-4AAB-A83A-2655B8033056}" = Photo Common
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{505AFDC0-5E72-4928-8368-5DEA385E3647}" = CorelDRAW Graphics Suite 12
"{5A0EE0F0-E909-4F3B-B437-AAD9252427CB}" = Windows Live Installer
"{5BAC4DE5-4062-EE34-3337-5F92FE5D5032}" = CCC Help Spanish
"{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD
"{5FCFEBE0-EBDA-42A5-BC6E-67B94A47D6F0}" = kobdfu x64x86 driver installation
"{6007A8A9-231B-44B9-961F-639428E6C3B8}" = DFL2010 Microkernel
"{6066D3FE-3692-4449-A3C8-D1EAA2C0E9E7}" = Movie Maker
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B6923B9-8719-425B-916C-CD2908F31AAF}" = Windows Live SOXE
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{735DEB9C-61BD-4D31-994B-92395BBB4E45}" = Microsoft XML Parser
"{7ADCABE0-E651-6EA5-5128-26E203DAA5E1}" = CCC Help Korean
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F26BC94-9AAA-4FD2-A38A-F13B3ECA3426}" = Crystal Reports Runtime XI
"{83d09e25-22a6-4477-861e-ba8fb7503674}" = Haufe Personal Office Standard
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8815F011-43AF-4F50-BBD8-D78ED3D6F5B9}" = VR-NetWorld
"{8A261769-9640-4DB4-B877-3E00C61967F3}_is1" = SAD onlineTV 5
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8F80DAA3-8A1D-09E9-57E6-DB0223CF2CE4}" = CCC Help French
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2010 Primary Interop Assemblies
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9211CCBB-BEFE-4A0C-9199-D7A535DBFE5F}" = Brother MFL-Pro Suite MFC-8860DN
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A5509EE-5579-46C1-B566-5065545547F9}" = Media Add-ons für Acronis True Image Home 2012
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C411EF9-6EBA-46E3-8132-EDADF1CC0B16}" = SCR3xxx Smart Card Reader
"{9FECD1F1-4B1E-499D-BAF4-B9BDE655554D}" = HP SimplePass PE 2011
"{A8D93648-9F7F-407D-915C-62044644C3DA}" = MSI to redistribute MS VS2005 CRT libraries
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAA94EAA-40A4-458C-9D86-D1DA765B51D5}" = Windows Live Writer
"{AC172E9C-D9E6-4853-BEDB-FB6D72042F42}" = klickTel OEM Frühjahr 2010
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.05) - Deutsch
"{AD0E43FE-7BBA-4CEA-93E4-233695CD8AA2}" = Haufe iDesk-Browser
"{ADDBCF37-9534-42EE-A874-4BF1199AF4CE}" = Haufe Personal Office Standard
"{AFC71277-DE19-6505-8CBC-71D29163F44A}" = CCC Help German
"{B286BAC3-CBE6-4854-BF68-EB72A34CEA56}" = Windows Live Messenger
"{B2B7B1C8-7C8B-476C-BE2C-049731C55992}" = HP Support Information
"{B2F21D11-631B-33C2-8E1A-73EA57FDFE33}" = Microsoft ReportViewer 2010 Redistributable - Language Pack - deu
"{B305A97D-E41F-4CA5-889D-E312F8D167D8}" = DFL2010 ConfigDB
"{B3406262-5701-E9CC-D6B3-BA38C34125A9}" = CCC Help English
"{B8719A77-EAE1-47CC-81C9-C6E4AE9470D9}" = WebUpdate - Steuererklärungen
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{BBC2068D-CE9C-48F5-A6EA-4B44B9DB14A5}" = Catalyst Control Center - Branding
"{BD136CE7-6666-4273-A056-8D92F8625AAB}" = Sun ODF Plugin for Microsoft Office 3.2
"{BF1E337F-72E3-4F1A-8017-DFBE83365A15}" = Haufe Formular-Manager
"{C01A86F5-56E7-101F-9BC9-E3F1025EB779}" = Intel(R) Identity Protection Technology 1.1.2.0
"{C185AB5E-55CF-471D-8131-DAE00C13B326}" = WebUpdate - Einkommensteuer
"{C5B6078F-5D37-A122-2E6E-EDC623E8C787}" = CCC Help Czech
"{C5CBEBFF-3DB4-4271-A706-757BBE3BD5AE}" = KOBIL CCID driver x64x86
"{C6B0EE9E-2128-4448-B7AE-5E2B46E0F0E7}" = Windows Live Photo Common
"{C7068E1F-22C6-9408-7B24-584F32F66D70}" = CCC Help Finnish
"{C87B855D-DD8F-E419-C640-34936E813EA9}" = CCC Help Greek
"{CAD7F8D4-49C3-4101-BE7E-F1EEBF810AC2}" = Skov - Bts Edition
"{CC2BAF9A-926F-791D-772C-F582CD8A47B0}" = Catalyst Control Center InstallProxy
"{CCC7C18E-1BEA-409F-B7A9-6C9740B99119}" = Windows Live UX Platform Language Pack
"{CE1CA06F-0AD8-CA2A-3A3A-872E8191C198}" = CCC Help Norwegian
"{CECECCED-B7F3-B1A3-3241-0C5D775F8E70}" = CCC Help Chinese Standard
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D29B0575-C3DE-4746-A893-4FDF0F7D68B2}" = Windows Live Mail
"{D3CEF909-78DC-9D3D-37BD-52F5324C01DA}" = CCC Help Hungarian
"{D3D88E2B-0853-4C17-8FAF-962D0A93D776}" = Agelloc Ka
"{D496F7BC-6AE5-4A3E-85E6-605BDF92AFD8}" = Acronis True Image Home 2012
"{D496F7BC-6AE5-4A3E-85E6-605BDF92AFD8}Visible" = Acronis True Image Home 2012
"{D604900F-A275-416C-AF9D-CDEDF58B72DB}" = Windows Live Mail
"{D8230418-C44B-4AF8-A53C-05E8EE10D9CE}" = Haufe iDesk-Service
"{DD4CEACE-8B19-4B1C-AE82-DE0FC5787D4C}" = Iminent
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3445598-4424-4EE2-B71C-C23325F7FB71}" = Windows Live PIMT Platform
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E5135084-32A5-497A-B4CD-80A502C40A90}" = Plus Pack für Acronis True Image Home 2012
"{E71AFF36-199E-4013-0001-8DB5FD1561EC}" = audio converter 2.0
"{E7A679C2-2A9C-4008-9CF9-178A6C13D923}" = Dialogseminar online V.3.02
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{EAA9023E-4091-4285-8BD5-F84D8E83469A}" = Skov OS Upgrade
"{EBFC96E5-4409-426E-88B7-650ADB342E78}" = MSI to redistribute MS VS2005 CRT libraries
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{EFBCA571-617D-484A-9ECA-E301BB6D0750}" = Windows Live Writer
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F0E58739-2B4C-498F-9B0D-FF0F2FD52B61}" = Windows Live UX Platform
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1EA61A2-B88F-44AD-3143-419ECB6C7E9A}" = CCC Help Japanese
"{F6567C5A-C3EA-2E05-E89E-C8C52E33150D}" = Catalyst Control Center
"{F6F30C28-38AA-4DBA-AE0B-7E30238E61BB}" = Junk Mail filter update
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F8AEA743-A9CB-453C-9B3C-53D7F1D0CC22}" = B1315AppGuid
"{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1" = StreamTransport version: 1.0.2.2171
"{FB3FA4C6-98A3-41C0-8713-6BADBBCB4FBC}" = ADAC Gebrauchtwagen 2010-2011
"{FC5F20C5-C44E-40DE-927C-4C7D7994912F}" = Windows Live Messenger
"{FE54AF33-9364-7053-670F-A15AD658214C}" = Catalyst Control Center Localization All
"{FF50CC0F-0759-418A-0001-8C8AF87A60AC}" = Notifier
"3D Traumhaus Designer 7 Pro_is1" = DATA BECKER 3D Traumhaus Designer 7 Pro
"5513-1208-7298-9440" = JDownloader 0.9
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Any Video Converter_is1" = Any Video Converter 5.0.9
"Ashampoo Snap 3_is1" = Ashampoo Snap 3.50
"Biet-O-Matic v2.14.8" = Biet-O-Matic v2.14.8
"Agelloc-Ka_is1" = Agelloc Ka
"VetadB00000482.0" = Vetad Installation V.3.1
"ElsterFormular 12.4.1.7699k" = ElsterFormular
"FreeCommander_is1" = FreeCommander 2009.02b
"Google Chrome" = Google Chrome
"Mozilla Firefox 25.0 (x86 de)" = Mozilla Firefox 25.0 (x86 de)
"Mozilla Thunderbird 17.0 (x86 de)" = Mozilla Thunderbird 17.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MX.{73FE2F35-D23F-4AAD-8187-5BE58547DE9B}" = MAGIX Foto & Grafik Designer 9
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Opera 12.16.1860" = Opera 12.16
"Organizer V99.1" = Lotus Organizer 6.0
"PhraseExpress_is1" = PhraseExpress v9.1.47
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"test und FINANZtest Archiv CD-Rom 2010" = test und FINANZtest Archiv CD-Rom 2010
"test und FINANZtest Archiv CD-Rom 2011" = test und FINANZtest Archiv CD-Rom 2011
"test und FINANZtest Archiv CD-Rom 2012" = test und FINANZtest Archiv CD-Rom 2012
"tksuite_tksuite_client" = AGFEO TK-Suite Client
"VIP Access SDK" = VIP Access SDK (1.0.1.4)
"web to date 6.0_is1" = DATA BECKER web to date 6.0
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3819896947-3942532061-1754202372-1137\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"pr&uuml;fungs-Kartei" = Prüfungs-Kartei
"JDownloader Download Manager Packages" = JDownloader Download Manager Packages
"jZip" = jZip
"SkyDriveSetup.exe" = Microsoft SkyDrive
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 04.12.2012 11:22:34 | Computer Name = PC01.Ka.local | Source = DFÜ-Manager | ID = 2
Description = Das DFÜ-System ist inkonsistent.
 
