Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: TÜV-Meldung bei Onlinebanking Smart App 1.2 Download

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 26.06.2013, 09:10   #1
ratterl1b
 
TÜV-Meldung bei Onlinebanking Smart App 1.2 Download - Standard

TÜV-Meldung bei Onlinebanking Smart App 1.2 Download



Sehr geehrte Experten,
Ich habe folgenden Schädling auf meinem Rechner. Bitte das Googeln:

Meine Bank - Volksbank Rottweil: Hinweis Online Banking TÜV Meldung - Smart 1.2 App Download

Nach dem Einloggen bei meiner Bank kommt dann diese Meldung.

Da wird eine Handynummer verlangt etc...
Ich habe den Firefox genutzt. Als es das erste mal auftrat habe ich gleich den Internet Explorer hergenommen und da trat es dann aber beim 2. Loginversuch auch auf.
Daraufhin habe ich Antivir über den gesamten Rechner laufen lassen. Es wurde nichts gefunden. Dann habe ich den Trojan Remover drüberlaufen lassen. Nichts gefunden.
Ich habe dann den Firefox komplett gelöscht. Erst über Programme deinstalliert und das gesamte Profil gelöscht. Dann CCleaner laufen lassen und Reste entfernt und Registry gereinigt.
Mein Bankkonto habe ich gesperrt. Bin mir jetzt aber nicht sicher ob mein Rechner clean ist.

Das ding will bestimmt meine Bankpins und Zugangsnummern ausspäen und dann beim nächten Mal meine eingegebenen Tans abgreifen....

Für eine Einschätzung der Lage bzw. was ich am Besten machen soll wäre ich euch unendlich dankbar.

Gruß Euer ratterl

PS.: das mit den Links kriege ich nicht hin, leider zu blöd...

Geändert von ratterl1b (26.06.2013 um 09:35 Uhr)

Alt 26.06.2013, 09:33   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TÜV-Meldung bei Onlinebanking Smart App 1.2 Download - Standard

TÜV-Meldung bei Onlinebanking Smart App 1.2 Download



Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!


Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 26.06.2013, 09:39   #3
ratterl1b
 
TÜV-Meldung bei Onlinebanking Smart App 1.2 Download - Standard

TÜV-Meldung bei Onlinebanking Smart App 1.2 Download



Nein, ich habe keine logs oder sowas, da antivir und auch dieses trojan remover nichts gefunden haben....
Wie mache ich denn ein logfile?

Das hier in den Browser kopieren:
hxxp://www.ib-holzbaustatik.de/download/tuev_smart_app_1.2.JPG
Das ist ein Sreenshot der Tüv-Meldung wie es bei mir am Rechner auftrat....

Danke.
__________________
Miniaturansicht angehängter Grafiken
-tuev_smart_app_1.2.jpg  

Geändert von ratterl1b (26.06.2013 um 09:45 Uhr)

Alt 26.06.2013, 09:46   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TÜV-Meldung bei Onlinebanking Smart App 1.2 Download - Standard

TÜV-Meldung bei Onlinebanking Smart App 1.2 Download



Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Erstmal eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in CODE-Tags in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 26.06.2013, 10:06   #5
ratterl1b
 
TÜV-Meldung bei Onlinebanking Smart App 1.2 Download - Standard

TÜV-Meldung bei Onlinebanking Smart App 1.2 Download



Hallo Cosinus,
Hier das OTL logfile

Code:
ATTFilter
OTL logfile created on: 26.06.2013 10:53:51 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\VADER\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 5,79 Gb Available Physical Memory | 72,48% Memory free
15,96 Gb Paging File | 13,23 Gb Available in Paging File | 82,88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 50,74 Gb Free Space | 10,90% Space Free | Partition Type: NTFS
Drive G: | 14,83 Gb Total Space | 14,83 Gb Free Space | 99,99% Space Free | Partition Type: FAT32
Drive H: | 1,92 Gb Total Space | 1,49 Gb Free Space | 77,60% Space Free | Partition Type: FAT32
 
