| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: PCK/PESpin: gefährliche Malware oder jagt der PC Virenscanner den Homeserver-Virenscanner?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
25.03.2013, 21:41
| #1 |
 |  PCK/PESpin: gefährliche Malware oder jagt der PC Virenscanner den Homeserver-Virenscanner? Hallo und Guten Tag allen hilfreichen Trojanerboard-Lesern, und Experten, gestern habe ich unseren Windows-Homeserver nach längerer Zeit wieder in Betrieb genommen. Das hat auch ganz gut geklappt, bis ich mich schon zu späterer Stunde dazu entschloss, den veralteteten Homerserver Virenscanner Clam AV durch eine aktuelle Version zu ersetzen. Auch das hat zunächst geklappt. Allerdings hatte ich nicht die neueste Version erwischt und er hat immer noch behauptet, er wäre "outdated". Statt Version 0.96.4 sollte ich 0.97.7 installieren. Um es perfekt zu machen, habe ich die Version 97.7 auch aus dem Internet heruntergeladen von hier hxxp://garr.dl.sourceforge.net/project/clamav/clamav/0.97.7/clamav-0.97.7.tar.gz und unvorsichtigerweise nicht gescannt, bevor ich sie ausgepackt habe. Beim Auspacken hat Antivir dann angeschlagen und Gefahr gemeldet. Ich kann nicht beurteilen, ob in diesem "calmav-0.97.7.tar.gz" Malware mit eingepackt wurde - wäre ja ein Super-Ort für einen Malwareversender - oder ob Antivir da etwas erkannt hat, was halt mit Viren zu tun hat und folglich als gefährlich eingestuft werden muss. Es wäre schön, wenn jemand mir dazu schreiben würde. Am schönsten wäre es natürlich, wenn das ungefährlich wäre, aber das kann ich mir natürlich nicht aussuchen. Anbei 3 Logs ANTIVIR-LOG Code:
ATTFilter Avira Free Antivirus
Erstellungsdatum der Reportdatei: Sonntag, 24. März 2013 23:11
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 Professional
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : sparkle
Computername : WULLI
Versionsinformationen:
BUILD.DAT : 13.0.0.3185 Bytes 30.01.2013 10:05:00
AVSCAN.EXE : 13.6.0.584 640224 Bytes 25.02.2013 18:50:47
AVSCANRC.DLL : 13.4.0.360 64800 Bytes 25.02.2013 18:50:47
LUKE.DLL : 13.6.0.602 67808 Bytes 25.02.2013 18:51:08
AVSCPLR.DLL : 13.6.0.986 94944 Bytes 19.03.2013 18:45:26
AVREG.DLL : 13.6.0.940 250592 Bytes 19.03.2013 18:45:25
avlode.dll : 13.6.2.624 434912 Bytes 25.02.2013 18:51:51
avlode.rdf : 13.0.0.44 15591 Bytes 23.03.2013 11:13:11
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 18:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 23:31:49
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 21:34:09
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 17:18:42
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 14:39:51
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29.06.2012 12:36:12
VBASE006.VDF : 7.11.41.250 4902400 Bytes 06.09.2012 20:03:26
VBASE007.VDF : 7.11.50.230 3904512 Bytes 22.11.2012 20:25:43
VBASE008.VDF : 7.11.65.172 9122816 Bytes 21.03.2013 11:13:04
VBASE009.VDF : 7.11.65.173 2048 Bytes 21.03.2013 11:13:04
VBASE010.VDF : 7.11.65.174 2048 Bytes 21.03.2013 11:13:04
VBASE011.VDF : 7.11.65.175 2048 Bytes 21.03.2013 11:13:04
VBASE012.VDF : 7.11.65.176 2048 Bytes 21.03.2013 11:13:04
VBASE013.VDF : 7.11.66.48 120832 Bytes 22.03.2013 11:13:04
VBASE014.VDF : 7.11.66.133 339456 Bytes 24.03.2013 17:05:09
VBASE015.VDF : 7.11.66.134 2048 Bytes 24.03.2013 17:05:09
VBASE016.VDF : 7.11.66.135 2048 Bytes 24.03.2013 17:05:09
VBASE017.VDF : 7.11.66.136 2048 Bytes 24.03.2013 17:05:09
VBASE018.VDF : 7.11.66.137 2048 Bytes 24.03.2013 17:05:09
VBASE019.VDF : 7.11.66.138 2048 Bytes 24.03.2013 17:05:09
VBASE020.VDF : 7.11.66.139 2048 Bytes 24.03.2013 17:05:09
VBASE021.VDF : 7.11.66.140 2048 Bytes 24.03.2013 17:05:09
VBASE022.VDF : 7.11.66.141 2048 Bytes 24.03.2013 17:05:09
VBASE023.VDF : 7.11.66.142 2048 Bytes 24.03.2013 17:05:09
VBASE024.VDF : 7.11.66.143 2048 Bytes 24.03.2013 17:05:10
VBASE025.VDF : 7.11.66.144 2048 Bytes 24.03.2013 17:05:10
VBASE026.VDF : 7.11.66.145 2048 Bytes 24.03.2013 17:05:10
VBASE027.VDF : 7.11.66.146 2048 Bytes 24.03.2013 17:05:10
VBASE028.VDF : 7.11.66.147 2048 Bytes 24.03.2013 17:05:10
VBASE029.VDF : 7.11.66.148 2048 Bytes 24.03.2013 17:05:10
VBASE030.VDF : 7.11.66.149 2048 Bytes 24.03.2013 17:05:10
VBASE031.VDF : 7.11.66.172 75776 Bytes 24.03.2013 17:05:10
Engineversion : 8.2.12.18
AEVDF.DLL : 8.1.2.10 102772 Bytes 12.07.2012 19:06:14
AESCRIPT.DLL : 8.1.4.100 475517 Bytes 23.03.2013 11:13:10
AESCN.DLL : 8.1.10.0 131445 Bytes 13.12.2012 20:14:29
AESBX.DLL : 8.2.5.12 606578 Bytes 15.06.2012 17:46:00
AERDL.DLL : 8.2.0.88 643444 Bytes 10.01.2013 18:43:36
AEPACK.DLL : 8.3.2.2 827767 Bytes 14.03.2013 17:01:29
AEOFFICE.DLL : 8.1.2.56 205180 Bytes 09.03.2013 07:44:04
AEHEUR.DLL : 8.1.4.258 5853561 Bytes 23.03.2013 11:13:10
AEHELP.DLL : 8.1.25.2 258423 Bytes 11.10.2012 18:27:51
AEGEN.DLL : 8.1.6.16 434549 Bytes 26.01.2013 18:08:55
AEEXP.DLL : 8.4.0.14 192886 Bytes 23.03.2013 11:13:11
AEEMU.DLL : 8.1.3.2 393587 Bytes 12.07.2012 19:06:13
AECORE.DLL : 8.1.31.2 201080 Bytes 19.02.2013 17:36:43
AEBB.DLL : 8.1.1.4 53619 Bytes 05.11.2012 17:56:50
AVWINLL.DLL : 13.6.0.480 26480 Bytes 25.02.2013 18:50:15
AVPREF.DLL : 13.6.0.480 51056 Bytes 25.02.2013 18:50:46
AVREP.DLL : 13.6.0.480 178544 Bytes 25.02.2013 18:51:50
AVARKT.DLL : 13.6.0.624 260832 Bytes 25.02.2013 18:50:41
AVEVTLOG.DLL : 13.6.0.600 167648 Bytes 25.02.2013 18:50:44
SQLITE3.DLL : 3.7.0.1 397704 Bytes 25.02.2013 18:51:27
AVSMTP.DLL : 13.6.0.480 62832 Bytes 25.02.2013 18:50:49
NETNT.DLL : 13.6.0.480 16240 Bytes 25.02.2013 18:51:17
RCIMAGE.DLL : 13.4.0.360 4780832 Bytes 25.02.2013 18:50:17
RCTEXT.DLL : 13.6.0.480 68976 Bytes 25.02.2013 18:50:17
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: ShlExt
Konfigurationsdatei...................: C:\Users\CONSTA~1\AppData\Local\Temp\2a5c2be8.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:,
Durchsuche aktive Programme...........: aus
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Abweichende Gefahrenkategorien........: +PCK,+PFS,+SPR,
Beginn des Suchlaufs: Sonntag, 24. März 2013 23:11
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\Programme-mobil\clam'
C:\Programme-mobil\clam\clamav-0.97.7.tar
[0] Archivtyp: TAR (tape archiver)
--> clamav-0.97.7/test/.split/split.clam-pespin.exeaa
[FUND] Die Datei ist mit einem ungewöhnlichen Laufzeitpacker komprimiert (PCK/PESpin). Bitte verifizieren Sie den Ursprung dieser Datei.
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> clamav-0.97.7/test/.split/split.clam.7zaa
[WARNUNG] Die Datei konnte nicht gelesen werden!
--> clamav-0.97.7/test/.split/split.clam.cabaa
[1] Archivtyp: CAB (Microsoft)
--> clam.exe
[WARNUNG] Die Datei konnte nicht gelesen werden!
--> clamav-0.97.7/test/.split/split.clam.newc.cpioaa
[1] Archivtyp: CPIO (pre-SVR4, SVR4)
[WARNUNG] Die Datei konnte nicht gelesen werden!
--> clamav-0.97.7/test/.split/split.clam.odc.cpioaa
[1] Archivtyp: CPIO (pre-SVR4, SVR4)
[WARNUNG] Die Datei konnte nicht gelesen werden!
C:\Programme-mobil\clam\clamav-0.97.7.tar.gz
[0] Archivtyp: GZ
--> clamav-0.97.7.tar
[1] Archivtyp: TAR (tape archiver)
--> clamav-0.97.7/test/.split/split.clam-pespin.exeaa
[FUND] Die Datei ist mit einem ungewöhnlichen Laufzeitpacker komprimiert (PCK/PESpin). Bitte verifizieren Sie den Ursprung dieser Datei.
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> clamav-0.97.7/test/.split/split.clam.7zaa
[WARNUNG] Die Datei konnte nicht gelesen werden!
--> clamav-0.97.7/test/.split/split.clam.cabaa
[2] Archivtyp: CAB (Microsoft)
--> clam.exe
[WARNUNG] Die Datei konnte nicht gelesen werden!
--> clamav-0.97.7/test/.split/split.clam.newc.cpioaa
[2] Archivtyp: CPIO (pre-SVR4, SVR4)
[WARNUNG] Die Datei konnte nicht gelesen werden!
--> clamav-0.97.7/test/.split/split.clam.odc.cpioaa
[2] Archivtyp: CPIO (pre-SVR4, SVR4)
[WARNUNG] Die Datei konnte nicht gelesen werden!