Error - 04.12.2012 11:22:44 | Computer Name = PC01.Ka.local | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc3c1  Name des fehlerhaften Moduls: wmisvc.dll, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5be102  Ausnahmecode: 0xc0000006  Fehleroffset: 0x0000000000014360
ID
 des fehlerhaften Prozesses: 0x4c8  Startzeit der fehlerhaften Anwendung: 0x01cdd22c8f45c3fc
Pfad
 der fehlerhaften Anwendung: C:\Windows\system32\svchost.exe  Pfad des fehlerhaften
 Moduls: c:\windows\system32\wbem\wmisvc.dll  Berichtskennung: 733b9f47-3e26-11e2-a4c9-2c4138ac8f87
 
Error - 04.12.2012 11:22:44 | Computer Name = PC01.Ka.local | Source = Application Error | ID = 1005
Description = Aus einem der folgenden Gründe kann nicht auf die Datei "C:\Windows\System32\wbem\WMIsvc.dll"
 zugegriffen werden:  Es besteht ein Problem mit der Verbindung, dem Datenträger
 mit der gespeicherten Datei bzw. den auf dem Computer installierten  Speichertreibern,
 oder der Datenträger fehlt.  Das Programm Hostprozess für Windows-Dienste wurde wegen
 dieses Fehlers geschlossen.    Programm: Hostprozess für Windows-Dienste  Datei: C:\Windows\System32\wbem\WMIsvc.dll

Der
 Fehlerwert ist im Abschnitt "Zusätzliche Dateien" aufgelistet.  Benutzeraktion  1.
Öffnen Sie die Datei erneut.  Diese Situation ist eventuell ein temporäres Problem,
 das selbstständig behoben wird, wenn das Programm erneut ausgeführt wird.  2.  Wenn
 Sie weiterhin nicht auf die Datei zugreifen können und  - diese sich im Lokal
befindet,  dann sollte der Lokaladministrator überprüfen, dass kein Lokalproblem
 besteht und dass eine Verbindung mit dem Server hergestellt werden kann.  - diese
 sich auf einem Wechseldatenträger, wie z. B. einer Diskette oder einer CD, befindet,
 überprüfen Sie, ob der Datenträger richtig in den Computer eingelegt ist.  3. Überprüfen
 und reparieren Sie das Dateisystem, indem Sie CHKDSK ausführen. Klicken Sie dazu
 im Menü "Start" auf "Ausführen", geben Sie CMD ein, und klicken Sie auf "OK". Geben
 Sie an der Eingabeaufforderung CHKDSK /F ein, und drücken Sie die EINGABETASTE.
4.
 Stellen Sie die Datei von einer Sicherungskopie wieder her, wenn das Problem weiterhin
 besteht.  5. Überprüfen Sie, ob andere Dateien auf demselben Datenträger geöffnet
 werden können. Falls dies nicht möglich ist, ist der Datenträger eventuell beschädigt.
  Wenden Sie sich an den Administrator oder den Hersteller der Computerhardware,
um weitere Unterstützung zu erhalten, wenn es sich um eine Festplatte handelt.    Zusätzliche
 Daten  Fehlerwert: E000000F  Datenträgertyp: 3
 
Error - 04.12.2012 11:30:46 | Computer Name = PC01.Ka.local | Source = AVKWCtl | ID = 0
Description = Thread konnte nicht gestartet werden
 
Error - 04.12.2012 11:36:28 | Computer Name = PC01.Ka.local | Source = AVKWCtl | ID = 0
Description = Thread konnte nicht gestartet werden
 
Error - 04.12.2012 11:41:58 | Computer Name = PC01.Ka.local | Source = AVKWCtl | ID = 0
Description = Thread konnte nicht gestartet werden
 
Error - 04.12.2012 13:31:08 | Computer Name = PC01.Ka.local | Source = Brother BrLog | ID = 1001
Description = TWN BrtTWN: [2012/12/04 18:31:08.250]: [00005728]:  Read S-Key information
 failed! 
 
Error - 04.12.2012 13:37:02 | Computer Name = PC01.Ka.local | Source = Brother BrLog | ID = 1001
Description = TWN BrtTWN: [2012/12/04 18:37:02.601]: [00005728]:  Read S-Key information
 failed! 
 
Error - 04.12.2012 18:37:10 | Computer Name = PC01.Ka.local | Source = DFÜ-Manager | ID = 2
Description = Das DFÜ-System ist inkonsistent.
 
Error - 05.12.2012 03:08:27 | Computer Name = PC01.Ka.local | Source = AVKWCtl | ID = 0
Description = Thread konnte nicht gestartet werden
 
[ Hewlett-Packard Events ]
Error - 20.11.2012 17:13:22 | Computer Name = PC01.Ka.local | Source = HPSF.exe | ID = 4000
Description =
 
Error - 20.11.2012 17:14:12 | Computer Name = PC01.Ka.local | Source = HPSF.exe | ID = 4000
Description =
 
Error - 20.11.2012 17:15:02 | Computer Name = PC01.Ka.local | Source = HPSF.exe | ID = 4000
Description =
 
Error - 20.11.2012 17:15:52 | Computer Name = PC01.Ka.local | Source = HPSF.exe | ID = 4000
Description =
 
Error - 20.11.2012 17:17:17 | Computer Name = PC01.Ka.local | Source = HPSF.exe | ID = 4000
Description =
 
Error - 20.11.2012 17:17:32 | Computer Name = PC01.Ka.local | Source = HPSF.exe | ID = 4000
Description =
 
Error - 20.11.2012 17:18:22 | Computer Name = PC01.Ka.local | Source = HPSF.exe | ID = 4000
Description =
 
Error - 20.11.2012 17:18:34 | Computer Name = PC01.Ka.local | Source = HPSF.exe | ID = 4000
Description =
 
Error - 22.11.2012 20:10:15 | Computer Name = PC01.Ka.local | Source = HPSF.exe | ID = 4000
Description =
 
Error - 12.03.2013 16:45:42 | Computer Name = PC01.Ka.local | Source = HPSF.exe | ID = 4000
Description =
 
[ System Events ]
Error - 28.10.2013 13:30:41 | Computer Name = PC01.Ka.local | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 01.11.2013 03:23:28 | Computer Name = PC01.Ka.local | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description = Überprüfung des verschlüsselten Volumes: Die Volumeinformationen auf
 "" können nicht gelesen werden.
 
Error - 02.11.2013 05:27:34 | Computer Name = PC01.Ka.local | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Vetad DFL-Service-Manager" wurde nicht richtig gestartet.
 
Error - 05.11.2013 09:28:31 | Computer Name = PC01.Ka.local | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 05.11.2013 09:28:31 | Computer Name = PC01.Ka.local | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 05.11.2013 09:28:32 | Computer Name = PC01.Ka.local | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 06.11.2013 19:32:36 | Computer Name = PC01.Ka.local | Source = DCOM | ID = 10010
Description =
 
Error - 07.11.2013 06:23:59 | Computer Name = PC01.Ka.local | Source = NETLOGON | ID = 5719
Description = Der Computer konnte eine sichere Sitzung mit einem  Domänencontroller
 in der Domäne Ka aufgrund der folgenden  Ursache nicht einrichten:  %%1311    Dies
 kann zu Authentifizierungsproblemen führen. Stellen  Sie sicher, dass der Computer
 mit dem Lokal verbunden ist.  Wenden Sie sich an den Domänenadministrator, wenn
 das Problem  weiterhin besteht.        ZUSÄTZLICHE INFORMATIONEN    Wenn dieser Computer ein
Domänencontroller der bestimmten  Domäne ist, wird eine sichere Sitzung zum primären
Domänencontrolleremulator
 in der bestimmten Domäne eingerichtet.  Andernfalls richtet dieser Computer eine
sichere Sitzung zu  einem beliebigen Domänencontroller in der bestimmten Domäne ein.
 
Error - 09.11.2013 06:09:14 | Computer Name = PC01.Ka.local | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description = Überprüfung des verschlüsselten Volumes: Die Volumeinformationen auf
 "" können nicht gelesen werden.
 
Error - 11.11.2013 04:14:00 | Computer Name = PC01.Ka.local | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description = Überprüfung des verschlüsselten Volumes: Die Volumeinformationen auf
 "" können nicht gelesen werden.
 
 
< End of report >
--- --- ---
[/code]

