Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Hilfe gegen Trojaner GVU (https://www.trojaner-board.de/137626-hilfe-gegen-trojaner-gvu.html)

Tobi R. 03.07.2013 12:37
Hilfe gegen Trojaner GVU
 
Hallo zusammen,

zuerst einmal Hallo an alle, ich bin neu hier.
Eigentlich wollte ich nach ähnlichen Problemen hier im Forum suchen um nicht erneut einen Thread zu öffnen. Doch dann habe ich gelesen dass jedes Problem individuell gelöst werden muss.

Hier nun mein Problem:
Ich habe einen Trojaner der von der GVU eine Meldung bringt, dass ich Geld überweisen müsse.
Ich habe keinen Zugriff mehr auf meine Daten, ich komme auch nicht mehr in den Task-Manager.
Wie bekomme ich diesen Virus wieder von meinem Laptop? (32Bit soweit ich weiß).

Bin leider überhaupt kein PC-Experte.:balla:

Ich würde mich total über eure Hilfe freuen.:dankeschoen:

Mit den besten Grüßen,
Tobias

cosinus 03.07.2013 12:45
:hallo:

Funktioniert noch der abgesicherte Modus mit Netzwerktreibern? Mit Internetverbindung?



Abgesicherter Modus zur Bereinigung
  • Windows mit F8-Taste beim Start in den abgesicherten Modus bringen.
  • Starte den Rechner in den abgesicherten Modus mit Netzwerktreibern:

    Windows im abgesicherten Modusstarten

Tobi R. 03.07.2013 13:08
hallo cosinus,

danke für deine schnelle Antwort.

Ich habe den abgesicherten Modus (mit und ohne Netzwerktreibern) probiert, aber ich gelangen dann jedesmal zum Eingabefenster meines Passworts. Wenn ich das eingebe kommt wieder die Meldung der "GVU".:heulen:

viele Grüße,
Tobi

cosinus 03.07.2013 13:13
Dann probier mal bitte OTLpe:

Mit einem sauberen 2. Rechner eine OTLPE-CD erstellen und den infizierten Rechner dann von dieser CD booten:

Falls Du kein Brennprogramm installiert hast, lade dir bitte ISOBurner herunter. Das Programm wird Dir erlauben, OTLPE auf eine CD zu brennen und sie bootfähig zu machen. Du brauchst das Tool nur zu installieren, der Rest läuft automatisch => Wie brenne ich eine ISO Datei auf CD/DVD.


Lade OTLpe Download OTLPENet.exe von OldTimer herunter und speichere sie auf Deinem Desktop. Anmerkung: Die Datei ist ca. 120 MB groß und es wird bei langsamer Internet-Verbindung ein wenig dauern, bis Du sie runtergeladen hast.
  • Wenn der Download fertig ist, mache einen Doppelklick auf die Datei und beantworte die Frage "Do you want to burn the CD?" mit Yes.
  • Lege eine leere CD in Deinen Brenner.
  • ImgBurn (oder Dein Brennprogramm) wird das Archiv extrahieren und OTLPE Network auf die CD brennen.
  • Wenn der Brenn-Vorgang abgeschlossen ist, wirst Du eine Dialogbox sehen => "Operation successfully completed".
  • Du kannst nun die Fenster des Brennprogramms schließen.
Nun boote von der OTLPE CD. Hinweis: Wie boote ich von CD


Bebilderte Anleitung: OTLpe-Scan
  • Dein System sollte nach einigen Minuten den REATOGO-X-PE Desktop anzeigen.
  • Mache einen Doppelklick auf das OTLPE Icon.
  • Hinweis: Damit OTLPE auch das richtige installierte Windows scant, musst du den Windows-Ordner des auf der Platte installierten Windows auswählen, einfach nur C: auswählen gibt einen Fehler!
  • Wenn Du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes.
  • Wenn Du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes.
  • Vergewissere Dich, dass die Box "Automatically Load All Remaining Users" gewählt ist und drücke OK.
  • OTLpe sollte nun starten.
  • Drücke Run Scan, um den Scan zu starten.
  • Wenn der Scan fertig ist, werden die Dateien C:\OTL.Txt und C:\Extras.Txt erstellt
  • Kopiere diese Datei auf Deinen USB-Stick, wenn Du keine Internetverbindung auf diesem System hast.
  • Bitte poste den Inhalt von C:\OTL.txt und Extras.txt.

Tobi R. 03.07.2013 13:51
ich drücke ständig die Tasten f8 bzw f11 oder f12 und ich komme nicht in ein Menü fürs Booten.:killpc: Die DVD lege ich ja erst rein, bevor ich auf Boot-device gehe, oder? (vorausgesetzt ich würde soweit kommen)


viele Grüße,
Tobi

cosinus 03.07.2013 14:12
Handbuch lesen? Mehr kann ich dir nicht sagen da du nichtmal Herstellername und Modellbezeichnung das Notebook genannt hast

Tobi R. 03.07.2013 14:14
entschuldige, das hatte ich in meiner Angabe vergessen. Es handelt sich um einen Samsung R522.


wie auch immer bin ich jetzt in dieses Menü von Reatogo-X-PE gekommen.
Wenn ich jetzt im Fenster "Browse for folder" bin finde ich keine Local Disc C, sondern nur Local Disc D oder E. Ist ja auch egal, jedenfalls wenn ich davon was anklicke kommt die Meldung "Target is not windows 2000 or later"

Gibt es denn wirklich keine andere Möglichkeit? Was ist mit HitmanPro?

viele Grüße,
Tobi

cosinus 03.07.2013 14:41
Anleitung lesen :)

Zitat:
Hinweis: Damit OTLPE auch das richtige installierte Windows scant, musst du den Windows-Ordner des auf der Platte installierten Windows auswählen, einfach nur C: auswählen gibt einen Fehler!

Tobi R. 03.07.2013 14:46
entschuldige, diesen Punkt habe ich sogar gleich nach der Forumsanmeldung (da erscheint ein Link für dieses Programm) gelesen aber jetzt vor lauter Panik und Hektik wieder vergessen.
Die erstellte TXT-Datei benötigt ihr/du praktisch zur Info um rauslesen zu können was da nicht stimmt, richtig?

cosinus 03.07.2013 14:51
Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

Tobi R. 03.07.2013 15:03
OTL Logfile:
Code:
OTL logfile created on: 7/3/2013 5:50:48 PM - Run
OTLPE by OldTimer - Version 3.1.48.0    Folder = X:\Programs\OTLPE
Windows 7 Home Premium Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 88.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = D: | %SystemRoot% = D:\windows | %ProgramFiles% = D:\Program Files
Drive C: | 100.00 Mb Total Space | 75.74 Mb Free Space | 75.75% Space Free | Partition Type: NTFS
Drive D: | 141.49 Gb Total Space | 13.59 Gb Free Space | 9.61% Space Free | Partition Type: NTFS
Drive E: | 141.50 Gb Total Space | 136.44 Gb Free Space | 96.42% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto] --  -- (ENI Server)
SRV - [2013/06/12 07:44:03 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- D:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/03 13:44:38 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- D:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/09/03 13:43:55 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- D:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2012/09/03 13:43:42 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- D:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto] -- D:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/03/10 04:34:12 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/06/14 12:57:10 | 000,012,696 | ---- | M] (National Instruments Corporation) [Auto] -- D:\Users\Tobias *****\Desktop\Studium\MAX\nimxs.exe -- (mxssvr)
SRV - [2011/06/14 06:54:08 | 000,676,016 | ---- | M] (National Instruments Corporation) [Auto] -- D:\Users\Tobias *****\Desktop\Studium\Shared\Tagger\tagsrv.exe -- (NITaggerService)
SRV - [2011/06/14 04:11:10 | 000,362,104 | ---- | M] (National Instruments Corporation) [Auto] -- D:\Users\Tobias *****\Desktop\Studium\Shared\Security\nidmsrv.exe -- (NIDomainService)
SRV - [2011/06/14 04:08:24 | 000,056,952 | ---- | M] (National Instruments Corporation) [Auto] -- D:\Windows\System32\lktsrv.exe -- (lkTimeSync)
SRV - [2011/06/14 04:00:10 | 000,046,192 | ---- | M] (National Instruments Corporation) [Auto] -- D:\Windows\System32\lkads.exe -- (lkClassAds)
SRV - [2011/06/10 09:11:20 | 000,121,032 | ---- | M] (National Instruments Corporation) [Auto] -- D:\Users\Tobias *****\Desktop\Studium\Shared\NI Network Discovery\niDiscSvc.exe -- (NINetworkDiscovery)
SRV - [2011/06/01 11:32:14 | 000,194,224 | ---- | M] (National Instruments Corporation) [Auto] -- D:\Users\Tobias *****\Desktop\Studium\Shared\mDNS Responder\nimdnsResponder.exe -- (nimDNSResponder)
SRV - [2011/05/27 08:44:20 | 000,050,328 | ---- | M] (National Instruments Corporation) [Auto] -- D:\Users\Tobias *****\Desktop\Studium\Shared\NI WebServer\SystemWebServer.exe -- (niSvcLoc)
SRV - [2011/05/27 08:43:48 | 000,050,336 | ---- | M] (National Instruments Corporation) [Auto] -- D:\Users\Tobias *****\Desktop\Studium\Shared\NI WebServer\ApplicationWebServer.exe -- (NIApplicationWebServer)
SRV - [2010/10/27 04:43:38 | 000,695,136 | ---- | M] (National Instruments, Inc.) [Auto] -- D:\Windows\System32\lkcitdl.exe -- (LkCitadelServer)
SRV - [2010/08/02 05:00:00 | 001,427,688 | ---- | M] (Macrovision Corporation) [On_Demand] -- D:\Users\Tobias *****\Desktop\Studium\Shared\License Manager\Bin\lmgrd.exe -- (NILM License Manager)
SRV - [2010/06/23 08:14:54 | 000,131,776 | ---- | M] (National Instruments Corporation) [Auto] -- D:\Program Files\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe -- (niLXIDiscovery)
SRV - [2009/11/30 10:01:32 | 000,086,016 | ---- | M] () [Auto] -- D:\Program Files\gateProtect\VPN Client\bin\GPVPNService.exe -- (GPVPNService)
SRV - [2009/09/02 03:55:32 | 000,172,032 | ---- | M] (AMD) [Auto] -- D:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/03/05 05:54:50 | 000,311,296 | ---- | M] () [Auto] -- D:\Windows\System32\Rezip.exe -- (Rezip)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (AgereSoftModem)
DRV - [2012/09/03 13:45:06 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System] -- D:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012/09/03 13:45:06 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- D:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2012/09/03 13:45:05 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System] -- D:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/09/03 13:45:04 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto] -- D:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/02/14 12:27:00 | 000,011,968 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\nipalfwedl.sys -- (nipalfwedl)
DRV - [2011/02/14 12:23:42 | 000,011,968 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\nipalusbedl.sys -- (nipalusbedl)
DRV - [2011/02/14 12:04:00 | 000,573,592 | ---- | M] (National Instruments Corporation) [Kernel | Boot] -- D:\Windows\System32\drivers\nipalk.sys -- (NIPALK)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/06/23 05:04:52 | 000,011,432 | ---- | M] (National Instruments Corporation) [Kernel | Auto] -- D:\Windows\System32\drivers\NiViPxiKl.sys -- (NiViPxiK)
DRV - [2010/06/23 05:03:06 | 000,011,432 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\NiViPciKl.sys -- (NiViPciK)
DRV - [2010/06/11 09:30:04 | 000,011,432 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\nidimkl.sys -- (nidimk)
DRV - [2010/03/24 06:27:44 | 000,015,448 | ---- | M] (National Instruments Corporation) [Kernel | Boot] -- D:\Windows\System32\drivers\nipbcfk.sys -- (nipbcfk)
DRV - [2009/12/08 15:24:26 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Users\Tobias *****\Desktop\Studium\Team Tools\Performance Tools\VSPerfDrv100.sys -- (VSPerfDrv100)
DRV - [2009/09/28 03:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand] -- D:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/09/02 04:31:04 | 005,173,760 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/08/10 14:43:34 | 000,237,696 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\VMC326.sys -- (VMC326)
DRV - [2009/07/16 23:31:38 | 001,176,064 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/06/14 10:32:28 | 000,011,344 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\niorbkl.sys -- (niorbk)
DRV - [2009/05/29 05:00:00 | 000,004,096 | ---- | M] () [Kernel | Auto] -- D:\windows\System32\drivers\cvintdrv.sys -- (cvintdrv)
DRV - [2009/03/29 21:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- D:\Windows\System32\drivers\RsFx0103.sys -- (RsFx0103)
 
 
========== Standard Registry (All) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\LocalService_ON_D\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - D:\Windows\System32\ieframe.dll (Microsoft Corporation)
 
IE - HKU\NetworkService_ON_D\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - D:\Windows\System32\ieframe.dll (Microsoft Corporation)
 
 
IE - HKU\Tobias_*****_ON_D\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKU\Tobias_*****_ON_D\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKU\Tobias_*****_ON_D\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\Tobias_*****_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ecosia.org/?sc=de
IE - HKU\Tobias_*****_ON_D\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKU\Tobias_*****_ON_D\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - D:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\Tobias_*****_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: D:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: D:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: D:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE:  File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: D:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: D:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\Program Files\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: D:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: D:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.26\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/02 10:50:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.26\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/01 09:52:08 | 000,000,000 | ---D | M]
 
[2012/03/05 04:28:25 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files\Mozilla Firefox\extensions
[2010/01/13 15:42:55 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- D:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012/06/02 10:50:38 | 000,000,000 | ---D | M] (Default) -- D:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/03/05 04:28:25 | 000,000,000 | ---D | M] (Java Console) -- D:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/06/02 10:50:37 | 000,025,048 | ---- | M] (Mozilla Foundation) -- D:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2012/06/02 10:50:37 | 000,140,248 | ---- | M] (Mozilla Foundation) -- D:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2012/03/05 04:28:17 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/05/24 14:39:14 | 000,059,936 | ---- | M] (National Instruments) -- D:\Program Files\mozilla firefox\plugins\npIMAQAXControl.dll
[2011/06/09 13:05:10 | 000,025,088 | ---- | M] (National Instruments) -- D:\Program Files\mozilla firefox\plugins\nplv2010win32.dll
[2011/06/22 06:43:54 | 000,026,112 | ---- | M] (National Instruments) -- D:\Program Files\mozilla firefox\plugins\nplv2011win32.dll
[2009/10/22 04:28:40 | 000,028,448 | ---- | M] (National Instruments) -- D:\Program Files\mozilla firefox\plugins\NPLV82Win32.dll
[2008/12/10 09:49:34 | 000,023,040 | ---- | M] (National Instruments) -- D:\Program Files\mozilla firefox\plugins\nplv86win32.dll
[2010/10/19 13:15:20 | 000,025,088 | ---- | M] (National Instruments) -- D:\Program Files\mozilla firefox\plugins\nplv90win32.dll
[2012/06/02 10:50:38 | 000,066,520 | ---- | M] (mozilla.org) -- D:\Program Files\mozilla firefox\plugins\npnul32.dll
[2012/07/27 16:51:30 | 000,184,248 | ---- | M] (Adobe Systems Inc.) -- D:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2011/09/02 15:53:58 | 000,001,392 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/09/02 15:53:58 | 000,002,344 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011/09/02 15:53:58 | 000,002,371 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\google.xml
[2011/09/02 15:53:58 | 000,006,805 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/09/02 15:53:58 | 000,001,178 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/09/02 15:53:58 | 000,001,105 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - D:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - D:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Microsoft-Webtestaufzeichnung 10.0-Hilfsprogramm) - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - D:\Users\Tobias *****\Desktop\Studium\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - D:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\Tobias_*****_ON_D\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\Tobias_*****_ON_D\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - D:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe ARM] D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] D:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] D:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ENISysTray]  File not found
O4 - HKLM..\Run: [IntelliPoint] D:\Program Files\Microsoft Device Center\ipoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IntelliType Pro] D:\Program Files\Microsoft Device Center\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NI Update Service] D:\Users\Tobias *****\Desktop\Studium\Shared\Update Service\NIUpdateService.exe (National Instruments)
O4 - HKLM..\Run: [RtHDVCpl] D:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] D:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\LocalService_ON_D..\Run: [Sidebar] D:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_D..\Run: [Sidebar] D:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\Tobias_*****_ON_D..\Run: [NIRegistrationWizard] D:\Users\Tobias *****\Desktop\Studium\Shared\RegistrationWizard\Bin\RegistrationWizard.exe ()
O4 - HKU\Tobias_*****_ON_D..\Run: [syshost32]  File not found
O4 - HKU\LocalService_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: Error locating startup folders.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - D:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - D:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - D:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - D:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - D:\Windows\System32\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - D:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - D:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - D:\Users\Tobias *****\Desktop\Studium\Shared\mDNS Responder\nimdnsNSP.dll (National Instruments Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - D:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - D:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - D:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - D:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - D:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - D:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - D:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - D:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - D:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - D:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - D:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - D:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - D:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - D:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - D:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - D:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - D:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - D:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - D:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - D:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - D:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - D:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - D:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - D:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - D:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - D:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - D:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - D:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - D:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - D:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - D:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - D:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - D:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - D:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - D:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - D:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - D:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - D:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - D:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - D:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - D:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000042 - D:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000043 - D:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000044 - D:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000045 - D:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000046 - D:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000047 - D:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000048 - D:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - D:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - D:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - D:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - D:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - D:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - D:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - D:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - D:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - D:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - D:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - D:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - D:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - D:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - D:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - D:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - D:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - D:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - D:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - D:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - D:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - D:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - D:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - D:\windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - D:\windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - D:\windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - D:\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - D:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - D:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - D:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKU\Tobias_*****_ON_D Winlogon: Shell - (explorer.exe) - D:\windows\explorer.exe (Microsoft Corporation)
O20 - HKU\Tobias_*****_ON_D Winlogon: Shell - (C:\Users\Tobias *****\AppData\Roaming\skype.dat) - D:\Users\Tobias *****\AppData\Roaming\skype.dat ()
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O29 - HKLM SecurityProviders - (credssp.dll) - D:\windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - D:\windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - D:\windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - D:\windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - D:\windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - D:\windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - D:\windows\System32\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - D:\windows\System32\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/06/22 06:38:48 | 000,000,000 | ---D | C] -- D:\Users\Tobias *****\Desktop\verschiedenes
[2013/06/12 16:47:43 | 002,706,432 | ---- | C] (Microsoft Corporation) -- D:\windows\System32\mshtml.tlb
[2013/06/12 16:47:42 | 000,391,168 | ---- | C] (Microsoft Corporation) -- D:\windows\System32\ieui.dll
[2013/06/12 16:44:57 | 000,690,688 | ---- | C] (Microsoft Corporation) -- D:\windows\System32\jscript.dll
[2013/06/12 16:44:56 | 002,877,440 | ---- | C] (Microsoft Corporation) -- D:\windows\System32\jscript9.dll
[2013/06/12 16:44:55 | 000,061,440 | ---- | C] (Microsoft Corporation) -- D:\windows\System32\iesetup.dll
[2013/06/12 16:44:55 | 000,039,424 | ---- | C] (Microsoft Corporation) -- D:\windows\System32\jsproxy.dll
[2013/06/12 16:44:54 | 000,493,056 | ---- | C] (Microsoft Corporation) -- D:\windows\System32\msfeeds.dll
[2013/06/12 16:44:54 | 000,042,496 | ---- | C] (Microsoft Corporation) -- D:\windows\System32\ie4uinit.exe
[2013/06/12 16:44:54 | 000,033,280 | ---- | C] (Microsoft Corporation) -- D:\windows\System32\iernonce.dll
[2013/06/12 16:44:53 | 000,109,056 | ---- | C] (Microsoft Corporation) -- D:\windows\System32\iesysprep.dll
[2013/06/12 16:44:53 | 000,071,680 | ---- | C] (Microsoft Corporation) -- D:\windows\System32\RegisterIEPKEYs.exe
[2013/06/12 12:55:13 | 001,505,280 | ---- | C] (Microsoft Corporation) -- D:\windows\System32\d3d11.dll
[2013/06/12 12:55:08 | 000,024,576 | ---- | C] (Microsoft Corporation) -- D:\windows\System32\cryptdlg.dll
[2013/06/12 12:55:05 | 000,492,544 | ---- | C] (Microsoft Corporation) -- D:\windows\System32\win32spl.dll
[2013/06/12 12:55:02 | 000,903,168 | ---- | C] (Microsoft Corporation) -- D:\windows\System32\certutil.exe
[2013/06/12 12:55:01 | 000,043,008 | ---- | C] (Microsoft Corporation) -- D:\windows\System32\certenc.dll
[2013/06/12 12:54:56 | 003,968,872 | ---- | C] (Microsoft Corporation) -- D:\windows\System32\ntkrnlpa.exe
[2013/06/12 12:54:56 | 003,913,576 | ---- | C] (Microsoft Corporation) -- D:\windows\System32\ntoskrnl.exe
[2010/07/31 10:22:49 | 000,118,867 | ---- | C] ( ) -- D:\windows\System32\DSLLK175.dll
[2004/04/05 02:44:22 | 000,053,248 | ---- | C] ( ) -- D:\windows\System32\RCCOLLAB.DLL
[2 D:\Users\Tobias *****\Desktop\*.tmp files -> D:\Users\Tobias *****\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/07/03 18:52:43 | 000,067,584 | --S- | M] () -- D:\windows\bootstat.dat
[2013/07/03 08:43:08 | 2388,086,784 | -HS- | M] () -- D:\hiberfil.sys
[2013/07/03 08:14:25 | 000,015,056 | -H-- | M] () -- D:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/03 08:14:25 | 000,015,056 | -H-- | M] () -- D:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/03 08:08:00 | 000,000,884 | ---- | M] () -- D:\windows\tasks\Adobe Flash Player Updater.job
[2013/07/03 08:06:28 | 000,000,702 | ---- | M] () -- D:\windows\tasks\MATLAB R2011b Startup Accelerator.job
[2013/07/03 08:04:24 | 000,000,004 | ---- | M] () -- D:\Users\Tobias *****\AppData\Roaming\skype.ini
[2013/07/03 08:03:22 | 000,001,112 | ---- | M] () -- D:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/03 07:11:55 | 000,003,224 | ---- | M] () -- D:\bootsqm.dat
[2013/07/03 06:08:53 | 000,001,116 | ---- | M] () -- D:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/29 10:35:47 | 000,080,481 | ---- | M] () -- D:\Users\Tobias *****\Desktop\Stromverlauf.jpg
[2013/06/27 06:07:33 | 000,763,254 | ---- | M] () -- D:\windows\System32\perfh007.dat
[2013/06/27 06:07:33 | 000,718,532 | ---- | M] () -- D:\windows\System32\perfh009.dat
[2013/06/27 06:07:33 | 000,173,608 | ---- | M] () -- D:\windows\System32\perfc007.dat
[2013/06/27 06:07:33 | 000,146,554 | ---- | M] () -- D:\windows\System32\perfc009.dat
[2013/06/20 19:42:48 | 000,002,089 | ---- | M] () -- D:\Users\Public\Desktop\Google Chrome.lnk
[2013/06/20 04:16:56 | 000,001,966 | ---- | M] () -- D:\Users\Tobias *****\AppData\Local\recently-used.xbel
[2013/06/13 16:18:55 | 003,563,911 | ---- | M] () -- D:\Users\Tobias *****\Desktop\Wald.JPG
[2013/06/12 07:44:02 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- D:\windows\System32\FlashPlayerApp.exe
[2013/06/12 07:44:02 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- D:\windows\System32\FlashPlayerCPLApp.cpl
[2013/06/08 07:40:02 | 000,391,168 | ---- | M] (Microsoft Corporation) -- D:\windows\System32\ieui.dll
[2013/06/08 07:13:19 | 002,706,432 | ---- | M] (Microsoft Corporation) -- D:\windows\System32\mshtml.tlb
[2 D:\Users\Tobias *****\Desktop\*.tmp files -> D:\Users\Tobias *****\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/07/03 07:11:55 | 000,003,224 | ---- | C] () -- D:\bootsqm.dat
[2013/07/03 06:00:58 | 000,000,004 | ---- | C] () -- D:\Users\Tobias *****\AppData\Roaming\skype.ini
[2013/06/29 10:35:47 | 000,080,481 | ---- | C] () -- D:\Users\Tobias *****\Desktop\Stromverlauf.jpg
[2013/06/20 04:16:56 | 000,001,966 | ---- | C] () -- D:\Users\Tobias *****\AppData\Local\recently-used.xbel
[2013/06/13 16:18:55 | 003,563,911 | ---- | C] () -- D:\Users\Tobias *****\Desktop\Wald.JPG
[2013/03/20 15:38:11 | 000,075,264 | ---- | C] () -- D:\windows\System32\callrproxy.dll
[2012/01/11 04:01:24 | 000,114,688 | ---- | C] () -- D:\Users\Tobias *****\AppData\Roaming\skype.dat
[2011/11/16 09:22:04 | 000,003,843 | ---- | C] () -- D:\windows\scad3.INI
[2011/07/12 22:40:57 | 000,000,000 | ---- | C] () -- D:\Users\Tobias *****\AppData\Local\{F0D212F8-ABBE-4CF2-B8CE-0F99522FBD83}
[2011/07/12 19:40:42 | 000,000,000 | ---- | C] () -- D:\Users\Tobias *****\AppData\Local\{FE9F1CF2-22C6-49B6-87E6-39CD9422313F}
[2011/06/22 10:21:09 | 000,252,928 | ---- | C] () -- D:\windows\System32\DShowRdpFilter.dll
[2011/06/15 15:51:20 | 000,033,280 | ---- | C] () -- D:\windows\System32\LVWUtil32.dll
[2011/06/10 08:52:52 | 000,000,244 | ---- | C] () -- D:\windows\System32\nirpc.ini
[2010/01/12 15:00:45 | 000,000,002 | ---- | C] () -- D:\windows\HotFixList.ini
[2010/01/12 14:43:54 | 000,131,368 | ---- | C] () -- D:\ProgramData\FullRemove.exe
[2009/10/16 09:53:50 | 000,000,077 | ---- | C] () -- D:\windows\System32\VBAI Communication Server.ini
[2009/09/24 08:44:34 | 000,037,376 | ---- | C] () -- D:\windows\System32\tbbmalloc.dll
[2009/09/17 10:19:57 | 000,763,254 | ---- | C] () -- D:\windows\System32\perfh007.dat
[2009/09/17 10:19:57 | 000,295,922 | ---- | C] () -- D:\windows\System32\perfi007.dat
[2009/09/17 10:19:57 | 000,173,608 | ---- | C] () -- D:\windows\System32\perfc007.dat
[2009/09/17 10:19:57 | 000,038,104 | ---- | C] () -- D:\windows\System32\perfd007.dat
[2009/09/17 10:02:34 | 000,294,912 | ---- | C] () -- D:\windows\System32\ATIODE.exe
[2009/09/17 10:02:34 | 000,197,654 | ---- | C] () -- D:\windows\System32\atiicdxx.dat
[2009/09/17 10:02:34 | 000,045,056 | ---- | C] () -- D:\windows\System32\ATIODCLI.exe
[2009/09/17 09:41:26 | 000,000,000 | ---- | C] () -- D:\windows\ativpsrm.bin
[2009/09/16 18:27:24 | 000,307,200 | ---- | C] () -- D:\windows\SetDisplayResolution.exe
[2009/09/16 17:57:47 | 000,311,296 | ---- | C] () -- D:\windows\System32\Rezip.exe
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- D:\windows\bootstat.dat
[2009/07/14 00:33:53 | 000,447,304 | ---- | C] () -- D:\windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,718,532 | ---- | C] () -- D:\windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- D:\windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,146,554 | ---- | C] () -- D:\windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- D:\windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- D:\windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- D:\windows\System32\dssec.dat
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- D:\windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- D:\windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- D:\windows\System32\BWContextHandler.dll
[2009/07/13 18:09:19 | 000,982,196 | ---- | C] () -- D:\windows\System32\igkrng500.bin
[2009/07/13 18:09:19 | 000,417,344 | ---- | C] () -- D:\windows\System32\igcompkrng500.bin
[2009/07/13 18:09:19 | 000,139,824 | ---- | C] () -- D:\windows\System32\igfcg500.bin
[2009/07/13 18:09:19 | 000,097,448 | ---- | C] () -- D:\windows\System32\igfcg500m.bin
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- D:\windows\System32\mlang.dat
[2009/05/29 05:00:00 | 000,004,096 | ---- | C] () -- D:\windows\System32\drivers\cvintdrv.sys
 
========== LOP Check ==========
 
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Application Data
[2013/03/20 15:37:28 | 000,000,000 | ---D | M] -- D:\ProgramData\CoDeSys V2.3
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Desktop
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Documents
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favorites
[2010/10/06 10:37:35 | 000,000,000 | ---D | M] -- D:\ProgramData\gateProtect
[2013/03/20 15:37:59 | 000,000,000 | ---D | M] -- D:\ProgramData\Gateway Files
[2010/01/13 15:42:56 | 000,000,000 | ---D | M] -- D:\ProgramData\ICQ
[2011/11/07 13:09:40 | 000,000,000 | ---D | M] -- D:\ProgramData\IVI Foundation
[2010/01/12 15:49:20 | 000,000,000 | ---D | M] -- D:\ProgramData\MumboJumbo
[2013/03/06 10:34:06 | 000,000,000 | ---D | M] -- D:\ProgramData\National Instruments
[2010/02/10 18:55:08 | 000,000,000 | ---D | M] -- D:\ProgramData\Partner
[2011/08/25 08:24:14 | 000,000,000 | ---D | M] -- D:\ProgramData\PhotoStitch
[2010/01/16 18:49:58 | 000,000,000 | ---D | M] -- D:\ProgramData\PlayFirst
[2011/10/19 13:33:55 | 000,000,000 | ---D | M] -- D:\ProgramData\PreEmptive Solutions
[2009/09/16 18:28:13 | 000,000,000 | ---D | M] -- D:\ProgramData\SAMSUNG
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Start Menu
[2010/01/16 18:51:25 | 000,000,000 | ---D | M] -- D:\ProgramData\Temp
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Templates
[2013/03/06 10:34:06 | 000,000,000 | ---D | M] -- D:\ProgramData\WinClon
[2012/01/09 15:54:39 | 000,000,000 | ---D | M] -- D:\ProgramData\www.rene-zeidler.de
[2013/07/03 08:06:28 | 000,000,702 | ---- | M] () -- D:\windows\Tasks\MATLAB R2011b Startup Accelerator.job
[2013/04/29 12:24:27 | 000,032,632 | ---- | M] () -- D:\windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 146 bytes -> D:\ProgramData\Temp:5C5A503E
@Alternate Data Stream - 130 bytes -> D:\ProgramData\Temp:ABE89FFE
< End of report >
--- --- ---

[/CODE]

