Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Win32/Small.CA-Virus (https://www.trojaner-board.de/132790-win32-small-ca-virus.html)

Riggi84 26.03.2013 21:36

Win32/Small.CA-Virus
 
Hallo liebe Trojaner-Board Profis, Helfer und Geplagte :)

Seit kurzem treibt sich ein ungeliebter Gast auf meinem System herum, darf man den Windows Boardmitteln (Defender etc.) Glauben schenken. Laut MalWareBytes ist die Maschine sauber, aber ich würde Euch Experten gerne einmal den Einblick gewähren. Über Eure Hilfe wäre ich sehr dankbar.

Also hier einmal die Logs.

MWB:

Code:

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.03.26.13

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.pc8112.16421
Name :: Name- [Administrator]

26.03.2013 20:02:44
mbam-log-2013-03-26 (20-02-44).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 435316
Laufzeit: 1 Stunde(n), 17 Minute(n), 4 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)



Hier die OTL Logs.

OTL

Code:

OTL logfile created on: 26.03.2013 20:05:31 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Name\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,68 Gb Total Physical Memory | 1,36 Gb Available Physical Memory | 37,11% Memory free
7,35 Gb Paging File | 4,58 Gb Available in Paging File | 62,36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298,09 Gb Total Space | 212,61 Gb Free Space | 71,33% Space Free | Partition Type: NTFS
 