C:\Programme-mobil\clam\clamav-0.97.7\test\.split\split.clam.7zaa
[WARNUNG] Die Datei konnte nicht gelesen werden!
C:\Programme-mobil\clam\clamav-0.97.7\test\.split\split.clam.cabaa
[0] Archivtyp: CAB (Microsoft)
--> clam.exe
[WARNUNG] Die Datei konnte nicht gelesen werden!
[WARNUNG] Die Datei konnte nicht gelesen werden!
Beginne mit der Desinfektion:
C:\Programme-mobil\clam\clamav-0.97.7.tar.gz
[FUND] Die Datei ist mit einem ungewöhnlichen Laufzeitpacker komprimiert (PCK/PESpin). Bitte verifizieren Sie den Ursprung dieser Datei.
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '59f0d7e0.qua' verschoben!
C:\Programme-mobil\clam\clamav-0.97.7.tar
[FUND] Die Datei ist mit einem ungewöhnlichen Laufzeitpacker komprimiert (PCK/PESpin). Bitte verifizieren Sie den Ursprung dieser Datei.
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4167f847.qua' verschoben!
Ende des Suchlaufs: Sonntag, 24. März 2013 23:12
Benötigte Zeit: 00:11 Minute(n)
Der Suchlauf wurde vollständig durchgeführt.
206 Verzeichnisse wurden überprüft
8773 Dateien wurden geprüft
2 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
2 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
8771 Dateien ohne Befall
153 Archive wurden durchsucht
4 Warnungen
2 Hinweise
OTL-LOG Code:
ATTFilter OTL logfile created on: 25.03.2013 21:23:41 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Constanze\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,88 Gb Total Physical Memory | 5,83 Gb Available Physical Memory | 73,95% Memory free 15,77 Gb Paging File | 13,32 Gb Available in Paging File | 84,49% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 219,20 Gb Total Space | 64,16 Gb Free Space | 29,27% Space Free | Partition Type: NTFS Computer Name: WULLI | User Name: Constanze | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found PRC - C:\Users\Constanze\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe (Adobe Systems, Inc.) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Adobe Systems Inc.) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe () PRC - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation) PRC - c:\Windows\SysWOW64\SDIOAssist.exe (O2Micro.) PRC - C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe (Sony Corporation) PRC - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd) PRC - C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.) PRC - C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe (Nuance Communications, Inc.) PRC - C:\Program Files (x86)\Browny02\BrYNSvc.exe (Brother Industries, Ltd.) PRC - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation) PRC - C:\ProgramData\FLEXnet\Connect\11\agent.exe (Acresso Corporation) PRC - c:\Windows\SysWOW64\srvany.exe () ========== Modules (No Company Name) ========== MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Locale\de_de\PDFMaker\PDFMOfficeAddin.DEU () MOD - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Locale\de_DE\acrotray.deu () MOD - C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe () MOD - C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll () MOD - C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf () MOD - C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\connectionDetector.dll () MOD - C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\fsk.dll () MOD - C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\FskNetInterface.dll () MOD - C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\FskTimeHardware.dll () MOD - C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\ticket.dll () MOD - C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\ebookDeviceNotifier.dll () MOD - C:\Program Files (x86)\Sony\Reader\Data\bin\FskinLocalize.dll () MOD - C:\Program Files (x86)\Sony\Reader\Data\bin\FskPower.dll () MOD - C:\Program Files (x86)\Sony\Reader\Data\bin\FskDocumentViewer.dll () MOD - C:\Program Files (x86)\Sony\Reader\Data\bin\FskMobileMediaDevice.dll () MOD - C:\Program Files (x86)\Sony\Reader\Data\bin\Fskin.dll () MOD - C:\Program Files (x86)\Sony\Reader\Data\bin\FskMediaPlayers.dll () MOD - C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\USBDetector.dll () MOD - C:\Program Files (x86)\Sony\Reader\Data\bin\FskSecurity.dll () MOD - C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\ebookUsb.dll () ========== Services (SafeList) ========== SRV:64bit: - (Intel(R) -- C:\Windows\SysNative\IPROSetMonitor.exe (Intel Corporation) SRV:64bit: - (O2FLASH) -- C:\Windows\SysNative\drivers\o2flash.exe (O2Micro International) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (DFEPService) -- c:\Programme\Dell\Feature Enhancement Pack\DFEPService.exe (Dell Inc.) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (ZuneWlanCfgSvc) -- C:\Programme\Zune\ZuneWlanCfgSvc.exe (Microsoft Corporation) SRV - (WMZuneComm) -- C:\Programme\Zune\WMZuneComm.exe (Microsoft Corporation) SRV - (ZuneNetworkSvc) -- C:\Programme\Zune\ZuneNss.exe (Microsoft Corporation) SRV - (Wave Authentication Manager Service) -- C:\Programme\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe (Wave Systems Corp.) SRV - (TdmService) -- C:\Programme\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe (Wave Systems Corp.) SRV - (SecureStorageService) -- C:\Programme\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe (Wave Systems Corp.) SRV - (Credential Vault Host Control Service) -- C:\Programme\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe (Broadcom Corporation) SRV - (Credential Vault Host Storage) -- C:\Programme\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe (Broadcom Corporation) SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation) SRV - (tcsd_win32.exe) -- C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe () SRV - (STacSV) -- C:\Programme\IDT\WDM\stacsv64.exe (IDT, Inc.) SRV - (arXfrSvc) -- C:\Programme\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe (Microsoft Corporation) SRV - (esClient) -- C:\Programme\Windows Home Server\esClient.exe (Microsoft Corporation) SRV - (WHSConnector) -- C:\Programme\Windows Home Server\WHSConnector.exe (Microsoft Corporation) SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV - (ZcfgSvc7) -- C:\Programme\Intel\WiFi\bin\ZCfgSvc7.exe (Intel(R) Corporation) SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (Sony SCSI Helper Service) -- C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe (Sony Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (PDFProFiltSrvPP) -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe (Nuance Communications, Inc.) SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (BrYNSvc) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe (Brother Industries, Ltd.) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (AESTFilters) -- C:\Programme\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation) SRV - (O2SDIOAssist) -- c:\Windows\SysWOW64\srvany.exe () ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\Netwsw00.sys (Intel Corporation) DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation) DRV:64bit: - (nvkflt) -- C:\Windows\SysNative\drivers\nvkflt.sys (NVIDIA Corporation) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (e1cexpress) -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (Acceler) -- C:\Windows\SysNative\drivers\accelern.sys (ST Microelectronics) DRV:64bit: - (HBtnKey) -- C:\Windows\SysNative\drivers\HBtnKey.sys (Dell Inc.) DRV:64bit: - (stdcfltn) -- C:\Windows\SysNative\drivers\stdcfltn.sys (ST Microelectronics) DRV:64bit: - (NAL) -- C:\Windows\SysNative\drivers\iqvw64e.sys (Intel Corporation ) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV:64bit: - (cvusbdrv) -- C:\Windows\SysNative\drivers\cvusbdrv.sys (Broadcom Corporation) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (O2SDJRDR) -- C:\Windows\SysNative\drivers\o2sdjw7x64.sys (O2Micro ) DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.) DRV:64bit: - (O2MDRRDR) -- C:\Windows\SysNative\drivers\O2MDRw7x64.sys (O2Micro ) DRV:64bit: - (O2MDFRDR) -- C:\Windows\SysNative\drivers\o2mdfw7x64.sys (O2Micro ) DRV:64bit: - (netvsc) -- C:\Windows\SysNative\drivers\netvsc60.sys (Microsoft Corporation) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (SynthVid) -- C:\Windows\SysNative\drivers\VMBusVideoM.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (PBADRV) -- C:\Windows\SysNative\drivers\PBADRV.SYS (Dell Inc) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation) DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{A9F37828-A92C-477B-98B6-04329E3B861F}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{A9F37828-A92C-477B-98B6-04329E3B861F}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3530594910-3682233180-4012714100-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-3530594910-3682233180-4012714100-1001\..\SearchScopes,DefaultScope = {A9F37828-A92C-477B-98B6-04329E3B861F} IE - HKU\S-1-5-21-3530594910-3682233180-4012714100-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de" FF - prefs.js..extensions.enabledAddons: %7B12c86d9f-4404-481a-9353-7d1015ddeac4%7D:1.4.10127 FF - prefs.js..extensions.enabledAddons: %7B5384767E-00D9-40E9-B72F-9CC39D655D6F%7D:1.4.2.1 FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - prefs.js..keyword.URL: "hxxp://www.google.de" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@sony.com/eBookLibrary: C:\Program Files (x86)\Sony\Reader\Data\bin\npebldetectmoz.dll (Sony Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013.01.10 19:55:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ [2013.01.18 18:30:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.09 10:12:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.05.06 22:06:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.12.03 21:25:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Constanze\AppData\Roaming\mozilla\Extensions [2013.03.10 13:05:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Constanze\AppData\Roaming\mozilla\Firefox\Profiles\0l9ghxe5.default\extensions [2013.01.06 17:03:31 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\Constanze\AppData\Roaming\mozilla\Firefox\Profiles\0l9ghxe5.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2012.04.15 18:42:52 | 000,022,405 | ---- | M] () (No name found) -- C:\Users\Constanze\AppData\Roaming\mozilla\firefox\profiles\0l9ghxe5.default\extensions\{12c86d9f-4404-481a-9353-7d1015ddeac4}.xpi [2013.03.09 10:12:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.03.09 10:12:26 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013.01.18 18:30:10 | 000,000,000 | ---D | M] ("DVDVideoSoft YouTube MP3 and Video Download") -- C:\PROGRAM FILES (X86)\COMMON FILES\DVDVIDEOSOFT\PLUGINS\FF [2013.03.09 10:12:27 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.09.06 02:26:22 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.02.19 19:32:22 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2012.12.11 11:45:19 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (BrowserHelper Class) - {9A065C65-4EE7-4DDD-9918-F129089A894A} - C:\Programme\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3:64bit: - HKLM\..\Toolbar: (Home Server Banner) - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Programme\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKU\S-1-5-21-3530594910-3682233180-4012714100-1001\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4:64bit: - HKLM..\Run: [DFEPApplication] c:\Programme\Dell\Feature Enhancement Pack\DFEPApplication.exe (Dell Inc.) O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe () O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelPROSet] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation) O4:64bit: - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe () O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.) O4:64bit: - HKLM..\Run: [TdmNotify] C:\Programme\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe (Wave Systems Corp.) O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd) O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation) O4 - HKLM..\Run: [IndexSearch] C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PPort12reminder] C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [Reader Library Launcher] C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe (Sony Corporation) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKU\S-1-5-21-3530594910-3682233180-4012714100-1001..