Gruß von Löwe

schrauber 12.11.2013 09:44
hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Löwe1 12.11.2013 23:51
hi,
hier das Ergebnis von ComboFix:
[code]
Combofix Logfile:
Code:
ComboFix 13-11-12.01 - Gnuj 12.11.2013  23:15:07.4.4 - x64
Microsoft Windows 7 Professional  6.1.7601.1.1252.49.1031.18.4054.2310 [GMT 1:00]
ausgeführt von:: c:\users\Gnuj\Desktop\ComboFix.exe
AV: G Data AntiVirus *Disabled/Updated* {39B780B4-63C2-05B0-3B40-8F7A21E4F496}
SP: G Data AntiVirus *Disabled/Updated* {82D66150-45F8-0A3E-01F0-B4085A63BE2B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\AGFEO\Tk-Suite\tools\ctimon.exe
c:\windows\SysWow64\FlashPlayerApp.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-10-12 bis 2013-11-12  ))))))))))))))))))))))))))))))
.
.
2013-11-12 22:27 . 2013-11-12 22:27        --------        d-----w-        c:\users\Public\AppData\Local\temp
2013-11-12 22:27 . 2013-11-12 22:27        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-11-12 22:27 . 2013-11-12 22:27        --------        d-----w-        c:\users\Administrator\AppData\Local\temp
2013-11-12 22:27 . 2013-11-12 22:27        --------        d-----w-        c:\users\Admin\AppData\Local\temp
2013-11-10 23:42 . 2013-11-10 23:42        --------        d-----w-        C:\FRST
2013-10-22 16:10 . 2013-10-22 16:10        --------        d-----w-        c:\programdata\Oracle
2013-10-22 16:10 . 2013-10-22 16:10        --------        d-----w-        c:\program files (x86)\Common Files\Java
2013-10-22 16:10 . 2013-10-08 05:50        96168        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-10 23:07 . 2012-01-02 14:39        80541720        ----a-w-        c:\windows\system32\MRT.exe
2013-10-10 09:18 . 2012-11-14 12:59        71048        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-29 09:11 . 2007-04-27 08:43        120200        ----a-w-        c:\windows\SysWow64\DLLDEV32i.dll
2013-09-22 23:28 . 2013-10-10 23:15        1767936        ----a-w-        c:\windows\SysWow64\wininet.dll
2013-09-22 23:27 . 2013-10-10 23:15        2876928        ----a-w-        c:\windows\SysWow64\jscript9.dll
2013-09-22 23:27 . 2013-10-10 23:15        61440        ----a-w-        c:\windows\SysWow64\iesetup.dll
2013-09-22 23:27 . 2013-10-10 23:15        109056        ----a-w-        c:\windows\SysWow64\iesysprep.dll
2013-09-22 22:55 . 2013-10-10 23:15        51712        ----a-w-        c:\windows\system32\ie4uinit.exe
2013-09-22 22:55 . 2013-10-10 23:15        2241024        ----a-w-        c:\windows\system32\wininet.dll
2013-09-22 22:55 . 2013-10-10 23:15        1365504        ----a-w-        c:\windows\system32\urlmon.dll
2013-09-22 22:54 . 2013-10-10 23:15        603136        ----a-w-        c:\windows\system32\msfeeds.dll
2013-09-22 22:54 . 2013-10-10 23:15        19252224        ----a-w-        c:\windows\system32\mshtml.dll
2013-09-22 22:54 . 2013-10-10 23:15        855552        ----a-w-        c:\windows\system32\jscript.dll
2013-09-22 22:54 . 2013-10-10 23:15        3959296        ----a-w-        c:\windows\system32\jscript9.dll
2013-09-22 22:54 . 2013-10-10 23:15        53248        ----a-w-        c:\windows\system32\jsproxy.dll
2013-09-22 22:54 . 2013-10-10 23:15        526336        ----a-w-        c:\windows\system32\ieui.dll
2013-09-22 22:54 . 2013-10-10 23:15        67072        ----a-w-        c:\windows\system32\iesetup.dll
2013-09-22 22:54 . 2013-10-10 23:15        39936        ----a-w-        c:\windows\system32\iernonce.dll
2013-09-22 22:54 . 2013-10-10 23:15        2647552        ----a-w-        c:\windows\system32\iertutil.dll
2013-09-22 22:54 . 2013-10-10 23:15        136704        ----a-w-        c:\windows\system32\iesysprep.dll
2013-09-22 22:54 . 2013-10-10 23:15        15404544        ----a-w-        c:\windows\system32\ieframe.dll
2013-09-21 03:38 . 2013-10-10 23:15        2706432        ----a-w-        c:\windows\system32\mshtml.tlb
2013-09-21 03:30 . 2013-10-10 23:15        2706432        ----a-w-        c:\windows\SysWow64\mshtml.tlb
2013-09-21 02:48 . 2013-10-10 23:15        89600        ----a-w-        c:\windows\system32\RegisterIEPKEYs.exe
2013-09-21 02:39 . 2013-10-10 23:15        71680        ----a-w-        c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-09-14 01:10 . 2013-10-10 08:19        497152        ----a-w-        c:\windows\system32\drivers\afd.sys
2013-09-08 02:30 . 2013-10-10 08:19        1903552        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2013-09-08 02:27 . 2013-10-10 08:19        327168        ----a-w-        c:\windows\system32\mswsock.dll
2013-09-08 02:03 . 2013-10-10 08:19        231424        ----a-w-        c:\windows\SysWow64\mswsock.dll
2013-08-29 02:17 . 2013-10-10 08:19        5549504        ----a-w-        c:\windows\system32\ntoskrnl.exe
2013-08-29 02:16 . 2013-10-10 08:19        1732032        ----a-w-        c:\windows\system32\ntdll.dll
2013-08-29 02:16 . 2013-10-10 08:19        243712        ----a-w-        c:\windows\system32\wow64.dll
2013-08-29 02:16 . 2013-10-10 08:19        859648        ----a-w-        c:\windows\system32\tdh.dll
2013-08-29 02:13 . 2013-10-10 08:19        878080        ----a-w-        c:\windows\system32\advapi32.dll
2013-08-29 01:51 . 2013-10-10 08:19        3969472        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51 . 2013-10-10 08:19        3914176        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50 . 2013-10-10 08:19        5120        ----a-w-        c:\windows\SysWow64\wow32.dll
2013-08-29 01:50 . 2013-10-10 08:19        1292192        ----a-w-        c:\windows\SysWow64\ntdll.dll
2013-08-29 01:50 . 2013-10-10 08:19        619520        ----a-w-        c:\windows\SysWow64\tdh.dll
2013-08-29 01:48 . 2013-10-10 08:19        640512        ----a-w-        c:\windows\SysWow64\advapi32.dll
2013-08-29 01:48 . 2013-10-10 08:19        44032        ----a-w-        c:\windows\apppatch\acwow64.dll
2013-08-29 00:49 . 2013-10-10 08:19        25600        ----a-w-        c:\windows\SysWow64\setup16.exe
2013-08-29 00:49 . 2013-10-10 08:19        7680        ----a-w-        c:\windows\SysWow64\instnm.exe
2013-08-29 00:49 . 2013-10-10 08:19        14336        ----a-w-        c:\windows\SysWow64\ntvdm64.dll
2013-08-29 00:49 . 2013-10-10 08:19        2048        ----a-w-        c:\windows\SysWow64\user.exe
2013-08-28 01:21 . 2013-10-10 08:19        3155968        ----a-w-        c:\windows\system32\win32k.sys
2013-08-28 01:12 . 2013-10-10 08:18        461312        ----a-w-        c:\windows\system32\scavengeui.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-06-24 11:28        222832        ----a-w-        c:\users\Gnuj\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-06-24 11:28        222832        ----a-w-        c:\users\Gnuj\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-06-24 11:28        222832        ----a-w-        c:\users\Gnuj\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2011-01-17 112152]
"AVK Client"="c:\program files (x86)\G Data\AVK\AVK.exe" [2012-02-28 1800696]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"PDFHook"="c:\program files (x86)\Nuance\PDF Professional 7\pdfpro7hook.exe" [2010-10-16 1275168]
"PDF7 Registry Controller"="c:\program files (x86)\Nuance\PDF Professional 7\RegistryController.exe" [2010-10-16 121120]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-03-09 636032]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"Vetad Update-Monitor"="c:\Vetad\PROGRAMM\Install\DvInesASDMon.exe" [2012-12-20 288352]
"SiPaHost"="c:\Vetad\PROGRAMM\B0000398\SiPaHost.exe" [2013-01-18 551464]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\users\Gnuj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
klickTel OEM Frühjahr 2010 - Schnellstarter.lnk - c:\program files (x86)\klickTel\klickTel OEM Frühjahr 2010\KSTART32.EXE [2012-1-14 464384]
Lotus Organizer EasyClip.lnk - c:\lotus\organize\easyclip6.exe /LDE [1999-9-15 229432]
PhraseExpress Diagnose-Modus.lnk - c:\program files (x86)\PhraseExpress\phraseexpress.exe -debug [2012-8-29 14144320]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Basisschnittstelle Office Initialisierung.lnk - c:\Vetad\PROGRAMM\BSoffice\service\OfficeDiag.exe /EnsureUI [2013-5-8 42536]
CleanupPrintJobs.lnk - c:\Vetad\PROGRAMM\B0001401\CleanupPrintJobs.exe [2013-2-18 22624]
Vetad-Hinweis Mitteilungsdienst.lnk - c:\Vetad\PROGRAMM\A0000007\DHNC.exe [2009-5-27 45056]
DFÜ-Manager.lnk - c:\Vetad\PROGRAMM\B0000000\DFUEMNGR\DfueMan.exe [2012-7-27 358048]
PhraseExpress.lnk - c:\program files (x86)\PhraseExpress\phraseexpress.exe [2012-8-29 14144320]
RZ-Druckertreiber V.2.3.lnk - c:\Vetad\SYSTEM\rzpjwtch.exe [2008-6-18 36448]
SkyUserDevmode-Update.lnk - c:\Vetad\PROGRAMM\B0001401\UpdateDevmode.exe [2013-2-18 22624]
VR-NetWorld Auftragsprüfung.lnk - c:\program files (x86)\VR-NetWorld\VRToolCheckOrder.exe /autostart [2012-2-20 1136640]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
"ConsentPromptBehaviorAdmin"= 5 (0x5)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Nuance PDF Converter Professional 7-reminder"="c:\program files (x86)\Nuance\PDF Professional 7\Ereg\Ereg.exe" -r "c:\programdata\Nuance\PDF Converter Professional 7\Ereg\Ereg.ini"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"Vetad_SCardMan"=
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HRService;Haufe iDesk-Service in c:\program files (x86)\Haufe\iDesk\iDeskService\Zope;c:\program files (x86)\Haufe\iDesk\iDeskService\iDeskService.exe;c:\program files (x86)\Haufe\iDesk\iDeskService\iDeskService.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 GDBackupSvc;G Data Backup Service;c:\program files (x86)\G Data\AVK\AVKBackupService.exe;c:\program files (x86)\G Data\AVK\AVKBackupService.exe [x]
R3 IFCoEMP;IFCoEMP;c:\windows\system32\drivers\ifM52x64.sys;c:\windows\SYSNATIVE\drivers\ifM52x64.sys [x]
R3 IFCoEVB;IFCoEVB;c:\windows\system32\drivers\ifP52X64.sys;c:\windows\SYSNATIVE\drivers\ifP52X64.sys [x]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 KOBCCEX;KOBCCEX;c:\windows\system32\drivers\KOBCCEX.sys;c:\windows\SYSNATIVE\drivers\KOBCCEX.sys [x]
R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys;c:\windows\SYSNATIVE\drivers\pmxdrv.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys;c:\windows\SYSNATIVE\DRIVERS\fltsrv.sys [x]
S0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys;c:\windows\SYSNATIVE\drivers\GDBehave.sys [x]
S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys;c:\windows\SYSNATIVE\DRIVERS\vididr.sys [x]
S0 vidsflt58;Acronis Disk Storage Filter (58);c:\windows\system32\DRIVERS\vsflt58.sys;c:\windows\SYSNATIVE\DRIVERS\vsflt58.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys;c:\windows\SYSNATIVE\drivers\MiniIcpt.sys [x]
S1 gdwfpcd;G Data WFP CD;c:\windows\system32\drivers\gdwfpcd64.sys;c:\windows\SYSNATIVE\drivers\gdwfpcd64.sys [x]
S1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys;c:\windows\SYSNATIVE\drivers\GRD.sys [x]
S1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys;c:\windows\SYSNATIVE\drivers\HookCentre.sys [x]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys;c:\windows\SYSNATIVE\drivers\acedrv11.sys [x]
S2 afcdpsrv;Acronis Nonstop Backup-Dienst;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [x]
S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys;c:\windows\SYSNATIVE\drivers\aksdf.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirusKit Client;G DATA AntiVirus Client;c:\program files (x86)\G Data\AVK\AVK.exe;c:\program files (x86)\G Data\AVK\AVK.exe [x]
S2 AVKProxy;G Data AntiVirus Proxy;c:\program files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe;c:\program files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe [x]
S2 AVKWCtl;G Data Dateisystem Wächter;c:\program files (x86)\G Data\AVK\AVKWCtlX64.exe;c:\program files (x86)\G Data\AVK\AVKWCtlX64.exe [x]
S2 Vetad Update-Service;Vetad Update-Service;c:\Vetad\PROGRAMM\INSTALL\DvInesASDSvc.Exe;c:\Vetad\PROGRAMM\INSTALL\DvInesASDSvc.Exe [x]
S2 Vetad.Framework.RemoteServiceModel.EnablerService;Vetad DFL-Service-Manager;c:\Vetad\SYSTEM\Vetad.Framework.RemoteServiceModel.GenericService2010.exe Vetad.Framework.RemoteServiceModel.EnablerService -SvcRunLevel=9999 -Single;c:\Vetad\SYSTEM\Vetad.Framework.RemoteServiceModel.GenericService2010.exe Vetad.Framework.RemoteServiceModel.EnablerService -SvcRunLevel=9999 -Single [x]
S2 VetadPrintService;Vetad Druckservice;c:\Vetad\PROGRAMM\B0001442\PSNTSERV.EXE;c:\Vetad\PROGRAMM\B0001442\PSNTSERV.EXE [x]
S2 DBService;DATA BECKER Update Service;c:\program files (x86)\Common Files\DATA BECKER Shared\DBService.exe;c:\program files (x86)\Common Files\DATA BECKER Shared\DBService.exe [x]
S2 Dcmanag;Vetad DFÜ-System Dienst;c:\Vetad\PROGRAMM\B0000000\DFUEMNGR\DcManag.exe;c:\Vetad\PROGRAMM\B0000000\DFUEMNGR\DcManag.exe [x]
S2 DVckService;DVckService;c:\Vetad\PROGRAMM\B0000150\ScServer\DVckService.exe;c:\Vetad\PROGRAMM\B0000150\ScServer\DVckService.exe [x]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbguard.exe;c:\program files\Firebird\Firebird_2_1\bin\fbguard.exe [x]
S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [x]
S2 hasplms;Sentinel Local License Manager;c:\windows\system32\hasplms.exe  -run;c:\windows\SYSNATIVE\hasplms.exe  -run [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [x]
S2 KOBIL_MSDI;KOBIL_MSDI;c:\Vetad\PROGRAMM\B0000404\msdisrv.exe;c:\Vetad\PROGRAMM\B0000404\msdisrv.exe [x]
S2 PDFProFiltSrv;PDFProFiltSrv;c:\program files (x86)\Nuance\PDF Professional 7\PDFProFiltSrv.exe;c:\program files (x86)\Nuance\PDF Professional 7\PDFProFiltSrv.exe [x]
S2 SC_SERV3D;SC_SERV3D;c:\windows\system32\drivers\d3_kafm.sys;c:\windows\SYSNATIVE\drivers\d3_kafm.sys [x]
S2 Sicherheitspaket-Dienst;Sicherheitspaket-Dienst;c:\Vetad\PROGRAMM\B0000398\SiPaHostService.exe;c:\Vetad\PROGRAMM\B0000398\SiPaHostService.exe [x]
S2 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 vToolbarUpdater12.2.0;vToolbarUpdater12.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe [x]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys;c:\windows\SYSNATIVE\DRIVERS\afcdp.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 Vetad.Framework.RemoteServices;Vetad DFL Infrastruktur-Dienst;c:\Vetad\SYSTEM\Vetad.Framework.RemoteServiceModel.GenericService2010.exe Vetad.Framework.RemoteServices -SvcRunLevel=1000 -Single;c:\Vetad\SYSTEM\Vetad.Framework.RemoteServiceModel.GenericService2010.exe Vetad.Framework.RemoteServices -SvcRunLevel=1000 -Single [x]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbserver.exe;c:\program files\Firebird\Firebird_2_1\bin\fbserver.exe [x]
S3 GDScan;G Data Scanner;c:\program files (x86)\Common Files\G DATA\GDScan\GDScan.exe;c:\program files (x86)\Common Files\G DATA\GDScan\GDScan.exe [x]
S3 KOBCCID;KOBCCID;c:\windows\system32\drivers\KOBCCID.sys;c:\windows\SYSNATIVE\drivers\KOBCCID.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-17 16:57        1185744        ----a-w-        c:\program files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-11-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-14 09:18]
.
2013-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-26 12:26]
.
2013-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-26 12:26]
.
2013-11-11 c:\windows\Tasks\HPCeeScheduleForGnuj.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
2013-10-30 c:\windows\Tasks\HPCeeScheduleForPC01$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-06-24 11:28        261744        ----a-w-        c:\users\Gnuj\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-06-24 11:28        261744        ----a-w-        c:\users\Gnuj\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-06-24 11:28        261744        ----a-w-        c:\users\Gnuj\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-11 167960]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-11 417304]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-30 11660904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"="c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe" [2013-11-07 21720]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: An vorhandene PDF-Datei anhängen - c:\program files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Inhalt der ausgewählten Links an vorhandene PDF-Datei anhängen - c:\program files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
IE: Linkinhalt an vorhandene PDF-Datei anhängen - c:\program files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Mit Nuance PDF Converter 7.0 öffnen - c:\program files (x86)\Nuance\PDF Professional 7\cnvres_ger.dll /100
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: PDF-Datei aus Linkinhalt erstellen - c:\program files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: PDF-Datei erstellen - c:\program files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: PDF-Dateien aus den ausgewählten Links erstellen - c:\program files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
IE: {{B4E30F61-16D9-11D3-85D1-005004229569} - {85E0B172-04FA-11D1-B7DA-00A0C90348D6} - c:\lotus\organize\bandobjs.dll
TCP: DhcpNameServer = 192.168.199.10
DPF: {15BE8BEE-4105-4A79-B385-25068AA967DB} - hxxp://de1.iradiopop.com/IRD/pages/VBIMDPlayer.CAB
FF - ProfilePath - c:\users\Gnuj\AppData\Roaming\Mozilla\Firefox\Profiles\rd42lxr8.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.de/|hxxp://www.ebay.de/|hxxp://www.web.de/|hxxp://www.geizkragen.de/preisvergleich/telefon-und-co/handys-ohne-vertrag/samsung/samsung-galaxy-s4-i9505/802087.html|hxxp://forum.chip.de/drucker-scanner-co-21/|hxxp://www.dilem.fr/de/simulator/monture:OJ090/branche:ZM#!monture:OJ090/branche:ZC246|hxxp://www.gegenfrage.com/category/gold/|hxxp://www.proaurum.de/home/aktuellwichtig/chartanalyse/chart-analyse_23-07-2013.html|https://www.gevestor-group.de/?id=512829&banner=HV_redLink2_12609_63075742030&nl_link=HV_redLink2_12609_63075742030&utm_medium=email&utm_campaign=63075742030_2013-08-28T17%253A00_%255BAC%255D+Newsletter+vom+28.08.2013&utm_source=4016638430&SYS=000&SCID=anVuZ0AxYS10b3AtYmVyYXR1bmcuZGU%253D
FF - ExtSQL: 2013-10-10 10:40; toolbar@web.de; c:\users\Gnuj\AppData\Roaming\Mozilla\Firefox\Profiles\rd42lxr8.default\extensions\toolbar@web.de.xpi
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{11111111-1111-1111-1111-110011441179} - (no file)
Toolbar-10 - (no file)
c:\users\Gnuj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TK-Suite Client.lnk - c:\program files (x86)\AGFEO\Tk-Suite\tools\ctimon.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\TK-Suite Client.lnk - c:\program files (x86)\AGFEO\Tk-Suite\tools\ctimon.exe  -m
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
ShellIconOverlayIdentifiers- - (no file)
ShellIconOverlayIdentifiers- - (no file)
ShellIconOverlayIdentifiers- - (no file)
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-11-12  23:30:23
ComboFix-quarantined-files.txt  2013-11-12 22:30
.
Vor Suchlauf: 61 Verzeichnis(se), 299.834.392.576 Bytes frei
Nach Suchlauf: 62 Verzeichnis(se), 301.436.907.520 Bytes frei
.
- - End Of File - - AE00A9389325BC84441A2C1C9DAD5D85
--- --- ---

