| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Win32/Small.CA-VirusWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
26.03.2013, 21:36
| #1 |
| |  Win32/Small.CA-Virus Hallo liebe Trojaner-Board Profis, Helfer und Geplagte  Seit kurzem treibt sich ein ungeliebter Gast auf meinem System herum, darf man den Windows Boardmitteln (Defender etc.) Glauben schenken. Laut Malwarebytes ist die Maschine sauber, aber ich würde Euch Experten gerne einmal den Einblick gewähren. Über Eure Hilfe wäre ich sehr dankbar. Also hier einmal die Logs. MWB: Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.03.26.13 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.pc8112.16421 Name :: Name- [Administrator] 26.03.2013 20:02:44 mbam-log-2013-03-26 (20-02-44).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 435316 Laufzeit: 1 Stunde(n), 17 Minute(n), 4 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Hier die OTL Logs. OTL Code:
ATTFilter OTL logfile created on: 26.03.2013 20:05:31 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Name\Downloads 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,68 Gb Total Physical Memory | 1,36 Gb Available Physical Memory | 37,11% Memory free 7,35 Gb Paging File | 4,58 Gb Available in Paging File | 62,36% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 298,09 Gb Total Space | 212,61 Gb Free Space | 71,33% Space Free | Partition Type: NTFS Computer Name: Name-PC | User Name: Name | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Name\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Users\Name\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\DATEV\SYSTEM\DVREWEDZSMSTR030A.exe (DATEV e.G.) PRC - C:\DATEV\PROGRAMM\K0005002\Datev.Sdd.Ui.EditHost.StartupService.exe (DATEV eG) PRC - C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe (DATEV eG) PRC - C:\DATEV\SYSTEM\Nuko\NKWLOGIN.exe (DATEV eG) PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software) PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) PRC - C:\DATEV\PROGRAMM\D0100000\Datev.Framework.RemoteServiceModel.GenericService2010.exe (DATEV eG) PRC - C:\DATEV\PROGRAMM\B0001442\PSNTServ.exe (DATEV eG) PRC - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis) PRC - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe () PRC - c:\Program Files (x86)\Hotkey\PowerBiosServer.exe () ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\766ccafdc4a09b964aa9286a15bca48a\System.ServiceProcess.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web\ce70182f0348fc21a07409afd4a922f5\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Framework.Win#\95d6b8e034945a50596479e0827eb6c8\Datev.Framework.Windows.Shell.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Framework.Win#\e0ff4cc7651d5c1ae5b9d928c625d86e\Datev.Framework.Windows.MessageListeners.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Framework.Win#\d772fa79e965d5d6f319141c04212e5f\Datev.Framework.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Framework.Rem#\3b815c2c27ffedfcdab494fe1031ad22\Datev.Framework.RemoteServiceModel.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Sdd.Ui.EditHo#\687a0637cdcd6b590964f340a048b039\Datev.Sdd.Ui.EditHost.StartupService.Business.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\39f4c7717661667c68f9af8c4f6402b9\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Security.Iden#\2b77dd95ae115fd7dd4965ceff40f70f\Datev.Security.IdentityManagement.IamClaimService.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Security.Iden#\4b66190dec76f5932c6c8759314ec638\Datev.Security.IdentityManagement.Database.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Network\1b02d0ec7854cf6abda2bf8062aae29b\Datev.Network.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Network.Inter#\342205de858a50dcdf1416afb5c2adbd\Datev.Network.Interfaces.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Framework.Ser#\e13301521a3d8088f2d3eb442a564d8a\Datev.Framework.ServiceBus.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Framework.Res#\6c69a312252d49cddc988749dd4fbc21\Datev.Framework.ResourceData.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Framework.Mes#\7955b7c205b54e90f194b9e7d23d37a3\Datev.Framework.Messages.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Framework.Lic#\f4ee7a528aaab01e903da9cfe1c2f6a9\Datev.Framework.Licensing.PlugIn.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Framework.Int#\fd29ba5f2f4d68e25966e42689fd28e9\Datev.Framework.Interface.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Framework.Env#\5cd800ecdc7df7c8e2202d2f713acb48\Datev.Framework.Environment.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Framework.Dat#\e2139fe0a1d781257b231abf5a2b8ec1\Datev.Framework.Data.PlugIn.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Database.Comm#\39393f7433dfdbaa57bcbad23d5c56a2\Datev.Database.Common.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Database.Publ#\ab89e7b4cd898e0df79a24956453b396\Datev.Database.PublicInterfaces.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Database.Cons#\ab3157a29cb4f83221539eca0b14558e\Datev.Database.ConserveManager.PlugIn.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.ConfigDB.Stor#\78feaae28fc5ed268623a98b850072f9\Datev.ConfigDB.StorageProvider.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.ConfigDB.Plug#\af473a4535e1fba3528063821be23a40\Datev.ConfigDB.PlugIn.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.ConfigDB\49ec49d5635cedcf702c3c040f903d7b\Datev.ConfigDB.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.ConfigDB.Inte#\a5474eb3845f503eead6363d5a34a318\Datev.ConfigDB.Interfaces.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Lexinform.Ser#\bad87390df683fcc3abc61126010d2af\Datev.Lexinform.Services.SemanticRecognition.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Lexinform.Ser#\15987b5ebe2a9653537a3d8be7b0bd4b\Datev.Lexinform.Services.SemanticRecognition.Interface.