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3530594910-3682233180-4012714100-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3530594910-3682233180-4012714100-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Constanze\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Constanze\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Free YouTube Download - C:\Users\Constanze\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Constanze\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ED6156A4-405C-437C-A62F-0F97A393A0F7}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20:64bit: - Winlogon\Notify\spba: DllName - (C:\Program Files\Common Files\SPBA\homefus2.dll) - C:\Programme\Common Files\SPBA\homefus2.dll (UPEK Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.25 20:30:58 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Constanze\Desktop\OTL.exe [2013.03.24 23:08:36 | 000,000,000 | ---D | C] -- C:\Users\Constanze\Desktop\Downloads from Firefox [2013.03.24 21:50:16 | 000,000,000 | ---D | C] -- C:\Windows Home Server-Treiber für Wiederherstellung [2013.03.24 21:50:14 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\(RECOVERY) [2013.03.24 20:40:49 | 000,000,000 | ---D | C] -- C:\Users\Constanze\AppData\Roaming\Windows Home Server [2013.03.24 20:37:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Home Server [2013.03.24 20:37:47 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Home Server [2013.03.24 20:00:42 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ [2013.03.14 21:32:18 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.03.14 21:32:17 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.03.14 21:32:17 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.03.14 21:32:17 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.03.14 21:32:17 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.03.14 21:32:17 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.03.14 21:32:17 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.03.14 21:32:17 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.03.14 21:32:17 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.03.14 21:32:17 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.03.14 21:32:17 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.03.14 21:32:16 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.03.14 21:32:16 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.03.14 21:32:16 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.03.14 21:32:15 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.03.10 21:42:56 | 000,000,000 | ---D | C] -- C:\Users\Constanze\Documents\Calibre Bibliothek [2013.03.10 21:42:50 | 000,000,000 | ---D | C] -- C:\Users\Constanze\AppData\Roaming\calibre [2013.03.10 21:42:24 | 000,000,000 | ---D | C] -- C:\Program Files\Calibre2 [2013.03.10 21:42:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management [2013.03.10 21:24:58 | 000,000,000 | ---D | C] -- C:\Users\Constanze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++ [2013.03.10 21:24:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++ [2013.03.10 21:24:56 | 000,000,000 | ---D | C] -- C:\Users\Constanze\AppData\Roaming\Notepad++ [2013.03.10 21:24:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Notepad++ [2013.03.10 21:10:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeCommander XE [2013.03.10 21:10:26 | 000,000,000 | ---D | C] -- C:\Users\Constanze\AppData\Local\FreeCommanderXE [2013.03.10 21:10:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FreeCommander XE [2013.03.10 21:07:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FreeCommanderXE_setup_609 [2013.03.10 17:31:42 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink [2013.03.09 10:12:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.03.05 19:01:27 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.03.05 19:01:21 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.03.05 19:01:21 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.03.05 19:01:21 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.03.05 19:01:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2013.03.03 21:55:12 | 000,073,728 | ---- | C] (Macrovision Corporation) -- C:\Windows\SysWow64\ISUSPM.cpl [2013.03.03 21:55:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\C & M International [2013.03.03 21:30:49 | 000,000,000 | ---D | C] -- C:\Users\Constanze\Documents\O-Töne [2013.02.27 23:13:03 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll [2013.02.27 23:13:03 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll [2013.02.27 23:13:03 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll [2013.02.27 23:13:03 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll [2013.02.27 23:12:58 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll [2013.02.27 23:12:58 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll [2013.02.27 23:12:57 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll [2013.02.27 23:12:57 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll [2013.02.27 23:12:57 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll [2013.02.27 23:12:57 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll [2013.02.27 23:12:57 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.02.27 23:12:57 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.02.27 23:12:57 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.02.27 23:12:57 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.02.27 23:12:57 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.02.27 23:12:57 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.02.27 23:12:57 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.02.27 23:12:57 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.02.27 23:12:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll [2013.02.27 23:12:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll [2013.02.27 23:12:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.02.27 23:12:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.02.27 23:12:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll [2013.02.27 23:12:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll [2013.02.27 23:12:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.02.27 23:12:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.02.27 23:12:57 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.02.27 23:12:57 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.02.27 23:12:56 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll [2013.02.27 23:12:56 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll [2013.02.27 23:12:56 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2013.02.27 23:12:56 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll [2013.02.27 23:12:56 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll [2013.02.27 23:12:56 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll [2013.02.27 23:12:56 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll [2013.02.27 23:12:56 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll [2013.02.27 23:12:56 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll [2013.02.27 23:12:56 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll [2013.02.27 23:12:56 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll [2013.02.27 23:12:56 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll [2013.02.27 23:12:55 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll [2013.02.25 20:36:17 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.02.25 20:36:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.02.25 20:08:52 | 000,000,000 | ---D | C] -- C:\Users\Constanze\AppData\Roaming\Avira [2013.02.25 20:06:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013.02.25 20:06:14 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.02.25 20:06:14 | 000,099,912 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.02.25 20:06:14 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.02.25 20:06:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2013.02.25 20:06:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.03.25 21:21:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.03.25 20:30:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Constanze\Desktop\OTL.exe [2013.03.25 20:30:05 | 000,050,477 | ---- | M] () -- C:\Users\Constanze\Desktop\Defogger.exe [2013.03.25 19:50:40 | 000,021,088 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.25 19:50:40 | 000,021,088 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.25 19:42:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.25 19:42:09 | 2053,816,319 | -HS- | M] () -- C:\hiberfil.sys [2013.03.24 20:40:35 | 000,002,015 | ---- | M] () -- C:\Users\Public\Desktop\Freigegebene Ordner auf Server.lnk [2013.03.24 20:37:51 | 000,002,529 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Windows Home Server.lnk [2013.03.24 20:19:32 | 000,001,583 | ---- | M] () -- C:\Users\Constanze\Desktop\WULLI - Verknüpfung.lnk [2013.03.23 12:12:49 | 000,000,682 | ---- | M] () -- C:\Windows\BRCALIB.INI [2013.03.21 17:01:58 | 004,687,014 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.03.21 17:01:58 | 001,863,522 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.03.21 17:01:58 | 001,425,702 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.03.21 17:01:58 | 001,273,294 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.03.21 17:01:58 | 000,006,248 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.03.12 21:21:49 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.03.12 21:21:49 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.03.10 21:42:41 | 000,000,932 | ---- | M] () -- C:\Users\Public\Desktop\calibre 64bit - E-book management.lnk [2013.03.10 21:24:58 | 000,001,065 | ---- | M] () -- C:\Users\Constanze\Desktop\Notepad++.lnk [2013.03.10 21:10:27 | 000,001,094 | ---- | M] () -- C:\Users\Constanze\Desktop\FreeCommander XE.lnk [2013.03.10 17:41:52 | 000,001,524 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Application Manager.lnk [2013.03.10 17:24:43 | 000,001,586 | ---- | M] () -- C:\Users\Constanze\Desktop\mbam.exe.lnk [2013.03.05 19:01:17 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.03.05 19:01:16 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll [2013.03.05 19:01:16 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2013.03.05 19:01:16 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.03.05 19:01:16 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.03.05 19:01:16 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.02.25 19:51:49 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.02.25 19:51:49 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.02.25 19:51:49 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.03.25 20:30:05 | 000,050,477 | ---- | C] () -- C:\Users\Constanze\Desktop\Defogger.exe [2013.03.24 20:40:35 | 000,002,015 | ---- | C] () -- C:\Users\Public\Desktop\Freigegebene Ordner auf Server.lnk [2013.03.24 20:37:51 | 000,002,745 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Center Connector.lnk [2013.03.24 20:37:51 | 000,002,559 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Home Server-Konsole.lnk [2013.03.24 20:37:51 | 000,002,529 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Windows Home Server.lnk [2013.03.24 20:19:32 | 000,001,583 | ---- | C] () -- C:\Users\Constanze\Desktop\WULLI - Verknüpfung.lnk [2013.03.10 21:42:41 | 000,000,932 | ---- | C] () -- C:\Users\Public\Desktop\calibre 64bit - E-book management.lnk [2013.03.10 21:24:58 | 000,001,065 | ---- | C] () -- C:\Users\Constanze\Desktop\Notepad++.lnk [2013.03.10 21:10:27 | 000,001,094 | ---- | C] () -- C:\Users\Constanze\Desktop\FreeCommander XE.lnk [2013.03.10 17:44:26 | 000,001,099 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Content Viewer.lnk [2013.03.10 17:24:43 | 000,001,586 | ---- | C] () -- C:\Users\Constanze\Desktop\mbam.exe.lnk [2013.03.03 21:55:12 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\zvrc.dll [2013.01.08 19:49:16 | 000,000,132 | ---- | C] () -- C:\Users\Constanze\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen [2012.10.28 09:53:17 | 000,003,584 | ---- | C] () -- C:\Users\Constanze\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.09.23 20:06:45 | 000,001,456 | ---- | C] () -- C:\Users\Constanze\AppData\Local\Adobe Für Web speichern 13.0 Prefs [2012.09.23 19:02:09 | 000,010,593 | ---- | C] () -- C:\Windows\CSTBox.INI [2012.07.29 20:04:38 | 000,007,608 | ---- | C] () -- C:\Users\Constanze\AppData\Local\Resmon.ResmonCfg [2012.06.27 18:02:40 | 000,000,682 | ---- | C] () -- C:\Windows\BRCALIB.INI [2012.04.01 19:47:51 | 000,022,922 | ---- | C] () -- C:\Users\Constanze\AppData\Roaming\Kommagetrennte Werte (Windows).ADR [2012.03.28 18:39:56 | 000,038,261 | ---- | C] () -- C:\Users\Constanze\AppData\Roaming\Microsoft Excel 97-2003.ADR [2012.01.17 22:07:08 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2012.01.17 22:07:08 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2012.01.17 22:07:07 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.01.17 22:07:06 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2012.01.17 22:07:05 | 013,906,944 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2012.01.17 20:56:16 | 000,080,368 | ---- | C] () -- C:\Windows\SysWow64\pbadrvdll.dll [2012.01.17 20:53:13 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Code:
ATTFilter OTL Extras logfile created on: 25.03.2013 21:23:41 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Constanze\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,88 Gb Total Physical Memory | 5,83 Gb Available Physical Memory | 73,95% Memory free
15,77 Gb Paging File | 13,32 Gb Available in Paging File | 84,49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 219,20 Gb Total Space | 64,16 Gb Free Space | 29,27% Space Free | Partition Type: NTFS
Computer Name: WULLI | User Name: Constanze | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3530594910-3682233180-4012714100-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "C:\Program Files (x86)\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "C:\Program Files (x86)\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{035CB1C0-D475-49D0-997D-10209B20FAF6}" = rport=445 | protocol=6 | dir=out | app=system |
"{16C19B25-DAE8-4ACA-8DF5-A3E939CF4EA7}" = rport=137 | protocol=17 | dir=out | app=system |
"{232794E7-6EF8-481B-9A5B-5D927A596101}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{364B1E5A-F26C-4328-84D6-40FFCE6C0862}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3C536572-5678-4005-902C-E6B704F093B9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{40C7EECC-46DF-4266-98BA-6501D2927622}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4FFBB11C-A401-40A9-8A1A-25524EA336F8}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{5B2595C3-C49F-42BC-B225-1B035F128CA1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{60581E04-2E81-480F-BE38-8A81AA21031A}" = lport=10243 | protocol=6 | dir=in | app=system |
"{71CC9BA1-9CC3-4123-958D-44A513E6F9A0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{76462FD2-CD75-4F7C-BB6C-66E9D1CA8A4B}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner |
"{8B13EEF1-7FD2-40B4-A493-B6EDFC33DB47}" = rport=10243 | protocol=6 | dir=out | app=system |
"{8FBC44C3-6B05-4268-96F2-73C7F429DBE3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{93082FB6-7AB1-43E1-B0A1-8EF593BE5677}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A1C96082-2BDA-4D3C-848F-254F7253AB4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{A5967E17-B2C2-4313-AF39-22863B6D5B61}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{B2F78412-FA96-40A1-A1C2-77A944CF3801}" = lport=137 | protocol=17 | dir=in | app=system |
"{B3ECD50F-0550-4754-B7A8-9BFB7F842BBB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B5ECB1AA-F163-411E-A21D-1B2220845215}" = lport=445 | protocol=6 | dir=in | app=system |
"{BCE2C031-25D7-46E5-99F3-03E4B78047E9}" = lport=138 | protocol=17 | dir=in | app=system |
"{C52458CC-F71D-404B-BE5B-40D4334666A8}" = lport=139 | protocol=6 | dir=in | app=system |
"{C5365056-E3C9-4587-BD63-6DF1AF20BB5F}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{DEBEB389-666C-4A1B-9FF6-0E83C67C0D5E}" = rport=138 | protocol=17 | dir=out | app=system |
"{E6760B57-B2CE-4712-BF61-86CDDA4002C9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F3DC5B05-4EE9-4A80-AB41-A6D4088C67D9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F471C128-89DC-41CE-9471-D4CF9E19AFD9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F5317A00-2FC7-49A1-9AF2-E811501824E0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{016516EB-C035-4D49-95D3-00775F22EF52}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{094CDD1C-B2AC-4B48-AE66-2A68F9D4EDA8}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{0A66E9E3-DD3D-4016-A690-4D4759E6ED87}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0FB46D91-0DEC-45F4-9C23-18D4071E1A27}" = protocol=6 | dir=in | app=c:\program files (x86)\nsasoft\productkeyexplorer\productkeyexplorer.exe |
"{11DCD78A-457D-4B91-916D-4A5B12204AF3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{19104992-053B-4316-8898-57B22564091D}" = protocol=17 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe |
"{1F1C6DDB-BAA8-4704-8361-17D4B27F1E99}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{26084A73-591F-4152-B70F-3DA1CE252834}" = protocol=17 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe |
"{2E9E9034-F4BE-4825-9B8E-BA87A16E5C79}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{469D53F1-6059-48A9-AFC8-DCF82292C6D0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6796214C-E521-481B-B37E-011035151789}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{690FA682-FE79-4CF1-B2C0-33D70DCB6F6A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6FB267CF-E2ED-4CFD-BEEE-5B9B1EAB9944}" = protocol=6 | dir=out | app=system |
"{70CB5684-28A9-48D6-8EB7-5B45260B0009}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{758D51D8-EBAD-47AA-B085-F232BECE1DE0}" = protocol=17 | dir=in | app=c:\program files (x86)\nsasoft\productkeyexplorer\productkeyexplorer.exe |
"{764CF301-79E4-471E-BDAE-B344046A1566}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{78A41BF4-3D1C-4757-8275-3F551FA7FD31}" = protocol=6 | dir=in | app=c:\program files (x86)\expressfiles\expressdl.exe |
"{7D2715E8-32A8-4205-8CA0-BBDF59BCD0A9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7DB5B99A-209F-4B39-8732-2C13CA5AE725}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{7EBD688D-20DE-49CD-B0BF-535EEB51FFF0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{816AEDFB-0793-423A-8786-A9D76DACAEAC}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{83CD7F04-FFA5-4157-99DE-E848092C41FD}" = protocol=6 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe |
"{85270E38-F579-471F-80D0-6C361E7A4B0A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{876540F2-54DB-41BE-AAAF-73423109231E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{8CB23467-F3EA-4B85-8F6C-36F889B60F9E}" = protocol=6 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe |
"{8F9B909A-95B4-4E1F-AF1C-EC303563782E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9497F857-62B1-4CD5-81BA-B040D1F0E3BE}" = protocol=17 | dir=in | app=c:\program files (x86)\expressfiles\expressdl.exe |
"{9D35ABB7-161A-4A5E-9F43-9FF1F3631249}" = protocol=17 | dir=in | app=c:\program files (x86)\expressfiles\expressfiles.exe |
"{B6C9C768-4E49-4A37-B373-B15E7ADCB0A4}" = protocol=6 | dir=in | app=c:\program files (x86)\expressfiles\expressfiles.exe |
"{B77A149E-05B2-458D-BF2E-C2592AC70DC5}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{C392DDFD-48BD-4CFA-9C7E-586A7021CF6D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{CF756208-019D-427E-ABFB-27DD2D93E5B3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E289857C-1654-41BE-A601-5E223205D7B7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E788D559-99A7-4CB6-BF3F-164728B95D89}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{ED9A5D0A-01DB-4879-8DD8-06D8C844992A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software Installer
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{21E49794-7C13-4E84-8659-55BD378267D5}" = Windows Home Server-Connector
"{26A24AE4-039D-4CA4-87B4-2F86417001FF}" = Java(TM) 7 Update 1 (64-bit)
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{2E55EED1-49D4-4A07-B2B9-3EC5BB371F12}" = calibre 64bit
"{2EECD5EF-5095-467C-B80C-4AB3096EFD60}" = SPBA 5.9
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
"{3B76DD2A-E834-4F32-A8EA-B29A0C128BA0}" = Dell ControlVault Host Components Installer 64 bit
"{3DCDFCDB-4D96-4CF0-9BB3-C91DAE9073F3}" = PC-CCID
"{414B7B9C-B353-4821-9393-78AE034079E7}" = NTRU TCG Software Stack
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4C1CCA11-0D08-4D5E-8444-2D9FB48BCABF}" = Intel(R) PROSet/Wireless WiFi-Software
"{4E60E212-3177-4B16-BCB3-616CCC52357D}" = Upek Touchchip Fingerprint Reader
"{50B4B603-A4C6-4739-AE96-6C76A0F8A388}" = Dell Backup and Recovery Manager
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6AC87FB3-ACFC-4416-890C-8976D5A9B371}" = Trusted Drive Manager
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{7206B668-FEE0-455B-BB1F-9B5A2E0EC94A}" = Custom
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{777FF553-493D-4068-BAC7-EE2D73DB7434}" = Wave Infrastructure Installer
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{90899269-554B-4672-9F8D-4A2A0D0AF5B5}" = Intel(R) Network Connections 16.5.2.0
"{91CE5F03-3A2A-4268-935A-04944F058AE9}" = Gemalto
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{992D1CE7-A20F-4AB0-9D9D-AFC3418844DA}" = Dell Feature Enhancement Pack
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{9DAED4FC-2B0E-4F3F-8141-F2ABF02CCFCB}" = BioAPI Framework
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Data Protection | Access
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.53
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.23.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F839C6BD-E92E-48FA-9CE6-7BFAF94F7096}" = DellAccess
"9512AA21B791B05A54E27065C45BBC417AB282DF" = Windows-Treiberpaket - Dell Inc. PBADRV System (09/11/2009 1.0.1.6)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"ProInst" = Intel PROSet Wireless
"PROSetDX" = Intel(R) Network Connections 16.5.2.0
"Zune" = Zune
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0327A4BF-62BF-48BB-8928-B971B749E9E1}" = Adobe Creative Suite 6 Design Standard
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CB3B7EE-52C7-4136-AF40-605567D90318}" = O2Micro Flash Memory Card Windows Driver
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1798D459-6B8B-474B-868D-1229EADA3B95}" = Adobe AIR
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{2B2B45B1-3CA0-4F8D-BBB3-AC77ED46A0FE}" = Dell Client System Update
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E4E65EE-C456-45AC-B5AD-C62C3A325BD0}" = Dell Data Protection | Access | Drivers
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}" = Nuance PaperPort 12
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841CBDD5-4BB5-403E-AEE3-2FADC3890BE8}" = Dell Data Protection | Access | Middleware
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9725A44A-FBBE-427B-8053-1D5ADD0A85E6}" = CNM Codec
"{979742CC-2CBB-49D8-9BEE-C2F7875F5393}" = Brother MFL-Pro Suite DCP-9055CDN
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7D91856-258D-4C87-8041-B170851CE432}" = Dell Data Protection | Access
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B70E5793-F912-4C62-AFE2-C4F0B078FD31}" = Reader Library by Sony
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C01A86F5-56E7-101F-9BC9-E3F1025EB779}" = Intel(R) Identity Protection Technology 1.1.2.0
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D79EB872-3E54-A9D4-F11E-F147BB7C31D9}" = Adobe® Content Viewer
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"com.adobe.dmp.contentviewer" = Adobe® Content Viewer
"Dell Webcam Central" = Dell Webcam Central
"dm-Fotowelt" = dm-Fotowelt
"ePubDRMRemoval" = ePub DRM Removal
"FontCreator6_is1" = High-Logic FontCreator 6.5
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.1
"Free Studio_is1" = Free Studio version 5.9.0.1212
"FreeCommander XE_is1" = FreeCommander XE
"InstallShield_{0CB3B7EE-52C7-4136-AF40-605567D90318}" = O2Micro Flash Memory Card Windows Driver
"IrfanView" = IrfanView (remove only)
"MailStore Home_universal1" = MailStore Home 5.0.1.6919
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 19.0.2 (x86 en-US)" = Mozilla Firefox 19.0.2 (x86 en-US)
"Mozilla Thunderbird 11.0.1 (x86 de)" = Mozilla Thunderbird 11.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.SingleImage" = Microsoft Office Professional 2010
"Product Key Explorer_is1" = Product Key Explorer 3.1.3
"QuickTime" = QuickTime
"VLC media player" = VLC media player 2.0.5
"WinLiveSuite" = Windows Live Essentials
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 14.02.2013 22:03:41 | Computer Name = Wulli | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 14.02.2013 22:03:41 | Computer Name = Wulli | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 14.02.2013 22:03:41 | Computer Name = Wulli | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
für Dienst "MSDTC Bridge 4.0.0.0" (MSDTC Bridge 4.0.0.0). Der Fehlercode ist das
erste DWORD im Datenbereich.
