Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Win32/Small.CA-Virus

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 26.03.2013, 21:36   #1
Riggi84
 
Win32/Small.CA-Virus - Standard

Win32/Small.CA-Virus



Hallo liebe Trojaner-Board Profis, Helfer und Geplagte

Seit kurzem treibt sich ein ungeliebter Gast auf meinem System herum, darf man den Windows Boardmitteln (Defender etc.) Glauben schenken. Laut Malwarebytes ist die Maschine sauber, aber ich würde Euch Experten gerne einmal den Einblick gewähren. Über Eure Hilfe wäre ich sehr dankbar.

Also hier einmal die Logs.

MWB:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.03.26.13

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.pc8112.16421
Name :: Name- [Administrator]

26.03.2013 20:02:44
mbam-log-2013-03-26 (20-02-44).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 435316
Laufzeit: 1 Stunde(n), 17 Minute(n), 4 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         


Hier die OTL Logs.

OTL

Code:
ATTFilter
OTL logfile created on: 26.03.2013 20:05:31 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Name\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,68 Gb Total Physical Memory | 1,36 Gb Available Physical Memory | 37,11% Memory free
7,35 Gb Paging File | 4,58 Gb Available in Paging File | 62,36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298,09 Gb Total Space | 212,61 Gb Free Space | 71,33% Space Free | Partition Type: NTFS
 