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Lexinform.Ser#\474005e4f22288d30811831341a75f3e\Datev.Lexinform.Services.LexinformSearch.Business.LocalSearch.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Lexinform.Ser#\7dfcec0862676f980fe836a41995bdf4\Datev.Lexinform.Services.Search.Interface.Server.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Lexinform.Ser#\bd48e9857ed3fcd1947778962378edbf\Datev.Lexinform.Services.LexinformSearch.Business.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Lexinform.Ser#\16c4159d164af65d95d5edcc996e7396\Datev.Lexinform.Services.LexinformBase.ServiceContracts.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Lexinform.Ser#\8fba1c3463a73361124255eb561b3077\Datev.Lexinform.Services.LexinformBase.LicenceRetriever.Business.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Lexinform.Ser#\41fbba89171246486146a7c5257355e6\Datev.Lexinform.Services.LexinformBase.Interface.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Lexinform.Ser#\a1bd506b45b0c1ecb05c905b7e915753\Datev.Lexinform.Services.LexinformBase.Business.Server.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Lexinform.Ser#\93ce6e805355bf29f5e821aa4603d017\Datev.Lexinform.Services.LexinformBase.Business.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Lexinform.Ser#\9ef4eec843e9978f222935d8d4f664e8\Datev.Lexinform.Services.Document.ServiceContracts.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Lexinform.Ser#\a15b8fbec033174ed6a43106228ad76d\Datev.Lexinform.Services.Document.Strategies.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Lexinform.Ser#\01e36a77d28bdb204e7692e842c87108\Datev.Lexinform.Services.Document.Interface.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Lexinform.Ser#\c9768ddec77db1b0c621039c62c95845\Datev.Lexinform.Services.Document.Business.Server.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Sdd.Ui.EditHo#\0639715e212ed7a758a07f7ec752a577\Datev.Sdd.Ui.EditHost.StartupService.Resources.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Sdd.Ui.EditHo#\7bf87871fdac54f470b13a0ebbb9b26c\Datev.Sdd.Ui.EditHost.StartupService.Interface.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Sdd.Transport#\556bb7bcfff08e75b2b856aab9f2bbf7\Datev.Sdd.TransportInterfaces.ni.dll () MOD - C:\Windows\assembly\GAC_32\Datev.Framework.Licensing.Wrapper\4.0.0.0__cbc631f1c682336b\Datev.Framework.Licensing.Wrapper.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Framework.Rem#\f022aa3886b58f2020b1c87e9b89b17b\Datev.Framework.RemoteServiceModel.GenericServiceBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Framework.Hos#\440507bee2a67350090e535b1172a36a\Datev.Framework.Hosting.Interface.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Framework.Dia#\f6a1f5e9f8fb3b284e7355c3715760ae\Datev.Framework.Diagnostics.RealTimeTracing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Framework.Mic#\6bcfa3a5b15d2ec1983d02e7f792462c\Datev.Framework.MicroKernel.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\c1b67737c13c99776cde5989ec2885c8\System.IdentityModel.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\a0445401f2473a1aa4b66c9c0791c7f6\System.ServiceModel.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.DataSet#\41c8b10b4eee399c4abfa970b73ecd74\System.Data.DataSetExtensions.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Cach#\2fa72afe543bb02b4f728efc2166d58c\System.Runtime.Caching.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\5ea93652e4752c75bc6fbb195b4eb864\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\dcb0e7d56ffca14d7c483103235b11ad\System.Transactions.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\e7b4706dfe18f29486dbaf5d35e01765\System.Runtime.DurableInstancing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\ef7642a4f2724135d445e2ea36582e78\SMDiagnostics.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\910fe53ec2122cf3a2ad11c2b2f5cbfd\System.Runtime.Serialization.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\9071f089ab65d518d1bd7e8fa857a95f\System.Data.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.CSharp\e6f1669a51fbf73520ae79dca19f005e\Microsoft.CSharp.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Dynamic\ebd8e7de507b634d15b3e16614270f06\System.Dynamic.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\27dcf04ed7a3506045597c02a5a1fc31\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\5de5d8c1c02e33789e3cf7e3f54c0ec9\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe () MOD - C:\Program Files (x86)\Acronis\TrueImageHome\Common\resource.dll () MOD - C:\Program Files (x86)\Acronis\TrueImageHome\Common\rpc_client.dll () MOD - C:\Program Files (x86)\Acronis\TrueImageHome\Common\thread_pool.dll () MOD - C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll () ========== Services (SafeList) ========== SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (TeamViewer8) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (DATEV Update-Service) -- C:\DATEV\PROGRAMM\Install\DvInesASDSvc.Exe (DATEV eG) SRV - (DatevPrintService) -- C:\DATEV\PROGRAMM\B0001442\PSNTServ.exe (DATEV eG) SRV - (SQLAgent$DATEV_DBENGINE) -- C:\Programme\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\SQLAGENT.EXE (Microsoft Corporation) SRV - (MSSQL$DATEV_DBENGINE) -- C:\Programme\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) SRV - (afcdpsrv) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis) SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (MSSQLServerADHelper100) -- C:\Programme\Microsoft SQL Server\100\Shared\sqladhlp.exe (Microsoft Corporation) SRV - (MSSQLFDLauncher$DATEV_DBENGINE) -- C:\Programme\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\fdlauncher.exe (Microsoft Corporation) SRV - (SQLWriter) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe () SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (PowerBiosServer) -- c:\Program Files (x86)\Hotkey\PowerBiosServer.exe () SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software) DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software) DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software) DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software) DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software) DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (RsFx0151) -- C:\Windows\SysNative\drivers\RsFx0151.sys (Microsoft Corporation) DRV:64bit: - (BrSerIb) -- C:\Windows\SysNative\drivers\BrSerIb.sys (Brother Industries Ltd.) DRV:64bit: - (BrUsbSIb) -- C:\Windows\SysNative\drivers\BrUsbSib.sys (Brother Industries Ltd.