Computer Name: VADER-PC | User Name: VADER | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\VADER\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Users\VADER\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Bamboo Dock\Bamboo Dock\Bamboo Dock.exe ()
PRC - C:\Program Files (x86)\Würth Bemessung\Würth Update\WuerthUpdateService.exe ()
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
PRC - C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Oracle Corporation)
PRC - C:\Program Files (x86)\FileZilla FTP Client\filezilla.exe (FileZilla Project)
PRC - C:\Program Files (x86)\Bamboo Dock\BambooCore.exe ()
PRC - C:\Program Files (x86)\Common Files\Lexware\LxWebAccess\LxWebAccess.exe (Haufe-Lexware GmbH & Co. KG)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\MySQL\MySQL Server 5.5\bin\mysqld.exe ()
PRC - C:\Program Files (x86)\HSETU\ApplicationService\ApplicationService.exe (ETU Software GmbH)
PRC - C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\nsService.exe (NovaStor Corporation)
PRC - C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\nsCtrl.exe (NovaStor Corporation)
PRC - C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe (BUFFALO INC.)
PRC - C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe (BUFFALO INC.)
PRC - C:\Program Files (x86)\Ditto\Ditto.exe ()
PRC - C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
PRC - C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe (Firebird Project)
PRC - C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe (Firebird Project)
PRC - C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
PRC - C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe (Brother Industries, Ltd.)
PRC - C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe (Brother Industries, Ltd.)
PRC - C:\Windows\SysWOW64\schtasks.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\BUFFALO\NASNAVI\nassche.exe (BUFFALO INC.)
PRC - C:\Program Files (x86)\SchnapperPro\TimeSync.exe (Schnapper-Software  Robert Beer)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\153143f74d840484b510d8cf5187796b\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\233661f3a2b632e9553915c8639637d0\System.Configuration.ni.dll ()
MOD - C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll ()
MOD - C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll ()
MOD - C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll ()
MOD - C:\Program Files (x86)\Bamboo Dock\Bamboo Dock\Bamboo Dock.exe ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\14850aef08b8af036fd6f1e5b38a3719\CustomMarshalers.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Program Files (x86)\Bamboo Dock\BambooWinTab.dll ()
MOD - C:\Program Files (x86)\Bamboo Dock\BambooCore.exe ()
MOD - C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\nsEngineRes407.dll ()
MOD - C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\nsAppRes407.dll ()
MOD - C:\Program Files (x86)\Ditto\Ditto.exe ()
MOD - C:\Program Files (x86)\Ditto\focus.dll ()
MOD - C:\Program Files (x86)\FileZilla FTP Client\mingwm10.dll ()
MOD - C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (WuerthUpdateSvc) -- C:\Program Files (x86)\Würth Bemessung\Würth Update\WuerthUpdateService.exe ()
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (WTabletServiceCon) -- C:\Programme\Tablet\Pen\WTabletServiceCon.exe (Wacom Technology, Corp.)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (MySQL-sebelus) -- C:\Program Files (x86)\MySQL\MySQL Server 5.5\bin\mysqld.exe ()
SRV - (HSETUApplicationService) -- C:\Program Files (x86)\HSETU\ApplicationService\ApplicationService.exe (ETU Software GmbH)
SRV - (nsService) -- C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\nsService.exe (NovaStor Corporation)
SRV - (Backup Client Agent Service) -- C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\ManagementServer.Agent.Service.exe (NovaStor Corporation)
SRV - (Disaster Recovery Imaging) -- C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\DR\x64\drdiag.exe (NovaStor Corporation)
SRV - (NasPmService) -- C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe (BUFFALO INC.)
SRV - (Hilti PROFIS AutoUpdate Service) -- C:\Program Files (x86)\Hilti\PROFIS AutoUpdate\Hilti.AutoUpdate.Service.exe (Agito d.o.o.)
SRV - (FirebirdGuardianDefaultInstance) -- C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe (Firebird Project)
SRV - (FirebirdServerDefaultInstance) -- C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe (Firebird Project)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (BrYNSvc) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (SchnapperPro-TimeSync) -- C:\Program Files (x86)\SchnapperPro\TimeSync.exe (Schnapper-Software  Robert Beer)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV:64bit: - (LEqdUsb) -- C:\Windows\SysNative\drivers\LEqdUsb.sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidEqd) -- C:\Windows\SysNative\drivers\LHidEqd.sys (Logitech, Inc.)
DRV:64bit: - (WacHidRouter) -- C:\Windows\SysNative\drivers\wachidrouter.sys (Wacom Technology)
DRV:64bit: - (hidkmdf) -- C:\Windows\SysNative\drivers\hidkmdf.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (wacomrouterfilter) -- C:\Windows\SysNative\drivers\wacomrouterfilter.sys (Wacom Technology)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (TVICHW64) -- C:\Windows\SysNative\drivers\TVicHW64.sys (EnTech Taiwan)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (btusbflt) -- C:\Windows\SysNative\drivers\btusbflt.sys (Broadcom Corporation.)
DRV:64bit: - (rimspci) -- C:\Windows\SysNative\drivers\rimssne64.sys (REDC)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (NETw5s64) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (npf) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies)
DRV:64bit: - (Ltn_stk7070P_64) -- C:\Windows\SysNative\drivers\Ltn_stk7070P_64.sys (LITEON)
DRV:64bit: - (SFEP) -- C:\Windows\SysNative\drivers\SFEP.sys (Sony Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=8a296532-8c0e-48bc-855d-7cc2ab22012d&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-758013136-631996294-1185971460-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=8a296532-8c0e-48bc-855d-7cc2ab22012d&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\S-1-5-21-758013136-631996294-1185971460-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=8a296532-8c0e-48bc-855d-7cc2ab22012d&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\S-1-5-21-758013136-631996294-1185971460-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-758013136-631996294-1185971460-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-758013136-631996294-1185971460-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-758013136-631996294-1185971460-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F3 0F 16 D4 55 5F CD 01  [binary data]
IE - HKU\S-1-5-21-758013136-631996294-1185971460-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=8a296532-8c0e-48bc-855d-7cc2ab22012d&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\S-1-5-21-758013136-631996294-1185971460-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=8a296532-8c0e-48bc-855d-7cc2ab22012d&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\S-1-5-21-758013136-631996294-1185971460-1001\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-758013136-631996294-1185971460-1001\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=8a296532-8c0e-48bc-855d-7cc2ab22012d&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\S-1-5-21-758013136-631996294-1185971460-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-758013136-631996294-1185971460-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.delta-search.com/?q={searchTerms}&affID=119370&babsrc=SP_ss&mntrId=b4ec4cb50000000000000023141ac61c
IE - HKU\S-1-5-21-758013136-631996294-1185971460-1001\..\SearchScopes\{6BC021FA-A33E-4F77-B0B1-99D7E5D4F188}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=59BFDA7A-ED10-455A-8026-6C9C4677DEC2&apn_sauid=93F8A1DC-5995-4204-ADA9-7E8E81BDE408
IE - HKU\S-1-5-21-758013136-631996294-1185971460-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-758013136-631996294-1185971460-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.2: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.2: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.05.15 18:48:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.05.15 18:48:09 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2012.10.23 16:02:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\VADER\AppData\Roaming\mozilla\Extensions
[2012.08.16 13:14:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\VADER\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2012.10.23 16:02:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\VADER\AppData\Roaming\mozilla\Extensions\ideskbrowser@haufe.de
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe ()
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [PROFIS AutoUpdate] C:\Program Files (x86)\Hilti\PROFIS AutoUpdate\Hilti.AutoUpdate.Tray.exe -hidden File not found
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-758013136-631996294-1185971460-1001..\Run: [Ditto] C:\Program Files (x86)\Ditto\Ditto.exe ()
O4 - HKU\S-1-5-21-758013136-631996294-1185971460-1001..\Run: [monw] C:\Users\VADER\AppData\Roaming\monw.exe ()
O4 - HKU\S-1-5-21-758013136-631996294-1185971460-1001..\Run: [Spotify] C:\Users\VADER\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-758013136-631996294-1185971460-1001..\Run: [Spotify Web Helper] C:\Users\VADER\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\VADER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BUFFALO NAS Navigator2.lnk = C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe (BUFFALO INC.)
O4 - Startup: C:\Users\VADER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NAS Scheduler.lnk = C:\Program Files (x86)\BUFFALO\NASNAVI\nassche.exe (BUFFALO INC.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: An SchnapperPro senden - hxxp://www.sniper-tool.de/SchnapperPro/IE-MenuExt.html File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Open with WordPerfect - c:\Program Files (x86)\Corel\WordPerfect Office X6\Programs\WPLauncher.hta File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: An SchnapperPro senden - hxxp://www.sniper-tool.de/SchnapperPro/IE-MenuExt.html File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Open with WordPerfect - c:\Program Files (x86)\Corel\WordPerfect Office X6\Programs\WPLauncher.hta File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9:64bit: - Extra Button: SchnapperPro - {D6243B39-211B-440E-B4C5-26D2A579CAC8} - Reg Error: Key error. File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: SchnapperPro - {D6243B39-211B-440E-B4C5-26D2A579CAC8} - Reg Error: Key error. File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-758013136-631996294-1185971460-1001\..Trusted Domains: cleverreach.com ([novastor] http in Trusted sites)
O15 - HKU\S-1-5-21-758013136-631996294-1185971460-1001\..Trusted Domains: google-analytics.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-758013136-631996294-1185971460-1001\..Trusted Domains: novastor.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-758013136-631996294-1185971460-1001\..Trusted Domains: novastor.com ([]https in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {12545791-AC9A-44B2-8964-0DA216C4A4E5} hxxp://wuerth.partcommunity.com/PARTcommunity/static/all/cnsViewer3D/cnsweb3d.cab (PARTsolutions 3D Web Viewer)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09)
O16 - DPF: {CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab (Java Plug-in 1.7.0_10)
O16 - DPF: {CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab (Java Plug-in 1.7.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 10.21.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ED03E0BA-BC84-41AA-9639-70C5F50BD524}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\haufereader - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\haufereader - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013.02.01 16:21:00 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O33 - MountPoints2\{28b48c40-0644-11e2-bef5-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{28b48c40-0644-11e2-bef5-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.26 10:50:55 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\VADER\Desktop\OTL.exe
[2013.06.25 11:07:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Solid Edge 2D Drafting ST5
[2013.06.25 11:06:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Solid Edge 2D Drafting ST5
[2013.06.20 17:17:42 | 000,083,672 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avnetflt.sys
[2013.06.20 11:17:27 | 000,000,000 | ---D | C] -- C:\Users\VADER\AppData\Roaming\Avira
[2013.06.20 11:12:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.06.20 11:11:58 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.06.20 11:11:58 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.06.20 11:11:58 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.06.20 11:11:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013.06.20 11:11:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2013.06.20 10:36:33 | 000,000,000 | ---D | C] -- C:\Users\VADER\Documents\Simply Super Software
[2013.06.20 10:36:33 | 000,000,000 | ---D | C] -- C:\Users\VADER\AppData\Roaming\Simply Super Software
[2013.06.20 10:36:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
[2013.06.20 10:36:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojan Remover
[2013.06.20 10:36:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2013.06.19 14:02:12 | 000,000,000 | ---D | C] -- C:\Users\VADER\AppData\Local\Spotify
[2013.06.19 14:01:03 | 000,000,000 | ---D | C] -- C:\Users\VADER\AppData\Roaming\Spotify
[2013.06.18 03:00:43 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.06.18 03:00:43 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.06.17 08:48:06 | 000,163,328 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerUpdateService.exe
[2013.06.17 08:44:44 | 000,000,000 | ---D | C] -- C:\Users\VADER\AppData\Roaming\File Scout
[2013.06.13 10:51:15 | 000,000,000 | ---D | C] -- C:\Users\VADER\AppData\Roaming\cadwork informatik
[2013.06.13 10:50:44 | 000,000,000 | ---D | C] -- C:\Program Files\PDF-XChange
[2013.06.13 10:49:20 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\cadwork
[2013.06.13 10:49:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cadwork