OTL Logfile:
Code:
OTL Extras logfile created on: 7/3/2013 5:50:48 PM - Run
OTLPE by OldTimer - Version 3.1.48.0    Folder = X:\Programs\OTLPE
Windows 7 Home Premium Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 88.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = D: | %SystemRoot% = D:\windows | %ProgramFiles% = D:\Program Files
Drive C: | 100.00 Mb Total Space | 75.74 Mb Free Space | 75.75% Space Free | Partition Type: NTFS
Drive D: | 141.49 Gb Total Space | 13.59 Gb Free Space | 9.61% Space Free | Partition Type: NTFS
Drive E: | 141.50 Gb Total Space | 136.44 Gb Free Space | 96.42% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- D:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- D:\windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{010A2C18-0830-45A0-BE2B-DD37A2D8A2FE}" = NI LabVIEW Run-Time Engine Interop 2011
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{01415FEA-D7D9-40CF-9370-AF74ABC1AE39}" = NI System API Web-Servce 32-bit 5.0.0
"{01AC4D6A-05F0-4158-95E7-FC299961B50A}" = NI Math Kernel Libraries
"{033F0FD6-07E0-414A-8367-51EB862EFE12}" = NI System Configuration Runtime 5.0.0
"{035400A4-29BD-3723-BEED-E2718A68CDE0}" = Microsoft Visual Studio 2010 Office Developer Tools (x86)
"{03A02E59-709E-42B0-BEE3-A3CB5C128921}" = NI LabVIEW 2011 System Identification Toolkit License
"{03A4C6A1-26E9-4DDB-81D9-B332E5BB10AD}" = Microsoft Sync Framework SDK v1.0 SP1 de
"{043955AD-7E11-4B6D-A317-B72F7BB87736}" = NI Assistant Framework LabVIEW 2011 Support
"{05617B99-0727-4FFB-AC8E-8F6427799C8F}" = NI-DAQmx/LabVIEW shared documentation 1.9.5
"{05C030B8-DC4F-489D-B86B-FC6B7DB3F607}" = NI SSL LabVIEW 2011 Support
"{0613F79E-C012-BC98-6E9C-5A47AEE6D37A}" = CCC Help Korean
"{066F687E-1CA0-4D94-A2C9-F8E6E817F4CB}" = NI LabVIEW Run-Time Engine 2011
"{070E052E-8D36-4B7E-B640-C75F12B2A76E}" = NI LabVIEW SignalExpress 2011 Licenses
"{07976ABB-1EBD-4A65-A7C7-155A0DC17173}" = CoDeSys for Automation Alliance
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0A8CE3AA-99F2-5632-A8D2-636BE6CFE856}" = Catalyst Control Center Core Implementation
"{0C169DC9-8717-4458-B822-C79A25D08BE2}" = NI LabVIEW 2011 Control Design MathScript Support
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{0FD812C9-3BBE-4CC5-A43C-B7304E3EC581}" = NI Web Pipeline 2.0.1
"{105271B2-81E8-4C84-B820-590BFBC5F958}" = NI IVI Compliance Package 4.4
"{112DFF69-BD66-43B4-9F6A-FE2FFB60A075}" = NI LabVIEW 2011
"{13871A36-B819-4FB2-A29A-BDE475D8A6B3}" = NI LabVIEW 2011 Control Design Real-Time Support
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{1570DE88-A78A-37FD-8A05-92620D160CCA}" = Microsoft Visual Studio 2010 Office Developer Tools (x86) Language Pack - DEU
"{1664EB8B-057B-0E23-7245-ECE92849FF4C}" = ccc-core-static
"{16BCFC83-D340-4E17-BF6F-78C05863F5D9}" = NI Vision Assistant 2011
"{16DF18C7-7F56-48A4-9CDE-CB699DBB5B16}" = NI IVI Class Driver LabVIEW 2011 Support
"{1709DBFC-E42A-4D32-A6B1-6EB067D4D9CE}" = IVI Shared Component
"{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}" = EasyBatteryManager
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{1848995E-B449-4549-A914-2CEBC0BA27F2}" = NI IVI Online Help
"{1968D913-702C-4418-9DC8-A095B15CE8A5}" = NI LabVIEW 2011
"{1A609A84-71AF-4D96-962B-E060D34FD4AB}" = NI MetaSuite Installer
"{1B5ABB51-8AAB-4FBA-8987-9A8820756E2B}" = NI USI 1.9.0
"{1C2B3CEA-482E-4453-B3E2-C9731337828A}" = Microsoft SQL Server 2008 Native Client
"{1D1752FD-F4A9-4CA3-B9D3-0F4D22451D8C}" = NI LabVIEW 2011 System Identification Toolkit VIs
"{1D328E11-3B0C-388C-835D-C9C20E8C7734}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{1DBD8607-39EE-B7F3-CDE6-A2095B0EE0C9}" = CCC Help Chinese Traditional
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200927E3-5E45-493A-9343-508613BC59CE}" = NI LabVIEW Web Services Runtime
"{20167022-64F2-4836-B9C9-1DBAA6721FD4}" = CCC Help Hungarian
"{204DD5C2-441A-DADC-E765-595B5C1EDE88}" = CCC Help Norwegian
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{218E2C0C-4740-DBCB-C8E8-D67201A6500A}" = CCC Help English
"{22923F17-B592-4A7F-84A8-18F3BFC13B94}" = NI Microsoft Silverlight Wrapper
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24EEDE86-3CB5-485D-91E3-F630273A08FF}" = NI LabVIEW SignalExpress 2011 Core LabVIEW Support
"{268B0789-E2BF-4836-BF05-A6140B4983CA}" = NI MAX Remote Configuration Installer 5.0
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26D20F5D-1D37-5BD1-34AB-6411AC34E2A9}" = ccc-utility
"{27111B7A-97FE-46BD-81F9-4E87737DF803}" = NI LabVIEW 2011 MeasAppChm File
"{292382C0-61F7-458A-9008-55F272A4DD9C}" = NI Logos 5.3.0
"{298008B1-AD82-4791-9BB8-863AD1408492}" = NI Uninstaller
"{2ADC660A-77C9-4A6C-9D4B-5E48A27BCA10}" = NI Help Assistant
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2BC9B2CE-D569-4ADC-A8A0-170F2FD57139}" = NI LabVIEW 2010 Real-Time NBFifo
"{2DBC8A34-0646-4F3D-B005-414E317FB281}" = NI Circuit Design Suite 11.0.2 Edu Licenses
"{31A184AC-4ACA-463B-BE84-F4ABA7FC4655}" = NI Logos LabVIEW 2011 Support
"{31C3C6EA-E991-405F-A3AA-2C070CCCC47C}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools - DEU
"{3363E5BE-7FBF-424B-B26C-0041CE837DD0}" = NI LabVIEW SignalExpress 2011 Core LabVIEW 2011 Support
"{33AAA123-A24A-46A7-8CD6-F03C5B375033}" = NI TDM Excel Add-In 3.3
"{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver
"{3501AF2D-A97E-F6DB-521A-4E64EAEF5BDC}" = CCC Help Thai
"{37BD5C09-7CED-43F4-A1F5-2D892E12D483}" = NI LabVIEW 2011 MathScript RT Module License
"{397E268E-FB51-4C23-A496-1031B8F1CCEE}" = NI AFW UI Assemblies
"{3A1504FB-7067-4E46-9AFA-A3C29C95E4DC}" = NI LabVIEW Run-Time Engine 8.2.1
"{3A7C46AC-060B-6CBF-1862-969F79A5B758}" = CCC Help French
"{3AC01660-F640-4AFB-A25E-082B260C025C}" = WIF Core Dependencies Windows 5.0.0
"{3AE9153C-1E52-4B6B-9405-FE403342A3C8}" = NI Update Service 2.0
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D1F6E51-C98C-4C01-8170-D2DBF2837F13}" = NI LabVIEW Merge Utility 11.0.0
"{3EB37B26-432C-467C-9FBC-9BDA0E6FBDD7}" = Catalyst Control Center InstallProxy
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
"{4067DBF1-91AF-445E-A34E-00707F214B49}" = NI IVI Class Simulation Drivers
"{411429D5-83D1-2F9B-9F53-4524DCE99E6D}" = CCC Help Portuguese
"{4135C790-0387-36D7-9C2A-1B09A5900460}" = Microsoft Visual Studio 2010 Ultimate - DEU
"{415780C0-4A19-4567-AAAE-10CCB9832B13}" = NI-RPC 4.2.2f0 for Phar Lap ETS
"{4159DD60-49C1-4323-A1A5-FB060CBA35C5}" = NI Measurement Studio Recipe Processor
"{416B50BB-64CE-46C5-81A6-7F842CC35CDC}" = NI LabVIEW MAX XML
"{41B31ABE-5A6E-498A-8F28-3BA3B8779A41}" = Dotfuscator Software Services - Community Edition
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{445D1CC7-9C3C-4823-9597-B7DDD8698FE6}" = NI LabVIEW 2011 Manuals
"{45C5DE6E-85AB-466E-9A6F-8BAB11EE0EDD}" = NI Web Interface Framework 2.0
"{46ADBF7F-868A-4625-9546-14355105AC50}" = NI IVI Provider for MAX
"{46BF7707-A511-47E7-B118-0E53DCA1A0EA}" = NI Remote PXI Provider for MAX 5.0.0
"{477415F5-93DA-46AA-85C5-640047825995}" = Microsoft SQL Server 2008 Database Engine Shared
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{49F05354-04F7-4AE4-8434-9E7B5462C727}" = NI DN 2.0 SP1 installer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A3975BD-F85A-4CCB-9520-EB5604775A0F}" = NI LabVIEW 2011
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4AA402A7-4547-4E1A-A034-1DF609A6CCA9}" = NI LabVIEW SignalExpress 2011 Datatypes LabVIEW 2011 Support
"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008 Browser
"{4BDAF6F8-8C28-49FD-8FA7-CEE3E9E9BAD4}" = NI LabVIEW 2011 Simulation
"{4BEFB7C6-F103-42FB-9482-861C6D9690A0}" = NI LabVIEW Compare Utility 11.0.0
"{4D2121FE-5CCC-4D47-B3A0-BF56045A5099}" = Samsung Support Center
"{4FFBBF14-D82E-483D-8C1D-FCECAABD399E}" = NI LabWindows/CVI 9.0.1 Run-Time Engine
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{501DACFF-9399-4DBC-AA59-F35C9C6970D2}" = NI-DIM 1.11.0f0
"{50F728C0-9A37-4868-B9E1-42565C228B12}" = Reset NI Config 5.0.0
"{52252F5C-58CD-48ED-8C88-9AAD6FE887B4}" = NI Trace Engine
"{523B5D39-C209-41C8-9075-F6C14C2394D2}" = NI LabVIEW 2011 Search
"{523F21B6-D325-4515-9416-04A166437C43}" = NI LabVIEW SignalExpress 2011 Steps
"{5242B252-01BB-4F2E-BBF4-5C01BC3B6619}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{53957452-A916-4BBD-90A8-76C59020B9BD}" = NI LabVIEW 2011 System Identification Assistant
"{54FBC914-82D7-E646-2916-B3C6D320E0B4}" = Catalyst Control Center Graphics Previews Vista
"{555B2ADE-B3CB-4C95-A789-8A7C03A004B7}" = NI LabVIEW 2011 Deployment Framework
"{578A6214-6CC6-4043-A9A8-C045DDAE2B39}" = NI Remote Provider for MAX 5.0.0
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}" = Microsoft SQL Server System CLR Types
"{5BD39911-A12F-4562-98BA-A6E03E3370B1}" = Microsoft SQL Server 2008 Database Engine Services
"{5BE7BB97-8215-4F88-90EC-B07C199CFBBF}" = NI Vision Builder AI 2010
"{5C0BBD9F-2D3F-4093-AD7B-3F7377E0EDCA}" = NI LabVIEW Real-Time NBFifo
"{5C468B0A-6DB3-402E-B4C0-6CA4CEFAE0AF}" = NI Sound and Vibration Frequency Analysis 2010
"{5D221DF2-F206-681F-75FE-1C7620BE69A7}" = CCC Help Greek
"{5F123C21-A5E2-4CFB-A6A7-034C9087099F}" = NI Logos XT Support
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{644DAD90-2083-4871-BD49-721BF8FAE295}" = NI LabVIEW Run-Time Engine 8.6.1
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{67A00571-3985-4051-97D1-5EA81F9F1319}" = NI LabVIEW SignalExpress 2011 LabVIEW 2011 Support
"{681F4E9F-34E0-36BD-BF2C-100554E403A5}" = Microsoft Visual F# 2.0 Runtime Language Pack - DEU
"{6848704E-C8D4-4F4F-9181-5926D4A11E98}" = ATI Catalyst Install Manager
"{68DE7BF6-AFA9-4609-9C96-8C15E46E2093}" = NI Example Finder 11.0
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010  x86 Runtime - 10.0.30319
"{6AA9D409-78E2-47A3-98CB-5D36E75232AF}" = NI Enhanced DSC Deployment Support for LabVIEW 2010
"{6B9EFC04-713D-F238-E388-F3CDA52E7880}" = Catalyst Control Center Graphics Light
"{6C520D64-E109-4A73-82A3-7808592051BC}" = NI Circuit Design Suite 11.0.2 Core
"{6CB778E6-693F-7A2A-C5AD-C7743500D249}" = CCC Help Turkish
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{6E84AECC-91B8-4738-97D2-0E8083A093F2}" = NI Measurement Studio Common .NET Assemblies for .NET 2.0
"{6F1B061C-AB4B-4FB4-8715-269FFCC2FD07}" = NI LabVIEW 2011
"{70BA7761-629A-4118-BFE0-02753B9019C8}" = NI MXS 5.0.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{712723FB-BF99-4406-8F91-A2DB766AB2C9}" = NI VC2008MSMs x86
"{729A3000-BC8A-3B74-BA5D-5068FE12D70C}" = Microsoft Visual F# 2.0 Runtime
"{73854BF9-E78E-4D6F-B8C2-A7A3CD855124}" = NI LabVIEW 2011 Help File
"{74543E90-425B-46D2-BB83-D91C7974834D}" = NI LabVIEW 2011
"{747D98C4-ADDB-47F6-9055-149DC280E478}" = NI Vision Assistant 2011 .NET
"{7571F0A3-AC23-4F7B-A64E-442C5C82CE01}" = NI LabVIEW 2011
"{75C812EE-06B8-4A47-B37D-9777BE9A644C}" = NI SSL Support
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{7664BF64-BD18-47B7-A678-0F1D98FC8F13}" = NI LabVIEW 2011 MathScript RT Module
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7888F38C-E534-473D-B029-562173EEA2C8}" = NI-Mesa
"{7A29AA0C-202A-467E-9257-DE2E8DBC60B3}" = NI LabVIEW 2011 License
"{7BE5AA0C-E564-430F-B297-2B01121A1C5A}" = NI LabVIEW Real-Time NBFifo
"{7BEC151D-ADA9-3EA9-9273-99BA82881971}" = Microsoft Visual Studio 2010 SharePoint Developer Tools
"{7C62B54A-E524-4F3D-83E7-0F2ABAFC978A}" = NI Xalan Delay Load 1.10.1
"{7C6869BF-6CBE-4CB0-8869-2743B419343C}" = NI LabVIEW 2011 Real-Time NBFifo
"{7D4BA4CF-992A-4F10-83F6-B4DBB27704DF}" = NI LabVIEW 2011 Control Design Shared VIs
"{7D64A463-C3C9-40B6-BC46-4DD7D0DE2BFD}" = NI LabVIEW 2011 Run-Time Engine Non-English Support.
"{7D826D95-7FEE-4FC6-A3CC-BE4A53810441}" = NI IVI Engine
"{7D89ECEB-7E27-4898-812E-80862E91AB94}" = NI Portable Configuration 5.0.0
"{7E3668CB-1228-416E-B721-C2FA3247B985}" = NI LabVIEW Real-Time FIFO for Runtime
"{7FB12670-0F93-4E1E-B2F5-4F339199A03A}" = Microsoft SQL Server Native Client
"{80C792E1-78BC-4F4A-839E-BCD107770938}" = NI System API Windows 32-bit 5.0.0
"{82D29FE9-9F5A-4EF7-BBA1-EF107DDB2E64}" = NI Certificates Deployment Support
"{85BA3FCF-AA00-4151-B97D-84A221E8198A}" = NI-VISA Runtime 5.0.3
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{886C3E95-4032-45C8-92F6-57861871635A}" = NI Software Provider for MAX 5.0.0
"{89089F33-94D7-4E9C-918F-75CC933FC88F}" = NI DataSocket 4.9
"{8923D179-24D1-475D-A381-0B8C1AF1A206}" = NI LabVIEW 2011 Web Server
"{896849EE-EEE6-4E45-B20B-9F4DDCF805DA}" = NI Assistant Framework
"{89CE9AA7-0615-4DB5-83DB-B0AA2FDAD454}" = NI LabVIEW 2011
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B3E6AA0-992F-4957-A1DB-CC2CA521F790}" = NI LabVIEW SignalExpress 2011 Core
"{8BDFB0BC-FE2E-470C-9F43-F960057AC83D}" = NI LabVIEW 2011 Digital Filter Design Toolkit License
"{8D88074D-4378-C049-4264-EB3EE8AC155C}" = CCC Help Japanese
"{8D9F6EFD-6EAF-4327-AD59-92DEA050BDAF}" = NI Instrument IO Assistant for LabVIEW 2011 32-bit
"{8EAA9D70-C912-3708-92DD-0CCC26F386E1}" = Microsoft Visual Studio 2010 Performance Collection Tools - DEU
"{8ED02445-D491-414C-A56D-2ED6BBB7239A}" = Garmin Communicator Plugin
"{8F1B9FE1-5777-4118-B982-B50B030101FF}" = NI LabVIEW 2011
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{912B04B3-7C7C-4929-AE68-EC2A4CCB4E73}" = Microsoft-Maus- und Tastatur-Center
"{91F54E1D-804A-46D8-A56C-53EA9C4B3177}" = Microsoft Silverlight 3 SDK - Deutsch
"{929F5BFC-60F0-34EC-A50B-2001AAC03D56}" = Microsoft Team Foundation Server 2010 Object Model - DEU
"{92C5C058-E941-47C3-B7E8-38A79C605969}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
"{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}" = ChargeableUSB
"{930BD01D-A420-4BB4-8E85-A313FD7ED49E}" = NI-PAL 2.6.5f0
"{9320E1F0-31CB-4095-B430-017A35406E40}" = NI LabVIEW SignalExpress 2011 Datatypes
"{93E42FF5-065E-0D52-2777-8A1849CB8574}" = CCC Help Swedish
"{94D5097B-46D0-A1D9-8983-284E3C675CA9}" = Catalyst Control Center Localization All
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95C26FA7-5FDD-4C6D-AD6F-3D4B3FEB0D70}" = NI AFW Custom UI Assemblies
"{961B4059-D1C0-43C8-095B-75A18BD0F8C8}" = CCC Help Polish
"{98B874D4-D8A4-40BE-B82A-36E902C84289}" = NI-ORB 1.9.3f0
"{98F4DC3F-958E-4DE5-BE1D-DBD72B05A204}" = NI Search Shared
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{9AA2D735-3375-42D4-9A61-3FFEF82599D6}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup
"{9B05C597-5509-47C6-87B8-461E1BB6AF5C}" = NI LabVIEW Run-Time Engine 2009 SP1
"{9B84A151-81CC-6133-D844-A189FDA1C34F}" = CCC Help Chinese Standard
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2113B6-30DC-4827-9166-E6F4889D7594}" = NI LabVIEW 2011 Deployable License
"{9C3B8582-A72A-4835-8903-877A834407BB}" = Microsoft SQL Server 2008 R2-Datenebenenanwendungs-Framework
"{9E6D743D-630C-4610-A7C3-E3998B411FB5}" = NI LabVIEW 2011 Digital Filter Design Toolkit RT Support
"{9EC3B901-EE18-459A-ABF1-8EAEFD8A908C}" = NI LabVIEW 2011 MathScript RT Module
"{9FCEDDD0-4FEA-41CE-9739-565F39B2F607}" = NI MDF Support
"{A106D33E-6B43-42C0-9BFC-D03303261FA7}" = Microsoft SQL Server 2008 R2 Management Objects
"{A11A542A-37BF-4943-9810-3F1DC0AD4A1C}" = NI LabWindows/CVI 2010 Code Generator
"{A259AA7B-BF60-4317-A6EA-4FA86BC99DEF}" = NI Vision Common Resources 2011
"{A259D0D8-1F44-4A5A-B1AB-F5AE6020FAF1}" = NI Vision Run-Time Engine 2011
"{A363C314-2242-4BBE-9ADE-B427AF646EFF}" = NI mDNS Responder 1.6.0
"{A3752527-E9F5-4EE5-9A09-D6582AFE1D35}" = NI Circuit Design Suite 11.0.2 Education
"{A5FB6F3A-2120-45C8-B5E5-476BD5580BD6}" = NI LabVIEW EWB DeviceHandler 2010
"{A736A59D-FFAD-4EE5-962F-510DE151D6AA}" = NI AFW Channel Configuration Tool
"{A7B1ABA8-E2A2-4565-A8AF-F01657FF5CEA}" = NI LabVIEW Web Services Runtime
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AA16A9E5-40E9-44F5-801E-6B3D3CFE79E5}" = BatteryLifeExtender
"{AB47630B-C1BF-4A0A-93EF-3492A59A4704}" = NI LabVIEW Run-Time Engine Interop 2010
"{AB55A100-AAC9-43EA-845E-2DCDC0D4D2B8}" = NI Math Kernel Libraries
"{AB9BBC2E-83F6-47A9-9FA3-08D3774F8E45}" = NI-RPC 4.2.2f0
"{ABD79E99-F9E3-413B-8D18-11070754355F}" = NI Math Kernel Libraries
"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{AD118C09-CD56-4676-80D3-25221BA9A3E9}" = NI IVI Class Drivers
"{ADEB5E8B-AF72-49E5-BF36-3891B9F75FF3}" = NI Vision Builder AI 2010 API Interface
"{AE593237-3C8E-44F2-A9AA-2DDE0A472CDE}" = NI LabVIEW Web Server for Run-Time Engine
"{AE86495C-42F9-F5BE-E878-7798456A509A}" = CCC Help Spanish
"{AFFE41B4-6FB6-4E64-811C-5F57D05DF70F}" = NI Sound and Vibration Frequency Analysis LabVIEW 2011 Support
"{B10F8C17-3DB8-4093-92F6-9F85C263D51A}" = NI LabVIEW Run-Time Engine Interop 2009
"{B179B6ED-5D5B-49B8-8929-5144738B81C3}" = NI LabVIEW SignalExpress 2011 Tools
"{B1DCBBC7-8ECE-497F-926F-02FE4E42216B}" = NI Distributed System Manager 2011
"{B1EE55C1-F98B-40AB-AF0C-422ECCC88454}" = NI Measurement & Automation Explorer 5.0.0
"{B25CE691-97D9-4A38-BC65-A889194BECEB}" = NI Vision 2011
"{B2BDA3BC-29BE-49C1-A30E-15DA8D041601}" = NI License Manager
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B61FFD74-8DAD-41E1-835F-3995E026EDB4}" = NI Measurement Studio Common .NET Assemblies for .NET 3.5
"{B660E0D0-A8CB-45A7-96FB-93E8C915A0B2}" = Easy Network Manager
"{B6D8DC8C-F077-4631-A221-4D5E1D8E87E7}" = Catalyst Control Center - Branding
"{B7493783-F638-BEAE-C8C7-665C5A03E652}" = CCC Help Dutch
"{B82ABF2C-CBD3-5528-26DF-F1161A2B34BF}" = Catalyst Control Center Graphics Full New
"{B9B1B5D9-F96D-0257-A23C-8EA9ACCCF8CB}" = CCC Help Czech
"{BADAFD0C-2B14-4D4E-B2A8-0E6B5F6781F1}" = NI Control Design Assistant 2011
"{BB3EBB9E-1CA1-4B7F-9E67-09540CCE9F45}" = NI Assistant Framework LabVIEW Code Generator 2011
"{BD2BD62A-444B-4838-8931-B3E9679144AB}" = NI LabVIEW SignalExpress 2011 LabVIEW Support
"{BE5C49CF-A4B7-453B-953B-7C70375865C5}" = NI LabVIEW 2011 Digital Filter Design Toolkit
"{C09C5E8D-1706-4025-9919-07E010C7E74D}" = NI LabVIEW Modulation Toolkit 4.3.1
"{C0DE25AE-B0E5-4D4B-96CE-EE757066D0BA}" = NI Network Discovery 5.0
"{C2217F81-3429-418C-9F60-14F0E051E1A4}" = NI LabVIEW 2011 Control Design and Simulation Module
"{C3181764-B8F3-A705-5362-86E37C476710}" = Catalyst Control Center Graphics Full Existing
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CAC9188C-83A0-4F9F-858A-DA430DC2E401}" = NI AFW Custom UI
"{CC17CE69-4AB6-4434-ADB4-27DB49D36080}" = NI Curl 1.1
"{CE9BAD6E-60FC-46CC-82A2-5B0F2B1A0E36}" = Dotfuscator Software Services - Community Edition - DEU
"{CF30E2B5-A7A7-47AD-8B03-22A27D4E9971}" = NI LabVIEW 2011 Real-Time Error Dialog
"{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D074DC76-F6C9-440E-A1D0-1DE958417FDB}" = Microsoft SQL Server VSS Writer
"{D11EA398-49B5-4266-B9BC-E75F8E530A05}" = NI Vision Builder AI 2010 Shared Resources
"{D361B9E5-E918-48CB-BEC3-8E44A5F6E624}" = NI LabVIEW 2009 SP1 Run-Time Engine Web Services
"{D4877334-6730-4C84-B9C9-218EA466CA74}" = NI LabVIEW 2011
"{D5BB7AAE-62F4-4C4F-B272-F27AEE16BA7F}" = NI TDMS
"{D6A6CFAD-CD86-482B-90D1-6FCC4E252ACD}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x86) de
"{D6D68ABC-954B-4373-92A2-0FE7FA59AC1A}" = NI EulaDepot
"{D70CCDE0-44B0-460D-94AD-7BE162E49126}" = NI LabVIEW 2011
"{DA146D61-5542-2F55-C5E4-49D26EBAAA5B}" = CCC Help Russian
"{DB0AF767-7CC7-4E4D-B6BE-A200F20A2FB1}" = Microsoft Sync Framework Runtime v1.0 SP1 (x86) de
"{DB0D5AFF-0B60-4287-9BC2-F4AE797B02F4}" = NI Authentication 2.0
"{DB0EF3C1-8AF4-1E28-267E-024999C11828}" = CCC Help Finnish
"{DB2C5648-700D-4AEF-83E1-70C72F0C34FA}" = NI Math Kernel Libraries
"{DB68B420-5382-48EE-9A2A-CB984FEBB192}" = NI LabVIEW Web Server for Run-Time Engine
"{DB77F50B-F88C-4D63-9103-EF4D71BA4C50}" = NI Vision .NET Run-Time Engine 2011
"{DBB62E6B-66F5-09D2-D2CC-C1877CDD9A8B}" = CCC Help Italian
"{DBE8431C-CF9A-38C3-B42D-28B6FCE1EA3B}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU
"{DC8D559F-7A15-45FE-9DC5-D954D49D7ED9}" = NI System Identification Assistant LabVIEW Support
"{DEC25D81-2317-47F6-8B26-D54A939DA1EE}" = NI LabVIEW C Interface
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E0D8CD4E-4771-4848-A09D-60A31D883883}" = NI VC2005MSMs x86
"{E125DE33-5564-4531-A4EF-BBC7C78031BA}" = NI LabVIEW SignalExpress 2011
"{E1D60C68-016C-4951-8C1F-52E24DFE7836}" = NI CodeSignAPI
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3739FE9-3BAF-4250-82FA-230C7CC0EAD8}" = NI LabVIEW 2011 Help
"{E4E9CBC9-1CF5-48E3-AF6F-1AB44A856346}" = Microsoft ASP.NET MVC 2 - DEU
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5141E62-8A90-D9A1-EB2D-C4D0D9940D90}" = CCC Help German
"{E6068691-1FBC-4EF0-87E8-609CDB32038A}" = NI Xerces Delay Load 2.7.3
"{E69A31C9-F24F-4A1A-BEAD-B1AA255760C1}" = NI Registration Wizard
"{E8A99DC4-303C-4BC4-98B8-9C324BAD0006}" = VISA Shared Components
"{EA37AB72-EC8C-432C-A1C6-186850FB0559}" = NI System State Publisher
"{EAF7B35C-DCBE-4032-9ABF-C35C43D07124}" = Microsoft Sync Framework Services v1.0 SP1 (x86) de
"{EB708DAB-CD04-46E4-88C9-E3BC80595982}" = NI System Web Server Base 2.0
"{EB8D0A82-E02A-437C-A7C4-90516F1CFB39}" = NI Web Application Server 2.0
"{EC45867D-83A8-4ECF-911A-154CD98BD592}" = NI Measurement Studio 8.6 Enterprise RunTime for VS2005
"{EC66418E-DAA2-36D5-809E-40BEC94E622A}" = Microsoft Visual Studio Macro Tools - DEU Language Pack
"{EC868042-4A40-492C-A30B-170F30DB6686}" = NI Vision .NET 2011
"{EDE7C782-6E1F-4C07-9E58-B90BBA0658BD}" = NI-IMAQ Camera Files
"{EDFC39D7-B782-4B43-BF9C-D1B80ADEA863}" = NI LabVIEW Runtime Engine 2010 SP1
"{EF1B1A68-988E-4A68-8504-774373A4651C}" = NI OPC Support
"{EF1E7F06-246A-4501-A2B8-2C0C72600F66}" = NI LabVIEW Analog Modulation Toolkit 4.3.1
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F04A89CB-A185-4263-85ED-4BAD766F7DAE}" = NI Error Reporting 2011
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F293A67D-04BB-6960-5D13-13F158796960}" = CCC Help Danish
"{F2BC3383-F000-410C-A038-3846ADBE8D90}" = REALTEK Wireless LAN Software
"{F2E01659-A397-4F84-9B5E-484A431CE1C5}" = NI System Web Server 2.0
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F37CC885-1E37-4F2A-93F3-7F1E1EEBBEBB}" = NI LabVIEW Broker
"{F45CE5E8-4A60-4292-8FD5-1807DFEBE221}" = NI LabWindows/CVI 2010 LabVIEW DLL Builder
"{F6C682B6-7714-41CC-80B6-3288364910AF}" = NI GMP Windows 32-bit Installer 11.0.0
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7CCA6E5-1D14-4907-83BB-6B6BF36F1D90}" = NI Variable Engine LabVIEW 2011 Support
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F9A74F70-7597-47B8-B04C-044824C23B15}" = NI LabVIEW 2011 VIPM Helper
"{F9E0880D-B263-48F9-B8E5-BAFCAE9BE150}" = NI System API Client for WIF 5.0.0
"{FDED748C-432B-4B44-BB33-3BB8550A2AD2}" = NI Variable Engine 2.5.0
"{FE24BCDF-9231-450D-AA08-D3550B81EE41}" = NI LabVIEW Web Server for Run-Time Engine
"{FEDBFDE2-61C2-4009-AC34-7FE12107C28B}" = NI LabVIEW 2011 System Identification Toolkit
"{FEFA778A-05D2-4D0F-80A3-7AE24B8161C0}" = NI LabVIEW Web Server for Run-Time Engine
"{FF6F95A4-E59B-45C8-BEA8-0BDC8D9CAB51}" = Microsoft SQL Server 2008 Common Files
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0)
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"DPP" = Canon Utilities Digital Photo Professional 3.8
"DRI Tool 2.0_is1" = DRI Tool 2.0
"EOS Utility" = Canon Utilities EOS Utility
"gateProtect VPN Client 2.5" = gateProtect VPN Client 2.5
"Google Chrome" = Google Chrome
"HC51 9.60PL0" = HI-TECH C51-lite V9.60PL0
"Inkscape" = Inkscape 0.48.4
"IviSharedComponent" = IVI Shared Components 2.2.1
"LTspice IV" = LTspice IV
"Matlab R2011b" = MATLAB R2011b
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Microsoft Mouse and Keyboard Center" = Microsoft-Maus- und Tastatur-Center
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft Team Foundation Server 2010 Object Model - DEU" = Microsoft Team Foundation Server 2010-Objektmodell - DEU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU
"Microsoft Visual Studio 2010 Ultimate - DEU" = Microsoft Visual Studio 2010 Ultimate - DEU
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"Microsoft Visual Studio Macro Tools - DEU Language Pack" = Microsoft Visual Studio Macro Tools - DEU Language Pack
"Mozilla Firefox (3.6.26)" = Mozilla Firefox (3.6.26)
"NI Uninstaller" = National Instruments - Software
"ODSK" = Canon Utilities Original Data Security Tools
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"PDF Blender" = PDF Blender
"PhotoStitch" = Canon Utilities PhotoStitch
"PICC 9.60PL0" = HI-TECH PICC lite V9.60PL0
"Picture Style Editor" = Canon Utilities Picture Style Editor
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"Uninstall_is1" = Uninstall 1.0.0.1
"VISASharedComponents" = VISA Shared Components
"WFTK" = Canon Utilities WFT-E1/E2/E3 Utility
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\Tobias_*****_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
 
< End of report >
--- --- ---

[/CODE]

hab gesehen dass bei OTL noch der Nachname drin war. Habe das nochmal korrigiert.
passt das so, oder ist das zu viel was ich da eingefügt habe?:crazy:

cosinus 03.07.2013 15:11

Fixen mit OTLpe

  • Starte den infizierten Rechner mit der OTLpe-CD und öffne OTLpe.
  • Kopiere nun den folgenden Inhalt aus der Codebox in die Textbox.
    Wichtig: Falls du deinen Benutzernamen im Log unkenntlich gemacht hast (z.B. durch ***), dann mach das hier wieder rückgängig.

Code:
:OTL
O20 - HKU\Tobias_Rossmann_ON_D Winlogon: Shell - (C:\Users\Tobias Rossmann\AppData\Roaming\skype.dat) - D:\Users\Tobias Rossmann\AppData\Roaming\skype.dat ()
[2013/07/03 06:00:58 | 000,000,004 | ---- | C] () -- D:\Users\Tobias Rossmann\AppData\Roaming\skype.ini
[2012/01/11 04:01:24 | 000,114,688 | ---- | C] () -- D:\Users\Tobias Rossmann\AppData\Roaming\skype.dat
@Alternate Data Stream - 146 bytes -> D:\ProgramData\Temp:5C5A503E
@Alternate Data Stream - 130 bytes -> D:\ProgramData\Temp:ABE89FFE
  • Klicke jetzt auf den Fix Button.
  • Starte danach neu und versuche wieder in den normalen Modus von Windows zu booten.
  • Nach dem Neustart findest du ein Textdokument auf deinem Desktop.
    (Auch zu finden unter C:\OTL\MovedFiles\<time_date.log>)
  • Kopiere nun dessen Inhalt hier in deinen Thread.

Tobi R. 03.07.2013 15:32
wow, es ist alles wieder da:Boogie::abklatsch::party::taenzer:

auf meinem Desktop habe ich keine txt.datei gefunden.
Es erschien jedoch nach der "Fix"-Aktion eine neue txt-datei:

cosinus 03.07.2013 15:34
Eine Kontrolle mit OTL bitte aus dem normalen installierten Windows bitte (KEIN OTLPE!)
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in CODE-Tags in den Thread.

Tobi R. 03.07.2013 16:08
ich kann auf dem betroffenen Rechner das Programm nicht downloaden.
Beim Hilfs-PC hat es geklappt.
ich brauche dieses Programm otlpe, dann werde ich gefragt ob ich das auf cd brennen mag und dann ist es doch auf dem Rechner (beim anderen hat es so geklappt).