Gruß von Löwe

schrauber 13.11.2013 10:19
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

Löwe1 14.11.2013 08:28
Hi,
hier Malwarebytes:
Code:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.11.13.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
Gnuj :: PC01 [Administrator]

13.11.2013 19:03:27
mbam-log-2013-11-13 (19-03-27).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 272097
Laufzeit: 6 Minute(n), 23 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 9
HKCR\CrossriderApp0004479.BHO (PUP.Optional.CrossRider.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CrossriderApp0004479.Sandbox (PUP.Optional.CrossRider.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CrossriderApp0004479.Sandbox.1 (PUP.Optional.CrossRider.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\IminentWebBooster.Web2IMBHandler (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011441179} (PUP.Optional.CrossRider.M) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{11111111-1111-1111-1111-110011441179} (PUP.Optional.CrossRider.M) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011441179} (PUP.Optional.CrossRider.M) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441179} (PUP.Optional.CrossRider.M) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 1
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Daten: yEzy1P1J0S1I1G0ZtG0F -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 2
C:\Users\Gnuj\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Gnuj\AppData\Roaming\OpenCandy\53DECCF57D3C4A68A34217BEE9F17779 (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 3
C:\Windows\Installer\8c516d.msi (PUP.Optional.SweetIM) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Gnuj\AppData\Roaming\Mozilla\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433} (PUP.Optional.Searchqu.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Gnuj\AppData\Roaming\OpenCandy\53DECCF57D3C4A68A34217BEE9F17779\TuneUpUtilities2013-2200218_de-DE.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Hier die AdwCleaner-Datei:
AdwCleaner Logfile:
Code:
# AdwCleaner v3.012 - Bericht erstellt am 14/11/2013 um 01:26:32
# Updated 11/11/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : Gnuj - PC01
# Gestartet von : C:\Users\Gnuj\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\simplitec
Ordner Gelöscht : C:\Program Files (x86)\jZip
Ordner Gelöscht : C:\Program Files (x86)\Common Files\AVG Secure Search
Ordner Gelöscht : C:\Users\Gnuj\AppData\Local\jZip
Ordner Gelöscht : C:\Users\Gnuj\AppData\Roaming\simplitec
Ordner Gelöscht : C:\Users\Gnuj\AppData\Roaming\Systweak
Datei Gelöscht : C:\Windows\System32\roboot64.exe
Datei Gelöscht : C:\Users\Gnuj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\jZip.lnk
Datei Gelöscht : C:\Users\Gnuj\Desktop\jZip.lnk
Datei Gelöscht : C:\Users\Gnuj\AppData\Roaming\Mozilla\Firefox\Profiles\rd42lxr8.default\searchplugins\11-suche.xml

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\DNSBHO.dll
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\Iminent.MMServer.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\Iminent.WebBooster.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BrowserConnection.Loader
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DnsBHO.BHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Business.TinyUrl.UrlTinyfier
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IminentMMServer.ACPlayer
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\jZip.file
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings-InternalInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings-InternalInstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\jZip_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\jZip_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetimsetup_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetimsetup_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetpacksupdatemanager_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppPath\jZip.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{13C8734A-1AD2-4500-9F65-10D99AD80F54}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8E948448-E97B-4864-8177-546200709672}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220022442279}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{913FAA37-8CDB-4144-9047-E2A950CD967E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055445579}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066446679}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3614D305-2DBB-4991-9297-750DD60FFC73}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{913FAA37-8CDB-4144-9047-E2A950CD967E}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055445579}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066446679}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Schlüssel Gelöscht : HKCU\Software\jZip
Schlüssel Gelöscht : HKLM\Software\jZip
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\jZip
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\254796BF4AC84B64891B61C529A2E23F
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\254796BF4AC84B64891B61C529A2E23F

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16736


-\\ Mozilla Firefox v25.0 (de)

[ Datei : C:\Users\Gnuj\AppData\Roaming\Mozilla\Firefox\Profiles\rd42lxr8.default\prefs.js ]