[2013.06.13 10:49:19 | 000,000,000 | ---D | C] -- C:\Users\VADER\AppData\Roaming\cadwork
[2013.06.13 10:49:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\cadwork.dir
[2013.06.13 03:01:58 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.06.13 03:01:58 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.06.13 03:01:58 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.06.13 03:01:58 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.06.13 03:01:58 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.06.13 03:01:58 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.06.13 03:01:58 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.06.13 03:01:58 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.06.13 03:01:58 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.06.13 03:01:57 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.06.13 03:01:56 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.06.13 03:01:56 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.06.13 03:01:56 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.06.12 11:17:07 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013.06.12 11:17:07 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013.06.12 11:16:59 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll
[2013.06.12 11:16:59 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll
[2013.06.12 11:16:56 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013.06.12 11:16:52 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013.06.12 11:16:52 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe
[2013.06.12 11:16:52 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe
[2013.06.12 11:16:52 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2013.06.12 11:16:52 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll
[2013.06.12 11:16:52 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll
[2013.06.12 11:16:49 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013.06.12 11:16:49 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013.06.10 13:34:44 | 000,000,000 | ---D | C] -- C:\Users\VADER\AppData\Roaming\GKsrv
[2013.06.10 13:34:44 | 000,000,000 | ---D | C] -- C:\ProgramData\GKsrv
[2013.06.10 13:34:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\GKsrv
[2013.06.10 13:34:44 | 000,000,000 | ---D | C] -- C:\Users\VADER\AppData\Roaming\GAEB-Viewer 8
[2013.06.10 13:33:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\GAEB-Viewer 8
[2013.06.10 13:32:57 | 000,000,000 | ---D | C] -- C:\ProgramData\GAEB-Viewer 8
[2013.06.10 13:30:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\T&T Datentechnik
[2013.06.10 13:30:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MSSoap
[2013.06.10 13:30:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GAEB-Viewer 8
[2013.06.10 13:17:38 | 000,000,000 | ---D | C] -- C:\Users\VADER\AppData\Roaming\IsolatedStorage
[2013.06.10 13:17:38 | 000,000,000 | ---D | C] -- C:\ProgramData\IsolatedStorage
[2013.06.10 11:07:10 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013.06.06 03:04:03 | 001,054,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013.06.06 03:04:03 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013.06.06 03:04:03 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013.06.06 03:04:02 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013.06.06 03:04:02 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013.06.06 03:04:02 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013.06.06 03:04:02 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013.06.06 03:04:02 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.06.06 03:04:02 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013.06.06 03:04:02 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013.06.06 03:04:02 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013.06.06 03:04:02 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013.06.06 03:04:02 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.06.06 03:04:02 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013.06.06 03:04:02 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013.06.06 03:04:02 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013.06.06 03:04:02 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013.06.06 03:04:01 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013.06.06 03:04:01 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013.06.06 03:04:01 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013.06.06 03:04:01 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.06.06 03:04:01 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013.06.06 03:04:00 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.06.06 03:04:00 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.06.06 03:04:00 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013.06.06 03:04:00 | 000,905,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013.06.06 03:04:00 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013.06.06 03:04:00 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.06.06 03:04:00 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013.06.06 03:04:00 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013.06.06 03:04:00 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013.06.06 03:04:00 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.06.06 03:04:00 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013.06.06 03:04:00 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013.06.06 03:04:00 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.06.06 03:04:00 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013.06.06 03:04:00 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013.06.06 03:04:00 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013.06.06 03:04:00 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.06.06 03:04:00 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013.06.06 03:04:00 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013.06.06 03:04:00 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013.06.06 03:04:00 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013.06.06 03:03:59 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013.06.06 03:03:59 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013.06.06 03:03:59 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013.06.06 03:03:59 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013.06.06 03:03:59 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013.06.06 03:03:59 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013.06.06 03:03:59 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013.06.06 03:03:59 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013.06.06 03:03:59 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013.06.06 03:03:58 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013.06.05 22:30:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\cadenas
[2013.06.03 11:00:33 | 000,000,000 | ---D | C] -- C:\finnforest
[2013.06.01 16:32:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013.06.01 16:32:06 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.26 10:50:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\VADER\Desktop\OTL.exe
[2013.06.26 10:42:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.06.26 10:16:04 | 000,056,620 | ---- | M] () -- C:\Users\VADER\Desktop\tuev smart app 1.2.JPG
[2013.06.26 08:49:07 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.26 08:49:07 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.26 08:37:08 | 000,575,704 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.06.26 08:34:46 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.06.26 08:33:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.26 08:32:50 | 2133,381,119 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.25 09:29:07 | 000,601,062 | ---- | M] () -- C:\Users\VADER\Desktop\bookmarks.html
[2013.06.24 11:18:04 | 000,083,672 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avnetflt.sys
[2013.06.24 10:31:37 | 000,403,998 | ---- | M] () -- C:\Users\VADER\Desktop\comdscreen.jpg
[2013.06.23 16:44:59 | 000,003,264 | -H-- | M] () -- C:\ProgramData\nsActivation.act
[2013.06.21 10:59:02 | 001,487,160 | ---- | M] () -- C:\Users\VADER\Desktop\Kernchemie.pdf
[2013.06.21 10:56:42 | 002,011,405 | ---- | M] () -- C:\Users\VADER\Desktop\Komplexchemie.pdf
[2013.06.20 11:12:08 | 000,002,066 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.06.20 11:09:36 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.06.20 11:09:36 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.06.20 11:09:36 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.06.20 10:36:28 | 000,001,139 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2013.06.19 14:01:55 | 000,001,805 | ---- | M] () -- C:\Users\VADER\Desktop\Spotify.lnk
[2013.06.19 03:05:53 | 001,590,378 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.06.19 03:05:53 | 000,696,870 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.06.19 03:05:53 | 000,652,148 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.06.19 03:05:53 | 000,148,134 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.06.19 03:05:53 | 000,121,080 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.06.19 03:05:45 | 001,590,378 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.06.10 17:12:31 | 000,002,084 | ---- | M] () -- C:\Users\VADER\AppData\Local\recently-used.xbel
[2013.06.10 13:32:57 | 000,011,275 | ---- | M] () -- C:\Windows\SysWow64\vghttsd.dll
[2013.06.10 13:30:20 | 000,002,005 | ---- | M] () -- C:\Users\Public\Desktop\GAEB-Viewer 8.lnk
[2013.06.08 16:06:58 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.06.08 13:40:02 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.06.06 08:59:25 | 000,009,438 | ---- | M] () -- C:\Users\VADER\Desktop\Label-ABA-Holz.bmp
[2013.06.06 03:04:03 | 001,054,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013.06.06 03:04:03 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013.06.06 03:04:03 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013.06.06 03:04:02 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013.06.06 03:04:02 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013.06.06 03:04:02 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013.06.06 03:04:02 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013.06.06 03:04:02 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.06.06 03:04:02 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013.06.06 03:04:02 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013.06.06 03:04:02 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013.06.06 03:04:02 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013.06.06 03:04:02 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.06.06 03:04:02 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013.06.06 03:04:02 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013.06.06 03:04:02 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013.06.06 03:04:02 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013.06.06 03:04:01 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013.06.06 03:04:01 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013.06.06 03:04:01 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013.06.06 03:04:01 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.06.06 03:04:01 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013.06.06 03:04:00 | 001,509,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.06.06 03:04:00 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.06.06 03:04:00 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013.06.06 03:04:00 | 000,905,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013.06.06 03:04:00 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013.06.06 03:04:00 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.06.06 03:04:00 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013.06.06 03:04:00 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013.06.06 03:04:00 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013.06.06 03:04:00 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.06.06 03:04:00 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013.06.06 03:04:00 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013.06.06 03:04:00 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.06.06 03:04:00 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013.06.06 03:04:00 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013.06.06 03:04:00 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013.06.06 03:04:00 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.06.06 03:04:00 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013.06.06 03:04:00 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013.06.06 03:04:00 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013.06.06 03:04:00 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.06.06 03:04:00 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013.06.06 03:04:00 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013.06.06 03:03:59 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013.06.06 03:03:59 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013.06.06 03:03:59 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013.06.06 03:03:59 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013.06.06 03:03:59 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013.06.06 03:03:59 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013.06.06 03:03:59 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013.06.06 03:03:59 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013.06.06 03:03:59 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013.06.06 03:03:58 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013.06.05 22:35:35 | 000,007,892 | ---- | M] () -- C:\Users\VADER\Desktop\seacad.ini
[2013.06.03 11:00:33 | 000,000,595 | ---- | M] () -- C:\Users\Public\Desktop\Finnwood 2.3 DE.lnk
[2013.06.02 13:09:54 | 000,002,050 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2013.05.31 15:14:34 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.05.31 15:14:34 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.05.29 16:09:25 | 000,006,507 | ---- | M] () -- C:\Users\VADER\Desktop\Holzbaustatik ABA-Holz BV Gerg - Verknüpfung.lnk
[2013.05.28 15:05:16 | 000,163,328 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerUpdateService.exe
 