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (afcdp) -- C:\Windows\SysNative\drivers\afcdp.sys (Acronis) DRV:64bit: - (tdrpman258) -- C:\Windows\SysNative\drivers\tdrpm258.sys (Acronis) DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis) DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (e1kexpress) -- C:\Windows\SysNative\drivers\e1k62x64.sys (Intel Corporation) DRV:64bit: - (NAL) -- C:\Windows\SysNative\drivers\iqvw64e.sys (Intel Corporation ) DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation) DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation) DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (NETw5x64) -- C:\Windows\SysNative\drivers\NETw5x64.sys (Intel Corporation) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (ioatdma2) -- C:\Windows\SysNative\drivers\qd262x64.sys (Intel Corporation) DRV:64bit: - (ioatdma1) -- C:\Windows\SysNative\drivers\qd162x64.sys (Intel Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation) DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (IAMTVE) -- C:\Windows\SysNative\drivers\IAMTVE.sys (Intel Corporation) DRV:64bit: - (IAMTXPE) -- C:\Windows\SysNative\drivers\IAMTXPE.sys (Intel Corporation) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {1FE8516A-024E-4584-A388-898180DFE6ED} IE:64bit: - HKLM\..\SearchScopes\{1FE8516A-024E-4584-A388-898180DFE6ED}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://nmd.msn.com IE - HKLM\..\SearchScopes,DefaultScope = {453F3A50-CBA5-46CC-A644-360B65237ABF} IE - HKLM\..\SearchScopes\{453F3A50-CBA5-46CC-A644-360B65237ABF}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3308591813-2226736588-3851468173-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://nmd.msn.com IE - HKU\S-1-5-21-3308591813-2226736588-3851468173-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://nmd.msn.com [binary data] IE - HKU\S-1-5-21-3308591813-2226736588-3851468173-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-3308591813-2226736588-3851468173-1000\..\SearchScopes,DefaultScope = {453F3A50-CBA5-46CC-A644-360B65237ABF} IE - HKU\S-1-5-21-3308591813-2226736588-3851468173-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Name\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox [2010.10.04 22:27:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010.10.04 22:27:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010.10.04 22:27:57 | 000,000,000 | ---D | M] O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programme\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [DATEV Update-Monitor] C:\DATEV\PROGRAMM\Install\DvInesASDMon.Exe (DATEV eG) O4 - HKLM..\Run: [SfWinStartInfo] C:\SFIRM32\sfWinStartupInfo.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe () O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3308591813-2226736588-3851468173-1000..\Run: [Spotify] C:\Users\Name\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd) O4 - HKU\S-1-5-21-3308591813-2226736588-3851468173-1000..\Run: [Spotify Web Helper] C:\Users\Name\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-3308591813-2226736588-3851468173-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe (Adobe Systems Incorporated) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKU\S-1-5-21-3308591813-2226736588-3851468173-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1 O7 - HKU\S-1-5-21-3308591813-2226736588-3851468173-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3D4CB084-A84A-4E49-977D-0D9CA1976399}: NameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{93274F38-4FD0-4E7E-9A08-908EAE7F83E0}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20:64bit: - Winlogon\Notify\psfus: DllName - (C:\Program Files\Protector Suite\psqlpwd.dll) - C:\Programme\Protector Suite\psqlpwd.dll (UPEK Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.17 20:29:46 | 000,000,000 | ---D | C] -- C:\Users\Name\AppData\Roaming\TeamViewer [2013.03.15 17:35:12 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.03.15 17:35:12 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.03.15 17:35:11 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.03.15 17:35:10 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.03.15 17:35:10 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.03.15 17:35:10 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.03.15 17:35:10 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.03.15 17:35:10 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.03.15 17:35:09 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.03.15 17:35:09 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.03.15 17:35:09 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.03.15 17:35:08 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.03.15 17:35:06 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.03.15 17:35:06 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.03.15 17:35:05 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.03.12 14:18:10 | 000,000,000 | ---D | C] -- C:\Users\Name\AppData\Local\Programs [2013.03.12 11:52:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother [2013.03.12 11:51:19 | 000,207,872 | ---- | C] (brother) -- C:\Windows\SysNative\NSSRH64.dll [2013.03.12 11:51:19 | 000,082,944 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysNative\BrNetSti.dll [2013.03.12 11:51:19 | 000,058,368 | ---- | C] (Brother Industries,Ltd.) -- C:\Windows\SysNative\BrWiaNCp.dll [2013.03.12 11:51:19 | 000,047,616 | ---- | C] (Brother Industries,Ltd) -- C:\Windows\SysNative\Brnsplg.dll [2013.03.12 11:51:18 | 000,073,728 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysWow64\BrDctF2.dll [2013.03.12 11:51:18 | 000,005,632 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysWow64\BrDctF2L.dll [2013.03.12 11:51:18 | 000,003,072 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysWow64\BrDctF2S.dll [2013.03.12 11:51:16 | 001,560,064 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysNative\BrWia09b.dll [2013.03.12 11:51:12 | 000,176,128 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysWow64\BROSNMP.DLL [2013.03.12 11:51:12 | 000,111,928 | ---- | C] (Brother Industries Ltd) -- C:\Windows\SysWow64\BRRBTOOL.EXE [2013.03.12 11:51:07 | 000,024,223 | ---- | C] (Brother Industries, Ltd) -- C:\Windows\SysWow64\BRLM03A.DLL [2013.03.12 11:49:17 | 000,000,000 | ---D | C] -- C:\Users\NAme\AppData\Roaming\InstallShield [2013.03.12 11:49:00 | 000,000,000 | ---D | C] -- C:\Users\Name\Desktop\mflpro [2013.03.12 11:42:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer [2013.03.12 08:36:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2013.03.12 08:35:10 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013.02.27 20:51:49 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll [2013.02.27 20:51:49 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll [2013.02.27 20:51:49 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll [2013.02.27 20:51:49 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll [2013.02.27 20:51:45 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll [2013.02.27 20:51:45 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll [2013.02.27 20:51:39 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll [2013.02.27 20:51:39 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.02.27 20:51:39 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.02.27 20:51:39 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.02.27 20:51:39 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.02.27 20:51:39 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.02.27 20:51:39 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.02.27 20:51:39 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.02.27 20:51:39 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.02.27 20:51:38 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll [2013.02.27 20:51:38 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll [2013.02.27 20:51:38 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll [2013.02.27 20:51:38 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll [2013.02.27 20:51:38 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.02.27 20:51:38 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.02.27 20:51:38 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.02.27 20:51:38 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.02.27 20:51:38 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll [2013.02.27 20:51:38 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll [2013.02.27 20:51:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll [2013.02.27 20:51:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll [2013.02.27 20:51:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.02.27 20:51:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.02.27 20:51:37 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll [2013.02.27 20:51:37 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll [2013.02.27 20:51:37 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll [2013.02.27 20:51:37 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll [2013.02.27 20:51:37 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll [2013.02.27 20:51:37 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll [2013.02.27 20:51:37 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll [2013.02.27 20:51:36 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll [2013.02.27 20:51:35 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2013.02.27 20:51:35 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll [2013.02.27 20:51:35 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll [2013.02.27 20:51:34 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll ========== Files - Modified Within 30 Days ========== [2013.03.26 19:41:55 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.03.26 19:41:54 | 000,000,938 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3308591813-2226736588-3851468173-1000Core.job [2013.03.26 19:41:52 | 000,000,960 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3308591813-2226736588-3851468173-1000UA.job [2013.03.26 19:41:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.25 12:15:37 | 000,000,432 | ---- | M] () -- C:\Windows\BRWMARK.INI [2013.03.19 10:09:10 | 000,000,570 | ---- | M] () -- C:\Windows\ODBC.INI [2013.03.19 08:47:19 | 000,009,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.19 08:47:19 | 000,009,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.15 20:12:50 | 2960,498,688 | -HS- | M] () -- C:\hiberfil.sys [2013.03.13 07:29:54 | 000,419,952 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.03.12 11:52:42 | 000,000,034 | ---- | M] () -- C:\Windows\SysWow64\bd9042cd.dat [2013.03.12 11:52:42 | 000,000,026 | ---- | M] () -- C:\Windows\BRPP2KA.INI [2013.03.12 11:51:30 | 000,000,050 | ---- | M] () -- C:\Windows\SysNative\bd9042cn.dat [2013.03.12 11:42:26 | 000,001,166 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk [2013.03.12 08:38:52 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2013.03.04 23:11:49 | 001,838,200 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.03.04 