| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Sophos meldet im Speicher: Troj/ZbotMem-BWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
23.11.2012, 11:14
| #1 | ||
| |  Sophos meldet im Speicher: Troj/ZbotMem-B Hallo, nachdem ich mein Sophos Antivirus auf Version 10.0 upgedatet habe, habe ich einen Scan gestartet. Dabei ist gleich nach wenigen Sekunden im Speicher der Troj/ZbotMem-B gefunden worden. Bereinigen usw. kann ich nicht, muss manuell geschehen. Deshalb bin ich hier. Habe bereits Malwarebytes Anti-Malware 1.65.1.1000 installiert und einen vollständigen Suchlauf gestartet, hat aber nichts gefunden. Zitat:
PS: obwohl Internet Explorer im Zitat drin steht, benutze ich den nicht. Bei mir sind gerade Google Chrome 23.0.1271.64 m und Mozilla Nightly 19.0a1 aktiv (ich weiß, es ist eine alpha-Version, wollte diese allerdings ausprobieren). defogger: Zitat:
OTL Logfile: Code:
ATTFilter OTL logfile created on: 23.11.2012 11:23:16 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = d:\benutzer\DailyDose\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,88 Gb Total Physical Memory | 4,94 Gb Available Physical Memory | 62,65% Memory free 15,77 Gb Paging File | 13,08 Gb Available in Paging File | 82,95% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 59,95 Gb Total Space | 20,35 Gb Free Space | 33,95% Space Free | Partition Type: NTFS Drive D: | 58,52 Gb Total Space | 47,02 Gb Free Space | 80,35% Space Free | Partition Type: NTFS Computer Name: P1275 | User Name: DailyDose | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found -- PRC - [2012.11.23 11:21:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- d:\benutzer\DailyDose\Desktop\OTL.exe PRC - [2012.11.19 13:18:41 | 000,900,160 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe PRC - [2012.11.19 13:17:52 | 000,232,512 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe PRC - [2012.11.19 13:05:30 | 000,357,400 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe PRC - [2012.11.19 13:04:20 | 000,216,640 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe PRC - [2012.11.19 13:00:47 | 002,869,824 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe PRC - [2012.11.19 12:55:56 | 000,139,840 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe PRC - [2012.11.19 12:13:50 | 000,818,240 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Remote Management System\RouterNT.exe PRC - [2012.11.19 12:13:05 | 000,289,856 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Remote Management System\ManagementAgentNT.exe PRC - [2012.11.04 21:04:03 | 000,142,336 | ---- | M] () -- C:\Program Files (x86)\salesforce.com\Chatter Desktop\Chatter Desktop.exe PRC - [2012.08.26 18:30:27 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe PRC - [2012.08.21 10:35:02 | 000,200,704 | ---- | M] () -- d:\benutzer\DailyDose\AppData\Roaming\Aqoqlo\nyuq.exe PRC - [2012.04.22 12:51:04 | 000,720,936 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe PRC - [2012.04.22 12:50:32 | 000,148,520 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe PRC - [2012.03.21 11:16:48 | 001,296,384 | ---- | M] () -- C:\Program Files (x86)\OpenVPN\bin\openvpn-gui-20111130174916.exe PRC - [2011.02.23 22:19:22 | 000,371,200 | ---- | M] (shbox.de) -- C:\Program Files (x86)\FreePDF_XP\fpassist.exe PRC - [2011.02.23 19:29:44 | 000,586,280 | R--- | M] (Ericsson AB) -- C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe PRC - [2010.12.04 00:20:18 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010.12.04 00:20:16 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010.11.29 18:10:32 | 000,210,896 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe PRC - [2010.08.14 02:25:08 | 000,223,848 | ---- | M] (O2Micro.) -- c:\Windows\SysWOW64\SDIOAssist.exe PRC - [2010.03.23 12:22:46 | 001,549,088 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\vpngui.exe PRC - [2010.03.23 12:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe PRC - [2003.04.19 03:06:26 | 000,008,192 | ---- | M] () -- c:\Windows\SysWOW64\srvany.exe ========== Modules (No Company Name) ========== MOD - [2012.11.14 08:58:29 | 004,775,040 | ---- | M] () -- C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\WebKit.dll MOD - [2012.11.04 21:04:03 | 000,142,336 | ---- | M] () -- C:\Program Files (x86)\salesforce.com\Chatter Desktop\Chatter Desktop.exe MOD - [2012.08.21 10:35:02 | 000,200,704 | ---- | M] () -- d:\benutzer\DailyDose\AppData\Roaming\Aqoqlo\nyuq.exe MOD - [2012.05.30 19:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012.05.30 19:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2012.03.21 11:16:48 | 001,296,384 | ---- | M] () -- C:\Program Files (x86)\OpenVPN\bin\openvpn-gui-20111130174916.exe MOD - [2010.03.23 12:26:48 | 000,201,512 | ---- | M] () -- C:\Program Files (x86)\Cisco Systems\VPN Client\vpnapi.dll MOD - [2005.09.21 02:57:56 | 004,325,376 | ---- | M] () -- C:\Program Files (x86)\Cisco Systems\VPN Client\qt-mt335.dll ========== Services (SafeList) ========== SRV:64bit: - [2011.01.15 20:00:02 | 000,048,128 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc) SRV:64bit: - [2010.09.22 06:05:24 | 000,165,032 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel(R) SRV:64bit: - [2010.02.11 02:50:50 | 000,072,296 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\SysNative\drivers\o2flash.exe -- (O2FLASH) SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.11.19 13:17:52 | 000,232,512 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service) SRV - [2012.11.19 13:14:57 | 002,009,664 | ---- | M] (Sophos Limited) [Auto | Stopped] -- C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe -- (swi_update_64) SRV - [2012.11.19 13:05:30 | 000,357,400 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe -- (Sophos Web Control Service) SRV - [2012.11.19 13:04:20 | 000,216,640 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService) SRV - [2012.11.19 13:00:47 | 002,869,824 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe -- (swi_service) SRV - [2012.11.19 12:55:56 | 000,139,840 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService) SRV - [2012.11.19 12:13:50 | 000,818,240 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Remote Management System\RouterNT.exe -- (Sophos Message Router) SRV - [2012.11.19 12:13:05 | 000,289,856 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Remote Management System\ManagementAgentNT.exe -- (Sophos Agent) SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.04.22 12:51:04 | 000,720,936 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2011.04.26 10:21:06 | 000,014,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService) SRV - [2011.03.04 22:13:20 | 003,427,696 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Programme\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe -- (TdmService) SRV - [2011.02.23 19:29:44 | 000,586,280 | R--- | M] (Ericsson AB) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe -- (WMCoreService) SRV - [2011.02.08 07:41:16 | 000,956,192 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2011.01.25 10:57:18 | 000,296,448 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\IDT\WDM\stacsv64.exe -- (STacSV) SRV - [2011.01.20 17:33:20 | 000,517,488 | ---- | M] (Dell Inc.) [Auto | Running] -- c:\Programme\Dell\Dell System Manager\DCPSysMgrSvc.exe -- (dcpsysmgrsvc) SRV - [2010.12.04 00:20:18 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010.12.04 00:20:16 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010.11.29 18:10:32 | 000,210,896 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service) SRV - [2010.11.03 22:48:42 | 002,117,120 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Programme\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService) SRV - [2010.10.28 20:05:50 | 000,036,768 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Programme\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe -- (Credential Vault Host Storage) SRV - [2010.10.28 20:05:48 | 001,035,680 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Programme\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe -- (Credential Vault Host Control Service) SRV - [2010.09.23 00:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.09.21 20:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.07.13 20:02:32 | 001,629,696 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe) SRV - [2010.03.23 12:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.03.03 11:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\IDT\WDM\AESTSr64.exe -- (AESTFilters) SRV - [2003.04.19 03:06:26 | 000,008,192 | ---- | M] () [Auto | Running] -- c:\Windows\SysWOW64\srvany.exe -- (O2SDIOAssist) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.11.19 13:12:45 | 000,036,640 | ---- | M] (Sophos Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdcfilter.sys -- (sdcfilter) DRV:64bit: - [2012.11.19 13:01:07 | 000,144,672 | ---- | M] (Sophos Limited) [File_System | System | Running] -- C:\Windows\SysNative\drivers\savonaccess.sys -- (SAVOnAccess) DRV:64bit: - [2012.06.20 10:14:18 | 000,025,608 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\SophosBootDriver.sys -- (SophosBootDriver) DRV:64bit: - [2012.04.25 11:11:36 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.04.22 12:51:38 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.08.01 14:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:64bit: - [2011.07.20 16:37:56 | 000,342,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) DRV:64bit: - [2011.06.23 19:44:07 | 000,349,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL) DRV:64bit: - [2011.06.23 19:44:07 | 000,138,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2011.06.23 19:44:07 | 000,107,560 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2011.06.23 19:44:07 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2011.06.23 19:44:07 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2011.04.26 10:21:06 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901) DRV:64bit: - [2011.03.28 19:37:28 | 012,256,544 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011.03.23 22:51:32 | 000,083,560 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2sdjw7x64.sys -- (O2SDJRDR) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.02.08 19:13:50 | 000,276,520 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WwanUsbMp64.sys -- (WwanUsbServ) DRV:64bit: - [2011.01.25 10:57:18 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2011.01.15 20:00:00 | 000,022,592 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY) DRV:64bit: - [2011.01.15 19:59:54 | 004,719,680 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2011.01.06 05:47:12 | 000,343,160 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService) DRV:64bit: - [2011.01.03 23:19:56 | 000,074,984 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\O2MDRw7x64.sys -- (O2MDRRDR) DRV:64bit: - [2011.01.03 21:04:44 | 000,072,808 | ---- | M] (O2Micro ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\o2mdfw7x64.sys -- (O2MDFRDR) DRV:64bit: - [2010.12.02 01:02:16 | 000,101,416 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\d554gps64.sys -- (d554gps) DRV:64bit: - [2010.11.21 04:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 04:23:48 | 000,168,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc60.sys -- (netvsc) DRV:64bit: - [2010.11.21 04:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub) DRV:64bit: - [2010.11.21 04:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc) DRV:64bit: - [2010.11.21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010.11.21 04:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt) DRV:64bit: - [2010.11.21 04:23:48 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusVideoM.sys -- (SynthVid) DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.11.19 19:39:28 | 000,061,992 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\d554scard.sys -- (d554scard) DRV:64bit: - [2010.11.06 03:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.11.01 01:43:10 | 000,472,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Mbm3Mdm.sys -- (Mbm3Mdm) DRV:64bit: - [2010.11.01 01:43:10 | 000,419,912 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Mbm3DevMt.sys -- (Mbm3DevMt) DRV:64bit: - [2010.11.01 01:43:10 | 000,411,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Mbm3CBus.sys -- (Mbm3CBus) DRV:64bit: - [2010.11.01 01:43:10 | 000,019,528 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Mbm3mdfl.sys -- (Mbm3mdfl) DRV:64bit: - [2010.10.20 01:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010.10.15 10:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2010.09.02 08:18:46 | 000,021,504 | ---- | M] (Shrew Soft Inc) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\vfilter.sys -- (vflt) DRV:64bit: - [2010.09.02 08:18:46 | 000,017,408 | ---- | M] (Shrew Soft Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\virtualnet.sys -- (vnet) DRV:64bit: - [2010.08.24 23:46:02 | 000,038,440 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cvusbdrv.sys -- (cvusbdrv) DRV:64bit: - [2010.03.23 12:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV:64bit: - [2010.02.24 04:25:30 | 000,030,248 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wwussf64.sys -- (ecnssndisfltr) DRV:64bit: - [2010.02.24 04:25:30 | 000,026,664 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wwuss64.sys -- (ecnssndis) DRV:64bit: - [2010.02.08 07:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA) DRV:64bit: - [2009.09.16 22:08:48 | 