========== Files Created - No Company Name ==========
 
[2013.06.26 10:16:04 | 000,056,620 | ---- | C] () -- C:\Users\VADER\Desktop\tuev smart app 1.2.JPG
[2013.06.25 09:29:07 | 000,601,062 | ---- | C] () -- C:\Users\VADER\Desktop\bookmarks.html
[2013.06.24 10:31:37 | 000,403,998 | ---- | C] () -- C:\Users\VADER\Desktop\comdscreen.jpg
[2013.06.21 10:59:02 | 001,487,160 | ---- | C] () -- C:\Users\VADER\Desktop\Kernchemie.pdf
[2013.06.21 10:56:42 | 002,011,405 | ---- | C] () -- C:\Users\VADER\Desktop\Komplexchemie.pdf
[2013.06.20 11:12:08 | 000,002,066 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.06.20 10:36:28 | 000,001,139 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2013.06.19 14:01:55 | 000,001,805 | ---- | C] () -- C:\Users\VADER\Desktop\Spotify.lnk
[2013.06.19 14:01:55 | 000,001,791 | ---- | C] () -- C:\Users\VADER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
[2013.06.10 17:12:31 | 000,002,084 | ---- | C] () -- C:\Users\VADER\AppData\Local\recently-used.xbel
[2013.06.10 13:32:57 | 000,011,275 | ---- | C] () -- C:\Windows\SysWow64\vghttsd.dll
[2013.06.10 13:30:20 | 000,002,005 | ---- | C] () -- C:\Users\Public\Desktop\GAEB-Viewer 8.lnk
[2013.06.06 08:57:36 | 000,009,438 | ---- | C] () -- C:\Users\VADER\Desktop\Label-ABA-Holz.bmp
[2013.06.06 03:04:00 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.06.06 03:04:00 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013.06.05 17:29:59 | 000,007,892 | ---- | C] () -- C:\Users\VADER\Desktop\seacad.ini
[2013.06.03 11:00:33 | 000,000,595 | ---- | C] () -- C:\Users\Public\Desktop\Finnwood 2.3 DE.lnk
[2013.06.02 13:09:54 | 000,002,050 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2013.05.29 16:09:25 | 000,006,507 | ---- | C] () -- C:\Users\VADER\Desktop\Holzbaustatik ABA-Holz BV Gerg - Verknüpfung.lnk
[2013.04.02 08:59:42 | 000,001,440 | ---- | C] () -- C:\Users\VADER\AppData\Local\FriloWebInfo.html
[2013.03.26 06:32:48 | 000,000,361 | ---- | C] () -- C:\Users\VADER\AppData\Local\Render.ini
[2013.03.26 06:32:48 | 000,000,217 | ---- | C] () -- C:\Users\VADER\AppData\Local\UserMacros.ini
[2013.03.26 06:32:48 | 000,000,003 | ---- | C] () -- C:\Users\VADER\AppData\Local\PalletPos.sys
[2013.03.25 12:42:02 | 000,000,318 | ---- | C] () -- C:\Users\VADER\AppData\Local\resolutions.ini
[2013.03.25 12:39:12 | 000,000,114 | ---- | C] () -- C:\Users\VADER\AppData\Local\prompt.ini
[2013.03.25 12:34:16 | 000,000,206 | ---- | C] () -- C:\Users\VADER\AppData\Local\FilePaths.ini
[2013.03.25 12:33:18 | 000,001,330 | ---- | C] () -- C:\Users\VADER\AppData\Local\VC3Dialogs.ini
[2013.03.25 12:33:10 | 000,001,162 | ---- | C] () -- C:\Users\VADER\AppData\Local\VC3Prefs.ini
[2013.03.25 12:29:11 | 000,000,070 | ---- | C] () -- C:\Users\VADER\AppData\Local\VC3RegInfo.ini
[2013.01.07 13:09:51 | 000,000,600 | ---- | C] () -- C:\Users\VADER\PUTTY.RND
[2012.12.11 19:21:50 | 000,000,053 | RHS- | C] () -- C:\ProgramData\1.13.0.lic
[2012.12.11 19:21:04 | 000,003,264 | -H-- | C] () -- C:\ProgramData\nsActivation.act
[2012.10.26 15:44:23 | 000,000,600 | ---- | C] () -- C:\Users\VADER\AppData\Local\PUTTY.RND
[2012.10.07 12:23:08 | 000,138,368 | ---- | C] () -- C:\Windows\SysWow64\LxDNTvmc100.dll
[2012.10.07 12:23:08 | 000,074,368 | ---- | C] () -- C:\Windows\SysWow64\LxDNTvm100.dll
[2012.10.07 12:23:06 | 000,318,592 | ---- | C] () -- C:\Windows\SysWow64\LxDNT100.dll
[2012.08.21 15:35:10 | 000,000,244 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2012.08.06 11:30:36 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll
[2012.07.18 18:15:19 | 001,590,378 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.07.17 11:21:10 | 000,027,136 | ---- | C] () -- C:\Windows\SysWow64\GRAF3D32.DLL
[2012.07.12 20:45:30 | 000,000,971 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2012.07.12 20:45:30 | 000,000,160 | ---- | C] () -- C:\Windows\brpcfx.ini
[2012.07.12 20:44:31 | 000,002,944 | ---- | C] () -- C:\Windows\BRPARAM.INI
[2012.07.12 20:39:53 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2012.07.12 20:39:53 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2012.07.12 20:39:41 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2012.07.12 20:39:40 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2012.07.12 20:38:26 | 000,000,055 | ---- | C] () -- C:\Windows\SysWow64\brdmj6910dw.dat
[2011.09.27 11:17:26 | 000,198,144 | ---- | C] () -- C:\Windows\SysWow64\LXPrnUtil10.dll
[2011.08.01 17:21:38 | 000,852,264 | ---- | C] () -- C:\Windows\SysWow64\wodCertificate.dll
[1601.01.01 02:00:00 | 000,241,735 | ---- | C] () -- C:\Users\VADER\AppData\Roaming\monw.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:CB0AACC9