Computer Name: Name-PC | User Name: Name | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Name\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Users\Name\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\DATEV\SYSTEM\DVREWEDZSMSTR030A.exe (DATEV e.G.)
PRC - C:\DATEV\PROGRAMM\K0005002\Datev.Sdd.Ui.EditHost.StartupService.exe (DATEV eG)
PRC - C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe (DATEV eG)
PRC - C:\DATEV\SYSTEM\Nuko\NKWLOGIN.exe (DATEV eG)
PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\DATEV\PROGRAMM\D0100000\Datev.Framework.RemoteServiceModel.GenericService2010.exe (DATEV eG)
PRC - C:\DATEV\PROGRAMM\B0001442\PSNTServ.exe (DATEV eG)
PRC - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
PRC - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe ()
PRC - c:\Program Files (x86)\Hotkey\PowerBiosServer.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\766ccafdc4a09b964aa9286a15bca48a\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web\ce70182f0348fc21a07409afd4a922f5\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Framework.Win#\95d6b8e034945a50596479e0827eb6c8\Datev.Framework.Windows.Shell.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Framework.Win#\e0ff4cc7651d5c1ae5b9d928c625d86e\Datev.Framework.Windows.MessageListeners.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Framework.Win#\d772fa79e965d5d6f319141c04212e5f\Datev.Framework.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Framework.Rem#\3b815c2c27ffedfcdab494fe1031ad22\Datev.Framework.RemoteServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Sdd.Ui.EditHo#\687a0637cdcd6b590964f340a048b039\Datev.Sdd.Ui.EditHost.StartupService.Business.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\39f4c7717661667c68f9af8c4f6402b9\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Security.Iden#\2b77dd95ae115fd7dd4965ceff40f70f\Datev.Security.IdentityManagement.IamClaimService.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Security.Iden#\4b66190dec76f5932c6c8759314ec638\Datev.Security.IdentityManagement.Database.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Network\1b02d0ec7854cf6abda2bf8062aae29b\Datev.Network.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Network.Inter#\342205de858a50dcdf1416afb5c2adbd\Datev.Network.Interfaces.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Framework.Ser#\e13301521a3d8088f2d3eb442a564d8a\Datev.Framework.ServiceBus.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Framework.Res#\6c69a312252d49cddc988749dd4fbc21\Datev.Framework.ResourceData.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Framework.Mes#\7955b7c205b54e90f194b9e7d23d37a3\Datev.Framework.Messages.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Framework.Lic#\f4ee7a528aaab01e903da9cfe1c2f6a9\Datev.Framework.Licensing.PlugIn.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Framework.Int#\fd29ba5f2f4d68e25966e42689fd28e9\Datev.Framework.Interface.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Framework.Env#\5cd800ecdc7df7c8e2202d2f713acb48\Datev.Framework.Environment.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Framework.Dat#\e2139fe0a1d781257b231abf5a2b8ec1\Datev.Framework.Data.PlugIn.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Database.Comm#\39393f7433dfdbaa57bcbad23d5c56a2\Datev.Database.Common.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Database.Publ#\ab89e7b4cd898e0df79a24956453b396\Datev.Database.PublicInterfaces.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Database.Cons#\ab3157a29cb4f83221539eca0b14558e\Datev.Database.ConserveManager.PlugIn.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.ConfigDB.Stor#\78feaae28fc5ed268623a98b850072f9\Datev.ConfigDB.StorageProvider.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.ConfigDB.Plug#\af473a4535e1fba3528063821be23a40\Datev.ConfigDB.PlugIn.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.ConfigDB\49ec49d5635cedcf702c3c040f903d7b\Datev.ConfigDB.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.ConfigDB.Inte#\a5474eb3845f503eead6363d5a34a318\Datev.ConfigDB.Interfaces.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Lexinform.Ser#\bad87390df683fcc3abc61126010d2af\Datev.Lexinform.Services.SemanticRecognition.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Lexinform.Ser#\15987b5ebe2a9653537a3d8be7b0bd4b\Datev.Lexinform.Services.SemanticRecognition.Interface.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Lexinform.Ser#\474005e4f22288d30811831341a75f3e\Datev.Lexinform.Services.LexinformSearch.Business.LocalSearch.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Lexinform.Ser#\7dfcec0862676f980fe836a41995bdf4\Datev.Lexinform.Services.Search.Interface.Server.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Lexinform.Ser#\bd48e9857ed3fcd1947778962378edbf\Datev.Lexinform.Services.LexinformSearch.Business.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Lexinform.Ser#\16c4159d164af65d95d5edcc996e7396\Datev.Lexinform.Services.LexinformBase.ServiceContracts.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Lexinform.Ser#\8fba1c3463a73361124255eb561b3077\Datev.Lexinform.Services.LexinformBase.LicenceRetriever.Business.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Lexinform.Ser#\41fbba89171246486146a7c5257355e6\Datev.Lexinform.Services.LexinformBase.Interface.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Lexinform.Ser#\a1bd506b45b0c1ecb05c905b7e915753\Datev.Lexinform.Services.LexinformBase.Business.Server.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Lexinform.Ser#\93ce6e805355bf29f5e821aa4603d017\Datev.Lexinform.Services.LexinformBase.Business.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Lexinform.Ser#\9ef4eec843e9978f222935d8d4f664e8\Datev.Lexinform.Services.Document.ServiceContracts.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Lexinform.Ser#\a15b8fbec033174ed6a43106228ad76d\Datev.Lexinform.Services.Document.Strategies.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Lexinform.Ser#\01e36a77d28bdb204e7692e842c87108\Datev.Lexinform.Services.Document.Interface.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Lexinform.Ser#\c9768ddec77db1b0c621039c62c95845\Datev.Lexinform.Services.Document.Business.Server.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Sdd.Ui.EditHo#\0639715e212ed7a758a07f7ec752a577\Datev.Sdd.Ui.EditHost.StartupService.Resources.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Sdd.Ui.EditHo#\7bf87871fdac54f470b13a0ebbb9b26c\Datev.Sdd.Ui.EditHost.StartupService.Interface.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Sdd.Transport#\556bb7bcfff08e75b2b856aab9f2bbf7\Datev.Sdd.TransportInterfaces.ni.dll ()