Grüße,
Tobi

cosinus 03.07.2013 16:12
Ich hab extra geschrieben KEIN OTLPE
Mit der Fehlerbeschreibung "ich kann nichts downloaden" kann kein Helfer etwas anfangen :glaskugel:

Tobi R. 03.07.2013 16:51
OTL Logfile:
Code:
OTL logfile created on: 7/3/2013 7:41:42 PM - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Tobias Rossmann\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.97 Gb Total Physical Memory | 1.16 Gb Available Physical Memory | 39.20% Memory free
5.93 Gb Paging File | 3.78 Gb Available in Paging File | 63.74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 141.49 Gb Total Space | 12.89 Gb Free Space | 9.11% Space Free | Partition Type: NTFS
Drive D: | 141.50 Gb Total Space | 136.43 Gb Free Space | 96.42% Space Free | Partition Type: NTFS
Drive G: | 3.89 Gb Total Space | 3.66 Gb Free Space | 94.17% Space Free | Partition Type: FAT32
 
Computer Name: TOBIASROSSMANN | User Name: Tobias Rossmann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Tobias Rossmann\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\Tobias Rossmann\AppData\Roaming\WebCake\WebCakeDesktop.exe (WebCake LLC)
PRC - C:\Program Files\WebCake\WebCakeDesktop.Updater.exe (WebCake LLC)
PRC - C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe ()
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Microsoft Device Center\ipoint.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Device Center\itype.exe (Microsoft Corporation)
PRC - C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
PRC - C:\Users\Tobias Rossmann\Desktop\Studium\Shared\NI Error Reporting\nierserver.exe (National Instruments Corporation)
PRC - C:\Users\Tobias Rossmann\Desktop\Studium\MAX\nimxs.exe (National Instruments Corporation)
PRC - C:\Users\Tobias Rossmann\Desktop\Studium\Shared\Tagger\tagsrv.exe (National Instruments Corporation)
PRC - C:\Users\Tobias Rossmann\Desktop\Studium\Shared\Security\nidmsrv.exe (National Instruments Corporation)
PRC - C:\Windows\System32\lktsrv.exe (National Instruments Corporation)
PRC - C:\Windows\System32\lkads.exe (National Instruments Corporation)
PRC - C:\Users\Tobias Rossmann\Desktop\Studium\Shared\mDNS Responder\nimdnsResponder.exe (National Instruments Corporation)
PRC - C:\Users\Tobias Rossmann\Desktop\Studium\Shared\NI WebServer\SystemWebServer.exe (National Instruments Corporation)
PRC - C:\Users\Tobias Rossmann\Desktop\Studium\Shared\NI WebServer\ApplicationWebServer.exe (National Instruments Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Windows\System32\schtasks.exe (Microsoft Corporation)
PRC - C:\Windows\System32\lkcitdl.exe (National Instruments, Inc.)
PRC - C:\Program Files\gateProtect\VPN Client\bin\GPVPNService.exe ()
PRC - C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe (SAMSUNG Electronics)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe (SEC)
PRC - C:\Windows\System32\Rezip.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\ce6b7579fbb77330560e9122d1cf6526\System.Web.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b6eb138c3c9be780acb767c1bef572c1\System.Runtime.Remoting.ni.dll ()
MOD - C:\Program Files\Google\Chrome\Application\27.0.1453.116\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll ()
MOD - C:\Program Files\Google\Chrome\Application\27.0.1453.116\pdf.dll ()
MOD - C:\Program Files\Google\Chrome\Application\27.0.1453.116\libglesv2.dll ()
MOD - C:\Program Files\Google\Chrome\Application\27.0.1453.116\libegl.dll ()
MOD - C:\Program Files\Google\Chrome\Application\27.0.1453.116\ffmpegsumo.dll ()
MOD - C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe ()
MOD - C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll ()
MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Users\Tobias Rossmann\Desktop\Studium\Shared\NI Error Reporting\niwsrp.dll ()
MOD - C:\windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()
MOD - C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3531.38495__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Wizard\2.0.3531.38598__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Wizard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3531.38570__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3531.38481__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3531.38537__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3531.38501__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3531.38570__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3531.38538__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3531.38551__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3531.38490__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3531.38533__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3531.38537__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3531.38571__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3531.38569__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3531.38524__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3531.38490__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3531.38595__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3531.38526__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3531.38502__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3531.38546__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3531.38532__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3531.38506__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3531.38501__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3531.38530__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3531.38525__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3531.38530__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3531.38505__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3531.38525__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3531.38520__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3531.38524__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3531.38525__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3531.38531__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3498.37534__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3498.37533__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3498.37558__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3498.37615__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3498.37612__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3498.37554__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3498.37610__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3498.37541__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3498.37518__90ba9c70f846762e\CLI.Foundation.dll ()
MOD - C:\windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll ()
MOD - C:\windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3498.37515__90ba9c70f846762e\LOG.Foundation.dll ()
MOD - C:\windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3498.37517__90ba9c70f846762e\NEWAEM.Foundation.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3498.37674__90ba9c70f846762e\CLI.Foundation.XManifest.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3498.37536__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3498.37540__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3498.37526__90ba9c70f846762e\CLI.Component.Client.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3498.37551__90ba9c70f846762e\MOM.Foundation.dll ()
MOD - C:\windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll ()
MOD - C:\windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3498.37571__90ba9c70f846762e\DEM.Graphics.dll ()
MOD - C:\windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3498.37544__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3498.37574__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3498.37547__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3498.37579__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3498.37582__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3498.37603__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3498.37602__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3498.37575__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3498.37580__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3498.37555__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3531.38593__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3498.37583__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3498.37578__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3498.37577__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3531.38575__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3498.37582__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3498.37557__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3498.37572__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3498.37552__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\APM.Foundation\2.0.3498.37553__90ba9c70f846762e\APM.Foundation.dll ()
MOD - C:\windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3498.37535__90ba9c70f846762e\AEM.Server.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3531.38478__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll ()
MOD - C:\windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3531.38565__90ba9c70f846762e\MOM.Implementation.dll ()
MOD - C:\windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3531.38563__90ba9c70f846762e\LOG.Foundation.Implementation.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3498.37522__90ba9c70f846762e\CLI.Foundation.Private.dll ()
MOD - C:\windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3498.37528__90ba9c70f846762e\LOG.Foundation.Private.dll ()
MOD - C:\windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3498.37531__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll ()
MOD - C:\windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3498.37547__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3531.38559__90ba9c70f846762e\CLI.Component.Systemtray.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3531.38495__90ba9c70f846762e\CLI.Component.Wizard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3531.38480__90ba9c70f846762e\CLI.Component.SkinFactory.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3531.38479__90ba9c70f846762e\CLI.Component.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3498.37546__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3498.37548__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3531.38486__90ba9c70f846762e\CLI.Component.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3498.37538__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll ()
MOD - C:\windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3498.37549__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3498.37585__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3531.38565__90ba9c70f846762e\CCC.Implementation.dll ()
MOD - C:\windows\assembly\GAC_MSIL\APM.Server\2.0.3531.38477__90ba9c70f846762e\APM.Server.dll ()
MOD - C:\windows\assembly\GAC_MSIL\AEM.Server\2.0.3531.38478__90ba9c70f846762e\AEM.Server.dll ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (WebCake Desktop Updater) -- C:\Program Files\WebCake\WebCakeDesktop.Updater.exe C:\Users\Tobias Rossmann\AppData\Roaming\WebCake\WebCakeDesktop.exe File not found
SRV - (ENI Server) -- C:\Users\Tobias Rossmann\Desktop\CoDeSys\CoDeSys ENI Server\ENI.exe File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (BrowserDefendert) -- C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe ()
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (mxssvr) -- C:\Users\Tobias Rossmann\Desktop\Studium\MAX\nimxs.exe (National Instruments Corporation)
SRV - (NITaggerService) -- C:\Users\Tobias Rossmann\Desktop\Studium\Shared\Tagger\tagsrv.exe (National Instruments Corporation)
SRV - (NIDomainService) -- C:\Users\Tobias Rossmann\Desktop\Studium\Shared\Security\nidmsrv.exe (National Instruments Corporation)
SRV - (lkTimeSync) -- C:\Windows\System32\lktsrv.exe (National Instruments Corporation)
SRV - (lkClassAds) -- C:\Windows\System32\lkads.exe (National Instruments Corporation)
SRV - (NINetworkDiscovery) -- C:\Users\Tobias Rossmann\Desktop\Studium\Shared\NI Network Discovery\niDiscSvc.exe (National Instruments Corporation)
SRV - (nimDNSResponder) -- C:\Users\Tobias Rossmann\Desktop\Studium\Shared\mDNS Responder\nimdnsResponder.exe (National Instruments Corporation)
SRV - (niSvcLoc) -- C:\Users\Tobias Rossmann\Desktop\Studium\Shared\NI WebServer\SystemWebServer.exe (National Instruments Corporation)
SRV - (NIApplicationWebServer) -- C:\Users\Tobias Rossmann\Desktop\Studium\Shared\NI WebServer\ApplicationWebServer.exe (National Instruments Corporation)
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (LkCitadelServer) -- C:\Windows\System32\lkcitdl.exe (National Instruments, Inc.)
SRV - (NILM License Manager) -- C:\Users\Tobias Rossmann\Desktop\Studium\Shared\License Manager\Bin\lmgrd.exe (Macrovision Corporation)
SRV - (niLXIDiscovery) -- C:\Program Files\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe (National Instruments Corporation)
SRV - (GPVPNService) -- C:\Program Files\gateProtect\VPN Client\bin\GPVPNService.exe ()
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Rezip) -- C:\Windows\System32\Rezip.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (AgereSoftModem) -- system32\DRIVERS\AGRSM.sys File not found
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (nipalfwedl) -- C:\Windows\System32\drivers\nipalfwedl.sys (National Instruments Corporation)
DRV - (nipalusbedl) -- C:\Windows\System32\drivers\nipalusbedl.sys (National Instruments Corporation)
DRV - (NIPALK) -- C:\Windows\System32\drivers\nipalk.sys (National Instruments Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (NiViPxiK) -- C:\Windows\System32\drivers\NiViPxiKl.sys (National Instruments Corporation)
DRV - (NiViPciK) -- C:\Windows\System32\drivers\NiViPciKl.sys (National Instruments Corporation)
DRV - (nidimk) -- C:\Windows\System32\drivers\nidimkl.sys (National Instruments Corporation)
DRV - (nipbcfk) -- C:\Windows\System32\drivers\nipbcfk.sys (National Instruments Corporation)
DRV - (VSPerfDrv100) -- C:\Users\Tobias Rossmann\Desktop\Studium\Team Tools\Performance Tools\VSPerfDrv100.sys (Microsoft Corporation)
DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys ()
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (VMC326) -- C:\Windows\System32\drivers\VMC326.sys (Vimicro Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (niorbk) -- C:\Windows\System32\drivers\niorbkl.sys (National Instruments Corporation)
DRV - (cvintdrv) -- C:\windows\System32\drivers\cvintdrv.sys ()
DRV - (RsFx0103) -- C:\Windows\System32\drivers\RsFx0103.sys (Microsoft Corporation)
 
 
========== Standard Registry (All) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
 
IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
 
IE - HKU\S-1-5-21-1016556084-3091970497-507946437-1000\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.delta-search.com/?babsrc=HP_ss&mntrId=6C6E0024541AA6C3&affID=120521&tsp=4932
IE - HKU\S-1-5-21-1016556084-3091970497-507946437-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKU\S-1-5-21-1016556084-3091970497-507946437-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKU\S-1-5-21-1016556084-3091970497-507946437-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-1016556084-3091970497-507946437-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-search.com/?babsrc=HP_ss&mntrId=6C6E0024541AA6C3&affID=120521&tsp=4932
IE - HKU\S-1-5-21-1016556084-3091970497-507946437-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-1016556084-3091970497-507946437-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-1016556084-3091970497-507946437-1000\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-1016556084-3091970497-507946437-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-1016556084-3091970497-507946437-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-1016556084-3091970497-507946437-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=6C6E0024541AA6C3&affID=120521&tsp=4932
IE - HKU\S-1-5-21-1016556084-3091970497-507946437-1000\..\SearchScopes\{3CABF988-1FE2-420A-B03D-20092295B650}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=3b5b11f5-155c-4a6f-b77f-3f31c9e22758&apn_sauid=402C6D5E-1B51-437B-AABB-FC9170EE64D1
IE - HKU\S-1-5-21-1016556084-3091970497-507946437-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-1016556084-3091970497-507946437-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN_de
IE - HKU\S-1-5-21-1016556084-3091970497-507946437-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-1016556084-3091970497-507946437-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKU\S-1-5-21-1016556084-3091970497-507946437-1000\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7
IE - HKU\S-1-5-21-1016556084-3091970497-507946437-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Delta Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.delta-search.com/?babsrc=HP_ss&mntrId=6C6E0024541AA6C3&affID=120521&tsp=4932"
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.5
FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.12.1
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.26
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&locale=de_DE&apn_uid=3b5b11f5-155c-4a6f-b77f-3f31c9e22758&apn_ptnrs=%5EABT&apn_sauid=402C6D5E-1B51-437B-AABB-FC9170EE64D1&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.26\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/02 16:50:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.26\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/01 15:52:08 | 000,000,000 | ---D | M]
 
[2010/01/13 21:25:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\Extensions
[2010/01/13 21:25:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2013/07/03 18:43:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\Firefox\Profiles\eb85k963.default\extensions
[2010/10/06 20:50:16 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\Firefox\Profiles\eb85k963.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2011/07/31 15:07:44 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\Firefox\Profiles\eb85k963.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/09/24 13:07:13 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\Firefox\Profiles\eb85k963.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010/01/17 00:41:16 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\Firefox\Profiles\eb85k963.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2013/07/03 18:43:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\Firefox\Profiles\eb85k963.default\extensions\ffxtlbr@babylon.com
[2013/07/03 18:43:22 | 000,000,000 | ---D | M] (Delta Toolbar) -- C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\Firefox\Profiles\eb85k963.default\extensions\ffxtlbr@delta.com
[2013/07/03 18:41:49 | 000,000,000 | ---D | M] (WebCake) -- C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\Firefox\Profiles\eb85k963.default\extensions\plugin@getwebcake.com
[2013/07/03 18:42:59 | 000,006,505 | ---- | M] () -- C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\firefox\profiles\eb85k963.default\searchplugins\babylon.xml
[2010/01/17 13:32:49 | 000,000,881 | ---- | M] () -- C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\firefox\profiles\eb85k963.default\searchplugins\conduit.xml
[2013/07/03 18:43:29 | 000,001,294 | ---- | M] () -- C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\firefox\profiles\eb85k963.default\searchplugins\delta.xml
[2013/06/26 15:24:33 | 000,000,950 | ---- | M] () -- C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\firefox\profiles\eb85k963.default\searchplugins\icqplugin-1.xml
[2010/10/21 19:11:02 | 000,000,950 | ---- | M] () -- C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\firefox\profiles\eb85k963.default\searchplugins\icqplugin-10.xml
[2010/10/29 17:59:51 | 000,000,950 | ---- | M] () -- C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\firefox\profiles\eb85k963.default\searchplugins\icqplugin-11.xml
[2010/12/19 13:00:24 | 000,000,950 | ---- | M] () -- C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\firefox\profiles\eb85k963.default\searchplugins\icqplugin-12.xml
[2011/03/03 23:36:13 | 000,000,950 | ---- | M] () -- C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\firefox\profiles\eb85k963.default\searchplugins\icqplugin-13.xml
[2011/03/06 10:36:03 | 000,000,950 | ---- | M] () -- C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\firefox\profiles\eb85k963.default\searchplugins\icqplugin-14.xml
[2011/03/26 18:10:40 | 000,000,950 | ---- | M] () -- C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\firefox\profiles\eb85k963.default\searchplugins\icqplugin-15.xml
[2011/05/11 14:44:52 | 000,000,950 | ---- | M] () -- C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\firefox\profiles\eb85k963.default\searchplugins\icqplugin-16.xml
[2011/06/25 09:13:41 | 000,000,950 | ---- | M] () -- C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\firefox\profiles\eb85k963.default\searchplugins\icqplugin-17.xml
[2011/08/21 11:15:24 | 000,000,950 | ---- | M] () -- C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\firefox\profiles\eb85k963.default\searchplugins\icqplugin-18.xml
[2011/09/02 21:54:16 | 000,000,950 | ---- | M] () -- C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\firefox\profiles\eb85k963.default\searchplugins\icqplugin-19.xml
[2010/03/26 21:10:49 | 000,000,950 | ---- | M] () -- C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\firefox\profiles\eb85k963.default\searchplugins\icqplugin-2.xml
[2011/09/08 12:59:36 | 000,000,950 | ---- | M] () -- C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\firefox\profiles\eb85k963.default\searchplugins\icqplugin-20.xml
[2011/10/19 13:47:37 | 000,000,950 | ---- | M] () -- C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\firefox\profiles\eb85k963.default\searchplugins\icqplugin-21.xml
[2011/11/26 19:44:49 | 000,000,950 | ---- | M] () -- C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\firefox\profiles\eb85k963.default\searchplugins\icqplugin-22.xml
[2012/01/02 22:00:44 | 000,000,950 | ---- | M] () -- C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\firefox\profiles\eb85k963.default\searchplugins\icqplugin-23.xml
[2012/06/02 16:50:56 | 000,000,950 | ---- | M] () -- C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\firefox\profiles\eb85k963.default\searchplugins\icqplugin-24.xml
[2013/03/07 14:33:20 | 000,000,950 | ---- | M] () -- C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\firefox\profiles\eb85k963.default\searchplugins\icqplugin-25.xml
[2010/04/02 22:02:28 | 000,000,950 | ---- | M] () -- C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\firefox\profiles\eb85k963.default\searchplugins\icqplugin-3.xml
[2010/06/24 18:38:33 | 000,000,950 | ---- | M] () -- C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\firefox\profiles\eb85k963.default\searchplugins\icqplugin-4.xml
[2010/06/28 18:51:30 | 000,000,950 | ---- | M] () -- C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\firefox\profiles\eb85k963.default\searchplugins\icqplugin-5.xml
[2010/07/23 14:41:13 | 000,000,950 | ---- | M] () -- C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\firefox\profiles\eb85k963.default\searchplugins\icqplugin-6.xml
[2010/07/26 17:58:01 | 000,000,950 | ---- | M] () -- C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\firefox\profiles\eb85k963.default\searchplugins\icqplugin-7.xml
[2010/09/11 21:50:51 | 000,000,950 | ---- | M] () -- C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\firefox\profiles\eb85k963.default\searchplugins\icqplugin-8.xml
[2010/09/20 13:20:36 | 000,000,950 | ---- | M] () -- C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\firefox\profiles\eb85k963.default\searchplugins\icqplugin-9.xml
[2010/03/14 14:48:45 | 000,000,955 | ---- | M] () -- C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\firefox\profiles\eb85k963.default\searchplugins\icqplugin.xml
[2010/01/16 21:20:03 | 000,001,201 | ---- | M] () -- C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\firefox\profiles\eb85k963.default\searchplugins\winamp-search.xml
[2012/03/05 10:28:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/01/13 21:42:55 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012/06/02 16:50:38 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/03/05 10:28:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/06/02 16:50:37 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2012/06/02 16:50:37 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2012/03/05 10:28:17 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/05/24 20:39:14 | 000,059,936 | ---- | M] (National Instruments) -- C:\Program Files\mozilla firefox\plugins\npIMAQAXControl.dll
[2011/06/09 19:05:10 | 000,025,088 | ---- | M] (National Instruments) -- C:\Program Files\mozilla firefox\plugins\nplv2010win32.dll
[2011/06/22 12:43:54 | 000,026,112 | ---- | M] (National Instruments) -- C:\Program Files\mozilla firefox\plugins\nplv2011win32.dll
[2009/10/22 10:28:40 | 000,028,448 | ---- | M] (National Instruments) -- C:\Program Files\mozilla firefox\plugins\NPLV82Win32.dll
[2008/12/10 15:49:34 | 000,023,040 | ---- | M] (National Instruments) -- C:\Program Files\mozilla firefox\plugins\nplv86win32.dll
[2010/10/19 19:15:20 | 000,025,088 | ---- | M] (National Instruments) -- C:\Program Files\mozilla firefox\plugins\nplv90win32.dll
[2012/06/02 16:50:38 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2012/07/27 22:51:30 | 000,184,248 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2011/09/02 21:53:58 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/09/02 21:53:58 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011/09/02 21:53:58 | 000,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2011/09/02 21:53:58 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/09/02 21:53:58 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/09/02 21:53:58 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Delta Search (Enabled)
CHR - default_search_provider: search_url = hxxp://www.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=6C6E0024541AA6C3&affID=120521&tsp=4932
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.delta-search.com/?babsrc=HP_ss&mntrId=6C6E0024541AA6C3&affID=120521&tsp=4932
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\pdf.dll
CHR - plugin: registryAccess (Enabled) = C:\Users\Tobias Rossmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaangaohdajkgeopjhpbnlpkehbhmbj\7.15.4.0_0\background/registryAccess.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: National Instruments IMAQ 1.0 Netscape Plug-in for Windows (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npIMAQAXControl.dll
CHR - plugin: National Instruments LabVIEW 2010 Netscape Plug-in for Windows (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nplv2010win32.dll
CHR - plugin: National Instruments LabVIEW 2011 Netscape Plug-in for Windows (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nplv2011win32.dll
CHR - plugin: National Instruments LabVIEW 8.2 Netscape Plug-in for Windows (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPLV82Win32.dll
CHR - plugin: National Instruments LabVIEW 8.6 Netscape Plug-in for Windows (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nplv86win32.dll
CHR - plugin: National Instruments LabVIEW 9.0 Netscape Plug-in for Windows (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nplv90win32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - Extension: Avira Toolbar = C:\Users\Tobias Rossmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaangaohdajkgeopjhpbnlpkehbhmbj\7.15.4.33344_0\
CHR - Extension: Delta Toolbar = C:\Users\Tobias Rossmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.4_0\
CHR - Extension: WebCake = C:\Users\Tobias Rossmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh\1.0.3_0\
 
O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (WebCake) - {2A5A2A90-3B30-4E6E-A955-2F232C6EF517} - C:\Program Files\WebCake\WebCakeIEClient.dll (WebCake LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files\Delta\delta\1.8.21.5\bh\delta.dll (Delta-search.com)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Microsoft-Webtestaufzeichnung 10.0-Hilfsprogramm) - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Users\Tobias Rossmann\Desktop\Studium\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files\Delta\delta\1.8.21.5\deltaTlbr.dll (Delta-search.com)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1016556084-3091970497-507946437-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1016556084-3091970497-507946437-1000\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ENISysTray] C:\Users\Tobias Rossmann\Desktop\CoDeSys\CoDeSys ENI Server\ENISysTray.exe File not found
O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft Device Center\ipoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IntelliType Pro] C:\Program Files\Microsoft Device Center\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NI Update Service] C:\Users\Tobias Rossmann\Desktop\Studium\Shared\Update Service\NIUpdateService.exe (National Instruments)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1016556084-3091970497-507946437-1000..\Run: [NIRegistrationWizard] C:\Users\Tobias Rossmann\Desktop\Studium\Shared\RegistrationWizard\Bin\RegistrationWizard.exe ()
O4 - HKU\S-1-5-21-1016556084-3091970497-507946437-1000..\Run: [Optimizer Pro] C:\Program Files\Optimizer Pro\OptProLauncher.exe (PC Utilities Pro)
O4 - HKU\S-1-5-21-1016556084-3091970497-507946437-1000..\Run: [syshost32] C:\Users\Tobias Rossmann\AppData\Local\{195FA8DB-7AD9-07B3-62C6-37234284098A}\syshost.exe File not found
O4 - HKU\S-1-5-21-1016556084-3091970497-507946437-1000..\Run: [WebCake Desktop] C:\Users\Tobias Rossmann\AppData\Roaming\WebCake\WebCakeDesktop.exe (WebCake LLC)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Tobias Rossmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: An OneNote s&enden - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Users\Tobias Rossmann\Desktop\Studium\Shared\mDNS Responder\nimdnsNSP.dll (National Instruments Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000042 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000043 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000044 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000045 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000046 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000047 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000048 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0B342B67-2DD7-4797-98B9-04CEF99E0D86}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-1016556084-3091970497-507946437-1000 Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\windows\System32\TSpkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\windows\System32\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{3014416f-d3d8-11de-9118-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{3014416f-d3d8-11de-9118-806e6f6e6963}\Shell\AutoRun\command - "" = E:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/07/04 00:22:34 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/07/03 23:58:40 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/07/03 18:43:57 | 000,000,000 | ---D | C] -- C:\Program Files\Uninstaller
[2013/07/03 18:43:38 | 000,000,000 | ---D | C] -- C:\Users\Tobias Rossmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
[2013/07/03 18:43:26 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserDefender
[2013/07/03 18:43:20 | 000,000,000 | ---D | C] -- C:\Program Files\Delta
[2013/07/03 18:43:15 | 000,000,000 | ---D | C] -- C:\Users\Tobias Rossmann\AppData\Roaming\Delta
[2013/07/03 18:43:15 | 000,000,000 | ---D | C] -- C:\Users\Tobias Rossmann\AppData\Roaming\BabSolution
[2013/07/03 18:42:52 | 000,000,000 | ---D | C] -- C:\Users\Tobias Rossmann\AppData\Roaming\Optimizer Pro
[2013/07/03 18:42:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zipper
[2013/07/03 18:42:43 | 000,000,000 | ---D | C] -- C:\Program Files\Tuguu SL
[2013/07/03 18:42:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro
[2013/07/03 18:42:36 | 000,000,000 | ---D | C] -- C:\Users\Tobias Rossmann\AppData\Local\Programs
[2013/07/03 18:42:36 | 000,000,000 | ---D | C] -- C:\Program Files\Optimizer Pro
[2013/07/03 18:41:47 | 000,000,000 | ---D | C] -- C:\Users\Tobias Rossmann\AppData\Roaming\WebCake
[2013/07/03 18:41:47 | 000,000,000 | ---D | C] -- C:\Program Files\WebCake
[2013/07/03 18:41:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2013/07/03 18:41:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2013/07/03 18:41:33 | 000,000,000 | ---D | C] -- C:\Users\Tobias Rossmann\AppData\Roaming\Babylon
[2013/06/22 12:38:48 | 000,000,000 | ---D | C] -- C:\Users\Tobias Rossmann\Desktop\verschiedenes
[2013/06/12 22:47:43 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2013/06/12 22:47:42 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2013/06/12 22:44:56 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll
[2013/06/12 22:44:55 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iesetup.dll
[2013/06/12 22:44:55 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2013/06/12 22:44:54 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2013/06/12 22:44:54 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ie4uinit.exe
[2013/06/12 22:44:54 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iernonce.dll
[2013/06/12 22:44:53 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iesysprep.dll
[2013/06/12 22:44:53 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RegisterIEPKEYs.exe
[2013/06/12 18:55:13 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d11.dll
[2013/06/12 18:55:08 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\cryptdlg.dll
[2013/06/12 18:55:02 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\certutil.exe
[2013/06/12 18:55:01 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\certenc.dll
[2013/06/12 18:54:56 | 003,968,872 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntkrnlpa.exe
[2013/06/12 18:54:56 | 003,913,576 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntoskrnl.exe
[2 C:\Users\Tobias Rossmann\Desktop\*.tmp files -> C:\Users\Tobias Rossmann\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/07/03 19:22:43 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/07/03 19:08:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/07/03 19:06:02 | 000,001,116 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/03 18:46:38 | 000,001,144 | ---- | M] () -- C:\Users\Tobias Rossmann\Desktop\Continue Zip Opener Installation.lnk
[2013/07/03 18:42:40 | 000,000,980 | ---- | M] () -- C:\Users\Tobias Rossmann\Desktop\Optimizer Pro.lnk
[2013/07/03 18:41:41 | 000,015,056 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/03 18:41:41 | 000,015,056 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/03 18:39:06 | 000,763,254 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2013/07/03 18:39:06 | 000,718,532 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2013/07/03 18:39:06 | 000,173,608 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2013/07/03 18:39:06 | 000,146,554 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2013/07/03 18:33:59 | 000,000,702 | ---- | M] () -- C:\windows\tasks\MATLAB R2011b Startup Accelerator.job
[2013/07/03 18:28:28 | 000,001,112 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/03 18:27:29 | 2388,086,784 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/03 13:11:55 | 000,003,224 | ---- | M] () -- C:\bootsqm.dat
[2013/06/29 16:35:47 | 000,080,481 | ---- | M] () -- C:\Users\Tobias Rossmann\Desktop\Stromverlauf.jpg
[2013/06/20 10:16:56 | 000,001,966 | ---- | M] () -- C:\Users\Tobias Rossmann\AppData\Local\recently-used.xbel
[2013/06/13 22:18:55 | 003,563,911 | ---- | M] () -- C:\Users\Tobias Rossmann\Desktop\Wald.JPG
[2013/06/12 13:44:02 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe
[2013/06/12 13:44:02 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[2013/06/08 13:40:02 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2013/06/08 13:13:19 | 002,706,432 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2 C:\Users\Tobias Rossmann\Desktop\*.tmp files -> C:\Users\Tobias Rossmann\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/07/03 18:46:38 | 000,001,144 | ---- | C] () -- C:\Users\Tobias Rossmann\Desktop\Continue Zip Opener Installation.lnk
[2013/07/03 18:42:40 | 000,000,980 | ---- | C] () -- C:\Users\Tobias Rossmann\Desktop\Optimizer Pro.lnk
[2013/07/03 13:11:55 | 000,003,224 | ---- | C] () -- C:\bootsqm.dat
[2013/06/29 16:35:47 | 000,080,481 | ---- | C] () -- C:\Users\Tobias Rossmann\Desktop\Stromverlauf.jpg
[2013/06/20 10:16:56 | 000,001,966 | ---- | C] () -- C:\Users\Tobias Rossmann\AppData\Local\recently-used.xbel
[2013/06/13 22:18:55 | 003,563,911 | ---- | C] () -- C:\Users\Tobias Rossmann\Desktop\Wald.JPG
[2013/03/20 21:38:11 | 000,075,264 | ---- | C] () -- C:\windows\System32\callrproxy.dll
[2011/11/16 15:22:04 | 000,003,843 | ---- | C] () -- C:\windows\scad3.INI
[2011/07/13 04:40:57 | 000,000,000 | ---- | C] () -- C:\Users\Tobias Rossmann\AppData\Local\{F0D212F8-ABBE-4CF2-B8CE-0F99522FBD83}
[2011/07/13 01:40:42 | 000,000,000 | ---- | C] () -- C:\Users\Tobias Rossmann\AppData\Local\{FE9F1CF2-22C6-49B6-87E6-39CD9422313F}
[2010/01/12 20:43:54 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
 
========== ZeroAccess Check ==========
 
[2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
"ThreadingModel" = Both
"" = C:\$Recycle.Bin\S-1-5-21-1016556084-3091970497-507946437-1000\$09091a959288d0d384b99fa633307145\n.
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
--- --- ---

[/CODE]

das hat jetzt echt lang gedauert. Ist das so richtig wie ich es gemacht habe?

cosinus 03.07.2013 22:51
ja...:) ich will mit einem etwas aktuelleren Tool nochmal gegenchecken:

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Tobi R. 04.07.2013 00:31
Code:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-07-2013 02
Ran by Tobias Rossmann at 2013-07-04 01:29:10
Running from C:\Users\Tobias Rossmann\Downloads
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

