Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Sophos meldet im Speicher: Troj/ZbotMem-B

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 23.11.2012, 10:14   #1
DailyDose
 
Sophos meldet im Speicher: Troj/ZbotMem-B - Standard

Sophos meldet im Speicher: Troj/ZbotMem-B



Hallo,
nachdem ich mein Sophos Antivirus auf Version 10.0 upgedatet habe, habe ich einen Scan gestartet. Dabei ist gleich nach wenigen Sekunden im Speicher der Troj/ZbotMem-B gefunden worden. Bereinigen usw. kann ich nicht, muss manuell geschehen.

Deshalb bin ich hier. Habe bereits Malwarebytes Anti-Malware 1.65.1.1000 installiert und einen vollständigen Suchlauf gestartet, hat aber nichts gefunden.

Zitat:
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.11.23.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
D259 :: P1275 [Administrator]

23.11.2012 10:38:00
mbam-log-2012-11-23 (10-38-00).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 483486
Laufzeit: 22 Minute(n), 34 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Bitte um weiteres Vorgehen.

PS: obwohl Internet Explorer im Zitat drin steht, benutze ich den nicht. Bei mir sind gerade Google Chrome 23.0.1271.64 m und Mozilla Nightly 19.0a1 aktiv (ich weiß, es ist eine alpha-Version, wollte diese allerdings ausprobieren).

defogger:
Zitat:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 11:20 on 23/11/2012 (DailyDose)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
OTL:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 23.11.2012 11:23:16 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = d:\benutzer\DailyDose\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,88 Gb Total Physical Memory | 4,94 Gb Available Physical Memory | 62,65% Memory free
15,77 Gb Paging File | 13,08 Gb Available in Paging File | 82,95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 59,95 Gb Total Space | 20,35 Gb Free Space | 33,95% Space Free | Partition Type: NTFS
Drive D: | 58,52 Gb Total Space | 47,02 Gb Free Space | 80,35% Space Free | Partition Type: NTFS
 
Computer Name: P1275 | User Name: DailyDose | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found -- 
PRC - [2012.11.23 11:21:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- d:\benutzer\DailyDose\Desktop\OTL.exe
PRC - [2012.11.19 13:18:41 | 000,900,160 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
PRC - [2012.11.19 13:17:52 | 000,232,512 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
PRC - [2012.11.19 13:05:30 | 000,357,400 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
PRC - [2012.11.19 13:04:20 | 000,216,640 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
PRC - [2012.11.19 13:00:47 | 002,869,824 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
PRC - [2012.11.19 12:55:56 | 000,139,840 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
PRC - [2012.11.19 12:13:50 | 000,818,240 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Remote Management System\RouterNT.exe
PRC - [2012.11.19 12:13:05 | 000,289,856 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Remote Management System\ManagementAgentNT.exe
PRC - [2012.11.04 21:04:03 | 000,142,336 | ---- | M] () -- C:\Program Files (x86)\salesforce.com\Chatter Desktop\Chatter Desktop.exe
PRC - [2012.08.26 18:30:27 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe
PRC - [2012.08.21 10:35:02 | 000,200,704 | ---- | M] () -- d:\benutzer\DailyDose\AppData\Roaming\Aqoqlo\nyuq.exe
PRC - [2012.04.22 12:51:04 | 000,720,936 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
PRC - [2012.04.22 12:50:32 | 000,148,520 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
PRC - [2012.03.21 11:16:48 | 001,296,384 | ---- | M] () -- C:\Program Files (x86)\OpenVPN\bin\openvpn-gui-20111130174916.exe
PRC - [2011.02.23 22:19:22 | 000,371,200 | ---- | M] (shbox.de) -- C:\Program Files (x86)\FreePDF_XP\fpassist.exe
PRC - [2011.02.23 19:29:44 | 000,586,280 | R--- | M] (Ericsson AB) -- C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe
PRC - [2010.12.04 00:20:18 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.12.04 00:20:16 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.11.29 18:10:32 | 000,210,896 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
PRC - [2010.08.14 02:25:08 | 000,223,848 | ---- | M] (O2Micro.) -- c:\Windows\SysWOW64\SDIOAssist.exe
PRC - [2010.03.23 12:22:46 | 001,549,088 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\vpngui.exe
PRC - [2010.03.23 12:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2003.04.19 03:06:26 | 000,008,192 | ---- | M] () -- c:\Windows\SysWOW64\srvany.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.11.14 08:58:29 | 004,775,040 | ---- | M] () -- C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\WebKit.dll
MOD - [2012.11.04 21:04:03 | 000,142,336 | ---- | M] () -- C:\Program Files (x86)\salesforce.com\Chatter Desktop\Chatter Desktop.exe
MOD - [2012.08.21 10:35:02 | 000,200,704 | ---- | M] () -- d:\benutzer\DailyDose\AppData\Roaming\Aqoqlo\nyuq.exe
MOD - [2012.05.30 19:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.05.30 19:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012.03.21 11:16:48 | 001,296,384 | ---- | M] () -- C:\Program Files (x86)\OpenVPN\bin\openvpn-gui-20111130174916.exe
MOD - [2010.03.23 12:26:48 | 000,201,512 | ---- | M] () -- C:\Program Files (x86)\Cisco Systems\VPN Client\vpnapi.dll
MOD - [2005.09.21 02:57:56 | 004,325,376 | ---- | M] () -- C:\Program Files (x86)\Cisco Systems\VPN Client\qt-mt335.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2011.01.15 20:00:02 | 000,048,128 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2010.09.22 06:05:24 | 000,165,032 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel(R)
SRV:64bit: - [2010.02.11 02:50:50 | 000,072,296 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\SysNative\drivers\o2flash.exe -- (O2FLASH)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.11.19 13:17:52 | 000,232,512 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service)
SRV - [2012.11.19 13:14:57 | 002,009,664 | ---- | M] (Sophos Limited) [Auto | Stopped] -- C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe -- (swi_update_64)
SRV - [2012.11.19 13:05:30 | 000,357,400 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe -- (Sophos Web Control Service)
SRV - [2012.11.19 13:04:20 | 000,216,640 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService)
SRV - [2012.11.19 13:00:47 | 002,869,824 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe -- (swi_service)
SRV - [2012.11.19 12:55:56 | 000,139,840 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService)
SRV - [2012.11.19 12:13:50 | 000,818,240 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Remote Management System\RouterNT.exe -- (Sophos Message Router)
SRV - [2012.11.19 12:13:05 | 000,289,856 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Remote Management System\ManagementAgentNT.exe -- (Sophos Agent)
SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.04.22 12:51:04 | 000,720,936 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011.04.26 10:21:06 | 000,014,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2011.03.04 22:13:20 | 003,427,696 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Programme\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe -- (TdmService)
SRV - [2011.02.23 19:29:44 | 000,586,280 | R--- | M] (Ericsson AB) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe -- (WMCoreService)
SRV - [2011.02.08 07:41:16 | 000,956,192 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2011.01.25 10:57:18 | 000,296,448 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\IDT\WDM\stacsv64.exe -- (STacSV)
SRV - [2011.01.20 17:33:20 | 000,517,488 | ---- | M] (Dell Inc.) [Auto | Running] -- c:\Programme\Dell\Dell System Manager\DCPSysMgrSvc.exe -- (dcpsysmgrsvc)
SRV - [2010.12.04 00:20:18 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010.12.04 00:20:16 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.11.29 18:10:32 | 000,210,896 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service)
SRV - [2010.11.03 22:48:42 | 002,117,120 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Programme\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2010.10.28 20:05:50 | 000,036,768 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Programme\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe -- (Credential Vault Host Storage)
SRV - [2010.10.28 20:05:48 | 001,035,680 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Programme\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe -- (Credential Vault Host Control Service)
SRV - [2010.09.23 00:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.09.21 20:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.07.13 20:02:32 | 001,629,696 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2010.03.23 12:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.03.03 11:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2003.04.19 03:06:26 | 000,008,192 | ---- | M] () [Auto | Running] -- c:\Windows\SysWOW64\srvany.exe -- (O2SDIOAssist)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.11.19 13:12:45 | 000,036,640 | ---- | M] (Sophos Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdcfilter.sys -- (sdcfilter)
DRV:64bit: - [2012.11.19 13:01:07 | 000,144,672 | ---- | M] (Sophos Limited) [File_System | System | Running] -- C:\Windows\SysNative\drivers\savonaccess.sys -- (SAVOnAccess)
DRV:64bit: - [2012.06.20 10:14:18 | 000,025,608 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\SophosBootDriver.sys -- (SophosBootDriver)
DRV:64bit: - [2012.04.25 11:11:36 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.04.22 12:51:38 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.08.01 14:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011.07.20 16:37:56 | 000,342,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2011.06.23 19:44:07 | 000,349,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)
DRV:64bit: - [2011.06.23 19:44:07 | 000,138,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2011.06.23 19:44:07 | 000,107,560 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2011.06.23 19:44:07 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2011.06.23 19:44:07 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2011.04.26 10:21:06 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2011.03.28 19:37:28 | 012,256,544 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.03.23 22:51:32 | 000,083,560 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2sdjw7x64.sys -- (O2SDJRDR)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.08 19:13:50 | 000,276,520 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WwanUsbMp64.sys -- (WwanUsbServ)
DRV:64bit: - [2011.01.25 10:57:18 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011.01.15 20:00:00 | 000,022,592 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2011.01.15 19:59:54 | 004,719,680 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2011.01.06 05:47:12 | 000,343,160 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2011.01.03 23:19:56 | 000,074,984 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\O2MDRw7x64.sys -- (O2MDRRDR)
DRV:64bit: - [2011.01.03 21:04:44 | 000,072,808 | ---- | M] (O2Micro ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\o2mdfw7x64.sys -- (O2MDFRDR)
DRV:64bit: - [2010.12.02 01:02:16 | 000,101,416 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\d554gps64.sys -- (d554gps)
DRV:64bit: - [2010.11.21 04:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:48 | 000,168,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc60.sys -- (netvsc)
DRV:64bit: - [2010.11.21 04:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010.11.21 04:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010.11.21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 04:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010.11.21 04:23:48 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusVideoM.sys -- (SynthVid)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.19 19:39:28 | 000,061,992 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\d554scard.sys -- (d554scard)
DRV:64bit: - [2010.11.06 03:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.11.01 01:43:10 | 000,472,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Mbm3Mdm.sys -- (Mbm3Mdm)
DRV:64bit: - [2010.11.01 01:43:10 | 000,419,912 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Mbm3DevMt.sys -- (Mbm3DevMt)
DRV:64bit: - [2010.11.01 01:43:10 | 000,411,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Mbm3CBus.sys -- (Mbm3CBus)
DRV:64bit: - [2010.11.01 01:43:10 | 000,019,528 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Mbm3mdfl.sys -- (Mbm3mdfl)
DRV:64bit: - [2010.10.20 01:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.10.15 10:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010.09.02 08:18:46 | 000,021,504 | ---- | M] (Shrew Soft Inc) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\vfilter.sys -- (vflt)
DRV:64bit: - [2010.09.02 08:18:46 | 000,017,408 | ---- | M] (Shrew Soft Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\virtualnet.sys -- (vnet)
DRV:64bit: - [2010.08.24 23:46:02 | 000,038,440 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cvusbdrv.sys -- (cvusbdrv)
DRV:64bit: - [2010.03.23 12:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010.02.24 04:25:30 | 000,030,248 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wwussf64.sys -- (ecnssndisfltr)
DRV:64bit: - [2010.02.24 04:25:30 | 000,026,664 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wwuss64.sys -- (ecnssndis)
DRV:64bit: - [2010.02.08 07:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2009.09.16 22:08:48 | 000,172,960 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008.11.16 17:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV:64bit: - [2008.06.04 19:14:00 | 000,032,240 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PBADRV.SYS -- (PBADRV)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de
IE - HKCU\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0a1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: d:\benutzer\DailyDose\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: d:\benutzer\DailyDose\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Nightly 19.0a1\extensions\\Components: C:\PROGRAM FILES\NIGHTLY\COMPONENTS [2012.11.15 09:18:45 | 000,000,000 | ---D | M]
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Nightly 19.0a1\extensions\\Plugins: C:\PROGRAM FILES\NIGHTLY\PLUGINS
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Optimization Client\addon\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.08.26 18:30:32 | 000,000,000 | ---D | M]
 