MOD - C:\Windows\assembly\GAC_32\Datev.Framework.Licensing.Wrapper\4.0.0.0__cbc631f1c682336b\Datev.Framework.Licensing.Wrapper.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Framework.Rem#\f022aa3886b58f2020b1c87e9b89b17b\Datev.Framework.RemoteServiceModel.GenericServiceBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Framework.Hos#\440507bee2a67350090e535b1172a36a\Datev.Framework.Hosting.Interface.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Framework.Dia#\f6a1f5e9f8fb3b284e7355c3715760ae\Datev.Framework.Diagnostics.RealTimeTracing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Framework.Mic#\6bcfa3a5b15d2ec1983d02e7f792462c\Datev.Framework.MicroKernel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\c1b67737c13c99776cde5989ec2885c8\System.IdentityModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\a0445401f2473a1aa4b66c9c0791c7f6\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.DataSet#\41c8b10b4eee399c4abfa970b73ecd74\System.Data.DataSetExtensions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Cach#\2fa72afe543bb02b4f728efc2166d58c\System.Runtime.Caching.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\5ea93652e4752c75bc6fbb195b4eb864\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\dcb0e7d56ffca14d7c483103235b11ad\System.Transactions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\e7b4706dfe18f29486dbaf5d35e01765\System.Runtime.DurableInstancing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\ef7642a4f2724135d445e2ea36582e78\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\910fe53ec2122cf3a2ad11c2b2f5cbfd\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\9071f089ab65d518d1bd7e8fa857a95f\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.CSharp\e6f1669a51fbf73520ae79dca19f005e\Microsoft.CSharp.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Dynamic\ebd8e7de507b634d15b3e16614270f06\System.Dynamic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\27dcf04ed7a3506045597c02a5a1fc31\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\5de5d8c1c02e33789e3cf7e3f54c0ec9\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe ()
MOD - C:\Program Files (x86)\Acronis\TrueImageHome\Common\resource.dll ()
MOD - C:\Program Files (x86)\Acronis\TrueImageHome\Common\rpc_client.dll ()
MOD - C:\Program Files (x86)\Acronis\TrueImageHome\Common\thread_pool.dll ()
MOD - C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (TeamViewer8) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (DATEV Update-Service) -- C:\DATEV\PROGRAMM\Install\DvInesASDSvc.Exe (DATEV eG)
SRV - (DatevPrintService) -- C:\DATEV\PROGRAMM\B0001442\PSNTServ.exe (DATEV eG)
SRV - (SQLAgent$DATEV_DBENGINE) -- C:\Programme\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\SQLAGENT.EXE (Microsoft Corporation)
SRV - (MSSQL$DATEV_DBENGINE) -- C:\Programme\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (afcdpsrv) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (MSSQLServerADHelper100) -- C:\Programme\Microsoft SQL Server\100\Shared\sqladhlp.exe (Microsoft Corporation)
SRV - (MSSQLFDLauncher$DATEV_DBENGINE) -- C:\Programme\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\fdlauncher.exe (Microsoft Corporation)
SRV - (SQLWriter) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (PowerBiosServer) -- c:\Program Files (x86)\Hotkey\PowerBiosServer.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (RsFx0151) -- C:\Windows\SysNative\drivers\RsFx0151.sys (Microsoft Corporation)
DRV:64bit: - (BrSerIb) -- C:\Windows\SysNative\drivers\BrSerIb.sys (Brother Industries Ltd.)
DRV:64bit: - (BrUsbSIb) -- C:\Windows\SysNative\drivers\BrUsbSib.sys (Brother Industries Ltd.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (afcdp) -- C:\Windows\SysNative\drivers\afcdp.sys (Acronis)
DRV:64bit: - (tdrpman258) -- C:\Windows\SysNative\drivers\tdrpm258.sys (Acronis)
DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis)
DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (e1kexpress) -- C:\Windows\SysNative\drivers\e1k62x64.sys (Intel Corporation)
DRV:64bit: - (NAL) -- C:\Windows\SysNative\drivers\iqvw64e.sys (Intel Corporation )
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (NETw5x64) -- C:\Windows\SysNative\drivers\NETw5x64.sys (Intel Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (ioatdma2) -- C:\Windows\SysNative\drivers\qd262x64.sys (Intel Corporation)
DRV:64bit: - (ioatdma1) -- C:\Windows\SysNative\drivers\qd162x64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (IAMTVE) -- C:\Windows\SysNative\drivers\IAMTVE.sys (Intel Corporation)
DRV:64bit: - (IAMTXPE) -- C:\Windows\SysNative\drivers\IAMTXPE.sys (Intel Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {1FE8516A-024E-4584-A388-898180DFE6ED}
IE:64bit: - HKLM\..\SearchScopes\{1FE8516A-024E-4584-A388-898180DFE6ED}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://nmd.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {453F3A50-CBA5-46CC-A644-360B65237ABF}
IE - HKLM\..\SearchScopes\{453F3A50-CBA5-46CC-A644-360B65237ABF}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3308591813-2226736588-3851468173-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://nmd.msn.com
IE - HKU\S-1-5-21-3308591813-2226736588-3851468173-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://nmd.msn.com [binary data]
IE - HKU\S-1-5-21-3308591813-2226736588-3851468173-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-3308591813-2226736588-3851468173-1000\..\SearchScopes,DefaultScope = {453F3A50-CBA5-46CC-A644-360B65237ABF}
IE - HKU\S-1-5-21-3308591813-2226736588-3851468173-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Name\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox [2010.10.04 22:27:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010.10.04 22:27:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010.10.04 22:27:57 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programme\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DATEV Update-Monitor] C:\DATEV\PROGRAMM\Install\DvInesASDMon.Exe (DATEV eG)
O4 - HKLM..\Run: [SfWinStartInfo] C:\SFIRM32\sfWinStartupInfo.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3308591813-2226736588-3851468173-1000..\Run: [Spotify] C:\Users\Name\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-3308591813-2226736588-3851468173-1000..\Run: [Spotify Web Helper] C:\Users\Name\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-3308591813-2226736588-3851468173-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\S-1-5-21-3308591813-2226736588-3851468173-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-21-3308591813-2226736588-3851468173-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3D4CB084-A84A-4E49-977D-0D9CA1976399}: NameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{93274F38-4FD0-4E7E-9A08-908EAE7F83E0}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\psfus: DllName - (C:\Program Files\Protector Suite\psqlpwd.dll) - C:\Programme\Protector Suite\psqlpwd.dll (UPEK Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.17 20:29:46 | 000,000,000 | ---D | C] -- C:\Users\Name\AppData\Roaming\TeamViewer