23:11:49 | 000,779,132 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.03.04 23:11:49 | 000,730,778 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.03.04 23:11:49 | 000,180,380 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.03.04 23:11:49 | 000,152,318 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat ========== Files Created - No Company Name ========== [2013.03.12 11:52:42 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\bd9042cd.dat [2013.03.12 11:52:42 | 000,000,026 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2013.03.12 11:51:30 | 000,000,050 | ---- | C] () -- C:\Windows\SysNative\bd9042cn.dat [2013.03.12 11:51:19 | 000,143,360 | ---- | C] () -- C:\Windows\SysNative\BrSNMP64.dll [2013.03.12 11:51:10 | 000,000,050 | ---- | C] () -- C:\Windows\SysNative\BAOCH06A.DAT [2013.03.12 11:42:26 | 000,001,178 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk [2013.03.12 11:42:26 | 000,001,166 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk [2013.03.12 08:37:05 | 000,002,014 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2013.03.12 08:37:04 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk [2012.06.05 18:35:09 | 000,000,227 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [2012.03.01 17:06:45 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI [2012.02.06 12:15:09 | 000,000,029 | ---- | C] () -- C:\Windows\hbcikrnl.ini.lock [2012.02.06 12:08:13 | 000,000,061 | ---- | C] () -- C:\Windows\Setup_tmp.ini [2011.11.14 14:41:38 | 000,017,408 | ---- | C] () -- C:\Users\NAme\AppData\Local\WebpageIcons.db [2011.04.13 09:32:48 | 000,004,851 | ---- | C] () -- C:\Users\NAme\AppData\Local\EmptySettings.xml [2010.10.21 16:01:11 | 000,000,101 | ---- | C] () -- C:\Users\NAme\AppData\Local\fusioncache.dat [2010.10.21 08:35:19 | 000,006,733 | ---- | C] () -- C:\Users\NAme\AppData\Roaming\abspann_datev_idea.gif [2010.10.21 08:35:19 | 000,000,291 | ---- | C] () -- C:\Users\NAme\AppData\Roaming\lastscreen.html [2010.10.21 08:35:19 | 000,000,105 | ---- | C] () -- C:\Users\NAme\AppData\Roaming\lastscreen.ikf ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.10.14 09:49:12 | 000,000,000 | ---D | M] -- C:\Users\NAme1\AppData\Roaming\DATEV [2010.10.22 15:39:23 | 000,000,000 | ---D | M] -- C:\Users\NAme1\AppData\Roaming\Protector Suite [2010.11.23 08:03:18 | 000,000,000 | ---D | M] -- C:\Users\NAme\AppData\Roaming\Acronis [2011.12.12 12:03:11 | 000,000,000 | ---D | M] -- C:\Users\NAme\AppData\Roaming\DATEV [2013.01.23 15:38:02 | 000,000,000 | ---D | M] -- C:\Users\NAme\AppData\Roaming\DVASSV [2010.10.21 08:34:20 | 000,000,000 | ---D | M] -- C:\Users\NAme\AppData\Roaming\linkundlink [2010.10.15 09:53:18 | 000,000,000 | ---D | M] -- C:\Users\NAme\AppData\Roaming\Protector Suite [2013.03.15 20:21:24 | 000,000,000 | ---D | M] -- C:\Users\NAme\AppData\Roaming\Spotify [2013.03.17 20:29:46 | 000,000,000 | ---D | M] -- C:\Users\NAme\AppData\Roaming\TeamViewer [2012.08.07 18:44:08 | 000,000,000 | ---D | M] -- C:\Users\NAme\AppData\Roaming\Windows Live Writer ========== Purity Check ========== < End of report > OTL-Extras Code:
ATTFilter OTL Extras logfile created on: 26.03.2013 20:05:31 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Name\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,68 Gb Total Physical Memory | 1,36 Gb Available Physical Memory | 37,11% Memory free
7,35 Gb Paging File | 4,58 Gb Available in Paging File | 62,36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298,09 Gb Total Space | 212,61 Gb Free Space | 71,33% Space Free | Partition Type: NTFS
Computer Name: PC | User Name: Name | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\DATEV\PROGRAMM\Numzus\NumZus.exe" = C:\DATEV\PROGRAMM\NUMZUS\NumZus.exe:*:Enabled:NumZus.exe -- (DATEV eG)
"C:\DATEV\PROGRAMM\Mandant\Mandant.exe" = C:\DATEV\PROGRAMM\MANDANT\Mandant.exe:*:Enabled:Mandant.exe -- (DATEV eG)
"C:\DATEV\SYSTEM\DvpExe.exe" = C:\DATEV\SYSTEM\DvpExe.exe:*:Enabled:DvpExe.exe -- (DATEV eG)
"C:\DATEV\SYSTEM\DcomSrv.exe" = C:\DATEV\SYSTEM\DcomSrv.exe:*:Enabled:DcomSrv.exe -- (DATEV eG)
"C:\DATEV\PROGRAMM\RWApplic\Datev.Irw.Managed.ServiceProvider.exe" = C:\DATEV\PROGRAMM\RWAPPLIC\Datev.Irw.Managed.ServiceProvider.exe:*:Enabled:DATEV IRW ServiceProvider -- (DATEV eG)
"C:\DATEV\PROGRAMM\Numzus\NumZus.exe" = C:\DATEV\PROGRAMM\NUMZUS\NumZus.exe:*:Enabled:NumZus.exe -- (DATEV eG)
"C:\DATEV\PROGRAMM\Mandant\Mandant.exe" = C:\DATEV\PROGRAMM\MANDANT\Mandant.exe:*:Enabled:Mandant.exe -- (DATEV eG)
"C:\DATEV\SYSTEM\DvpExe.exe" = C:\DATEV\SYSTEM\DvpExe.exe:*:Enabled:DvpExe.exe -- (DATEV eG)
"C:\DATEV\SYSTEM\DcomSrv.exe" = C:\DATEV\SYSTEM\DcomSrv.exe:*:Enabled:DcomSrv.exe -- (DATEV eG)
"C:\DATEV\PROGRAMM\RWApplic\Datev.Irw.Managed.ServiceProvider.exe" = C:\DATEV\PROGRAMM\RWAPPLIC\Datev.Irw.Managed.ServiceProvider.exe:*:Enabled:DATEV IRW ServiceProvider -- (DATEV eG)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\DATEV\PROGRAMM\Numzus\NumZus.exe" = C:\DATEV\PROGRAMM\NUMZUS\NumZus.exe:*:Enabled:NumZus.exe -- (DATEV eG)
"C:\DATEV\PROGRAMM\Mandant\Mandant.exe" = C:\DATEV\PROGRAMM\MANDANT\Mandant.exe:*:Enabled:Mandant.exe -- (DATEV eG)
"C:\DATEV\SYSTEM\DvpExe.exe" = C:\DATEV\SYSTEM\DvpExe.exe:*:Enabled:DvpExe.exe -- (DATEV eG)
"C:\DATEV\SYSTEM\DcomSrv.exe" = C:\DATEV\SYSTEM\DcomSrv.exe:*:Enabled:DcomSrv.exe -- (DATEV eG)
"C:\DATEV\PROGRAMM\RWApplic\Datev.Irw.Managed.ServiceProvider.exe" = C:\DATEV\PROGRAMM\RWAPPLIC\Datev.Irw.Managed.ServiceProvider.exe:*:Enabled:DATEV IRW ServiceProvider -- (DATEV eG)
"C:\DATEV\PROGRAMM\Numzus\NumZus.exe" = C:\DATEV\PROGRAMM\NUMZUS\NumZus.exe:*:Enabled:NumZus.exe -- (DATEV eG)
"C:\DATEV\PROGRAMM\Mandant\Mandant.exe" = C:\DATEV\PROGRAMM\MANDANT\Mandant.exe:*:Enabled:Mandant.exe -- (DATEV eG)
"C:\DATEV\SYSTEM\DvpExe.exe" = C:\DATEV\SYSTEM\DvpExe.exe:*:Enabled:DvpExe.exe -- (DATEV eG)
"C:\DATEV\SYSTEM\DcomSrv.exe" = C:\DATEV\SYSTEM\DcomSrv.exe:*:Enabled:DcomSrv.exe -- (DATEV eG)