Computer Name: Name-PC | User Name: Name | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Name\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Users\Name\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\DATEV\SYSTEM\DVREWEDZSMSTR030A.exe (DATEV e.G.)
PRC - C:\DATEV\PROGRAMM\K0005002\Datev.Sdd.Ui.EditHost.StartupService.exe (DATEV eG)
PRC - C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe (DATEV eG)
PRC - C:\DATEV\SYSTEM\Nuko\NKWLOGIN.exe (DATEV eG)
PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\DATEV\PROGRAMM\D0100000\Datev.Framework.RemoteServiceModel.GenericService2010.exe (DATEV eG)
PRC - C:\DATEV\PROGRAMM\B0001442\PSNTServ.exe (DATEV eG)
PRC - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
PRC - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe ()
PRC - c:\Program Files (x86)\Hotkey\PowerBiosServer.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\766ccafdc4a09b964aa9286a15bca48a\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web\ce70182f0348fc21a07409afd4a922f5\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Framework.Win#\95d6b8e034945a50596479e0827eb6c8\Datev.Framework.Windows.Shell.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Framework.Win#\e0ff4cc7651d5c1ae5b9d928c625d86e\Datev.Framework.Windows.MessageListeners.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Framework.Win#\d772fa79e965d5d6f319141c04212e5f\Datev.Framework.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Framework.Rem#\3b815c2c27ffedfcdab494fe1031ad22\Datev.Framework.RemoteServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Sdd.Ui.EditHo#\687a0637cdcd6b590964f340a048b039\Datev.Sdd.Ui.EditHost.StartupService.Business.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\39f4c7717661667c68f9af8c4f6402b9\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Security.Iden#\2b77dd95ae115fd7dd4965ceff40f70f\Datev.Security.IdentityManagement.IamClaimService.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Security.Iden#\4b66190dec76f5932c6c8759314ec638\Datev.Security.IdentityManagement.Database.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Network\1b02d0ec7854cf6abda2bf8062aae29b\Datev.Network.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Network.Inter#\342205de858a50dcdf1416afb5c2adbd\Datev.Network.Interfaces.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Framework.Ser#\e13301521a3d8088f2d3eb442a564d8a\Datev.Framework.ServiceBus.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Framework.Res#\6c69a312252d49cddc988749dd4fbc21\Datev.Framework.ResourceData.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Framework.Mes#\7955b7c205b54e90f194b9e7d23d37a3\Datev.Framework.Messages.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Framework.Lic#\f4ee7a528aaab01e903da9cfe1c2f6a9\Datev.Framework.Licensing.PlugIn.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Framework.Int#\fd29ba5f2f4d68e25966e42689fd28e9\Datev.Framework.Interface.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Framework.Env#\5cd800ecdc7df7c8e2202d2f713acb48\Datev.Framework.Environment.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Framework.Dat#\e2139fe0a1d781257b231abf5a2b8ec1\Datev.Framework.Data.PlugIn.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Database.Comm#\39393f7433dfdbaa57bcbad23d5c56a2\Datev.Database.Common.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Database.Publ#\ab89e7b4cd898e0df79a24956453b396\Datev.Database.PublicInterfaces.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Database.Cons#\ab3157a29cb4f83221539eca0b14558e\Datev.Database.ConserveManager.PlugIn.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.ConfigDB.Stor#\78feaae28fc5ed268623a98b850072f9\Datev.ConfigDB.StorageProvider.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.ConfigDB.Plug#\af473a4535e1fba3528063821be23a40\Datev.ConfigDB.PlugIn.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.ConfigDB\49ec49d5635cedcf702c3c040f903d7b\Datev.ConfigDB.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.ConfigDB.Inte#\a5474eb3845f503eead6363d5a34a318\Datev.ConfigDB.Interfaces.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Lexinform.Ser#\bad87390df683fcc3abc61126010d2af\Datev.Lexinform.Services.SemanticRecognition.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Lexinform.Ser#\15987b5ebe2a9653537a3d8be7b0bd4b\Datev.Lexinform.Services.SemanticRecognition.Interface.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Lexinform.Ser#\474005e4f22288d30811831341a75f3e\Datev.Lexinform.Services.LexinformSearch.Business.LocalSearch.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Lexinform.Ser#\7dfcec0862676f980fe836a41995bdf4\Datev.Lexinform.Services.Search.Interface.Server.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Lexinform.Ser#\bd48e9857ed3fcd1947778962378edbf\Datev.Lexinform.Services.LexinformSearch.Business.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Lexinform.Ser#\16c4159d164af65d95d5edcc996e7396\Datev.Lexinform.Services.LexinformBase.ServiceContracts.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Lexinform.Ser#\8fba1c3463a73361124255eb561b3077\Datev.Lexinform.Services.LexinformBase.LicenceRetriever.Business.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Lexinform.Ser#\41fbba89171246486146a7c5257355e6\Datev.Lexinform.Services.LexinformBase.Interface.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Lexinform.Ser#\a1bd506b45b0c1ecb05c905b7e915753\Datev.Lexinform.Services.LexinformBase.Business.Server.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Lexinform.Ser#\93ce6e805355bf29f5e821aa4603d017\Datev.Lexinform.Services.LexinformBase.Business.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Lexinform.Ser#\9ef4eec843e9978f222935d8d4f664e8\Datev.Lexinform.Services.Document.ServiceContracts.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Lexinform.Ser#\a15b8fbec033174ed6a43106228ad76d\Datev.Lexinform.Services.Document.Strategies.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Lexinform.Ser#\01e36a77d28bdb204e7692e842c87108\Datev.Lexinform.Services.Document.Interface.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Lexinform.Ser#\c9768ddec77db1b0c621039c62c95845\Datev.Lexinform.Services.Document.Business.Server.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Sdd.Ui.EditHo#\0639715e212ed7a758a07f7ec752a577\Datev.Sdd.Ui.EditHost.StartupService.Resources.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Sdd.Ui.EditHo#\7bf87871fdac54f470b13a0ebbb9b26c\Datev.Sdd.Ui.EditHost.StartupService.Interface.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Sdd.Transport#\556bb7bcfff08e75b2b856aab9f2bbf7\Datev.Sdd.TransportInterfaces.ni.dll ()
MOD - C:\Windows\assembly\GAC_32\Datev.Framework.Licensing.Wrapper\4.0.0.0__cbc631f1c682336b\Datev.Framework.Licensing.Wrapper.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Framework.Rem#\f022aa3886b58f2020b1c87e9b89b17b\Datev.Framework.RemoteServiceModel.GenericServiceBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Framework.Hos#\440507bee2a67350090e535b1172a36a\Datev.Framework.Hosting.Interface.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Framework.Dia#\f6a1f5e9f8fb3b284e7355c3715760ae\Datev.Framework.Diagnostics.RealTimeTracing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Framework.Mic#\6bcfa3a5b15d2ec1983d02e7f792462c\Datev.Framework.MicroKernel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\c1b67737c13c99776cde5989ec2885c8\System.IdentityModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\a0445401f2473a1aa4b66c9c0791c7f6\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.DataSet#\41c8b10b4eee399c4abfa970b73ecd74\System.Data.DataSetExtensions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Cach#\2fa72afe543bb02b4f728efc2166d58c\System.Runtime.Caching.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\5ea93652e4752c75bc6fbb195b4eb864\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\dcb0e7d56ffca14d7c483103235b11ad\System.Transactions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\e7b4706dfe18f29486dbaf5d35e01765\System.Runtime.DurableInstancing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\ef7642a4f2724135d445e2ea36582e78\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\910fe53ec2122cf3a2ad11c2b2f5cbfd\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\9071f089ab65d518d1bd7e8fa857a95f\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.CSharp\e6f1669a51fbf73520ae79dca19f005e\Microsoft.CSharp.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Dynamic\ebd8e7de507b634d15b3e16614270f06\System.Dynamic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\27dcf04ed7a3506045597c02a5a1fc31\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\5de5d8c1c02e33789e3cf7e3f54c0ec9\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe ()
MOD - C:\Program Files (x86)\Acronis\TrueImageHome\Common\resource.dll ()
MOD - C:\Program Files (x86)\Acronis\TrueImageHome\Common\rpc_client.dll ()
MOD - C:\Program Files (x86)\Acronis\TrueImageHome\Common\thread_pool.dll ()
MOD - C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (TeamViewer8) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (DATEV Update-Service) -- C:\DATEV\PROGRAMM\Install\DvInesASDSvc.Exe (DATEV eG)
SRV - (DatevPrintService) -- C:\DATEV\PROGRAMM\B0001442\PSNTServ.exe (DATEV eG)
SRV - (SQLAgent$DATEV_DBENGINE) -- C:\Programme\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\SQLAGENT.EXE (Microsoft Corporation)
SRV - (MSSQL$DATEV_DBENGINE) -- C:\Programme\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (afcdpsrv) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (MSSQLServerADHelper100) -- C:\Programme\Microsoft SQL Server\100\Shared\sqladhlp.exe (Microsoft Corporation)
SRV - (MSSQLFDLauncher$DATEV_DBENGINE) -- C:\Programme\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\fdlauncher.exe (Microsoft Corporation)
SRV - (SQLWriter) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (PowerBiosServer) -- c:\Program Files (x86)\Hotkey\PowerBiosServer.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (RsFx0151) -- C:\Windows\SysNative\drivers\RsFx0151.sys (Microsoft Corporation)
DRV:64bit: - (BrSerIb) -- C:\Windows\SysNative\drivers\BrSerIb.sys (Brother Industries Ltd.)
DRV:64bit: - (BrUsbSIb) -- C:\Windows\SysNative\drivers\BrUsbSib.sys (Brother Industries Ltd.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (afcdp) -- C:\Windows\SysNative\drivers\afcdp.sys (Acronis)
DRV:64bit: - (tdrpman258) -- C:\Windows\SysNative\drivers\tdrpm258.sys (Acronis)
DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis)
DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (e1kexpress) -- C:\Windows\SysNative\drivers\e1k62x64.sys (Intel Corporation)
DRV:64bit: - (NAL) -- C:\Windows\SysNative\drivers\iqvw64e.sys (Intel Corporation )
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (NETw5x64) -- C:\Windows\SysNative\drivers\NETw5x64.sys (Intel Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (ioatdma2) -- C:\Windows\SysNative\drivers\qd262x64.sys (Intel Corporation)
DRV:64bit: - (ioatdma1) -- C:\Windows\SysNative\drivers\qd162x64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (IAMTVE) -- C:\Windows\SysNative\drivers\IAMTVE.sys (Intel Corporation)
DRV:64bit: - (IAMTXPE) -- C:\Windows\SysNative\drivers\IAMTXPE.sys (Intel Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {1FE8516A-024E-4584-A388-898180DFE6ED}
IE:64bit: - HKLM\..\SearchScopes\{1FE8516A-024E-4584-A388-898180DFE6ED}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://nmd.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {453F3A50-CBA5-46CC-A644-360B65237ABF}
IE - HKLM\..\SearchScopes\{453F3A50-CBA5-46CC-A644-360B65237ABF}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3308591813-2226736588-3851468173-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://nmd.msn.com
IE - HKU\S-1-5-21-3308591813-2226736588-3851468173-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://nmd.msn.com [binary data]
IE - HKU\S-1-5-21-3308591813-2226736588-3851468173-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-3308591813-2226736588-3851468173-1000\..\SearchScopes,DefaultScope = {453F3A50-CBA5-46CC-A644-360B65237ABF}
IE - HKU\S-1-5-21-3308591813-2226736588-3851468173-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Name\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox [2010.10.04 22:27:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010.10.04 22:27:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010.10.04 22:27:57 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programme\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DATEV Update-Monitor] C:\DATEV\PROGRAMM\Install\DvInesASDMon.Exe (DATEV eG)
O4 - HKLM..\Run: [SfWinStartInfo] C:\SFIRM32\sfWinStartupInfo.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3308591813-2226736588-3851468173-1000..\Run: [Spotify] C:\Users\Name\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-3308591813-2226736588-3851468173-1000..\Run: [Spotify Web Helper] C:\Users\Name\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-3308591813-2226736588-3851468173-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\S-1-5-21-3308591813-2226736588-3851468173-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-21-3308591813-2226736588-3851468173-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3D4CB084-A84A-4E49-977D-0D9CA1976399}: NameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{93274F38-4FD0-4E7E-9A08-908EAE7F83E0}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\psfus: DllName - (C:\Program Files\Protector Suite\psqlpwd.dll) - C:\Programme\Protector Suite\psqlpwd.dll (UPEK Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.17 20:29:46 | 000,000,000 | ---D | C] -- C:\Users\Name\AppData\Roaming\TeamViewer
[2013.03.15 17:35:12 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.03.15 17:35:12 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.03.15 17:35:11 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.03.15 17:35:10 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.03.15 17:35:10 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.03.15 17:35:10 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.03.15 17:35:10 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.03.15 17:35:10 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.03.15 17:35:09 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.03.15 17:35:09 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.03.15 17:35:09 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.03.15 17:35:08 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.03.15 17:35:06 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.03.15 17:35:06 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.03.15 17:35:05 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.03.12 14:18:10 | 000,000,000 | ---D | C] -- C:\Users\Name\AppData\Local\Programs
[2013.03.12 11:52:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
[2013.03.12 11:51:19 | 000,207,872 | ---- | C] (brother) -- C:\Windows\SysNative\NSSRH64.dll
[2013.03.12 11:51:19 | 000,082,944 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysNative\BrNetSti.dll
[2013.03.12 11:51:19 | 000,058,368 | ---- | C] (Brother Industries,Ltd.) -- C:\Windows\SysNative\BrWiaNCp.dll
[2013.03.12 11:51:19 | 000,047,616 | ---- | C] (Brother Industries,Ltd) -- C:\Windows\SysNative\Brnsplg.dll
[2013.03.12 11:51:18 | 000,073,728 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysWow64\BrDctF2.dll
[2013.03.12 11:51:18 | 000,005,632 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysWow64\BrDctF2L.dll
[2013.03.12 11:51:18 | 000,003,072 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysWow64\BrDctF2S.dll
[2013.03.12 11:51:16 | 001,560,064 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysNative\BrWia09b.dll
[2013.03.12 11:51:12 | 000,176,128 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysWow64\BROSNMP.DLL
[2013.03.12 11:51:12 | 000,111,928 | ---- | C] (Brother Industries Ltd) -- C:\Windows\SysWow64\BRRBTOOL.EXE
[2013.03.12 11:51:07 | 000,024,223 | ---- | C] (Brother Industries, Ltd) -- C:\Windows\SysWow64\BRLM03A.DLL
[2013.03.12 11:49:17 | 000,000,000 | ---D | C] -- C:\Users\NAme\AppData\Roaming\InstallShield
[2013.03.12 11:49:00 | 000,000,000 | ---D | C] -- C:\Users\Name\Desktop\mflpro
[2013.03.12 11:42:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2013.03.12 08:36:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2013.03.12 08:35:10 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.02.27 20:51:49 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2013.02.27 20:51:49 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2013.02.27 20:51:49 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2013.02.27 20:51:49 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2013.02.27 20:51:45 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013.02.27 20:51:45 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013.02.27 20:51:39 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2013.02.27 20:51:39 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.02.27 20:51:39 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.02.27 20:51:39 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.02.27 20:51:39 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.02.27 20:51:39 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.02.27 20:51:39 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.02.27 20:51:39 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.02.27 20:51:39 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.02.27 20:51:38 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2013.02.27 20:51:38 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2013.02.27 20:51:38 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2013.02.27 20:51:38 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2013.02.27 20:51:38 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.02.27 20:51:38 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.02.27 20:51:38 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.02.27 20:51:38 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.02.27 20:51:38 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.02.27 20:51:38 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.02.27 20:51:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2013.02.27 20:51:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2013.02.27 20:51:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.02.27 20:51:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.02.27 20:51:37 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013.02.27 20:51:37 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013.02.27 20:51:37 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2013.02.27 20:51:37 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2013.02.27 20:51:37 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2013.02.27 20:51:37 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2013.02.27 20:51:37 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2013.02.27 20:51:36 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2013.02.27 20:51:35 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013.02.27 20:51:35 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013.02.27 20:51:35 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2013.02.27 20:51:34 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.26 19:41:55 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.26 19:41:54 | 000,000,938 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3308591813-2226736588-3851468173-1000Core.job
[2013.03.26 19:41:52 | 000,000,960 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3308591813-2226736588-3851468173-1000UA.job
[2013.03.26 19:41:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.25 12:15:37 | 000,000,432 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2013.03.19 10:09:10 | 000,000,570 | ---- | M] () -- C:\Windows\ODBC.INI
[2013.03.19 08:47:19 | 000,009,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.19 08:47:19 | 000,009,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.15 20:12:50 | 2960,498,688 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.13 07:29:54 | 000,419,952 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.03.12 11:52:42 | 000,000,034 | ---- | M] () -- C:\Windows\SysWow64\bd9042cd.dat
[2013.03.12 11:52:42 | 000,000,026 | ---- | M] () -- C:\Windows\BRPP2KA.INI
[2013.03.12 11:51:30 | 000,000,050 | ---- | M] () -- C:\Windows\SysNative\bd9042cn.dat
[2013.03.12 11:42:26 | 000,001,166 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk
[2013.03.12 08:38:52 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2013.03.04 23:11:49 | 001,838,200 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.03.04 23:11:49 | 000,779,132 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.03.04 23:11:49 | 000,730,778 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.03.04 23:11:49 | 000,180,380 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.03.04 23:11:49 | 000,152,318 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
 