Zeile gelöscht : user_pref("extensions.crossrider.bic", "13ba87d3eb7f9d8a90ad1a2050b7bc7f");

-\\ Google Chrome v30.0.1599.101

[ Datei : C:\Users\Gnuj\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [7218 octets] - [14/11/2013 01:14:19]
AdwCleaner[S0].txt - [6824 octets] - [14/11/2013 01:26:32]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6884 octets] ##########
--- --- ---


Hier der Bericht von Junkware Romoval:

Code:

Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Professional x64
Ran by Gnuj on 14.11.2013 at  1:38:52,43
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3819896947-3942532061-1754202372-1137\Software\sweetim



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Gnuj\appdata\locallow\datamngr"



~~~ FireFox

Emptied folder: C:\Users\Gnuj\AppData\Roaming\mozilla\firefox\profiles\rd42lxr8.default\minidumps [83 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 14.11.2013 at  1:43:46,85
End of JRT log
Gruß Löwe

schrauber 14.11.2013 13:50

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Löwe1 16.11.2013 18:10
Hi,
hier das Ergebnis von eset
Code:

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=9998c4da9157d04d8f410101b364da50
# engine=15907
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-11-16 10:38:45
# local_time=2013-11-16 11:38:45 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 10985880 136228175 0 0
# scanned=345385
# found=2
# cleaned=0
# scan_time=7742
sh=DE65BEDE7D1DB30B18E1C93ABD831FABC3E4305A ft=1 fh=3628295ec7f21e0d vn="probably unknown NewHeur_PE virus" ac=I fn="C:\Program Files (x86)\skov\vPStart.exe"
sh=D21006747ED2AFFD4E3A4CB0DFFD6C6030965750 ft=1 fh=c74f7ccb8a44fe6d vn="probably unknown NewHeur_PE virus" ac=I fn="C:\Program Files (x86)\skov\vPStartHSO.exe"
Hier checkup.txt
Code:

 Results of screen317's Security Check version 0.99.76 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 10 
``````````````Antivirus/Firewall Check:``````````````
G Data AntiVirus 
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware Version 1.75.0.1300 
 Java 7 Update 45 
 Adobe Flash Player 11.9.900.117 
 Adobe Reader XI 
 Mozilla Firefox (25.0)
 Mozilla Thunderbird (17.0.)
 Google Chrome 31.0.1650.48 
 Google Chrome 31.0.1650.57 
````````Process Check: objlist.exe by Laurent```````` 
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbamgui.exe 
 Malwarebytes' Anti-Malware mbamscheduler.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````
FRST ist während des Laufes abgebrochen.

Gruß Löwe

schrauber 17.11.2013 07:25
Zitat:
C:\Program Files (x86)\skov
Kennst DU das?

Löwe1 18.11.2013 10:49
Hi,
vom Hersteller wurde mir mitgeteilt, dass die betroffenen Dateien bei www.virustotal.com hochgeladen wurden. Es handelt sich um Falschmeldungen des Virenscanners.
Gruß Löwe

schrauber 19.11.2013 08:34
Gut, dann bitte ein frisches OTL log. Noch Probleme?

Löwe1 14.12.2013 10:33
Hi,
hier das Ergebnis,
OTL Logfile:
Code:
OTL logfile created on: 14.12.2013 08:38:01 - Run 2
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Gnuj\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,96 Gb Total Physical Memory | 1,95 Gb Available Physical Memory | 49,15% Memory free
7,92 Gb Paging File | 5,29 Gb Available in Paging File | 66,84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 458,50 Gb Total Space | 270,34 Gb Free Space | 58,96% Space Free | Partition Type: NTFS
Drive D: | 7,17 Gb Total Space | 0,92 Gb Free Space | 12,80% Space Free | Partition Type: NTFS
Drive K: | 55,85 Gb Total Space | 7,63 Gb Free Space | 13,66% Space Free | Partition Type: NTFS
Drive L: | 55,85 Gb Total Space | 7,63 Gb Free Space | 13,66% Space Free | Partition Type: NTFS
Drive P: | 55,85 Gb Total Space | 7,63 Gb Free Space | 13,66% Space Free | Partition Type: NTFS
Drive Q: | 55,85 Gb Total Space | 7,63 Gb Free Space | 13,66% Space Free | Partition Type: NTFS
 
Computer Name: PC01 | User Name: Gnuj | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC -  File not found
PRC - C:\Users\Gnuj\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe (Babylon Ltd.)
PRC - C:\Program Files (x86)\Haufe\iDesk\iDeskService\iDeskService.exe ()
PRC - C:\Program Files (x86)\Haufe\iDesk\iDeskService\ideskpython.exe (Haufe Mediengruppe)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Vetad\PROGRAMM\B0001442\PSNTServ.exe (Vetad eG)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Vetad\SYSTEM\Vetad.Framework.RemoteServiceModel.GenericService2010.exe (Vetad eG)
PRC - C:\Vetad\PROGRAMM\B0000150\ScServer\DVckService.exe (Vetad eG)
PRC - C:\Vetad\PROGRAMM\B0000398\SiPaHost.exe (Vetad eG)
PRC - C:\Vetad\PROGRAMM\B0000398\SiPaHostService.exe (Vetad eG)
PRC - C:\Vetad\PROGRAMM\Install\DvInesASDMon.Exe (Vetad eG)
PRC - C:\Vetad\PROGRAMM\Install\DvInesASDSvc.Exe (Vetad eG)
PRC - C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG)
PRC - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
PRC - C:\Vetad\PROGRAMM\B0000000\DFUEMNGR\DfueMan.exe (Vetad eG)
PRC - C:\Vetad\PROGRAMM\DFUEISDN\SSLClt\sslclt.exe (Vetad eG)
PRC - C:\Vetad\PROGRAMM\B0000000\DFUEMNGR\DcManag.exe (Vetad eG)
PRC - C:\Vetad\PROGRAMM\B0000299\AS\as.exe (VetadeG)
PRC - C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe (G Data Software AG)
PRC - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe (G Data Software AG)
PRC - C:\Program Files (x86)\G Data\AVK\AVK.exe (G Data Software AG)
PRC - C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe (HP)
PRC - C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe (HP)
PRC - C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe (HP)
PRC - C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Acronis)
PRC - C:\Vetad\PROGRAMM\B0000404\msdisrv.exe (KOBIL Systems GmbH)
PRC - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Nuance\PDF Professional 7\PdfPro7Hook.exe (Nuance Communications, Inc.)
PRC - C:\Program Files (x86)\Nuance\PDF Professional 7\PDFProFiltSrv.exe (Nuance Communications, Inc.)
PRC - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Program Files (x86)\klickTel\klickTel OEM Frühjahr 2010\KSTART32.EXE (telegate MEDIA AG)
PRC - C:\Vetad\PROGRAMM\A0000007\DHNC.exe ()
PRC - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
PRC - C:\Vetad\SYSTEM\RzpjWtch.exe (Vetad eG)
PRC - C:\lotus\organize\easyclip6.exe (Lotus Development Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Network\05fb8add8ed309511d33005b64db51d8\Vetad.Network.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Framework.Mic#\9b17db1567cedc01fe2d6c7dc90b01ec\Vetad.Framework.MicroKernel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Framework.Int#\86c0dfed414b4b1aa82d0352fc147763\Vetad.Framework.Interop.OfficeObjectModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Framework.Int#\97c7bcb8869c21ccc0a2edcf60afb731\Vetad.Framework.Interop.Office.MSOffice14.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Framework.Int#\3c76afd2827aae5e1a6a8aa52adea739\Vetad.Framework.Interop.Office.Goal.Common.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Framework.Int#\3c5ce8af61cc1e702fc89c39a89dc7c0\Vetad.Framework.Interop.Office.Goal.MSOTypes.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Framework.Int#\376bcb9ba86870ae17d3a63ea1fb5929\Vetad.Framework.Interop.Office.Goal.BSOffice.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Framework.Int#\5b6371c8a1008b55ca0a48f260b3f3e9\Vetad.Framework.Interop.Office.Goal.Base.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Framework.Int#\f3428ba1ec8c42ba6f69339dde313c97\Vetad.Framework.Interop.Office.Extensions.Compatibility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Framework.Dia#\c0887ced42561c0c2b9dc65b183fecc1\Vetad.Framework.Diagnostics.RealTimeTracing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.ConfigDB\d0a3586446af1f7aa101a31ac36dbc1d\Vetad.ConfigDB.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\e40d894a772b2cff5ffd5a84ef20d2d4\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dac1208781fdd0b960afc12efff42944\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\71d887ce964fb69b7f03c4fe7a3f28ff\System.Configuration.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Framework.Int#\4e6c85823b769bc47024bb0a305e66f3\Vetad.Framework.Interop.Office.Word14.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Framework.Int#\b49314a634f98bf6d4b0c0fc15705316\Vetad.Framework.Interop.Office.Goal.ObjectFactory.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Framework.Int#\ac0a82d116c43dfa7556e0fa9830446e\Vetad.Framework.Interop.Office.Goal.Calc.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Framework.Int#\e2ec546ef40c590ca2c55a8d5006ca35\Vetad.Framework.Interop.Office.Goal.Basics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Framework.Int#\797af1fef2e5f7f69a895b3ac7829b63\Vetad.Framework.Interop.Office.Extensions.OfficeUI.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Framework.Int#\87879028bdeeb98b5ab9bc7f3891c3e8\Vetad.Framework.Interop.Office.Extensions.Base.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\3a3fc0216674bdea0be809b305517c98\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\884bcbd22130ebeb1211bc7bcc3910c9\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\de853615c8224ba5d9aa9b76276c6d98\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Network.Inter#\f41b1c423b0773c656fad36adadd7931\Vetad.Network.Interfaces.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Framework.Int#\794f134fd574b106461b20b224b57df1\Vetad.Framework.Interop.Office.Goal.Text.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Framework.Int#\e9c1d3baac577ec5eac2d7a90437f1bb\Vetad.Framework.Interop.Office.Goal.Component.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Framework.Int#\fb4c14fe2c99a3a704485c4261ca0e3e\Vetad.Framework.Interop.Office.Goal.Business.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Framework.Int#\6a851c744185a856a105954971d094ad\Vetad.Framework.Interop.Office.Goal.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Framework.Int#\de72f603bf94e9a94563c014c36404a2\Vetad.Framework.Interop.Office.Extensions.DDMA.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Framework.Int#\3aa681fb4055d3e03daaec3f9686c96c\Vetad.Framework.Interop.Office.Extensions.BSOfficeMenu.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.ConfigDB.Inte#\614b0fe9393254fba76ddb4bf0235a6c\Vetad.ConfigDB.Interfaces.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\c9786062fbb311c543497e28c1e1a0c5\CustomMarshalers.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\cf58670896c5313b9b52f026f4455a5d\mscorlib.ni.dll ()
MOD - C:\PROGRA~2\HSC-SO~1\Ka\COLWOR~1.DLL ()
MOD - C:\Vetad\SYSTEM\DVCCSASCMtf001.dll ()
MOD - C:\Program Files (x86)\Nuance\PDF Professional 7\PDFCOffice2007Addin.dll ()
MOD - C:\Vetad\PROGRAMM\A0000007\DHNC.exe ()
MOD - C:\Vetad\SYSTEM\DvDfvkBas002.dll ()
MOD - C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV:64bit: - (FirebirdGuardianDefaultInstance) -- C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe (Firebird Project)
SRV:64bit: - (FirebirdServerDefaultInstance) -- C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe (Firebird Project)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (hasplms) -- C:\Windows\SysNative\hasplms.exe (SafeNet Inc.)
SRV:64bit: - (Intel(R) -- C:\Windows\SysNative\IPROSetMonitor.exe (Intel Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (HRService) -- C:\Program Files (x86)\Haufe\iDesk\iDeskService\iDeskService.exe ()
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (VetadPrintService) -- C:\Vetad\PROGRAMM\B0001442\PSNTServ.exe (Vetad eG)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (DVckService) -- C:\Vetad\PROGRAMM\B0000150\ScServer\DVckService.exe (Vetad eG)
SRV - (Sicherheitspaket-Dienst) -- C:\Vetad\PROGRAMM\B0000398\SiPaHostService.exe (Vetad eG)
SRV - (Vetad Update-Service) -- C:\Vetad\PROGRAMM\Install\DvInesASDSvc.Exe (Vetad eG)
SRV - (DBService) -- C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (Hewlett-Packard Company)
SRV - (afcdpsrv) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
SRV - (Dcmanag) -- C:\Vetad\PROGRAMM\B0000000\DFUEMNGR\DcManag.exe (Vetad eG)
SRV - (GDScan) -- C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe (G Data Software AG)
SRV - (AVKProxy) -- C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe (G Data Software AG)
SRV - (AntiVirusKit ) -- C:\Program Files (x86)\G Data\AVK\AVK.exe (G Data Software AG)