"C:\DATEV\PROGRAMM\RWApplic\Datev.Irw.Managed.ServiceProvider.exe" = C:\DATEV\PROGRAMM\RWAPPLIC\Datev.Irw.Managed.ServiceProvider.exe:*:Enabled:DATEV IRW ServiceProvider -- (DATEV eG)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00C101CF-3924-406B-B01C-CAD5E040F338}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{1114278E-BF45-4076-9754-F12E28EA5637}" = lport=138 | protocol=17 | dir=in | app=system |
"{162DCAA5-AC10-4917-8190-47DDEB83B360}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1879DD40-E7F5-4256-8998-6B72958D38FF}" = rport=138 | protocol=17 | dir=out | app=system |
"{23AEA20F-AFAE-4F8E-AC86-8001489D61ED}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3569D854-D9A7-4A28-B699-887C8DE9B209}" = lport=10243 | protocol=6 | dir=in | app=system |
"{47FD34DC-07FE-4B68-B06A-DC1A5E1B6F90}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6DD29525-8171-44FD-AAC0-DE276DD778F2}" = lport=58432 | protocol=6 | dir=in | app=c:\datev\programm\sws\limaservice.exe |
"{6E8FA91B-4AC9-4D70-B618-D790231C993B}" = rport=139 | protocol=6 | dir=out | app=system |
"{8211074E-FA45-4AC1-A0C4-6CD24F37A40B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{860AABF7-F11D-411F-B53B-545DCC808E35}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{87B6DB7E-7CC0-434B-AFE6-2D4E2359D0F5}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner |
"{8AC8A2C1-7B52-45F6-8F83-E4F5B86DD832}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8EEC4811-4A5E-4872-B070-AD66C6401C7E}" = lport=137 | protocol=17 | dir=in | app=system |
"{910A06D2-DB4C-4E92-8FE5-37530F48945E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{981C884A-2808-4C35-8C5F-E92C32ADE0EF}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AB7D4766-3A5F-4FE0-9C1D-77594F982118}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AD90E923-19C2-4C09-8A1E-D6B36CCBCAD6}" = lport=445 | protocol=6 | dir=in | app=system |
"{B6CE816B-CC09-4F69-A2AB-CDC9ED138683}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C19E9D5D-350F-4925-8460-D001C9474ACE}" = lport=139 | protocol=6 | dir=in | app=system |
"{CABE5567-068F-47D9-8397-E731DF2A0C47}" = rport=445 | protocol=6 | dir=out | app=system |
"{D26D6829-8E16-485C-894E-36434B4EE14F}" = rport=10243 | protocol=6 | dir=out | app=system |
"{D650FE30-6242-4B56-9082-A7C7759D788D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E112296F-440B-456F-8347-22165623F640}" = rport=137 | protocol=17 | dir=out | app=system |
"{E44A8D20-3DF2-4230-8AAB-E880B195DC0F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{ED2050AD-32B0-4415-AE34-976ADFAFB208}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{FC5F20A2-E3B6-4D6F-9E54-4583FD4C5F65}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{16153F88-CB4B-4887-9B13-9621EB2F11A1}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{29B94BDB-5676-4957-B538-3DEA4A285D67}" = protocol=6 | dir=in | app=c:\users\name\appdata\roaming\spotify\spotify.exe |
"{314E2E3A-5517-489F-8BB3-933B5FD479F0}" = protocol=17 | dir=in | app=c:\users\name\appdata\roaming\spotify\spotify.exe |
"{4180B667-F0B3-4F6E-9AA9-7DC2D270820B}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{4522628D-9541-4060-8104-2E695ECB31DB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{46D4B9E4-8C33-4344-B228-71985209C937}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{47B1F1B9-1B0E-4E84-B459-CD3FC8F4B980}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{4D296ADA-6877-4B28-B0B7-A9A175E892BA}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{57809937-CB12-413C-BB6F-CBAABEC9528D}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{5C375639-EF0E-4C7B-85D8-D13EB2D6B7FC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{63240B07-B564-47A1-8843-030D19D04AE1}" = protocol=6 | dir=in | app=c:\users\name\appdata\roaming\spotify\spotify.exe |
"{63D13937-869D-4C6D-A024-1FFB9DF22EAC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6C5ED67E-A516-4DD1-B9EB-1D74F9677A7E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7E79AB0B-8286-4309-9709-878A9B3563CD}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{8CBE50EA-6FBD-4FDA-99FB-C2AEE9FABBF0}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{90D413E3-46E6-4230-B46E-2DB3CA2BE107}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{90E7BA71-63A2-4016-8540-126D0FB72F3F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9C543AE4-5717-4ED7-B772-86EB3578CAF4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A0D3D6B3-9266-4D7B-A12A-B40A23A950EA}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{A4FF4D24-FA1E-4156-B9D6-45EE1306DDF9}" = protocol=6 | dir=in | app=c:\datev\programm\rwapplic\datev.irw.managed.serviceprovider.exe |
"{ACF45C05-2851-400D-B2BC-40377F758E07}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{ACF8BC20-75D9-46C7-8203-8DCC60B648DF}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AE126F33-BB1B-43CB-AFEA-52B604A2A492}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B1C81839-ABEC-460E-BB01-E47461BF7F0E}" = protocol=6 | dir=out | app=system |
"{B4FDC057-A99A-4B5B-9953-3515F8E3AABE}" = protocol=17 | dir=in | app=c:\users\name\appdata\roaming\spotify\spotify.exe |
"{C6CFA088-865C-448E-A90B-173EDB385D75}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C86FF447-B279-4E01-BAF5-F7F943FD9E16}" = dir=in | app=c:\users\name\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{D68183B6-92DE-4364-AF25-41233EFA0622}" = protocol=6 | dir=in | app=c:\datev\programm\k0005000\arbeitsplatz.exe |
"{DE764EE8-5650-4592-9480-21D5C5DA2ED7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E55BF4D4-8BCA-44FD-B6C3-BEF9CC6CD142}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EDA9A18C-07E6-40FF-8A42-6B3865BDC0DB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F4B9CD7E-183D-4A73-AFD9-C269E2BFAF5E}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{F6AC6B50-F0CB-4C37-88D8-F463E4C3D61C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FAF46E96-DE48-45A6-A27B-879BE2F19FFF}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01078B88-2981-4F75-96B0-8B22E2D2DE03}" = Microsoft SQL Server 2008 R2 Setup (English)