[2013.03.15 17:35:12 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.03.15 17:35:12 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.03.15 17:35:11 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.03.15 17:35:10 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.03.15 17:35:10 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.03.15 17:35:10 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.03.15 17:35:10 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.03.15 17:35:10 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.03.15 17:35:09 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.03.15 17:35:09 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.03.15 17:35:09 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.03.15 17:35:08 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.03.15 17:35:06 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.03.15 17:35:06 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.03.15 17:35:05 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.03.12 14:18:10 | 000,000,000 | ---D | C] -- C:\Users\Name\AppData\Local\Programs
[2013.03.12 11:52:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
[2013.03.12 11:51:19 | 000,207,872 | ---- | C] (brother) -- C:\Windows\SysNative\NSSRH64.dll
[2013.03.12 11:51:19 | 000,082,944 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysNative\BrNetSti.dll
[2013.03.12 11:51:19 | 000,058,368 | ---- | C] (Brother Industries,Ltd.) -- C:\Windows\SysNative\BrWiaNCp.dll
[2013.03.12 11:51:19 | 000,047,616 | ---- | C] (Brother Industries,Ltd) -- C:\Windows\SysNative\Brnsplg.dll
[2013.03.12 11:51:18 | 000,073,728 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysWow64\BrDctF2.dll
[2013.03.12 11:51:18 | 000,005,632 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysWow64\BrDctF2L.dll
[2013.03.12 11:51:18 | 000,003,072 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysWow64\BrDctF2S.dll
[2013.03.12 11:51:16 | 001,560,064 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysNative\BrWia09b.dll
[2013.03.12 11:51:12 | 000,176,128 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysWow64\BROSNMP.DLL
[2013.03.12 11:51:12 | 000,111,928 | ---- | C] (Brother Industries Ltd) -- C:\Windows\SysWow64\BRRBTOOL.EXE
[2013.03.12 11:51:07 | 000,024,223 | ---- | C] (Brother Industries, Ltd) -- C:\Windows\SysWow64\BRLM03A.DLL
[2013.03.12 11:49:17 | 000,000,000 | ---D | C] -- C:\Users\NAme\AppData\Roaming\InstallShield
[2013.03.12 11:49:00 | 000,000,000 | ---D | C] -- C:\Users\Name\Desktop\mflpro
[2013.03.12 11:42:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2013.03.12 08:36:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2013.03.12 08:35:10 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.02.27 20:51:49 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2013.02.27 20:51:49 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2013.02.27 20:51:49 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2013.02.27 20:51:49 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2013.02.27 20:51:45 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013.02.27 20:51:45 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013.02.27 20:51:39 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2013.02.27 20:51:39 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.02.27 20:51:39 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.02.27 20:51:39 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.02.27 20:51:39 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.02.27 20:51:39 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.02.27 20:51:39 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.02.27 20:51:39 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.02.27 20:51:39 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.02.27 20:51:38 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2013.02.27 20:51:38 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2013.02.27 20:51:38 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2013.02.27 20:51:38 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2013.02.27 20:51:38 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.02.27 20:51:38 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.02.27 20:51:38 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.02.27 20:51:38 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.02.27 20:51:38 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.02.27 20:51:38 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.02.27 20:51:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2013.02.27 20:51:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2013.02.27 20:51:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.02.27 20:51:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.02.27 20:51:37 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013.02.27 20:51:37 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013.02.27 20:51:37 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2013.02.27 20:51:37 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2013.02.27 20:51:37 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2013.02.27 20:51:37 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2013.02.27 20:51:37 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2013.02.27 20:51:36 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2013.02.27 20:51:35 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013.02.27 20:51:35 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013.02.27 20:51:35 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2013.02.27 20:51:34 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.26 19:41:55 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.26 19:41:54 | 000,000,938 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3308591813-2226736588-3851468173-1000Core.job
[2013.03.26 19:41:52 | 000,000,960 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3308591813-2226736588-3851468173-1000UA.job
[2013.03.26 19:41:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.25 12:15:37 | 000,000,432 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2013.03.19 10:09:10 | 000,000,570 | ---- | M] () -- C:\Windows\ODBC.INI
[2013.03.19 08:47:19 | 000,009,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.19 08:47:19 | 000,009,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.15 20:12:50 | 2960,498,688 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.13 07:29:54 | 000,419,952 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.03.12 11:52:42 | 000,000,034 | ---- | M] () -- C:\Windows\SysWow64\bd9042cd.dat
[2013.03.12 11:52:42 | 000,000,026 | ---- | M] () -- C:\Windows\BRPP2KA.INI
[2013.03.12 11:51:30 | 000,000,050 | ---- | M] () -- C:\Windows\SysNative\bd9042cn.dat
[2013.03.12 11:42:26 | 000,001,166 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk
[2013.03.12 08:38:52 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2013.03.04 23:11:49 | 001,838,200 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.03.04 23:11:49 | 000,779,132 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.03.04 23:11:49 | 000,730,778 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.03.04 23:11:49 | 000,180,380 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.03.04 23:11:49 | 000,152,318 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
 