7-Zip 9.20
Adobe Flash Player 10 Plugin (Version: 10.0.42.34)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Adobe Reader X (10.1.4) - Deutsch (Version: 10.1.4)
Ask Toolbar (Version: 1.15.4.0)
ATI Catalyst Install Manager (Version: 3.0.741.0)
Avira Free Antivirus (Version: 12.1.9.1236)
Avira SearchFree Toolbar plus Web Protection Updater (HKCU Version: 1.3.0.23930)
BatteryLifeExtender (Version: 1.0.0)
BrowserDefender
CANON iMAGE GATEWAY Task for ZoomBrowser EX (Version: 1.3.1.5)
Canon Internet Library for ZoomBrowser EX (Version: 1.5.1.4)
Canon RAW Image Task for ZoomBrowser EX (Version: 2.7.0.3)
Canon Utilities Digital Photo Professional 3.8 (Version: 3.8.1.0)
Canon Utilities EOS Utility (Version: 2.1.0.1)
Canon Utilities Original Data Security Tools (Version: 1.1.0.0)
Canon Utilities PhotoStitch (Version: 3.1.19.43)
Canon Utilities Picture Style Editor (Version: 1.0.1.0)
Canon Utilities WFT-E1/E2/E3 Utility (Version: 3.1.0.7)
Canon Utilities ZoomBrowser EX (Version: 5.8.0.74)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2009.0901.2227.38495)
Catalyst Control Center Graphics Full Existing (Version: 2009.0901.2227.38495)
Catalyst Control Center Graphics Full New (Version: 2009.0901.2227.38495)
Catalyst Control Center Graphics Light (Version: 2009.0901.2227.38495)
Catalyst Control Center Graphics Previews Vista (Version: 2009.0901.2227.38495)
Catalyst Control Center InstallProxy (Version: 2009.0901.2227.38495)
Catalyst Control Center Localization All (Version: 2009.0901.2227.38495)
CCC Help Chinese Standard (Version: 2009.0901.2226.38495)
CCC Help Chinese Traditional (Version: 2009.0901.2226.38495)
CCC Help Czech (Version: 2009.0901.2226.38495)
CCC Help Danish (Version: 2009.0901.2226.38495)
CCC Help Dutch (Version: 2009.0901.2226.38495)
CCC Help English (Version: 2009.0901.2226.38495)
CCC Help Finnish (Version: 2009.0901.2226.38495)
CCC Help French (Version: 2009.0901.2226.38495)
CCC Help German (Version: 2009.0901.2226.38495)
CCC Help Greek (Version: 2009.0901.2226.38495)
CCC Help Hungarian (Version: 2009.0901.2226.38495)
CCC Help Italian (Version: 2009.0901.2226.38495)
CCC Help Japanese (Version: 2009.0901.2226.38495)
CCC Help Korean (Version: 2009.0901.2226.38495)
CCC Help Norwegian (Version: 2009.0901.2226.38495)
CCC Help Polish (Version: 2009.0901.2226.38495)
CCC Help Portuguese (Version: 2009.0901.2226.38495)
CCC Help Russian (Version: 2009.0901.2226.38495)
CCC Help Spanish (Version: 2009.0901.2226.38495)
CCC Help Swedish (Version: 2009.0901.2226.38495)
CCC Help Thai (Version: 2009.0901.2226.38495)
CCC Help Turkish (Version: 2009.0901.2226.38495)
ccc-core-static (Version: 2009.0901.2227.38495)
ccc-utility (Version: 2009.0901.2227.38495)
ChargeableUSB (Version: 1.0.0.0)
CoDeSys for Automation Alliance
Crystal Reports for Visual Studio (Version: 12.51.0.240)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Delta Chrome Toolbar
Delta toolbar  (Version: 1.8.21.5)
Dotfuscator Software Services - Community Edition - DEU (Version: 5.0.2300.0)
Dotfuscator Software Services - Community Edition (Version: 5.0.2300.0)
DRI Tool 2.0 (Version: 2.0)
Easy Network Manager (Version: 4.2.4)
Easy SpeedUp Manager (Version: 3.0.0.4)
EasyBatteryManager (Version: 4.0.0.2)
Garmin Communicator Plugin (Version: 3.0.1)
Garmin USB Drivers (Version: 2.3.0.0)
gateProtect VPN Client 2.5
GIMP 2.6.11 (Version: 2.6.11)
Google Chrome (Version: 27.0.1453.116)
Google Update Helper (Version: 1.3.21.145)
HI-TECH C51-lite V9.60PL0 (Version: 9.60)
HI-TECH PICC lite V9.60PL0 (Version: 9.60)
Inkscape 0.48.4 (Version: 0.48.4)
IVI Shared Component (Version: 2.21.49152)
IVI Shared Components 2.2.1 (Version: 2.21.49152)
Java Auto Updater (Version: 2.0.7.1)
Java(TM) 6 Update 31 (Version: 6.0.310)
Junk Mail filter update (Version: 14.0.8089.726)
LTspice IV
MATLAB R2011b (Version: 7.13)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Multi-Targeting Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft ASP.NET MVC 2 - DEU (Version: 2.0.50331.0)
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools - DEU (Version: 2.0.50331.0)
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools (Version: 2.0.50217.0)
Microsoft ASP.NET MVC 2 (Version: 2.0.50217.0)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Help Viewer 1.0 (Version: 1.0.30319)
Microsoft Help Viewer 1.0 Language Pack - DEU (Version: 1.0.30319)
Microsoft Office 2003 Web Components (Version: 11.0.8003.0)
Microsoft Office 2007 Primary Interop Assemblies (Version: 12.0.4518.1014)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Home and Student 2010 (Version: 14.0.6029.1000)
Microsoft Office Live Add-in 1.3 (Version: 2.0.2313.0)
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook Connector (Version: 12.0.6423.1000)
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)
Microsoft Office Small Business Connectivity Components (Version: 2.0.7024.0)
Microsoft Office Suite Activation Assistant (Version: 2.9)
Microsoft Office Word MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft Silverlight 3 SDK - Deutsch (Version: 3.0.40818.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Common Files (Version: 10.0.1600.22)
Microsoft SQL Server 2008 Common Files (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Database Engine Services (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Database Engine Shared (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Native Client (Version: 10.1.2531.0)
Microsoft SQL Server 2008 R2 Data-Tier Application Project (Version: 10.50.1447.4)
Microsoft SQL Server 2008 R2 Management Objects (Version: 10.50.1447.4)
Microsoft SQL Server 2008 R2 Transact-SQL Language Service (Version: 10.50.1447.4)
Microsoft SQL Server 2008 R2-Datenebenenanwendungs-Framework (Version: 10.50.1447.4)
Microsoft SQL Server 2008 RsFx Driver (Version: 10.1.2531.0)
Microsoft SQL Server Compact 3.5 SP2 DEU (Version: 3.5.8080.0)
Microsoft SQL Server Database Publishing Wizard 1.4 (Version: 10.1.2512.8)
Microsoft SQL Server Native Client (Version: 9.00.4035.00)
Microsoft SQL Server System CLR Types (Version: 10.50.1447.4)
Microsoft SQL Server VSS Writer (Version: 10.1.2531.0)
Microsoft Sync Framework Runtime v1.0 SP1 (x86) de (Version: 1.0.3010.0)
Microsoft Sync Framework SDK v1.0 SP1 de (Version: 1.0.3010.0)
Microsoft Sync Framework Services v1.0 SP1 (x86) de (Version: 1.0.3010.0)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x86) de (Version: 2.0.3010.0)
Microsoft Team Foundation Server 2010 Object Model - DEU (Version: 10.0.30319)
Microsoft Team Foundation Server 2010-Objektmodell - DEU (Version: 10.0.30319)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual F# 2.0 Runtime (Version: 10.0.30319)
Microsoft Visual F# 2.0 Runtime Language Pack - DEU (Version: 10.0.30319)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (Version: 10.0.30319)
Microsoft Visual Studio 2010 Office Developer Tools (x86) (Version: 10.0.30319)
Microsoft Visual Studio 2010 Office Developer Tools (x86) Language Pack - DEU (Version: 10.0.30319)
Microsoft Visual Studio 2010 Performance Collection Tools - DEU (Version: 10.0.30319)
Microsoft Visual Studio 2010 SharePoint Developer Tools (Version: 10.0.30319)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU (Version: 10.0.30319)
Microsoft Visual Studio 2010 Ultimate - DEU (Version: 10.0.30319)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU (Version: 10.0.30319)
Microsoft Visual Studio Macro Tools - DEU Language Pack (Version: 9.0.30729)
Microsoft Visual Studio Macro Tools (Version: 9.0.30729)
Microsoft-Maus- und Tastatur-Center (Version: 1.1.500.0)
Mozilla Firefox (3.6.26) (Version: 3.6.26 (de))
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
National Instruments - Software (Version: )
NI AFW Channel Configuration Tool (Version: 7.5.125.0)
NI AFW Custom UI (Version: 7.5.125.0)
NI AFW Custom UI Assemblies (Version: 7.0.132.0)
NI AFW UI Assemblies (Version: 7.2.8.0)
NI Assistant Framework (Version: 7.5.126.0)
NI Assistant Framework LabVIEW 2011 Support (Version: 7.5.69.0)
NI Assistant Framework LabVIEW Code Generator 2011 (Version: 7.5.64.0)
NI Authentication 2.0 (Version: 2.0.220.0)
NI Certificates Deployment Support (Version: 1.02.49152)
NI Circuit Design Suite 11.0.2 Core (Version: 11.0.775)
NI Circuit Design Suite 11.0.2 Edu Licenses (Version: 11.0.775)
NI Circuit Design Suite 11.0.2 Education (Version: 11.0.775)
NI CodeSignAPI (Version: 2.70.346)
NI Control Design Assistant 2011 (Version: 11.0.94.0)
NI Curl 1.1 (Version: 1.1.216.0)
NI DataSocket 4.9 (Version: 4.9.229.0)
NI Distributed System Manager 2011 (Version: 11.0.305.0)
NI DN 2.0 SP1 installer (Version: 2.11.49152)
NI Enhanced DSC Deployment Support for LabVIEW 2010 (Version: 10.0.258.0)
NI Error Reporting 2011 (Version: 11.0.154.0)
NI EulaDepot (Version: 3.0.397)
NI Example Finder 11.0 (Version: 11.0.309.0)
NI GMP Windows 32-bit Installer 11.0.0 (Version: 11.0.22.0)
NI Help Assistant (Version: 1.0.11)
NI Instrument IO Assistant for LabVIEW 2011 32-bit (Version: 1.0.13.0)
NI IVI Class Driver LabVIEW 2011 Support (Version: 4.40.49155)
NI IVI Class Drivers (Version: 6.40.49155)
NI IVI Class Simulation Drivers (Version: 4.40.49155)
NI IVI Compliance Package 4.4 (Version: 4.40.49155)
NI IVI Engine (Version: 134.40.49155)
NI IVI Online Help (Version: 4.40.49155)
NI IVI Provider for MAX (Version: 5.50.49155)
NI LabVIEW 2009 SP1 Run-Time Engine Web Services (Version: 9.0.234.0)
NI LabVIEW 2010 Real-Time NBFifo (Version: 10.0.214.0)
NI LabVIEW 2011 (Version: 11.0.308.0)
NI LabVIEW 2011 (Version: 11.0.325.0)
NI LabVIEW 2011 (Version: 11.0.326.0)
NI LabVIEW 2011 (Version: 11.0.327.0)
NI LabVIEW 2011 (Version: 11.0.329.0)
NI LabVIEW 2011 (Version: 11.0.362.0)
NI LabVIEW 2011 Control Design and Simulation Module (Version: 10.0.189.0)
NI LabVIEW 2011 Control Design MathScript Support (Version: 11.0.188.0)
NI LabVIEW 2011 Control Design Real-Time Support (Version: 11.0.176.0)
NI LabVIEW 2011 Control Design Shared VIs (Version: 11.0.190.0)
NI LabVIEW 2011 Deployable License (Version: 11.0.312.0)
NI LabVIEW 2011 Deployment Framework (Version: 11.0.64.0)
NI LabVIEW 2011 Digital Filter Design Toolkit (Version: 11.0.162.0)
NI LabVIEW 2011 Digital Filter Design Toolkit License (Version: 11.0.162.0)
NI LabVIEW 2011 Digital Filter Design Toolkit RT Support (Version: 11.0.161.0)
NI LabVIEW 2011 Help (Version: 11.0.307.0)
NI LabVIEW 2011 Help File (Version: 11.0.304.0)
NI LabVIEW 2011 License (Version: 11.0.309.0)
NI LabVIEW 2011 Manuals (Version: 11.0.306.0)
NI LabVIEW 2011 MathScript RT Module (Version: 11.0.228.0)
NI LabVIEW 2011 MathScript RT Module (Version: 11.0.229.0)
NI LabVIEW 2011 MathScript RT Module License (Version: 11.0.230.0)
NI LabVIEW 2011 MeasAppChm File (Version: 11.0.303.0)
NI LabVIEW 2011 Real-Time Error Dialog (Version: 11.0.248.0)
NI LabVIEW 2011 Real-Time NBFifo (Version: 11.0.250.0)
NI LabVIEW 2011 Run-Time Engine Non-English Support. (Version: 11.0.210.0)
NI LabVIEW 2011 Search (Version: 11.0.36.0)
NI LabVIEW 2011 Simulation (Version: 11.0.310.0)
NI LabVIEW 2011 System Identification Assistant (Version: 11.0.168.0)
NI LabVIEW 2011 System Identification Toolkit (Version: 11.0.169.0)
NI LabVIEW 2011 System Identification Toolkit License (Version: 11.0.169.0)
NI LabVIEW 2011 System Identification Toolkit VIs (Version: 11.0.168.0)
NI LabVIEW 2011 VIPM Helper (Version: 11.0.114.0)
NI LabVIEW 2011 Web Server (Version: 11.0.301.0)
NI LabVIEW Analog Modulation Toolkit 4.3.1 (Version: 4.31.49156)
NI LabVIEW Broker (Version: 6.8.10.0)
NI LabVIEW C Interface (Version: 1.0.1)
NI LabVIEW Compare Utility 11.0.0 (Version: 11.0.2.0)
NI LabVIEW EWB DeviceHandler 2010 (Version: 5.0.142.0)
NI LabVIEW MAX XML (Version: 9.0.6.0)
NI LabVIEW Merge Utility 11.0.0 (Version: 11.0.307.0)
NI LabVIEW Modulation Toolkit 4.3.1 (Version: 4.31.49156)
NI LabVIEW Real-Time FIFO for Runtime (Version: 8.2.74.0)
NI LabVIEW Real-Time NBFifo (Version: 8.6.348.0)
NI LabVIEW Real-Time NBFifo (Version: 9.0.319.0)
NI LabVIEW Run-Time Engine 2009 SP1 (Version: 9.0.1077.0)
NI LabVIEW Runtime Engine 2010 SP1 (Version: 10.1.104.0)
NI LabVIEW Run-Time Engine 2011 (Version: 11.0.322.0)
NI LabVIEW Run-Time Engine 8.2.1 (Version: 8.2.393.0)
NI LabVIEW Run-Time Engine 8.6.1 (Version: 8.6.426.0)
NI LabVIEW Run-Time Engine Interop 2009 (Version: 9.0.149.0)
NI LabVIEW Run-Time Engine Interop 2010 (Version: 10.1.105.0)
NI LabVIEW Run-Time Engine Interop 2011 (Version: 11.0.323.0)
NI LabVIEW SignalExpress 2011 (Version: 5.0.148.0)
NI LabVIEW SignalExpress 2011 Core (Version: 5.0.142.0)
NI LabVIEW SignalExpress 2011 Core LabVIEW 2011 Support (Version: 5.0.87.0)
NI LabVIEW SignalExpress 2011 Core LabVIEW Support (Version: 5.0.142.0)
NI LabVIEW SignalExpress 2011 Datatypes (Version: 5.0.99.0)
NI LabVIEW SignalExpress 2011 Datatypes LabVIEW 2011 Support (Version: 5.0.65.0)
NI LabVIEW SignalExpress 2011 LabVIEW 2011 Support (Version: 5.0.75.0)
NI LabVIEW SignalExpress 2011 LabVIEW Support (Version: 5.0.110.0)
NI LabVIEW SignalExpress 2011 Licenses (Version: 5.0.142.0)
NI LabVIEW SignalExpress 2011 Steps (Version: 5.0.110.0)
NI LabVIEW SignalExpress 2011 Tools (Version: 5.0.99.0)
NI LabVIEW Web Server for Run-Time Engine (Version: 10.0.235.0)
NI LabVIEW Web Server for Run-Time Engine (Version: 11.0.301.0)
NI LabVIEW Web Server for Run-Time Engine (Version: 8.6.41.0)
NI LabVIEW Web Server for Run-Time Engine (Version: 9.0.185.0)
NI LabVIEW Web Services Runtime (Version: 11.0.305.0)
NI LabVIEW Web Services Runtime (Version: 8.6.48.0)
NI LabWindows/CVI 2010 Code Generator (Version: 10.0.0360)
NI LabWindows/CVI 2010 LabVIEW DLL Builder (Version: 10.0.0360)
NI LabWindows/CVI 9.0.1 Run-Time Engine (Version: 9.0.1376)
NI License Manager (Version: 3.6.85)
NI Logos 5.3.0 (Version: 5.3.223.0)
NI Logos LabVIEW 2011 Support (Version: 11.0.310.0)
NI Logos XT Support (Version: 5.3.222.0)
NI Math Kernel Libraries (Version: 1.0.25.0)
NI Math Kernel Libraries (Version: 1.0.28.0)
NI Math Kernel Libraries (Version: 1.0.5.0)
NI Math Kernel Libraries (Version: 1.0.861.0)
NI MAX Remote Configuration Installer 5.0 (Version: 5.00.49153)
NI MDF Support (Version: 3.0.397)
NI mDNS Responder 1.6.0 (Version: 1.60.49155)
NI Measurement & Automation Explorer 5.0.0 (Version: 5.00.49153)
NI Measurement Studio 8.6 Enterprise RunTime for VS2005 (Version: 8.6.10466)
NI Measurement Studio Common .NET Assemblies for .NET 2.0 (Version: 9.1.00159)
NI Measurement Studio Common .NET Assemblies for .NET 3.5 (Version: 9.1.00159)
NI Measurement Studio Recipe Processor (Version: 8.0.0101)
NI MetaSuite Installer (Version: 3.0.397)
NI Microsoft Silverlight Wrapper (Version: 4.0.307)
NI MXS 5.0.0 (Version: 5.00.49153)
NI Network Discovery 5.0 (Version: 5.00.49152)
NI OPC Support (Version: 11.0.243.0)
NI Portable Configuration 5.0.0 (Version: 5.00.49152)
NI Registration Wizard (Version: 1.3.87.0)
NI Remote Provider for MAX 5.0.0 (Version: 5.00.49153)
NI Remote PXI Provider for MAX 5.0.0 (Version: 5.00.49152)
NI Search Shared (Version: 11.0.28.0)
NI Software Provider for MAX 5.0.0 (Version: 5.00.49152)
NI Sound and Vibration Frequency Analysis 2010 (Version: 11.0.61.0)
NI Sound and Vibration Frequency Analysis LabVIEW 2011 Support (Version: 11.0.31.0)
NI SSL LabVIEW 2011 Support (Version: 11.0.277.0)
NI SSL Support (Version: 11.0.221.0)
NI System API Client for WIF 5.0.0 (Version: 5.0.251.0)
NI System API Web-Servce 32-bit 5.0.0 (Version: 5.0.310.0)
NI System API Windows 32-bit 5.0.0 (Version: 5.0.312.0)
NI System Configuration Runtime 5.0.0 (Version: 5.0.362.0)
NI System Identification Assistant LabVIEW Support (Version: 11.0.168.0)
NI System State Publisher (Version: 11.0.306.0)
NI System Web Server 2.0 (Version: 11.0.213.0)
NI System Web Server Base 2.0 (Version: 2.0.215.0)
NI TDM Excel Add-In 3.3 (Version: 3.3.35.0)
NI TDMS (Version: 2.3.175.0)
NI Trace Engine (Version: 11.0.213.0)
NI Uninstaller (Version: 3.0.397)
NI Update Service 2.0 (Version: 2.0.270.0)
NI USI 1.9.0 (Version: 1.9.04551)
NI Variable Engine 2.5.0 (Version: 2.5.247.0)
NI Variable Engine LabVIEW 2011 Support (Version: 11.0.310.0)
NI VC2005MSMs x86 (Version: 8.04.0)
NI VC2008MSMs x86 (Version: 9.0.301)
NI Vision .NET 2011 (Version: 11.0.74.0)
NI Vision .NET Run-Time Engine 2011 (Version: 11.0.67.0)
NI Vision 2011 (Version: 11.0.75.0)
NI Vision Assistant 2011 (Version: 11.0.63.0)
NI Vision Assistant 2011 .NET (Version: 11.0.63.0)
NI Vision Builder AI 2010 (Version: 4.10.140.0)
NI Vision Builder AI 2010 API Interface (Version: 4.10.71.0)
NI Vision Builder AI 2010 Shared Resources (Version: 4.10.79.0)
NI Vision Common Resources 2011 (Version: 11.0.73.0)
NI Vision Run-Time Engine 2011 (Version: 11.0.67.0)
NI Web Application Server 2.0 (Version: 2.0.212.0)
NI Web Interface Framework 2.0 (Version: 2.0.214.0)
NI Web Pipeline 2.0.1 (Version: 2.0.128.0)
NI Xalan Delay Load 1.10.1 (Version: 1.10.46.0)
NI Xerces Delay Load 2.7.3 (Version: 2.7.180.0)
NI-DAQmx/LabVIEW shared documentation 1.9.5 (Version: 1.95.49152)
NI-DIM 1.11.0f0 (Version: 1.110.49152)
NI-IMAQ Camera Files (Version: 4.50.31.0)
NI-Mesa (Version: 11.0.11.0)
NI-ORB 1.9.3f0 (Version: 1.94.49152)
NI-PAL 2.6.5f0 (Version: 10.75.49152)
NI-RPC 4.2.2f0 (Version: 4.22.49152)
NI-RPC 4.2.2f0 for Phar Lap ETS (Version: 4.22.49152)
NI-VISA Runtime 5.0.3 (Version: 5.03.49152)
OpenOffice.org 3.3 (Version: 3.3.9567)
Optimizer Pro v3.1 (Version: 3.1)
PDF Blender
Realtek High Definition Audio Driver (Version: 6.0.1.5919)
REALTEK Wireless LAN Software (Version: 1.01.0088)
Reset NI Config 5.0.0 (Version: 5.0.146.0)
Samsung Recovery Solution 4 (Version: 4.0.0.3)
Samsung Support Center (Version: 1.0.1)
Service Pack 1 für SQL Server 2008 (KB 968369) (Version: 10.1.2531.0)
Sql Server Customer Experience Improvement Program (Version: 10.1.2531.0)
Uninstall 1.0.0.1
Unterstützungsdateien für Microsoft SQL Server 2008-Setup  (Version: 10.1.2731.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (Version: 1)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
VISA Shared Components
VISA Shared Components (Version: 1.3.1)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU (Version: 4.0.8080.0)
Web Deployment Tool (Version: 1.1.0618)
WebCake 3.00 (Version: 3.00)
WIF Core Dependencies Windows 5.0.0 (Version: 5.0.123.0)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0) (Version: 06/03/2009 2.3.0.0)
Windows Live Anmelde-Assistent (Version: 5.000.818.5)
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8064.206)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live Family Safety (Version: 14.0.8093.805)
Windows Live Fotogalerie (Version: 14.0.8081.709)
Windows Live Mail (Version: 14.0.8089.0726)
Windows Live Messenger (Version: 14.0.8089.0726)
Windows Live Movie Maker (Version: 14.0.8091.0730)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live Writer (Version: 14.0.8089.0726)
Windows Live-Uploadtool (Version: 14.0.8014.1029)
WinRAR
Zipper (Version: 1.0.3)

==================== Restore Points  =========================

05-06-2013 21:11:34 Windows Update
06-06-2013 21:26:46 Windows Update
07-06-2013 20:35:21 Windows Update
08-06-2013 18:32:15 Windows Update
09-06-2013 21:50:11 Windows Update
10-06-2013 21:44:13 Windows Update
11-06-2013 22:38:45 Windows Update
12-06-2013 20:44:01 Windows Update
27-06-2013 08:12:19 Windows Modules Installer
27-06-2013 08:22:35 Windows Modules Installer
29-06-2013 10:15:19 Windows Update
03-07-2013 10:02:29 Windows Update

==================== Scheduled Tasks (whitelisted) =============

Task: {0C5AC2D6-92E7-4027-AF31-502439181317} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-12] (Adobe Systems Incorporated)
Task: {3BEA1269-71AA-491F-B309-219AE332725E} - System32\Tasks\EasyBatteryManager => C:\Program Files\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2009-08-01] (SAMSUNG Electronics co., LTD.)
Task: {4D62CFEF-E1DA-4727-A5D9-7C241B131A90} - System32\Tasks\EPUpdater => C:\Users\TOBIAS~1\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe [2013-06-06] ()
Task: {4EE2A8A1-9346-423F-8EC2-1760E5073B97} - System32\Tasks\advSRS4 => C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2009-08-06] (SEC)
Task: {517B8940-26B3-4DA7-BE49-1E901A334901} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-07-15] (Google Inc.)
Task: {5A3185F0-7A94-4818-98FD-AC887B1150BE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-07-15] (Google Inc.)
Task: {65CAA3FC-6411-4E38-A61B-05EDDDD07C53} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe No File
Task: {7366B38C-B7CB-49A5-AE9B-DC9EF847FB55} - System32\Tasks\BatteryLifeExtender => C:\Program Files\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2009-08-12] (Samsung Electronics. Co. Ltd.)
Task: {7B028705-E219-4FBB-9B71-F4B9075AF767} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Device Center\itype.exe [2012-06-26] (Microsoft Corporation)
Task: {7C233FF6-E3D6-4EB2-8CF4-F7BF21E174CF} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => C:\Program Files\Microsoft Device Center\devicecenter.exe [2012-06-26] (Microsoft)
Task: {86AABC58-8DA0-4A1A-90C8-7AE51DC464DB} - System32\Tasks\SamsungSupportCenter => C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe [2009-09-07] (SAMSUNG Electronics)
Task: {C8D56468-0A91-4A6F-9C36-C77001445253} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\windows\System32\lpksetup.exe [2010-11-20] (Microsoft Corporation)
Task: {CB39B251-0B89-4313-A487-12780C5257C7} - System32\Tasks\MATLAB R2011b Startup Accelerator => C:\Users\Tobias Rossmann\Desktop\Studium\Regelungstechnik1\Final\bin\win32\MATLABStartupAccelerator.exe [2011-07-08] ()
Task: {CDDEC046-0DFC-4356-81B8-830F4D9A9142} - System32\Tasks\BrowserDefendert => C:\windows\system32\sc.exe [2009-07-14] (Microsoft Corporation)
Task: {E3FEADA3-2315-46C3-80FE-1A5A6DBAE2F5} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Device Center\ipoint.exe [2012-06-26] (Microsoft Corporation)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\MATLAB R2011b Startup Accelerator.job => C:\Users\Tobias Rossmann\Desktop\Studium\Regelungstechnik1\Final\bin\win32\MATLABStartupAccelerator.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/03/2013 07:40:38 PM) (Source: Application Hang) (User: )
Description: Programm OTL.exe, Version 3.2.69.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 4c4

Startzeit: 01ce78127ba6fa2b

Endzeit: 73

Anwendungspfad: C:\Users\Tobias Rossmann\Downloads\OTL.exe

Berichts-ID:

Error: (07/03/2013 06:45:05 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: OptimizerPro.exe, Version: 3.0.1.0, Zeitstempel: 0x2a425e19
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b60
Ausnahmecode: 0xc0000029
Fehleroffset: 0x00090572
ID des fehlerhaften Prozesses: 0x1580
Startzeit der fehlerhaften Anwendung: 0xOptimizerPro.exe0
Pfad der fehlerhaften Anwendung: OptimizerPro.exe1
Pfad des fehlerhaften Moduls: OptimizerPro.exe2
Berichtskennung: OptimizerPro.exe3

Error: (07/03/2013 06:31:07 PM) (Source: LabVIEW) (User: )
Description: LabVIEW information:  Error: 404 "Not Found" for "national instruments/ninetworkdiscovery", file "c:/users/tobias rossmann/desktop/studium/shared/ni webserver/www/national instruments/ninetworkdiscovery": Can't access URL      .

Error: (07/03/2013 06:30:57 PM) (Source: LabVIEW) (User: )
Description: LabVIEW information:  Error: 404 "Not Found" for "national instruments/ninetworkdiscovery", file "c:/users/tobias rossmann/desktop/studium/shared/ni webserver/www/national instruments/ninetworkdiscovery": Can't access URL      .

Error: (07/03/2013 06:30:57 PM) (Source: LabVIEW) (User: )
Description: LabVIEW information:  Error: 404 "Not Found" for "national instruments/ninetworkdiscovery", file "c:/users/tobias rossmann/desktop/studium/shared/ni webserver/www/national instruments/ninetworkdiscovery": Can't access URL      .

Error: (07/03/2013 00:10:40 PM) (Source: LabVIEW) (User: )
Description: LabVIEW information:  Error: 404 "Not Found" for "national instruments/ninetworkdiscovery", file "c:/users/tobias rossmann/desktop/studium/shared/ni webserver/www/national instruments/ninetworkdiscovery": Can't access URL      .

Error: (07/03/2013 00:06:05 PM) (Source: LabVIEW) (User: )
Description: LabVIEW information:  Error: 404 "Not Found" for "national instruments/ninetworkdiscovery", file "c:/users/tobias rossmann/desktop/studium/shared/ni webserver/www/national instruments/ninetworkdiscovery": Can't access URL      .

Error: (07/03/2013 00:06:05 PM) (Source: LabVIEW) (User: )
Description: LabVIEW information:  Error: 404 "Not Found" for "national instruments/ninetworkdiscovery", file "c:/users/tobias rossmann/desktop/studium/shared/ni webserver/www/national instruments/ninetworkdiscovery": Can't access URL      .

Error: (07/02/2013 09:26:21 AM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Produkt: Microsoft Office 2007 Primary Interop Assemblies - Update "Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition" konnte nicht installiert werden. Fehlercode 1603. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127

Error: (07/02/2013 09:26:21 AM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Product: Microsoft Office 2007 Primary Interop Assemblies -- Please install Microsoft Office 2007 before installing this product.


System errors:
=============
Error: (07/03/2013 06:35:26 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.

Error: (07/03/2013 06:28:31 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "ENI Server" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (07/03/2013 02:06:46 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "ENI Server" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (07/03/2013 02:05:40 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (07/03/2013 02:05:40 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (07/03/2013 02:05:40 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (07/03/2013 02:05:40 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (07/03/2013 02:05:40 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (07/03/2013 02:05:40 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (07/03/2013 02:05:40 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068


Microsoft Office Sessions:
=========================
Error: (07/03/2013 07:40:38 PM) (Source: Application Hang)(User: )
Description: OTL.exe3.2.69.04c401ce78127ba6fa2b73C:\Users\Tobias Rossmann\Downloads\OTL.exe

Error: (07/03/2013 06:45:05 PM) (Source: Application Error)(User: )
Description: OptimizerPro.exe3.0.1.02a425e19ntdll.dll6.1.7601.177254ec49b60c000002900090572158001ce780c56849876C:\Program Files\Optimizer Pro\OptimizerPro.exeC:\windows\SYSTEM32\ntdll.dlle985dceb-e3ff-11e2-8b07-0024541aa6c3

Error: (07/03/2013 06:31:07 PM) (Source: LabVIEW)(User: )
Description: LabVIEW information: Error: 404 "Not Found" for "national instruments/ninetworkdiscovery", file "c:/users/tobias rossmann/desktop/studium/shared/ni webserver/www/national instruments/ninetworkdiscovery": Can't access URL

Error: (07/03/2013 06:30:57 PM) (Source: LabVIEW)(User: )
Description: LabVIEW information: Error: 404 "Not Found" for "national instruments/ninetworkdiscovery", file "c:/users/tobias rossmann/desktop/studium/shared/ni webserver/www/national instruments/ninetworkdiscovery": Can't access URL

Error: (07/03/2013 06:30:57 PM) (Source: LabVIEW)(User: )
Description: LabVIEW information: Error: 404 "Not Found" for "national instruments/ninetworkdiscovery", file "c:/users/tobias rossmann/desktop/studium/shared/ni webserver/www/national instruments/ninetworkdiscovery": Can't access URL

Error: (07/03/2013 00:10:40 PM) (Source: LabVIEW)(User: )
Description: LabVIEW information: Error: 404 "Not Found" for "national instruments/ninetworkdiscovery", file "c:/users/tobias rossmann/desktop/studium/shared/ni webserver/www/national instruments/ninetworkdiscovery": Can't access URL

Error: (07/03/2013 00:06:05 PM) (Source: LabVIEW)(User: )
Description: LabVIEW information: Error: 404 "Not Found" for "national instruments/ninetworkdiscovery", file "c:/users/tobias rossmann/desktop/studium/shared/ni webserver/www/national instruments/ninetworkdiscovery": Can't access URL

Error: (07/03/2013 00:06:05 PM) (Source: LabVIEW)(User: )
Description: LabVIEW information: Error: 404 "Not Found" for "national instruments/ninetworkdiscovery", file "c:/users/tobias rossmann/desktop/studium/shared/ni webserver/www/national instruments/ninetworkdiscovery": Can't access URL

Error: (07/02/2013 09:26:21 AM) (Source: MsiInstaller)(User: NT-AUTORITÄT)
Description: Microsoft Office 2007 Primary Interop AssembliesSecurity Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition1603(NULL)(NULL)(NULL)

Error: (07/02/2013 09:26:21 AM) (Source: MsiInstaller)(User: NT-AUTORITÄT)
Description: Product: Microsoft Office 2007 Primary Interop Assemblies -- Please install Microsoft Office 2007 before installing this product.(NULL)(NULL)(NULL)(NULL)(NULL)


==================== Memory info ===========================

Percentage of memory in use: 58%
Total physical RAM: 3036.61 MB
Available physical RAM: 1251.79 MB
Total Pagefile: 6069.46 MB
Available Pagefile: 3992.82 MB
Total Virtual: 2047.88 MB
Available Virtual: 1895.91 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:141.49 GB) (Free:12.73 GB) NTFS
Drive d: () (Fixed) (Total:141.5 GB) (Free:136.43 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: B4B6F23B)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=141 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=141 GB) - (Type=07 NTFS)