[2012.11.15 09:18:52 | 000,000,000 | ---D | M] (No name found) -- d:\benutzer\DailyDose\AppData\Roaming\mozilla\Extensions
[2012.11.15 09:15:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.06.20 04:39:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.08.26 18:30:30 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
[2012.06.28 16:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = d:\benutzer\DailyDose\AppData\Local\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = d:\benutzer\DailyDose\AppData\Local\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = d:\benutzer\DailyDose\AppData\Local\Google\Chrome\Application\23.0.1271.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Java Deployment Toolkit 7.0.50.5 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll
CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Google Update (Enabled) = d:\benutzer\DailyDose\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: Angry Birds = d:\benutzer\DailyDose\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: 3DTin = d:\benutzer\DailyDose\AppData\Local\Google\Chrome\User Data\Default\Extensions\algoakekcdmbbikdjgjdahbfihboglmi\1.1_0\
CHR - Extension: YouTube = d:\benutzer\DailyDose\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google-Suche = d:\benutzer\DailyDose\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: YouTube to mp3 (YouTube para mp3) = d:\benutzer\DailyDose\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjbocjlkojbicepeolmlkpjihlmkdebn\1.0_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = d:\benutzer\DailyDose\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: YouTube Downloader: MP3 / HD Video Download = d:\benutzer\DailyDose\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkkeahicimadnjhdamcladhobabaafbg\13.0_0\
CHR - Extension: Youtube MP3 + Video Downloader = d:\benutzer\DailyDose\AppData\Local\Google\Chrome\User Data\Default\Extensions\magnmielaieppaikfanmmcikphdbkkki\1.3.13.0_0\
CHR - Extension: Youtube MP3 + Video Downloader | 1-Click Download = d:\benutzer\DailyDose\AppData\Local\Google\Chrome\User Data\Default\Extensions\mndodlfhmlpbndlojoinhgibacnpgajk\1.0.15.1_0\
CHR - Extension: Google Mail = d:\benutzer\DailyDose\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe (Sophos Limited)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: []  File not found
O4 - HKCU..\Run: [Efubriiqz] d:\benutzer\DailyDose\AppData\Roaming\Aqoqlo\nyuq.exe ()
O4 - HKCU..\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
O4 - HKCU..\Run: [Video Performer63615.exe] "d:\benutzer\DailyDose\AppData\Local\Temp\Video Performer63615.exe" /XML="d:\benutzer\DailyDose\AppData\Local\Temp\90FE.tmp" /STP=0:2 File not found
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: d:\benutzer\DailyDose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Chatter Desktop.lnk = C:\Program Files (x86)\salesforce.com\Chatter Desktop\Chatter Desktop.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\New Windows present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogonScripts = 0
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - d:\benutzer\DailyDose\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - d:\benutzer\DailyDose\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000014 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000016 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000028 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000029 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - ..Trusted Domains: solution.local ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: solution.local ([]http in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 10.5.1)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.11.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = solution.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0C404084-3182-48FB-AE83-645E3B00FEC0}: DhcpNameServer = 192.168.11.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\saphtmlp - No CLSID value found
O18:64bit: - Protocol\Handler\sapr3 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll (SAP, Walldorf)
O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll (SAP, Walldorf)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL) - C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL (Sophos Limited)
O20 - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Limited)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\spba: DllName - (C:\Program Files\Common Files\SPBA\homefus2.dll) - C:\Programme\Common Files\SPBA\homefus2.dll (UPEK Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30:64bit: - LSA: Authentication Packages - (wvauth) - C:\Windows\SysNative\wvauth.dll (Wave Systems Corp.)
O30 - LSA: Authentication Packages - (wvauth) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.11.19 14:05:34 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.23 11:21:28 | 000,602,112 | ---- | C] (OldTimer Tools) -- d:\benutzer\DailyDose\Desktop\OTL.exe
[2012.11.23 10:37:00 | 000,000,000 | ---D | C] -- d:\benutzer\DailyDose\AppData\Roaming\Malwarebytes
[2012.11.23 10:36:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.11.23 10:36:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.11.23 10:36:45 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.11.23 10:36:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.11.19 15:44:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012.11.19 15:44:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012.11.19 15:44:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012.11.19 15:37:09 | 000,000,000 | ---D | C] -- d:\benutzer\DailyDose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
[2012.11.19 14:05:24 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012.11.19 14:05:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012.11.19 13:52:59 | 000,000,000 | ---D | C] -- d:\benutzer\DailyDose\AppData\Roaming\SpeedyPC Software
[2012.11.19 13:52:59 | 000,000,000 | ---D | C] -- d:\benutzer\DailyDose\AppData\Roaming\DriverCure
[2012.11.19 13:52:52 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2012.11.19 13:26:36 | 000,037,400 | ---- | C] (Sophos Limited) -- C:\Windows\SysNative\SophosBootTasks.exe
[2012.11.19 13:26:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Cisco Systems
[2012.11.19 13:26:10 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.11.19 13:12:44 | 000,036,640 | ---- | C] (Sophos Limited) -- C:\Windows\SysNative\drivers\sdcfilter.sys
[2012.11.19 13:01:05 | 000,144,672 | ---- | C] (Sophos Limited) -- C:\Windows\SysNative\drivers\savonaccess.sys
[2012.11.19 12:56:48 | 000,183,024 | ---- | C] (Sophos Plc) -- C:\Windows\SysNative\sdccoinstaller.dll
[2012.11.19 12:35:36 | 000,000,000 | ---D | C] -- C:\fixupdate
[2012.11.19 12:04:03 | 000,212,032 | ---- | C] (Sophos Limited) -- d:\benutzer\DailyDose\Desktop\FixIssues.exe
[2012.11.17 23:57:39 | 000,000,000 | ---D | C] -- d:\benutzer\DailyDose\Desktop\Auto-Fotos
[2012.11.15 09:18:47 | 000,000,000 | ---D | C] -- d:\benutzer\DailyDose\AppData\Roaming\Mozilla
[2012.11.15 09:18:44 | 000,000,000 | ---D | C] -- C:\Program Files\Nightly
[2012.11.13 21:49:43 | 000,000,000 | ---D | C] -- d:\benutzer\DailyDose\AppData\Local\Sophos
[2012.11.13 21:35:07 | 000,000,000 | ---D | C] -- d:\benutzer\DailyDose\AppData\Roaming\Lyhu
[2012.11.13 21:35:07 | 000,000,000 | ---D | C] -- d:\benutzer\DailyDose\AppData\Roaming\Eswat
[2012.11.13 21:35:07 | 000,000,000 | ---D | C] -- d:\benutzer\DailyDose\AppData\Roaming\Aqoqlo
[2012.11.12 20:38:14 | 000,000,000 | ---D | C] -- d:\benutzer\DailyDose\Documents\ScreenCam
[2012.11.12 20:37:26 | 000,000,000 | ---D | C] -- C:\ProgramData\SFlash
[2012.11.12 20:37:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ScreenCam
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.23 11:21:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- d:\benutzer\DailyDose\Desktop\OTL.exe
[2012.11.23 11:20:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.23 11:19:15 | 000,000,000 | ---- | M] () -- d:\benutzer\DailyDose\defogger_reenable
[2012.11.23 11:18:52 | 000,050,477 | ---- | M] () -- d:\benutzer\DailyDose\Desktop\Defogger.exe
[2012.11.23 10:40:00 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1766616536-2676184462-1655401747-6430UA.job
[2012.11.23 09:40:00 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1766616536-2676184462-1655401747-6430Core.job
[2012.11.23 09:20:00 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.23 09:05:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.22 16:11:49 | 000,171,297 | ---- | M] () -- d:\benutzer\DailyDose\Desktop\audia6.pdf
[2012.11.19 15:44:54 | 000,001,128 | ---- | M] () -- d:\benutzer\DailyDose\Desktop\Spybot - Search & Destroy.lnk
[2012.11.19 15:37:09 | 000,003,177 | ---- | M] () -- d:\benutzer\DailyDose\Desktop\Sophos Virus Removal Tool.lnk
[2012.11.19 14:05:34 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2012.11.19 13:12:45 | 000,036,640 | ---- | M] (Sophos Limited) -- C:\Windows\SysNative\drivers\sdcfilter.sys
[2012.11.19 13:01:07 | 000,144,672 | ---- | M] (Sophos Limited) -- C:\Windows\SysNative\drivers\savonaccess.sys
[2012.11.19 13:00:03 | 000,037,400 | ---- | M] (Sophos Limited) -- C:\Windows\SysNative\SophosBootTasks.exe
[2012.11.19 12:56:50 | 000,183,024 | ---- | M] (Sophos Plc) -- C:\Windows\SysNative\sdccoinstaller.dll
[2012.11.19 12:27:08 | 000,226,186 | ---- | M] () -- C:\FixUpdate.vbs
[2012.11.19 12:04:03 | 000,212,032 | ---- | M] (Sophos Limited) -- d:\benutzer\DailyDose\Desktop\FixIssues.exe
[2012.11.15 20:02:19 | 001,621,244 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.11.15 20:02:19 | 000,700,418 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.11.15 20:02:19 | 000,655,090 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.11.15 20:02:19 | 000,149,182 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.11.15 20:02:19 | 000,121,962 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.15 08:59:30 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.15 08:59:30 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.15 08:53:46 | 000,001,006 | ---- | M] () -- d:\benutzer\DailyDose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Chatter Desktop.lnk
[2012.11.15 08:52:08 | 2053,816,319 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.12 19:56:13 | 000,085,465 | ---- | M] () -- d:\benutzer\DailyDose\Desktop\Liniennetz_Tag.pdf
[2012.11.07 14:35:43 | 000,035,945 | ---- | M] () -- d:\benutzer\DailyDose\Desktop\Clipboard02.png
[2012.11.07 14:34:05 | 000,230,129 | ---- | M] () -- d:\benutzer\DailyDose\Desktop\milesAndMore_antrag.pdf
[2012.11.07 13:24:35 | 000,041,825 | ---- | M] () -- d:\benutzer\DailyDose\Desktop\NetWeaverGesamt.gif
[2012.11.03 12:33:59 | 000,053,528 | ---- | M] () -- d:\benutzer\DailyDose\Desktop\standort_heilbronn_wohlgelegen.jpg
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.11.23 11:20:47 | 000,050,477 | ---- | C] () -- d:\benutzer\DailyDose\Desktop\Defogger.exe
[2012.11.23 11:19:15 | 000,000,000 | ---- | C] () -- d:\benutzer\DailyDose\defogger_reenable
[2012.11.19 14:05:34 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2012.11.15 09:18:45 | 000,000,876 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nightly.lnk
[2012.11.12 19:56:12 | 000,085,465 | ---- | C] () -- d:\benutzer\DailyDose\Desktop\Liniennetz_Tag.pdf
[2012.11.07 14:35:43 | 000,035,945 | ---- | C] () -- d:\benutzer\DailyDose\Desktop\Clipboard02.png
[2012.11.07 14:34:05 | 000,230,129 | ---- | C] () -- d:\benutzer\DailyDose\Desktop\milesAndMore_antrag.pdf
[2012.11.07 13:24:35 | 000,041,825 | ---- | C] () -- d:\benutzer\DailyDose\Desktop\NetWeaverGesamt.gif
[2012.11.03 12:33:59 | 000,053,528 | ---- | C] () -- d:\benutzer\DailyDose\Desktop\standort_heilbronn_wohlgelegen.jpg
[2012.09.19 20:47:15 | 000,120,620 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012.09.18 13:45:40 | 000,000,035 | ---- | C] () -- d:\benutzer\DailyDose\.sapmc
[2012.08.14 18:07:39 | 000,001,473 | ---- | C] () -- d:\benutzer\DailyDose\AppData\Local\recently-used.xbel
[2012.07.01 15:53:24 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2012.06.20 09:55:19 | 000,008,180 | RHS- | C] () -- d:\benutzer\DailyDose\ntuser.pol
[2012.06.20 09:51:42 | 000,002,208 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.06.29 08:35:00 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.06.29 08:30:57 | 000,095,744 | ---- | C] () -- C:\Windows\SysWow64\h5rtf32.dll
[2011.06.29 08:30:57 | 000,051,200 | ---- | C] () -- C:\Windows\SysWow64\h5tool32.dll
[2011.06.29 08:30:56 | 001,064,960 | ---- | C] () -- C:\Windows\SysWow64\h5krnl32.dll
[2011.06.29 08:30:56 | 000,188,928 | ---- | C] () -- C:\Windows\SysWow64\h5icon32.dll
[2011.06.29 08:30:56 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\h5menu32.dll
[2011.06.23 21:31:44 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.06.23 21:31:44 | 000,207,376 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.06.23 21:31:43 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.06.23 19:51:09 | 000,080,368 | ---- | C] () -- C:\Windows\SysWow64\pbadrvdll.dll
[2011.06.23 19:48:48 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\instsrv.exe
[2011.06.23 19:48:48 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2011.06.23 19:46:22 | 000,030,028 | R--- | C] () -- C:\Windows\ConnectionProfiles.dat
[2011.02.11 19:06:36 | 001,599,138 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.11.13 21:35:07 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Roaming\Aqoqlo
[2012.11.19 13:52:59 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Roaming\DriverCure
[2012.07.14 19:53:18 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Roaming\DVDVideoSoft
[2012.07.14 19:53:08 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.11.13 21:35:07 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Roaming\Eswat
[2012.09.07 13:50:44 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Roaming\ICQ
[2012.11.23 11:22:37 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Roaming\Lyhu
[2012.07.31 21:06:08 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Roaming\Nokia
[2012.10.07 18:48:57 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Roaming\Notepad++
[2012.07.31 20:49:48 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Roaming\PC Suite
[2012.11.13 22:07:51 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Roaming\Samsung
[2012.06.20 10:09:50 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Roaming\SAP
[2012.06.22 07:33:57 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Roaming\sfdc-desktop.0E7F0072024938CDBA99B20C38B5F315254C2A5B.1
[2012.11.19 13:52:59 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Roaming\SpeedyPC Software
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---