< End of report >
         
Das 2te logfile

Code:
ATTFilter
OTL Extras logfile created on: 26.06.2013 10:53:51 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\VADER\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 5,79 Gb Available Physical Memory | 72,48% Memory free
15,96 Gb Paging File | 13,23 Gb Available in Paging File | 82,88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 50,74 Gb Free Space | 10,90% Space Free | Partition Type: NTFS
Drive G: | 14,83 Gb Total Space | 14,83 Gb Free Space | 99,99% Space Free | Partition Type: FAT32
Drive H: | 1,92 Gb Total Space | 1,49 Gb Free Space | 77,60% Space Free | Partition Type: FAT32
 
Computer Name: VADER-PC | User Name: VADER | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Users\VADER\AppData\Roaming\File Scout\filescout.exe" /open "%1" ()
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Scan with Trojan Remover] -- C:\Program Files (x86)\Trojan Remover\rmvtrjan.exe /d "%1" (Simply Super Software)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Users\VADER\AppData\Roaming\File Scout\filescout.exe" /open "%1" ()
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Scan with Trojan Remover] -- C:\Program Files (x86)\Trojan Remover\rmvtrjan.exe /d "%1" (Simply Super Software)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E2D7FC2-048F-42F3-B59E-316FF5331FEF}" = rport=137 | protocol=17 | dir=out | app=system | 
"{239BD27D-DB97-435D-812F-A3CC30863894}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe | 
"{2EB7A5BA-140D-42F0-BD23-EDB559125C8B}" = lport=445 | protocol=6 | dir=in | app=system | 
"{334F0330-857F-4554-9259-E0C7D7DDE723}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{3E1FD8E1-F69E-42BE-BEA0-59FFD3915A31}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe | 
"{3E737A66-3058-4DBD-B3DA-765C91944D63}" = lport=3335 | protocol=6 | dir=in | name=mysql server | 
"{47C7D71A-1F2A-4033-9999-AACC9835611B}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{50A80E9C-4276-44A6-A30B-752107432FC3}" = lport=3389 | protocol=6 | dir=in | app=system | 
"{535DCF26-06CD-4E06-95DE-396D29887EC9}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{65B486EE-7FEF-4F46-97BA-01B75A2B559A}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner | 
"{6F5A98D0-679F-4DA9-A6B6-749B829EBED1}" = rport=138 | protocol=17 | dir=out | app=system | 
"{735D99D1-016B-493E-B7A0-AC52F0E86427}" = lport=3306 | protocol=6 | dir=in | name=mysql | 
"{77EA5F75-3042-4747-BE35-545856B7DAE4}" = rport=139 | protocol=6 | dir=out | app=system | 
"{7E90CCF0-99D5-453B-9839-B9E312DE6EF1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8774F4CA-E4F2-406E-9B2D-302095F6FBE0}" = lport=138 | protocol=17 | dir=in | app=system | 
"{99F4C907-097B-4C39-9503-DE4AEFED2591}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=datei- und druckerfreigabe (spoolerdienst - rpc-epmap) | 
"{A993D6CC-A749-4C0F-A196-CFC45B481F8B}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{AA519BA0-5037-49B5-A9EE-28210313A4C5}" = rport=445 | protocol=6 | dir=out | app=system | 
"{AE384A2A-FE13-498D-8E93-B66DABA22A7C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe | 
"{B6948951-F622-434D-A25C-4FD199FA87D6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B7A8DF91-B075-47C0-B0C7-B321E5895CAA}" = lport=137 | protocol=17 | dir=in | app=system | 
"{BB75E12B-1C2C-4202-8454-B7F04233F797}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe | 
"{C9F7EBE2-1B68-4B95-8DAF-6741F96D7EA0}" = lport=139 | protocol=6 | dir=in | app=system | 
"{E0953966-D9EE-4187-A977-F86429DF0C87}" = lport=3389 | protocol=6 | dir=in | svc=termservice | app=%systemroot%\system32\svchost.exe | 
"{E21DCD69-666D-4927-8338-49BBCE312C12}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E7BA05C4-A475-4B0D-950A-0DE894E83C49}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=c:\windows\system32\spoolsv.exe | 
"{E8608E95-3703-4EAB-924B-D6E735B52ABA}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{F660B7FF-22FE-493F-9904-ADDD14F2F004}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05C370BB-640D-42AF-80C4-AF5A6BBAD177}" = protocol=6 | dir=in | app=c:\program files (x86)\buffalo\nasnavi\nasnavi.exe | 
"{09D32039-D570-4C3E-A04B-398B45C75BF7}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{24E46BD5-F17D-4C91-A8AF-B2FC2360F1FD}" = protocol=6 | dir=in | app=c:\program files (x86)\ditto\ditto.exe | 
"{2997F83D-5110-4F54-811B-1C5145C1BA7F}" = protocol=1 | dir=out | name=datei- und druckerfreigabe (echoanforderung - icmpv4 ausgehend) | 
"{3CA432FB-B739-4466-A384-16290BF0A605}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{3E31827D-E901-48F6-82F6-A6B7F91171D7}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{41446023-E94C-46A0-95A4-8AEBF35EC8BA}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{449FB6C2-FC26-49D3-93BB-DE73A9D3BEF0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{4A80B3E9-F255-4E4C-B596-7FBD3B4B3404}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{4CB48EAA-8AF9-4855-B2FF-D448D315EB11}" = protocol=17 | dir=in | app=c:\program files (x86)\brother\brmfl10g\faxrx.exe | 
"{548DF1AD-7DA1-43BB-B8E2-1E16703BBA2D}" = protocol=17 | dir=in | app=c:\program files (x86)\ditto\ditto.exe | 
"{5E7AFC3E-11F9-4251-803D-EC72C27D5716}" = protocol=6 | dir=in | app=c:\program files (x86)\buffalo\nasnavi\nasnavi.exe | 
"{6ABBC7BA-8102-4F60-973F-5D7F366D6361}" = protocol=17 | dir=in | app=c:\program files (x86)\buffalo\nasnavi\nasnavi.exe | 
"{6ACDBFA4-96F5-4B88-9573-E8C15BE96CEB}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{6FECDCD3-E023-4654-969B-4C5026C51F7D}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{78D7A35A-B5DE-4B90-8E7D-15035072FB62}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{7E82788F-0442-486C-8893-D8C0AE73C86E}" = protocol=17 | dir=in | app=c:\program files (x86)\buffalo\nasnavi\nasnavi.exe | 
"{8788FCCA-41D2-4E22-B203-B0086C248B12}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{8FEB87BE-E039-494E-B6F7-11CCE3FFA458}" = protocol=6 | dir=in | app=c:\program files (x86)\brother\brmfl10g\faxrx.exe | 
"{9DF22964-4CBC-47B3-8D8F-146A847B08A4}" = protocol=58 | dir=out | name=datei- und druckerfreigabe (echoanforderung - icmpv6 ausgehend) | 
"{9F2E7406-84D4-4956-AC4F-91169C7D604F}" = protocol=1 | dir=in | name=datei- und druckerfreigabe (echoanforderung - icmpv4 eingehend) | 
"{AFBC4077-2193-4291-9D1C-F4FF899E0795}" = protocol=6 | dir=out | app=c:\program files (x86)\cadwork.dir\ci_start.exe | 
"{B2BFA76A-94C4-4E7A-8E73-5B88DEA205D2}" = protocol=6 | dir=in | app=c:\program files (x86)\cadwork.dir\ci_start.exe | 
"{C785AAEF-B13F-4D2C-8F40-4EE6EE9406AA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{C99666B3-0077-40E1-9845-8A7AA5653A74}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\excel.exe | 
"{D5AED745-60B3-490E-8DDB-31620A7596D2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D78E292C-EAFC-462F-87B8-CDAB3D57BD0F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\excel.exe | 
"{E0248BF1-D669-4920-8F7D-1E3FB7568415}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{E96AF386-68B4-46A4-9BC3-31498B0C2FCD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FA9E7F6A-33C3-457D-AF9F-46CBB0DBA094}" = protocol=58 | dir=in | name=datei- und druckerfreigabe (echoanforderung - icmpv6 eingehend) | 
"TCP Query User{12232DF7-18AD-4EF2-813A-65100CA39AB4}C:\program files (x86)\ditto\ditto.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ditto\ditto.exe | 
"TCP Query User{28026F6A-E60B-4F3B-8CF6-C43DA5738746}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"TCP Query User{42384C1C-DC2A-4B18-9B89-A2B2443A9BF0}C:\program files (x86)\frilo\r-2013-1c\fcc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\frilo\r-2013-1c\fcc.exe | 
"TCP Query User{71AC891C-90D0-484C-9985-764E933299BE}C:\users\vader\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\vader\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{A3A05351-8188-4D2D-8FF6-EECF67CD8B07}C:\program files (x86)\microsoft office\office14\excel.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\excel.exe | 