000,172,960 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2008.11.16 17:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE) DRV:64bit: - [2008.06.04 19:14:00 | 000,032,240 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PBADRV.SYS -- (PBADRV) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de IE - HKCU\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0a1 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( ) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: d:\benutzer\DailyDose\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: d:\benutzer\DailyDose\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Nightly 19.0a1\extensions\\Components: C:\PROGRAM FILES\NIGHTLY\COMPONENTS [2012.11.15 09:18:45 | 000,000,000 | ---D | M] 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Nightly 19.0a1\extensions\\Plugins: C:\PROGRAM FILES\NIGHTLY\PLUGINS FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Optimization Client\addon\ FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.08.26 18:30:32 | 000,000,000 | ---D | M] [2012.11.15 09:18:52 | 000,000,000 | ---D | M] (No name found) -- d:\benutzer\DailyDose\AppData\Roaming\mozilla\Extensions [2012.11.15 09:15:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.06.20 04:39:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.08.26 18:30:30 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll [2012.06.28 16:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}, CHR - homepage: hxxp://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = d:\benutzer\DailyDose\AppData\Local\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = d:\benutzer\DailyDose\AppData\Local\Google\Chrome\Application\23.0.1271.64\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = d:\benutzer\DailyDose\AppData\Local\Google\Chrome\Application\23.0.1271.64\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL CHR - plugin: Java Deployment Toolkit 7.0.50.5 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll CHR - plugin: Google Update (Enabled) = d:\benutzer\DailyDose\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - Extension: Angry Birds = d:\benutzer\DailyDose\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\ CHR - Extension: 3DTin = d:\benutzer\DailyDose\AppData\Local\Google\Chrome\User Data\Default\Extensions\algoakekcdmbbikdjgjdahbfihboglmi\1.1_0\ CHR - Extension: YouTube = d:\benutzer\DailyDose\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google-Suche = d:\benutzer\DailyDose\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: YouTube to mp3 (YouTube para mp3) = d:\benutzer\DailyDose\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjbocjlkojbicepeolmlkpjihlmkdebn\1.0_0\ CHR - Extension: RealPlayer HTML5Video Downloader Extension = d:\benutzer\DailyDose\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\ CHR - Extension: YouTube Downloader: MP3 / HD Video Download = d:\benutzer\DailyDose\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkkeahicimadnjhdamcladhobabaafbg\13.0_0\ CHR - Extension: Youtube MP3 + Video Downloader = d:\benutzer\DailyDose\AppData\Local\Google\Chrome\User Data\Default\Extensions\magnmielaieppaikfanmmcikphdbkkki\1.3.13.0_0\ CHR - Extension: Youtube MP3 + Video Downloader | 1-Click Download = d:\benutzer\DailyDose\AppData\Local\Google\Chrome\User Data\Default\Extensions\mndodlfhmlpbndlojoinhgibacnpgajk\1.0.15.1_0\ CHR - Extension: Google Mail = d:\benutzer\DailyDose\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe (Sophos Limited) O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKCU..\Run: [] File not found O4 - HKCU..\Run: [Efubriiqz] d:\benutzer\DailyDose\AppData\Roaming\Aqoqlo\nyuq.exe () O4 - HKCU..\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe (Nokia) O4 - HKCU..\Run: [Video Performer63615.exe] "d:\benutzer\DailyDose\AppData\Local\Temp\Video Performer63615.exe" /XML="d:\benutzer\DailyDose\AppData\Local\Temp\90FE.tmp" /STP=0:2 File not found O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: d:\benutzer\DailyDose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Chatter Desktop.lnk = C:\Program Files (x86)\salesforce.com\Chatter Desktop\Chatter Desktop.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\New Windows present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogonScripts = 0 O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - d:\benutzer\DailyDose\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - d:\benutzer\DailyDose\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000014 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000016 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000028 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000029 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc) O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15:64bit: - ..Trusted Domains: solution.local ([]http in Trusted sites) O15 - HKCU\..Trusted Domains: solution.local ([]http in Trusted sites) O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 10.5.1) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.7.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.11.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = solution.local O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0C404084-3182-48FB-AE83-645E3B00FEC0}: DhcpNameServer = 192.168.11.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\saphtmlp - No CLSID value found O18:64bit: - Protocol\Handler\sapr3 - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll (SAP, Walldorf) O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll (SAP, Walldorf) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL) - C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL (Sophos Limited) O20 - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Limited) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20:64bit: - Winlogon\Notify\spba: DllName - (C:\Program Files\Common Files\SPBA\homefus2.dll) - C:\Programme\Common Files\SPBA\homefus2.dll (UPEK Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O30:64bit: - LSA: Authentication Packages - (wvauth) - C:\Windows\SysNative\wvauth.dll (Wave Systems Corp.) O30 - LSA: Authentication Packages - (wvauth) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012.11.19 14:05:34 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.11.23 11:21:28 | 000,602,112 | ---- | C] (OldTimer Tools) -- d:\benutzer\DailyDose\Desktop\OTL.exe [2012.11.23 10:37:00 | 000,000,000 | ---D | C] -- d:\benutzer\DailyDose\AppData\Roaming\Malwarebytes [2012.11.23 10:36:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.11.23 10:36:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.11.23 10:36:45 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.11.23 