Error - 14.02.2013 22:03:41 | Computer Name = Wulli | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 14.02.2013 22:03:41 | Computer Name = Wulli | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 14.02.2013 22:03:41 | Computer Name = Wulli | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
für Dienst "MSDTC Bridge 4.0.0.0" (MSDTC Bridge 4.0.0.0). Der Fehlercode ist das
erste DWORD im Datenbereich.
Error - 14.02.2013 22:26:16 | Computer Name = Wulli | Source = WinMgmt | ID = 10
Description =
Error - 15.02.2013 17:40:22 | Computer Name = Wulli | Source = Application Hang | ID = 1002
Description = Programm Reader Library.exe, Version 3.3.0.0 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 15a0 Startzeit: 01ce0bc4a7eb3896 Endzeit: 0 Anwendungspfad:
C:\Program Files (x86)\Sony\Reader\Data\bin\Reader Library.exe Berichts-ID:
Error - 15.02.2013 17:44:14 | Computer Name = Wulli | Source = Application Hang | ID = 1002
Description = Programm Reader Library.exe, Version 3.3.0.0 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 1670 Startzeit: 01ce0bc51bfbc9a1 Endzeit: 16 Anwendungspfad:
C:\Program Files (x86)\Sony\Reader\Data\bin\Reader Library.exe Berichts-ID:
Error - 16.02.2013 04:28:06 | Computer Name = Wulli | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 02.12.2012 16:21:00 | Computer Name = Wulli | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Erkennung interaktiver Dienste" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053
Error - 02.12.2012 17:01:53 | Computer Name = Wulli | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Avira Echtzeit Scanner" wurde mit folgendem dienstspezifischem
Fehler beendet: %%306.
Error - 02.12.2012 17:21:00 | Computer Name = Wulli | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Erkennung interaktiver Dienste erreicht.
Error - 02.12.2012 17:21:00 | Computer Name = Wulli | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Erkennung interaktiver Dienste" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053
Error - 02.12.2012 17:22:20 | Computer Name = Wulli | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Erkennung interaktiver Dienste erreicht.
Error - 02.12.2012 17:22:20 | Computer Name = Wulli | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Erkennung interaktiver Dienste" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053
Error - 02.12.2012 17:32:09 | Computer Name = Wulli | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Erkennung interaktiver Dienste erreicht.
Error - 02.12.2012 17:32:09 | Computer Name = Wulli | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Erkennung interaktiver Dienste" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053
Error - 02.12.2012 18:21:00 | Computer Name = Wulli | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Erkennung interaktiver Dienste erreicht.
Error - 02.12.2012 18:21:00 | Computer Name = Wulli | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Erkennung interaktiver Dienste" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053
< End of report >
|
|
26.03.2013, 22:58
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | PCK/PESpin: gefährliche Malware oder jagt der PC Virenscanner den Homeserver-Virenscanner? Hallo,
__________________Code:
ATTFilter --> clamav-0.97.7/test/.split/split.clam-pespin.exeaa
[FUND] Die Datei ist mit einem ungewöhnlichen Laufzeitpacker komprimiert (PCK/PESpin). Bitte verifizieren Sie den Ursprung dieser Datei.
Hast du sonst noch Funde oder Probleme zu verzeichnen?
__________________ |
|
01.04.2013, 22:02
| #3 |
| | PCK/PESpin: gefährliche Malware oder jagt der PC Virenscanner den Homeserver-Virenscanner? Hallo Cosinus,
__________________ja, leider habe ich noch Probleme. Malware auf dem Homeserver (Bonjour\mDNSResponder.exe: Win.Trojan.Agent-263533) Inzwischen habe ich es geschafft, Clam AV auf dem Server zu installieren. ClamAV meckert unter dem Tab "Updates" zwar immer noch, es wäre "outdated", aber von den neueren Clam-Versionen habe ich keine msi-Datei gefunden und die braucht man, um sie auf dem Server als Addin einzurichten. Eben habe ich clamAv das System vom Server scannen lassen und es hat einen Fund einen Trojaner. Hier das Log: Code:
ATTFilter Log File Cleared From ClamAV Add-In Console Operation on 01.04.2013 22:33:47
--------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------
*** Scanning Programs in Computer Memory ***
*** Memory Scan: using ToolHelp ***
C:\WINDOWS\System32\smss.exe: OK
C:\WINDOWS\system32\ntdll.dll: OK
C:\WINDOWS\system32\csrss.exe: OK
C:\WINDOWS\system32\CSRSRV.dll: OK
C:\WINDOWS\system32\basesrv.dll: OK
C:\WINDOWS\system32\winsrv.dll: OK
C:\WINDOWS\system32\USER32.dll: OK
C:\WINDOWS\system32\KERNEL32.dll: OK
C:\WINDOWS\system32\GDI32.dll: OK
C:\WINDOWS\system32\ADVAPI32.dll: OK
C:\WINDOWS\system32\RPCRT4.dll: OK
C:\WINDOWS\system32\Secur32.dll: OK
C:\WINDOWS\system32\LPK.DLL: OK
C:\WINDOWS\system32\USP10.dll: OK
C:\WINDOWS\system32\sxs.dll: OK
C:\WINDOWS\system32\winlogon.exe: OK
C:\WINDOWS\system32\CRYPT32.dll: OK
C:\WINDOWS\system32\msvcrt.dll: OK
C:\WINDOWS\system32\MSASN1.dll: OK
C:\WINDOWS\system32\NDdeApi.dll: OK
C:\WINDOWS\system32\PROFMAP.dll: OK
C:\WINDOWS\system32\NETAPI32.dll: OK
C:\WINDOWS\system32\USERENV.dll: OK
C:\WINDOWS\system32\PSAPI.DLL: OK
C:\WINDOWS\system32\REGAPI.dll: OK
C:\WINDOWS\system32\SETUPAPI.dll: OK
C:\WINDOWS\system32\VERSION.dll: OK
C:\WINDOWS\system32\WINSTA.dll: OK
C:\WINDOWS\system32\WS2_32.dll: OK
C:\WINDOWS\system32\WS2HELP.dll: OK
C:\WINDOWS\system32\IMM32.DLL: OK
C:\WINDOWS\system32\MSGINA.dll: OK
C:\WINDOWS\system32\SHSVCS.dll: OK
C:\WINDOWS\system32\SHLWAPI.dll: OK
C:\WINDOWS\system32\sfc.dll: OK
C:\WINDOWS\system32\sfc_os.dll: OK
C:\WINDOWS\system32\WINTRUST.dll: OK
C:\WINDOWS\system32\imagehlp.dll: OK
C:\WINDOWS\system32\ole32.dll: OK
C:\WINDOWS\system32\apphelp.dll: OK
C:\WINDOWS\system32\msctfime.ime: OK
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.4770_x-ww_05FDF087\Comctl32.dll: OK
C:\WINDOWS\system32\WINSCARD.DLL: OK
C:\WINDOWS\system32\WTSAPI32.dll: OK
C:\WINDOWS\system32\WINMM.dll: OK
C:\WINDOWS\system32\shell32.dll: OK
C:\WINDOWS\system32\rsaenh.dll: OK
C:\WINDOWS\system32\wldap32.dll: OK
C:\WINDOWS\system32\cscdll.dll: OK
C:\WINDOWS\system32\dimsntfy.dll: OK
C:\WINDOWS\system32\WlNotify.dll: OK
C:\WINDOWS\system32\WINSPOOL.DRV: OK
C:\WINDOWS\system32\MPR.dll: OK
C:\WINDOWS\system32\OLEAUT32.dll: OK
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_5.82.3790.4770_x-ww_A689AB02\COMCTL32.dll: OK
C:\WINDOWS\system32\UxTheme.dll: OK
C:\WINDOWS\system32\cryptnet.dll: OK
C:\WINDOWS\system32\SensApi.dll: OK
C:\WINDOWS\system32\Cabinet.dll: OK
C:\WINDOWS\system32\CLBCatQ.DLL: OK
C:\WINDOWS\system32\COMRes.dll: OK
C:\WINDOWS\system32\wbem\wbemprox.dll: OK
C:\WINDOWS\system32\wbem\wbemcomn.dll: OK
C:\WINDOWS\system32\xpsp2res.dll: OK
C:\WINDOWS\system32\wbem\wbemsvc.dll: OK
C:\WINDOWS\system32\wbem\fastprox.dll: OK
C:\WINDOWS\system32\msvcp60.dll: OK
C:\WINDOWS\system32\NTDSAPI.dll: OK
C:\WINDOWS\system32\DNSAPI.dll: OK
C:\WINDOWS\system32\services.exe: OK
C:\WINDOWS\system32\SCESRV.dll: OK
C:\WINDOWS\system32\AUTHZ.dll: OK
C:\WINDOWS\system32\umpnpmgr.dll: OK
C:\WINDOWS\system32\NCObjAPI.DLL: OK
C:\WINDOWS\system32\eventlog.dll: OK
C:\WINDOWS\system32\lsass.exe: OK
C:\WINDOWS\system32\LSASRV.dll: OK
C:\WINDOWS\system32\SAMSRV.dll: OK
C:\WINDOWS\system32\cryptdll.dll: OK
C:\WINDOWS\system32\SAMLIB.dll: OK
C:\WINDOWS\system32\msprivs.dll: OK
C:\WINDOWS\system32\kerberos.dll: OK
C:\WINDOWS\system32\msv1_0.dll: OK
C:\WINDOWS\system32\iphlpapi.dll: OK
C:\WINDOWS\system32\netlogon.dll: OK
C:\WINDOWS\system32\w32time.dll: OK
C:\WINDOWS\system32\schannel.dll: OK
C:\WINDOWS\system32\wdigest.dll: OK
C:\WINDOWS\system32\RASSFM.dll: OK
C:\WINDOWS\system32\KDCSVC.dll: OK
C:\WINDOWS\system32\NTDSA.dll: OK
C:\WINDOWS\system32\NTDSATQ.dll: OK
C:\WINDOWS\system32\MSWSOCK.dll: OK
C:\WINDOWS\system32\ESENT.dll: OK
C:\WINDOWS\system32\scecli.dll: OK
C:\WINDOWS\system32\pwdfilter.dll: OK
C:\WINDOWS\system32\WS03RES.DLL: OK
C:\WINDOWS\system32\ipsecsvc.dll: OK