Extras:
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 23.11.2012 11:23:16 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = d:\benutzer\DailyDose\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,88 Gb Total Physical Memory | 4,94 Gb Available Physical Memory | 62,65% Memory free
15,77 Gb Paging File | 13,08 Gb Available in Paging File | 82,95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 59,95 Gb Total Space | 20,35 Gb Free Space | 33,95% Space Free | Partition Type: NTFS
Drive D: | 58,52 Gb Total Space | 47,02 Gb Free Space | 80,35% Space Free | Partition Type: NTFS
 
Computer Name: P1275 | User Name: DailyDose | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"" = 
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{051C9F50-9EDD-4DF6-BB6D-A3B50BC8B6E5}" = lport=137 | protocol=17 | dir=in | app=system | 
"{06811611-4E17-4813-974E-5A47E0D38100}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{218446C7-1E29-42FE-B51E-96D307EA9EAA}" = lport=138 | protocol=17 | dir=in | app=system | 
"{30CDD2E9-B083-473E-A0EE-ACB3D1806A4A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{41C2473A-DD86-4CFB-AEFB-547B38610D1A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{4FA6C55D-AE73-4942-9C7D-69F97394B300}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{503555BB-543E-4322-BB97-A0F1F2398CCB}" = lport=445 | protocol=6 | dir=in | app=system | 
"{6F6BBB5C-9127-4311-B8D1-D72E156B21AB}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{76BF1C4B-CD18-447C-9337-ED2840211FDF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{97877BB8-E89C-421B-B686-184FF90283CB}" = lport=139 | protocol=6 | dir=in | app=system | 
"{AD16DD12-8082-47B3-8228-59464BCE2A23}" = rport=138 | protocol=17 | dir=out | app=system | 
"{C5EE2ABE-E641-49D1-BDDB-E3DC52E24C43}" = rport=137 | protocol=17 | dir=out | app=system | 
"{C7BE1FE4-1A46-4896-9442-4DF37F67784A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{D6F44192-5580-47C4-B2F6-BAC5F59544BD}" = rport=139 | protocol=6 | dir=out | app=system | 
"{E527BBB1-C6C4-4CBA-96F0-9C3B0AD99D45}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{F9C5D6C4-EA18-4CD9-A82F-7D9548DBFC3E}" = rport=445 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04149250-B4E5-4C9E-8FFC-53AD7E8507BA}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{05905DA8-5E9C-401C-9C31-27204EABDCE4}" = dir=in | app=c:\program files (x86)\samsung\allshare\allshare.exe | 
"{0AFAB201-1A43-4021-BBBB-8F5332A22E5E}" = dir=in | app=c:\program files (x86)\samsung\allshare\allsharedms\allsharedms.exe | 
"{17DEABE2-6A2A-4890-BCA0-B401F481B2CA}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{37B8E21F-1D71-4714-A104-1FCAE6FE37D5}" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe | 
"{4B0B3ABB-0B9C-448F-B491-06E89E8D7965}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{4C6011F2-DE9F-4B06-BD51-17D48F0522DC}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{4DBB64EC-28E2-4E83-953A-46A56D9C597F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{5EDC1386-4C48-43F7-80A1-675802B09BD5}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"{75A85B26-CFA5-4531-90B0-E7E9328500A5}" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe | 
"{800BAECD-D0F9-4456-8DE2-C91D43C823A6}" = dir=in | app=c:\program files (x86)\samsung\allshare\allshareagent.exe | 
"{864E1CF7-AE6A-4F47-B968-947CD4067DB5}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe | 
"{8971D633-8EF2-4681-8530-07DA31BC37D3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{A3C52D44-B49C-424A-A3AB-D96E628EB047}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"{A60A2B87-0D32-43BF-AA65-357B79512C8F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{A96893EA-6D4F-4BAF-96AA-E080F40C7830}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{AADE7A65-E549-4F7A-875B-5DE653706428}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"{B10A8CD9-94F7-46C6-807D-C048D937BD2D}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | 
"{B8602F01-7B14-4EAE-BD74-21BC3E20B1F9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{BDDBB28C-57B5-4738-93DA-E05CA1947230}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{D8BCFC13-5FC1-4739-A4E2-A92E02AEC117}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{E01B6FCF-963C-4FC4-8052-5503E007E56C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{E0A72312-9A08-4DAF-84C5-7EC7D428F5B8}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"{E2284230-8E92-4E23-813E-3E42F9848542}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{F73EDF71-B8E7-413A-8B58-57C69A53A9EC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"TCP Query User{0B7DDD35-EAF2-40E3-AB1F-27274B7948C7}D:\nwds 7.3\eclipse\sapnetweaverdeveloperstudio.exe" = protocol=6 | dir=in | app=d:\nwds 7.3\eclipse\sapnetweaverdeveloperstudio.exe | 
"TCP Query User{32D4C93E-48D5-4014-8A76-BA94B3B5AF32}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"TCP Query User{33F8A5F9-CB90-4E36-8895-DCBA96547F84}C:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe | 
"TCP Query User{513919BE-36FC-40D2-8F3B-68EB0FAB0AE7}D:\benutzer\DailyDose\appdata\roaming\aqoqlo\nyuq.exe" = protocol=6 | dir=in | app=d:\benutzer\DailyDose\appdata\roaming\aqoqlo\nyuq.exe | 
"TCP Query User{CC64E60B-8725-4E86-BCAF-F7A4A462B67B}D:\nwds 7.3\eclipse\sapnetweaverdeveloperstudio.exe" = protocol=6 | dir=in | app=d:\nwds 7.3\eclipse\sapnetweaverdeveloperstudio.exe | 
"TCP Query User{D260B910-D709-4897-82F0-F447BECA5F0C}C:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe | 
"UDP Query User{1C35AA58-82F4-46E5-9E87-28CF2F6A489C}D:\nwds 7.3\eclipse\sapnetweaverdeveloperstudio.exe" = protocol=17 | dir=in | app=d:\nwds 7.3\eclipse\sapnetweaverdeveloperstudio.exe | 
"UDP Query User{36B3B263-D059-4B99-A1F5-F845A9F299CE}C:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe | 
"UDP Query User{3772CC24-27E4-4CDE-AD20-16803E62898A}D:\nwds 7.3\eclipse\sapnetweaverdeveloperstudio.exe" = protocol=17 | dir=in | app=d:\nwds 7.3\eclipse\sapnetweaverdeveloperstudio.exe | 
"UDP Query User{37C15551-215E-4337-93EA-718E2357EC39}C:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe | 
"UDP Query User{60673E00-2D3D-4395-B664-871E3499AFBE}D:\benutzer\DailyDose\appdata\roaming\aqoqlo\nyuq.exe" = protocol=17 | dir=in | app=d:\benutzer\DailyDose\appdata\roaming\aqoqlo\nyuq.exe | 
"UDP Query User{6141B2A0-2DAF-4833-89AF-916E62EB3BEC}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software Installer
"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"{1111706F-666A-4037-7777-211648764D10}" = JavaFX 2.1.1 (64-bit)
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{2222706F-666A-4037-7777-211648764D10}" = JavaFX 2.1.1 SDK (64-bit)
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java(TM) 6 Update 24 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java(TM) 7 Update 5 (64-bit)
"{2EECD5EF-5095-467C-B80C-4AB3096EFD60}" = SPBA 5.9
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
"{3DCDFCDB-4D96-4CF0-9BB3-C91DAE9073F3}" = PC-CCID
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{4E60E212-3177-4B16-BCB3-616CCC52357D}" = Upek Touchchip Fingerprint Reader
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{64A3A4F4-B792-11D6-A78A-00B0D0170000}" = Java(TM) SE Development Kit 7 (64-bit)
"{64A3A4F4-B792-11D6-A78A-00B0D0170050}" = Java SE Development Kit 7 Update 5 (64-bit)
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6AC87FB3-ACFC-4416-890C-8976D5A9B371}" = Trusted Drive Manager
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7206B668-FEE0-455B-BB1F-9B5A2E0EC94A}" = Custom