10:36:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.11.19 15:44:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2012.11.19 15:44:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2012.11.19 15:44:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2012.11.19 15:37:09 | 000,000,000 | ---D | C] -- d:\benutzer\DailyDose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos [2012.11.19 14:05:24 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group [2012.11.19 14:05:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard [2012.11.19 13:52:59 | 000,000,000 | ---D | C] -- d:\benutzer\DailyDose\AppData\Roaming\SpeedyPC Software [2012.11.19 13:52:59 | 000,000,000 | ---D | C] -- d:\benutzer\DailyDose\AppData\Roaming\DriverCure [2012.11.19 13:52:52 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software [2012.11.19 13:26:36 | 000,037,400 | ---- | C] (Sophos Limited) -- C:\Windows\SysNative\SophosBootTasks.exe [2012.11.19 13:26:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Cisco Systems [2012.11.19 13:26:10 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.11.19 13:12:44 | 000,036,640 | ---- | C] (Sophos Limited) -- C:\Windows\SysNative\drivers\sdcfilter.sys [2012.11.19 13:01:05 | 000,144,672 | ---- | C] (Sophos Limited) -- C:\Windows\SysNative\drivers\savonaccess.sys [2012.11.19 12:56:48 | 000,183,024 | ---- | C] (Sophos Plc) -- C:\Windows\SysNative\sdccoinstaller.dll [2012.11.19 12:35:36 | 000,000,000 | ---D | C] -- C:\fixupdate [2012.11.19 12:04:03 | 000,212,032 | ---- | C] (Sophos Limited) -- d:\benutzer\DailyDose\Desktop\FixIssues.exe [2012.11.17 23:57:39 | 000,000,000 | ---D | C] -- d:\benutzer\DailyDose\Desktop\Auto-Fotos [2012.11.15 09:18:47 | 000,000,000 | ---D | C] -- d:\benutzer\DailyDose\AppData\Roaming\Mozilla [2012.11.15 09:18:44 | 000,000,000 | ---D | C] -- C:\Program Files\Nightly [2012.11.13 21:49:43 | 000,000,000 | ---D | C] -- d:\benutzer\DailyDose\AppData\Local\Sophos [2012.11.13 21:35:07 | 000,000,000 | ---D | C] -- d:\benutzer\DailyDose\AppData\Roaming\Lyhu [2012.11.13 21:35:07 | 000,000,000 | ---D | C] -- d:\benutzer\DailyDose\AppData\Roaming\Eswat [2012.11.13 21:35:07 | 000,000,000 | ---D | C] -- d:\benutzer\DailyDose\AppData\Roaming\Aqoqlo [2012.11.12 20:38:14 | 000,000,000 | ---D | C] -- d:\benutzer\DailyDose\Documents\ScreenCam [2012.11.12 20:37:26 | 000,000,000 | ---D | C] -- C:\ProgramData\SFlash [2012.11.12 20:37:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ScreenCam [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.11.23 11:21:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- d:\benutzer\DailyDose\Desktop\OTL.exe [2012.11.23 11:20:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.11.23 11:19:15 | 000,000,000 | ---- | M] () -- d:\benutzer\DailyDose\defogger_reenable [2012.11.23 11:18:52 | 000,050,477 | ---- | M] () -- d:\benutzer\DailyDose\Desktop\Defogger.exe [2012.11.23 10:40:00 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1766616536-2676184462-1655401747-6430UA.job [2012.11.23 09:40:00 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1766616536-2676184462-1655401747-6430Core.job [2012.11.23 09:20:00 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.11.23 09:05:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.22 16:11:49 | 000,171,297 | ---- | M] () -- d:\benutzer\DailyDose\Desktop\audia6.pdf [2012.11.19 15:44:54 | 000,001,128 | ---- | M] () -- d:\benutzer\DailyDose\Desktop\Spybot - Search & Destroy.lnk [2012.11.19 15:37:09 | 000,003,177 | ---- | M] () -- d:\benutzer\DailyDose\Desktop\Sophos Virus Removal Tool.lnk [2012.11.19 14:05:34 | 000,000,000 | ---- | M] () -- C:\autoexec.bat [2012.11.19 13:12:45 | 000,036,640 | ---- | M] (Sophos Limited) -- C:\Windows\SysNative\drivers\sdcfilter.sys [2012.11.19 13:01:07 | 000,144,672 | ---- | M] (Sophos Limited) -- C:\Windows\SysNative\drivers\savonaccess.sys [2012.11.19 13:00:03 | 000,037,400 | ---- | M] (Sophos Limited) -- C:\Windows\SysNative\SophosBootTasks.exe [2012.11.19 12:56:50 | 000,183,024 | ---- | M] (Sophos Plc) -- C:\Windows\SysNative\sdccoinstaller.dll [2012.11.19 12:27:08 | 000,226,186 | ---- | M] () -- C:\FixUpdate.vbs [2012.11.19 12:04:03 | 000,212,032 | ---- | M] (Sophos Limited) -- d:\benutzer\DailyDose\Desktop\FixIssues.exe [2012.11.15 20:02:19 | 001,621,244 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.11.15 20:02:19 | 000,700,418 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.11.15 20:02:19 | 000,655,090 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.11.15 20:02:19 | 000,149,182 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.11.15 20:02:19 | 000,121,962 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.11.15 08:59:30 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.15 08:59:30 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.15 08:53:46 | 000,001,006 | ---- | M] () -- d:\benutzer\DailyDose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Chatter Desktop.lnk [2012.11.15 08:52:08 | 2053,816,319 | -HS- | M] () -- C:\hiberfil.sys [2012.11.12 19:56:13 | 000,085,465 | ---- | M] () -- d:\benutzer\DailyDose\Desktop\Liniennetz_Tag.pdf [2012.11.07 14:35:43 | 000,035,945 | ---- | M] () -- d:\benutzer\DailyDose\Desktop\Clipboard02.png [2012.11.07 14:34:05 | 000,230,129 | ---- | M] () -- d:\benutzer\DailyDose\Desktop\milesAndMore_antrag.pdf [2012.11.07 13:24:35 | 000,041,825 | ---- | M] () -- d:\benutzer\DailyDose\Desktop\NetWeaverGesamt.gif [2012.11.03 12:33:59 | 000,053,528 | ---- | M] () -- d:\benutzer\DailyDose\Desktop\standort_heilbronn_wohlgelegen.jpg [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.11.23 11:20:47 | 000,050,477 | ---- | C] () -- d:\benutzer\DailyDose\Desktop\Defogger.exe [2012.11.23 11:19:15 | 000,000,000 | ---- | C] () -- d:\benutzer\DailyDose\defogger_reenable [2012.11.19 14:05:34 | 000,000,000 | ---- | C] () -- C:\autoexec.bat [2012.11.15 09:18:45 | 000,000,876 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nightly.lnk [2012.11.12 19:56:12 | 000,085,465 | ---- | C] () -- d:\benutzer\DailyDose\Desktop\Liniennetz_Tag.pdf [2012.11.07 14:35:43 | 000,035,945 | ---- | C] () -- d:\benutzer\DailyDose\Desktop\Clipboard02.png [2012.11.07 14:34:05 | 000,230,129 | ---- | C] () -- d:\benutzer\DailyDose\Desktop\milesAndMore_antrag.pdf [2012.11.07 13:24:35 | 000,041,825 | ---- | C] () -- d:\benutzer\DailyDose\Desktop\NetWeaverGesamt.gif [2012.11.03 12:33:59 | 000,053,528 | ---- | C] () -- d:\benutzer\DailyDose\Desktop\standort_heilbronn_wohlgelegen.jpg [2012.09.19 20:47:15 | 000,120,620 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat [2012.09.18 13:45:40 | 000,000,035 | ---- | C] () -- d:\benutzer\DailyDose\.sapmc [2012.08.14 18:07:39 | 000,001,473 | ---- | C] () -- d:\benutzer\DailyDose\AppData\Local\recently-used.xbel [2012.07.01 15:53:24 