C:\WINDOWS\system32\oakley.DLL: OK
C:\WINDOWS\system32\WINIPSEC.DLL: OK
C:\WINDOWS\system32\pstorsvc.dll: OK
C:\WINDOWS\system32\psbase.dll: OK
C:\WINDOWS\system32\hnetcfg.dll: OK
C:\WINDOWS\System32\wshtcpip.dll: OK
C:\WINDOWS\system32\dssenh.dll: OK
C:\WINDOWS\system32\wlbsctrl.dll: OK
C:\WINDOWS\system32\w3ssl.dll: OK
C:\WINDOWS\system32\strmfilt.dll: OK
C:\WINDOWS\system32\HTTPAPI.dll: OK
C:\WINDOWS\system32\svchost.exe: OK
c:\windows\system32\rpcss.dll: OK
c:\windows\system32\dhcpcsvc.dll: OK
c:\windows\system32\dnsrslvr.dll: OK
C:\WINDOWS\system32\netman.dll: OK
C:\WINDOWS\system32\netshell.dll: OK
C:\WINDOWS\system32\rtutils.dll: OK
C:\WINDOWS\system32\credui.dll: OK
C:\WINDOWS\system32\ATL.DLL: OK
C:\WINDOWS\system32\CLUSAPI.dll: OK
C:\WINDOWS\system32\MPRAPI.dll: OK
C:\WINDOWS\system32\ACTIVEDS.dll: OK
C:\WINDOWS\system32\adsldpc.dll: OK
C:\WINDOWS\system32\RASAPI32.dll: OK
C:\WINDOWS\system32\rasman.dll: OK
C:\WINDOWS\system32\TAPI32.dll: OK
C:\WINDOWS\system32\WZCSvc.DLL: OK
C:\WINDOWS\system32\WMI.dll: OK
C:\WINDOWS\system32\WININET.dll: OK
C:\WINDOWS\system32\Normaliz.dll: OK
C:\WINDOWS\system32\urlmon.dll: OK
C:\WINDOWS\system32\iertutil.dll: OK
C:\WINDOWS\system32\WZCSAPI.DLL: OK
C:\WINDOWS\system32\NTMARTA.DLL: OK
c:\windows\system32\lmhsvc.dll: OK
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.WinHTTP_6595b64144ccf1df_5.1.3790.4929_x-ww_00269083\winhttp.dll: OK
C:\WINDOWS\System32\winrnr.dll: OK
C:\Programme\Bonjour\mdnsNSP.dll: OK
C:\WINDOWS\system32\rasadhlp.dll: OK
C:\WINDOWS\System32\rastls.dll: OK
C:\WINDOWS\System32\CRYPTUI.dll: OK
C:\WINDOWS\System32\raschap.dll: OK
c:\windows\system32\schedsvc.dll: OK
C:\WINDOWS\System32\wiarpc.dll: OK
C:\WINDOWS\System32\MSIDLE.DLL: OK
c:\windows\system32\audiosrv.dll: OK
c:\windows\system32\wkssvc.dll: OK
c:\windows\system32\aelupsvc.dll: OK
c:\windows\system32\cryptsvc.dll: OK
c:\windows\system32\certcli.dll: OK
c:\windows\system32\VSSAPI.DLL: OK
c:\windows\system32\dmserver.dll: OK
c:\windows\system32\es.dll: OK
c:\windows\pchealth\helpctr\binaries\pchsvc.dll: OK
c:\windows\system32\hidserv.dll: OK
c:\windows\system32\HID.DLL: OK
c:\windows\system32\srvsvc.dll: OK
C:\WINDOWS\System32\comsvcs.dll: OK
c:\windows\system32\seclogon.dll: OK
c:\windows\system32\sens.dll: OK
c:\windows\system32\trkwks.dll: OK
c:\windows\system32\wbem\wmisvc.dll: OK
c:\windows\system32\wuauserv.dll: OK
C:\WINDOWS\system32\wuaueng.dll: OK
C:\WINDOWS\System32\mspatcha.dll: OK
c:\windows\system32\browser.dll: OK
c:\windows\system32\ipnathlp.dll: OK
C:\WINDOWS\System32\Wbem\wbemcore.dll: OK
C:\WINDOWS\System32\Wbem\esscli.dll: OK
C:\WINDOWS\system32\wbem\wmiutils.dll: OK
C:\WINDOWS\system32\wbem\repdrvfs.dll: OK
C:\WINDOWS\system32\wbem\wmiprvsd.dll: OK
C:\WINDOWS\system32\wbem\wbemess.dll: OK
C:\WINDOWS\System32\ntlsapi.dll: OK
C:\WINDOWS\system32\msi.dll: OK
C:\WINDOWS\system32\advpack.dll: OK
C:\WINDOWS\system32\msxml3.dll: OK
c:\windows\system32\rasmans.dll: OK
c:\windows\system32\netcfgx.dll: OK
C:\WINDOWS\System32\rastapi.dll: OK
C:\WINDOWS\System32\rasppp.dll: OK
C:\WINDOWS\System32\ipbootp.dll: OK
C:\WINDOWS\System32\xactsrv.dll: OK
C:\WINDOWS\System32\NETRAP.dll: OK
C:\WINDOWS\system32\licdll.dll: OK
C:\WINDOWS\System32\RASDLG.dll: OK
C:\WINDOWS\system32\actxprxy.dll: OK
c:\windows\system32\ykx32mpcoinst.dll: OK
C:\WINDOWS\system32\spoolsv.exe: OK
C:\WINDOWS\system32\SPOOLSS.DLL: OK
C:\WINDOWS\system32\localspl.dll: OK
C:\WINDOWS\system32\cnbjmon.dll: OK
C:\WINDOWS\system32\pjlmon.dll: OK
C:\WINDOWS\system32\tcpmon.dll: OK
C:\WINDOWS\system32\wsnmp32.dll: OK
C:\WINDOWS\system32\tcpmib.dll: OK
C:\WINDOWS\system32\WSOCK32.dll: OK
C:\WINDOWS\system32\mgmtapi.dll: OK
C:\WINDOWS\system32\snmpapi.dll: OK
C:\WINDOWS\system32\usbmon.dll: OK
C:\WINDOWS\system32\spool\PRTPROCS\W32X86\filterpipelineprintproc.dll: OK
C:\WINDOWS\system32\win32spl.dll: OK
C:\WINDOWS\system32\inetpp.dll: OK
C:\WINDOWS\system32\icmp.dll: OK
C:\WINDOWS\system32\msdtc.exe: OK
C:\WINDOWS\system32\MSDTCTM.dll: OK
C:\WINDOWS\system32\MSDTCPRX.dll: OK
C:\WINDOWS\system32\MTXCLU.DLL: OK
C:\WINDOWS\system32\MSDTCLOG.dll: OK
C:\WINDOWS\system32\XOLEHLP.dll: OK
C:\WINDOWS\system32\RESUTILS.DLL: OK
C:\WINDOWS\system32\MTxOCI.Dll: OK
C:\Programme\Bonjour\mDNSResponder.exe: Win.Trojan.Agent-263533 FOUND
c:\windows\system32\ersvc.dll: OK
C:\Programme\Firefly Media Server\firefly.exe: OK
C:\Programme\Firefly Media Server\pthreadVC2.dll: OK
C:\Programme\Firefly Media Server\sqlite3.dll: OK
C:\Programme\Firefly Media Server\sqlite.dll: OK
C:\WINDOWS\system32\dnssd.dll: OK
C:\Programme\Firefly Media Server\libFLAC.dll: OK
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262B86\MSVCR80.dll: OK
C:\Programme\Firefly Media Server\zlib1.dll: OK
C:\Programme\Firefly Media Server\plugins\out-daap.dll: OK
C:\Programme\Firefly Media Server\plugins\rsp.dll: OK
C:\Programme\Firefly Media Server\plugins\ssc-ffmpeg.dll: OK
C:\Programme\Firefly Media Server\avcodec.dll: OK
C:\Programme\Firefly Media Server\avutil.dll: OK
C:\Programme\Firefly Media Server\avformat.dll: OK
C:\Programme\Firefly Media Server\plugins\ssc-wma.dll: OK
C:\WINDOWS\system32\WMVCore.DLL: OK
C:\WINDOWS\system32\WMASF.DLL: OK
C:\Programme\Firefly Media Server\plugins\w32-event.dll: OK
C:\Programme\Intel\Intel Matrix Storage Manager\Iaantmon.exe: OK
C:\WINDOWS\system32\comdlg32.dll: OK
C:\Programme\Intel\Intel Matrix Storage Manager\ISDI.dll: OK
C:\Programme\Intel\Intel Matrix Storage Manager\PlugInRAID_DEU.dll: OK
C:\WINDOWS\system32\inetsrv\inetinfo.exe: OK
C:\WINDOWS\system32\inetsrv\IISUTIL.dll: OK
C:\WINDOWS\system32\inetsrv\rpcref.dll: OK
C:\WINDOWS\system32\IisRTL.DLL: OK
C:\WINDOWS\system32\inetsrv\iisadmin.dll: OK
C:\WINDOWS\system32\inetsrv\COADMIN.dll: OK
C:\WINDOWS\system32\ADMWPROX.dll: OK
C:\WINDOWS\system32\inetsrv\IISCFG.DLL: OK
C:\WINDOWS\system32\inetsrv\metadata.dll: OK
C:\WINDOWS\system32\inetsrv\svcext.dll: OK
C:\WINDOWS\system32\Security.dll: OK
C:\WINDOWS\system32\IISMAP.dll: OK
C:\WINDOWS\system32\inetsrv\wamreg.dll: OK
C:\WINDOWS\System32\llssrv.exe: OK
C:\WINDOWS\System32\LLSRPC.DLL: OK
c:\windows\system32\regsvc.dll: OK
C:\WINDOWS\System32\sbscrexe.exe: OK
C:\WINDOWS\system32\sbscrdll.dll: OK
c:\windows\system32\ssdpsrv.dll: OK
c:\windows\system32\termsrv.dll: OK
c:\windows\system32\ICAAPI.dll: OK
c:\windows\system32\mstlsapi.dll: OK
C:\WINDOWS\System32\rdpwsx.dll: OK
c:\windows\system32\upnphost.dll: OK
c:\windows\system32\SSDPAPI.dll: OK
C:\WINDOWS\system32\udhisapi.dll: OK
C:\WINDOWS\System32\vds.exe: OK
C:\WINDOWS\System32\OSUNINST.dll: OK
C:\WINDOWS\System32\vdsutil.dll: OK
C:\WINDOWS\System32\vds_ps.dll: OK
C:\WINDOWS\System32\vdsbas.dll: OK
C:\WINDOWS\System32\fmifs.dll: OK
C:\WINDOWS\System32\ulib.dll: OK
C:\WINDOWS\System32\ifsutil.dll: OK
C:\WINDOWS\System32\CFGMGR32.dll: OK
C:\WINDOWS\System32\vdsdyndr.dll: OK
C:\WINDOWS\System32\dmintf.dll: OK
C:\WINDOWS\System32\hbaapi.dll: OK
C:\Programme\Windows Home Server\WHSClamAVScanService.exe: OK
C:\WINDOWS\system32\mscoree.dll: OK
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll: OK
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll: OK
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll: OK
C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll: OK
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll: OK
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll: OK
C:\Programme\Windows Home Server\Microsoft.HomeServer.SDK.Interop.v1.dll: OK
C:\WINDOWS\system32\shfolder.dll: OK
C:\Programme\Windows Home Server\HomeServer.dll: OK
C:\Programme\Windows Home Server\PartnerManager.dll: OK
C:\Programme\Windows Home Server\WHSNotificationFactory.dll: OK
C:\Programme\Windows Home Server\WHSNotificationSink.dll: OK
C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll: OK
C:\Programme\Windows Home Server\TransportServiceProxy.dll: OK
C:\Programme\Windows Home Server\WHSClamAVUpdateService.exe: OK
C:\Programme\Windows Home Server\WHSNotificationSource.dll: OK
C:\Programme\Wistron\WiDMS\WiDMS.exe: OK
C:\Programme\Wistron\WiDMS\sqlite3.dll: OK