==================== End Of Log ============================

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-07-2013 02
Ran by Tobias Rossmann (administrator) on 04-07-2013 01:25:22
Running from C:\Users\Tobias Rossmann\Downloads
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(AMD) C:\windows\system32\atiesrxx.exe
(AMD) C:\windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files\gateProtect\VPN Client\bin\GPVPNService.exe
(National Instruments Corporation) C:\windows\system32\lkads.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(National Instruments Corporation) C:\Users\Tobias Rossmann\Desktop\Studium\MAX\nimxs.exe
(National Instruments Corporation) C:\Users\Tobias Rossmann\Desktop\Studium\Shared\Security\nidmsrv.exe
(National Instruments Corporation) C:\Users\Tobias Rossmann\Desktop\Studium\Shared\NI WebServer\SystemWebServer.exe
(National Instruments Corporation) C:\Users\Tobias Rossmann\Desktop\Studium\Shared\Tagger\tagsrv.exe
() C:\windows\SYSTEM32\Rezip.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(National Instruments, Inc.) C:\windows\system32\lkcitdl.exe
(National Instruments Corporation) C:\windows\system32\lktsrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
(National Instruments Corporation) C:\Users\Tobias Rossmann\Desktop\Studium\Shared\NI WebServer\ApplicationWebServer.exe
(National Instruments Corporation) C:\Users\Tobias Rossmann\Desktop\Studium\Shared\mDNS Responder\nimdnsResponder.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
(SEC) C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Program Files\Microsoft Device Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Device Center\ipoint.exe
(Ask) C:\Program Files\Ask.com\Updater\Updater.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(National Instruments Corporation) C:\Users\Tobias Rossmann\Desktop\Studium\Shared\NI Error Reporting\nierserver.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(WebCake LLC) C:\Users\Tobias Rossmann\AppData\Roaming\WebCake\WebCakeDesktop.exe
(WebCake LLC) C:\Program Files\WebCake\WebCakeDesktop.Updater.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
() C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
() C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
(Microsoft Corporation) C:\windows\system32\schtasks.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(www.rene-zeidler.de) C:\Users\Tobias Rossmann\Desktop\Snipping Tool Plus.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2009-09-01] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [7711264 2009-08-19] (Realtek Semiconductor)
HKLM\...\Run: [NI Update Service] "C:\Users\Tobias Rossmann\Desktop\Studium\Shared\Update Service\NIUpdateService.exe" -startupTask [3002976 2011-06-07] (National Instruments)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM\...\Run: [IntelliType Pro] "C:\Program Files\Microsoft Device Center\itype.exe" [1109072 2012-06-26] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] "C:\Program Files\Microsoft Device Center\ipoint.exe" [1629280 2012-06-26] (Microsoft Corporation)
HKLM\...\Run: []  [x]
HKLM\...\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe" [1568976 2012-06-20] (Ask)
HKLM\...\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min [348664 2012-09-03] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [ENISysTray] C:\Users\Tobias Rossmann\Desktop\CoDeSys\CoDeSys ENI Server\ENISysTray.exe [x]
HKCU\...\Run: [NIRegistrationWizard] C:\Users\Tobias Rossmann\Desktop\Studium\Shared\RegistrationWizard\Bin\RegistrationWizard.exe -autoDiscover 1 -displayIfNoneFound 0 -displayRegisterOptions 1 -sleepIfNoneFound 0 -locale 1031 [846520 2010-06-21] ()
HKCU\...\Run: [syshost32] C:\Users\Tobias Rossmann\AppData\Local\{195FA8DB-7AD9-07B3-62C6-37234284098A}\syshost.exe [x]
HKCU\...\Run: [WebCake Desktop] "C:\Users\Tobias Rossmann\AppData\Roaming\WebCake\WebCakeDesktop.exe" [47896 2013-06-21] (WebCake LLC)
HKCU\...\Run: [Optimizer Pro] C:\Program Files\Optimizer Pro\OptProLauncher.exe [135672 2013-06-07] (PC Utilities Pro)
HKCU\...\Winlogon: [Shell] explorer.exe, <==== ATTENTION
HKCR\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-1016556084-3091970497-507946437-1000\$09091a959288d0d384b99fa633307145\n. ATTENTION! ====> ZeroAccess?
MountPoints2: {3014416f-d3d8-11de-9118-806e6f6e6963} - E:\SETUP.EXE
Startup: C:\ProgramData\Start Menu\Programs\Startup\NI Error Reporting.lnk
ShortcutTarget: NI Error Reporting.lnk -> C:\Users\Tobias Rossmann\Desktop\Studium\Shared\NI Error Reporting\nierserver.exe (National Instruments Corporation)
Startup: C:\Users\Tobias Rossmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-search.com/?babsrc=HP_ss&mntrId=6C6E0024541AA6C3&affID=120521&tsp=4932
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
SearchScopes: HKLM - {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7
HKCU SearchScopes: DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=6C6E0024541AA6C3&affID=120521&tsp=4932
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=6C6E0024541AA6C3&affID=120521&tsp=4932
SearchScopes: HKCU - {3CABF988-1FE2-420A-B03D-20092295B650} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=3b5b11f5-155c-4a6f-b77f-3f31c9e22758&apn_sauid=402C6D5E-1B51-437B-AABB-FC9170EE64D1
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
SearchScopes: HKCU - {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: WebCake - {2A5A2A90-3B30-4E6E-A955-2F232C6EF517} - C:\Program Files\WebCake\WebCakeIEClient.dll (WebCake LLC)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files\Delta\delta\1.8.21.5\bh\delta.dll (Delta-search.com)
BHO: Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: Microsoft-Webtestaufzeichnung 10.0-Hilfsprogramm - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Users\Tobias Rossmann\Desktop\Studium\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
Toolbar: HKLM - Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files\Delta\delta\1.8.21.5\deltaTlbr.dll (Delta-search.com)
Toolbar: HKCU -No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU -Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Winsock: Catalog5 08 C:\Users\Tobias Rossmann\Desktop\Studium\Shared\mDNS Responder\nimdnsNSP.dll [24280] (National Instruments Corporation)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [261840] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [261840] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [261840] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [261840] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [261840] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [261840] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [261840] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [261840] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 20 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [261840] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Tobias Rossmann\AppData\Roaming\Mozilla\Firefox\Profiles\eb85k963.default
FF user.js: detected! => C:\Users\Tobias Rossmann\AppData\Roaming\Mozilla\Firefox\Profiles\eb85k963.default\user.js
FF SelectedSearchEngine: Delta Search
FF Homepage: hxxp://www.delta-search.com/?babsrc=HP_ss&mntrId=6C6E0024541AA6C3&affID=120521&tsp=4932
FF Keyword.URL: hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&locale=de_DE&apn_uid=3b5b11f5-155c-4a6f-b77f-3f31c9e22758&apn_ptnrs=%5EABT&apn_sauid=402C6D5E-1B51-437B-AABB-FC9170EE64D1&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q=
FF NewTab: hxxp://www.delta-search.com/?babsrc=NT_ss&mntrId=6C6E0024541AA6C3&affID=120521&tsp=4932
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @garmin.com/GpsControl - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Tobias Rossmann\AppData\Roaming\Mozilla\Firefox\Profiles\eb85k963.default\searchplugins\babylon.xml
FF SearchPlugin: C:\Users\Tobias Rossmann\AppData\Roaming\Mozilla\Firefox\Profiles\eb85k963.default\searchplugins\conduit.xml
FF SearchPlugin: C:\Users\Tobias Rossmann\AppData\Roaming\Mozilla\Firefox\Profiles\eb85k963.default\searchplugins\delta.xml
FF SearchPlugin: C:\Users\Tobias Rossmann\AppData\Roaming\Mozilla\Firefox\Profiles\eb85k963.default\searchplugins\icqplugin-1.xml
FF SearchPlugin: C:\Users\Tobias Rossmann\AppData\Roaming\Mozilla\Firefox\Profiles\eb85k963.default\searchplugins\icqplugin-10.xml
FF SearchPlugin: C:\Users\Tobias Rossmann\AppData\Roaming\Mozilla\Firefox\Profiles\eb85k963.default\searchplugins\icqplugin-11.xml
FF SearchPlugin: C:\Users\Tobias Rossmann\AppData\Roaming\Mozilla\Firefox\Profiles\eb85k963.default\searchplugins\icqplugin-12.xml
FF SearchPlugin: C:\Users\Tobias Rossmann\AppData\Roaming\Mozilla\Firefox\Profiles\eb85k963.default\searchplugins\icqplugin-13.xml
FF SearchPlugin: C:\Users\Tobias Rossmann\AppData\Roaming\Mozilla\Firefox\Profiles\eb85k963.default\searchplugins\icqplugin-14.xml
FF SearchPlugin: C:\Users\Tobias Rossmann\AppData\Roaming\Mozilla\Firefox\Profiles\eb85k963.default\searchplugins\icqplugin-15.xml
FF SearchPlugin: C:\Users\Tobias Rossmann\AppData\Roaming\Mozilla\Firefox\Profiles\eb85k963.default\searchplugins\icqplugin-16.xml
FF SearchPlugin: C:\Users\Tobias Rossmann\AppData\Roaming\Mozilla\Firefox\Profiles\eb85k963.default\searchplugins\icqplugin-17.xml
FF SearchPlugin: C:\Users\Tobias Rossmann\AppData\Roaming\Mozilla\Firefox\Profiles\eb85k963.default\searchplugins\icqplugin-18.xml
FF SearchPlugin: C:\Users\Tobias Rossmann\AppData\Roaming\Mozilla\Firefox\Profiles\eb85k963.default\searchplugins\icqplugin-19.xml
FF SearchPlugin: C:\Users\Tobias Rossmann\AppData\Roaming\Mozilla\Firefox\Profiles\eb85k963.default\searchplugins\icqplugin-2.xml
FF SearchPlugin: C:\Users\Tobias Rossmann\AppData\Roaming\Mozilla\Firefox\Profiles\eb85k963.default\searchplugins\icqplugin-20.xml
FF SearchPlugin: C:\Users\Tobias Rossmann\AppData\Roaming\Mozilla\Firefox\Profiles\eb85k963.default\searchplugins\icqplugin-21.xml
FF SearchPlugin: C:\Users\Tobias Rossmann\AppData\Roaming\Mozilla\Firefox\Profiles\eb85k963.default\searchplugins\icqplugin-22.xml
FF SearchPlugin: C:\Users\Tobias Rossmann\AppData\Roaming\Mozilla\Firefox\Profiles\eb85k963.default\searchplugins\icqplugin-23.xml
FF SearchPlugin: C:\Users\Tobias Rossmann\AppData\Roaming\Mozilla\Firefox\Profiles\eb85k963.default\searchplugins\icqplugin-24.xml
FF SearchPlugin: C:\Users\Tobias Rossmann\AppData\Roaming\Mozilla\Firefox\Profiles\eb85k963.default\searchplugins\icqplugin-25.xml
FF SearchPlugin: C:\Users\Tobias Rossmann\AppData\Roaming\Mozilla\Firefox\Profiles\eb85k963.default\searchplugins\icqplugin-3.xml
FF SearchPlugin: C:\Users\Tobias Rossmann\AppData\Roaming\Mozilla\Firefox\Profiles\eb85k963.default\searchplugins\icqplugin-4.xml
FF SearchPlugin: C:\Users\Tobias Rossmann\AppData\Roaming\Mozilla\Firefox\Profiles\eb85k963.default\searchplugins\icqplugin-5.xml
FF SearchPlugin: C:\Users\Tobias Rossmann\AppData\Roaming\Mozilla\Firefox\Profiles\eb85k963.default\searchplugins\icqplugin-6.xml
FF SearchPlugin: C:\Users\Tobias Rossmann\AppData\Roaming\Mozilla\Firefox\Profiles\eb85k963.default\searchplugins\icqplugin-7.xml
FF SearchPlugin: C:\Users\Tobias Rossmann\AppData\Roaming\Mozilla\Firefox\Profiles\eb85k963.default\searchplugins\icqplugin-8.xml
FF SearchPlugin: C:\Users\Tobias Rossmann\AppData\Roaming\Mozilla\Firefox\Profiles\eb85k963.default\searchplugins\icqplugin-9.xml
FF SearchPlugin: C:\Users\Tobias Rossmann\AppData\Roaming\Mozilla\Firefox\Profiles\eb85k963.default\searchplugins\icqplugin.xml
FF SearchPlugin: C:\Users\Tobias Rossmann\AppData\Roaming\Mozilla\Firefox\Profiles\eb85k963.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Users\Tobias Rossmann\AppData\Roaming\Mozilla\Firefox\Profiles\eb85k963.default\searchplugins\winamp-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Tobias Rossmann\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: No Name - C:\Users\Tobias Rossmann\AppData\Roaming\Mozilla\Firefox\Profiles\eb85k963.default\Extensions\ffxtlbr@babylon.com
FF Extension: Delta Toolbar - C:\Users\Tobias Rossmann\AppData\Roaming\Mozilla\Firefox\Profiles\eb85k963.default\Extensions\ffxtlbr@delta.com
FF Extension: WebCake - C:\Users\Tobias Rossmann\AppData\Roaming\Mozilla\Firefox\Profiles\eb85k963.default\Extensions\plugin@getwebcake.com
FF Extension: Winamp Toolbar - C:\Users\Tobias Rossmann\AppData\Roaming\Mozilla\Firefox\Profiles\eb85k963.default\Extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
FF Extension: Garmin Communicator - C:\Users\Tobias Rossmann\AppData\Roaming\Mozilla\Firefox\Profiles\eb85k963.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
FF Extension: DVDVideoSoftTB Toolbar - C:\Users\Tobias Rossmann\AppData\Roaming\Mozilla\Firefox\Profiles\eb85k963.default\Extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
FF Extension: DVDVideoSoft Toolbar - C:\Users\Tobias Rossmann\AppData\Roaming\Mozilla\Firefox\Profiles\eb85k963.default\Extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF Extension: Default - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}

Chrome:
=======
CHR HomePage: hxxp://www.delta-search.com/?babsrc=HP_ss&mntrId=6C6E0024541AA6C3&affID=120521&tsp=4932
CHR RestoreOnStartup: "hxxp://www.delta-search.com/?babsrc=HP_ss&mntrId=6C6E0024541AA6C3&affID=120521&tsp=4932"
CHR DefaultSearchURL: (Delta Search) - hxxp://www.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=6C6E0024541AA6C3&affID=120521&tsp=4932
CHR DefaultSuggestURL: (Delta Search) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\27.0.1453.116\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\27.0.1453.116\pdf.dll ()
CHR Plugin: (registryAccess) - C:\Users\Tobias Rossmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaangaohdajkgeopjhpbnlpkehbhmbj\7.15.4.0_0\background/registryAccess.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (National Instruments IMAQ 1.0 Netscape Plug-in for Windows) - C:\Program Files\Mozilla Firefox\plugins\npIMAQAXControl.dll (National Instruments)
CHR Plugin: (National Instruments LabVIEW 2010 Netscape Plug-in for Windows) - C:\Program Files\Mozilla Firefox\plugins\nplv2010win32.dll (National Instruments)
CHR Plugin: (National Instruments LabVIEW 2011 Netscape Plug-in for Windows) - C:\Program Files\Mozilla Firefox\plugins\nplv2011win32.dll (National Instruments)
CHR Plugin: (National Instruments LabVIEW 8.2 Netscape Plug-in for Windows) - C:\Program Files\Mozilla Firefox\plugins\NPLV82Win32.dll (National Instruments)
CHR Plugin: (National Instruments LabVIEW 8.6 Netscape Plug-in for Windows) - C:\Program Files\Mozilla Firefox\plugins\nplv86win32.dll (National Instruments)
CHR Plugin: (National Instruments LabVIEW 9.0 Netscape Plug-in for Windows) - C:\Program Files\Mozilla Firefox\plugins\nplv90win32.dll (National Instruments)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Garmin Communicator Plug-In) - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (Windows Live\u00AE Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Extension: (Avira Toolbar) - C:\Users\Tobias Rossmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaangaohdajkgeopjhpbnlpkehbhmbj\7.15.4.33344_0
CHR Extension: (Delta Toolbar) - C:\Users\Tobias Rossmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.4_0
CHR Extension: (WebCake) - C:\Users\Tobias Rossmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh\1.0.3_0

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [86224 2012-09-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [110032 2012-09-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [465360 2012-09-03] (Avira Operations GmbH & Co. KG)
R2 BrowserDefendert; C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe [2827728 2013-05-23] ()
R2 GPVPNService; C:\Program Files\gateProtect\VPN Client\bin\GPVPNService.exe [86016 2009-11-30] ()
R2 LkCitadelServer; C:\windows\system32\lkcitdl.exe [695136 2010-10-27] (National Instruments, Inc.)
R2 lkClassAds; C:\windows\system32\lkads.exe [46192 2011-06-14] (National Instruments Corporation)
R2 lkTimeSync; C:\windows\system32\lktsrv.exe [56952 2011-06-14] (National Instruments Corporation)
R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [43010392 2009-03-30] (Microsoft Corporation)
S4 MSSQLServerADHelper100; C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [47128 2009-07-21] (Microsoft Corporation)
R2 mxssvr; C:\Users\Tobias Rossmann\Desktop\Studium\MAX\nimxs.exe [12696 2011-06-14] (National Instruments Corporation)
R2 NIApplicationWebServer; C:\Users\Tobias Rossmann\Desktop\Studium\Shared\NI WebServer\ApplicationWebServer.exe [50336 2011-05-27] (National Instruments Corporation)
R2 NIDomainService; C:\Users\Tobias Rossmann\Desktop\Studium\Shared\Security\nidmsrv.exe [362104 2011-06-14] (National Instruments Corporation)
S3 NILM License Manager; C:\Users\Tobias Rossmann\Desktop\Studium\Shared\License Manager\Bin\lmgrd.exe [1427688 2010-08-02] (Macrovision Corporation)
S2 niLXIDiscovery; C:\Program Files\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe [131776 2010-06-23] (National Instruments Corporation)
R2 nimDNSResponder; C:\Users\Tobias Rossmann\Desktop\Studium\Shared\mDNS Responder\nimdnsResponder.exe [194224 2011-06-01] (National Instruments Corporation)
S2 NINetworkDiscovery; C:\Users\Tobias Rossmann\Desktop\Studium\Shared\NI Network Discovery\niDiscSvc.exe [121032 2011-06-10] (National Instruments Corporation)
R2 niSvcLoc; C:\Users\Tobias Rossmann\Desktop\Studium\Shared\NI WebServer\SystemWebServer.exe [50328 2011-05-27] (National Instruments Corporation)
R2 NITaggerService; C:\Users\Tobias Rossmann\Desktop\Studium\Shared\Tagger\tagsrv.exe [676016 2011-06-14] (National Instruments Corporation)
R2 Rezip; C:\windows\SYSTEM32\Rezip.exe [311296 2009-03-05] ()
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [366936 2009-03-30] (Microsoft Corporation)
R2 WebCake Desktop Updater; C:\Users\Tobias Rossmann\AppData\Roaming\WebCake\WebCakeDesktop.exe [47896 2013-06-21] (WebCake LLC)
S2 ENI Server; C:\Users\Tobias Rossmann\Desktop\CoDeSys\CoDeSys ENI Server\ENI.exe [x]

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [83392 2012-09-03] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137928 2012-09-03] (Avira GmbH)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [36000 2012-09-03] (Avira GmbH)
R2 cvintdrv; C:\Windows\System32\Drivers\cvintdrv.sys [4096 2009-05-29] ()
S3 nidimk; C:\windows\system32\drivers\nidimkl.sys [11432 2010-06-11] (National Instruments Corporation)
S3 niorbk; C:\windows\system32\drivers\niorbkl.sys [11344 2009-06-14] (National Instruments Corporation)
S3 nipalfwedl; C:\Windows\System32\drivers\nipalfwedl.sys [11968 2011-02-14] (National Instruments Corporation)
R0 NIPALK; C:\Windows\System32\drivers\nipalk.sys [573592 2011-02-14] (National Instruments Corporation)
S3 nipalusbedl; C:\Windows\System32\drivers\nipalusbedl.sys [11968 2011-02-14] (National Instruments Corporation)
R0 nipbcfk; C:\Windows\System32\drivers\nipbcfk.sys [15448 2010-03-24] (National Instruments Corporation)
S3 NiViPciK; C:\Windows\System32\drivers\NiViPciKl.sys [11432 2010-06-23] (National Instruments Corporation)
R2 NiViPxiK; C:\Windows\System32\drivers\NiViPxiKl.sys [11432 2010-06-23] (National Instruments Corporation)
S4 RsFx0103; C:\Windows\System32\DRIVERS\RsFx0103.sys [239336 2009-03-30] (Microsoft Corporation)
R1 SABI; C:\windows\system32\Drivers\SABI.sys [10752 2009-05-28] (SAMSUNG ELECTRONICS)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-09-03] (Avira GmbH)
S3 VMC326; C:\Windows\System32\Drivers\VMC326.sys [237696 2009-08-10] (Vimicro Corporation)
S3 VSPerfDrv100; C:\Users\Tobias Rossmann\Desktop\Studium\Team Tools\Performance Tools\VSPerfDrv100.sys [48128 2009-12-08] (Microsoft Corporation)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
S3 AgereSoftModem; system32\DRIVERS\AGRSM.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-04 01:25 - 2013-07-04 01:25 - 00000000 ____D C:\FRST
2013-07-04 01:24 - 2013-07-04 01:25 - 01372941 ____A (Farbar) C:\Users\Tobias Rossmann\Downloads\FRST.exe
2013-07-04 00:22 - 2013-07-04 00:22 - 00000000 ____D C:\_OTL
2013-07-03 23:49 - 2013-07-03 23:57 - 00072050 ____A C:\Extras.Txt
2013-07-03 23:46 - 2013-07-03 23:51 - 00093888 ____A C:\OTL.Txt
2013-07-03 20:02 - 2013-07-03 20:02 - 00158106 ____A C:\Users\Tobias Rossmann\Desktop\OTL.Txt
2013-07-03 20:02 - 2013-07-03 20:02 - 00102416 ____A C:\Users\Tobias Rossmann\Desktop\Extras.Txt
2013-07-03 19:58 - 2013-07-03 19:58 - 00102416 ____A C:\Users\Tobias Rossmann\Downloads\Extras.Txt
2013-07-03 19:56 - 2013-07-03 19:56 - 00158106 ____A C:\Users\Tobias Rossmann\Downloads\OTL.Txt
2013-07-03 19:26 - 2013-07-03 19:26 - 00602112 ____A (OldTimer Tools) C:\Users\Tobias Rossmann\Downloads\OTL.exe
2013-07-03 18:48 - 2013-07-03 18:55 - 127231689 ____A (Igor Pavlov) C:\Users\Tobias Rossmann\Downloads\OTLPENet.exe
2013-07-03 18:46 - 2013-07-03 18:46 - 00793536 ____A C:\Users\Tobias Rossmann\Downloads\ZipOpenerSetup.exe
2013-07-03 18:46 - 2013-07-03 18:46 - 00001966 ____A C:\Users\Tobias Rossmann\AppData\Local\recently-used.xbel
2013-07-03 18:46 - 2013-07-03 18:46 - 00001144 ____A C:\Users\Tobias Rossmann\Desktop\Continue Zip Opener Installation.lnk
2013-07-03 18:43 - 2013-07-03 18:43 - 00000000 ____D C:\Users\Tobias Rossmann\AppData\Roaming\Delta
2013-07-03 18:43 - 2013-07-03 18:43 - 00000000 ____D C:\Users\Tobias Rossmann\AppData\Roaming\BabSolution
2013-07-03 18:43 - 2013-07-03 18:43 - 00000000 ____D C:\ProgramData\BrowserDefender
2013-07-03 18:43 - 2013-07-03 18:43 - 00000000 ____D C:\Program Files\Delta
2013-07-03 18:42 - 2013-07-03 18:42 - 00002581 ____A C:\Users\Public\Desktop\Zipper.lnk
2013-07-03 18:42 - 2013-07-03 18:42 - 00000980 ____A C:\Users\Tobias Rossmann\Desktop\Optimizer Pro.lnk
2013-07-03 18:42 - 2013-07-03 18:42 - 00000000 ____D C:\Users\Tobias Rossmann\AppData\Roaming\Optimizer Pro
2013-07-03 18:42 - 2013-07-03 18:42 - 00000000 ____D C:\Program Files\Tuguu SL
2013-07-03 18:42 - 2013-07-03 18:42 - 00000000 ____D C:\Program Files\Optimizer Pro
2013-07-03 18:41 - 2013-07-03 18:45 - 00000000 ____D C:\Program Files\WebCake
2013-07-03 18:41 - 2013-07-03 18:41 - 00000000 ____D C:\Users\Tobias Rossmann\AppData\Roaming\WebCake
2013-07-03 18:41 - 2013-07-03 18:41 - 00000000 ____D C:\Users\Tobias Rossmann\AppData\Roaming\Babylon
2013-07-03 18:41 - 2013-07-03 18:41 - 00000000 ____D C:\ProgramData\Babylon
2013-07-03 18:40 - 2013-07-03 18:40 - 00519224 ____A C:\Users\Tobias Rossmann\Downloads\Zipper.exe
2013-07-03 13:11 - 2013-07-03 13:11 - 00003224 ____N C:\bootsqm.dat
2013-07-03 09:32 - 2013-07-03 09:32 - 01971200 ____A C:\Users\Tobias Rossmann\Desktop\EndpräsentationRossmannLoiblFINAL.ppt
2013-07-01 19:11 - 2013-07-01 19:11 - 08286040 ____A C:\Users\Tobias Rossmann\Downloads\Sprachmemo 001.m4a
2013-06-22 12:38 - 2013-06-22 12:53 - 00000000 ____D C:\Users\Tobias Rossmann\Desktop\verschiedenes
2013-06-18 21:45 - 2013-06-18 21:45 - 00000022 ____A C:\Users\Tobias Rossmann\Downloads\Forderung an Tobias Rossmann Inkasso Druckerzubehoer Online GmbH AG.zip
2013-06-12 22:47 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-12 22:47 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-12 22:47 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-12 22:47 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-12 22:47 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-12 22:47 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-12 22:44 - 2013-05-17 03:26 - 00042496 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-12 22:44 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-12 22:44 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-12 22:44 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-12 22:44 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-12 22:44 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-12 22:44 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-12 22:44 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-12 22:44 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-12 22:44 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-12 18:55 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 18:55 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 18:55 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 18:55 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 18:55 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 18:55 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 18:55 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 18:55 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-12 18:54 - 2013-05-08 07:38 - 01293672 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 18:54 - 2013-05-06 07:06 - 03968872 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-06-12 18:54 - 2013-05-06 07:06 - 03913576 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-06-12 18:54 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-04 10:07 - 2013-06-04 10:07 - 00034425 ____A C:\Users\Tobias Rossmann\Downloads\baustelle.zip
2013-06-04 10:07 - 2013-06-04 10:07 - 00024774 ____A C:\Users\Tobias Rossmann\Downloads\parkhaus.zip
2013-06-04 10:05 - 2013-06-04 10:05 - 00011844 ____A C:\Users\Tobias Rossmann\Downloads\refiner.zip
2013-06-04 10:04 - 2013-06-04 10:04 - 00034124 ____A C:\Users\Tobias Rossmann\Downloads\Jalousie.pro

==================== One Month Modified Files and Folders ========

2013-07-04 01:25 - 2013-07-04 01:25 - 00000000 ____D C:\FRST
2013-07-04 01:25 - 2013-07-04 01:24 - 01372941 ____A (Farbar) C:\Users\Tobias Rossmann\Downloads\FRST.exe
2013-07-04 01:22 - 2012-07-16 08:26 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-04 01:22 - 2012-07-15 18:49 - 00001116 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-04 00:52 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\LogFiles
2013-07-04 00:22 - 2013-07-04 00:22 - 00000000 ____D C:\_OTL
2013-07-03 23:57 - 2013-07-03 23:49 - 00072050 ____A C:\Extras.Txt
2013-07-03 23:51 - 2013-07-03 23:46 - 00093888 ____A C:\OTL.Txt
2013-07-03 23:44 - 2010-01-12 20:41 - 00000000 ____D C:\users\Tobias Rossmann
2013-07-03 23:25 - 2009-09-16 23:52 - 02042394 ____A C:\Windows\WindowsUpdate.log
2013-07-03 20:02 - 2013-07-03 20:02 - 00158106 ____A C:\Users\Tobias Rossmann\Desktop\OTL.Txt
2013-07-03 20:02 - 2013-07-03 20:02 - 00102416 ____A C:\Users\Tobias Rossmann\Desktop\Extras.Txt
2013-07-03 19:58 - 2013-07-03 19:58 - 00102416 ____A C:\Users\Tobias Rossmann\Downloads\Extras.Txt
2013-07-03 19:56 - 2013-07-03 19:56 - 00158106 ____A C:\Users\Tobias Rossmann\Downloads\OTL.Txt
2013-07-03 19:26 - 2013-07-03 19:26 - 00602112 ____A (OldTimer Tools) C:\Users\Tobias Rossmann\Downloads\OTL.exe
2013-07-03 18:55 - 2013-07-03 18:48 - 127231689 ____A (Igor Pavlov) C:\Users\Tobias Rossmann\Downloads\OTLPENet.exe
2013-07-03 18:46 - 2013-07-03 18:46 - 00793536 ____A C:\Users\Tobias Rossmann\Downloads\ZipOpenerSetup.exe
2013-07-03 18:46 - 2013-07-03 18:46 - 00001966 ____A C:\Users\Tobias Rossmann\AppData\Local\recently-used.xbel
2013-07-03 18:46 - 2013-07-03 18:46 - 00001144 ____A C:\Users\Tobias Rossmann\Desktop\Continue Zip Opener Installation.lnk
2013-07-03 18:45 - 2013-07-03 18:41 - 00000000 ____D C:\Program Files\WebCake
2013-07-03 18:43 - 2013-07-03 18:43 - 00000000 ____D C:\Users\Tobias Rossmann\AppData\Roaming\Delta
2013-07-03 18:43 - 2013-07-03 18:43 - 00000000 ____D C:\Users\Tobias Rossmann\AppData\Roaming\BabSolution
2013-07-03 18:43 - 2013-07-03 18:43 - 00000000 ____D C:\ProgramData\BrowserDefender
2013-07-03 18:43 - 2013-07-03 18:43 - 00000000 ____D C:\Program Files\Delta
2013-07-03 18:42 - 2013-07-03 18:42 - 00002581 ____A C:\Users\Public\Desktop\Zipper.lnk
2013-07-03 18:42 - 2013-07-03 18:42 - 00000980 ____A C:\Users\Tobias Rossmann\Desktop\Optimizer Pro.lnk
2013-07-03 18:42 - 2013-07-03 18:42 - 00000000 ____D C:\Users\Tobias Rossmann\AppData\Roaming\Optimizer Pro
2013-07-03 18:42 - 2013-07-03 18:42 - 00000000 ____D C:\Program Files\Tuguu SL
2013-07-03 18:42 - 2013-07-03 18:42 - 00000000 ____D C:\Program Files\Optimizer Pro
2013-07-03 18:41 - 2013-07-03 18:41 - 00000000 ____D C:\Users\Tobias Rossmann\AppData\Roaming\WebCake
2013-07-03 18:41 - 2013-07-03 18:41 - 00000000 ____D C:\Users\Tobias Rossmann\AppData\Roaming\Babylon
2013-07-03 18:41 - 2013-07-03 18:41 - 00000000 ____D C:\ProgramData\Babylon
2013-07-03 18:41 - 2009-07-14 06:34 - 00015056 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-03 18:41 - 2009-07-14 06:34 - 00015056 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-03 18:40 - 2013-07-03 18:40 - 00519224 ____A C:\Users\Tobias Rossmann\Downloads\Zipper.exe
2013-07-03 18:39 - 2009-07-26 22:06 - 01800066 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-03 18:33 - 2012-06-07 17:15 - 00000702 ____A C:\Windows\Tasks\MATLAB R2011b Startup Accelerator.job
2013-07-03 18:28 - 2012-07-15 18:49 - 00001112 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-03 18:27 - 2009-07-14 06:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-03 18:27 - 2009-07-14 06:39 - 00241237 ____A C:\Windows\setupact.log
2013-07-03 13:11 - 2013-07-03 13:11 - 00003224 ____N C:\bootsqm.dat
2013-07-03 12:04 - 2009-09-17 00:44 - 00743334 ____A C:\Windows\PFRO.log
2013-07-03 09:32 - 2013-07-03 09:32 - 01971200 ____A C:\Users\Tobias Rossmann\Desktop\EndpräsentationRossmannLoiblFINAL.ppt
2013-07-01 19:11 - 2013-07-01 19:11 - 08286040 ____A C:\Users\Tobias Rossmann\Downloads\Sprachmemo 001.m4a
2013-06-27 14:27 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-06-24 10:27 - 2013-04-22 23:13 - 00000000 ____D C:\Users\Tobias Rossmann\Desktop\Kibera
2013-06-22 12:53 - 2013-06-22 12:38 - 00000000 ____D C:\Users\Tobias Rossmann\Desktop\verschiedenes
2013-06-21 01:42 - 2012-07-15 18:49 - 00002089 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-06-18 21:45 - 2013-06-18 21:45 - 00000022 ____A C:\Users\Tobias Rossmann\Downloads\Forderung an Tobias Rossmann Inkasso Druckerzubehoer Online GmbH AG.zip
2013-06-18 12:23 - 2011-09-19 09:22 - 00000000 ____D C:\Users\Tobias Rossmann\Desktop\Studium
2013-06-13 10:09 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\de-DE
2013-06-12 22:45 - 2010-01-16 16:49 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-12 13:44 - 2012-07-16 08:26 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-12 13:44 - 2012-07-16 08:26 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-06-08 13:42 - 2013-06-12 22:47 - 01141248 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 13:40 - 2013-06-12 22:47 - 14327808 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 13:40 - 2013-06-12 22:47 - 13760512 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 13:40 - 2013-06-12 22:47 - 02046976 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 13:40 - 2013-06-12 22:47 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 13:13 - 2013-06-12 22:47 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-04 10:07 - 2013-06-04 10:07 - 00034425 ____A C:\Users\Tobias Rossmann\Downloads\baustelle.zip
2013-06-04 10:07 - 2013-06-04 10:07 - 00024774 ____A C:\Users\Tobias Rossmann\Downloads\parkhaus.zip
2013-06-04 10:05 - 2013-06-04 10:05 - 00011844 ____A C:\Users\Tobias Rossmann\Downloads\refiner.zip
2013-06-04 10:05 - 2013-05-13 08:55 - 00000445 ____A C:\Users\Tobias Rossmann\Downloads\DEFAULT.DFR
2013-06-04 10:04 - 2013-06-04 10:04 - 00034124 ____A C:\Users\Tobias Rossmann\Downloads\Jalousie.pro

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-1016556084-3091970497-507946437-1000\$09091a959288d0d384b99fa633307145

Files to move or delete:
====================
C:\ProgramData\FullRemove.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-03-17 16:13

==================== End Of Log ============================
--- --- ---

--- --- ---

[/CODE]

das sind die beiden Dateien.

seit einen Tag nun lade bzw. erzeuge ich ständig irgendwelche txt-Dateien, kopiere sie irgendwo rein wo du es mir sagst, und auf einmal läuft mein PC wieder.:daumenhoc Jetzt muss ich doch mal fragen, was ich da eigentlich die ganze Zeit mache und wer du bist? ^^
Ich mein, ich bin ja bei weitem nicht der einzige der in diesem Forum dieses Problem postet...

viele Grüße,
Tobi

cosinus 04.07.2013 11:23
Zitat:
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
"ThreadingModel" = Both
"" = C:\$Recycle.Bin\S-1-5-21-1016556084-3091970497-507946437-1000\$09091a959288d0d384b99fa633307145\n.
ZeroAccess hat sch bestätigt :(

Lesestoff:
Rootkit-Warnung
Dein Computer wurde mit einem besonderen Schädling infiziert, der sich vor herkömmlichen Virenscannern und dem Betriebssystem selbst verstecken kann. Zusätzlich hat so ein Schädling meist auch Backdoor-Funktionalität, reißt also ganz bewußt Löcher durch alle Schutzmaßnahmen, damit er weiteren Schadcode nachladen oder die Daten, die er so sammelt, an die "bösen Jungs" weiterleiten kann. Was heißt das jetzt für dich?
  • Entscheide bitte ganz bewußt, ob du mit der Bereinigung fortfahren möchtest. Ein einmal derartig kompromittiertes System kann man niemals mit 100%iger Sicherheit wieder absichern. Auch wenn wir gute Chancen haben, deinen Computer zu bereinigen, kann es dennoch möglich sein, dass uns am Ende nur die Neuinstallation bleibt.

  • Wenn du mit diesem Computer beispielsweise Onlinebanking machst, dann solltest du zumindest dein Passwort von deiner Bank ändern lassen, wenn du ein ansonsten sicheres Verfahren wie beispielsweise "chip-TAN-comfort" nutzt. Hast du noch alte TAN-Bögen auf Papierbasis? Dann ist es höchste Zeit dich bei deiner Bank zu melden und notfalls das Konto temporär sperren zu lassen. Der Sperrnotruf 116 116 von www.sperr-notruf.de kann Tag und Nacht dafür benutzt werden.

  • Hast du ansonsten sensible Daten auf deinem Computer, dann solltest du auch darüber nachdenken, wie du damit umgehst, da sie sich praktisch "jeder" ansehen konnte.
Teile mir also mit, wie du dich entschieden hast.

Tobi R. 04.07.2013 19:38
ich bin leider absolut kein Experte in der Hinsicht, daher fällt es mir schwer mich richtig zu entscheiden.

Ich habe eigentlich nur Bilder (bin Hobby-Fotograf) und ein paar selbst erarbeitete Dokumente die mein Studium betreffen. Die Bilder habe ich zum Glück alle auf einer externen Festplatte gespeichert.

Das einzig Wertvolle (in Hinsicht auf Geldwert) ist Microsoft Visual Studio das ich aber eh von der Hochschule umsonst bekommen habe.

Online-Banking mache ich nur noch über einen optische Tan-Generator der den Code vom Bildschirm ließt. Meine Tan-Liste in Papierformat ist seit der Einführung des Tan-Generators nicht mehr gültig. Also müsste ich doch hinsichtlich illegalem Abbuchen vom Geld geschützt sein, oder?

Was würdest du mir empfehlen, wenn du meinen Text oben ließt?

viele Grüße,
Tobi

cosinus 04.07.2013 20:17
Ich halte hier eine Neuinstallation für sinnvoll...wenn du aber eine Bereinigung trotzdem willst, dann probieren wir sie

Tobi R. 04.07.2013 20:27
ok, was passiert bei Neuinstallation und was passiert bei Bereinigung hinsichtlich mit meinen Dateien? werden diese gelöscht?

cosinus 04.07.2013 20:31
Vor einer Neuinstallation muss man alle Daten sichern, selbst vor einer Bereinigung sollte man zusehen, dass möglichst alles wichtige extern gesichert wurde
Aber um das regelmäßige Sichern der Daten auf externe atenträger kommt man eh nicht herum. Wer das nicht macht wird irgendwann richtig rumheulen wenn was versehentlich gelöscht wurde oder ein Verschlüsselungstrojaner zuschläft. Hin und wieder geben auch Festplatten den Geist auf.

Tobi R. 04.07.2013 20:37
ich habe eine externe Festplatte wo nur meine Fotografien drauf sind.
Wenn ich diese externe Festplatte anschließe, um auch die restlichen Dateien (Dokumente, Powerpointpräsentationen, Excel-Listen) dort zu sichern, muss ich mir dann Sorgen machen dass der Virus auf diese externe Festplatte "rüber springt"?

cosinus 04.07.2013 20:53
Nein musst du nicht. Falls du noch etwas sichern musst:

Zum Thema Datensicherung von infizierten Systemen; mach das über ne Live-CD wie Knoppix, Ubuntu (zweiter Link in meiner Signatur) oder über PartedMagic. Grund: Bei einem Live-System sind keine Schädlinge des infizierten Windows-Systems aktiv, damit ist dann auch eine negative Beeinflussung des Backups durch Schädlinge ausgeschlossen.

Du brauchst natürlich auch ein Sicherungsmedium, am besten dürfte eine externe Platte sein. Sofern du nicht allzuviel sichern musst, kann auch ein USB-Stick ausreichen.