"{75E0B85A-085F-4BA3-B2BF-1995AFD8024D}" = NTRU TCG Software Stack
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A6B4FE2-7CC4-4DAC-BC68-D9E170B758FD}" = Dell ControlVault Host Components Installer 64 bit
"{8C9B6B1F-0A8E-402A-A60C-110BBB38D67E}" = Intel(R) Network Connections 15.7.176.1
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{91CE5F03-3A2A-4268-935A-04944F058AE9}" = Gemalto
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DAED4FC-2B0E-4F3F-8141-F2ABF02CCFCB}" = BioAPI Framework
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Data Protection | Access
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"{F52ABC1D-5EA4-4FDD-8E5F-CA31428570C0}" = Wave Infrastructure Installer
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F839C6BD-E92E-48FA-9CE6-7BFAF94F7096}" = DellAccess
"{FDF509ED-9624-4FDE-9BAA-9566C186AB96}" = Dell System Manager
"9512AA21B791B05A54E27065C45BBC417AB282DF" = Windows-Treiberpaket - Dell Inc. PBADRV System  (09/11/2009 1.0.1.6)
"DW WLAN Card Utility" = DW WLAN Card Utility
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"GIMP-2_is1" = GIMP 2.8.0
"GPL Ghostscript 9.05" = GPL Ghostscript
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Nightly 19.0a1 (x64 en-US)" = Nightly 19.0a1 (x64 en-US)
"PROSetDX" = Intel(R) Network Connections 15.7.176.1
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{013FA6FF-9BDA-4FFF-A4E6-B7EA5C6505CF}" = WoLoSoft CopyPath
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BA13348-6283-69B1-FC00-77C8FB034FD5}" = Chatter Desktop
"{0CB3B7EE-52C7-4136-AF40-605567D90318}" = O2Micro Flash Memory Card Windows Driver
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{23EEC842-57ED-4055-A056-9D4185DFB1AA}" = Dell Mobile Broadband Manager
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2C43790E-8470-1027-82D3-DF319F3C410F}" = Intel(R) Identity Protection Technology 1.0.71.0
"{32A3A4F4-B792-11D6-A78A-00B0D0160310}" = Java(TM) SE Development Kit 6 Update 31
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E4E65EE-C456-45AC-B5AD-C62C3A325BD0}" = Dell Data Protection | Access | Drivers
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}" = ICQ7M
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7964AE02-9127-42C0-A917-2CE4CD4EFE3B}" = Nokia Suite
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841CBDD5-4BB5-403E-AEE3-2FADC3890BE8}" = Dell Data Protection | Access | Middleware
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_SMALLBUSINESS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_SMALLBUSINESS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_SMALLBUSINESS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_SMALLBUSINESS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_SMALLBUSINESS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_SMALLBUSINESS_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_SMALLBUSINESS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_SMALLBUSINESS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_SMALLBUSINESS_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_SMALLBUSINESS_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_SMALLBUSINESS_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_SMALLBUSINESS_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00CA-0000-0000-0000000FF1CE}" = Microsoft Office Small Business 2007
"{90120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-004E-0407-0000-0000000FF1CE}" = Microsoft Outlook Connector für soziale Netzerker 32-Bit
"{95140000-007C-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Facebook 32-bit
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}" = Sophos Anti-Virus
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9D583F01-A973-4B04-90BD-FB7886779090}" = Dell Wireless HSPA Mini-Card Drivers
"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7D91856-258D-4C87-8041-B170851CE432}" = Dell Data Protection | Access
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B829E117-D072-41EA-9606-9826A38D34C1}" = Sophos Virus Removal Tool
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA5B2BDC-F654-4A88-A669-4D34BC7846A1}" = PC Connectivity Solution
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FED1005D-CBC8-45D5-A288-FFC7BB304121}" = Sophos Remote Management System
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"Dell Webcam Central" = Dell Webcam Central
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.26.706
"FreePDF_XP" = FreePDF (Remove only)
"InstallShield_{0CB3B7EE-52C7-4136-AF40-605567D90318}" = O2Micro Flash Memory Card Windows Driver
"IrfanView" = IrfanView (remove only)
"LinkedIn Outlook Connector" = LinkedIn Outlook Connector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Nokia Suite" = Nokia Suite
"Notepad++" = Notepad++
"OpenVPN" = OpenVPN 2.2.0
"RealPlayer 15.0" = RealPlayer
"SAPBI" = SAP Business Explorer
"SAPGUI710" = SAP GUI for Windows 7.20
"sfdc-desktop.0E7F0072024938CDBA99B20C38B5F315254C2A5B.1" = Chatter Desktop
"SMALLBUSINESS" = Microsoft Office Small Business 2007
"SopCast" = SopCast 3.5.0
"VLC media player" = VLC media player 2.0.2
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"XING Connector" = XING Connector 1.2
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 13.11.2012 13:56:47 | Computer Name = P1275.solution.local | Source = Bonjour Service | ID = 100
Description = 204: ERROR: read_msg errno 0 (Der Vorgang wurde erfolgreich beendet.)
 
Error - 13.11.2012 14:02:16 | Computer Name = P1275.solution.local | Source = Sophos Message Router | ID = 8005
Description = DNS Lookup schlug bei Auflösung folgender Adressen fehl: sv076,sv076.solution.local.%3
 
Error - 13.11.2012 16:18:03 | Computer Name = P1275.solution.local | Source = Sophos Message Router | ID = 8006
Description = Die Netzwerkidentität (Interoperable Object Reference oder IOR) des
 lokalen Computers ist ungültig.%3
 
Error - 13.11.2012 16:24:54 | Computer Name = P1275.solution.local | Source = Sophos Message Router | ID = 8006
Description = Die Netzwerkidentität (Interoperable Object Reference oder IOR) des
 lokalen Computers ist ungültig.%3
 
Error - 13.11.2012 16:35:41 | Computer Name = P1275.solution.local | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 16.0.2.4680 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 428    Startzeit: 
01cdc1de528b48c7    Endzeit: 37    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 ad0c37e0-2dd1-11e2-bfde-08edb9dc23cc  
 
Error - 13.11.2012 16:36:06 | Computer Name = P1275.solution.local | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 16.0.2.4680 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 36c4    Startzeit:
 01cdc1de73fed949    Endzeit: 7    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 bd0cd3bc-2dd1-11e2-bfde-08edb9dc23cc  
 
Error - 13.11.2012 16:40:46 | Computer Name = P1275.solution.local | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: chrome.exe, Version: 22.0.1229.94,
 Zeitstempel: 0x507531a4  Name des fehlerhaften Moduls: chrome.dll, Version: 22.0.1229.94,
 Zeitstempel: 0x50753154  Ausnahmecode: 0x80000003  Fehleroffset: 0x00557c64  ID des fehlerhaften
 Prozesses: 0x3be8  Startzeit der fehlerhaften Anwendung: 0x01cdc1de7c3fdaaa  Pfad der
 fehlerhaften Anwendung: d:\benutzer\DailyDose\AppData\Local\Google\Chrome\Application\chrome.exe
Pfad
 des fehlerhaften Moduls: d:\benutzer\DailyDose\AppData\Local\Google\Chrome\Application\22.0.1229.94\chrome.dll
Berichtskennung:
 6659c66f-2dd2-11e2-bfde-08edb9dc23cc
 