C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31A54E43\MSVCR90.dll: OK
C:\Programme\Wistron\WiDMS\libavcodec.dll: OK
C:\Programme\Wistron\WiDMS\libxImage.dll: OK
C:\Programme\Wistron\WiDMS\cmdDirectoryWatcher.dll: OK
C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028BC148\mfc90u.dll: OK
C:\WINDOWS\system32\MSIMG32.dll: OK
C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31A54E43\MSVCP90.dll: OK
C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730C3508\MFC90DEU.DLL: OK
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE: OK
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\sqmapi.dll: OK
C:\WINDOWS\system32\shdocvw.dll: OK
C:\WINDOWS\system32\mydocs.dll: OK
C:\WINDOWS\system32\ntshrui.dll: OK
C:\WINDOWS\system32\SearchIndexer.exe: OK
C:\WINDOWS\system32\TQUERY.DLL: OK
C:\WINDOWS\system32\PROPSYS.dll: OK
C:\WINDOWS\system32\MSSRCH.DLL: OK
C:\WINDOWS\TEMP\clamav-a16a40f55f8ce45c6fbe496e29d91ab2.00000d98.clamtmp: OK
C:\WINDOWS\system32\dbghelp.dll: OK
C:\WINDOWS\system32\query.dll: OK
C:\WINDOWS\system32\de-de\tQuery.dll.mui: OK
C:\WINDOWS\system32\msscb.dll: OK
C:\WINDOWS\system32\perfproc.dll: OK
C:\WINDOWS\system32\mssprxy.dll: OK
C:\WINDOWS\system32\infosoft.dll: OK
C:\WINDOWS\System32\msshsq.dll: OK
C:\Programme\Windows Home Server\WixWHSService.exe: OK
C:\Programme\Windows Home Server\WixWHSLibrary.dll: OK
C:\Programme\Windows Home Server\WixHWApi.dll: OK
C:\Programme\Windows Home Server\WixMUI.dll: OK
C:\Programme\Windows Home Server\de\WixMUI.resources.dll: OK
C:\Programme\Windows Home Server\WixRecApi.dll: OK
C:\Programme\Windows Home Server\WNASDLLATL.dll: OK
C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll: OK
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll: OK
C:\Programme\Windows Home Server\qsm.exe: OK
C:\Programme\Media Connect\wmcsci.dll: OK
C:\WINDOWS\system32\vss_ps.dll: OK
c:\windows\system32\inetsrv\iisw3adm.dll: OK
c:\windows\system32\inetsrv\W3CACHE.dll: OK
c:\windows\system32\inetsrv\W3TP.dll: OK
c:\windows\system32\inetsrv\LONSINT.dll: OK
C:\Programme\Windows Home Server\whsarch.exe: OK
C:\Programme\Windows Home Server\deutil.dll: OK
C:\WINDOWS\system32\FLTLIB.DLL: OK
C:\Programme\Windows Home Server\whsbackup.exe: OK
C:\Programme\Windows Home Server\custsat.dll: OK
C:\Programme\WHS Suite\WHSFileSorter.exe: OK
C:\Programme\WHS Suite\Microsoft.HomeServer.SDK.Interop.v1.dll: OK
C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll: OK
C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll: OK
C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll: OK
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_C8DFF154\gdiplus.dll: OK
C:\Programme\WHS Suite\WixHWApi.dll: OK
C:\Programme\WHS Suite\usbinfo.dll: OK
C:\Programme\WHS Suite\WNASDLLATL.dll: OK
C:\WINDOWS\system32\dciman32.dll: OK
C:\Programme\WHS Suite\WHSHealth.exe: OK
C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll: OK
C:\Programme\WHS Suite\WixRecApi.dll: OK
C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll: OK
C:\Programme\WHS Suite\de\WHSHealth.resources.dll: OK
C:\WINDOWS\system32\MAPI32.DLL: OK
C:\Programme\Outlook Express\msoe.dll: OK
C:\WINDOWS\system32\MSOERT2.dll: OK
C:\WINDOWS\system32\MSOEACCT.dll: OK
C:\WINDOWS\system32\INETCOMM.dll: OK
C:\WINDOWS\system32\acctres.dll: OK
C:\WINDOWS\system32\inetres.dll: OK
C:\Programme\Outlook Express\msoeres.dll: OK
C:\WINDOWS\system32\ieframe.dll: OK
C:\WINDOWS\system32\msident.dll: OK
C:\WINDOWS\system32\msidntld.dll: OK
C:\Programme\Gemeinsame Dateien\System\directdb.dll: OK
C:\WINDOWS\system32\PSTOREC.DLL: OK
C:\WINDOWS\system32\mlang.dll: OK
C:\Programme\Windows Home Server\TransportService.exe: OK
C:\Programme\Windows Home Server\WHSNotificationNode.dll: OK
C:\Programme\Windows Home Server\ActivationSource.dll: OK
C:\Programme\Windows Home Server\CriticalProcessSource.dll: OK
C:\WINDOWS\system32\wuapi.dll: OK
C:\WINDOWS\system32\wups.dll: OK
c:\windows\system32\wsmsvc.dll: OK
C:\WINDOWS\system32\wevtfwd.dll: OK
C:\WINDOWS\system32\WsmRes.dll: OK
C:\Programme\Media Connect\wmccds.exe: OK
C:\WINDOWS\system32\upnp.dll: OK
C:\WINDOWS\system32\wmdrmdev.dll: OK
C:\WINDOWS\system32\wmnetmgr.dll: OK
C:\WINDOWS\system32\drmv2clt.dll: OK
C:\WINDOWS\system32\DRMClien.DLL: OK
C:\Programme\Windows Home Server\cqvSvc.exe: OK
C:\Programme\Windows Home Server\HomeServerControls.dll: OK
C:\Programme\Windows Home Server\BackupConfiguration.dll: OK
C:\Programme\Windows Home Server\qsmif.dll: OK
C:\Programme\Windows Home Server\WHSCommon.dll: OK
C:\Programme\Windows Home Server\WHSManagedNotification.dll: OK
C:\Programme\Windows Home Server\Interop.WHSNotification.dll: OK
C:\Programme\Windows Home Server\BackupUtil.dll: OK
C:\Programme\Windows Home Server\de\HomeServerControls.resources.dll: OK
C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll: OK
C:\Programme\Windows Home Server\de\WHSCommon.resources.dll: OK
C:\Programme\Windows Home Server\Interop.SearchAPI.dll: OK
C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll: OK
C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll: OK
C:\Programme\Gemeinsame Dateien\System\Ole DB\oledb32.dll: OK
C:\WINDOWS\system32\MSDART.DLL: OK
C:\Programme\Gemeinsame Dateien\System\Ole DB\OLEDB32R.DLL: OK
C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll: OK
C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll: OK
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll: OK
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSvcM.exe: OK
C:\Programme\Windows Home Server\LightsOutService.exe: OK
C:\Programme\Windows Home Server\NLog.dll: OK
C:\Programme\Windows Home Server\AxoNet.LightsOut.dll: OK
C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll: OK
C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll: OK
C:\Programme\Windows Home Server\axsmb.dll: OK
C:\Programme\Windows Home Server\de\LightsOutService.resources.dll: OK
C:\Programme\Windows Home Server\AxoNet.LightsOut.XmlSerializers.dll: OK
C:\Programme\Windows Home Server\AxoNet.TaskScheduler.dll: OK
C:\WINDOWS\system32\mstask.dll: OK
C:\Programme\Windows Home Server\pdl.exe: OK
C:\WINDOWS\System32\dmadmin.exe: OK
C:\WINDOWS\System32\dmutil.dll: OK
C:\WINDOWS\System32\alg.exe: OK
C:\Programme\Windows Home Server\demigrator.exe: OK
C:\Programme\Windows Home Server\de\DEMigrator.resources.dll: OK
C:\Programme\Windows Home Server\DEcore.dll: OK
C:\Programme\Windows Home Server\DEMigratorAPI.dll: OK
C:\WINDOWS\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll: OK
c:\windows\system32\tapisrv.dll: OK
C:\WINDOWS\System32\unimdm.tsp: OK
C:\WINDOWS\System32\uniplat.dll: OK
C:\WINDOWS\System32\kmddsp.tsp: OK
C:\WINDOWS\System32\ndptsp.tsp: OK
C:\WINDOWS\System32\ipconf.tsp: OK
C:\WINDOWS\System32\h323.tsp: OK
C:\WINDOWS\System32\hidphone.tsp: OK
c:\windows\system32\inetsrv\w3wp.exe: OK
c:\windows\system32\inetsrv\w3core.dll: OK
c:\windows\system32\inetsrv\w3dt.dll: OK
c:\windows\system32\inetsrv\W3COMLOG.dll: OK
c:\windows\system32\inetsrv\iisres.dll: OK
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll: OK
c:\windows\system32\inetsrv\w3isapi.dll: OK
C:\WINDOWS\system32\inetsrv\gzip.dll: OK
C:\WINDOWS\system32\wbem\wmiprvse.exe: OK
C:\WINDOWS\system32\faultrep.DLL: OK
C:\WINDOWS\system32\wbem\cimwin32.dll: OK
C:\WINDOWS\system32\wbem\framedyn.dll: OK
C:\WINDOWS\system32\wbem\wmicookr.dll: OK
C:\WINDOWS\system32\wbem\wbemperf.dll: OK
C:\WINDOWS\system32\perfos.dll: OK
C:\WINDOWS\system32\licwmi.dll: OK
C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\unidrvui.dll: OK
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll: OK
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\webengine.dll: OK
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\e143370f0583abe015d8e3d2d536185e\System.Web.ni.dll: OK
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\96b7a0136e9e72e8f4eb0230c20766d2\System.Configuration.ni.dll: OK
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll: OK
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\5f463581bb85d528b1e77fd10b8b793f\Microsoft.JScript.ni.dll: OK