SRV - (AVKWCtl) -- C:\Program Files (x86)\G Data\AVK\AVKWCtlX64.exe (G Data Software AG)
SRV - (GDBackupSvc) -- C:\Program Files (x86)\G Data\AVK\AVKBackupService.exe (G Data Software AG)
SRV - (FPLService) -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe (HP)
SRV - (syncagentsrv) -- C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Acronis)
SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (KOBIL_MSDI) -- C:\Vetad\PROGRAMM\B0000404\msdisrv.exe (KOBIL Systems GmbH)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (PDFProFiltSrv) -- C:\Program Files (x86)\Nuance\PDF Professional 7\PDFProFiltSrv.exe (Nuance Communications, Inc.)
SRV - (IviRegMgr) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (PSI_SVC_2) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (HookCentre) -- C:\Windows\SysNative\drivers\HookCentre.sys (G Data Software AG)
DRV:64bit: - (GDMnIcpt) -- C:\Windows\SysNative\drivers\MiniIcpt.sys (G Data Software AG)
DRV:64bit: - (GDBehave) -- C:\Windows\SysNative\drivers\GDBehave.sys (G Data Software AG)
DRV:64bit: - (gdwfpcd) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys (G Data Software AG)
DRV:64bit: - (GRD) -- C:\Windows\SysNative\drivers\GRD.sys (G Data Software)
DRV:64bit: - (KOBCCID) -- C:\Windows\SysNative\drivers\KOBCCID.sys (KOBIL Systems GmbH)
DRV:64bit: - (vidsflt58) -- C:\Windows\SysNative\drivers\vsflt58.sys (Acronis)
DRV:64bit: - (afcdp) -- C:\Windows\SysNative\drivers\afcdp.sys (Acronis)
DRV:64bit: - (tdrpman) -- C:\Windows\SysNative\drivers\tdrpman.sys (Acronis)
DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis)
DRV:64bit: - (vididr) -- C:\Windows\SysNative\drivers\vididr.sys (Acronis)
DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis)
DRV:64bit: - (fltsrv) -- C:\Windows\SysNative\drivers\fltsrv.sys (Acronis)
DRV:64bit: - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies)
DRV:64bit: - (SC_SERV3D) -- C:\Windows\SysNative\drivers\d3_kafm.sys (Vetad eG)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (KOBCCEX) -- C:\Windows\SysNative\drivers\KOBCCEX.sys (KOBIL Systems GmbH)
DRV:64bit: - (pmxdrv) -- C:\Windows\SysNative\drivers\pmxdrv.sys ()
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (aksfridge) -- C:\Windows\SysNative\drivers\aksfridge.sys (SafeNet Inc.)
DRV:64bit: - (aksdf) -- C:\Windows\SysNative\drivers\aksdf.sys (SafeNet Inc.)
DRV:64bit: - (hardlock) -- C:\Windows\SysNative\drivers\hardlock.sys (SafeNet Inc.)
DRV:64bit: - (e1cexpress) -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (IFCoEVB) -- C:\Windows\SysNative\drivers\ifP52x64.sys (Intel(R) Corporation)
DRV:64bit: - (IFCoEMP) -- C:\Windows\SysNative\drivers\ifM52x64.sys (Intel(R) Corporation)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.google.de/|hxxp://www.ebay.de/|hxxp://www.web.de/|hxxp://www.geizkragen.de/preisvergleich/telefon-und-co/handys-ohne-vertrag/samsung/samsung-galaxy-s4-i9505/802087.html|hxxp://forum.chip.de/drucker-scanner-co-21/|hxxp://www.dilem.fr/de/simulator/monture:OJ090/branche:ZM#!monture:OJ090/branche:ZC246|hxxp://www.gegenfrage.com/category/gold/|hxxp://www.proaurum.de/home/aktuellwichtig/chartanalyse/chart-analyse_23-07-2013.html|https://www.gevestor-group.de/?id=512829&banner=HV_redLink2_12609_63075742030&nl_link=HV_redLink2_12609_63075742030&utm_medium=email&utm_campaign=63075742030_2013-08-28T17%253A00_%255BAC%255D+Newsletter+vom+28.08.2013&utm_source=4016638430&SYS=000&SCID=anVuZ0AxYS10b3AtYmVyYXR1bmcuZGU%253D"
FF - prefs.js..extensions.enabledAddons: toolbar%40web.de:2.8.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@Vetad.de/Vetad_BestellManager,version=1.7: C:\Vetad\PROGRAMM\A0000015\npdvbm.dll ( Vetad eG)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Professional 7\bin\nppdf.dll (Zeon Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\ocr@babylon.com: C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\ocr@babylon.com [2013.12.02 00:02:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.11.17 18:24:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2008.02.22 16:24:06 | 000,095,832 | ---- | M] ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.12.16 10:34:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2008.02.22 16:24:06 | 000,095,832 | ---- | M] ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.12.16 10:34:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2008.02.22 16:24:06 | 000,095,832 | ---- | M] ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.12.16 10:34:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2008.02.22 16:24:06 | 000,095,832 | ---- | M] ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.12.16 10:34:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2008.02.22 16:24:06 | 000,095,832 | ---- | M] ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.12.16 10:34:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2008.02.22 16:24:06 | 000,095,832 | ---- | M] ()
 
[2013.11.14 00:35:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gnuj\AppData\Roaming\mozilla\Extensions
[2012.01.04 19:20:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gnuj\AppData\Roaming\mozilla\Extensions\ideskbrowser@haufe.de
[2013.11.14 01:09:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gnuj\AppData\Roaming\mozilla\Firefox\Profiles\rd42lxr8.default\Extensions
[2013.11.14 01:09:53 | 000,639,485 | ---- | M] () (No name found) -- C:\Users\Gnuj\AppData\Roaming\mozilla\firefox\profiles\rd42lxr8.default\Extensions\toolbar@web.de.xpi
[2013.10.10 09:19:25 | 000,915,554 | ---- | M] () (No name found) -- C:\Users\Gnuj\AppData\Roaming\mozilla\firefox\profiles\rd42lxr8.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.11.14 01:10:05 | 000,002,353 | ---- | M] () -- C:\Users\Gnuj\AppData\Roaming\mozilla\firefox\profiles\rd42lxr8.default\searchplugins\englische-ergebnisse.xml
[2013.11.14 01:10:04 | 000,002,822 | ---- | M] () -- C:\Users\Gnuj\AppData\Roaming\mozilla\firefox\profiles\rd42lxr8.default\searchplugins\gmx-suche.xml
[2013.11.14 01:10:05 | 000,002,432 | ---- | M] () -- C:\Users\Gnuj\AppData\Roaming\mozilla\firefox\profiles\rd42lxr8.default\searchplugins\lastminute.xml
[2013.11.14 01:10:04 | 000,005,637 | ---- | M] () -- C:\Users\Gnuj\AppData\Roaming\mozilla\firefox\profiles\rd42lxr8.default\searchplugins\webde-suche.xml
[2013.11.17 18:24:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.11.17 18:24:51 | 000,000,000 | ---D | M] (TrueSuite Website Logon) -- C:\Program Files (x86)\mozilla firefox\extensions\websitelogon@truesuite.com
[2013.11.17 18:24:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.11.17 18:24:56 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:search}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native  (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Vetad Bestell-Manager Plug-in (Enabled) = C:\Vetad\PROGRAMM\A0000015\npdvbm.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: DocuCom PDF Plus (Enabled) = C:\Program Files (x86)\Nuance\PDF Professional 7\bin\nppdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - Extension: Docs = C:\Users\Gnuj\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google Drive = C:\Users\Gnuj\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: YouTube = C:\Users\Gnuj\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Gnuj\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Website Logon = C:\Users\Gnuj\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfaldikcoaplhepekpbngkepfcoiihef\1.0_0\
CHR - Extension: Google Mail = C:\Users\Gnuj\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013.11.12 23:27:58 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2:64bit: - BHO: (DtvIePwdSafeBHO Class) - {6EF6B546-25FB-455B-801F-FDB3B3D39F9E} - C:\Vetad\PROGRAMM\B0000397\DtvIePwdSafe64.dll (Vetad eG)
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
O2:64bit: - BHO: (SCardBHOEvent Class) - {AF8CD625-E04A-4A8F-A90A-0C74846C2E30} - C:\Vetad\SYSTEM\DVCCSASCardBHO64002.dll (Vetad eG)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (DtvIePwdSafeBHO Class) - {6EF6B546-25FB-455B-801F-FDB3B3D39F9E} - C:\Vetad\PROGRAMM\B0000397\DtvIePwdSafe.dll (Vetad eG)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O2 - BHO: (SCardBHOEvent Class) - {AF8CD625-E04A-4A8F-A90A-0C74846C2E30} - C:\Vetad\SYSTEM\DVCCSASCardBHO002.dll (Vetad eG)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFav.dll (Zeon Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3 - HKLM\..\Toolbar: (Nuance PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFav.dll (Zeon Corporation)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AVK ] C:\Program Files (x86)\G Data\AVK\AVK.exe (G Data Software AG)
O4 - HKLM..\Run: [Babylon ] C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe (Babylon Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Vetad Update-Monitor] C:\Vetad\PROGRAMM\Install\DvInesASDMon.exe (Vetad eG)
O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
O4 - HKLM..\Run: [PDF7 Registry Controller] C:\Program Files (x86)\Nuance\PDF Professional 7\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFHook] C:\Program Files (x86)\Nuance\PDF Professional 7\pdfpro7hook.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SiPaHost] C:\Vetad\PROGRAMM\B0000398\SiPaHost.exe (Vetad eG)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O4 - Startup: C:\Users\Gnuj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\klickTel OEM Frühjahr 2010 - Schnellstarter.lnk = C:\Program Files (x86)\klickTel\klickTel OEM Frühjahr 2010\KSTART32.EXE (telegate MEDIA AG)
O4 - Startup: C:\Users\Gnuj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Lotus Organizer EasyClip.lnk = C:\lotus\organize\easyclip6.exe (Lotus Development Corporation)
O4 - Startup: C:\Users\Gnuj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PhraseExpress Diagnose-Modus.lnk = C:\Program Files (x86)\PhraseExpress\phraseexpress.exe (Bartels Media GmbH)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFav.dll (Zeon Corporation)
O8:64bit: - Extra context menu item: Inhalt der ausgewählten Links an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFav.dll (Zeon Corporation)
O8:64bit: - Extra context menu item: Linkinhalt an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFav.dll (Zeon Corporation)
O8:64bit: - Extra context menu item: Mit Nuance PDF Converter 7.0 öffnen - C:\Program Files (x86)\Nuance\PDF Professional 7\cnvres_ger.dll (Nuance Communications, Inc.)
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: PDF-Datei aus Linkinhalt erstellen - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFav.dll (Zeon Corporation)
O8:64bit: - Extra context menu item: PDF-Datei erstellen - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFav.dll (Zeon Corporation)
O8:64bit: - Extra context menu item: PDF-Dateien aus den ausgewählten Links erstellen - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFav.dll (Zeon Corporation)
O8:64bit: - Extra context menu item: Translate this web page with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8:64bit: - Extra context menu item: Translate with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: An vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFav.dll (Zeon Corporation)
O8 - Extra context menu item: Inhalt der ausgewählten Links an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFav.dll (Zeon Corporation)
O8 - Extra context menu item: Linkinhalt an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFav.dll (Zeon Corporation)
O8 - Extra context menu item: Mit Nuance PDF Converter 7.0 öffnen - C:\Program Files (x86)\Nuance\PDF Professional 7\cnvres_ger.dll (Nuance Communications, Inc.)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: PDF-Datei aus Linkinhalt erstellen - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFav.dll (Zeon Corporation)
O8 - Extra context menu item: PDF-Datei erstellen - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFav.dll (Zeon Corporation)
O8 - Extra context menu item: PDF-Dateien aus den ausgewählten Links erstellen - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFav.dll (Zeon Corporation)
O8 - Extra context menu item: Translate this web page with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8 - Extra context menu item: Translate with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Web-Eintrag - {B4E30F61-16D9-11D3-85D1-005004229569} - c:\lotus\organize\bandobjs.dll ()