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0F841121-4DB6-4B31-839F-7F5AB3BB3423}" = Protector Suite 2009
"{11107A2A-AD44-4BC8-ABB5-E88E63BCA785}" = Intel(R) Network Connections 14.8.43.0
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{17B77355-3934-4D0E-8FAC-C420482C8E7D}" = Windows Live Family Safety
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{234F6B0D-10AE-4BB7-B2F3-E48D4861952D}" = SQL Server 2008 R2 SP1 Common Files
"{26A24AE4-039D-4CA4-87B4-2F86416022FF}" = Java(TM) 6 Update 22 (64-bit)
"{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}" = Microsoft SQL Server VSS Writer
"{36F70DEE-1EBF-4707-AFA2-E035EEAEBAA1}" = SQL Server 2008 R2 SP1 Common Files
"{471AAD2C-9078-4DAC-BD43-FA10FB7C3FCE}" = Microsoft SQL Server 2008 R2 Native Client
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7C39E0D1-E138-42B1-B083-213EC2CF7692}" = Microsoft SQL Server Native Client
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DFA5914-C275-42E0-810E-C88E46A7F9EA}" = SQL Server 2008 R2 SP1 Full text search
"{A2122A9C-A699-4365-ADF8-68FEAC125D61}" = SQL Server 2008 R2 SP1 Database Engine Shared
"{ABA4FAF1-6389-45F9-92CE-3914A4E5C471}" = PaperPort Image Printer 64-bit
"{B40EE88B-400A-4266-A17B-E3DE64E94431}" = Microsoft SQL Server 2008 Setup Support Files
"{BFBF33B5-AEFE-454B-A189-DF5013028535}" = SQLXML4
"{C942A025-A840-4BF2-8987-849C0DD44574}" = SQL Server 2008 R2 SP1 Database Engine Shared
"{D8C23BDE-4748-44D9-A9DD-8AB64EB18BE3}" = Microsoft SQL Server 2008 R2 RsFx Driver
"{F31183CF-E10F-4DE1-BB59-6C0FF38E481E}" = Sql Server Customer Experience Improvement Program
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = SQL Server 2008 R2 SP1 Database Engine Services
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = SQL Server 2008 R2 SP1 Database Engine Services
"8DEBD1C1BD0B77A96565A855F12B75986C183E33" = Windows-Treiberpaket - Intel (NETw5x64) net (09/15/2009 13.0.0.107)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 R2 (64-bit)
"Microsoft SQL Server 2008 R2" = Microsoft SQL Server 2008 R2 (64-bit)
"PROSetDX" = Intel(R) Network Connections 14.8.43.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}" = ScanSoft PaperPort 11
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0881ECE5-DCA1-462D-B515-F1732875EC74}" = DATEV Infragistics Runtime V.3.2
"{0aa88bb2-bbcf-4d4e-b8b3-69f3ff537390}" = Nero 9 Essentials
"{164714B6-46BC-4649-9A30-A6ED32F03B5A}" = Hotkey 3.2029
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5BBC4803-C96E-4D3E-9D1D-2E43774C4062}" = BisonCam
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{67ED38A3-4882-448B-B44D-3428AB00D7D5}" = Acronis*True*Image*Home
"{682B9C00-DAD4-411D-A4A7-D02B50E50C78}" = DFL2010 Microkernel
"{735DEB9C-61BD-4D31-994B-92395BBB4E45}" = Microsoft XML Parser
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{77C4850C-3592-4A2F-B652-ACB77A1EF77C}" = Bing Bar Platform
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{7F26BC94-9AAA-4FD2-A38A-F13B3ECA3426}" = Crystal Reports Runtime XI
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{91110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91490409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Primary Interop Assemblies
"{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack
"{9298B925-57BA-4169-8C58-1A4BAE757DD7}" = DFL2010 ConfigDB
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A600A500-6AAC-48AB-B29C-145483B3A127}" = SFirm
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.4 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BF9BF038-FE03-429D-9B26-2FA0FD756052}" = Microsoft SQL Server Browser
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C83FB11D-9EC6-49D7-99A7-DDDB2264883C}" = Brother MFL-Pro Suite DCP-9042CDN
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F8AEA743-A9CB-453C-9B3C-53D7F1D0CC22}" = B1315AppGuid
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"avast" = avast! Free Antivirus
"DATEVB00000482.0" = DATEV Installation V.3.0
"InstallShield_{164714B6-46BC-4649-9A30-A6ED32F03B5A}" = Hotkey 3.2029
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"TeamViewer 8" = TeamViewer 8
"WinLiveSuite_Wave3" = Windows Live Essentials
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3308591813-2226736588-3851468173-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Spotify" = Spotify
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 08.06.2012 12:57:33 | Computer Name = Name-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 08.06.2012 12:57:36 | Computer Name = Name-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =
Error - 08.06.2012 12:57:37 | Computer Name = Name-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =
Error - 08.06.2012 12:58:22 | Computer Name = Name-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =
Error - 08.06.2012 12:58:38 | Computer Name = Name-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =
Error - 08.06.2012 12:59:30 | Computer Name = Name-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =
Error - 08.06.2012 13:00:33 | Computer Name = Name-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =
Error - 08.06.2012 13:00:39 | Computer Name = Name-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =
Error - 08.06.2012 13:01:37 | Computer Name = Name-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =
Error - 09.06.2012 08:57:09 | Computer Name = Name-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 09.06.2012 08:57:11 | Computer Name = Name-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
[ System Events ]
Error - 16.02.2013 05:14:32 | Computer Name = Name-PC | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus
lautet: 107.