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI [2012.06.20 09:55:19 | 000,008,180 | RHS- | C] () -- d:\benutzer\DailyDose\ntuser.pol [2012.06.20 09:51:42 | 000,002,208 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2011.06.29 08:35:00 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011.06.29 08:30:57 | 000,095,744 | ---- | C] () -- C:\Windows\SysWow64\h5rtf32.dll [2011.06.29 08:30:57 | 000,051,200 | ---- | C] () -- C:\Windows\SysWow64\h5tool32.dll [2011.06.29 08:30:56 | 001,064,960 | ---- | C] () -- C:\Windows\SysWow64\h5krnl32.dll [2011.06.29 08:30:56 | 000,188,928 | ---- | C] () -- C:\Windows\SysWow64\h5icon32.dll [2011.06.29 08:30:56 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\h5menu32.dll [2011.06.23 21:31:44 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011.06.23 21:31:44 | 000,207,376 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011.06.23 21:31:43 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2011.06.23 19:51:09 | 000,080,368 | ---- | C] () -- C:\Windows\SysWow64\pbadrvdll.dll [2011.06.23 19:48:48 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\instsrv.exe [2011.06.23 19:48:48 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe [2011.06.23 19:46:22 | 000,030,028 | R--- | C] () -- C:\Windows\ConnectionProfiles.dat [2011.02.11 19:06:36 | 001,599,138 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.11.13 21:35:07 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Roaming\Aqoqlo [2012.11.19 13:52:59 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Roaming\DriverCure [2012.07.14 19:53:18 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Roaming\DVDVideoSoft [2012.07.14 19:53:08 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Roaming\DVDVideoSoftIEHelpers [2012.11.13 21:35:07 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Roaming\Eswat [2012.09.07 13:50:44 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Roaming\ICQ [2012.11.23 11:22:37 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Roaming\Lyhu [2012.07.31 21:06:08 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Roaming\Nokia [2012.10.07 18:48:57 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Roaming\Notepad++ [2012.07.31 20:49:48 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Roaming\PC Suite [2012.11.13 22:07:51 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Roaming\Samsung [2012.06.20 10:09:50 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Roaming\SAP [2012.06.22 07:33:57 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Roaming\sfdc-desktop.0E7F0072024938CDBA99B20C38B5F315254C2A5B.1 [2012.11.19 13:52:59 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Roaming\SpeedyPC Software ========== Purity Check ========== < End of report > Extras: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 23.11.2012 11:23:16 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = d:\benutzer\DailyDose\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,88 Gb Total Physical Memory | 4,94 Gb Available Physical Memory | 62,65% Memory free
15,77 Gb Paging File | 13,08 Gb Available in Paging File | 82,95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 59,95 Gb Total Space | 20,35 Gb Free Space | 33,95% Space Free | Partition Type: NTFS
Drive D: | 58,52 Gb Total Space | 47,02 Gb Free Space | 80,35% Space Free | Partition Type: NTFS
Computer Name: P1275 | User Name: DailyDose | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"" =
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{051C9F50-9EDD-4DF6-BB6D-A3B50BC8B6E5}" = lport=137 | protocol=17 | dir=in | app=system |
"{06811611-4E17-4813-974E-5A47E0D38100}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{218446C7-1E29-42FE-B51E-96D307EA9EAA}" = lport=138 | protocol=17 | dir=in | app=system |
"{30CDD2E9-B083-473E-A0EE-ACB3D1806A4A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{41C2473A-DD86-4CFB-AEFB-547B38610D1A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4FA6C55D-AE73-4942-9C7D-69F97394B300}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{503555BB-543E-4322-BB97-A0F1F2398CCB}" = lport=445 | protocol=6 | dir=in | app=system |
"{6F6BBB5C-9127-4311-B8D1-D72E156B21AB}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{76BF1C4B-CD18-447C-9337-ED2840211FDF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{97877BB8-E89C-421B-B686-184FF90283CB}" = lport=139 | protocol=6 | dir=in | app=system |
"{AD16DD12-8082-47B3-8228-59464BCE2A23}" = rport=138 | protocol=17 | dir=out | app=system |
"{C5EE2ABE-E641-49D1-BDDB-E3DC52E24C43}" = rport=137 | protocol=17 | dir=out | app=system |
"{C7BE1FE4-1A46-4896-9442-4DF37F67784A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{D6F44192-5580-47C4-B2F6-BAC5F59544BD}" = rport=139 | protocol=6 | dir=out | app=system |
"{E527BBB1-C6C4-4CBA-96F0-9C3B0AD99D45}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{F9C5D6C4-EA18-4CD9-A82F-7D9548DBFC3E}" = rport=445 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04149250-B4E5-4C9E-8FFC-53AD7E8507BA}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{05905DA8-5E9C-401C-9C31-27204EABDCE4}" = dir=in | app=c:\program files (x86)\samsung\allshare\allshare.exe |
"{0AFAB201-1A43-4021-BBBB-8F5332A22E5E}" = dir=in | app=c:\program files (x86)\samsung\allshare\allsharedms\allsharedms.exe |
"{17DEABE2-6A2A-4890-BCA0-B401F481B2CA}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{37B8E21F-1D71-4714-A104-1FCAE6FE37D5}" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"{4B0B3ABB-0B9C-448F-B491-06E89E8D7965}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{4C6011F2-DE9F-4B06-BD51-17D48F0522DC}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{4DBB64EC-28E2-4E83-953A-46A56D9C597F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{5EDC1386-4C48-43F7-80A1-675802B09BD5}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe |
"{75A85B26-CFA5-4531-90B0-E7E9328500A5}" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"{800BAECD-D0F9-4456-8DE2-C91D43C823A6}" = dir=in | app=c:\program files (x86)\samsung\allshare\allshareagent.exe |
"{864E1CF7-AE6A-4F47-B968-947CD4067DB5}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe |
"{8971D633-8EF2-4681-8530-07DA31BC37D3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A3C52D44-B49C-424A-A3AB-D96E628EB047}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe |
"{A60A2B87-0D32-43BF-AA65-357B79512C8F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A96893EA-6D4F-4BAF-96AA-E080F40C7830}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{AADE7A65-E549-4F7A-875B-5DE653706428}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe |
"{B10A8CD9-94F7-46C6-807D-C048D937BD2D}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe |
"{B8602F01-7B14-4EAE-BD74-21BC3E20B1F9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BDDBB28C-57B5-4738-93DA-E05CA1947230}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{D8BCFC13-5FC1-4739-A4E2-A92E02AEC117}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{E01B6FCF-963C-4FC4-8052-5503E007E56C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E0A72312-9A08-4DAF-84C5-7EC7D428F5B8}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe |
"{E2284230-8E92-4E23-813E-3E42F9848542}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{F73EDF71-B8E7-413A-8B58-57C69A53A9EC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"TCP Query User{0B7DDD35-EAF2-40E3-AB1F-27274B7948C7}D:\nwds 7.3\eclipse\sapnetweaverdeveloperstudio.exe" = protocol=6 | dir=in | app=d:\nwds 7.3\eclipse\sapnetweaverdeveloperstudio.exe |
"TCP Query User{32D4C93E-48D5-4014-8A76-BA94B3B5AF32}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"TCP Query User{33F8A5F9-CB90-4E36-8895-DCBA96547F84}C:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"TCP Query User{513919BE-36FC-40D2-8F3B-68EB0FAB0AE7}D:\benutzer\DailyDose\appdata\roaming\aqoqlo\nyuq.exe" = protocol=6 | dir=in | app=d:\benutzer\DailyDose\appdata\roaming\aqoqlo\nyuq.exe |
"TCP Query User{CC64E60B-8725-4E86-BCAF-F7A4A462B67B}D:\nwds 7.3\eclipse\sapnetweaverdeveloperstudio.exe" = protocol=6 | dir=in | app=d:\nwds 7.3\eclipse\sapnetweaverdeveloperstudio.exe |
"TCP Query User{D260B910-D709-4897-82F0-F447BECA5F0C}C:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"UDP Query User{1C35AA58-82F4-46E5-9E87-28CF2F6A489C}D:\nwds 7.3\eclipse\sapnetweaverdeveloperstudio.exe" = protocol=17 | dir=in | app=d:\nwds 7.3\eclipse\sapnetweaverdeveloperstudio.exe |
"UDP Query User{36B3B263-D059-4B99-A1F5-F845A9F299CE}C:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"UDP Query User{3772CC24-27E4-4CDE-AD20-16803E62898A}D:\nwds 7.3\eclipse\sapnetweaverdeveloperstudio.exe" = protocol=17 | dir=in | app=d:\nwds 7.3\eclipse\sapnetweaverdeveloperstudio.exe |
"UDP Query User{37C15551-215E-4337-93EA-718E2357EC39}C:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"UDP Query User{60673E00-2D3D-4395-B664-871E3499AFBE}D:\benutzer\DailyDose\appdata\roaming\aqoqlo\nyuq.exe" = protocol=17 | dir=in | app=d:\benutzer\DailyDose\appdata\roaming\aqoqlo\nyuq.exe |
"UDP Query User{6141B2A0-2DAF-4833-89AF-916E62EB3BEC}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software Installer
"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"{1111706F-666A-4037-7777-211648764D10}" = JavaFX 2.1.1 (64-bit)
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{2222706F-666A-4037-7777-211648764D10}" = JavaFX 2.1.1 SDK (64-bit)
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java(TM) 6 Update 24 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java(TM) 7 Update 5 (64-bit)
"{2EECD5EF-5095-467C-B80C-4AB3096EFD60}" = SPBA 5.9
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
"{3DCDFCDB-4D96-4CF0-9BB3-C91DAE9073F3}" = PC-CCID
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{4E60E212-3177-4B16-BCB3-616CCC52357D}" = Upek Touchchip Fingerprint Reader
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{64A3A4F4-B792-11D6-A78A-00B0D0170000}" = Java(TM) SE Development Kit 7 (64-bit)
"{64A3A4F4-B792-11D6-A78A-00B0D0170050}" = Java SE Development Kit 7 Update 5 (64-bit)
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6AC87FB3-ACFC-4416-890C-8976D5A9B371}" = Trusted Drive Manager
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7206B668-FEE0-455B-BB1F-9B5A2E0EC94A}" = Custom
"{75E0B85A-085F-4BA3-B2BF-1995AFD8024D}" = NTRU TCG Software Stack
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A6B4FE2-7CC4-4DAC-BC68-D9E170B758FD}" = Dell ControlVault Host Components Installer 64 bit
"{8C9B6B1F-0A8E-402A-A60C-110BBB38D67E}" = Intel(R) Network Connections 15.7.176.1
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{91CE5F03-3A2A-4268-935A-04944F058AE9}" = Gemalto
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DAED4FC-2B0E-4F3F-8141-F2ABF02CCFCB}" = BioAPI Framework
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Data Protection | Access
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"{F52ABC1D-5EA4-4FDD-8E5F-CA31428570C0}" = Wave Infrastructure Installer
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F839C6BD-E92E-48FA-9CE6-7BFAF94F7096}" = DellAccess
"{FDF509ED-9624-4FDE-9BAA-9566C186AB96}" = Dell System Manager
"9512AA21B791B05A54E27065C45BBC417AB282DF" = Windows-Treiberpaket - Dell Inc. PBADRV System (09/11/2009 1.0.1.6)
"DW WLAN Card Utility" = DW WLAN Card Utility
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"GIMP-2_is1" = GIMP 2.8.0
"GPL Ghostscript 9.05" = GPL Ghostscript
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Nightly 19.0a1 (x64 en-US)" = Nightly 19.0a1 (x64 en-US)
"PROSetDX" = Intel(R) Network Connections 15.7.176.1
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{013FA6FF-9BDA-4FFF-A4E6-B7EA5C6505CF}" = WoLoSoft CopyPath
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BA13348-6283-69B1-FC00-77C8FB034FD5}" = Chatter Desktop
"{0CB3B7EE-52C7-4136-AF40-605567D90318}" = O2Micro Flash Memory Card Windows Driver
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{23EEC842-57ED-4055-A056-9D4185DFB1AA}" = Dell Mobile Broadband Manager
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2C43790E-8470-1027-82D3-DF319F3C410F}" = Intel(R) Identity Protection Technology 1.0.71.0
"{32A3A4F4-B792-11D6-A78A-00B0D0160310}" = Java(TM) SE Development Kit 6 Update 31
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E4E65EE-C456-45AC-B5AD-C62C3A325BD0}" = Dell Data Protection | Access | Drivers
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}" = ICQ7M
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7964AE02-9127-42C0-A917-2CE4CD4EFE3B}" = Nokia Suite
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841CBDD5-4BB5-403E-AEE3-2FADC3890BE8}" = Dell Data Protection | Access | Middleware
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_SMALLBUSINESS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_SMALLBUSINESS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_SMALLBUSINESS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_SMALLBUSINESS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_SMALLBUSINESS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_SMALLBUSINESS_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_SMALLBUSINESS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_SMALLBUSINESS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_SMALLBUSINESS_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_SMALLBUSINESS_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_SMALLBUSINESS_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_SMALLBUSINESS_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00CA-0000-0000-0000000FF1CE}" = Microsoft Office Small Business 2007