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: Vetad.com ([]http is out of zone range - 5)
O15 - HKCU\..Trusted Domains: Vetad.com ([]https is out of zone range - 5)
O15 - HKCU\..Trusted Domains: Vetad.de ([]http is out of zone range - 5)
O15 - HKCU\..Trusted Domains: Vetad.de ([]https is out of zone range - 5)
O15 - HKCU\..Trusted Domains: Vetad.de ([www] http is out of zone range -  5)
O15 - HKCU\..Trusted Domains: Vetad.de ([www] https is out of zone range -  5)
O15 - HKCU\..Trusted Domains: Vetadnet.de ([*.services] http is out of zone range -  5)
O15 - HKCU\..Trusted Domains: Vetadnet.de ([*.services] https is out of zone range -  5)
O15 - HKCU\..Trusted Domains: Vetadstadt.de ([]http is out of zone range - 5)
O15 - HKCU\..Trusted Domains: Vetadstadt.de ([]https is out of zone range - 5)
O16:64bit: - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex64-2.2.6.0.cab (DLM Control)
O16 - DPF: {15BE8BEE-4105-4A79-B385-25068AA967DB} hxxp://de1.iradiopop.com/IRD/pages/VBIMDPlayer.CAB (VBIRDPlayer.Player)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 10.45.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.199.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Ka.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D3BA4BEC-0264-43CF-B7B3-57C797E79215}: DhcpNameServer = 192.168.199.10
O18:64bit: - Protocol\Handler\haufereader - No CLSID value found
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\haufereader - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.12.12 01:37:18 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2013.12.12 01:37:17 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2013.12.12 01:37:17 | 011,410,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2013.12.12 01:37:16 | 014,631,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2013.12.12 01:35:47 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.12.12 01:35:47 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2013.12.12 01:35:46 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.12.12 01:35:46 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.12.12 01:35:46 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.12.12 01:35:46 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2013.12.12 01:35:46 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.12.12 01:35:46 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2013.12.12 01:35:46 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.12.12 01:35:45 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013.12.12 01:35:45 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2013.12.12 01:35:45 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013.12.12 01:35:45 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2013.12.12 01:35:43 | 001,995,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.12.12 01:35:43 | 001,928,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.12.12 01:35:41 | 005,769,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.12.11 10:37:36 | 000,000,000 | ---D | C] -- C:\Users\Gnuj\AppData\Roaming\TaxNMore
[2013.12.11 09:37:20 | 000,335,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msieftp.dll
[2013.12.11 09:37:20 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msieftp.dll
[2013.12.11 09:37:16 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013.12.11 09:37:16 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013.12.11 09:37:08 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2013.12.11 09:32:06 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\portcls.sys
[2013.12.11 09:32:06 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wshom.ocx
[2013.12.11 09:32:06 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshom.ocx
[2013.12.11 09:32:06 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\drmk.sys
[2013.12.11 09:32:05 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scrrun.dll
[2013.12.11 09:32:05 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scrrun.dll
[2013.12.11 09:32:05 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cscript.exe
[2013.12.11 09:32:05 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cscript.exe
[2013.12.02 00:02:52 | 000,000,000 | ---D | C] -- C:\Users\Gnuj\AppData\Local\Babylon
[2013.12.02 00:02:27 | 000,000,000 | ---D | C] -- C:\Users\Gnuj\AppData\Roaming\Babylon
[2013.12.02 00:02:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Babylon
[2013.12.02 00:01:55 | 000,000,000 | ---D | C] -- C:\Program Files\Babylon
[2013.12.02 00:01:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Babylon
[2013.12.02 00:00:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2013.11.27 00:09:45 | 000,028,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEUDINIT.EXE
[2013.11.27 00:06:19 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013.11.27 00:06:19 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013.11.27 00:06:16 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsIntl.dll
[2013.11.27 00:06:16 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013.11.27 00:06:16 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013.11.27 00:06:16 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013.11.27 00:06:16 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.11.27 00:06:16 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013.11.27 00:06:16 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.11.27 00:06:16 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013.11.27 00:06:16 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013.11.27 00:06:16 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2013.11.27 00:06:16 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013.11.27 00:06:15 | 001,051,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013.11.27 00:06:15 | 000,610,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.11.27 00:06:15 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013.11.27 00:06:15 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013.11.27 00:06:15 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013.11.27 00:06:15 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013.11.27 00:06:15 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.11.27 00:06:15 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013.11.27 00:06:15 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.11.27 00:06:15 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013.11.27 00:06:15 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013.11.27 00:06:15 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.11.27 00:06:15 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2013.11.27 00:06:15 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.11.27 00:06:15 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013.11.27 00:06:15 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2013.11.27 00:06:15 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013.11.27 00:06:15 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.11.27 00:06:15 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013.11.27 00:06:14 | 000,942,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jsIntl.dll
[2013.11.27 00:06:14 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013.11.27 00:06:14 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013.11.27 00:06:14 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.11.27 00:06:13 | 001,228,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013.11.27 00:06:13 | 000,774,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.11.27 00:06:13 | 000,626,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.11.27 00:06:13 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013.11.27 00:06:13 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.11.27 00:06:13 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013.11.27 00:06:13 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013.11.27 00:06:13 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013.11.27 00:06:13 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.11.27 00:06:13 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013.11.27 00:06:13 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013.11.27 00:06:13 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013.11.27 00:06:13 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013.11.27 00:06:13 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013.11.27 00:06:13 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.11.27 00:06:13 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013.11.27 00:06:13 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013.11.27 00:06:13 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.11.27 00:06:13 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2013.11.27 00:06:13 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013.11.27 00:06:13 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013.11.27 00:06:13 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013.11.27 00:06:13 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013.11.27 00:06:13 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013.11.27 00:06:13 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2013.11.27 00:06:13 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013.11.27 00:06:13 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013.11.27 00:06:13 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013.11.24 18:57:03 | 000,692,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.11.17 18:24:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.11.16 18:00:34 | 001,957,794 | ---- | C] (Farbar) -- C:\Users\Gnuj\Desktop\FRST64.exe
[2013.11.16 09:20:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013.11.14 15:49:50 | 002,347,384 | ---- | C] (ESET) -- C:\Users\Gnuj\Desktop\esetsmartinstaller_enu.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013.12.14 08:37:15 | 000,027,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.12.14 08:37:15 | 000,027,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.12.14 08:30:18 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.12.14 08:29:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.12.14 08:28:59 | 3188,219,904 | -HS- | M] () -- C:\hiberfil.sys
[2013.12.14 00:16:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.12.14 00:02:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.12.13 09:23:42 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.12.13 09:23:42 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.12.13 09:23:42 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.12.13 09:23:42 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.12.13 09:23:42 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.12.12 09:31:31 | 000,529,584 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.12.11 18:19:44 | 000,005,706 | ---- | M] () -- C:\Users\Gnuj\AppData\Local\EmptySettings.xml
[2013.12.11 14:45:58 | 000,007,606 | ---- | M] () -- C:\Users\Gnuj\AppData\Local\Resmon.ResmonCfg
[2013.12.11 10:36:58 | 002,271,064 | ---- | M] () -- C:\Users\Gnuj\Desktop\Zinsberechnungsprogramm_NWB_Kredite.exe
[2013.12.10 21:36:03 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForGnuj.job
[2013.12.10 21:17:22 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.12.10 21:17:22 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.12.10 08:41:20 | 000,002,311 | ---- | M] () -- C:\Users\Public\Desktop\Haufe Steuer Office aufrufen.lnk
[2013.12.09 18:13:39 | 000,001,937 | ---- | M] () -- C:\Users\Gnuj\Desktop\Jahresrundschreiben 2013.lnk
[2013.12.05 09:58:34 | 000,002,177 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.12.02 00:02:04 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Babylon.lnk
[2013.11.29 14:51:07 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForPC01$.job
[2013.11.27 00:06:19 | 000,940,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013.11.27 00:06:19 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013.11.27 00:06:16 | 000,645,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jsIntl.dll