========== Files Created - No Company Name ==========
 
[2013.03.12 11:52:42 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\bd9042cd.dat
[2013.03.12 11:52:42 | 000,000,026 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2013.03.12 11:51:30 | 000,000,050 | ---- | C] () -- C:\Windows\SysNative\bd9042cn.dat
[2013.03.12 11:51:19 | 000,143,360 | ---- | C] () -- C:\Windows\SysNative\BrSNMP64.dll
[2013.03.12 11:51:10 | 000,000,050 | ---- | C] () -- C:\Windows\SysNative\BAOCH06A.DAT
[2013.03.12 11:42:26 | 000,001,178 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
[2013.03.12 11:42:26 | 000,001,166 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk
[2013.03.12 08:37:05 | 000,002,014 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2013.03.12 08:37:04 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012.06.05 18:35:09 | 000,000,227 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2012.03.01 17:06:45 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012.02.06 12:15:09 | 000,000,029 | ---- | C] () -- C:\Windows\hbcikrnl.ini.lock
[2012.02.06 12:08:13 | 000,000,061 | ---- | C] () -- C:\Windows\Setup_tmp.ini
[2011.11.14 14:41:38 | 000,017,408 | ---- | C] () -- C:\Users\NAme\AppData\Local\WebpageIcons.db
[2011.04.13 09:32:48 | 000,004,851 | ---- | C] () -- C:\Users\NAme\AppData\Local\EmptySettings.xml
[2010.10.21 16:01:11 | 000,000,101 | ---- | C] () -- C:\Users\NAme\AppData\Local\fusioncache.dat
[2010.10.21 08:35:19 | 000,006,733 | ---- | C] () -- C:\Users\NAme\AppData\Roaming\abspann_datev_idea.gif
[2010.10.21 08:35:19 | 000,000,291 | ---- | C] () -- C:\Users\NAme\AppData\Roaming\lastscreen.html
[2010.10.21 08:35:19 | 000,000,105 | ---- | C] () -- C:\Users\NAme\AppData\Roaming\lastscreen.ikf
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.10.14 09:49:12 | 000,000,000 | ---D | M] -- C:\Users\NAme1\AppData\Roaming\DATEV
[2010.10.22 15:39:23 | 000,000,000 | ---D | M] -- C:\Users\NAme1\AppData\Roaming\Protector Suite
[2010.11.23 08:03:18 | 000,000,000 | ---D | M] -- C:\Users\NAme\AppData\Roaming\Acronis
[2011.12.12 12:03:11 | 000,000,000 | ---D | M] -- C:\Users\NAme\AppData\Roaming\DATEV
[2013.01.23 15:38:02 | 000,000,000 | ---D | M] -- C:\Users\NAme\AppData\Roaming\DVASSV
[2010.10.21 08:34:20 | 000,000,000 | ---D | M] -- C:\Users\NAme\AppData\Roaming\linkundlink
[2010.10.15 09:53:18 | 000,000,000 | ---D | M] -- C:\Users\NAme\AppData\Roaming\Protector Suite
[2013.03.15 20:21:24 | 000,000,000 | ---D | M] -- C:\Users\NAme\AppData\Roaming\Spotify
[2013.03.17 20:29:46 | 000,000,000 | ---D | M] -- C:\Users\NAme\AppData\Roaming\TeamViewer
[2012.08.07 18:44:08 | 000,000,000 | ---D | M] -- C:\Users\NAme\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 