Error - 16.02.2013 05:14:32 | Computer Name = Name-PC | Source = Schannel | ID = 36874
Description = Eine SSL 3.0-Verbindungsanforderung wurde von einer Remoteclientanwendung
übermittelt, jedoch werden keine der Verschlüsselungssammlungen, die von der Clientanwendung
unterstützt werden, vom Server unterstützt. Fehler bei der SSL-Verbindungsanforderung.
Error - 16.02.2013 05:14:32 | Computer Name = Name-PC | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus
lautet: 107.
Error - 16.02.2013 05:14:32 | Computer Name = Name-PC | Source = Schannel | ID = 36874
Description = Eine SSL 3.0-Verbindungsanforderung wurde von einer Remoteclientanwendung
übermittelt, jedoch werden keine der Verschlüsselungssammlungen, die von der Clientanwendung
unterstützt werden, vom Server unterstützt. Fehler bei der SSL-Verbindungsanforderung.
Error - 16.02.2013 05:14:32 | Computer Name = Name-PC | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus
lautet: 107.
Error - 17.02.2013 08:20:35 | Computer Name = Name-PC | Source = WMPNetworkSvc | ID = 866333
Description =
Error - 17.02.2013 13:22:48 | Computer Name = Name-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?17.?02.?2013 um 15:23:39 unerwartet heruntergefahren.
Error - 17.02.2013 13:22:50 | Computer Name = Name-PC| Source = BugCheck | ID = 1001
Description =
Error - 03.03.2013 03:24:33 | Computer Name = Name-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst lmhosts erreicht.
Error - 17.03.2013 15:18:29 | Computer Name = Name-PC | Source = DCOM | ID = 10010
Description =
< End of report >
Namen habe ich mit "Name" "verschleiert" (hoffentlich überall ). Ich hoffe das ist ok.Also nochmals tausend Dank vorab Gruß Riggi Keiner da, der sich das einmal ansehen kann  |
|
27.03.2013, 17:22
| #2 |
| /// TB-Ausbilder  | Win32/Small.CA-Virus__________________
__________________ |
|
27.03.2013, 19:40
| #3 | |
| | Win32/Small.CA-VirusZitat:
Zunächst einmal Danke für Deine Rückantwort! Folgendes zu den Fragen: 1. Die fehlt mir leider sehr oft, Entschuldigung dafür 2. Das trifft indirekt zu, sorry aber den verlinkten Artikel kannte ich nicht. Es gibt keine interne IT-Abteilung, da nur zwei Rechner (keine Server oder Infrastruktur) vorhanden sind, die ich als Freundschaftsdienst hin und wieder bereinige oder mit Software "bespiele". 3. Eigentlich stand nur unten rechts in der Ecke, dass der Virus auf dem Rechner sei. Habe zum Entsetzen bemerkt, dass die Meldung wohl letztes Jahr im Januar auftrat und einmal einen Fehler verursacht hat. Hab diese jetzt archiviert. Es war zu Beginn eine Testversion von McAffee installiert, die abgelaufen ist Ich habe dann Avast draufgemacht. Ich schätze da war die Lücke. Der Rechner wurde aber nur selten im INet genutzt, vielleicht ist daher ein "Neu Aufsetzen" nicht notwendig (wenn auch grundsätzlich ratsam)?!Ich hoffe das hilft weiter. Danke vorab, Riggi |
|
27.03.2013, 19:42
| #4 |
| /// TB-Ausbilder | Win32/Small.CA-Virus Bemerkst du denn irgendwelche Symptone irgendeiner Infektion?
__________________  Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
27.03.2013, 19:45
| #5 | |
| | Win32/Small.CA-VirusZitat:
Nein eigentlich nicht... Verraten die Logs denn irgendwas? |
|
27.03.2013, 20:05
| #6 |
| /// TB-Ausbilder | Win32/Small.CA-Virus Ja, man sieht nichts.
__________________ --> Win32/Small.CA-Virus |
|
27.03.2013, 21:40
| #7 |
| | Win32/Small.CA-Virus Wunderbar Herzlichen Dank für Deine Hilfe! Gruß Riggi |
|
27.03.2013, 21:41
| #8 |
| /// TB-Ausbilder | Win32/Small.CA-Virus Schön, dass wir helfen konnten  Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen schicke mir bitte eine PM. Jeder andere bitte hier klicken und einen eigenen Thread erstellen Falls du noch Lob oder Kritik loswerden möchtest, dann gibt es diesen Bereich hier: http://www.trojaner-board.de/lob-kritik-wuensche/
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
| Themen zu Win32/Small.CA-Virus |
| antivirus, avast, bho, browser, defender, error, excel, fehler, firefox, flash player, format, install.exe, installation, limited.com/facebook, logfile, microsoft office 2003, plug-in, programm, realtek, registry, rundll, scan, sfirm, software, spotify web helper, svchost.exe, system, trojaner-board, warnung, win32/small.ca-virus, windows, windows xp |
Linear-Darstellung