[2013.11.27 00:06:16 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013.11.27 00:06:16 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013.11.27 00:06:16 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013.11.27 00:06:16 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.11.27 00:06:16 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013.11.27 00:06:16 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.11.27 00:06:16 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013.11.27 00:06:16 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013.11.27 00:06:16 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2013.11.27 00:06:16 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.11.27 00:06:16 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013.11.27 00:06:15 | 001,051,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013.11.27 00:06:15 | 000,610,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.11.27 00:06:15 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013.11.27 00:06:15 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013.11.27 00:06:15 | 000,127,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013.11.27 00:06:15 | 000,116,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013.11.27 00:06:15 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.11.27 00:06:15 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013.11.27 00:06:15 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.11.27 00:06:15 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013.11.27 00:06:15 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013.11.27 00:06:15 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.11.27 00:06:15 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2013.11.27 00:06:15 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.11.27 00:06:15 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013.11.27 00:06:15 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2013.11.27 00:06:15 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013.11.27 00:06:15 | 000,016,284 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.11.27 00:06:15 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013.11.27 00:06:14 | 000,942,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jsIntl.dll
[2013.11.27 00:06:14 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013.11.27 00:06:14 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013.11.27 00:06:14 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.11.27 00:06:13 | 001,228,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013.11.27 00:06:13 | 000,774,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.11.27 00:06:13 | 000,626,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.11.27 00:06:13 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013.11.27 00:06:13 | 000,548,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.11.27 00:06:13 | 000,453,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013.11.27 00:06:13 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013.11.27 00:06:13 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013.11.27 00:06:13 | 000,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.11.27 00:06:13 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013.11.27 00:06:13 | 000,147,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013.11.27 00:06:13 | 000,143,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013.11.27 00:06:13 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013.11.27 00:06:13 | 000,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013.11.27 00:06:13 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.11.27 00:06:13 | 000,101,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013.11.27 00:06:13 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013.11.27 00:06:13 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.11.27 00:06:13 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2013.11.27 00:06:13 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013.11.27 00:06:13 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013.11.27 00:06:13 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013.11.27 00:06:13 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013.11.27 00:06:13 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013.11.27 00:06:13 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2013.11.27 00:06:13 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013.11.27 00:06:13 | 000,016,284 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013.11.27 00:06:13 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013.11.27 00:06:13 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013.11.26 11:18:23 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2013.11.26 10:48:07 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.11.26 10:46:25 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2013.11.26 10:27:54 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.11.26 10:21:24 | 000,574,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.11.26 10:18:39 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.11.26 10:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2013.11.26 10:16:57 | 000,708,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2013.11.26 09:57:44 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.11.26 09:35:02 | 005,769,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.11.26 09:32:08 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.11.26 09:28:16 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2013.11.26 09:02:16 | 001,995,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.11.26 08:32:06 | 001,928,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.11.26 07:34:55 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013.11.26 07:34:27 | 000,817,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013.11.25 20:13:53 | 000,002,311 | ---- | M] () -- C:\Users\Public\Desktop\Haufe Personal Office Standard.lnk
[2013.11.23 19:26:20 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013.11.23 18:47:34 | 000,465,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013.11.22 17:35:25 | 061,617,831 | ---- | M] () -- C:\Users\Gnuj\Documents\Ready to sexercise.flv
[2013.11.22 16:55:29 | 092,231,556 | ---- | M] () -- C:\Users\Gnuj\Documents\Katie St Ives and Manuel Ferrara.flv
[2013.11.22 16:02:06 | 055,240,560 | ---- | M] () -- C:\Users\Gnuj\Documents\Nanny bucked by a beast.flv
[2013.11.16 18:00:46 | 001,957,794 | ---- | M] (Farbar) -- C:\Users\Gnuj\Desktop\FRST64.exe
[2013.11.15 10:20:57 | 000,002,111 | ---- | M] () -- C:\Users\Gnuj\Desktop\TK-Suite .lnk
[2013.11.14 15:53:20 | 000,891,184 | ---- | M] () -- C:\Users\Gnuj\Desktop\SecurityCheck.exe
[2013.11.14 15:49:50 | 002,347,384 | ---- | M] (ESET) -- C:\Users\Gnuj\Desktop\esetsmartinstaller_enu.exe
 
========== Files Created - No Company Name ==========
 
[2013.12.11 10:36:39 | 002,271,064 | ---- | C] () -- C:\Users\Gnuj\Desktop\Zinsberechnungsprogramm_NWB_Kredite.exe
[2013.12.10 08:41:20 | 000,002,311 | ---- | C] () -- C:\Users\Public\Desktop\Haufe Steuer Office aufrufen.lnk
[2013.12.05 15:54:23 | 000,001,937 | ---- | C] () -- C:\Users\Gnuj\Desktop\Jahresrundschreiben 2013.lnk
[2013.12.02 00:02:04 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Babylon.lnk
[2013.11.27 00:06:15 | 000,016,284 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.11.27 00:06:13 | 000,016,284 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013.11.25 20:13:52 | 000,002,311 | ---- | C] () -- C:\Users\Public\Desktop\Haufe Personal Office Standard.lnk
[2013.11.22 17:09:02 | 061,617,831 | ---- | C] () -- C:\Users\Gnuj\Documents\Ready to sexercise.flv
[2013.11.22 16:06:05 | 092,231,556 | ---- | C] () -- C:\Users\Gnuj\Documents\Katie St Ives and Manuel Ferrara.flv
[2013.11.22 15:43:19 | 055,240,560 | ---- | C] () -- C:\Users\Gnuj\Documents\Nanny bucked by a beast.flv
[2013.11.14 15:53:13 | 000,891,184 | ---- | C] () -- C:\Users\Gnuj\Desktop\SecurityCheck.exe
[2013.11.12 23:12:58 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.11.12 23:12:58 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.11.12 23:12:58 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.11.12 23:12:58 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.11.12 23:12:58 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.03.28 22:36:43 | 000,233,577 | ---- | C] () -- C:\Windows\SysWow64\vMainHook.dll
[2013.03.28 22:36:43 | 000,196,608 | ---- | C] () -- C:\Windows\SysWow64\SCARCOUW.dll
[2013.03.28 22:36:43 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\plausibili2.dll
[2013.01.02 19:18:53 | 000,004,096 | -H-- | C] () -- C:\Users\Gnuj\AppData\Local\keyfile3.drm
[2012.11.12 15:11:11 | 000,007,606 | ---- | C] () -- C:\Users\Gnuj\AppData\Local\Resmon.ResmonCfg
[2012.11.11 10:03:42 | 000,001,505 | ---- | C] () -- C:\Windows\HBCIKRNL.INI
[2012.11.11 09:55:20 | 000,000,227 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2012.11.01 09:38:03 | 000,900,963 | ---- | C] () -- C:\Windows\SysWow64\sig.bin
[2012.10.18 14:45:37 | 000,016,387 | ---- | C] () -- C:\Windows\German.ini
[2012.10.18 13:26:59 | 000,446,464 | ---- | C] () -- C:\Windows\SysWow64\Tx32.dll
[2012.10.18 13:26:59 | 000,000,151 | ---- | C] () -- C:\Windows\SysWow64\ic32.ini
[2012.08.31 09:57:22 | 000,015,873 | ---- | C] () -- C:\Windows\SysWow64\Inetde.dll
[2012.08.26 16:00:31 | 000,000,256 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2012.08.26 16:00:31 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2012.08.26 16:00:14 | 000,000,416 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012.08.26 16:00:13 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD8860DN.DAT
[2012.08.26 15:59:25 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
[2012.08.26 15:59:25 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2012.08.26 15:59:25 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2012.08.26 15:59:22 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2012.08.26 15:59:15 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2012.06.13 16:37:51 | 000,000,000 | ---- | C] () -- C:\Users\Gnuj\defogger_reenable
[2012.06.12 22:32:35 | 000,000,052 | ---- | C] () -- C:\ProgramData\ckpgxccjdmbsnlv
[2012.05.14 06:27:49 | 000,010,595 | ---- | C] () -- C:\Windows\SysWow64\UpdateAction_30032012.exe.dmp
[2012.03.09 05:31:26 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.03.09 05:31:26 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.03.09 00:26:20 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2012.03.07 18:32:57 | 001,335,296 | ---- | C] () -- C:\Windows\SysWow64\p2pfilter.dll
[2012.03.07 18:32:57 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\DSPlayer.dll
[2012.02.07 09:47:33 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2012.02.07 09:47:33 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\advd.dll
[2012.02.07 09:47:33 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\auth.dll
[2012.01.31 06:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.01.23 18:44:25 | 000,005,706 | ---- | C] () -- C:\Users\Gnuj\AppData\Local\EmptySettings.xml
[2012.01.14 12:36:51 | 000,035,328 | ---- | C] () -- C:\Windows\SysWow64\INETWH32.DLL
[2012.01.14 12:36:51 | 000,009,136 | ---- | C] () -- C:\Windows\SysWow64\INETWH16.DLL
[2012.01.14 11:39:58 | 000,000,196 | ---- | C] () -- C:\Windows\ktel.ini
[2012.01.03 14:47:17 | 000,001,471 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2012.01.03 14:42:58 | 000,000,046 | ---- | C] () -- C:\Windows\BRUNVPC.INI
[2012.01.03 12:42:36 | 000,000,526 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.01.03 12:21:37 | 000,000,021 | ---- | C] () -- C:\Windows\DvInesKurusOleServer003.INI
[2012.01.03 12:19:42 | 000,000,096 | ---- | C] () -- C:\Windows\dvinesinstalllocation001.INI
[2012.01.03 12:12:14 | 000,000,097 | ---- | C] () -- C:\Windows\Startup.INI
[2012.01.03 11:48:38 | 000,004,876 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012.01.03 08:28:19 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.07.26 03:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.07.26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 255 bytes -> C:\ProgramData\TEMP:0574215C
@Alternate Data Stream - 247 bytes -> C:\ProgramData\TEMP:D95ACC7D

< End of report >
--- --- ---

Gruß Löwe

schrauber 14.12.2013 16:20
Warum werden meine Fragen immer ignoriert.....

Löwe1 14.12.2013 18:21
Hi,
welche Fragen sind noch offen?
Ob es noch Probleme gibt, kann ich als Laie nicht beurteilen. Soll ich einen Virenscan mit meinem Virenprogramm laufen lassen oder wie ist der letzte Hinweis „Noch Probleme“ gemeint? Ich kann das OTL-Ergebnis nicht interpretieren.
Gruß Löwe


Alle Zeitangaben in WEZ +1. Es ist jetzt 08:53 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131