========== Files Created - No Company Name ==========
 
[2013.03.12 11:52:42 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\bd9042cd.dat
[2013.03.12 11:52:42 | 000,000,026 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2013.03.12 11:51:30 | 000,000,050 | ---- | C] () -- C:\Windows\SysNative\bd9042cn.dat
[2013.03.12 11:51:19 | 000,143,360 | ---- | C] () -- C:\Windows\SysNative\BrSNMP64.dll
[2013.03.12 11:51:10 | 000,000,050 | ---- | C] () -- C:\Windows\SysNative\BAOCH06A.DAT
[2013.03.12 11:42:26 | 000,001,178 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
[2013.03.12 11:42:26 | 000,001,166 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk
[2013.03.12 08:37:05 | 000,002,014 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2013.03.12 08:37:04 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012.06.05 18:35:09 | 000,000,227 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2012.03.01 17:06:45 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012.02.06 12:15:09 | 000,000,029 | ---- | C] () -- C:\Windows\hbcikrnl.ini.lock
[2012.02.06 12:08:13 | 000,000,061 | ---- | C] () -- C:\Windows\Setup_tmp.ini
[2011.11.14 14:41:38 | 000,017,408 | ---- | C] () -- C:\Users\NAme\AppData\Local\WebpageIcons.db
[2011.04.13 09:32:48 | 000,004,851 | ---- | C] () -- C:\Users\NAme\AppData\Local\EmptySettings.xml
[2010.10.21 16:01:11 | 000,000,101 | ---- | C] () -- C:\Users\NAme\AppData\Local\fusioncache.dat
[2010.10.21 08:35:19 | 000,006,733 | ---- | C] () -- C:\Users\NAme\AppData\Roaming\abspann_datev_idea.gif
[2010.10.21 08:35:19 | 000,000,291 | ---- | C] () -- C:\Users\NAme\AppData\Roaming\lastscreen.html
[2010.10.21 08:35:19 | 000,000,105 | ---- | C] () -- C:\Users\NAme\AppData\Roaming\lastscreen.ikf
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.10.14 09:49:12 | 000,000,000 | ---D | M] -- C:\Users\NAme1\AppData\Roaming\DATEV
[2010.10.22 15:39:23 | 000,000,000 | ---D | M] -- C:\Users\NAme1\AppData\Roaming\Protector Suite
[2010.11.23 08:03:18 | 000,000,000 | ---D | M] -- C:\Users\NAme\AppData\Roaming\Acronis
[2011.12.12 12:03:11 | 000,000,000 | ---D | M] -- C:\Users\NAme\AppData\Roaming\DATEV
[2013.01.23 15:38:02 | 000,000,000 | ---D | M] -- C:\Users\NAme\AppData\Roaming\DVASSV
[2010.10.21 08:34:20 | 000,000,000 | ---D | M] -- C:\Users\NAme\AppData\Roaming\linkundlink
[2010.10.15 09:53:18 | 000,000,000 | ---D | M] -- C:\Users\NAme\AppData\Roaming\Protector Suite
[2013.03.15 20:21:24 | 000,000,000 | ---D | M] -- C:\Users\NAme\AppData\Roaming\Spotify
[2013.03.17 20:29:46 | 000,000,000 | ---D | M] -- C:\Users\NAme\AppData\Roaming\TeamViewer
[2012.08.07 18:44:08 | 000,000,000 | ---D | M] -- C:\Users\NAme\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 

< End of report >
         

OTL-Extras

Code:
ATTFilter
OTL Extras logfile created on: 26.03.2013 20:05:31 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Name\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,68 Gb Total Physical Memory | 1,36 Gb Available Physical Memory | 37,11% Memory free
7,35 Gb Paging File | 4,58 Gb Available in Paging File | 62,36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298,09 Gb Total Space | 212,61 Gb Free Space | 71,33% Space Free | Partition Type: NTFS
 