< End of report >


OTL-Extras

Code:

OTL Extras logfile created on: 26.03.2013 20:05:31 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Name\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,68 Gb Total Physical Memory | 1,36 Gb Available Physical Memory | 37,11% Memory free
7,35 Gb Paging File | 4,58 Gb Available in Paging File | 62,36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298,09 Gb Total Space | 212,61 Gb Free Space | 71,33% Space Free | Partition Type: NTFS
 
Computer Name: PC | User Name: Name | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\DATEV\PROGRAMM\Numzus\NumZus.exe" = C:\DATEV\PROGRAMM\NUMZUS\NumZus.exe:*:Enabled:NumZus.exe -- (DATEV eG)
"C:\DATEV\PROGRAMM\Mandant\Mandant.exe" = C:\DATEV\PROGRAMM\MANDANT\Mandant.exe:*:Enabled:Mandant.exe -- (DATEV eG)
"C:\DATEV\SYSTEM\DvpExe.exe" = C:\DATEV\SYSTEM\DvpExe.exe:*:Enabled:DvpExe.exe -- (DATEV eG)
"C:\DATEV\SYSTEM\DcomSrv.exe" = C:\DATEV\SYSTEM\DcomSrv.exe:*:Enabled:DcomSrv.exe -- (DATEV eG)
"C:\DATEV\PROGRAMM\RWApplic\Datev.Irw.Managed.ServiceProvider.exe" = C:\DATEV\PROGRAMM\RWAPPLIC\Datev.Irw.Managed.ServiceProvider.exe:*:Enabled:DATEV IRW ServiceProvider -- (DATEV eG)
"C:\DATEV\PROGRAMM\Numzus\NumZus.exe" = C:\DATEV\PROGRAMM\NUMZUS\NumZus.exe:*:Enabled:NumZus.exe -- (DATEV eG)
"C:\DATEV\PROGRAMM\Mandant\Mandant.exe" = C:\DATEV\PROGRAMM\MANDANT\Mandant.exe:*:Enabled:Mandant.exe -- (DATEV eG)
"C:\DATEV\SYSTEM\DvpExe.exe" = C:\DATEV\SYSTEM\DvpExe.exe:*:Enabled:DvpExe.exe -- (DATEV eG)
"C:\DATEV\SYSTEM\DcomSrv.exe" = C:\DATEV\SYSTEM\DcomSrv.exe:*:Enabled:DcomSrv.exe -- (DATEV eG)
"C:\DATEV\PROGRAMM\RWApplic\Datev.Irw.Managed.ServiceProvider.exe" = C:\DATEV\PROGRAMM\RWAPPLIC\Datev.Irw.Managed.ServiceProvider.exe:*:Enabled:DATEV IRW ServiceProvider -- (DATEV eG)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\DATEV\PROGRAMM\Numzus\NumZus.exe" = C:\DATEV\PROGRAMM\NUMZUS\NumZus.exe:*:Enabled:NumZus.exe -- (DATEV eG)
"C:\DATEV\PROGRAMM\Mandant\Mandant.exe" = C:\DATEV\PROGRAMM\MANDANT\Mandant.exe:*:Enabled:Mandant.exe -- (DATEV eG)
"C:\DATEV\SYSTEM\DvpExe.exe" = C:\DATEV\SYSTEM\DvpExe.exe:*:Enabled:DvpExe.exe -- (DATEV eG)
"C:\DATEV\SYSTEM\DcomSrv.exe" = C:\DATEV\SYSTEM\DcomSrv.exe:*:Enabled:DcomSrv.exe -- (DATEV eG)
"C:\DATEV\PROGRAMM\RWApplic\Datev.Irw.Managed.ServiceProvider.exe" = C:\DATEV\PROGRAMM\RWAPPLIC\Datev.Irw.Managed.ServiceProvider.exe:*:Enabled:DATEV IRW ServiceProvider -- (DATEV eG)
"C:\DATEV\PROGRAMM\Numzus\NumZus.exe" = C:\DATEV\PROGRAMM\NUMZUS\NumZus.exe:*:Enabled:NumZus.exe -- (DATEV eG)
"C:\DATEV\PROGRAMM\Mandant\Mandant.exe" = C:\DATEV\PROGRAMM\MANDANT\Mandant.exe:*:Enabled:Mandant.exe -- (DATEV eG)
"C:\DATEV\SYSTEM\DvpExe.exe" = C:\DATEV\SYSTEM\DvpExe.exe:*:Enabled:DvpExe.exe -- (DATEV eG)
"C:\DATEV\SYSTEM\DcomSrv.exe" = C:\DATEV\SYSTEM\DcomSrv.exe:*:Enabled:DcomSrv.exe -- (DATEV eG)
"C:\DATEV\PROGRAMM\RWApplic\Datev.Irw.Managed.ServiceProvider.exe" = C:\DATEV\PROGRAMM\RWAPPLIC\Datev.Irw.Managed.ServiceProvider.exe:*:Enabled:DATEV IRW ServiceProvider -- (DATEV eG)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00C101CF-3924-406B-B01C-CAD5E040F338}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{1114278E-BF45-4076-9754-F12E28EA5637}" = lport=138 | protocol=17 | dir=in | app=system |
"{162DCAA5-AC10-4917-8190-47DDEB83B360}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1879DD40-E7F5-4256-8998-6B72958D38FF}" = rport=138 | protocol=17 | dir=out | app=system |
"{23AEA20F-AFAE-4F8E-AC86-8001489D61ED}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3569D854-D9A7-4A28-B699-887C8DE9B209}" = lport=10243 | protocol=6 | dir=in | app=system |
"{47FD34DC-07FE-4B68-B06A-DC1A5E1B6F90}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6DD29525-8171-44FD-AAC0-DE276DD778F2}" = lport=58432 | protocol=6 | dir=in | app=c:\datev\programm\sws\limaservice.exe |
"{6E8FA91B-4AC9-4D70-B618-D790231C993B}" = rport=139 | protocol=6 | dir=out | app=system |
"{8211074E-FA45-4AC1-A0C4-6CD24F37A40B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{860AABF7-F11D-411F-B53B-545DCC808E35}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{87B6DB7E-7CC0-434B-AFE6-2D4E2359D0F5}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner |
"{8AC8A2C1-7B52-45F6-8F83-E4F5B86DD832}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8EEC4811-4A5E-4872-B070-AD66C6401C7E}" = lport=137 | protocol=17 | dir=in | app=system |
"{910A06D2-DB4C-4E92-8FE5-37530F48945E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{981C884A-2808-4C35-8C5F-E92C32ADE0EF}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AB7D4766-3A5F-4FE0-9C1D-77594F982118}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AD90E923-19C2-4C09-8A1E-D6B36CCBCAD6}" = lport=445 | protocol=6 | dir=in | app=system |
"{B6CE816B-CC09-4F69-A2AB-CDC9ED138683}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C19E9D5D-350F-4925-8460-D001C9474ACE}" = lport=139 | protocol=6 | dir=in | app=system |
"{CABE5567-068F-47D9-8397-E731DF2A0C47}" = rport=445 | protocol=6 | dir=out | app=system |
"{D26D6829-8E16-485C-894E-36434B4EE14F}" = rport=10243 | protocol=6 | dir=out | app=system |
"{D650FE30-6242-4B56-9082-A7C7759D788D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E112296F-440B-456F-8347-22165623F640}" = rport=137 | protocol=17 | dir=out | app=system |
"{E44A8D20-3DF2-4230-8AAB-E880B195DC0F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{ED2050AD-32B0-4415-AE34-976ADFAFB208}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{FC5F20A2-E3B6-4D6F-9E54-4583FD4C5F65}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{16153F88-CB4B-4887-9B13-9621EB2F11A1}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{29B94BDB-5676-4957-B538-3DEA4A285D67}" = protocol=6 | dir=in | app=c:\users\name\appdata\roaming\spotify\spotify.exe |
"{314E2E3A-5517-489F-8BB3-933B5FD479F0}" = protocol=17 | dir=in | app=c:\users\name\appdata\roaming\spotify\spotify.exe |
"{4180B667-F0B3-4F6E-9AA9-7DC2D270820B}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{4522628D-9541-4060-8104-2E695ECB31DB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{46D4B9E4-8C33-4344-B228-71985209C937}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{47B1F1B9-1B0E-4E84-B459-CD3FC8F4B980}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{4D296ADA-6877-4B28-B0B7-A9A175E892BA}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{57809937-CB12-413C-BB6F-CBAABEC9528D}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{5C375639-EF0E-4C7B-85D8-D13EB2D6B7FC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{63240B07-B564-47A1-8843-030D19D04AE1}" = protocol=6 | dir=in | app=c:\users\name\appdata\roaming\spotify\spotify.exe |