Error - 13.11.2012 16:42:54 | Computer Name = P1275.solution.local | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: chrome.exe, Version: 22.0.1229.94,
 Zeitstempel: 0x507531a4  Name des fehlerhaften Moduls: chrome.exe, Version: 22.0.1229.94,
 Zeitstempel: 0x507531a4  Ausnahmecode: 0x80000003  Fehleroffset: 0x00013b30  ID des fehlerhaften
 Prozesses: 0x3c10  Startzeit der fehlerhaften Anwendung: 0x01cdc1df2b2fc17e  Pfad der
 fehlerhaften Anwendung: d:\benutzer\DailyDose\AppData\Local\Google\Chrome\Application\chrome.exe
Pfad
 des fehlerhaften Moduls: d:\benutzer\DailyDose\AppData\Local\Google\Chrome\Application\chrome.exe
Berichtskennung:
 b29f4685-2dd2-11e2-bfde-08edb9dc23cc
 
Error - 13.11.2012 16:47:22 | Computer Name = P1275.solution.local | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: chrome.exe, Version: 22.0.1229.94,
 Zeitstempel: 0x507531a4  Name des fehlerhaften Moduls: RPCRT4.dll, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce7ba59  Ausnahmecode: 0xc0020043  Fehleroffset: 0x0005cd99  ID des fehlerhaften
 Prozesses: 0x960  Startzeit der fehlerhaften Anwendung: 0x01cdc1df940bf14e  Pfad der
 fehlerhaften Anwendung: d:\benutzer\DailyDose\AppData\Local\Google\Chrome\Application\chrome.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\syswow64\RPCRT4.dll  Berichtskennung: 525da4af-2dd3-11e2-bfde-08edb9dc23cc
 
Error - 13.11.2012 16:51:46 | Computer Name = P1275.solution.local | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: chrome.exe, Version: 22.0.1229.94,
 Zeitstempel: 0x507531a4  Name des fehlerhaften Moduls: RPCRT4.dll, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce7ba59  Ausnahmecode: 0xc0020043  Fehleroffset: 0x0005cd99  ID des fehlerhaften
 Prozesses: 0x4840  Startzeit der fehlerhaften Anwendung: 0x01cdc1e0a27bf5d7  Pfad der
 fehlerhaften Anwendung: d:\benutzer\DailyDose\AppData\Local\Google\Chrome\Application\chrome.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\syswow64\RPCRT4.dll  Berichtskennung: efb92ab8-2dd3-11e2-bfde-08edb9dc23cc
 
[ Broadcom Wireless LAN Events ]
Error - 26.07.2012 07:54:49 | Computer Name = P1275.solution.local | Source = WLAN-Tray | ID = 0
Description = 13:54:49, Thu, Jul 26, 12 Error - Unable to set enhanced country code

 
[ System Events ]
Error - 13.11.2012 09:53:31 | Computer Name = P1275.solution.local | Source = Microsoft-Windows-GroupPolicy | ID = 1054
Description = Fehler beim Verarbeiten der Gruppenrichtlinie. Der Name eines Domänencontrollers
 konnte nicht abgerufen werden. Dies kann auf einen Fehler bei der Namensauflösung
 zurückzuführen sein. Überprüfen Sie, ob DNS (Domain Name System) konfiguriert ist
 und richtig ausgeführt wird.
 
Error - 13.11.2012 11:20:13 | Computer Name = P1275.solution.local | Source = Microsoft-Windows-GroupPolicy | ID = 1054
Description = Fehler beim Verarbeiten der Gruppenrichtlinie. Der Name eines Domänencontrollers
 konnte nicht abgerufen werden. Dies kann auf einen Fehler bei der Namensauflösung
 zurückzuführen sein. Überprüfen Sie, ob DNS (Domain Name System) konfiguriert ist
 und richtig ausgeführt wird.
 
Error - 13.11.2012 13:22:10 | Computer Name = P1275.solution.local | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender 
Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann
 eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn
 die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde 
und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere 
Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.
 
Error - 13.11.2012 13:57:22 | Computer Name = P1275.solution.local | Source = NETLOGON | ID = 5719
Description = Der Computer konnte eine sichere Sitzung mit einem  Domänencontroller
 in der Domäne solution aufgrund der folgenden  Ursache nicht einrichten:   %%1311

Dies
 kann zu Authentifizierungsproblemen führen. Stellen  Sie sicher, dass der Computer
 mit dem Netzwerk verbunden ist.  Wenden Sie sich an den Domänenadministrator, wenn
 das Problem  weiterhin besteht.        ZUSÄTZLICHE INFORMATIONEN    Wenn dieser Computer ein 
Domänencontroller der bestimmten  Domäne ist, wird eine sichere Sitzung zum primären
Domänencontrolleremulator
 in der bestimmten Domäne eingerichtet.  Andernfalls richtet dieser Computer eine 
sichere Sitzung zu  einem beliebigen Domänencontroller in der bestimmten Domäne ein.
 
Error - 13.11.2012 14:56:52 | Computer Name = P1275.solution.local | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender 
Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann
 eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn
 die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde 
und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere 
Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.
 
Error - 13.11.2012 15:21:45 | Computer Name = P1275.solution.local | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender 
Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann
 eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn
 die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde 
und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere 
Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.
 
Error - 14.11.2012 03:51:22 | Computer Name = P1275.solution.local | Source = NETLOGON | ID = 5719
Description = Der Computer konnte eine sichere Sitzung mit einem  Domänencontroller
 in der Domäne solution aufgrund der folgenden  Ursache nicht einrichten:   %%1311

Dies
 kann zu Authentifizierungsproblemen führen. Stellen  Sie sicher, dass der Computer
 mit dem Netzwerk verbunden ist.  Wenden Sie sich an den Domänenadministrator, wenn
 das Problem  weiterhin besteht.        ZUSÄTZLICHE INFORMATIONEN    Wenn dieser Computer ein 
Domänencontroller der bestimmten  Domäne ist, wird eine sichere Sitzung zum primären
Domänencontrolleremulator
 in der bestimmten Domäne eingerichtet.  Andernfalls richtet dieser Computer eine 
sichere Sitzung zu  einem beliebigen Domänencontroller in der bestimmten Domäne ein.
 
Error - 14.11.2012 03:54:56 | Computer Name = P1275.solution.local | Source = NETLOGON | ID = 5719
Description = Der Computer konnte eine sichere Sitzung mit einem  Domänencontroller
 in der Domäne solution aufgrund der folgenden  Ursache nicht einrichten:   %%1311

Dies
 kann zu Authentifizierungsproblemen führen. Stellen  Sie sicher, dass der Computer
 mit dem Netzwerk verbunden ist.  Wenden Sie sich an den Domänenadministrator, wenn
 das Problem  weiterhin besteht.        ZUSÄTZLICHE INFORMATIONEN    Wenn dieser Computer ein 
Domänencontroller der bestimmten  Domäne ist, wird eine sichere Sitzung zum primären
Domänencontrolleremulator
 in der bestimmten Domäne eingerichtet.  Andernfalls richtet dieser Computer eine 
sichere Sitzung zu  einem beliebigen Domänencontroller in der bestimmten Domäne ein.
 
Error - 14.11.2012 03:54:56 | Computer Name = P1275.solution.local | Source = Service Control Manager | ID = 7001
Description = Der Dienst "NTRU TSS v1.2.1.34 TCS" ist vom Dienst "TPM-Basisdienste"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%0
 
Error - 14.11.2012 03:55:00 | Computer Name = P1275.solution.local | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Sophos AutoUpdate Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%5
 
 
< End of report >
         
--- --- ---

Geändert von DailyDose (23.11.2012 um 10:37 Uhr)

Alt 23.11.2012, 17:24   #2
ryder
/// TB-Ausbilder
 
Sophos meldet im Speicher: Troj/ZbotMem-B - Standard

Sophos meldet im Speicher: Troj/ZbotMem-B





Ich werde dir bei deinem Problem helfen. Eine Bereinigung ist mitunter mit viel Arbeit für Dich (und mich) verbunden. Bevor es los geht, habe ich etwas Lesestoff für dich.
Zitat:
Lesestoff:
Regeln für die Bereinigung
Damit die Bereinigung funktioniert bitte ich dich, die folgenden Punkte aufmerksam zu lesen:
  • Bitte arbeite alle Schritte der Reihe nach ab. Gib mir bitte zu jedem Schritt Rückmeldung (Logfile oder Antwort) und zwar gesammelt, wenn du alles erledigt hast.
  • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting (posten in mehreren Foren).
  • Installiere oder Deinstalliere während der Bereinigung keine Software, ausser Du wurdest dazu aufgefordert.
  • Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
  • Poste die Logfiles direkt in deinen Thread (möglichst in Code-Tags). Nicht anhängen ausser ich fordere Dich dazu auf, oder das Logfile wäre zu gross. Erschwert mir nämlich das Auswerten.
  • Mache deinen Namen nur dann unkenntlich, wenn es unbedingt sein muss.
  • Beim ersten Anzeichen illegal genutzer Software (Cracks, Patches und Co) wird der Support ohne Diskussion eingestellt.
  • Sollte ich nicht nach 3 Tagen geantwortet haben, dann (und nur dann) schicke mir bitte eine PM.
  • Eine Bitte: Mache bitte solange mit, bis ich oder ein anderer Helfer dir mitteilt, dass du "sauber" bist. Das gebietet alleine schon die Höflichkeit und ein Verschwinden der Symptome bedeutet nicht, dass die Schädlinge auch wirklich alle entfernt wurden.
  • Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.

Wenn du das alles gelesen und verstanden hast, kannst du loslegen!
Schritt 1:
Adware entfernen mit JRT

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.

Bitte lade Junkware Removal Tool auf Deinen Desktop.
  • Starte das Tool mit Doppelklick. Vista und 7 Nutzer bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Das Tool wird sich öffnen und mit dem Scan beginnen.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


Schritt 2:
Scan mit aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. ( Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.
Schritt 3:

Scan mit dem TDSS-Killer

Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen.

Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe
  • Klicke auf Change parameters, setze einen Haken bei Detect TDLFS file system und bestätige mit OK.
  • Drücke Start Scan
  • Warnung:
    Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ )
    Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt

Poste den Inhalt bitte hier in deinen Thread.
__________________

__________________

Alt 23.11.2012, 18:56   #3
DailyDose
 
Sophos meldet im Speicher: Troj/ZbotMem-B - Standard

Sophos meldet im Speicher: Troj/ZbotMem-B



Hallo ryder,
erstmal vielen Dank, dass du dich um mein Problem kümmerst.