Computer Name: PC | User Name: Name | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\DATEV\PROGRAMM\Numzus\NumZus.exe" = C:\DATEV\PROGRAMM\NUMZUS\NumZus.exe:*:Enabled:NumZus.exe -- (DATEV eG)
"C:\DATEV\PROGRAMM\Mandant\Mandant.exe" = C:\DATEV\PROGRAMM\MANDANT\Mandant.exe:*:Enabled:Mandant.exe -- (DATEV eG)
"C:\DATEV\SYSTEM\DvpExe.exe" = C:\DATEV\SYSTEM\DvpExe.exe:*:Enabled:DvpExe.exe -- (DATEV eG)
"C:\DATEV\SYSTEM\DcomSrv.exe" = C:\DATEV\SYSTEM\DcomSrv.exe:*:Enabled:DcomSrv.exe -- (DATEV eG)
"C:\DATEV\PROGRAMM\RWApplic\Datev.Irw.Managed.ServiceProvider.exe" = C:\DATEV\PROGRAMM\RWAPPLIC\Datev.Irw.Managed.ServiceProvider.exe:*:Enabled:DATEV IRW ServiceProvider -- (DATEV eG)
"C:\DATEV\PROGRAMM\Numzus\NumZus.exe" = C:\DATEV\PROGRAMM\NUMZUS\NumZus.exe:*:Enabled:NumZus.exe -- (DATEV eG)
"C:\DATEV\PROGRAMM\Mandant\Mandant.exe" = C:\DATEV\PROGRAMM\MANDANT\Mandant.exe:*:Enabled:Mandant.exe -- (DATEV eG)
"C:\DATEV\SYSTEM\DvpExe.exe" = C:\DATEV\SYSTEM\DvpExe.exe:*:Enabled:DvpExe.exe -- (DATEV eG)
"C:\DATEV\SYSTEM\DcomSrv.exe" = C:\DATEV\SYSTEM\DcomSrv.exe:*:Enabled:DcomSrv.exe -- (DATEV eG)
"C:\DATEV\PROGRAMM\RWApplic\Datev.Irw.Managed.ServiceProvider.exe" = C:\DATEV\PROGRAMM\RWAPPLIC\Datev.Irw.Managed.ServiceProvider.exe:*:Enabled:DATEV IRW ServiceProvider -- (DATEV eG)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\DATEV\PROGRAMM\Numzus\NumZus.exe" = C:\DATEV\PROGRAMM\NUMZUS\NumZus.exe:*:Enabled:NumZus.exe -- (DATEV eG)
"C:\DATEV\PROGRAMM\Mandant\Mandant.exe" = C:\DATEV\PROGRAMM\MANDANT\Mandant.exe:*:Enabled:Mandant.exe -- (DATEV eG)
"C:\DATEV\SYSTEM\DvpExe.exe" = C:\DATEV\SYSTEM\DvpExe.exe:*:Enabled:DvpExe.exe -- (DATEV eG)
"C:\DATEV\SYSTEM\DcomSrv.exe" = C:\DATEV\SYSTEM\DcomSrv.exe:*:Enabled:DcomSrv.exe -- (DATEV eG)
"C:\DATEV\PROGRAMM\RWApplic\Datev.Irw.Managed.ServiceProvider.exe" = C:\DATEV\PROGRAMM\RWAPPLIC\Datev.Irw.Managed.ServiceProvider.exe:*:Enabled:DATEV IRW ServiceProvider -- (DATEV eG)
"C:\DATEV\PROGRAMM\Numzus\NumZus.exe" = C:\DATEV\PROGRAMM\NUMZUS\NumZus.exe:*:Enabled:NumZus.exe -- (DATEV eG)
"C:\DATEV\PROGRAMM\Mandant\Mandant.exe" = C:\DATEV\PROGRAMM\MANDANT\Mandant.exe:*:Enabled:Mandant.exe -- (DATEV eG)
"C:\DATEV\SYSTEM\DvpExe.exe" = C:\DATEV\SYSTEM\DvpExe.exe:*:Enabled:DvpExe.exe -- (DATEV eG)
"C:\DATEV\SYSTEM\DcomSrv.exe" = C:\DATEV\SYSTEM\DcomSrv.exe:*:Enabled:DcomSrv.exe -- (DATEV eG)
"C:\DATEV\PROGRAMM\RWApplic\Datev.Irw.Managed.ServiceProvider.exe" = C:\DATEV\PROGRAMM\RWAPPLIC\Datev.Irw.Managed.ServiceProvider.exe:*:Enabled:DATEV IRW ServiceProvider -- (DATEV eG)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00C101CF-3924-406B-B01C-CAD5E040F338}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{1114278E-BF45-4076-9754-F12E28EA5637}" = lport=138 | protocol=17 | dir=in | app=system | 
"{162DCAA5-AC10-4917-8190-47DDEB83B360}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1879DD40-E7F5-4256-8998-6B72958D38FF}" = rport=138 | protocol=17 | dir=out | app=system | 
"{23AEA20F-AFAE-4F8E-AC86-8001489D61ED}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3569D854-D9A7-4A28-B699-887C8DE9B209}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{47FD34DC-07FE-4B68-B06A-DC1A5E1B6F90}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{6DD29525-8171-44FD-AAC0-DE276DD778F2}" = lport=58432 | protocol=6 | dir=in | app=c:\datev\programm\sws\limaservice.exe | 
"{6E8FA91B-4AC9-4D70-B618-D790231C993B}" = rport=139 | protocol=6 | dir=out | app=system | 
"{8211074E-FA45-4AC1-A0C4-6CD24F37A40B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{860AABF7-F11D-411F-B53B-545DCC808E35}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{87B6DB7E-7CC0-434B-AFE6-2D4E2359D0F5}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner | 
"{8AC8A2C1-7B52-45F6-8F83-E4F5B86DD832}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{8EEC4811-4A5E-4872-B070-AD66C6401C7E}" = lport=137 | protocol=17 | dir=in | app=system | 
"{910A06D2-DB4C-4E92-8FE5-37530F48945E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{981C884A-2808-4C35-8C5F-E92C32ADE0EF}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{AB7D4766-3A5F-4FE0-9C1D-77594F982118}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{AD90E923-19C2-4C09-8A1E-D6B36CCBCAD6}" = lport=445 | protocol=6 | dir=in | app=system | 
"{B6CE816B-CC09-4F69-A2AB-CDC9ED138683}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C19E9D5D-350F-4925-8460-D001C9474ACE}" = lport=139 | protocol=6 | dir=in | app=system | 
"{CABE5567-068F-47D9-8397-E731DF2A0C47}" = rport=445 | protocol=6 | dir=out | app=system | 
"{D26D6829-8E16-485C-894E-36434B4EE14F}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{D650FE30-6242-4B56-9082-A7C7759D788D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E112296F-440B-456F-8347-22165623F640}" = rport=137 | protocol=17 | dir=out | app=system | 
"{E44A8D20-3DF2-4230-8AAB-E880B195DC0F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{ED2050AD-32B0-4415-AE34-976ADFAFB208}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{FC5F20A2-E3B6-4D6F-9E54-4583FD4C5F65}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{16153F88-CB4B-4887-9B13-9621EB2F11A1}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | 
"{29B94BDB-5676-4957-B538-3DEA4A285D67}" = protocol=6 | dir=in | app=c:\users\name\appdata\roaming\spotify\spotify.exe | 
"{314E2E3A-5517-489F-8BB3-933B5FD479F0}" = protocol=17 | dir=in | app=c:\users\name\appdata\roaming\spotify\spotify.exe | 
"{4180B667-F0B3-4F6E-9AA9-7DC2D270820B}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | 
"{4522628D-9541-4060-8104-2E695ECB31DB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{46D4B9E4-8C33-4344-B228-71985209C937}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{47B1F1B9-1B0E-4E84-B459-CD3FC8F4B980}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{4D296ADA-6877-4B28-B0B7-A9A175E892BA}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{57809937-CB12-413C-BB6F-CBAABEC9528D}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | 
"{5C375639-EF0E-4C7B-85D8-D13EB2D6B7FC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{63240B07-B564-47A1-8843-030D19D04AE1}" = protocol=6 | dir=in | app=c:\users\name\appdata\roaming\spotify\spotify.exe | 