"UDP Query User{17B51200-C581-401C-9811-1FC3DBE6ED31}C:\users\vader\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\vader\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{3CB8E20F-D4A5-4D61-AB8A-C2E4E9C2C390}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{479BAA05-104E-470A-A03D-8AF5F0B50496}C:\program files (x86)\frilo\r-2013-1c\fcc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\frilo\r-2013-1c\fcc.exe | 
"UDP Query User{DFD0ECC5-0A13-4018-A147-1FACD75E3E40}C:\program files (x86)\ditto\ditto.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ditto\ditto.exe | 
"UDP Query User{ED7B9CB2-4053-409C-9088-70C9C655CEA7}C:\program files (x86)\microsoft office\office14\excel.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\excel.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1B45B85C-99E8-4523-8FB3-0248B3DECFC8}" = WordPerfect Office IFilter 64-bit
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86416013FF}" = Java(TM) 6 Update 13 (64-bit)
"{2E415339-7210-4A3B-84EA-E50FE7565F0D}" = gs_x64
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4EE61784-10C6-4B7C-A0B2-5BED17B05741}" = Oracle VM VirtualBox 4.1.18
"{5783F2D7-B028-0409-0100-0060B0CE6BBA}" = DWG TrueView 2013
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{AF5543A8-13D6-4031-A15E-95A7C841A4CC}" = HoBEx 200
"{C91B24F6-1629-11E2-B696-21676188709B}" = PDF Split And Merge Basic
"{CCAFF072-4DDB-4846-963D-15F02A8E9472}" = Intel(R) PROSet/Wireless WiFi-Software
"{EE92BF61-A3C6-451B-9EA5-34A8C0895B67}" = eDocPrintPro v3.17.0
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800)
"930E4792BDAEAFB62A9514EE7578775658A5D07C" = Windows Driver Package - Broadcom Bluetooth  (09/09/2009 6.2.0.9405)
"CCleaner" = CCleaner
"DWG TrueView 2013" = DWG TrueView 2013
"GIMP-2_is1" = GIMP 2.8.2
"GPL Ghostscript 9.06" = GPL Ghostscript
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"NVIDIA Drivers" = NVIDIA Drivers
"Pen Tablet Driver" = Wacom
"ProInst" = Intel PROSet Wireless
"VLC media player" = VLC media player 2.0.2
"Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin 64 bit
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0F32914F-A633-4516-B531-7084C8F19F93}" = Haufe iDesk-Browser
"{164E3750-2271-4DCC-9B86-4A9CFD47A087}" = HS Verbrauchspass
"{17795164-3BC1-4D4F-8ADA-65C895EBFC9A}" = Brother MFL-Pro Suite MFC-J6910DW
"{1A2B3C4D-ABCD-EF01-701D-6789E1701D01}" = HSETU Heizlast 12831/2
"{1D081AB0-B1CC-11E0-80C0-005056B12123}" = Haufe iDesk-Service
"{1DF03ECE-6AF4-414E-B118-C316F151A9A2}" = WordPerfect Office IFilter 32-bit
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{204294E8-371C-4DFB-8162-EF5BB4FEBFE1}" = Lexware Abschreibungsrechner
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{232F51D0-D29F-4226-9285-FC84F4E5C7F8}" = MySQL Workbench 5.2 CE
"{23D79730-EC1A-435E-83F8-AAEBFE5237B0}" = Adobe Flash Player 11 ActiveX
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 39
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{2B2B5D2B-0F01-410B-843B-8F437FD75FBF}" = FreeCAD 0.13
"{3C881F7B-CAE8-4EA0-8EA6-DDC0C88CC393}" = HSETU Energieberater  Professional
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{41C5E1CA-3507-49CE-87D4-9939AE5D3521}" = Stahlbau
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BCDC6E9-6C2B-46E4-BDC8-2AE0BF97DDA8}" = MySQL Server 5.5
"{4DBEF603-5CE5-4629-8B79-FAA95CC46915}" = FriloBase
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{5033E26F-F7A4-4210-BB4D-A05E24E4484E}" = GAEB-Viewer 8
"{5E2B5D3D-9A3D-4DA5-AC1E-C7219AA02E0D}_is1" = Lexoview 20
"{5FCA3E78-219B-457B-8316-2C906EA0A91D}" = Recorder
"{63DAF1E5-2FE9-4CE1-871F-BBE6E5630E12}" = LibreOffice 3.5 Help Pack (German)
"{69713025-2E02-40A5-AFDD-8571C515F038}" = Würth Technical Software
"{6AE4221E-7BB6-4D22-A157-5AA0F206EF30}" = Solid Edge 2D Drafting ST5
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6E0C3C3D-CF8A-4AEC-AD6C-B4486A96BE8E}" = Bamboo Tablets Tutorial
"{70991E0A-1108-437E-BA7D-085702C670C0}" = 
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.4.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8AE7E507-BC49-4DF0-A236-26878691AB53}" = Lexware Info Service
"{8BD081D7-75DE-48BD-B262-52D13C8AC1F4}" = Frilo.System.Next
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90DFD61B-8224-00C6-3D69-A983B60A394E}" = Bamboo Dock
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A64DF516-9CDC-4299-BD34-2B2C80CD453B}" = Lexware online banking
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A8D3AD0D-D36E-4970-BE77-76A840EA2831}_is1" = HeeksCAD 0.20.0
"{A8D93648-9F7F-407D-915C-62044644C3DA}" = MSI to redistribute MS VS2005 CRT libraries
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{AFB25971-2545-4EFF-922C-938915ACE6A8}" = Lexware Elster
"{B1F9C834-0594-4563-B344-4ED9599A5945}" = LibreOffice 3.5
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BC593992-CE35-4C90-B893-31BA56195C5F}" = Hilti PROFIS Anchor
"{BF7BBDFD-256A-4CBC-B9B7-FDD507EAAE91}" = Finnwood
"{C2E58EC0-AE55-42EA-ACE4-1C02A56D8B42}" = NovaBACKUP
"{C999BB90-3FC8-4DC3-B871-CD7D8C51ADA5}" = HSETU U-Therm
"{CADE1721-0AE3-4FE9-B37F-CF98CA42A14F}" = Borland Database Engine
"{D9FE1AFC-8C6D-484F-B3FD-E50780153234}" = Evernote
"{DF344785-0900-471E-B9F5-6F28C89AF638}" = TAXMAN Bibliothek 2012
"{DFB42EEE-ABC7-49E6-9BAA-1E29688E316D}" = Hilti PROFIS AutoUpdate
"{E60036CF-1E46-4DFE-832F-5476574B30FF}" = Quicken DELUXE 2014
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F289D934-2224-473B-B57E-0040D2693F83}" = TAXMAN 2013
"{F6C0D92C-7EBC-4CEE-A0DD-BCE6ADB50E22}" = CADENAS PARTwebViewer
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Any DWG DXF Converter_is1" = Any DWG DXF Converter 2013
"A-PDF Number_is1" = A-PDF Number freeware 1.3
"Audacity_is1" = Audacity 2.0.3
"Avira AntiVir Desktop" = Avira Free Antivirus
"Bamboo Dock" = Bamboo Dock
"Bemessung CLT" = Bemessung CLT 2.1.8
"Bemessung KLH" = Bemessung KLH 1.4.6
"cadwork.dir" = Cadwork
"CASAnova_is1" = CASAnova Version 3.3
"CS_Manager_is1" = CS_Manager
"DAEMON Tools Lite" = DAEMON Tools Lite
"Ditto_is1" = Ditto
"DVD Shrink_is1" = DVD Shrink 3.2
"ElsterFormular 13.2.0.8623k" = ElsterFormular
"FBDBServer_2_5_is1" = Firebird 2.5.1.26351 (Win32)
"FileZilla Client" = FileZilla Client 3.6.0.2
"FINNFOREST_Bemessungssoftware" = Bemessungssoftware zur Balkenverstärkung mit Kerto®-S 1.00
"Foxit Reader_is1" = Foxit Reader
"FreeFileSync" = FreeFileSync 5.5
"freeocr_is1" = FreeOCR v4.2
"Harzer-Statik (Grundpaket)_is1" = Harzer-Statik Version 11/11.1 (Grundpaket)
"ImgBurn" = ImgBurn
"ITW-Bemessungssoftware" = ITW Bemessungssoftware 2.01
"Magic DVD Copier_is1" = Magic DVD Copier V7.1.1
"Mozilla Thunderbird 17.0.6 (x86 de)" = Mozilla Thunderbird 17.0.6 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NovaBACKUP" = NovaBACKUP
"Office14.SingleImage" = Microsoft Office Professional 2010
"Overlook Fing 2.1" =  Overlook Fing
"Revo Uninstaller" = Revo Uninstaller 1.94
"SchnapperPro" = SchnapperPro 2.0.90
"SFS-WT-WR-Bemessungssoftware" = SFS-WT-WR Bemessungssoftware 2.01
"SHX Fonts_is1" = SHX Fonts
"TeamViewer 7" = TeamViewer 7
"Trojan Remover_is1" = Trojan Remover 6.8.7
"UN060501" = BUFFALO NAS Navigator2
"Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin 32 bit
"wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1" = Bamboo Dock
"Winamp" = Winamp
"winpcap-overlook" = winpcap-overlook 4.02
"WinRAR archiver" = WinRAR Archivierer
"winscp3_is1" = WinSCP 4.0.3
"XnView_is1" = XnView 1.99.1
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-758013136-631996294-1185971460-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CLTdesigner" = CLTdesigner
"DSite" = Update for PDF Reader
"Spotify" = Spotify
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 11.02.2013 12:51:20 | Computer Name = VADER-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: nsCtrl.exe, Version: 13.0.10.0, Zeitstempel:
 0x4fc66cc4  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel:
 0x4ec49b8f  Ausnahmecode: 0xc0150010  Fehleroffset: 0x000847db  ID des fehlerhaften Prozesses:
 0xc8c  Startzeit der fehlerhaften Anwendung: 0x01ce082f0562a34b  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\nsCtrl.exe  Pfad des
 fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: 41ee0d51-746b-11e2-91ae-0024beb76f0f
 