"{63D13937-869D-4C6D-A024-1FFB9DF22EAC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6C5ED67E-A516-4DD1-B9EB-1D74F9677A7E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7E79AB0B-8286-4309-9709-878A9B3563CD}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{8CBE50EA-6FBD-4FDA-99FB-C2AEE9FABBF0}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{90D413E3-46E6-4230-B46E-2DB3CA2BE107}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{90E7BA71-63A2-4016-8540-126D0FB72F3F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9C543AE4-5717-4ED7-B772-86EB3578CAF4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A0D3D6B3-9266-4D7B-A12A-B40A23A950EA}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{A4FF4D24-FA1E-4156-B9D6-45EE1306DDF9}" = protocol=6 | dir=in | app=c:\datev\programm\rwapplic\datev.irw.managed.serviceprovider.exe |
"{ACF45C05-2851-400D-B2BC-40377F758E07}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{ACF8BC20-75D9-46C7-8203-8DCC60B648DF}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AE126F33-BB1B-43CB-AFEA-52B604A2A492}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B1C81839-ABEC-460E-BB01-E47461BF7F0E}" = protocol=6 | dir=out | app=system |
"{B4FDC057-A99A-4B5B-9953-3515F8E3AABE}" = protocol=17 | dir=in | app=c:\users\name\appdata\roaming\spotify\spotify.exe |
"{C6CFA088-865C-448E-A90B-173EDB385D75}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C86FF447-B279-4E01-BAF5-F7F943FD9E16}" = dir=in | app=c:\users\name\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{D68183B6-92DE-4364-AF25-41233EFA0622}" = protocol=6 | dir=in | app=c:\datev\programm\k0005000\arbeitsplatz.exe |
"{DE764EE8-5650-4592-9480-21D5C5DA2ED7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E55BF4D4-8BCA-44FD-B6C3-BEF9CC6CD142}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EDA9A18C-07E6-40FF-8A42-6B3865BDC0DB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F4B9CD7E-183D-4A73-AFD9-C269E2BFAF5E}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{F6AC6B50-F0CB-4C37-88D8-F463E4C3D61C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FAF46E96-DE48-45A6-A27B-879BE2F19FFF}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01078B88-2981-4F75-96B0-8B22E2D2DE03}" = Microsoft SQL Server 2008 R2 Setup (English)
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0F841121-4DB6-4B31-839F-7F5AB3BB3423}" = Protector Suite 2009
"{11107A2A-AD44-4BC8-ABB5-E88E63BCA785}" = Intel(R) Network Connections 14.8.43.0
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{17B77355-3934-4D0E-8FAC-C420482C8E7D}" = Windows Live Family Safety
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{234F6B0D-10AE-4BB7-B2F3-E48D4861952D}" = SQL Server 2008 R2 SP1 Common Files
"{26A24AE4-039D-4CA4-87B4-2F86416022FF}" = Java(TM) 6 Update 22 (64-bit)
"{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}" = Microsoft SQL Server VSS Writer
"{36F70DEE-1EBF-4707-AFA2-E035EEAEBAA1}" = SQL Server 2008 R2 SP1 Common Files
"{471AAD2C-9078-4DAC-BD43-FA10FB7C3FCE}" = Microsoft SQL Server 2008 R2 Native Client
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7C39E0D1-E138-42B1-B083-213EC2CF7692}" = Microsoft SQL Server Native Client
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DFA5914-C275-42E0-810E-C88E46A7F9EA}" = SQL Server 2008 R2 SP1 Full text search
"{A2122A9C-A699-4365-ADF8-68FEAC125D61}" = SQL Server 2008 R2 SP1 Database Engine Shared
"{ABA4FAF1-6389-45F9-92CE-3914A4E5C471}" = PaperPort Image Printer 64-bit
"{B40EE88B-400A-4266-A17B-E3DE64E94431}" = Microsoft SQL Server 2008 Setup Support Files
"{BFBF33B5-AEFE-454B-A189-DF5013028535}" = SQLXML4
"{C942A025-A840-4BF2-8987-849C0DD44574}" = SQL Server 2008 R2 SP1 Database Engine Shared
"{D8C23BDE-4748-44D9-A9DD-8AB64EB18BE3}" = Microsoft SQL Server 2008 R2 RsFx Driver
"{F31183CF-E10F-4DE1-BB59-6C0FF38E481E}" = Sql Server Customer Experience Improvement Program
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = SQL Server 2008 R2 SP1 Database Engine Services
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = SQL Server 2008 R2 SP1 Database Engine Services
"8DEBD1C1BD0B77A96565A855F12B75986C183E33" = Windows-Treiberpaket - Intel (NETw5x64) net  (09/15/2009 13.0.0.107)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 R2 (64-bit)
"Microsoft SQL Server 2008 R2" = Microsoft SQL Server 2008 R2 (64-bit)
"PROSetDX" = Intel(R) Network Connections 14.8.43.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}" = ScanSoft PaperPort 11
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0881ECE5-DCA1-462D-B515-F1732875EC74}" = DATEV Infragistics Runtime V.3.2
"{0aa88bb2-bbcf-4d4e-b8b3-69f3ff537390}" = Nero 9 Essentials
"{164714B6-46BC-4649-9A30-A6ED32F03B5A}" = Hotkey 3.2029
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5BBC4803-C96E-4D3E-9D1D-2E43774C4062}" = BisonCam
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{67ED38A3-4882-448B-B44D-3428AB00D7D5}" = Acronis*True*Image*Home
"{682B9C00-DAD4-411D-A4A7-D02B50E50C78}" = DFL2010 Microkernel
"{735DEB9C-61BD-4D31-994B-92395BBB4E45}" = Microsoft XML Parser
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{77C4850C-3592-4A2F-B652-ACB77A1EF77C}" = Bing Bar Platform
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{7F26BC94-9AAA-4FD2-A38A-F13B3ECA3426}" = Crystal Reports Runtime XI
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{91110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91490409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Primary Interop Assemblies
"{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack
"{9298B925-57BA-4169-8C58-1A4BAE757DD7}" = DFL2010 ConfigDB
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A600A500-6AAC-48AB-B29C-145483B3A127}" = SFirm
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.4 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BF9BF038-FE03-429D-9B26-2FA0FD756052}" = Microsoft SQL Server Browser
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C83FB11D-9EC6-49D7-99A7-DDDB2264883C}" = Brother MFL-Pro Suite DCP-9042CDN
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F8AEA743-A9CB-453C-9B3C-53D7F1D0CC22}" = B1315AppGuid
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"avast" = avast! Free Antivirus
"DATEVB00000482.0" = DATEV Installation V.3.0
"InstallShield_{164714B6-46BC-4649-9A30-A6ED32F03B5A}" = Hotkey 3.2029
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"TeamViewer 8" = TeamViewer 8
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3308591813-2226736588-3851468173-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Spotify" = Spotify
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 08.06.2012 12:57:33 | Computer Name = Name-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 08.06.2012 12:57:36 | Computer Name = Name-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =
 