"{63D13937-869D-4C6D-A024-1FFB9DF22EAC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{6C5ED67E-A516-4DD1-B9EB-1D74F9677A7E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{7E79AB0B-8286-4309-9709-878A9B3563CD}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{8CBE50EA-6FBD-4FDA-99FB-C2AEE9FABBF0}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{90D413E3-46E6-4230-B46E-2DB3CA2BE107}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{90E7BA71-63A2-4016-8540-126D0FB72F3F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9C543AE4-5717-4ED7-B772-86EB3578CAF4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A0D3D6B3-9266-4D7B-A12A-B40A23A950EA}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | 
"{A4FF4D24-FA1E-4156-B9D6-45EE1306DDF9}" = protocol=6 | dir=in | app=c:\datev\programm\rwapplic\datev.irw.managed.serviceprovider.exe | 
"{ACF45C05-2851-400D-B2BC-40377F758E07}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{ACF8BC20-75D9-46C7-8203-8DCC60B648DF}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{AE126F33-BB1B-43CB-AFEA-52B604A2A492}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{B1C81839-ABEC-460E-BB01-E47461BF7F0E}" = protocol=6 | dir=out | app=system | 
"{B4FDC057-A99A-4B5B-9953-3515F8E3AABE}" = protocol=17 | dir=in | app=c:\users\name\appdata\roaming\spotify\spotify.exe | 
"{C6CFA088-865C-448E-A90B-173EDB385D75}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{C86FF447-B279-4E01-BAF5-F7F943FD9E16}" = dir=in | app=c:\users\name\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{D68183B6-92DE-4364-AF25-41233EFA0622}" = protocol=6 | dir=in | app=c:\datev\programm\k0005000\arbeitsplatz.exe | 
"{DE764EE8-5650-4592-9480-21D5C5DA2ED7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{E55BF4D4-8BCA-44FD-B6C3-BEF9CC6CD142}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{EDA9A18C-07E6-40FF-8A42-6B3865BDC0DB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F4B9CD7E-183D-4A73-AFD9-C269E2BFAF5E}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
"{F6AC6B50-F0CB-4C37-88D8-F463E4C3D61C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FAF46E96-DE48-45A6-A27B-879BE2F19FFF}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01078B88-2981-4F75-96B0-8B22E2D2DE03}" = Microsoft SQL Server 2008 R2 Setup (English)
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0F841121-4DB6-4B31-839F-7F5AB3BB3423}" = Protector Suite 2009
"{11107A2A-AD44-4BC8-ABB5-E88E63BCA785}" = Intel(R) Network Connections 14.8.43.0
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{17B77355-3934-4D0E-8FAC-C420482C8E7D}" = Windows Live Family Safety
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{234F6B0D-10AE-4BB7-B2F3-E48D4861952D}" = SQL Server 2008 R2 SP1 Common Files
"{26A24AE4-039D-4CA4-87B4-2F86416022FF}" = Java(TM) 6 Update 22 (64-bit)
"{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}" = Microsoft SQL Server VSS Writer
"{36F70DEE-1EBF-4707-AFA2-E035EEAEBAA1}" = SQL Server 2008 R2 SP1 Common Files
"{471AAD2C-9078-4DAC-BD43-FA10FB7C3FCE}" = Microsoft SQL Server 2008 R2 Native Client
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7C39E0D1-E138-42B1-B083-213EC2CF7692}" = Microsoft SQL Server Native Client
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DFA5914-C275-42E0-810E-C88E46A7F9EA}" = SQL Server 2008 R2 SP1 Full text search
"{A2122A9C-A699-4365-ADF8-68FEAC125D61}" = SQL Server 2008 R2 SP1 Database Engine Shared
"{ABA4FAF1-6389-45F9-92CE-3914A4E5C471}" = PaperPort Image Printer 64-bit
"{B40EE88B-400A-4266-A17B-E3DE64E94431}" = Microsoft SQL Server 2008 Setup Support Files 
"{BFBF33B5-AEFE-454B-A189-DF5013028535}" = SQLXML4
"{C942A025-A840-4BF2-8987-849C0DD44574}" = SQL Server 2008 R2 SP1 Database Engine Shared
"{D8C23BDE-4748-44D9-A9DD-8AB64EB18BE3}" = Microsoft SQL Server 2008 R2 RsFx Driver
"{F31183CF-E10F-4DE1-BB59-6C0FF38E481E}" = Sql Server Customer Experience Improvement Program
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = SQL Server 2008 R2 SP1 Database Engine Services
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = SQL Server 2008 R2 SP1 Database Engine Services
"8DEBD1C1BD0B77A96565A855F12B75986C183E33" = Windows-Treiberpaket - Intel (NETw5x64) net  (09/15/2009 13.0.0.107)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 R2 (64-bit)
"Microsoft SQL Server 2008 R2" = Microsoft SQL Server 2008 R2 (64-bit)
"PROSetDX" = Intel(R) Network Connections 14.8.43.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}" = ScanSoft PaperPort 11
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0881ECE5-DCA1-462D-B515-F1732875EC74}" = DATEV Infragistics Runtime V.3.2
"{0aa88bb2-bbcf-4d4e-b8b3-69f3ff537390}" = Nero 9 Essentials
"{164714B6-46BC-4649-9A30-A6ED32F03B5A}" = Hotkey 3.2029
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5BBC4803-C96E-4D3E-9D1D-2E43774C4062}" = BisonCam
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{67ED38A3-4882-448B-B44D-3428AB00D7D5}" = Acronis*True*Image*Home
"{682B9C00-DAD4-411D-A4A7-D02B50E50C78}" = DFL2010 Microkernel
"{735DEB9C-61BD-4D31-994B-92395BBB4E45}" = Microsoft XML Parser
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{77C4850C-3592-4A2F-B652-ACB77A1EF77C}" = Bing Bar Platform
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{7F26BC94-9AAA-4FD2-A38A-F13B3ECA3426}" = Crystal Reports Runtime XI
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{91110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91490409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Primary Interop Assemblies
"{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack
"{9298B925-57BA-4169-8C58-1A4BAE757DD7}" = DFL2010 ConfigDB
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A600A500-6AAC-48AB-B29C-145483B3A127}" = SFirm
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.4 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BF9BF038-FE03-429D-9B26-2FA0FD756052}" = Microsoft SQL Server Browser
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C83FB11D-9EC6-49D7-99A7-DDDB2264883C}" = Brother MFL-Pro Suite DCP-9042CDN
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F8AEA743-A9CB-453C-9B3C-53D7F1D0CC22}" = B1315AppGuid
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"avast" = avast! Free Antivirus
"DATEVB00000482.0" = DATEV Installation V.3.0
"InstallShield_{164714B6-46BC-4649-9A30-A6ED32F03B5A}" = Hotkey 3.2029
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"TeamViewer 8" = TeamViewer 8
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3308591813-2226736588-3851468173-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Spotify" = Spotify
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 08.06.2012 12:57:33 | Computer Name = Name-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 08.06.2012 12:57:36 | Computer Name = Name-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description = 
 