"{90120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-004E-0407-0000-0000000FF1CE}" = Microsoft Outlook Connector für soziale Netzerker 32-Bit
"{95140000-007C-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Facebook 32-bit
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}" = Sophos Anti-Virus
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9D583F01-A973-4B04-90BD-FB7886779090}" = Dell Wireless HSPA Mini-Card Drivers
"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7D91856-258D-4C87-8041-B170851CE432}" = Dell Data Protection | Access
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B829E117-D072-41EA-9606-9826A38D34C1}" = Sophos Virus Removal Tool
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA5B2BDC-F654-4A88-A669-4D34BC7846A1}" = PC Connectivity Solution
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FED1005D-CBC8-45D5-A288-FFC7BB304121}" = Sophos Remote Management System
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"Dell Webcam Central" = Dell Webcam Central
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.26.706
"FreePDF_XP" = FreePDF (Remove only)
"InstallShield_{0CB3B7EE-52C7-4136-AF40-605567D90318}" = O2Micro Flash Memory Card Windows Driver
"IrfanView" = IrfanView (remove only)
"LinkedIn Outlook Connector" = LinkedIn Outlook Connector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Nokia Suite" = Nokia Suite
"Notepad++" = Notepad++
"OpenVPN" = OpenVPN 2.2.0
"RealPlayer 15.0" = RealPlayer
"SAPBI" = SAP Business Explorer
"SAPGUI710" = SAP GUI for Windows 7.20
"sfdc-desktop.0E7F0072024938CDBA99B20C38B5F315254C2A5B.1" = Chatter Desktop
"SMALLBUSINESS" = Microsoft Office Small Business 2007
"SopCast" = SopCast 3.5.0
"VLC media player" = VLC media player 2.0.2
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"XING Connector" = XING Connector 1.2
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 13.11.2012 13:56:47 | Computer Name = P1275.solution.local | Source = Bonjour Service | ID = 100
Description = 204: ERROR: read_msg errno 0 (Der Vorgang wurde erfolgreich beendet.)
Error - 13.11.2012 14:02:16 | Computer Name = P1275.solution.local | Source = Sophos Message Router | ID = 8005
Description = DNS Lookup schlug bei Auflösung folgender Adressen fehl: sv076,sv076.solution.local.%3
Error - 13.11.2012 16:18:03 | Computer Name = P1275.solution.local | Source = Sophos Message Router | ID = 8006
Description = Die Netzwerkidentität (Interoperable Object Reference oder IOR) des
lokalen Computers ist ungültig.%3
Error - 13.11.2012 16:24:54 | Computer Name = P1275.solution.local | Source = Sophos Message Router | ID = 8006
Description = Die Netzwerkidentität (Interoperable Object Reference oder IOR) des
lokalen Computers ist ungültig.%3
Error - 13.11.2012 16:35:41 | Computer Name = P1275.solution.local | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 16.0.2.4680 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 428 Startzeit:
01cdc1de528b48c7 Endzeit: 37 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID:
ad0c37e0-2dd1-11e2-bfde-08edb9dc23cc
Error - 13.11.2012 16:36:06 | Computer Name = P1275.solution.local | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 16.0.2.4680 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 36c4 Startzeit:
01cdc1de73fed949 Endzeit: 7 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID:
bd0cd3bc-2dd1-11e2-bfde-08edb9dc23cc
Error - 13.11.2012 16:40:46 | Computer Name = P1275.solution.local | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: chrome.exe, Version: 22.0.1229.94,
Zeitstempel: 0x507531a4 Name des fehlerhaften Moduls: chrome.dll, Version: 22.0.1229.94,
Zeitstempel: 0x50753154 Ausnahmecode: 0x80000003 Fehleroffset: 0x00557c64 ID des fehlerhaften
Prozesses: 0x3be8 Startzeit der fehlerhaften Anwendung: 0x01cdc1de7c3fdaaa Pfad der
fehlerhaften Anwendung: d:\benutzer\DailyDose\AppData\Local\Google\Chrome\Application\chrome.exe
Pfad
des fehlerhaften Moduls: d:\benutzer\DailyDose\AppData\Local\Google\Chrome\Application\22.0.1229.94\chrome.dll
Berichtskennung:
6659c66f-2dd2-11e2-bfde-08edb9dc23cc
Error - 13.11.2012 16:42:54 | Computer Name = P1275.solution.local | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: chrome.exe, Version: 22.0.1229.94,
Zeitstempel: 0x507531a4 Name des fehlerhaften Moduls: chrome.exe, Version: 22.0.1229.94,
Zeitstempel: 0x507531a4 Ausnahmecode: 0x80000003 Fehleroffset: 0x00013b30 ID des fehlerhaften
Prozesses: 0x3c10 Startzeit der fehlerhaften Anwendung: 0x01cdc1df2b2fc17e Pfad der
fehlerhaften Anwendung: d:\benutzer\DailyDose\AppData\Local\Google\Chrome\Application\chrome.exe
Pfad
des fehlerhaften Moduls: d:\benutzer\DailyDose\AppData\Local\Google\Chrome\Application\chrome.exe
Berichtskennung:
b29f4685-2dd2-11e2-bfde-08edb9dc23cc
Error - 13.11.2012 16:47:22 | Computer Name = P1275.solution.local | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: chrome.exe, Version: 22.0.1229.94,
Zeitstempel: 0x507531a4 Name des fehlerhaften Moduls: RPCRT4.dll, Version: 6.1.7601.17514,
Zeitstempel: 0x4ce7ba59 Ausnahmecode: 0xc0020043 Fehleroffset: 0x0005cd99 ID des fehlerhaften
Prozesses: 0x960 Startzeit der fehlerhaften Anwendung: 0x01cdc1df940bf14e Pfad der
fehlerhaften Anwendung: d:\benutzer\DailyDose\AppData\Local\Google\Chrome\Application\chrome.exe
Pfad
des fehlerhaften Moduls: C:\Windows\syswow64\RPCRT4.dll Berichtskennung: 525da4af-2dd3-11e2-bfde-08edb9dc23cc
Error - 13.11.2012 16:51:46 | Computer Name = P1275.solution.local | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: chrome.exe, Version: 22.0.1229.94,
Zeitstempel: 0x507531a4 Name des fehlerhaften Moduls: RPCRT4.dll, Version: 6.1.7601.17514,
Zeitstempel: 0x4ce7ba59 Ausnahmecode: 0xc0020043 Fehleroffset: 0x0005cd99 ID des fehlerhaften
Prozesses: 0x4840 Startzeit der fehlerhaften Anwendung: 0x01cdc1e0a27bf5d7 Pfad der
fehlerhaften Anwendung: d:\benutzer\DailyDose\AppData\Local\Google\Chrome\Application\chrome.exe
Pfad
des fehlerhaften Moduls: C:\Windows\syswow64\RPCRT4.dll Berichtskennung: efb92ab8-2dd3-11e2-bfde-08edb9dc23cc
[ Broadcom Wireless LAN Events ]
Error - 26.07.2012 07:54:49 | Computer Name = P1275.solution.local | Source = WLAN-Tray | ID = 0
Description = 13:54:49, Thu, Jul 26, 12 Error - Unable to set enhanced country code
[ System Events ]
Error - 13.11.2012 09:53:31 | Computer Name = P1275.solution.local | Source = Microsoft-Windows-GroupPolicy | ID = 1054
Description = Fehler beim Verarbeiten der Gruppenrichtlinie. Der Name eines Domänencontrollers
konnte nicht abgerufen werden. Dies kann auf einen Fehler bei der Namensauflösung
zurückzuführen sein. Überprüfen Sie, ob DNS (Domain Name System) konfiguriert ist
und richtig ausgeführt wird.