JRT-Log:
Zitat:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 3.4.8 (11.22.2012)
OS: Windows 7 Ultimate x64
Ran by *** on 23.11.2012 at 19:33:36,42
Blog: hxxp://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\eula.1028.txt
Successfully deleted: [File] C:\eula.1031.txt
Successfully deleted: [File] C:\eula.1033.txt
Successfully deleted: [File] C:\eula.1036.txt
Successfully deleted: [File] C:\eula.1040.txt
Successfully deleted: [File] C:\eula.1041.txt
Successfully deleted: [File] C:\eula.1042.txt
Successfully deleted: [File] C:\eula.2052.txt
Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\speedypc software"
Successfully deleted: [Folder] "d:\benutzer\***\AppData\Roaming\dvdvideosoft"
Successfully deleted: [Folder] "d:\benutzer\***\AppData\Roaming\dvdvideosoftiehelpers"
Successfully deleted: [Folder] "d:\benutzer\***\AppData\Roaming\speedypc software"
Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\dvdvideosoft"
Successfully deleted: [Folder] "C:\Program Files (x86)\dvdvideosoft"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23.11.2012 at 19:38:28,33
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
aswMBR:
Zitat:
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-23 19:41:11
-----------------------------
19:41:11.741 OS Version: Windows x64 6.1.7601 Service Pack 1
19:41:11.741 Number of processors: 4 586 0x2A07
19:41:11.741 ComputerName: P1275 UserName: ***
19:41:11.897 Initialize success
19:42:05.584 AVAST engine defs: 12112301
19:42:32.664 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
19:42:32.680 Disk 0 Vendor: LITEONIT VQDB Size: 122104MB BusType: 8
19:42:32.727 Disk 0 MBR read successfully
19:42:32.727 Disk 0 MBR scan
19:42:32.742 Disk 0 Windows VISTA default MBR code
19:42:32.742 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
19:42:32.758 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 752 MB offset 81920
19:42:32.774 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 61387 MB offset 1622016
19:42:32.774 Disk 0 Partition - 00 0F Extended LBA 59924 MB offset 127342592
19:42:32.774 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 59923 MB offset 127344640
19:42:32.774 Disk 0 scanning C:\Windows\system32\drivers
19:42:35.410 Service scanning
19:42:41.700 Modules scanning
19:42:41.716 Disk 0 trace - called modules:
19:42:41.763 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
19:42:41.778 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8008aa3060]
19:42:41.794 3 CLASSPNP.SYS[fffff88000e8043f] -> nt!IofCallDriver -> [0xfffffa8006cbcd10]
19:42:41.809 5 ACPI.sys[fffff88000f777a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa8006cbb050]
19:42:41.965 AVAST engine scan C:\Windows
19:42:42.293 AVAST engine scan C:\Windows\system32
19:43:55.877 AVAST engine scan C:\Windows\system32\drivers
19:44:02.643 AVAST engine scan d:\benutzer\***
19:47:08.298 AVAST engine scan C:\ProgramData
19:47:52.892 Scan finished successfully
19:48:33.430 Disk 0 MBR has been saved successfully to "d:\benutzer\***\Desktop\MBR.dat"
19:48:33.430 The log file has been saved successfully to "d:\benutzer\***\Desktop\aswMBR.txt"
TDSSKiller:
Zitat:
19:50:36.0885 8552 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
19:50:36.0977 8552 ============================================================
19:50:36.0977 8552 Current date / time: 2012/11/23 19:50:36.0977
19:50:36.0977 8552 SystemInfo:
19:50:36.0977 8552
19:50:36.0977 8552 OS Version: 6.1.7601 ServicePack: 1.0
19:50:36.0977 8552 Product type: Workstation
19:50:36.0977 8552 ComputerName: P1275
19:50:36.0977 8552 UserName: ***
19:50:36.0977 8552 Windows directory: C:\Windows
19:50:36.0977 8552 System windows directory: C:\Windows
19:50:36.0977 8552 Running under WOW64
19:50:36.0977 8552 Processor architecture: Intel x64
19:50:36.0977 8552 Number of processors: 4
19:50:36.0977 8552 Page size: 0x1000
19:50:36.0977 8552 Boot type: Normal boot
19:50:36.0977 8552 ============================================================
19:50:37.0139 8552 Drive \Device\Harddisk0\DR0 - Size: 0x1DCF856000 (119.24 Gb), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:50:37.0144 8552 ============================================================
19:50:37.0144 8552 \Device\Harddisk0\DR0:
19:50:37.0144 8552 MBR partitions:
19:50:37.0144 8552 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x178000
19:50:37.0144 8552 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x18C000, BlocksNum 0x77E5800
19:50:37.0145 8552 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x7972000, BlocksNum 0x7509800
19:50:37.0145 8552 ============================================================
19:50:37.0146 8552 C: <-> \Device\Harddisk0\DR0\Partition2
19:50:37.0147 8552 D: <-> \Device\Harddisk0\DR0\Partition3
19:50:37.0147 8552 ============================================================
19:50:37.0147 8552 Initialize success
19:50:37.0147 8552 ============================================================
19:50:57.0183 8560 ============================================================
19:50:57.0183 8560 Scan started
19:50:57.0183 8560 Mode: Manual; TDLFS;
19:50:57.0183 8560 ============================================================
19:50:57.0497 8560 ================ Scan system memory ========================
19:50:57.0497 8560 System memory - ok
19:50:57.0497 8560 ================ Scan services =============================
19:50:57.0527 8560 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
19:50:57.0528 8560 1394ohci - ok
19:50:57.0533 8560 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
19:50:57.0535 8560 ACPI - ok
19:50:57.0538 8560 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
19:50:57.0538 8560 AcpiPmi - ok
19:50:57.0544 8560 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:50:57.0544 8560 AdobeARMservice - ok
19:50:57.0551 8560 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
19:50:57.0554 8560 adp94xx - ok
19:50:57.0560 8560 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
19:50:57.0562 8560 adpahci - ok
19:50:57.0566 8560 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
19:50:57.0568 8560 adpu320 - ok
19:50:57.0572 8560 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:50:57.0572 8560 AeLookupSvc - ok
19:50:57.0576 8560 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe
19:50:57.0577 8560 AESTFilters - ok
19:50:57.0584 8560 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
19:50:57.0587 8560 AFD - ok
19:50:57.0590 8560 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
19:50:57.0591 8560 agp440 - ok
19:50:57.0594 8560 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
19:50:57.0595 8560 ALG - ok
19:50:57.0598 8560 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
19:50:57.0598 8560 aliide - ok
19:50:57.0601 8560 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
19:50:57.0601 8560 amdide - ok
19:50:57.0605 8560 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
19:50:57.0605 8560 AmdK8 - ok
19:50:57.0608 8560 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
19:50:57.0609 8560 AmdPPM - ok
19:50:57.0612 8560 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
19:50:57.0613 8560 amdsata - ok
19:50:57.0617 8560 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
19:50:57.0619 8560 amdsbs - ok
19:50:57.0621 8560 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
19:50:57.0622 8560 amdxata - ok
19:50:57.0627 8560 [ CA5F1BD1261BC771D30096BBCFD625A0 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
19:50:57.0630 8560 ApfiltrService - ok
19:50:57.0633 8560 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
19:50:57.0634 8560 AppID - ok
19:50:57.0637 8560 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:50:57.0637 8560 AppIDSvc - ok
19:50:57.0640 8560 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
19:50:57.0640 8560 Appinfo - ok
19:50:57.0645 8560 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:50:57.0646 8560 Apple Mobile Device - ok
19:50:57.0650 8560 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
19:50:57.0651 8560 AppMgmt - ok
19:50:57.0655 8560 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
19:50:57.0655 8560 arc - ok
19:50:57.0658 8560 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
19:50:57.0659 8560 arcsas - ok
19:50:57.0669 8560 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:50:57.0670 8560 aspnet_state - ok
19:50:57.0673 8560 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:50:57.0673 8560 AsyncMac - ok
19:50:57.0675 8560 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
19:50:57.0676 8560 atapi - ok
19:50:57.0684 8560 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:50:57.0686 8560 AudioEndpointBuilder - ok
19:50:57.0693 8560 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
19:50:57.0696 8560 AudioSrv - ok
19:50:57.0700 8560 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:50:57.0701 8560 AxInstSV - ok
19:50:57.0707 8560 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
19:50:57.0710 8560 b06bdrv - ok
19:50:57.0716 8560 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
19:50:57.0718 8560 b57nd60a - ok
19:50:57.0721 8560 [ C3D8920A5AAF10A72CEDB57D3339280A ] BCM42RLY C:\Windows\system32\drivers\BCM42RLY.sys
19:50:57.0722 8560 BCM42RLY - ok
19:50:57.0758 8560 [ D20EE58C13FF343B90550861EBCD9DDD ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
19:50:57.0777 8560 BCM43XX - ok
19:50:57.0782 8560 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
19:50:57.0783 8560 BDESVC - ok
19:50:57.0786 8560 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
19:50:57.0786 8560 Beep - ok
19:50:57.0794 8560 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
19:50:57.0797 8560 BFE - ok
19:50:57.0807 8560 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
19:50:57.0811 8560 BITS - ok
19:50:57.0814 8560 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
19:50:57.0814 8560 blbdrive - ok
19:50:57.0820 8560 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:50:57.0824 8560 Bonjour Service - ok
19:50:57.0827 8560 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:50:57.0828 8560 bowser - ok
19:50:57.0831 8560 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
19:50:57.0832 8560 BrFiltLo - ok
19:50:57.0834 8560 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
19:50:57.0835 8560 BrFiltUp - ok
19:50:57.0838 8560 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
19:50:57.0839 8560 Browser - ok
19:50:57.0844 8560 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:50:57.0846 8560 Brserid - ok
19:50:57.0849 8560 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:50:57.0850 8560 BrSerWdm - ok
19:50:57.0852 8560 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:50:57.0852 8560 BrUsbMdm - ok
19:50:57.0855 8560 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:50:57.0855 8560 BrUsbSer - ok
19:50:57.0858 8560 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
19:50:57.0858 8560 BthEnum - ok
19:50:57.0861 8560 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
19:50:57.0862 8560 BTHMODEM - ok
19:50:57.0866 8560 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