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\enrollid\d5ae5ceb\c800d3da\assembly\dl3\84c7e6e1\005cd876_5a47ca01\App_Web_hint.aspx.cdcab7d2.DLL: OK
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\enrollid\d5ae5ceb\c800d3da\assembly\dl3\ffbf01b0\005cd876_5a47ca01\App_Web_Id.aspx.cdcab7d2.DLL: OK
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\52dc5692a7cef3f6943f741ea3e1e209\System.Web.Mobile.ni.dll: OK
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\58ee03cb0f505b226bfe97c0e879005f\System.ServiceModel.ni.dll: OK
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\64bfc7fc01a4a79ce6b2c433c2e6e1a9\SMDiagnostics.ni.dll: OK
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\enrollid\d5ae5ceb\c800d3da\App_Web_9tfnynsf.dll: OK
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\e5846a2081be426bdb31f2022ab41c37\System.Web.RegularExpressions.ni.dll: OK
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\8462c03b4f10c4624feb95790d6d1e30\System.Data.ni.dll: OK
C:\WINDOWS\system32\rdpsnd.dll: OK
C:\WINDOWS\system32\scredir.dll: OK
C:\WINDOWS\system32\cscui.dll: OK
C:\WINDOWS\system32\msacm32.drv: OK
C:\WINDOWS\system32\MSACM32.dll: OK
C:\WINDOWS\system32\imaadp32.acm: OK
C:\WINDOWS\system32\msadp32.acm: OK
C:\WINDOWS\system32\msg711.acm: OK
C:\WINDOWS\system32\msgsm32.acm: OK
C:\WINDOWS\system32\tssoft32.acm: OK
C:\WINDOWS\system32\tsd32.dll: OK
C:\WINDOWS\system32\msg723.acm: OK
C:\WINDOWS\system32\msaud32.acm: OK
C:\WINDOWS\system32\sl_anet.acm: OK
C:\WINDOWS\system32\l3codeca.acm: OK
C:\WINDOWS\system32\printui.dll: OK
C:\WINDOWS\system32\rdpclip.exe: OK
C:\WINDOWS\system32\ctfmon.exe: OK
C:\WINDOWS\system32\MSCTF.dll: OK
C:\WINDOWS\system32\MSUTB.dll: OK
C:\Programme\Windows Home Server\homeserverconsole.exe: OK
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll: OK
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ba12e418b906593b7c9c18f971f36bf9\System.Windows.Forms.ni.dll: OK
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d7ee03714420b252415b952d40ef59e4\System.ServiceProcess.ni.dll: OK
C:\Programme\Windows Home Server\de\HomeServerConsole.resources.dll: OK
C:\Programme\Windows Home Server\HomeServerExt.dll: OK
C:\Programme\Windows Home Server\languagebar.dll: OK
C:\Programme\Windows Home Server\HomeServerConsoleTab.Health.dll: OK
C:\Programme\Windows Home Server\de\HomeServerConsoleTab.Health.resources.dll: OK
C:\Programme\Windows Home Server\HomeServerConsoleTab.IPInfo.dll: OK
C:\Programme\Windows Home Server\de\HomeServerConsoleTab.IPInfo.resources.dll: OK
C:\Programme\Windows Home Server\HomeServerConsoleTab.iTunesServer.dll: OK
C:\Programme\Windows Home Server\HomeServerConsoleTab.LightsOut.dll: OK
C:\Programme\Windows Home Server\Telerik.WinControls.RadChart.dll: OK
C:\Programme\Windows Home Server\de\HomeServerConsoleTab.LightsOut.resources.dll: OK
C:\Programme\Windows Home Server\HomeServerConsoleTab.Media.dll: OK
C:\Programme\Windows Home Server\de\HomeServerConsoleTab.Media.resources.dll: OK
C:\Programme\Windows Home Server\HomeServerConsoleTab.People.dll: OK
C:\Programme\Windows Home Server\de\HomeServerConsoleTab.People.resources.dll: OK
C:\Programme\Windows Home Server\HomeServerConsoleTab.Sharing.dll: OK
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\1a6f9e23985e3159e6dd9827fd81c2fd\System.Management.ni.dll: OK
C:\Programme\Windows Home Server\de\HomeServerConsoleTab.Sharing.resources.dll: OK
C:\Programme\Windows Home Server\HomeServerConsoleTab.Storage.dll: OK
C:\Programme\Windows Home Server\Xceed.Chart.dll: OK
C:\Programme\Windows Home Server\Xceed.Chart.GraphicsCore.dll: OK
C:\Programme\Windows Home Server\Xceed.Chart.Standard.dll: OK
C:\Programme\Windows Home Server\Xceed.Chart.Utilities.dll: OK
C:\Programme\Windows Home Server\Xceed.Chart.Core.dll: OK
C:\Programme\Windows Home Server\de\HomeServerConsoleTab.Storage.resources.dll: OK
C:\Programme\Windows Home Server\Xceed.Chart.GraphicsGL.dll: OK
C:\WINDOWS\system32\OPENGL32.dll: OK
C:\WINDOWS\system32\GLU32.dll: OK
C:\WINDOWS\system32\DDRAW.dll: OK
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262B86\msvcm80.dll: OK
C:\Programme\Windows Home Server\Xceed.Chart.Graphics2D.dll: OK
C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll: OK
C:\WINDOWS\system32\W03A2409.dll: OK
C:\Programme\Windows Home Server\HomeServerConsoleTab.WHSAdmin.dll: OK
C:\Programme\Windows Home Server\HomeServerConsoleTab.WHSClamAV.dll: OK
C:\Programme\Windows Home Server\HomeServerConsoleTab.WHSInfo.dll: OK
C:\Programme\Windows Home Server\de\HomeServerConsoleTab.WHSInfo.resources.dll: OK
C:\Programme\Windows Home Server\OutlookExpressAccount.dll: OK
C:\Programme\Windows Home Server\HomeServerConsoleTab.WiDMS.dll: OK
C:\Programme\Windows Home Server\de\HomeServerConsoleTab.WHSAdmin.resources.dll: OK
C:\Programme\Windows Home Server\AndreasM.Interop.Shell32.dll: OK
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\3283b562a391db4f3f6dcee754de15a8\CustomMarshalers.ni.dll: OK
C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll: OK
C:\Programme\Windows Home Server\AndreasM.Interop.WHSAdminUpdate.dll: OK
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\8a0eba3c8f881dd718ab4d1bb5118f15\System.Web.Services.ni.dll: OK
C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Web.Services.resources.dll: OK
C:\Programme\Windows Desktop Search\MSNLNamespaceMgr.dll: OK
C:\WINDOWS\system32\wbem\wmiprov.dll: OK
C:\WINDOWS\system32\msiexec.exe: OK
C:\WINDOWS\system32\wbem\stdprov.dll: OK
c:\windows\system32\swprv.dll: OK
C:\WINDOWS\Explorer.exe: OK
C:\WINDOWS\system32\BROWSEUI.dll: OK
C:\WINDOWS\system32\themeui.dll: OK
C:\Programme\Windows Desktop Search\deskbar.dll: OK
C:\Programme\Windows Desktop Search\de-de\dbres.dll.mui: OK
C:\Programme\Windows Desktop Search\dbres.dll: OK
C:\Programme\Windows Desktop Search\wordwheel.dll: OK
C:\Programme\Windows Desktop Search\de-de\msnlExtRes.dll.mui: OK
C:\Programme\Windows Desktop Search\msnlExtRes.dll: OK
C:\WINDOWS\system32\LINKINFO.dll: OK
C:\WINDOWS\system32\webcheck.dll: OK
C:\WINDOWS\system32\stobject.dll: OK
C:\WINDOWS\system32\BatMeter.dll: OK
C:\WINDOWS\system32\POWRPROF.dll: OK
C:\WINDOWS\System32\drprov.dll: OK
C:\WINDOWS\System32\ntlanman.dll: OK
C:\WINDOWS\System32\NETUI0.dll: OK
C:\WINDOWS\System32\NETUI1.dll: OK
C:\WINDOWS\System32\davclnt.dll: OK
C:\Programme\Intel\Intel Matrix Storage Manager\Iaanotif.exe: OK
C:\WINDOWS\system32\OLEACC.dll: OK
C:\Programme\Intel\Intel Matrix Storage Manager\IAAMon_DEU.dll: OK
C:\Programme\Windows Desktop Search\WindowsSearch.exe: OK
C:\WINDOWS\system32\uncdms.dll: OK
C:\WINDOWS\system32\oeph.dll: OK
C:\WINDOWS\system32\mssph.dll: OK
C:\Programme\Windows Desktop Search\de-de\WindowsSearchRes.dll.mui: OK
C:\Programme\Windows Desktop Search\WindowsSearchRes.dll: OK
C:\Programme\Windows Desktop Search\WdsMktTools.dll: OK
C:\Programme\ClamWin\bin\clamscan.exe: OK
C:\Programme\ClamWin\bin\libclamav.dll: OK
C:\WINDOWS\system32\wship6.dll: OK
C:\Programme\ClamWin\bin\libclamav_llvm.dll: OK
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262B86\MSVCP80.dll: OK
C:\Programme\ClamWin\bin\libclamunrar_iface.dll: OK
C:\Programme\ClamWin\bin\libclamunrar.dll: OK
*** Scanned 45 processes - 528 modules ***
*** Computer Memory Scan Completed ***
----------- SCAN SUMMARY -----------
Known viruses: 2056032
Engine version: 0.96.4
Scanned directories: 0
Scanned files: 573
Infected files: 1
Data scanned: 271.82 MB
Data read: 0.00 MB (ratio 0.00:1)
Code:
ATTFilter WHSClamAV Version Information
Location: C:\Programme\Windows Home Server\HomeServerConsoleTab.WHSClamAV.dll
Version: 0.1.9.33850
Culture: Invariant Language (Invariant Country)
Clam AV Version: 0.96.4
Vielen Dank für Deine Hilfe. Sparkle |
|
| Themen zu PCK/PESpin: gefährliche Malware oder jagt der PC Virenscanner den Homeserver-Virenscanner? |
| 7-zip, antivir, avira, clamav, converter, fehler, firefox, helper, homeserver-antivirenprogramm, install.exe, internet, logfile, malware, monitor.exe, nodrives, nvpciflt.sys, pck/pespin, plug-in, prozess, scan, senden, warnung |
Linear-Darstellung