Error - 11.02.2013 12:51:23 | Computer Name = VADER-PC | Source = NovaBACKUP | ID = 4003
Description = __ib__Brauss__Sichern [mit Fehlern abgeschlossen], Monday, February
 11, 2013                                             Ausgewählte Objekte: 0          
             Ausgewählte Bytes : 0 KB                       Abgeschlossene Objekte:
 0                       Bytes abgeschlossen.: 0 KB                                   
          Startzeit : 11.02.2013, 17:51:00                       Endzeit : 11.02.2013,
 17:51:15                       Verstrichene Zeit: 00:00:15                           
                  1 Informationsmitteilung(en), 0 Warnung(en), 1 Fehler           
                                  Log file: C:\ProgramData\NovaStor\NovaStor NovaBACKUP\Logs\51192174.txt
                         
 
Error - 12.02.2013 04:48:00 | Computer Name = VADER-PC | Source = Microsoft-Windows-Defrag | ID = 257
Description = 
 
Error - 12.02.2013 12:51:31 | Computer Name = VADER-PC | Source = NovaBACKUP | ID = 4003
Description = __ib__Brauss__Sichern [mit Fehlern abgeschlossen], Tuesday, February
 12, 2013                                             Ausgewählte Objekte: 0          
             Ausgewählte Bytes : 0 KB                       Abgeschlossene Objekte:
 0                       Bytes abgeschlossen.: 0 KB                                   
          Startzeit : 12.02.2013, 17:51:00                       Endzeit : 12.02.2013,
 17:51:31                       Verstrichene Zeit: 00:00:31                           
                  1 Informationsmitteilung(en), 0 Warnung(en), 1 Fehler           
                                  Log file: C:\ProgramData\NovaStor\NovaStor NovaBACKUP\Logs\511a72f4.txt
                         
 
Error - 13.02.2013 03:46:04 | Computer Name = VADER-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.02.2013 03:49:40 | Computer Name = VADER-PC | Source = MsiInstaller | ID = 11609
Description = 
 
Error - 13.02.2013 12:51:14 | Computer Name = VADER-PC | Source = NovaBACKUP | ID = 4003
Description = __ib__Brauss__Sichern [mit Fehlern abgeschlossen], Wednesday, February
 13, 2013                                             Ausgewählte Objekte: 0          
             Ausgewählte Bytes : 0 KB                       Abgeschlossene Objekte:
 0                       Bytes abgeschlossen.: 0 KB                                   
          Startzeit : 13.02.2013, 17:51:00                       Endzeit : 13.02.2013,
 17:51:14                       Verstrichene Zeit: 00:00:14                           
                  1 Informationsmitteilung(en), 0 Warnung(en), 1 Fehler           
                                  Log file: C:\ProgramData\NovaStor\NovaStor NovaBACKUP\Logs\511bc474.txt
                         
 
Error - 14.02.2013 02:36:38 | Computer Name = VADER-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.02.2013 03:54:31 | Computer Name = VADER-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.02.2013 12:51:15 | Computer Name = VADER-PC | Source = NovaBACKUP | ID = 4003
Description = __ib__Brauss__Sichern [mit Fehlern abgeschlossen], Thursday, February
 14, 2013                                             Ausgewählte Objekte: 0          
             Ausgewählte Bytes : 0 KB                       Abgeschlossene Objekte:
 0                       Bytes abgeschlossen.: 0 KB                                   
          Startzeit : 14.02.2013, 17:51:00                       Endzeit : 14.02.2013,
 17:51:15                       Verstrichene Zeit: 00:00:15                           
                  1 Informationsmitteilung(en), 0 Warnung(en), 1 Fehler           
                                  Log file: C:\ProgramData\NovaStor\NovaStor NovaBACKUP\Logs\511d15f4.txt
                         
 
Error - 15.02.2013 05:08:13 | Computer Name = VADER-PC | Source = WinMgmt | ID = 10
Description = 
 