19:50:57.0867 8560 BthPan - ok
19:50:57.0873 8560 [ 64C198198501F7560EE41D8D1EFA7952 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
19:50:57.0877 8560 BTHPORT - ok
19:50:57.0880 8560 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
19:50:57.0881 8560 bthserv - ok
19:50:57.0884 8560 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
19:50:57.0885 8560 BTHUSB - ok
19:50:57.0891 8560 [ A0DFB69ADE3444C78B17636FCF28E898 ] BTWAMPFL C:\Windows\system32\DRIVERS\btwampfl.sys
19:50:57.0893 8560 BTWAMPFL - ok
19:50:57.0897 8560 [ 7CF028CE78696882B327FF13D2DFA534 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
19:50:57.0898 8560 btwaudio - ok
19:50:57.0902 8560 [ 3DEF2370E414B4E299673558BA171A51 ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
19:50:57.0903 8560 btwavdt - ok
19:50:57.0914 8560 [ CC9DAE7759AC2C0D19111C0D38DDD232 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
19:50:57.0920 8560 btwdins - ok
19:50:57.0923 8560 [ 9AD0FA253ED531D39FB2D74FE12A5FA9 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
19:50:57.0924 8560 btwl2cap - ok
19:50:57.0927 8560 [ 9937E0E4DFC0030560A6DFE9D3A94B39 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
19:50:57.0927 8560 btwrchid - ok
19:50:57.0930 8560 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:50:57.0931 8560 cdfs - ok
19:50:57.0935 8560 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:50:57.0936 8560 cdrom - ok
19:50:57.0940 8560 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
19:50:57.0940 8560 CertPropSvc - ok
19:50:57.0943 8560 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
19:50:57.0944 8560 circlass - ok
19:50:57.0949 8560 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
19:50:57.0952 8560 CLFS - ok
19:50:57.0957 8560 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:50:57.0958 8560 clr_optimization_v2.0.50727_32 - ok
19:50:57.0962 8560 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:50:57.0963 8560 clr_optimization_v2.0.50727_64 - ok
19:50:57.0969 8560 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:50:57.0970 8560 clr_optimization_v4.0.30319_32 - ok
19:50:57.0974 8560 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:50:57.0975 8560 clr_optimization_v4.0.30319_64 - ok
19:50:57.0978 8560 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:50:57.0978 8560 CmBatt - ok
19:50:57.0981 8560 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:50:57.0982 8560 cmdide - ok
19:50:57.0988 8560 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
19:50:57.0991 8560 CNG - ok
19:50:57.0994 8560 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
19:50:57.0994 8560 Compbatt - ok
19:50:57.0997 8560 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
19:50:57.0998 8560 CompositeBus - ok
19:50:58.0000 8560 COMSysApp - ok
19:50:58.0003 8560 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
19:50:58.0003 8560 crcdisk - ok
19:50:58.0015 8560 [ 6E163FAAF624A03A88DFD92E607DE6E5 ] Credential Vault Host Control Service C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
19:50:58.0022 8560 Credential Vault Host Control Service - ok
19:50:58.0024 8560 [ 8884B4D345DDB029F43AD2E7ADD54A30 ] Credential Vault Host Storage C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
19:50:58.0025 8560 Credential Vault Host Storage - ok
19:50:58.0030 8560 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:50:58.0031 8560 CryptSvc - ok
19:50:58.0038 8560 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
19:50:58.0041 8560 CSC - ok
19:50:58.0049 8560 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
19:50:58.0052 8560 CscService - ok
19:50:58.0056 8560 [ 8CE04A5BDD2CE6E62CE02A1C27093104 ] CtClsFlt C:\Windows\system32\DRIVERS\CtClsFlt.sys
19:50:58.0058 8560 CtClsFlt - ok
19:50:58.0060 8560 [ 44BDDEB03C84A1C993C992FFB5700357 ] CVirtA C:\Windows\system32\DRIVERS\CVirtA64.sys
19:50:58.0061 8560 CVirtA - ok
19:50:58.0076 8560 [ 66257CB4E4FB69887CDDC71663741435 ] CVPND C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
19:50:58.0082 8560 CVPND - ok
19:50:58.0087 8560 [ CC8E52DAA9826064BA464DBE531F2BB5 ] CVPNDRVA C:\Windows\system32\Drivers\CVPNDRVA.sys
19:50:58.0090 8560 CVPNDRVA - ok
19:50:58.0092 8560 [ A84CAAE89B487931200B969D94018AFA ] cvusbdrv C:\Windows\system32\Drivers\cvusbdrv.sys
19:50:58.0093 8560 cvusbdrv - ok
19:50:58.0096 8560 [ 0FEF994D890C92D8F23442BC52D4FEA9 ] d554gps C:\Windows\system32\DRIVERS\d554gps64.sys
19:50:58.0097 8560 d554gps - ok
19:50:58.0102 8560 [ 95DA07E4859396912D8E5630DA5A9324 ] d554scard C:\Windows\system32\DRIVERS\d554scard.sys
19:50:58.0102 8560 d554scard - ok
19:50:58.0110 8560 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
19:50:58.0113 8560 DcomLaunch - ok
19:50:58.0120 8560 [ 3562C84415080B8B0C4D695A43372E3E ] dcpsysmgrsvc c:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
19:50:58.0123 8560 dcpsysmgrsvc - ok
19:50:58.0128 8560 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
19:50:58.0130 8560 defragsvc - ok
19:50:58.0134 8560 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:50:58.0134 8560 DfsC - ok
19:50:58.0140 8560 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
19:50:58.0142 8560 Dhcp - ok
19:50:58.0145 8560 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
19:50:58.0145 8560 discache - ok
19:50:58.0149 8560 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
19:50:58.0150 8560 Disk - ok
19:50:58.0153 8560 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
19:50:58.0154 8560 dmvsc - ok
19:50:58.0157 8560 [ 05CB5910B3CA6019FC3CCA815EE06FFB ] DNE C:\Windows\system32\DRIVERS\dne64x.sys
19:50:58.0158 8560 DNE - ok
19:50:58.0162 8560 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:50:58.0164 8560 Dnscache - ok
19:50:58.0169 8560 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
19:50:58.0170 8560 dot3svc - ok
19:50:58.0174 8560 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
19:50:58.0175 8560 DPS - ok
19:50:58.0177 8560 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:50:58.0178 8560 drmkaud - ok
19:50:58.0188 8560 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:50:58.0194 8560 DXGKrnl - ok
19:50:58.0199 8560 [ EAFCB4551836FF44EE775CEDDFA7A77E ] e1cexpress C:\Windows\system32\DRIVERS\e1c62x64.sys
19:50:58.0202 8560 e1cexpress - ok
19:50:58.0205 8560 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
19:50:58.0206 8560 EapHost - ok
19:50:58.0233 8560 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
19:50:58.0252 8560 ebdrv - ok
19:50:58.0256 8560 [ F88F2E5806FC405B0FA94B7947A5875E ] ecnssndis C:\Windows\system32\Drivers\wwuss64.sys
19:50:58.0256 8560 ecnssndis - ok
19:50:58.0259 8560 [ C8CD88218EFC28F7E44A9892B3E97F4D ] ecnssndisfltr C:\Windows\system32\Drivers\wwussf64.sys
19:50:58.0260 8560 ecnssndisfltr - ok
19:50:58.0263 8560 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
19:50:58.0264 8560 EFS - ok
19:50:58.0273 8560 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:50:58.0276 8560 ehRecvr - ok
19:50:58.0279 8560 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
19:50:58.0280 8560 ehSched - ok
19:50:58.0287 8560 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
19:50:58.0290 8560 elxstor - ok
19:50:58.0292 8560 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:50:58.0293 8560 ErrDev - ok
19:50:58.0301 8560 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
19:50:58.0304 8560 EventSystem - ok
19:50:58.0304 8560 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
19:50:58.0304 8560 exfat - ok
19:50:58.0304 8560 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:50:58.0304 8560 fastfat - ok
19:50:58.0319 8560 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
19:50:58.0319 8560 Fax - ok
19:50:58.0319 8560 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
19:50:58.0319 8560 fdc - ok
19:50:58.0319 8560 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
19:50:58.0335 8560 fdPHost - ok
19:50:58.0335 8560 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
19:50:58.0335 8560 FDResPub - ok
19:50:58.0335 8560 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:50:58.0335 8560 FileInfo - ok
19:50:58.0335 8560 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:50:58.0335 8560 Filetrace - ok
19:50:58.0335 8560 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
19:50:58.0335 8560 flpydisk - ok
19:50:58.0350 8560 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:50:58.0350 8560 FltMgr - ok
19:50:58.0350 8560 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
19:50:58.0366 8560 FontCache - ok
19:50:58.0366 8560 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:50:58.0366 8560 FontCache3.0.0.0 - ok
19:50:58.0366 8560 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:50:58.0366 8560 FsDepends - ok
19:50:58.0366 8560 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:50:58.0366 8560 Fs_Rec - ok
19:50:58.0382 8560 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:50:58.0382 8560 fvevol - ok
19:50:58.0382 8560 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
19:50:58.0382 8560 gagp30kx - ok
19:50:58.0382 8560 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:50:58.0382 8560 GEARAspiWDM - ok
19:50:58.0397 8560 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
19:50:58.0397 8560 gpsvc - ok
19:50:58.0397 8560 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:50:58.0397 8560 gupdate - ok
19:50:58.0413 8560 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:50:58.0413 8560 gupdatem - ok
19:50:58.0413 8560 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:50:58.0413 8560 hcw85cir - ok
19:50:58.0413 8560 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
19:50:58.0413 8560 HDAudBus - ok
19:50:58.0413 8560 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
19:50:58.0413 8560 HidBatt - ok
19:50:58.0428 8560 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
19:50:58.0428 8560 HidBth - ok
19:50:58.0428 8560 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
19:50:58.0428 8560 HidIr - ok
19:50:58.0428 8560 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
19:50:58.0428 8560 hidserv - ok
19:50:58.0428 8560 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:50:58.0428 8560 HidUsb - ok
19:50:58.0428 8560 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:50:58.0444 8560 hkmsvc - ok
19:50:58.0444 8560 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:50:58.0444 8560 HomeGroupListener - ok
19:50:58.0444 8560 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:50:58.0444 8560 HomeGroupProvider - ok
19:50:58.0460 8560 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
19:50:58.0460 8560 HpSAMD - ok
19:50:58.0460 8560 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:50:58.0460 8560 HTTP - ok
19:50:58.0475 8560 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:50:58.0475 8560 hwpolicy - ok
19:50:58.0475 8560 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
19:50:58.0475 8560 i8042prt - ok
19:50:58.0475 8560 [ D7921D5A870B11CC1ADAB198A519D50A ] iaStor C:\Windows\system32\drivers\iaStor.sys
19:50:58.0475 8560 iaStor - ok