Hier eine kurze Anleitung zu PartedMagic, funktioniert prinzipiell so aber fast genauso mit allen anderen Live-Systemen auch.
  1. Lade Dir ISO-Image von PartedMagic
  2. Brenn es per Imagebrennfunktion auf CD, geht zB mit ImgBurn unter Windows
  3. Boote von der gebrannten CD, im Bootmenü von Option 1 starten und warten bis der Linux-Desktop oben ist
  4. Du müsstest ein Symbol "Mount Devices" finden, das doppelklicken
  5. Mounte die Partitionen wo Windows installiert ist, meistens ist das /dev/sda1 bzw. /dev/sda2 bei Win7 und natürlich noch etwaige andere Partitionen, wo noch Daten liegen und die gesichert werden müssen - natürlich auch die der externen Platte (du
    bekommmst nur Lese- und Schreibzugriffe auf die Dateisysteme, wenn diese gemountet sind)
  6. Kopiere die Daten der internen Platte auf die externe Platte - kopiere nur persönliche Dateien, Musik, Videos, etc. auf die Backupplatte, KEINE ausführbaren Dateien wie Programme/Spiele/Setups!!
  7. Wenn fertig, starte den Rechner neu, schalte die ext. Platte ab und boote von der Windows-DVD zur Neuinstallation (Anleitung beachten)

Tobi R. 04.07.2013 21:25
ok, jetzt noch zwei letzte Fragen bevor ich loslege:
1) muss der Virus so schnell wie möglich entfernt werden, oder reicht es auch in einer Woche unter der Voraussetzung, dass man bis dahin nicht mit irgendwelchen Daten "handtiert"? (ich frage nur deswegen, weil ich sehr intensiv im Prüfungsstress bin und ich jede Stunde zum Lernen brauche)
2) als der Virus erschien, war ich auf einer Internetseite wo Fotografien hochgeladen werden die andere Fotografen bewerten können. Falls der Virus von da kam (was ich mit meinem Wissen nicht prüfen kann), sollte ich dann nicht mehr auf diese Seite gehen, oder hätte mich der Virus auch auf zig anderen Seiten erwischen können?

viele Grüße,
Tobi

cosinus 04.07.2013 21:32
Was heißt so schnell wie möglich, dein Rechner ist doch eh nicht bedienbar :D

Die andere Frage ist viel zu pauschal, sowas läst sich nicht beantworten. Mit dieser ich sagmal Panik "Fotoseite nicht mehr besuchen" kannst du ja auch gleich ein Abklemmen des Internet rechtfertigen. Wobei du noch nicht mal weißt ob es überhaupt an dieser Seite lag...

Lies mal wie man sich absichert:

Lesestoff:
Goldene Sicherheitsregeln
Halte Dich am besten grob an diese Regeln:
  1. Sei misstrauisch im Internet und v.a. bei unbekannten E-Mails, sei vorsichtig bei der Herausgabe persönlicher Daten!!
  2. Halte Windows und alle verwendeten Programme immer aktuell - unterstützen kann dich dabei Secunia PSI
  3. Führe regelmäßig Backups auf externe Medien durch
  4. Arbeite mit eingeschränkten Rechten
  5. automatische Wiedergabe von allen Laufwerken komplett deaktivieren, denn das ist ein unnötiges Sicherheitsrisiko
  6. Bei der Installation von Software möglichst darauf achten, dass die Setups aus offiziellen Quellen stammen und du bei der Installation nach Möglichkeit die benutzerdefinierte Methode wählst - dann hast du die Möglichkeit etwaigen Schrott (wie Toolbars oder sowas wie RegistryBooster) abzuwählen, welcher sonst einfach mitinstalliert wird.
  7. Bösartige bzw. ungewollte Sites von vornherein blockieren lassen mit Hilfe der MVPS Hosts File => Blocking Unwanted Parasites with a Hosts File
  8. Finger weg von: TuneUp, Registry-Cleanern aller Art, Softonic sowie illegalen Cracks/Keygens oder anderen "Tools" um ein kommerzielles Programm ohne Lizenz nutzen zu können
  9. dubiose Seiten bzw. Kinofilm-Streaming-Portale ebenfalls sein lassen, erstens handelt man sich dort schnell Malware ein oder kann in Abofallen geraten und zweitens bewegen sich diese Seiten in einer rechtlichen Grauzone.


Alles noch genauer erklärt steht hier => Kompromittierung unvermeidbar?

Tobi R. 04.07.2013 23:07
was meinst du mit "nicht bedienbar"? Ich kann an meinem Laptop alles wie früher machen. Oder besser gesagt: wenn du mir vorhin nicht gesagt hättest, dass mein PC mit einem besonderen Schädling infiziert ist, würde ich meinen dass alles wieder beim alten ist. ^^
Daher die Frage ob der Virus so schnell wie möglich entfernt werden muss, oder ob ich das vorerst mal so lassen kann, solange ich nichts anderes mache als im Internet zu recherchieren oder mal ein Word-Dokument zu öffnen? In gut einer Woche wäre das zeitintensive Lernen vorbei...

viele Grüße,
Tobi

cosinus 04.07.2013 23:24
Vergiss das nicht bedienbar, ich hatte hier was verwechselt :D

Wenn du noch etwas brauchst bis zum Neuaufsetzen würde ich erstmal CF empfehlen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Tobi R. 05.07.2013 08:08
ich steh gerade irgendwie auf den Schlauch.

Können wir mit Combofix den PC reparieren? Brauche ich dieses Parted Magic nun doch nicht?

Kann ich mit dem ganzen noch etwas warten, oder muss das so schnell wie möglich gemacht werden? Wie gesagt, ich bin meist am Lernen und da geht viel Zeit drauf.

viele Grüße,
Tobi

cosinus 05.07.2013 09:03
Ich hab doch geschrieben, dass man eine Bereinigung probieren kann, empfohlen bei ZeroAccess ist aber eine Neuinstallation

Tobi R. 05.07.2013 09:17
Wir haben uns ja auf Neuinstallation geeinigt.
Doch bevor ich diese Neuinstallation mache, sollte ich doch mit PartedMagic meine restlichen Daten sichern, richtig? Aber für was ist denn nun dieses Combofix?

Nochmal die Frage: muss das schleunigst getan werden, oder kann das auch eine Woche warten wenn ich bis dahin mit meinem PC nur normal im Internet bin oder Word-Dokumente erstelle?

viele Grüße,
Tobi

cosinus 05.07.2013 09:33
Ich hab dir ne Neuinstallation empfohlen. Da du da aber nicht sofort für Zeit hast, war mein Ansatz, dass wir erstmal das Gröbste mit Combofix entfernen. Und dann wenn wieder etwas Zeit ist, kannst du in Ruhe die Kiste plätten und neumachen

Tobi R. 05.07.2013 10:23
ok super, jetzt hab ichs verstanden. Ich werde das in den nächsten Stunden (wenn ich eine Lernpause mache) das mit Combofix tun.:dankeschoen:

cosinus 05.07.2013 10:31
Ok, aber eine Bitte: lass solche Zwischenrufe, poste nur wenn es Probleme gibt oder wenn du die Logs hast (diese dann auch posten in CODE-Tags)

Tobi R. 08.07.2013 17:34
bitte entschuldige vielmals meine späte Meldung, ich bin wegen dem vielen Lernen erst heute dazu gekommen, über Combofix das gewünschte txt-Dokument zu erstellen.

Code:

Combofix Logfile:

       
Code:

       
ComboFix 13-07-08.02 - Tobias Rossmann 08.07.2013  18:02:00.1.2 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3037.1469 [GMT 2:00]
ausgeführt von:: c:\users\Tobias Rossmann\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\$recycle.bin\S-1-5-21-1016556084-3091970497-507946437-1000\$09091a959288d0d384b99fa633307145\@
c:\$recycle.bin\S-1-5-21-1016556084-3091970497-507946437-1000\$09091a959288d0d384b99fa633307145\U\00000001.@
c:\$recycle.bin\S-1-5-21-1016556084-3091970497-507946437-1000\$09091a959288d0d384b99fa633307145\U\80000000.@
c:\$recycle.bin\S-1-5-21-1016556084-3091970497-507946437-1000\$09091a959288d0d384b99fa633307145\U\800000cb.@
c:\programdata\FullRemove.exe
c:\users\Tobias Rossmann\AppData\Local\assembly\tmp
c:\users\Tobias Rossmann\AppData\Roaming\Evxu
c:\users\Tobias Rossmann\AppData\Roaming\Evxu\zooqp.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_BrowserDefendert
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-06-08 bis 2013-07-08  ))))))))))))))))))))))))))))))
.
.
2013-07-06 12:59 . 2013-07-06 12:59        626688        ----a-w-        c:\program files\Mozilla Firefox\msvcr80.dll
2013-07-03 23:25 . 2013-07-03 23:25        --------        d-----w-        C:\FRST
2013-07-03 22:22 . 2013-07-03 22:22        --------        d-----w-        C:\_OTL
2013-07-03 16:43 . 2013-07-03 16:43        --------        d-----w-        c:\program files\Uninstaller
2013-07-03 16:43 . 2013-07-03 16:43        --------        d-----w-        c:\programdata\BrowserDefender
2013-07-03 16:43 . 2013-07-03 16:43        --------        d-----w-        c:\program files\Delta
2013-07-03 16:43 . 2013-07-03 16:43        --------        d-----w-        c:\users\Tobias Rossmann\AppData\Roaming\BabSolution
2013-07-03 16:43 . 2013-07-03 16:43        --------        d-----w-        c:\users\Tobias Rossmann\AppData\Roaming\Delta
2013-07-03 16:42 . 2013-07-03 16:42        --------        d-----w-        c:\users\Tobias Rossmann\AppData\Roaming\Optimizer Pro
2013-07-03 16:42 . 2013-07-03 16:42        --------        d-----w-        c:\program files\Tuguu SL
2013-07-03 16:42 . 2013-07-03 16:42        --------        d-----w-        c:\program files\Optimizer Pro
2013-07-03 16:42 . 2013-07-03 16:42        --------        d-----w-        c:\users\Tobias Rossmann\AppData\Local\Programs
2013-07-03 16:41 . 2013-07-03 16:45        --------        d-----w-        c:\program files\WebCake
2013-07-03 16:41 . 2013-07-03 16:41        --------        d-----w-        c:\users\Tobias Rossmann\AppData\Roaming\WebCake
2013-07-03 16:41 . 2013-07-03 16:41        --------        d-----w-        c:\programdata\Babylon
2013-07-03 16:41 . 2013-07-03 16:41        --------        d-----w-        c:\programdata\Tarma Installer
2013-07-03 16:41 . 2013-07-03 16:41        --------        d-----w-        c:\users\Tobias Rossmann\AppData\Roaming\Babylon
2013-06-12 20:47 . 2013-06-08 11:13        2706432        ----a-w-        c:\windows\system32\mshtml.tlb
2013-06-12 20:47 . 2013-06-08 11:41        218112        ----a-w-        c:\program files\Internet Explorer\sqmapi.dll
2013-06-12 16:55 . 2013-04-25 23:30        1505280        ----a-w-        c:\windows\system32\d3d11.dll
2013-06-12 16:55 . 2013-05-10 03:20        24576        ----a-w-        c:\windows\system32\cryptdlg.dll
2013-06-12 16:55 . 2013-04-26 04:55        492544        ----a-w-        c:\windows\system32\win32spl.dll
2013-06-12 16:55 . 2013-05-13 03:08        903168        ----a-w-        c:\windows\system32\certutil.exe
2013-06-12 16:55 . 2013-05-13 04:45        140288        ----a-w-        c:\windows\system32\cryptsvc.dll
2013-06-12 16:55 . 2013-05-13 04:45        1160192        ----a-w-        c:\windows\system32\crypt32.dll
2013-06-12 16:55 . 2013-05-13 04:45        103936        ----a-w-        c:\windows\system32\cryptnet.dll
2013-06-12 16:55 . 2013-05-13 03:08        43008        ----a-w-        c:\windows\system32\certenc.dll
2013-06-12 16:54 . 2013-04-17 07:02        1230336        ----a-w-        c:\windows\system32\WindowsCodecs.dll
2013-06-12 16:54 . 2013-05-06 05:06        3968872        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2013-06-12 16:54 . 2013-05-06 05:06        3913576        ----a-w-        c:\windows\system32\ntoskrnl.exe
2013-06-12 16:54 . 2013-05-08 05:38        1293672        ----a-w-        c:\windows\system32\drivers\tcpip.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 11:44 . 2012-07-16 06:26        71048        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-12 11:44 . 2012-07-16 06:26        692104        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2013-04-30 10:26 . 2013-04-30 10:26        745472        ----a-w-        c:\windows\system32\MsSpellCheckingFacility.exe
2013-04-30 10:26 . 2013-04-30 10:26        523264        ----a-w-        c:\windows\system32\vbscript.dll
2013-04-30 10:26 . 2013-04-30 10:26        185344        ----a-w-        c:\windows\system32\elshyph.dll
2013-04-30 10:26 . 2013-04-30 10:26        158720        ----a-w-        c:\windows\system32\msls31.dll
2013-04-30 10:26 . 2013-04-30 10:26        150528        ----a-w-        c:\windows\system32\iexpress.exe
2013-04-30 10:26 . 2013-04-30 10:26        138752        ----a-w-        c:\windows\system32\wextract.exe
2013-04-30 10:26 . 2013-04-30 10:26        137216        ----a-w-        c:\windows\system32\ieUnatt.exe
2013-04-30 10:26 . 2013-04-30 10:26        73728        ----a-w-        c:\windows\system32\SetIEInstalledDate.exe
2013-04-30 10:26 . 2013-04-30 10:26        719360        ----a-w-        c:\windows\system32\mshtmlmedia.dll
2013-04-30 10:26 . 2013-04-30 10:26        61952        ----a-w-        c:\windows\system32\tdc.ocx
2013-04-30 10:26 . 2013-04-30 10:26        48640        ----a-w-        c:\windows\system32\mshtmler.dll
2013-04-30 10:26 . 2013-04-30 10:26        38400        ----a-w-        c:\windows\system32\imgutil.dll
2013-04-30 10:26 . 2013-04-30 10:26        361984        ----a-w-        c:\windows\system32\html.iec
2013-04-30 10:26 . 2013-04-30 10:26        23040        ----a-w-        c:\windows\system32\licmgr10.dll
2013-04-30 10:26 . 2013-04-30 10:26        1441280        ----a-w-        c:\windows\system32\inetcpl.cpl
2013-04-30 10:26 . 2013-04-30 10:26        12800        ----a-w-        c:\windows\system32\mshta.exe
2013-04-30 10:26 . 2013-04-30 10:26        110592        ----a-w-        c:\windows\system32\IEAdvpack.dll
2013-04-13 04:45 . 2013-05-15 06:10        474624        ----a-w-        c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 06:10        2176512        ----a-w-        c:\windows\apppatch\AcGenral.dll
2013-04-12 13:45 . 2013-04-24 17:50        1211752        ----a-w-        c:\windows\system32\drivers\ntfs.sys
2013-04-10 05:18 . 2013-05-15 06:10        728424        ----a-w-        c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 05:18 . 2013-05-15 06:10        218984        ----a-w-        c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 03:14 . 2013-05-15 06:10        2347520        ----a-w-        c:\windows\system32\win32k.sys
2010-05-24 18:39 . 2010-05-24 18:39        43608        ----a-w-        c:\program files\internet explorer\plugins\IMAQActiveXControl.dll
2011-06-09 17:05 . 2011-06-09 17:05        158720        ----a-w-        c:\program files\internet explorer\plugins\LV2010ActiveXControl.dll
2011-06-22 10:44 . 2011-06-22 10:44        158720        ----a-w-        c:\program files\internet explorer\plugins\LV2011ActiveXControl.dll
2009-10-22 08:28 . 2009-10-22 08:28        133920        ----a-w-        c:\program files\internet explorer\plugins\LV82ActiveXControl.dll
2008-12-10 13:50 . 2008-12-10 13:50        118784        ----a-w-        c:\program files\internet explorer\plugins\LV86ActiveXControl.dll
2010-10-19 17:15 . 2010-10-19 17:15        158720        ----a-w-        c:\program files\internet explorer\plugins\LV90ActiveXControl.dll
2013-07-06 13:00 . 2013-07-06 13:00        97208        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NIRegistrationWizard"="c:\users\Tobias Rossmann\Desktop\Studium\Shared\RegistrationWizard\Bin\RegistrationWizard.exe" [2010-06-21 846520]
"WebCake Desktop"="c:\users\Tobias Rossmann\AppData\Roaming\WebCake\WebCakeDesktop.exe" [2013-06-21 47896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-01 98304]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-19 7711264]
"NI Update Service"="c:\users\Tobias Rossmann\Desktop\Studium\Shared\Update Service\NIUpdateService.exe" [2011-06-07 3002976]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"IntelliType Pro"="c:\program files\Microsoft Device Center\itype.exe" [2012-06-26 1109072]
"IntelliPoint"="c:\program files\Microsoft Device Center\ipoint.exe" [2012-06-26 1629280]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-06-20 1568976]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-09-03 348664]
.
c:\users\Tobias Rossmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NI Error Reporting.lnk - c:\users\Tobias Rossmann\Desktop\Studium\Shared\NI Error Reporting\nierserver.exe [2011-6-19 619672]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\BROWSE~1\261339~1.144\{C16C1~1\BrowserDefender.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 ENI Server;ENI Server;c:\users\Tobias Rossmann\Desktop\CoDeSys\CoDeSys ENI Server\ENI.exe [x]
R3 nidimk;nidimk;c:\windows\system32\drivers\nidimkl.sys [2010-06-11 11432]
R3 nipalfwedl;nipalfwedl;c:\windows\system32\drivers\nipalfwedl.sys [2011-02-14 11968]
R3 nipalusbedl;nipalusbedl;c:\windows\system32\drivers\nipalusbedl.sys [2011-02-14 11968]
R3 NiViPciK;NI-VISA PCI Driver;c:\windows\system32\drivers\NiViPciKl.sys [2010-06-23 11432]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 VMC326;Vimicro Camera Service VMC326;c:\windows\system32\Drivers\VMC326.sys [2009-08-10 237696]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\users\Tobias Rossmann\Desktop\Studium\Team Tools\Performance Tools\VSPerfDrv100.sys [2009-12-08 48128]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-10 1343400]
R4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-21 47128]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]
R4 SQLAgent$SQLEXPRESS;SQL Server-Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
S0 nipbcfk;National Instruments Class Upper Filter Driver;c:\windows\System32\drivers\nipbcfk.sys [2010-03-24 15448]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-09-03 36000]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 10752]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-09-02 172032]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2012-09-03 86224]
S2 AntiVirWebService;Avira Browser Schutz;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-09-03 465360]
S2 GPVPNService;gateProtect VPN Service;c:\program files\gateProtect\VPN Client\bin\GPVPNService.exe [2009-11-30 86016]
S2 NIApplicationWebServer;NI Application Web Server;c:\users\Tobias Rossmann\Desktop\Studium\Shared\NI WebServer\ApplicationWebServer.exe [2011-05-27 50336]
S2 niLXIDiscovery;National Instruments LXI Discovery Service;c:\program files\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe [2010-06-23 131776]
S2 nimDNSResponder;National Instruments mDNS Responder Service;c:\users\Tobias Rossmann\Desktop\Studium\Shared\mDNS Responder\nimdnsResponder.exe [2011-06-01 194224]
S2 NINetworkDiscovery;NI Network Discovery;c:\users\Tobias Rossmann\Desktop\Studium\Shared\NI Network Discovery\niDiscSvc.exe [2011-06-10 121032]
S2 NiViPxiK;NI-VISA PXI Driver;c:\windows\system32\drivers\NiViPxiKl.sys [2010-06-23 11432]
S2 Rezip;Rezip;c:\windows\SYSTEM32\Rezip.exe [2009-03-05 311296]
S2 WebCake Desktop Updater;WebCake Desktop Updater;c:\program files\WebCake\WebCakeDesktop.Updater.exe [2013-06-21 23552]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-20 23:38        1165776        ----a-w-        c:\program files\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-07-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-16 11:44]
.
2013-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-15 16:49]
.
2013-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-15 16:49]
.
2013-07-08 c:\windows\Tasks\MATLAB R2011b Startup Accelerator.job
- c:\users\Tobias Rossmann\Desktop\Studium\Regelungstechnik1\Final\bin\win32\MATLABStartupAccelerator.exe [2012-06-07 14:36]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.delta-search.com/?babsrc=HP_ss&mntrId=6C6E0024541AA6C3&affID=120521&tsp=4932
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Tobias Rossmann\AppData\Roaming\Mozilla\Firefox\Profiles\eb85k963.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Delta Search
FF - prefs.js: browser.startup.homepage - hxxp://www.delta-search.com/?babsrc=HP_ss&mntrId=6C6E0024541AA6C3&affID=120521&tsp=4932
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&locale=de_DE&apn_uid=3b5b11f5-155c-4a6f-b77f-3f31c9e22758&apn_ptnrs=%5EABT&apn_sauid=402C6D5E-1B51-437B-AABB-FC9170EE64D1&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q=
FF - ExtSQL: 2013-07-03 18:41; plugin@getwebcake.com; c:\users\Tobias Rossmann\AppData\Roaming\Mozilla\Firefox\Profiles\eb85k963.default\extensions\plugin@getwebcake.com
FF - ExtSQL: 2013-07-03 18:43; ffxtlbr@delta.com; c:\users\Tobias Rossmann\AppData\Roaming\Mozilla\Firefox\Profiles\eb85k963.default\extensions\ffxtlbr@delta.com
FF - user.js: extentions.webcake.installId - 8e451d3b-9014-4ca6-a2ca-b98bd4f6aae6
FF - user.js: extentions.webcake.defaultEnableAppsList - layers,brain/features,newOffers/wc
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - 6c6e06ca0000000000000024541aa6c3
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15889
FF - user.js: extensions.delta.vrsn - 1.8.21.5
FF - user.js: extensions.delta.vrsni - 1.8.21.5
FF - user.js: extensions.delta.vrsnTs - 1.8.21.518:43
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - de
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=120521&tsp=4932
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
HKCU-Run-syshost32 - c:\users\Tobias Rossmann\AppData\Local\{195FA8DB-7AD9-07B3-62C6-37234284098A}\syshost.exe
HKLM-Run-ENISysTray - c:\users\Tobias Rossmann\Desktop\CoDeSys\CoDeSys ENI Server\ENISysTray.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
AddRemove-PDF Blender - c:\users\Tobias Rossmann\Desktop\pdfzusammenfügen\PDF Blender\uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\lkads.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\users\Tobias Rossmann\Desktop\Studium\MAX\nimxs.exe
c:\users\Tobias Rossmann\Desktop\Studium\Shared\Security\nidmsrv.exe
c:\users\Tobias Rossmann\Desktop\Studium\Shared\NI WebServer\SystemWebServer.exe
c:\users\Tobias Rossmann\Desktop\Studium\Shared\Tagger\tagsrv.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\lkcitdl.exe
c:\windows\system32\lktsrv.exe
c:\program files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
c:\program files\Samsung\Samsung Support Center\SSCKbdHk.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conhost.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-07-08  18:30:50 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-07-08 16:30
.
Vor Suchlauf: 10 Verzeichnis(se), 18.236.530.688 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 18.958.319.616 Bytes frei
.
- - End Of File - - 01E4213158A24A4E4E6778B1AF032990

--- --- ---
2E5DEBB2116B3417023E0D6562D7ED07

cosinus 09.07.2013 22:42
Rootkitscan mit GMER

Bitte lade dir GMER Rootkit Scanner GMER herunter: (Dateiname zufällig)
  • Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
  • Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Entferne rechts den Haken bei: IAT/EAT und Show All
  • Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
  • Starte den Scan mit "Scan".
  • Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!


Tauchen Probleme auf?
  • Probiere alternativ den abgesicherten Modus.
  • Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.


Anschließend bitte MBAR ausführen:

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Tobi R. 12.07.2013 17:46
Ich kann Malwarebytes Anti-Root-Kit nicht öffnen. Wenn ich auf deinen Link klicke, muss ich wahrscheinlich etwas weiter unten auf dieses Pferd klicken wo rechts daneben der HTML und der BB-Code stehen, richtig? Wenn ich da drauf klicke passiert einfach nichts.

Gleiche Problem hatte ich mit GMER. Mit deinem zusätzlichen Link "(Dateiname zufällig)" hat es aber dann problemlos geklappt.

viele Grüße,
Tobi

cosinus 14.07.2013 17:09
Und wo ist das Log von GMER?

MBAR bitte mal von hier laden => http://downloads.malwarebytes.org/file/mbar

Tobi R. 24.07.2013 15:13
Entschuldige nochmals meine verspätete Antwort. Während des Prüfungsstress ist auch noch mein Internet ausgefallen. (1&1 hatte irgend ein Systemupdate was unserem Router nicht so gefallen hat)
Gestern war meine letzte Prüfung, und ein neuer Router ist nun auch da.

Der Clean-up-Button ist bei mir nicht zum anklicken, steht also nur so am linken Rand.
An der Stelle wo der Neustart hätte erfolgen müssen kam die Meldung
"
Cleanup:
Congratulations, no cleanup is required

Scan Finished: No malware found! (mit grünem Haken dahinter)
"
habe dann auf "Exit" geklickt (alternativ hätte ich nur noch "Previous" klicken können)

hier das Logfile von GMER:

Code:

GMER Logfile:

       
Code:

       
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-07-12 18:36:38
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HM320II rev.2AC101C4 298,09GB
Running: tihiug6r.exe; Driver: C:\Users\TOBIAS~1\AppData\Local\Temp\fwddrfog.sys


---- System - GMER 2.1 ----

SSDT            8E90B5A6                                                                                                                ZwCreateSection
SSDT            8E90B5B0                                                                                                                ZwRequestWaitReplyPort
SSDT            8E90B5AB                                                                                                                ZwSetContextThread
SSDT            8E90B5B5                                                                                                                ZwSetSecurityObject
SSDT            8E90B5BA                                                                                                                ZwSystemDebugControl
SSDT            8E90B547                                                                                                                ZwTerminateProcess

---- Kernel code sections - GMER 2.1 ----

.text           ntoskrnl.exe!ZwRollbackEnlistment + 1409                                                                                8308A9E5 1 Byte  [06]
.text           ntoskrnl.exe!KiDispatchInterrupt + 5A2                                                                                  830AA512 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntoskrnl.exe!KeRemoveQueueEx + 14BF                                                                                     830B1AB4 4 Bytes  [A6, B5, 90, 8E]
.text           ntoskrnl.exe!KeRemoveQueueEx + 181B                                                                                     830B1E10 4 Bytes  [B0, B5, 90, 8E]
.text           ntoskrnl.exe!KeRemoveQueueEx + 185F                                                                                     830B1E54 4 Bytes  [AB, B5, 90, 8E]
.text           ntoskrnl.exe!KeRemoveQueueEx + 18DB                                                                                     830B1ED0 4 Bytes  [B5, B5, 90, 8E]
.text           ntoskrnl.exe!KeRemoveQueueEx + 192F                                                                                     830B1F24 4 Bytes  [BA, B5, 90, 8E]
.text           ...                                                                                                                    
.text           C:\windows\system32\DRIVERS\atikmdag.sys                                                                                section is writeable [0x93817000, 0x2DEB7A, 0xE8000020]

---- Devices - GMER 2.1 ----

AttachedDevice  \FileSystem\fastfat \Fat                                                                                                fltmgr.sys

---- Registry - GMER 2.1 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002269e276d4                                            
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002269e279d5                                            
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00242cf91ac0                                            
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002269e276d4 (not active ControlSet)                        
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002269e279d5 (not active ControlSet)                        
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00242cf91ac0 (not active ControlSet)                        
Reg             HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{5DD7EBAF-A38F-11DE-AC75-806E6F6E6963}  7955156856

---- Disk sectors - GMER 2.1 ----

Disk            \Device\Harddisk0\DR0                                                                                                   unknown MBR code

---- EOF - GMER 2.1 ----

--- --- ---
viele Grüße,
Tobi

cosinus 24.07.2013 15:17
Bitte die Logs von Malwarebytes (mbar) immer posten

Tobi R. 24.07.2013 15:57
entschuldige, ich dachte dummerweiße dass gar kein file erzeugt wurde da kein Neustart erfolgte.

Code:

Malwarebytes Anti-Rootkit BETA 1.06.0.1004
www.malwarebytes.org

Database version: v2013.07.24.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16635
Tobias Rossmann :: TOBIASROSSMANN [administrator]

24.07.2013 15:40:36
mbar-log-2013-07-24 (15-40-36).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 246410
Time elapsed: 23 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

cosinus 25.07.2013 02:22
JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).



Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.

Tobi R. 28.07.2013 11:22
Hier die Datei JRT.txt


Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.2.5 (07.26.2013:2)
OS: Windows 7 Home Premium x86
Ran by Tobias Rossmann on 28.07.2013 at 11:36:30,41
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Failed to stop: [Service] webcake desktop updater



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\apnupdater
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\webcake desktop
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-1016556084-3091970497-507946437-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\escort.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\escortapp.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\escorteng.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\escortlbr.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\esrv.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\genericasktoolbar.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\webcakeieclient.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\{09c554c3-109b-483c-a06b-f14172f1a947}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\{39cb8175-e224-4446-8746-00566302df8d}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\{4e1e9d45-8bf9-4139-915c-9f83cc3d5921}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\{7169bbb3-3289-4696-b35d-4a88bcf6fb12}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\{b12e99ed-69bd-437c-86be-c862b9e5444d}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\{c26644c4-2a12-4ca6-8f2e-0ede6cf018f3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\{d7ee8177-d51e-4f89-92b6-83ea2ec40800}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{261dd098-8a3e-43d4-87aa-63324fa897d8}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{4fcb4630-2a1c-4aa1-b422-345e8dc8a6de}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{86838207-681d-469d-9511-d0dcc6f19f9b}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{a0b10ebe-4e51-4cae-949b-e6b9e7d68cea}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{af6b0594-6008-4327-93e5-608ad710a6fa}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{bb975e58-e769-4e5a-ba12-b765bc559ff3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{df84e609-c3a4-49cb-a160-61767daf8899}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{e97a663b-81a6-49c5-a6d3-bcb05ba1de26}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{f511afdb-726e-4458-90e7-1ecb97406544}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\clsid\{fb684d26-01f4-4d9d-87cb-f486beba56dc}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\escort.escortiepane
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\escort.escortiepane.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\interface\{0afd55c8-adf8-4a33-a6e1-dedb7a36aeb4}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\interface\{df84e609-c3a4-49cb-a160-61767daf8899}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\typelib\{39cb8175-e224-4446-8746-00566302df8d}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\typelib\{d7ee8177-d51e-4f89-92b6-83ea2ec40800}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\webcakeieclient.api
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\webcakeieclient.api.1
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\babsolution
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\datamngr_toolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\delta
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\delta
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\delta ltd
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\domaiq
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installcore
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\optimizer pro
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\windows\currentversion\ext\bprotectsettings
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\clsid\{fb684d26-01f4-4d9d-87cb-f486beba56dc}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\delta.deltaappcore
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\delta.deltaappcore.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\esrv.deltaesrvc
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\esrv.deltaesrvc.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\features\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\products\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\askpartnercobrandingtool_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\askpartnercobrandingtool_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\webcakedesktop_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\webcakedesktop_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT2269050
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3CABF988-1FE2-420A-B03D-20092295B650}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}



~~~ Files

Successfully deleted: [File] "C:\Users\Tobias Rossmann\desktop\optimizer pro.lnk"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\ProgramData\browserdefender"
Successfully deleted: [Folder] "C:\ProgramData\partner"
Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\Users\Tobias Rossmann\AppData\Roaming\babsolution"
Successfully deleted: [Folder] "C:\Users\Tobias Rossmann\AppData\Roaming\babylon"
Successfully deleted: [Folder] "C:\Users\Tobias Rossmann\AppData\Roaming\delta"
Successfully deleted: [Folder] "C:\Users\Tobias Rossmann\AppData\Roaming\dvdvideosoftiehelpers"
Successfully deleted: [Folder] "C:\Users\Tobias Rossmann\AppData\Roaming\optimizer pro"
Successfully deleted: [Folder] "C:\Users\Tobias Rossmann\AppData\Roaming\webcake"
Successfully deleted: [Folder] "C:\Users\Tobias Rossmann\appdata\local\apn"
Successfully deleted: [Folder] "C:\Users\Tobias Rossmann\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\Tobias Rossmann\appdata\locallow\delta"
Successfully deleted: [Folder] "C:\Program Files\conduit"
Successfully deleted: [Folder] "C:\Program Files\delta"
Successfully deleted: [Folder] "C:\Program Files\icq6toolbar"
Successfully deleted: [Folder] "C:\Program Files\optimizer pro"
Successfully deleted: [Folder] "C:\Program Files\webcake"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro"
Successfully deleted: [Empty Folder] C:\Users\Tobias Rossmann\appdata\local\{195FA8DB-7AD9-07B3-62C6-37234284098A}