[ Media Center Events ]
Error - 22.04.2013 04:08:22 | Computer Name = VADER-PC | Source = MCUpdate | ID = 0
Description = 10:08:19 - Fehler beim Herstellen der Internetverbindung.  10:08:19 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 30.04.2013 02:18:13 | Computer Name = VADER-PC | Source = MCUpdate | ID = 0
Description = 08:18:13 - Fehler beim Herstellen der Internetverbindung.  08:18:13 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 30.04.2013 02:18:49 | Computer Name = VADER-PC | Source = MCUpdate | ID = 0
Description = 08:18:42 - Fehler beim Herstellen der Internetverbindung.  08:18:42 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 03.05.2013 03:15:04 | Computer Name = VADER-PC | Source = MCUpdate | ID = 0
Description = 09:15:04 - Fehler beim Herstellen der Internetverbindung.  09:15:04 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 03.05.2013 03:15:38 | Computer Name = VADER-PC | Source = MCUpdate | ID = 0
Description = 09:15:34 - Fehler beim Herstellen der Internetverbindung.  09:15:34 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 13.05.2013 02:24:21 | Computer Name = VADER-PC | Source = MCUpdate | ID = 0
Description = 08:24:21 - Fehler beim Herstellen der Internetverbindung.  08:24:21 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 13.05.2013 02:24:32 | Computer Name = VADER-PC | Source = MCUpdate | ID = 0
Description = 08:24:31 - Fehler beim Herstellen der Internetverbindung.  08:24:31 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 13.05.2013 03:24:39 | Computer Name = VADER-PC | Source = MCUpdate | ID = 0
Description = 09:24:39 - Fehler beim Herstellen der Internetverbindung.  09:24:39 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 13.05.2013 03:24:45 | Computer Name = VADER-PC | Source = MCUpdate | ID = 0
Description = 09:24:45 - Fehler beim Herstellen der Internetverbindung.  09:24:45 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 21.05.2013 02:25:37 | Computer Name = VADER-PC | Source = MCUpdate | ID = 0
Description = 08:25:05 - Fehler beim Herstellen der Internetverbindung.  08:25:05 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 24.06.2013 11:51:20 | Computer Name = VADER-PC | Source = VDS Basic Provider | ID = 33554433
Description = 
 
Error - 24.06.2013 11:52:44 | Computer Name = VADER-PC | Source = Service Control Manager | ID = 7022
Description = Der Dienst "NovaStor NovaBACKUP Backup/Copy Engine" wurde nicht richtig
 gestartet.
 
Error - 24.06.2013 11:52:44 | Computer Name = VADER-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Intel(R) PROSet/Wireless Event Log" wurde unerwartet beendet.
 Dies ist bereits 1 Mal passiert.
 
Error - 25.06.2013 02:43:35 | Computer Name = VADER-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Hilti PROFIS AutoUpdate Service erreicht.
 
Error - 25.06.2013 02:43:35 | Computer Name = VADER-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Hilti PROFIS AutoUpdate Service" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1053
 
Error - 25.06.2013 02:45:25 | Computer Name = VADER-PC | Source = VDS Basic Provider | ID = 33554433
Description = 
 
Error - 25.06.2013 02:46:53 | Computer Name = VADER-PC | Source = Service Control Manager | ID = 7022
Description = Der Dienst "NovaStor NovaBACKUP Backup/Copy Engine" wurde nicht richtig
 gestartet.
 
Error - 25.06.2013 04:32:56 | Computer Name = VADER-PC | Source = VDS Basic Provider | ID = 33554433
Description = 
 
Error - 26.06.2013 02:37:24 | Computer Name = VADER-PC | Source = VDS Basic Provider | ID = 33554433
Description = 
 
Error - 26.06.2013 02:38:41 | Computer Name = VADER-PC | Source = Service Control Manager | ID = 7022
Description = Der Dienst "NovaStor NovaBACKUP Backup/Copy Engine" wurde nicht richtig
 gestartet.
 
 
< End of report >
         


Alt 26.06.2013, 10:18   #6
ratterl1b
 
TÜV-Meldung bei Onlinebanking Smart App 1.2 Download - Standard

TÜV-Meldung bei Onlinebanking Smart App 1.2 Download



mann ist das viel text

Alt 02.07.2013, 08:45   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TÜV-Meldung bei Onlinebanking Smart App 1.2 Download - Standard

TÜV-Meldung bei Onlinebanking Smart App 1.2 Download



Rootkitscan mit GMER

Bitte lade dir GMER Rootkit Scanner GMER herunter: (Dateiname zufällig)
  • Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
  • Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Entferne rechts den Haken bei: IAT/EAT und Show All
  • Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
  • Starte den Scan mit "Scan".
  • Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!


Tauchen Probleme auf?
  • Probiere alternativ den abgesicherten Modus.
  • Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.


Anschließend bitte MBAR ausführen:

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu TÜV-Meldung bei Onlinebanking Smart App 1.2 Download
antivir, besten, ccleaner, download, ebanking, einloggen, entfernt, experten, explorer, firefox, folge, hinweis, internet, internet explorer, komplett, link, meldung, nichts, online, online banking, onlinebanking, programme, registry, remover, schädling, smartapp 1.2 download tüv, trojan



Ähnliche Themen: TÜV-Meldung bei Onlinebanking Smart App 1.2 Download


  1. G Data blockierte Download, lud G Data-Update und läßt jetzt kein Java-Download zu
    Plagegeister aller Art und deren Bekämpfung - 18.01.2016 (6)
  2. Ist ein Download von "http://au.v4.download.windowsupdate.com..." sicher? Avast meldet eine Bedrohung
    Plagegeister aller Art und deren Bekämpfung - 12.09.2015 (1)
  3. Download von filepony und in Programm PUP (Free You tupe Download) drin
    Diskussionsforum - 20.03.2014 (7)
  4. Onlinebanking TESTÜBERWEISUNG
    Log-Analyse und Auswertung - 29.05.2013 (11)
  5. Onlinebanking-Trojaner Zeus2 / ZBot obwohl KEIN Onlinebanking genutzt wird
    Plagegeister aller Art und deren Bekämpfung - 21.05.2013 (4)
  6. Wiederholte Meldung "Download ... von tracker.tradedoubler.com" - was tun?
    Plagegeister aller Art und deren Bekämpfung - 27.02.2013 (19)
  7. Sicheres Onlinebanking?
    Diskussionsforum - 05.09.2012 (22)
  8. Trojaner OnlineBanking
    Plagegeister aller Art und deren Bekämpfung - 16.07.2012 (1)
  9. Onlinebanking auf Favoriten
    Plagegeister aller Art und deren Bekämpfung - 12.01.2012 (3)
  10. 100 Tan Onlinebanking anfrage
    Log-Analyse und Auswertung - 23.06.2011 (5)
  11. SMART Meldung "Festplattenfehler" bei Win7?
    Alles rund um Windows - 01.05.2011 (7)
  12. Trojaner Onlinebanking, 20 TAN
    Plagegeister aller Art und deren Bekämpfung - 02.04.2011 (3)
  13. 30 TAN bei Postban-Onlinebanking
    Plagegeister aller Art und deren Bekämpfung - 25.10.2010 (31)
  14. Onlinebanking Problem und Antivir Meldung
    Plagegeister aller Art und deren Bekämpfung - 20.10.2010 (9)
  15. winword.exe Download Meldung beim Versuch, Word zu öffnen
    Plagegeister aller Art und deren Bekämpfung - 10.06.2010 (1)
  16. Fit für Onlinebanking?
    Log-Analyse und Auswertung - 30.05.2010 (4)
  17. HIIFE: Meldung "Veränderung im Startmenü - Dialer?" Wer kennt diese Meldung?
    Plagegeister aller Art und deren Bekämpfung - 03.04.2005 (3)

Zum Thema TÜV-Meldung bei Onlinebanking Smart App 1.2 Download - Sehr geehrte Experten, Ich habe folgenden Schädling auf meinem Rechner. Bitte das Googeln: Meine Bank - Volksbank Rottweil: Hinweis Online Banking TÜV Meldung - Smart 1.2 App Download Nach dem - TÜV-Meldung bei Onlinebanking Smart App 1.2 Download...
Archiv
Du betrachtest: TÜV-Meldung bei Onlinebanking Smart App 1.2 Download auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.