Error - 08.06.2012 12:57:37 | Computer Name = Name-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description = 
 
Error - 08.06.2012 12:58:22 | Computer Name = Name-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description = 
 
Error - 08.06.2012 12:58:38 | Computer Name = Name-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description = 
 
Error - 08.06.2012 12:59:30 | Computer Name = Name-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description = 
 
Error - 08.06.2012 13:00:33 | Computer Name = Name-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description = 
 
Error - 08.06.2012 13:00:39 | Computer Name = Name-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description = 
 
Error - 08.06.2012 13:01:37 | Computer Name = Name-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description = 
 
Error - 09.06.2012 08:57:09 | Computer Name = Name-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 09.06.2012 08:57:11 | Computer Name = Name-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
[ System Events ]
Error - 16.02.2013 05:14:32 | Computer Name = Name-PC | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus
 lautet: 107.
 
Error - 16.02.2013 05:14:32 | Computer Name = Name-PC | Source = Schannel | ID = 36874
Description = Eine SSL 3.0-Verbindungsanforderung wurde von einer Remoteclientanwendung
 übermittelt, jedoch werden keine der Verschlüsselungssammlungen, die von der Clientanwendung
 unterstützt werden, vom Server unterstützt. Fehler bei der SSL-Verbindungsanforderung.
 
Error - 16.02.2013 05:14:32 | Computer Name = Name-PC | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus
 lautet: 107.
 
Error - 16.02.2013 05:14:32 | Computer Name = Name-PC | Source = Schannel | ID = 36874
Description = Eine SSL 3.0-Verbindungsanforderung wurde von einer Remoteclientanwendung
 übermittelt, jedoch werden keine der Verschlüsselungssammlungen, die von der Clientanwendung
 unterstützt werden, vom Server unterstützt. Fehler bei der SSL-Verbindungsanforderung.
 
Error - 16.02.2013 05:14:32 | Computer Name = Name-PC | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus
 lautet: 107.
 
Error - 17.02.2013 08:20:35 | Computer Name = Name-PC | Source = WMPNetworkSvc | ID = 866333
Description = 
 
Error - 17.02.2013 13:22:48 | Computer Name = Name-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?17.?02.?2013 um 15:23:39 unerwartet heruntergefahren.
 
Error - 17.02.2013 13:22:50 | Computer Name = Name-PC| Source = BugCheck | ID = 1001
Description = 
 
Error - 03.03.2013 03:24:33 | Computer Name = Name-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst lmhosts erreicht.
 
Error - 17.03.2013 15:18:29 | Computer Name = Name-PC | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >
         




Namen habe ich mit "Name" "verschleiert" (hoffentlich überall ). Ich hoffe das ist ok.


Also nochmals tausend Dank vorab


Gruß Riggi

Keiner da, der sich das einmal ansehen kann

Alt 27.03.2013, 17:22   #2
ryder
/// TB-Ausbilder
 
Win32/Small.CA-Virus - Standard

Win32/Small.CA-Virus



1. Geduld!
2. Sieht das nach einem gewerblich genutzten Rechner aus.
3. Was sagt Defender denn?
__________________

__________________

Alt 27.03.2013, 19:40   #3
Riggi84
 
Win32/Small.CA-Virus - Standard

Win32/Small.CA-Virus



Zitat:
Zitat von ryder Beitrag anzeigen
1. Geduld!
2. Sieht das nach einem gewerblich genutzten Rechner aus.
3. Was sagt Defender denn?
Hallo Ryder

Zunächst einmal Danke für Deine Rückantwort!