~~~ FireFox

Successfully deleted: [File] C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\firefox\profiles\eb85k963.default\user.js
Successfully deleted: [File] C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\firefox\profiles\eb85k963.default\bprotector_extensions.sqlite
Successfully deleted: [File] C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\firefox\profiles\eb85k963.default\bprotector_prefs.js
Successfully deleted: [File] C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\firefox\profiles\eb85k963.default\searchplugins\babylon.xml
Successfully deleted: [File] C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\firefox\profiles\eb85k963.default\searchplugins\conduit.xml
Successfully deleted: [File] C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\firefox\profiles\eb85k963.default\searchplugins\delta.xml
Successfully deleted: [Folder] C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\firefox\profiles\eb85k963.default\winamptoolbardata
Successfully deleted: [Folder] C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\firefox\profiles\eb85k963.default\extensions\ffxtlbr@delta.com
Successfully deleted: [Folder] C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\firefox\profiles\eb85k963.default\extensions\staged
Successfully deleted: [Folder] C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\firefox\profiles\eb85k963.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
Successfully deleted the following from C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\firefox\profiles\eb85k963.default\prefs.js

user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
user_pref("CT2269050.CTID", "CT2269050");
user_pref("CT2269050.CurrentServerDate", "6-10-2010");
user_pref("CT2269050.DialogsAlignMode", "LTR");
user_pref("CT2269050.DownloadReferralCookieData", "");
user_pref("CT2269050.EMailNotifierPollDate", "Wed Oct 06 2010 19:49:51 GMT+0200");
user_pref("CT2269050.ExternalComponentPollDate8877840225553681985", "Fri Sep 24 2010 13:08:02 GMT+0200");
user_pref("CT2269050.FirstServerDate", "24-9-2010");
user_pref("CT2269050.FirstTime", true);
user_pref("CT2269050.FirstTimeFF3", true);
user_pref("CT2269050.FirstTimeSettingsDone", true);
user_pref("CT2269050.FixPageNotFoundErrors", true);
user_pref("CT2269050.GroupingServerCheckInterval", 1440);
user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
user_pref("CT2269050.Initialize", true);
user_pref("CT2269050.InitializeCommonPrefs", true);
user_pref("CT2269050.InstallationAndCookieDataSentCount", 3);
user_pref("CT2269050.InstalledDate", "Sun Jan 17 2010 12:32:49 GMT+0100");
user_pref("CT2269050.InvalidateCache", false);
user_pref("CT2269050.IsGrouping", false);
user_pref("CT2269050.IsMulticommunity", false);
user_pref("CT2269050.IsOpenThankYouPage", false);
user_pref("CT2269050.IsOpenUninstallPage", false);
user_pref("CT2269050.LanguagePackLastCheckTime", "Wed Oct 06 2010 19:44:55 GMT+0200");
user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440);
user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
user_pref("CT2269050.LastLogin_2.4.0.4", "Sun Mar 14 2010 13:38:50 GMT+0100");
user_pref("CT2269050.LastLogin_2.7.2.0", "Wed Oct 06 2010 19:44:51 GMT+0200");
user_pref("CT2269050.LatestVersion", "2.7.2.0");
user_pref("CT2269050.Locale", "en");
user_pref("CT2269050.LoginCache", 4);
user_pref("CT2269050.MCDetectTooltipHeight", "83");
user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
user_pref("CT2269050.MCDetectTooltipWidth", "295");
user_pref("CT2269050.RadioIsPodcast", false);
user_pref("CT2269050.RadioLastCheckTime", "Wed Oct 06 2010 19:44:51 GMT+0200");
user_pref("CT2269050.RadioLastUpdateIPServer", "3");
user_pref("CT2269050.RadioLastUpdateServer", "129132338014870000");
user_pref("CT2269050.RadioMediaID", "12473383");
user_pref("CT2269050.RadioMediaType", "Media Player");
user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383");
user_pref("CT2269050.RadioStationName", "Hotmix%20108");
user_pref("CT2269050.RadioStationURL", "hxxp://67.202.67.18:8082");
user_pref("CT2269050.SHRINK_TOOLBAR", 1);
user_pref("CT2269050.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT2269050&octid=EB_ORIGINAL_CTID&SearchSource=1");
user_pref("CT2269050.SearchFromAddressBarIsInit", true);
user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q=");
user_pref("CT2269050.SearchInNewTabEnabled", true);
user_pref("CT2269050.SearchInNewTabIntervalMM", 1440);
user_pref("CT2269050.SearchInNewTabLastCheckTime", "Wed Oct 06 2010 19:44:51 GMT+0200");
user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
user_pref("CT2269050.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
user_pref("CT2269050.SettingsCheckIntervalMin", 120);
user_pref("CT2269050.SettingsLastCheckTime", "Wed Oct 06 2010 19:44:50 GMT+0200");
user_pref("CT2269050.SettingsLastUpdate", "1285583098");
user_pref("CT2269050.ThirdPartyComponentsInterval", 504);
user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Fri Sep 24 2010 13:08:02 GMT+0200");
user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1267632738");
user_pref("CT2269050.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=101&sealid=112");
user_pref("CT2269050.UserID", "UN83714726142160359");
user_pref("CT2269050.ValidationData_Search", 1);
user_pref("CT2269050.ValidationData_Toolbar", 2);
user_pref("CT2269050.WeatherNetwork", "");
user_pref("CT2269050.WeatherPollDate", "Wed Oct 06 2010 19:44:52 GMT+0200");
user_pref("CT2269050.WeatherUnit", "C");
user_pref("CT2269050.alertChannelId", "666138");
user_pref("CT2269050.backendstorage.hxxp://cmg1_conduit-widgets_com/pitsi.state", "4F50454E");
user_pref("CT2269050.clientLogIsEnabled", true);
user_pref("CT2269050.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
user_pref("CT2269050.myStuffEnabled", true);
user_pref("CT2269050.myStuffPublihserMinWidth", 400);
user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
user_pref("CT2269050.myStuffServiceIntervalMM", 1440);
user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
user_pref("CT2269050.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://slirsredirect.search.aol.com/slirs_hxxp/sredir?sredir=2685&invocationType=tb50ffwinampab&query=");
user_pref("CommunityToolbar.ToolbarsList", "CT2269050");
user_pref("CommunityToolbar.ToolbarsList2", "CT2269050");
user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Wed Oct 06 2010 19:44:51 GMT+0200");
user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2269050");
user_pref("browser.newtab.url", "hxxp://www.delta-search.com/?babsrc=NT_ss&mntrId=6C6E0024541AA6C3&affID=120521&tsp=4932");
user_pref("browser.search.defaultengine", "Ask.com");
user_pref("browser.search.defaultenginename", "Ask.com");
user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}");
user_pref("browser.search.order.1", "Delta Search");
user_pref("browser.search.selectedEngine", "Delta Search");
user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?babsrc=HP_ss_din2g&mntrId=6C6E0024541AA6C3&affID=120521&tsp=4932");
user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q=");
user_pref("extensions.delta.admin", false);
user_pref("extensions.delta.aflt", "babsst");
user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
user_pref("extensions.delta.autoRvrt", "false");
user_pref("extensions.delta.bbDpng", "12");
user_pref("extensions.delta.cntry", "DE");
user_pref("extensions.delta.dfltLng", "de");
user_pref("extensions.delta.excTlbr", false);
user_pref("extensions.delta.ffxUnstlRst", true);
user_pref("extensions.delta.hdrMd5", "6C1B284AD4B5DD4003CAAC7FE0F941A3");
user_pref("extensions.delta.id", "6c6e06ca0000000000000024541aa6c3");
user_pref("extensions.delta.instlDay", "15889");
user_pref("extensions.delta.instlRef", "sst");
user_pref("extensions.delta.lastVrsnTs", "1.8.21.518:43:25");
user_pref("extensions.delta.newTab", false);
user_pref("extensions.delta.prdct", "delta");
user_pref("extensions.delta.prtnrId", "delta");
user_pref("extensions.delta.rvrt", "false");
user_pref("extensions.delta.sg", "azb");
user_pref("extensions.delta.smplGrp", "azb");
user_pref("extensions.delta.tlbrId", "base");
user_pref("extensions.delta.tlbrSrchUrl", "");
user_pref("extensions.delta.vrsn", "1.8.21.5");
user_pref("extensions.delta.vrsnTs", "1.8.21.518:43:25");
user_pref("extensions.delta.vrsni", "1.8.21.5");
user_pref("extensions.delta_i.babExt", "");
user_pref("extensions.delta_i.babTrack", "affID=120521&tsp=4932");
user_pref("extensions.delta_i.srcExt", "ss");
user_pref("extensions.newAddons", "plugin@getwebcake.com,ffxtlbr@delta.com");
user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&locale=de_DE&apn_uid=3b5b11f5-155c-4a6f-b77f-3f31c9e22758&apn_ptnrs=%5EABT&apn
user_pref("winamp_toolbar.search.searchtype", "web");
Emptied folder: C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\firefox\profiles\eb85k963.default\minidumps [2 files]



~~~ Chrome

Successfully deleted: [Folder] C:\Users\Tobias Rossmann\appdata\local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Successfully deleted: [Folder] C:\Users\Tobias Rossmann\appdata\local\Google\Chrome\User Data\Default\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 28.07.2013 at 11:39:21,85
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Hier die Datei AdwCleaner[S1].txt

AdwCleaner Logfile:
Code:
# AdwCleaner v2.306 - Datei am 28/07/2013 um 11:41:47 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : Tobias Rossmann - TOBIASROSSMANN
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Tobias Rossmann\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****

Gestoppt & Gelöscht : WebCake Desktop Updater

***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\Tobias Rossmann\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
Datei Gelöscht : C:\Users\Tobias Rossmann\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
Datei Gelöscht : C:\Users\Tobias Rossmann\AppData\Roaming\Mozilla\Firefox\Profiles\eb85k963.default\bProtector_extensions.rdf
Datei Gelöscht : C:\Users\Tobias Rossmann\AppData\Roaming\Mozilla\Firefox\Profiles\eb85k963.default\searchplugins\icqplugin.xml
Datei Gelöscht : C:\Users\Tobias Rossmann\AppData\Roaming\Mozilla\Firefox\Profiles\eb85k963.default\searchplugins\icqplugin-1.xml
Datei Gelöscht : C:\Users\Tobias Rossmann\AppData\Roaming\Mozilla\Firefox\Profiles\eb85k963.default\searchplugins\icqplugin-10.xml
Datei Gelöscht : C:\Users\Tobias Rossmann\AppData\Roaming\Mozilla\Firefox\Profiles\eb85k963.default\searchplugins\icqplugin-2.xml
Datei Gelöscht : C:\Users\Tobias Rossmann\AppData\Roaming\Mozilla\Firefox\Profiles\eb85k963.default\searchplugins\icqplugin-3.xml
Datei Gelöscht : C:\Users\Tobias Rossmann\AppData\Roaming\Mozilla\Firefox\Profiles\eb85k963.default\searchplugins\icqplugin-4.xml
Datei Gelöscht : C:\Users\Tobias Rossmann\AppData\Roaming\Mozilla\Firefox\Profiles\eb85k963.default\searchplugins\icqplugin-5.xml
Datei Gelöscht : C:\Users\Tobias Rossmann\AppData\Roaming\Mozilla\Firefox\Profiles\eb85k963.default\searchplugins\icqplugin-6.xml
Datei Gelöscht : C:\Users\Tobias Rossmann\AppData\Roaming\Mozilla\Firefox\Profiles\eb85k963.default\searchplugins\icqplugin-7.xml
Datei Gelöscht : C:\Users\Tobias Rossmann\AppData\Roaming\Mozilla\Firefox\Profiles\eb85k963.default\searchplugins\icqplugin-8.xml
Datei Gelöscht : C:\Users\Tobias Rossmann\AppData\Roaming\Mozilla\Firefox\Profiles\eb85k963.default\searchplugins\icqplugin-9.xml
Ordner Gelöscht : C:\Program Files\Ask.com
Ordner Gelöscht : C:\Program Files\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\Users\Tobias Rossmann\AppData\Local\AskToolbar
Ordner Gelöscht : C:\Users\Tobias Rossmann\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\Tobias Rossmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
Ordner Gelöscht : C:\Users\Tobias Rossmann\AppData\Roaming\Mozilla\Firefox\Profiles\eb85k963.default\Conduit
Ordner Gelöscht : C:\Users\Tobias Rossmann\AppData\Roaming\Mozilla\Firefox\Profiles\eb85k963.default\CT2269050
Ordner Gelöscht : C:\Users\Tobias Rossmann\AppData\Roaming\Mozilla\Firefox\Profiles\eb85k963.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
Ordner Gelöscht : C:\Users\Tobias Rossmann\AppData\Roaming\Mozilla\Firefox\Profiles\eb85k963.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
Ordner Gelöscht : C:\Users\Tobias Rossmann\AppData\Roaming\Mozilla\Firefox\Profiles\eb85k963.default\extensions\plugin@getwebcake.com
Ordner Gelöscht : C:\windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\5d55d88cb43abf10
Schlüssel Gelöscht : HKCU\Software\a6efa49133e92ad0
Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\Ask.com.tmp
Schlüssel Gelöscht : HKCU\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF6B0594-6008-4327-93E5-608AD710A6FA}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKLM\SOFTWARE\5d55d88cb43abf10
Schlüssel Gelöscht : HKLM\Software\APN
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaangaohdajkgeopjhpbnlpkehbhmbj
Schlüssel Gelöscht : HKLM\Software\ICQ\ICQToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F994E0D9-8335-48F1-99C2-A712C21F8D5F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AF6B0594-6008-4327-93E5-608AD710A6FA}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2BDF3E992C0908741B7C11F4B4E0F775
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B3BC4CF5ECE1F54BBA174C13A1AB907
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D0E499F53381f84992C7A212CF1D8F5
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BAE2ED018083A4C8DA86D6E3F4B024
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEABAA33A5E68374DBF197F2A00CD011
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB61AF52AD64B6B45930BE969F316720
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16635

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com

-\\ Mozilla Firefox v12.0 (de)

Datei : C:\Users\Tobias Rossmann\AppData\Roaming\Mozilla\Firefox\Profiles\eb85k963.default\prefs.js

Gelöscht : user_pref("extensions.enabledAddons", "ffxtlbr@delta.com:1.5.0,plugin@getwebcake.com:1.00.01,{195A30[...]
Gelöscht : user_pref("icqtoolbar.allowSendURL", false);
Gelöscht : user_pref("icqtoolbar.engineVerified", false);
Gelöscht : user_pref("icqtoolbar.hiddenElements", "itb_options");
Gelöscht : user_pref("icqtoolbar.history", "youtube%20spielt%20nicht%20ab||youtube||viva%20kibera||trucks%20ven[...]
Gelöscht : user_pref("icqtoolbar.installsource", "1");
Gelöscht : user_pref("icqtoolbar.numberOfSearches", 0);
Gelöscht : user_pref("icqtoolbar.previousFFVersion", "3.6.26");
Gelöscht : user_pref("icqtoolbar.skip_default_search", "no");
Gelöscht : user_pref("icqtoolbar.suggestions", false);
Gelöscht : user_pref("icqtoolbar.uniqueID", "126341074112634107351263411779122");
Gelöscht : user_pref("icqtoolbar.usageStatstTimestamp", 1372252489);
Gelöscht : user_pref("icqtoolbar.version", "1.1.5");
Gelöscht : user_pref("icqtoolbar.xmlEnableSuggestions", false);
Gelöscht : user_pref("icqtoolbar.xmlLanguage", "de");
Gelöscht : user_pref("winamp_toolbar.buttons.layout", "skins_btn_wa;plugins_btn_wa;shout_btn_wa;video_btn_wa;ai[...]
Gelöscht : user_pref("winamp_toolbar.firsttime.showwindow", false);
Gelöscht : user_pref("winamp_toolbar.install.lastTbVersion", "5.6.12.1");
Gelöscht : user_pref("winamp_toolbar.metrics.activestampdate", "26");
Gelöscht : user_pref("winamp_toolbar.metrics.activestampmonth", "5");
Gelöscht : user_pref("winamp_toolbar.metrics.activestampyear", "2013");
Gelöscht : user_pref("winamp_toolbar.metrics.originalDate", "16");
Gelöscht : user_pref("winamp_toolbar.metrics.originalHours", "16");
Gelöscht : user_pref("winamp_toolbar.metrics.originalMinutes", "20");
Gelöscht : user_pref("winamp_toolbar.metrics.originalMonth", "1");
Gelöscht : user_pref("winamp_toolbar.metrics.originalSeconds", "1");
Gelöscht : user_pref("winamp_toolbar.metrics.originalYear", "2010");
Gelöscht : user_pref("winamp_toolbar.search.populateoncomplete", false);
Gelöscht : user_pref("winamp_toolbar.search.source", "tb50ffwinamp");
Gelöscht : user_pref("winamp_toolbar.strbundle.msg", "Winamp Toolbar");
Gelöscht : user_pref("winamp_toolbar.upgrade.showwindow", false);
Gelöscht : user_pref("winamp_toolbar.winamp.appversion", "-1");
Gelöscht : user_pref("winamp_toolbar.winamp.artist", "");
Gelöscht : user_pref("winamp_toolbar.winamp.title", "-999999");
Gelöscht : user_pref("winamp_toolbar.winamp.tracklength", "-999999");
Gelöscht : user_pref("winamp_toolbar.winamp.tracktime", "-999999");
Gelöscht : user_pref("winamp_toolbar.winamp.volume", "0");

-\\ Google Chrome v28.0.1500.72

Datei : C:\Users\Tobias Rossmann\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gelöscht [l.27] : icon_url = "hxxp://www.babylon.com/favicon.ico",
Gelöscht [l.30] : keyword = "babylon.com",
Gelöscht [l.34] : search_url = "hxxp://search.babylon.com/?q={searchTerms}&babsrc=SP_ss_din2g&mntrId=6C6E002454[...]
Gelöscht [l.1984] : homepage = "hxxp://search.babylon.com/?babsrc=HP_ss_din2g&mntrId=6C6E0024541AA6C3&affID=120521&t[...]
Gelöscht [l.2541] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?babsrc=HP_ss_din2g&mntrId=6C6E0024[...]

*************************

AdwCleaner[S1].txt - [13733 octets] - [28/07/2013 11:41:47]

########## EOF - C:\AdwCleaner[S1].txt - [13794 octets] ##########
--- --- ---


[/CODE]

Und zum Schluss die Dateien von OTL :daumenhoc

OTL Logfile:
Code:
OTL logfile created on: 7/28/2013 11:56:39 AM - Run 2
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Tobias Rossmann\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.97 Gb Total Physical Memory | 1.43 Gb Available Physical Memory | 48.27% Memory free
5.93 Gb Paging File | 4.26 Gb Available in Paging File | 71.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 141.49 Gb Total Space | 21.00 Gb Free Space | 14.84% Space Free | Partition Type: NTFS
Drive D: | 141.50 Gb Total Space | 136.43 Gb Free Space | 96.42% Space Free | Partition Type: NTFS
 
Computer Name: TOBIASROSSMANN | User Name: Tobias Rossmann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Tobias Rossmann\Downloads\OTL (1).exe (OldTimer Tools)
PRC - C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Windows\System32\consent.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Microsoft Device Center\ipoint.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Device Center\itype.exe (Microsoft Corporation)
PRC - C:\Users\Tobias Rossmann\Desktop\Studium\Shared\NI Error Reporting\nierserver.exe (National Instruments Corporation)
PRC - C:\Users\Tobias Rossmann\Desktop\Studium\MAX\nimxs.exe (National Instruments Corporation)
PRC - C:\Users\Tobias Rossmann\Desktop\Studium\Shared\Tagger\tagsrv.exe (National Instruments Corporation)
PRC - C:\Users\Tobias Rossmann\Desktop\Studium\Shared\Security\nidmsrv.exe (National Instruments Corporation)
PRC - C:\Windows\System32\lktsrv.exe (National Instruments Corporation)
PRC - C:\Windows\System32\lkads.exe (National Instruments Corporation)
PRC - C:\Users\Tobias Rossmann\Desktop\Studium\Shared\NI Network Discovery\niDiscSvc.exe (National Instruments Corporation)
PRC - C:\Users\Tobias Rossmann\Desktop\Studium\Shared\mDNS Responder\nimdnsResponder.exe (National Instruments Corporation)
PRC - C:\Users\Tobias Rossmann\Desktop\Studium\Shared\NI WebServer\SystemWebServer.exe (National Instruments Corporation)
PRC - C:\Users\Tobias Rossmann\Desktop\Studium\Shared\NI WebServer\ApplicationWebServer.exe (National Instruments Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Windows\System32\lkcitdl.exe (National Instruments, Inc.)
PRC - C:\Program Files\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe (National Instruments Corporation)
PRC - C:\Program Files\gateProtect\VPN Client\bin\GPVPNService.exe ()
PRC - C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe (SAMSUNG Electronics)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe (SEC)
PRC - C:\Windows\System32\PrintIsolationHost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\Rezip.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\Google\Chrome\Application\28.0.1500.72\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files\Google\Chrome\Application\28.0.1500.72\pdf.dll ()
MOD - C:\Program Files\Google\Chrome\Application\28.0.1500.72\libglesv2.dll ()
MOD - C:\Program Files\Google\Chrome\Application\28.0.1500.72\libegl.dll ()
MOD - C:\Program Files\Google\Chrome\Application\28.0.1500.72\ffmpegsumo.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\c57eba08ab60f48e7d57228849d92a34\System.Web.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\89fe719039385377f6b5ad8d0070aa6b\System.Runtime.Remoting.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\178644ab40108f3becd8b91049a254c3\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\bfa7a95284aec941f4b03bae0debe07c\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\32066405eb9ab14056b2af3115d2a6de\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\9e24b9ffd816c0c90efc4d3fc9fd745f\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\187c13e8967097d2ed1e5f123e7d890a\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll ()
MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Users\Tobias Rossmann\Desktop\Studium\Shared\NI Error Reporting\niwsrp.dll ()
MOD - C:\windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()
MOD - C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3531.38495__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Wizard\2.0.3531.38598__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Wizard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3531.38570__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3531.38481__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3531.38537__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3531.38501__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3531.38570__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3531.38538__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3531.38551__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3531.38490__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3531.38533__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3531.38537__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3531.38571__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3531.38569__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3531.38524__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3531.38490__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3531.38595__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3531.38526__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3531.38502__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3531.38546__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3531.38532__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3531.38506__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3531.38501__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3531.38530__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3531.38525__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3531.38530__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3531.38505__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3531.38525__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3531.38520__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3531.38524__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3531.38525__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3531.38531__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3498.37534__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3498.37533__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3498.37558__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3498.37615__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3498.37612__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3498.37554__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3498.37610__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3498.37541__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3498.37518__90ba9c70f846762e\CLI.Foundation.dll ()
MOD - C:\windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll ()
MOD - C:\windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3498.37515__90ba9c70f846762e\LOG.Foundation.dll ()
MOD - C:\windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3498.37517__90ba9c70f846762e\NEWAEM.Foundation.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3498.37674__90ba9c70f846762e\CLI.Foundation.XManifest.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3498.37536__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3498.37540__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3498.37526__90ba9c70f846762e\CLI.Component.Client.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3498.37551__90ba9c70f846762e\MOM.Foundation.dll ()
MOD - C:\windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll ()
MOD - C:\windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3498.37571__90ba9c70f846762e\DEM.Graphics.dll ()
MOD - C:\windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3498.37544__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3498.37574__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3498.37547__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3498.37579__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3498.37582__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3498.37603__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3498.37602__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3498.37575__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3498.37580__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3498.37555__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3531.38593__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3498.37583__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3498.37578__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3498.37577__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3531.38575__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3498.37582__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3498.37557__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3498.37572__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3498.37552__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\APM.Foundation\2.0.3498.37553__90ba9c70f846762e\APM.Foundation.dll ()
MOD - C:\windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3498.37535__90ba9c70f846762e\AEM.Server.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3531.38478__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll ()
MOD - C:\windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3531.38565__90ba9c70f846762e\MOM.Implementation.dll ()
MOD - C:\windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3531.38563__90ba9c70f846762e\LOG.Foundation.Implementation.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3498.37522__90ba9c70f846762e\CLI.Foundation.Private.dll ()
MOD - C:\windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3498.37528__90ba9c70f846762e\LOG.Foundation.Private.dll ()
MOD - C:\windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3498.37531__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll ()
MOD - C:\windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3498.37547__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3531.38559__90ba9c70f846762e\CLI.Component.Systemtray.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3531.38495__90ba9c70f846762e\CLI.Component.Wizard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3531.38480__90ba9c70f846762e\CLI.Component.SkinFactory.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3531.38479__90ba9c70f846762e\CLI.Component.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3498.37546__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3498.37548__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3531.38486__90ba9c70f846762e\CLI.Component.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3498.37538__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll ()
MOD - C:\windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3498.37549__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3498.37585__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3531.38565__90ba9c70f846762e\CCC.Implementation.dll ()
MOD - C:\windows\assembly\GAC_MSIL\APM.Server\2.0.3531.38477__90ba9c70f846762e\APM.Server.dll ()
MOD - C:\windows\assembly\GAC_MSIL\AEM.Server\2.0.3531.38478__90ba9c70f846762e\AEM.Server.dll ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (ENI Server) -- C:\Users\Tobias Rossmann\Desktop\CoDeSys\CoDeSys ENI Server\ENI.exe File not found
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (mxssvr) -- C:\Users\Tobias Rossmann\Desktop\Studium\MAX\nimxs.exe (National Instruments Corporation)
SRV - (NITaggerService) -- C:\Users\Tobias Rossmann\Desktop\Studium\Shared\Tagger\tagsrv.exe (National Instruments Corporation)
SRV - (NIDomainService) -- C:\Users\Tobias Rossmann\Desktop\Studium\Shared\Security\nidmsrv.exe (National Instruments Corporation)
SRV - (lkTimeSync) -- C:\Windows\System32\lktsrv.exe (National Instruments Corporation)
SRV - (lkClassAds) -- C:\Windows\System32\lkads.exe (National Instruments Corporation)
SRV - (NINetworkDiscovery) -- C:\Users\Tobias Rossmann\Desktop\Studium\Shared\NI Network Discovery\niDiscSvc.exe (National Instruments Corporation)
SRV - (nimDNSResponder) -- C:\Users\Tobias Rossmann\Desktop\Studium\Shared\mDNS Responder\nimdnsResponder.exe (National Instruments Corporation)
SRV - (niSvcLoc) -- C:\Users\Tobias Rossmann\Desktop\Studium\Shared\NI WebServer\SystemWebServer.exe (National Instruments Corporation)
SRV - (NIApplicationWebServer) -- C:\Users\Tobias Rossmann\Desktop\Studium\Shared\NI WebServer\ApplicationWebServer.exe (National Instruments Corporation)
SRV - (LkCitadelServer) -- C:\Windows\System32\lkcitdl.exe (National Instruments, Inc.)
SRV - (NILM License Manager) -- C:\Users\Tobias Rossmann\Desktop\Studium\Shared\License Manager\Bin\lmgrd.exe (Macrovision Corporation)
SRV - (niLXIDiscovery) -- C:\Program Files\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe (National Instruments Corporation)
SRV - (GPVPNService) -- C:\Program Files\gateProtect\VPN Client\bin\GPVPNService.exe ()
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (Rezip) -- C:\Windows\System32\Rezip.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (catchme) -- C:\Users\TOBIAS~1\AppData\Local\Temp\catchme.sys File not found
DRV - (AgereSoftModem) -- system32\DRIVERS\AGRSM.sys File not found
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (nipalfwedl) -- C:\Windows\System32\drivers\nipalfwedl.sys (National Instruments Corporation)
DRV - (nipalusbedl) -- C:\Windows\System32\drivers\nipalusbedl.sys (National Instruments Corporation)
DRV - (NIPALK) -- C:\Windows\System32\drivers\nipalk.sys (National Instruments Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (NiViPxiK) -- C:\Windows\System32\drivers\NiViPxiKl.sys (National Instruments Corporation)
DRV - (NiViPciK) -- C:\Windows\System32\drivers\NiViPciKl.sys (National Instruments Corporation)
DRV - (nidimk) -- C:\Windows\System32\drivers\nidimkl.sys (National Instruments Corporation)
DRV - (nipbcfk) -- C:\Windows\System32\drivers\nipbcfk.sys (National Instruments Corporation)
DRV - (VSPerfDrv100) -- C:\Users\Tobias Rossmann\Desktop\Studium\Team Tools\Performance Tools\VSPerfDrv100.sys (Microsoft Corporation)
DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys ()
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (VMC326) -- C:\Windows\System32\drivers\VMC326.sys (Vimicro Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (niorbk) -- C:\Windows\System32\drivers\niorbkl.sys (National Instruments Corporation)
DRV - (cvintdrv) -- C:\windows\System32\drivers\cvintdrv.sys ()
DRV - (RsFx0103) -- C:\Windows\System32\drivers\RsFx0103.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-1016556084-3091970497-507946437-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-1016556084-3091970497-507946437-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-1016556084-3091970497-507946437-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1016556084-3091970497-507946437-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-1016556084-3091970497-507946437-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN_de
IE - HKU\S-1-5-21-1016556084-3091970497-507946437-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1016556084-3091970497-507946437-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.5
FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.12.1
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
FF - prefs.js..extensions.enabledItems: ffxtlbr@delta.com:1.5.0
FF - prefs.js..extensions.enabledItems: plugin@getwebcake.com:1.00.01
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/07/06 15:00:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/07/06 15:00:01 | 000,000,000 | ---D | M]
 
[2010/01/13 21:25:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\Extensions
[2013/07/28 11:42:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\Firefox\Profiles\eb85k963.default\extensions
[2011/07/31 15:07:44 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\Firefox\Profiles\eb85k963.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/10/29 17:59:51 | 000,000,950 | ---- | M] () -- C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\firefox\profiles\eb85k963.default\searchplugins\icqplugin-11.xml
[2010/12/19 13:00:24 | 000,000,950 | ---- | M] () -- C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\firefox\profiles\eb85k963.default\searchplugins\icqplugin-12.xml
[2011/03/03 23:36:13 | 000,000,950 | ---- | M] () -- C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\firefox\profiles\eb85k963.default\searchplugins\icqplugin-13.xml
[2011/03/06 10:36:03 | 000,000,950 | ---- | M] () -- C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\firefox\profiles\eb85k963.default\searchplugins\icqplugin-14.xml
[2011/03/26 18:10:40 | 000,000,950 | ---- | M] () -- C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\firefox\profiles\eb85k963.default\searchplugins\icqplugin-15.xml
[2011/05/11 14:44:52 | 000,000,950 | ---- | M] () -- C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\firefox\profiles\eb85k963.default\searchplugins\icqplugin-16.xml
[2011/06/25 09:13:41 | 000,000,950 | ---- | M] () -- C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\firefox\profiles\eb85k963.default\searchplugins\icqplugin-17.xml
[2011/08/21 11:15:24 | 000,000,950 | ---- | M] () -- C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\firefox\profiles\eb85k963.default\searchplugins\icqplugin-18.xml
[2011/09/02 21:54:16 | 000,000,950 | ---- | M] () -- C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\firefox\profiles\eb85k963.default\searchplugins\icqplugin-19.xml
[2011/09/08 12:59:36 | 000,000,950 | ---- | M] () -- C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\firefox\profiles\eb85k963.default\searchplugins\icqplugin-20.xml
[2011/10/19 13:47:37 | 000,000,950 | ---- | M] () -- C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\firefox\profiles\eb85k963.default\searchplugins\icqplugin-21.xml
[2011/11/26 19:44:49 | 000,000,950 | ---- | M] () -- C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\firefox\profiles\eb85k963.default\searchplugins\icqplugin-22.xml
[2012/01/02 22:00:44 | 000,000,950 | ---- | M] () -- C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\firefox\profiles\eb85k963.default\searchplugins\icqplugin-23.xml
[2012/06/02 16:50:56 | 000,000,950 | ---- | M] () -- C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\firefox\profiles\eb85k963.default\searchplugins\icqplugin-24.xml
[2013/03/07 14:33:20 | 000,000,950 | ---- | M] () -- C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\firefox\profiles\eb85k963.default\searchplugins\icqplugin-25.xml
[2010/01/16 21:20:03 | 000,001,201 | ---- | M] () -- C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\firefox\profiles\eb85k963.default\searchplugins\winamp-search.xml
[2013/07/06 15:00:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/01/13 21:42:55 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
File not found (No name found) -- C:\USERS\TOBIAS ROSSMANN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EB85K963.DEFAULT\EXTENSIONS\FFXTLBR@DELTA.COM
File not found (No name found) -- C:\USERS\TOBIAS ROSSMANN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EB85K963.DEFAULT\EXTENSIONS\PLUGIN@GETWEBCAKE.COM
[2013/07/06 15:00:01 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/03/05 10:28:17 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/05/24 20:39:14 | 000,059,936 | ---- | M] (National Instruments) -- C:\Program Files\mozilla firefox\plugins\npIMAQAXControl.dll
[2011/06/09 19:05:10 | 000,025,088 | ---- | M] (National Instruments) -- C:\Program Files\mozilla firefox\plugins\nplv2010win32.dll
[2011/06/22 12:43:54 | 000,026,112 | ---- | M] (National Instruments) -- C:\Program Files\mozilla firefox\plugins\nplv2011win32.dll
[2009/10/22 10:28:40 | 000,028,448 | ---- | M] (National Instruments) -- C:\Program Files\mozilla firefox\plugins\NPLV82Win32.dll
[2008/12/10 15:49:34 | 000,023,040 | ---- | M] (National Instruments) -- C:\Program Files\mozilla firefox\plugins\nplv86win32.dll
[2010/10/19 19:15:20 | 000,025,088 | ---- | M] (National Instruments) -- C:\Program Files\mozilla firefox\plugins\nplv90win32.dll
[2013/07/06 14:59:58 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013/07/06 14:59:58 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/07/06 14:59:58 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2013/07/06 14:59:57 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013/07/06 14:59:57 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013/07/06 14:59:57 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Babylon (Enabled)
CHR - default_search_provider: search_url = hxxp://search.babylon.com/?q={searchTerms}&babsrc=SP_ss_din2g&mntrId=6C6E0024541AA6C3&affID=120521&tsp=4932
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.72\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: National Instruments IMAQ 1.0 Netscape Plug-in for Windows (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npIMAQAXControl.dll
CHR - plugin: National Instruments LabVIEW 2010 Netscape Plug-in for Windows (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nplv2010win32.dll
CHR - plugin: National Instruments LabVIEW 2011 Netscape Plug-in for Windows (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nplv2011win32.dll
CHR - plugin: National Instruments LabVIEW 8.2 Netscape Plug-in for Windows (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPLV82Win32.dll
CHR - plugin: National Instruments LabVIEW 8.6 Netscape Plug-in for Windows (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nplv86win32.dll
CHR - plugin: National Instruments LabVIEW 9.0 Netscape Plug-in for Windows (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nplv90win32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32.dll
 
O1 HOSTS File: ([2013/07/08 18:18:24 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Microsoft-Webtestaufzeichnung 10.0-Hilfsprogramm) - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Users\Tobias Rossmann\Desktop\Studium\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1016556084-3091970497-507946437-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft Device Center\ipoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IntelliType Pro] C:\Program Files\Microsoft Device Center\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NI Update Service] C:\Users\Tobias Rossmann\Desktop\Studium\Shared\Update Service\NIUpdateService.exe (National Instruments)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-1016556084-3091970497-507946437-1000..\Run: [NIRegistrationWizard] C:\Users\Tobias Rossmann\Desktop\Studium\Shared\RegistrationWizard\Bin\RegistrationWizard.exe ()
O4 - Startup: C:\Users\Tobias Rossmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1016556084-3091970497-507946437-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1016556084-3091970497-507946437-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: An OneNote s&enden - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Users\Tobias Rossmann\Desktop\Studium\Shared\mDNS Responder\nimdnsNSP.dll (National Instruments Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.220.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0B342B67-2DD7-4797-98B9-04CEF99E0D86}: DhcpNameServer = 192.168.220.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/07/28 11:36:18 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2013/07/27 15:09:23 | 000,050,968 | ---- | C] (cake bake) -- C:\Program Files\WCDesktop.Updater.exe
[2013/07/27 14:33:23 | 000,000,000 | ---D | C] -- C:\Users\Tobias Rossmann\AppData\Roaming\Web Cake
[2013/07/27 10:12:17 | 000,000,000 | ---D | C] -- C:\Users\Tobias Rossmann\Desktop\Benediktenwand2013
[2013/07/24 15:40:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013/07/24 15:37:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/07/17 09:49:44 | 000,000,000 | ---D | C] -- C:\windows\System32\MRT
[2013/07/12 18:39:55 | 000,000,000 | ---D | C] -- C:\Users\Tobias Rossmann\Desktop\malwarebytes
[2013/07/11 13:37:45 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2013/07/11 13:37:43 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll
[2013/07/11 13:37:42 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iesetup.dll
[2013/07/11 13:37:42 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2013/07/11 13:37:41 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2013/07/11 13:37:40 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2013/07/11 13:37:39 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iesysprep.dll
[2013/07/11 13:37:39 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RegisterIEPKEYs.exe
[2013/07/11 13:37:39 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ie4uinit.exe
[2013/07/11 13:37:39 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iernonce.dll
[2013/07/10 19:27:52 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\DWrite.dll
[2013/07/10 19:27:47 | 001,620,480 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WMVDECOD.DLL
[2013/07/10 19:27:46 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\qedit.dll
[2013/07/10 19:27:45 | 002,347,520 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
[2013/07/08 18:30:54 | 000,000,000 | ---D | C] -- C:\windows\temp
[2013/07/08 18:21:41 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/07/08 17:59:25 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2013/07/08 17:59:25 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2013/07/08 17:59:25 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2013/07/08 17:55:46 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/07/08 17:55:01 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2013/07/06 15:00:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013/07/06 15:00:08 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2013/07/04 01:25:14 | 000,000,000 | ---D | C] -- C:\FRST
[2013/07/04 00:22:34 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/07/03 18:43:57 | 000,000,000 | ---D | C] -- C:\Program Files\Uninstaller
[2013/07/03 18:42:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zipper
[2013/07/03 18:42:43 | 000,000,000 | ---D | C] -- C:\Program Files\Tuguu SL
[2013/07/03 18:42:36 | 000,000,000 | ---D | C] -- C:\Users\Tobias Rossmann\AppData\Local\Programs
[2 C:\Users\Tobias Rossmann\Desktop\*.tmp files -> C:\Users\Tobias Rossmann\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/07/28 11:58:11 | 000,015,056 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/28 11:58:11 | 000,015,056 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/28 11:53:33 | 000,000,702 | ---- | M] () -- C:\windows\tasks\MATLAB R2011b Startup Accelerator.job
[2013/07/28 11:48:50 | 000,001,112 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/28 11:47:51 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/07/28 11:47:41 | 2388,086,784 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/28 11:34:22 | 000,001,152 | ---- | M] () -- C:\Users\Tobias Rossmann\Desktop\Continue Image Editor Installation.lnk
[2013/07/28 11:13:00 | 000,001,116 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/28 11:08:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/07/27 15:09:22 | 000,050,968 | ---- | M] (cake bake) -- C:\Program Files\WCDesktop.Updater.exe
[2013/07/27 10:14:05 | 000,763,254 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2013/07/27 10:14:05 | 000,718,532 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2013/07/27 10:14:05 | 000,173,608 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2013/07/27 10:14:05 | 000,146,554 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2013/07/21 10:24:54 | 000,024,376 | ---- | M] () -- C:\Users\Tobias Rossmann\Desktop\Sebastião Salgado 07.jpg
[2013/07/15 10:33:45 | 005,765,722 | ---- | M] () -- C:\Users\Tobias Rossmann\Desktop\Pilze.JPG
[2013/07/11 15:22:46 | 000,447,304 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2013/07/09 17:48:26 | 000,064,477 | ---- | M] () -- C:\Users\Tobias Rossmann\Desktop\Werner.jpg
[2013/07/08 18:18:24 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
[2013/07/03 18:46:38 | 000,001,144 | ---- | M] () -- C:\Users\Tobias Rossmann\Desktop\Continue Zip Opener Installation.lnk
[2013/07/03 18:46:07 | 000,001,966 | ---- | M] () -- C:\Users\Tobias Rossmann\AppData\Local\recently-used.xbel
[2 C:\Users\Tobias Rossmann\Desktop\*.tmp files -> C:\Users\Tobias Rossmann\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/07/28 11:34:22 | 000,001,152 | ---- | C] () -- C:\Users\Tobias Rossmann\Desktop\Continue Image Editor Installation.lnk
[2013/07/21 10:24:53 | 000,024,376 | ---- | C] () -- C:\Users\Tobias Rossmann\Desktop\Sebastião Salgado 07.jpg
[2013/07/15 10:33:45 | 005,765,722 | ---- | C] () -- C:\Users\Tobias Rossmann\Desktop\Pilze.JPG
[2013/07/09 17:48:26 | 000,064,477 | ---- | C] () -- C:\Users\Tobias Rossmann\Desktop\Werner.jpg
[2013/07/08 17:59:25 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2013/07/08 17:59:25 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2013/07/08 17:59:25 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2013/07/08 17:59:25 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2013/07/08 17:59:25 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2013/07/06 15:00:06 | 000,001,060 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/07/03 18:46:38 | 000,001,144 | ---- | C] () -- C:\Users\Tobias Rossmann\Desktop\Continue Zip Opener Installation.lnk
[2013/07/03 18:46:07 | 000,001,966 | ---- | C] () -- C:\Users\Tobias Rossmann\AppData\Local\recently-used.xbel
[2013/03/20 21:38:11 | 000,075,264 | ---- | C] () -- C:\windows\System32\callrproxy.dll
[2011/11/16 15:22:04 | 000,003,843 | ---- | C] () -- C:\windows\scad3.INI
[2011/07/13 04:40:57 | 000,000,000 | ---- | C] () -- C:\Users\Tobias Rossmann\AppData\Local\{F0D212F8-ABBE-4CF2-B8CE-0F99522FBD83}
[2011/07/13 01:40:42 | 000,000,000 | ---- | C] () -- C:\Users\Tobias Rossmann\AppData\Local\{FE9F1CF2-22C6-49B6-87E6-39CD9422313F}
 
========== ZeroAccess Check ==========
 
[2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
--- --- ---


[/CODE]

Tobi R. 28.07.2013 11:23
OTL Logfile:
Code:
OTL logfile created on: 7/28/2013 11:56:39 AM - Run 2
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Tobias Rossmann\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.97 Gb Total Physical Memory | 1.43 Gb Available Physical Memory | 48.27% Memory free
5.93 Gb Paging File | 4.26 Gb Available in Paging File | 71.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 141.49 Gb Total Space | 21.00 Gb Free Space | 14.84% Space Free | Partition Type: NTFS
Drive D: | 141.50 Gb Total Space | 136.43 Gb Free Space | 96.42% Space Free | Partition Type: NTFS
 
Computer Name: TOBIASROSSMANN | User Name: Tobias Rossmann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Tobias Rossmann\Downloads\OTL (1).exe (OldTimer Tools)
PRC - C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Windows\System32\consent.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Microsoft Device Center\ipoint.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Device Center\itype.exe (Microsoft Corporation)
PRC - C:\Users\Tobias Rossmann\Desktop\Studium\Shared\NI Error Reporting\nierserver.exe (National Instruments Corporation)
PRC - C:\Users\Tobias Rossmann\Desktop\Studium\MAX\nimxs.exe (National Instruments Corporation)
PRC - C:\Users\Tobias Rossmann\Desktop\Studium\Shared\Tagger\tagsrv.exe (National Instruments Corporation)
PRC - C:\Users\Tobias Rossmann\Desktop\Studium\Shared\Security\nidmsrv.exe (National Instruments Corporation)
PRC - C:\Windows\System32\lktsrv.exe (National Instruments Corporation)
PRC - C:\Windows\System32\lkads.exe (National Instruments Corporation)
PRC - C:\Users\Tobias Rossmann\Desktop\Studium\Shared\NI Network Discovery\niDiscSvc.exe (National Instruments Corporation)
PRC - C:\Users\Tobias Rossmann\Desktop\Studium\Shared\mDNS Responder\nimdnsResponder.exe (National Instruments Corporation)
PRC - C:\Users\Tobias Rossmann\Desktop\Studium\Shared\NI WebServer\SystemWebServer.exe (National Instruments Corporation)
PRC - C:\Users\Tobias Rossmann\Desktop\Studium\Shared\NI WebServer\ApplicationWebServer.exe (National Instruments Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Windows\System32\lkcitdl.exe (National Instruments, Inc.)
PRC - C:\Program Files\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe (National Instruments Corporation)
PRC - C:\Program Files\gateProtect\VPN Client\bin\GPVPNService.exe ()
PRC - C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe (SAMSUNG Electronics)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe (SEC)
PRC - C:\Windows\System32\PrintIsolationHost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\Rezip.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\Google\Chrome\Application\28.0.1500.72\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files\Google\Chrome\Application\28.0.1500.72\pdf.dll ()
MOD - C:\Program Files\Google\Chrome\Application\28.0.1500.72\libglesv2.dll ()
MOD - C:\Program Files\Google\Chrome\Application\28.0.1500.72\libegl.dll ()
MOD - C:\Program Files\Google\Chrome\Application\28.0.1500.72\ffmpegsumo.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\c57eba08ab60f48e7d57228849d92a34\System.Web.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\89fe719039385377f6b5ad8d0070aa6b\System.Runtime.Remoting.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\178644ab40108f3becd8b91049a254c3\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\bfa7a95284aec941f4b03bae0debe07c\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\32066405eb9ab14056b2af3115d2a6de\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\9e24b9ffd816c0c90efc4d3fc9fd745f\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\187c13e8967097d2ed1e5f123e7d890a\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll ()
MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Users\Tobias Rossmann\Desktop\Studium\Shared\NI Error Reporting\niwsrp.dll ()
MOD - C:\windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()
MOD - C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3531.38495__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Wizard\2.0.3531.38598__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Wizard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3531.38570__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3531.38481__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3531.38537__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3531.38501__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3531.38570__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3531.38538__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3531.38551__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3531.38490__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3531.38533__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3531.38537__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3531.38571__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3531.38569__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3531.38524__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3531.38490__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3531.38595__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3531.38526__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3531.38502__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3531.38546__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3531.38532__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3531.38506__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3531.38501__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3531.38530__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3531.38525__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3531.38530__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3531.38505__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3531.38525__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3531.38520__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3531.38524__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3531.38525__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3531.38531__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3498.37534__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3498.37533__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3498.37558__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3498.37615__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3498.37612__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3498.37554__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3498.37610__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3498.37541__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3498.37518__90ba9c70f846762e\CLI.Foundation.dll ()
MOD - C:\windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll ()
MOD - C:\windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3498.37515__90ba9c70f846762e\LOG.Foundation.dll ()
MOD - C:\windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3498.37517__90ba9c70f846762e\NEWAEM.Foundation.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3498.37674__90ba9c70f846762e\CLI.Foundation.XManifest.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3498.37536__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3498.37540__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3498.37526__90ba9c70f846762e\CLI.Component.Client.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3498.37551__90ba9c70f846762e\MOM.Foundation.dll ()
MOD - C:\windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll ()
MOD - C:\windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3498.37571__90ba9c70f846762e\DEM.Graphics.dll ()
MOD - C:\windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3498.37544__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3498.37574__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3498.37547__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3498.37579__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3498.37582__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3498.37603__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3498.37602__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3498.37575__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3498.37580__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3498.37555__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3531.38593__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3498.37583__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3498.37578__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3498.37577__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3531.38575__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3498.37582__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3498.37557__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3498.37572__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3498.37552__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\APM.Foundation\2.0.3498.37553__90ba9c70f846762e\APM.Foundation.dll ()
MOD - C:\windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3498.37535__90ba9c70f846762e\AEM.Server.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3531.38478__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll ()
MOD - C:\windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3531.38565__90ba9c70f846762e\MOM.Implementation.dll ()
MOD - C:\windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3531.38563__90ba9c70f846762e\LOG.Foundation.Implementation.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3498.37522__90ba9c70f846762e\CLI.Foundation.Private.dll ()
MOD - C:\windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3498.37528__90ba9c70f846762e\LOG.Foundation.Private.dll ()
MOD - C:\windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3498.37531__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll ()
MOD - C:\windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3498.37547__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3531.38559__90ba9c70f846762e\CLI.Component.Systemtray.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3531.38495__90ba9c70f846762e\CLI.Component.Wizard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3531.38480__90ba9c70f846762e\CLI.Component.SkinFactory.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3531.38479__90ba9c70f846762e\CLI.Component.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3498.37546__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3498.37548__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3531.38486__90ba9c70f846762e\CLI.Component.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3498.37538__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll ()
MOD - C:\windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3498.37549__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3498.37585__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3531.38565__90ba9c70f846762e\CCC.Implementation.dll ()
MOD - C:\windows\assembly\GAC_MSIL\APM.Server\2.0.3531.38477__90ba9c70f846762e\APM.Server.dll ()
MOD - C:\windows\assembly\GAC_MSIL\AEM.Server\2.0.3531.38478__90ba9c70f846762e\AEM.Server.dll ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (ENI Server) -- C:\Users\Tobias Rossmann\Desktop\CoDeSys\CoDeSys ENI Server\ENI.exe File not found
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (mxssvr) -- C:\Users\Tobias Rossmann\Desktop\Studium\MAX\nimxs.exe (National Instruments Corporation)
SRV - (NITaggerService) -- C:\Users\Tobias Rossmann\Desktop\Studium\Shared\Tagger\tagsrv.exe (National Instruments Corporation)
SRV - (NIDomainService) -- C:\Users\Tobias Rossmann\Desktop\Studium\Shared\Security\nidmsrv.exe (National Instruments Corporation)
SRV - (lkTimeSync) -- C:\Windows\System32\lktsrv.exe (National Instruments Corporation)
SRV - (lkClassAds) -- C:\Windows\System32\lkads.exe (National Instruments Corporation)
SRV - (NINetworkDiscovery) -- C:\Users\Tobias Rossmann\Desktop\Studium\Shared\NI Network Discovery\niDiscSvc.exe (National Instruments Corporation)
SRV - (nimDNSResponder) -- C:\Users\Tobias Rossmann\Desktop\Studium\Shared\mDNS Responder\nimdnsResponder.exe (National Instruments Corporation)
SRV - (niSvcLoc) -- C:\Users\Tobias Rossmann\Desktop\Studium\Shared\NI WebServer\SystemWebServer.exe (National Instruments Corporation)
SRV - (NIApplicationWebServer) -- C:\Users\Tobias Rossmann\Desktop\Studium\Shared\NI WebServer\ApplicationWebServer.exe (National Instruments Corporation)
SRV - (LkCitadelServer) -- C:\Windows\System32\lkcitdl.exe (National Instruments, Inc.)
SRV - (NILM License Manager) -- C:\Users\Tobias Rossmann\Desktop\Studium\Shared\License Manager\Bin\lmgrd.exe (Macrovision Corporation)
SRV - (niLXIDiscovery) -- C:\Program Files\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe (National Instruments Corporation)
SRV - (GPVPNService) -- C:\Program Files\gateProtect\VPN Client\bin\GPVPNService.exe ()
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (Rezip) -- C:\Windows\System32\Rezip.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (catchme) -- C:\Users\TOBIAS~1\AppData\Local\Temp\catchme.sys File not found
DRV - (AgereSoftModem) -- system32\DRIVERS\AGRSM.sys File not found
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (nipalfwedl) -- C:\Windows\System32\drivers\nipalfwedl.sys (National Instruments Corporation)
DRV - (nipalusbedl) -- C:\Windows\System32\drivers\nipalusbedl.sys (National Instruments Corporation)
DRV - (NIPALK) -- C:\Windows\System32\drivers\nipalk.sys (National Instruments Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (NiViPxiK) -- C:\Windows\System32\drivers\NiViPxiKl.sys (National Instruments Corporation)
DRV - (NiViPciK) -- C:\Windows\System32\drivers\NiViPciKl.sys (National Instruments Corporation)
DRV - (nidimk) -- C:\Windows\System32\drivers\nidimkl.sys (National Instruments Corporation)
DRV - (nipbcfk) -- C:\Windows\System32\drivers\nipbcfk.sys (National Instruments Corporation)
DRV - (VSPerfDrv100) -- C:\Users\Tobias Rossmann\Desktop\Studium\Team Tools\Performance Tools\VSPerfDrv100.sys (Microsoft Corporation)
DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys ()
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (VMC326) -- C:\Windows\System32\drivers\VMC326.sys (Vimicro Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (niorbk) -- C:\Windows\System32\drivers\niorbkl.sys (National Instruments Corporation)
DRV - (cvintdrv) -- C:\windows\System32\drivers\cvintdrv.sys ()
DRV - (RsFx0103) -- C:\Windows\System32\drivers\RsFx0103.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-1016556084-3091970497-507946437-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-1016556084-3091970497-507946437-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-1016556084-3091970497-507946437-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1016556084-3091970497-507946437-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-1016556084-3091970497-507946437-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN_de
IE - HKU\S-1-5-21-1016556084-3091970497-507946437-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1016556084-3091970497-507946437-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.5
FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.12.1
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
FF - prefs.js..extensions.enabledItems: ffxtlbr@delta.com:1.5.0
FF - prefs.js..extensions.enabledItems: plugin@getwebcake.com:1.00.01
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/07/06 15:00:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/07/06 15:00:01 | 000,000,000 | ---D | M]
 
[2010/01/13 21:25:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\Extensions
[2013/07/28 11:42:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\Firefox\Profiles\eb85k963.default\extensions
[2011/07/31 15:07:44 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\Firefox\Profiles\eb85k963.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/10/29 17:59:51 | 000,000,950 | ---- | M] () -- C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\firefox\profiles\eb85k963.default\searchplugins\icqplugin-11.xml
[2010/12/19 13:00:24 | 000,000,950 | ---- | M] () -- C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\firefox\profiles\eb85k963.default\searchplugins\icqplugin-12.xml
[2011/03/03 23:36:13 | 000,000,950 | ---- | M] () -- C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\firefox\profiles\eb85k963.default\searchplugins\icqplugin-13.xml
[2011/03/06 10:36:03 | 000,000,950 | ---- | M] () -- C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\firefox\profiles\eb85k963.default\searchplugins\icqplugin-14.xml
[2011/03/26 18:10:40 | 000,000,950 | ---- | M] () -- C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\firefox\profiles\eb85k963.default\searchplugins\icqplugin-15.xml
[2011/05/11 14:44:52 | 000,000,950 | ---- | M] () -- C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\firefox\profiles\eb85k963.default\searchplugins\icqplugin-16.xml
[2011/06/25 09:13:41 | 000,000,950 | ---- | M] () -- C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\firefox\profiles\eb85k963.default\searchplugins\icqplugin-17.xml
[2011/08/21 11:15:24 | 000,000,950 | ---- | M] () -- C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\firefox\profiles\eb85k963.default\searchplugins\icqplugin-18.xml
[2011/09/02 21:54:16 | 000,000,950 | ---- | M] () -- C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\firefox\profiles\eb85k963.default\searchplugins\icqplugin-19.xml
[2011/09/08 12:59:36 | 000,000,950 | ---- | M] () -- C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\firefox\profiles\eb85k963.default\searchplugins\icqplugin-20.xml
[2011/10/19 13:47:37 | 000,000,950 | ---- | M] () -- C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\firefox\profiles\eb85k963.default\searchplugins\icqplugin-21.xml
[2011/11/26 19:44:49 | 000,000,950 | ---- | M] () -- C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\firefox\profiles\eb85k963.default\searchplugins\icqplugin-22.xml
[2012/01/02 22:00:44 | 000,000,950 | ---- | M] () -- C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\firefox\profiles\eb85k963.default\searchplugins\icqplugin-23.xml
[2012/06/02 16:50:56 | 000,000,950 | ---- | M] () -- C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\firefox\profiles\eb85k963.default\searchplugins\icqplugin-24.xml
[2013/03/07 14:33:20 | 000,000,950 | ---- | M] () -- C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\firefox\profiles\eb85k963.default\searchplugins\icqplugin-25.xml
[2010/01/16 21:20:03 | 000,001,201 | ---- | M] () -- C:\Users\Tobias Rossmann\AppData\Roaming\mozilla\firefox\profiles\eb85k963.default\searchplugins\winamp-search.xml
[2013/07/06 15:00:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/01/13 21:42:55 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
File not found (No name found) -- C:\USERS\TOBIAS ROSSMANN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EB85K963.DEFAULT\EXTENSIONS\FFXTLBR@DELTA.COM
File not found (No name found) -- C:\USERS\TOBIAS ROSSMANN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EB85K963.DEFAULT\EXTENSIONS\PLUGIN@GETWEBCAKE.COM
[2013/07/06 15:00:01 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/03/05 10:28:17 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/05/24 20:39:14 | 000,059,936 | ---- | M] (National Instruments) -- C:\Program Files\mozilla firefox\plugins\npIMAQAXControl.dll
[2011/06/09 19:05:10 | 000,025,088 | ---- | M] (National Instruments) -- C:\Program Files\mozilla firefox\plugins\nplv2010win32.dll
[2011/06/22 12:43:54 | 000,026,112 | ---- | M] (National Instruments) -- C:\Program Files\mozilla firefox\plugins\nplv2011win32.dll
[2009/10/22 10:28:40 | 000,028,448 | ---- | M] (National Instruments) -- C:\Program Files\mozilla firefox\plugins\NPLV82Win32.dll
[2008/12/10 15:49:34 | 000,023,040 | ---- | M] (National Instruments) -- C:\Program Files\mozilla firefox\plugins\nplv86win32.dll
[2010/10/19 19:15:20 | 000,025,088 | ---- | M] (National Instruments) -- C:\Program Files\mozilla firefox\plugins\nplv90win32.dll
[2013/07/06 14:59:58 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013/07/06 14:59:58 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/07/06 14:59:58 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2013/07/06 14:59:57 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013/07/06 14:59:57 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013/07/06 14:59:57 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Babylon (Enabled)
CHR - default_search_provider: search_url = hxxp://search.babylon.com/?q={searchTerms}&babsrc=SP_ss_din2g&mntrId=6C6E0024541AA6C3&affID=120521&tsp=4932
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.72\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: National Instruments IMAQ 1.0 Netscape Plug-in for Windows (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npIMAQAXControl.dll
CHR - plugin: National Instruments LabVIEW 2010 Netscape Plug-in for Windows (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nplv2010win32.dll
CHR - plugin: National Instruments LabVIEW 2011 Netscape Plug-in for Windows (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nplv2011win32.dll
CHR - plugin: National Instruments LabVIEW 8.2 Netscape Plug-in for Windows (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPLV82Win32.dll
CHR - plugin: National Instruments LabVIEW 8.6 Netscape Plug-in for Windows (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nplv86win32.dll
CHR - plugin: National Instruments LabVIEW 9.0 Netscape Plug-in for Windows (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nplv90win32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32.dll
 
O1 HOSTS File: ([2013/07/08 18:18:24 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Microsoft-Webtestaufzeichnung 10.0-Hilfsprogramm) - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Users\Tobias Rossmann\Desktop\Studium\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1016556084-3091970497-507946437-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft Device Center\ipoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IntelliType Pro] C:\Program Files\Microsoft Device Center\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NI Update Service] C:\Users\Tobias Rossmann\Desktop\Studium\Shared\Update Service\NIUpdateService.exe (National Instruments)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-1016556084-3091970497-507946437-1000..\Run: [NIRegistrationWizard] C:\Users\Tobias Rossmann\Desktop\Studium\Shared\RegistrationWizard\Bin\RegistrationWizard.exe ()
O4 - Startup: C:\Users\Tobias Rossmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1016556084-3091970497-507946437-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1016556084-3091970497-507946437-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: An OneNote s&enden - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Users\Tobias Rossmann\Desktop\Studium\Shared\mDNS Responder\nimdnsNSP.dll (National Instruments Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.220.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0B342B67-2DD7-4797-98B9-04CEF99E0D86}: DhcpNameServer = 192.168.220.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/07/28 11:36:18 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2013/07/27 15:09:23 | 000,050,968 | ---- | C] (cake bake) -- C:\Program Files\WCDesktop.Updater.exe
[2013/07/27 14:33:23 | 000,000,000 | ---D | C] -- C:\Users\Tobias Rossmann\AppData\Roaming\Web Cake
[2013/07/27 10:12:17 | 000,000,000 | ---D | C] -- C:\Users\Tobias Rossmann\Desktop\Benediktenwand2013
[2013/07/24 15:40:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013/07/24 15:37:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/07/17 09:49:44 | 000,000,000 | ---D | C] -- C:\windows\System32\MRT
[2013/07/12 18:39:55 | 000,000,000 | ---D | C] -- C:\Users\Tobias Rossmann\Desktop\malwarebytes
[2013/07/11 13:37:45 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2013/07/11 13:37:43 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll
[2013/07/11 13:37:42 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iesetup.dll
[2013/07/11 13:37:42 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2013/07/11 13:37:41 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2013/07/11 13:37:40 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2013/07/11 13:37:39 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iesysprep.dll
[2013/07/11 13:37:39 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RegisterIEPKEYs.exe
[2013/07/11 13:37:39 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ie4uinit.exe
[2013/07/11 13:37:39 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iernonce.dll
[2013/07/10 19:27:52 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\DWrite.dll
[2013/07/10 19:27:47 | 001,620,480 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WMVDECOD.DLL
[2013/07/10 19:27:46 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\qedit.dll
[2013/07/10 19:27:45 | 002,347,520 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
[2013/07/08 18:30:54 | 000,000,000 | ---D | C] -- C:\windows\temp
[2013/07/08 18:21:41 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/07/08 17:59:25 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2013/07/08 17:59:25 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2013/07/08 17:59:25 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2013/07/08 17:55:46 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/07/08 17:55:01 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2013/07/06 15:00:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013/07/06 15:00:08 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2013/07/04 01:25:14 | 000,000,000 | ---D | C] -- C:\FRST
[2013/07/04 00:22:34 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/07/03 18:43:57 | 000,000,000 | ---D | C] -- C:\Program Files\Uninstaller
[2013/07/03 18:42:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zipper
[2013/07/03 18:42:43 | 000,000,000 | ---D | C] -- C:\Program Files\Tuguu SL
[2013/07/03 18:42:36 | 000,000,000 | ---D | C] -- C:\Users\Tobias Rossmann\AppData\Local\Programs
[2 C:\Users\Tobias Rossmann\Desktop\*.tmp files -> C:\Users\Tobias Rossmann\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/07/28 11:58:11 | 000,015,056 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/28 11:58:11 | 000,015,056 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/28 11:53:33 | 000,000,702 | ---- | M] () -- C:\windows\tasks\MATLAB R2011b Startup Accelerator.job
[2013/07/28 11:48:50 | 000,001,112 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/28 11:47:51 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/07/28 11:47:41 | 2388,086,784 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/28 11:34:22 | 000,001,152 | ---- | M] () -- C:\Users\Tobias Rossmann\Desktop\Continue Image Editor Installation.lnk
[2013/07/28 11:13:00 | 000,001,116 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/28 11:08:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/07/27 15:09:22 | 000,050,968 | ---- | M] (cake bake) -- C:\Program Files\WCDesktop.Updater.exe
[2013/07/27 10:14:05 | 000,763,254 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2013/07/27 10:14:05 | 000,718,532 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2013/07/27 10:14:05 | 000,173,608 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2013/07/27 10:14:05 | 000,146,554 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2013/07/21 10:24:54 | 000,024,376 | ---- | M] () -- C:\Users\Tobias Rossmann\Desktop\Sebastião Salgado 07.jpg
[2013/07/15 10:33:45 | 005,765,722 | ---- | M] () -- C:\Users\Tobias Rossmann\Desktop\Pilze.JPG
[2013/07/11 15:22:46 | 000,447,304 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2013/07/09 17:48:26 | 000,064,477 | ---- | M] () -- C:\Users\Tobias Rossmann\Desktop\Werner.jpg
[2013/07/08 18:18:24 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
[2013/07/03 18:46:38 | 000,001,144 | ---- | M] () -- C:\Users\Tobias Rossmann\Desktop\Continue Zip Opener Installation.lnk
[2013/07/03 18:46:07 | 000,001,966 | ---- | M] () -- C:\Users\Tobias Rossmann\AppData\Local\recently-used.xbel
[2 C:\Users\Tobias Rossmann\Desktop\*.tmp files -> C:\Users\Tobias Rossmann\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/07/28 11:34:22 | 000,001,152 | ---- | C] () -- C:\Users\Tobias Rossmann\Desktop\Continue Image Editor Installation.lnk
[2013/07/21 10:24:53 | 000,024,376 | ---- | C] () -- C:\Users\Tobias Rossmann\Desktop\Sebastião Salgado 07.jpg
[2013/07/15 10:33:45 | 005,765,722 | ---- | C] () -- C:\Users\Tobias Rossmann\Desktop\Pilze.JPG
[2013/07/09 17:48:26 | 000,064,477 | ---- | C] () -- C:\Users\Tobias Rossmann\Desktop\Werner.jpg
[2013/07/08 17:59:25 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2013/07/08 17:59:25 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2013/07/08 17:59:25 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2013/07/08 17:59:25 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2013/07/08 17:59:25 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2013/07/06 15:00:06 | 000,001,060 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/07/03 18:46:38 | 000,001,144 | ---- | C] () -- C:\Users\Tobias Rossmann\Desktop\Continue Zip Opener Installation.lnk
[2013/07/03 18:46:07 | 000,001,966 | ---- | C] () -- C:\Users\Tobias Rossmann\AppData\Local\recently-used.xbel
[2013/03/20 21:38:11 | 000,075,264 | ---- | C] () -- C:\windows\System32\callrproxy.dll
[2011/11/16 15:22:04 | 000,003,843 | ---- | C] () -- C:\windows\scad3.INI
[2011/07/13 04:40:57 | 000,000,000 | ---- | C] () -- C:\Users\Tobias Rossmann\AppData\Local\{F0D212F8-ABBE-4CF2-B8CE-0F99522FBD83}
[2011/07/13 01:40:42 | 000,000,000 | ---- | C] () -- C:\Users\Tobias Rossmann\AppData\Local\{FE9F1CF2-22C6-49B6-87E6-39CD9422313F}
 
========== ZeroAccess Check ==========
 
[2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
--- --- ---


[/CODE]

cosinus 28.07.2013 21:52

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
:OTL
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..extensions.enabledItems: ffxtlbr@delta.com:1.5.0
FF - prefs.js..extensions.enabledItems: plugin@getwebcake.com:1.00.01
FF - user.js - File not found
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread

Tobi R. 30.07.2013 18:53
nach dem Neustart öffnete sich eine Text-Datei mit folgendem Inhalt:

Code:

All processes killed
========== OTL ==========
Prefs.js: "Search" removed from browser.search.defaultthis.engineName
Prefs.js: ffxtlbr@delta.com:1.5.0 removed from extensions.enabledItems
Prefs.js: plugin@getwebcake.com:1.00.01 removed from extensions.enabledItems
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Tobias Rossmann\Downloads\cmd.bat deleted successfully.
C:\Users\Tobias Rossmann\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: Tobias Rossmann
->Temp folder emptied: 29463986 bytes
->Temporary Internet Files folder emptied: 336118592 bytes
->Java cache emptied: 11781062 bytes
->FireFox cache emptied: 159185063 bytes
->Google Chrome cache emptied: 280525240 bytes
->Flash cache emptied: 104035 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 42006888 bytes
RecycleBin emptied: 62664470 bytes
 
Total Files Cleaned = 879.00 mb
 
File move failed. C:\windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
Error: Unble to create default HOSTS file!
 
OTL by OldTimer - Version 3.2.69.0 log created on 07302013_193957

Files\Folders moved on Reboot...
File move failed. C:\windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

cosinus 30.07.2013 22:26
Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Vollscan mit Malwarebytes Anti-Malware (MBAM) (falls du vor kurzem erst einen Vollscan gemacht hast, reicht auch ein Quickscan (spart Zeit), das dann mir bitte auch mitteilen)

Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Tobi R. 31.07.2013 13:40
Hier das Ergebnis von Malwarebytes:


Code:

Malwarebytes Anti-Malware (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.07.31.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16635
Tobias Rossmann :: TOBIASROSSMANN [Administrator]

Schutz: Aktiviert

31.07.2013 09:55:07
mbam-log-2013-07-31 (09-55-07).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 527854
Laufzeit: 2 Stunde(n), 46 Minute(n), 44 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 6
C:\Qoobox\Quarantine\C\$Recycle.Bin\S-1-5-21-1016556084-3091970497-507946437-1000\$09091a959288d0d384b99fa633307145\U\80000000.@.vir (Trojan.Small) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Qoobox\Quarantine\C\$Recycle.Bin\S-1-5-21-1016556084-3091970497-507946437-1000\$09091a959288d0d384b99fa633307145\U\800000cb.@.vir (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Qoobox\Quarantine\C\Users\Tobias Rossmann\AppData\Roaming\Evxu\zooqp.exe.vir (Spyware.Password) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Tobias Rossmann\AppData\Roaming\Web Cake\WebCakeDesktop.exe (PUP.WebCake.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Tobias Rossmann\Downloads\Zipper.exe (PUP.Adware.Domalq) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\_OTL\MovedFiles\07032013_182234\D_Users\Tobias Rossmann\AppData\Roaming\skype.dat (Trojan.Agent.rf) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

cosinus 31.07.2013 16:03
Nur Reste und inaktives Zeug. Was ist mit ESET?

Tobi R. 01.08.2013 19:23
der Scan hat mal wirklich sehr lange gedauert:

Code:

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=7a6b6887f1f06a498a626a1eb7a2ed38
# engine=14602
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-08-01 06:08:59
# local_time=2013-08-01 08:08:59 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 98 217956 197284778 210712 0
# compatibility_mode=5893 16776574 100 94 1831767 127011730 0 0
# scanned=308575
# found=0
# cleaned=0
# scan_time=7334

viele Grüße,
Tobi

cosinus 02.08.2013 11:58
Sieht soweit ok aus :daumenhoc

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

Tobi R. 08.08.2013 12:07
Zitat:
Zitat von cosinus (Beitrag 1124405)
Sieht soweit ok aus :daumenhoc

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
Ich kann ehrlich gesagt nicht beurteilen ob sonst alles in Ordnung ist. Seit dem Post #13 aus diesem Thema läuft ja mein PC wieder wie früher. Hätte man mir nicht gesagt dass es ein besonders schwieriger Virus ist, hätte ich damals schon gedacht dass alles in Ordnung ist.

Was mir nun jedoch aufgefallen ist. Wenn ich ein Bild öffnen möchte erscheint die Meldung "C:\Users\Tesktop\dateiname.jpg ist keine zulässige Win32-Anwendung. Wenn ich das Bild jedoch mit einem Bildbearbeitungsprogramm öffnen will, dann gibt es keinerlei Probleme.

viele Grüße,
Tobi

cosinus 08.08.2013 12:38
Zitat:
Wenn ich ein Bild öffnen möchte erscheint die Meldung "C:\Users\Tesktop\dateiname.jpg ist keine zulässige Win32-Anwendung. Wenn ich das Bild jedoch mit einem Bildbearbeitungsprogramm öffnen will, dann gibt es keinerlei Probleme.
Dann ist die Zuordnung des Dateityps falsch.
Bevor du da manuell rumfummelst: installier dir mal IrfanView, bei der Frage, welche Dateitypen mit IrfanView verknüpft werden sollen, klickst du mal Images (also Bilder) an. Das sollte dann künftig alle Bilddateien mit IrfanView verknüpfen und somit die bei dir falsch eingestellte Verknüpfung von JPG-Dateien lösen.


Alle Zeitangaben in WEZ +1. Es ist jetzt 03:25 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131