Error - 08.06.2012 12:57:37 | Computer Name = Name-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =
 
Error - 08.06.2012 12:58:22 | Computer Name = Name-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =
 
Error - 08.06.2012 12:58:38 | Computer Name = Name-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =
 
Error - 08.06.2012 12:59:30 | Computer Name = Name-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =
 
Error - 08.06.2012 13:00:33 | Computer Name = Name-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =
 
Error - 08.06.2012 13:00:39 | Computer Name = Name-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =
 
Error - 08.06.2012 13:01:37 | Computer Name = Name-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =
 
Error - 09.06.2012 08:57:09 | Computer Name = Name-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 09.06.2012 08:57:11 | Computer Name = Name-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
[ System Events ]
Error - 16.02.2013 05:14:32 | Computer Name = Name-PC | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus
 lautet: 107.
 
Error - 16.02.2013 05:14:32 | Computer Name = Name-PC | Source = Schannel | ID = 36874
Description = Eine SSL 3.0-Verbindungsanforderung wurde von einer Remoteclientanwendung
 übermittelt, jedoch werden keine der Verschlüsselungssammlungen, die von der Clientanwendung
 unterstützt werden, vom Server unterstützt. Fehler bei der SSL-Verbindungsanforderung.
 
Error - 16.02.2013 05:14:32 | Computer Name = Name-PC | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus
 lautet: 107.
 
Error - 16.02.2013 05:14:32 | Computer Name = Name-PC | Source = Schannel | ID = 36874
Description = Eine SSL 3.0-Verbindungsanforderung wurde von einer Remoteclientanwendung
 übermittelt, jedoch werden keine der Verschlüsselungssammlungen, die von der Clientanwendung
 unterstützt werden, vom Server unterstützt. Fehler bei der SSL-Verbindungsanforderung.
 
Error - 16.02.2013 05:14:32 | Computer Name = Name-PC | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus
 lautet: 107.
 
Error - 17.02.2013 08:20:35 | Computer Name = Name-PC | Source = WMPNetworkSvc | ID = 866333
Description =
 
Error - 17.02.2013 13:22:48 | Computer Name = Name-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?17.?02.?2013 um 15:23:39 unerwartet heruntergefahren.
 
Error - 17.02.2013 13:22:50 | Computer Name = Name-PC| Source = BugCheck | ID = 1001
Description =
 
Error - 03.03.2013 03:24:33 | Computer Name = Name-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst lmhosts erreicht.
 
Error - 17.03.2013 15:18:29 | Computer Name = Name-PC | Source = DCOM | ID = 10010
Description =
 
 
< End of report >





Namen habe ich mit "Name" "verschleiert" (hoffentlich überall :) ). Ich hoffe das ist ok.


Also nochmals tausend Dank vorab :)


Gruß Riggi

Keiner da, der sich das einmal ansehen kann :(

ryder 27.03.2013 17:22

1. Geduld!
2. Sieht das nach einem gewerblich genutzten Rechner aus.
3. Was sagt Defender denn?

Riggi84 27.03.2013 19:40

Zitat:

Zitat von ryder (Beitrag 1036181)
1. Geduld!
2. Sieht das nach einem gewerblich genutzten Rechner aus.
3. Was sagt Defender denn?

Hallo Ryder :)

Zunächst einmal Danke für Deine Rückantwort!

Folgendes zu den Fragen:

1. Die fehlt mir leider sehr oft, Entschuldigung dafür :)

2. Das trifft indirekt zu, sorry aber den verlinkten Artikel kannte ich nicht. Es gibt keine interne IT-Abteilung, da nur zwei Rechner (keine Server oder Infrastruktur) vorhanden sind, die ich als Freundschaftsdienst hin und wieder bereinige oder mit Software "bespiele".

3. Eigentlich stand nur unten rechts in der Ecke, dass der Virus auf dem Rechner sei. Habe zum Entsetzen bemerkt, dass die Meldung wohl letztes Jahr im Januar auftrat und einmal einen Fehler verursacht hat. Hab diese jetzt archiviert.

Es war zu Beginn eine Testversion von McAffee installiert, die abgelaufen ist :( Ich habe dann Avast draufgemacht. Ich schätze da war die Lücke. Der Rechner wurde aber nur selten im INet genutzt, vielleicht ist daher ein "Neu Aufsetzen" nicht notwendig (wenn auch grundsätzlich ratsam)?!

Ich hoffe das hilft weiter.

Danke vorab,

Riggi

ryder 27.03.2013 19:42

Bemerkst du denn irgendwelche Symptone irgendeiner Infektion?

Riggi84 27.03.2013 19:45

Zitat:

Zitat von ryder (Beitrag 1036267)
Bemerkst du denn irgendwelche Symptone irgendeiner Infektion?

Wow das ging schnell :)

Nein eigentlich nicht...

Verraten die Logs denn irgendwas?

ryder 27.03.2013 20:05

Ja, man sieht nichts.

Riggi84 27.03.2013 21:40

Wunderbar :)

Herzlichen Dank für Deine Hilfe!

Gruß Riggi

ryder 27.03.2013 21:41

Schön, dass wir helfen konnten :abklatsch:

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen schicke mir bitte eine PM.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen

Falls du noch Lob oder Kritik loswerden möchtest, dann gibt es diesen Bereich hier: http://www.trojaner-board.de/lob-kritik-wuensche/


Alle Zeitangaben in WEZ +1. Es ist jetzt 21:57 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131