Folgendes zu den Fragen:

1. Die fehlt mir leider sehr oft, Entschuldigung dafür

2. Das trifft indirekt zu, sorry aber den verlinkten Artikel kannte ich nicht. Es gibt keine interne IT-Abteilung, da nur zwei Rechner (keine Server oder Infrastruktur) vorhanden sind, die ich als Freundschaftsdienst hin und wieder bereinige oder mit Software "bespiele".

3. Eigentlich stand nur unten rechts in der Ecke, dass der Virus auf dem Rechner sei. Habe zum Entsetzen bemerkt, dass die Meldung wohl letztes Jahr im Januar auftrat und einmal einen Fehler verursacht hat. Hab diese jetzt archiviert.

Es war zu Beginn eine Testversion von McAffee installiert, die abgelaufen ist Ich habe dann Avast draufgemacht. Ich schätze da war die Lücke. Der Rechner wurde aber nur selten im INet genutzt, vielleicht ist daher ein "Neu Aufsetzen" nicht notwendig (wenn auch grundsätzlich ratsam)?!

Ich hoffe das hilft weiter.

Danke vorab,

Riggi
__________________

Alt 27.03.2013, 19:42   #4
ryder
/// TB-Ausbilder
 
Win32/Small.CA-Virus - Standard

Win32/Small.CA-Virus



Bemerkst du denn irgendwelche Symptone irgendeiner Infektion?
__________________
Digitale Freibeuter gegen Malware!
Keine Hilfe per PM!

Alt 27.03.2013, 19:45   #5
Riggi84
 
Win32/Small.CA-Virus - Standard

Win32/Small.CA-Virus



Zitat:
Zitat von ryder Beitrag anzeigen
Bemerkst du denn irgendwelche Symptone irgendeiner Infektion?
Wow das ging schnell

Nein eigentlich nicht...

Verraten die Logs denn irgendwas?


Alt 27.03.2013, 20:05   #6
ryder
/// TB-Ausbilder
 
Win32/Small.CA-Virus - Standard

Win32/Small.CA-Virus



Ja, man sieht nichts.
__________________
--> Win32/Small.CA-Virus

Alt 27.03.2013, 21:40   #7
Riggi84
 
Win32/Small.CA-Virus - Standard

Win32/Small.CA-Virus



Wunderbar

Herzlichen Dank für Deine Hilfe!

Gruß Riggi

Alt 27.03.2013, 21:41   #8
ryder
/// TB-Ausbilder
 
Win32/Small.CA-Virus - Standard

Win32/Small.CA-Virus



Schön, dass wir helfen konnten

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen schicke mir bitte eine PM.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen

Falls du noch Lob oder Kritik loswerden möchtest, dann gibt es diesen Bereich hier: http://www.trojaner-board.de/lob-kritik-wuensche/
__________________
Digitale Freibeuter gegen Malware!
Keine Hilfe per PM!

Antwort

Themen zu Win32/Small.CA-Virus
antivirus, avast, bho, browser, defender, error, excel, fehler, firefox, flash player, format, install.exe, installation, limited.com/facebook, logfile, microsoft office 2003, programm, realtek, registry, rundll, scan, sfirm, software, spotify web helper, svchost.exe, system, trojaner-board, warnung, win32/small.ca-virus, windows, windows xp



Ähnliche Themen: Win32/Small.CA-Virus


  1. Win32/Small.CA-Virus entfernen
    Log-Analyse und Auswertung - 16.12.2013 (4)
  2. Win32/Small.CA-Virus
    Log-Analyse und Auswertung - 28.11.2013 (2)
  3. WIN 7 Starter: Win32/Small.CA-Virus
    Log-Analyse und Auswertung - 15.11.2013 (3)
  4. Win 7 x64: Entfernen des Win32/Small.CA-Virus
    Log-Analyse und Auswertung - 31.10.2013 (15)
  5. win32/small.ca virus
    Plagegeister aller Art und deren Bekämpfung - 22.09.2013 (22)
  6. win32/small.ca-virus
    Plagegeister aller Art und deren Bekämpfung - 09.09.2013 (9)
  7. Win32/Small.ca Virus
    Log-Analyse und Auswertung - 24.07.2013 (11)
  8. Win32/Small.CA-Virus entfernen
    Log-Analyse und Auswertung - 22.07.2013 (13)
  9. Win32/Small.CA-Virus
    Plagegeister aller Art und deren Bekämpfung - 11.07.2013 (17)
  10. Entfernen des Win32/Small.CA-Virus
    Plagegeister aller Art und deren Bekämpfung - 05.07.2013 (41)
  11. Win32/Small.CA-Virus
    Plagegeister aller Art und deren Bekämpfung - 05.07.2013 (10)
  12. Win32/Small.CA-Virus entfernen
    Log-Analyse und Auswertung - 03.07.2013 (13)
  13. Win32/Small.CA-Virus .... 100.000-ste -.-
    Plagegeister aller Art und deren Bekämpfung - 01.06.2013 (11)
  14. Win32/Small.CA-Virus
    Plagegeister aller Art und deren Bekämpfung - 23.04.2013 (48)
  15. Win32/Small.CA-Virus
    Plagegeister aller Art und deren Bekämpfung - 17.03.2013 (13)
  16. Win32/Small.CA-Virus
    Log-Analyse und Auswertung - 06.03.2013 (1)
  17. Win32/Small.CA-Virus
    Log-Analyse und Auswertung - 03.01.2013 (8)

Zum Thema Win32/Small.CA-Virus - Hallo liebe Trojaner-Board Profis, Helfer und Geplagte Seit kurzem treibt sich ein ungeliebter Gast auf meinem System herum, darf man den Windows Boardmitteln (Defender etc.) Glauben schenken. Laut Malwarebytes ist - Win32/Small.CA-Virus...
Archiv
Du betrachtest: Win32/Small.CA-Virus auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.