Error - 13.11.2012 11:20:13 | Computer Name = P1275.solution.local | Source = Microsoft-Windows-GroupPolicy | ID = 1054
Description = Fehler beim Verarbeiten der Gruppenrichtlinie. Der Name eines Domänencontrollers
konnte nicht abgerufen werden. Dies kann auf einen Fehler bei der Namensauflösung
zurückzuführen sein. Überprüfen Sie, ob DNS (Domain Name System) konfiguriert ist
und richtig ausgeführt wird.
Error - 13.11.2012 13:22:10 | Computer Name = P1275.solution.local | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender
Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann
eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn
die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde
und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere
Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.
Error - 13.11.2012 13:57:22 | Computer Name = P1275.solution.local | Source = NETLOGON | ID = 5719
Description = Der Computer konnte eine sichere Sitzung mit einem Domänencontroller
in der Domäne solution aufgrund der folgenden Ursache nicht einrichten: %%1311
Dies
kann zu Authentifizierungsproblemen führen. Stellen Sie sicher, dass der Computer
mit dem Netzwerk verbunden ist. Wenden Sie sich an den Domänenadministrator, wenn
das Problem weiterhin besteht. ZUSÄTZLICHE INFORMATIONEN Wenn dieser Computer ein
Domänencontroller der bestimmten Domäne ist, wird eine sichere Sitzung zum primären
Domänencontrolleremulator
in der bestimmten Domäne eingerichtet. Andernfalls richtet dieser Computer eine
sichere Sitzung zu einem beliebigen Domänencontroller in der bestimmten Domäne ein.
Error - 13.11.2012 14:56:52 | Computer Name = P1275.solution.local | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender
Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann
eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn
die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde
und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere
Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.
Error - 13.11.2012 15:21:45 | Computer Name = P1275.solution.local | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender
Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann
eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn
die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde
und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere
Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.
Error - 14.11.2012 03:51:22 | Computer Name = P1275.solution.local | Source = NETLOGON | ID = 5719
Description = Der Computer konnte eine sichere Sitzung mit einem Domänencontroller
in der Domäne solution aufgrund der folgenden Ursache nicht einrichten: %%1311
Dies
kann zu Authentifizierungsproblemen führen. Stellen Sie sicher, dass der Computer
mit dem Netzwerk verbunden ist. Wenden Sie sich an den Domänenadministrator, wenn
das Problem weiterhin besteht. ZUSÄTZLICHE INFORMATIONEN Wenn dieser Computer ein
Domänencontroller der bestimmten Domäne ist, wird eine sichere Sitzung zum primären
Domänencontrolleremulator
in der bestimmten Domäne eingerichtet. Andernfalls richtet dieser Computer eine
sichere Sitzung zu einem beliebigen Domänencontroller in der bestimmten Domäne ein.
Error - 14.11.2012 03:54:56 | Computer Name = P1275.solution.local | Source = NETLOGON | ID = 5719
Description = Der Computer konnte eine sichere Sitzung mit einem Domänencontroller
in der Domäne solution aufgrund der folgenden Ursache nicht einrichten: %%1311
Dies
kann zu Authentifizierungsproblemen führen. Stellen Sie sicher, dass der Computer
mit dem Netzwerk verbunden ist. Wenden Sie sich an den Domänenadministrator, wenn
das Problem weiterhin besteht. ZUSÄTZLICHE INFORMATIONEN Wenn dieser Computer ein
Domänencontroller der bestimmten Domäne ist, wird eine sichere Sitzung zum primären
Domänencontrolleremulator
in der bestimmten Domäne eingerichtet. Andernfalls richtet dieser Computer eine
sichere Sitzung zu einem beliebigen Domänencontroller in der bestimmten Domäne ein.
Error - 14.11.2012 03:54:56 | Computer Name = P1275.solution.local | Source = Service Control Manager | ID = 7001
Description = Der Dienst "NTRU TSS v1.2.1.34 TCS" ist vom Dienst "TPM-Basisdienste"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%0
Error - 14.11.2012 03:55:00 | Computer Name = P1275.solution.local | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Sophos AutoUpdate Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%5
< End of report >
Geändert von DailyDose (23.11.2012 um 11:37 Uhr) |
| Themen zu Sophos meldet im Speicher: Troj/ZbotMem-B |
| 7-zip, administrator, anti-malware, antivirus, autostart, bösartige, dateien, enigma, explorer, google, gruppe, install.exe, installiert, malwarebytes, manuell, melde, meldet, minute, monitor.exe, mozilla, nichts, office 2007, openvpn, performer, plug-in, registrierung, scan, sekunden, service, sophos, speicher, trojaner, version, weiteres, youtube downloader, zbot trojaner, zbotmem-b, zitat |
Baum-Darstellung