19:50:58.0491 8560 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
19:50:58.0491 8560 iaStorV - ok
19:50:58.0506 8560 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:50:58.0506 8560 idsvc - ok
19:50:58.0616 8560 [ 20D7FBBBBFC60F2799A42D36AD6F633E ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
19:50:58.0725 8560 igfx - ok
19:50:58.0725 8560 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
19:50:58.0725 8560 iirsp - ok
19:50:58.0740 8560 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
19:50:58.0740 8560 IKEEXT - ok
19:50:58.0740 8560 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
19:50:58.0740 8560 IntcDAud - ok
19:50:58.0756 8560 [ 28D387EEFAD7CC3A0BEB9C3262E83ADD ] Intel(R) PROSet Monitoring Service C:\Windows\system32\IProsetMonitor.exe
19:50:58.0756 8560 Intel(R) PROSet Monitoring Service - ok
19:50:58.0756 8560 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
19:50:58.0756 8560 intelide - ok
19:50:58.0756 8560 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:50:58.0756 8560 intelppm - ok
19:50:58.0756 8560 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:50:58.0756 8560 IPBusEnum - ok
19:50:58.0772 8560 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:50:58.0772 8560 IpFilterDriver - ok
19:50:58.0772 8560 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:50:58.0772 8560 iphlpsvc - ok
19:50:58.0772 8560 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
19:50:58.0787 8560 IPMIDRV - ok
19:50:58.0787 8560 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:50:58.0787 8560 IPNAT - ok
19:50:58.0787 8560 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
19:50:58.0803 8560 iPod Service - ok
19:50:58.0803 8560 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:50:58.0803 8560 IRENUM - ok
19:50:58.0803 8560 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:50:58.0803 8560 isapnp - ok
19:50:58.0803 8560 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
19:50:58.0818 8560 iScsiPrt - ok
19:50:58.0818 8560 [ 3B794CA0DE73790420DEBA3C759F1502 ] jhi_service C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
19:50:58.0818 8560 jhi_service - ok
19:50:58.0818 8560 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
19:50:58.0818 8560 kbdclass - ok
19:50:58.0818 8560 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
19:50:58.0818 8560 kbdhid - ok
19:50:58.0834 8560 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
19:50:58.0834 8560 KeyIso - ok
19:50:58.0834 8560 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:50:58.0834 8560 KSecDD - ok
19:50:58.0834 8560 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:50:58.0834 8560 KSecPkg - ok
19:50:58.0834 8560 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
19:50:58.0834 8560 ksthunk - ok
19:50:58.0850 8560 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
19:50:58.0850 8560 KtmRm - ok
19:50:58.0850 8560 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
19:50:58.0850 8560 LanmanServer - ok
19:50:58.0865 8560 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:50:58.0865 8560 LanmanWorkstation - ok
19:50:58.0865 8560 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:50:58.0865 8560 lltdio - ok
19:50:58.0865 8560 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:50:58.0881 8560 lltdsvc - ok
19:50:58.0881 8560 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:50:58.0881 8560 lmhosts - ok
19:50:58.0881 8560 [ DB083F1D27BA8A59CABB00F0A0FB6F84 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
19:50:58.0881 8560 LMS - ok
19:50:58.0896 8560 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
19:50:58.0896 8560 LSI_FC - ok
19:50:58.0896 8560 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
19:50:58.0896 8560 LSI_SAS - ok
19:50:58.0896 8560 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
19:50:58.0896 8560 LSI_SAS2 - ok
19:50:58.0896 8560 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
19:50:58.0896 8560 LSI_SCSI - ok
19:50:58.0912 8560 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
19:50:58.0912 8560 luafv - ok
19:50:58.0912 8560 [ 0845DA0BFF1AF5C57DE4DD97ACAF2FCD ] Mbm3CBus C:\Windows\system32\DRIVERS\Mbm3CBus.sys
19:50:58.0912 8560 Mbm3CBus - ok
19:50:58.0928 8560 [ DB6FA599AA79324E287C4EAF6020DA37 ] Mbm3DevMt C:\Windows\system32\DRIVERS\Mbm3DevMt.sys
19:50:58.0928 8560 Mbm3DevMt - ok
19:50:58.0928 8560 [ 2F71EDB697752D409B9983F0E1D88F70 ] Mbm3mdfl C:\Windows\system32\DRIVERS\Mbm3mdfl.sys
19:50:58.0928 8560 Mbm3mdfl - ok
19:50:58.0928 8560 [ 21B412A36DE3CCFE4E13383B88CFC90C ] Mbm3Mdm C:\Windows\system32\DRIVERS\Mbm3Mdm.sys
19:50:58.0943 8560 Mbm3Mdm - ok
19:50:58.0943 8560 [ 0BE09CD858ABF9DF6E***D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:50:58.0943 8560 Mcx2Svc - ok
19:50:58.0943 8560 [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
19:50:58.0943 8560 MDM - ok
19:50:58.0943 8560 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
19:50:58.0943 8560 megasas - ok
19:50:58.0959 8560 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
19:50:58.0959 8560 MegaSR - ok
19:50:58.0959 8560 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
19:50:58.0959 8560 MEIx64 - ok
19:50:58.0959 8560 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
19:50:58.0959 8560 MMCSS - ok
19:50:58.0974 8560 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
19:50:58.0974 8560 Modem - ok
19:50:58.0974 8560 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:50:58.0974 8560 monitor - ok
19:50:58.0974 8560 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:50:58.0974 8560 mouclass - ok
19:50:58.0974 8560 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:50:58.0974 8560 mouhid - ok
19:50:58.0974 8560 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:50:58.0990 8560 mountmgr - ok
19:50:58.0990 8560 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
19:50:58.0990 8560 mpio - ok
19:50:58.0990 8560 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:50:58.0990 8560 mpsdrv - ok
19:50:59.0006 8560 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
19:50:59.0006 8560 MpsSvc - ok
19:50:59.0006 8560 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:50:59.0006 8560 MRxDAV - ok
19:50:59.0021 8560 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:50:59.0021 8560 mrxsmb - ok
19:50:59.0021 8560 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:50:59.0021 8560 mrxsmb10 - ok
19:50:59.0021 8560 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:50:59.0021 8560 mrxsmb20 - ok
19:50:59.0037 8560 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
19:50:59.0037 8560 msahci - ok
19:50:59.0037 8560 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:50:59.0037 8560 msdsm - ok
19:50:59.0037 8560 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
19:50:59.0037 8560 MSDTC - ok
19:50:59.0052 8560 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:50:59.0052 8560 Msfs - ok
19:50:59.0052 8560 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:50:59.0052 8560 mshidkmdf - ok
19:50:59.0052 8560 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:50:59.0052 8560 msisadrv - ok
19:50:59.0052 8560 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:50:59.0052 8560 MSiSCSI - ok
19:50:59.0052 8560 msiserver - ok
19:50:59.0068 8560 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:50:59.0068 8560 MSKSSRV - ok
19:50:59.0068 8560 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:50:59.0068 8560 MSPCLOCK - ok
19:50:59.0068 8560 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:50:59.0068 8560 MSPQM - ok
19:50:59.0068 8560 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:50:59.0084 8560 MsRPC - ok
19:50:59.0084 8560 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
19:50:59.0084 8560 mssmbios - ok
19:50:59.0084 8560 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:50:59.0084 8560 MSTEE - ok
19:50:59.0084 8560 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
19:50:59.0084 8560 MTConfig - ok
19:50:59.0084 8560 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
19:50:59.0084 8560 Mup - ok
19:50:59.0099 8560 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
19:50:59.0099 8560 napagent - ok
19:50:59.0099 8560 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:50:59.0115 8560 NativeWifiP - ok
19:50:59.0115 8560 [ C38B8AE57F78915905064A9A24DC1586 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:50:59.0115 8560 NDIS - ok
19:50:59.0130 8560 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:50:59.0130 8560 NdisCap - ok
19:50:59.0130 8560 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:50:59.0130 8560 NdisTapi - ok
19:50:59.0130 8560 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:50:59.0130 8560 Ndisuio - ok
19:50:59.0130 8560 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:50:59.0130 8560 NdisWan - ok
19:50:59.0146 8560 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:50:59.0146 8560 NDProxy - ok
19:50:59.0146 8560 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:50:59.0146 8560 NetBIOS - ok
19:50:59.0146 8560 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:50:59.0146 8560 NetBT - ok
19:50:59.0146 8560 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
19:50:59.0146 8560 Netlogon - ok
19:50:59.0162 8560 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
19:50:59.0162 8560 Netman - ok
19:50:59.0162 8560 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:50:59.0162 8560 NetMsmqActivator - ok
19:50:59.0162 8560 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:50:59.0177 8560 NetPipeActivator - ok
19:50:59.0177 8560 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
19:50:59.0177 8560 netprofm - ok
19:50:59.0177 8560 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:50:59.0177 8560 NetTcpActivator - ok
19:50:59.0177 8560 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:50:59.0193 8560 NetTcpPortSharing - ok
19:50:59.0193 8560 [ 73CE12B8BDD747B0063CB0A7EF44CEA7 ] netvsc C:\Windows\system32\DRIVERS\netvsc60.sys
19:50:59.0193 8560 netvsc - ok
19:50:59.0193 8560 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
19:50:59.0193 8560 nfrd960 - ok
19:50:59.0193 8560 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:50:59.0208 8560 NlaSvc - ok
19:50:59.0208 8560 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:50:59.0208 8560 Npfs - ok
19:50:59.0208 8560 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
19:50:59.0208 8560 nsi - ok
19:50:59.0208 8560 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:50:59.0208 8560 nsiproxy - ok
19:50:59.0224 8560 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:50:59.0240 8560 Ntfs - ok
19:50:59.0240 8560 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
19:50:59.0240 8560 Null - ok
19:50:59.0240 8560 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:50:59.0240 8560 nvraid - ok
19:50:59.0255 8560 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:50:59.0255 8560 nvstor - ok
19:50:59.0255 8560 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:50:59.0255 8560 nv_agp - ok
19:50:59.0255 8560 [ 4E37455DB16AEC75862B1D0BC35B589E ] O2FLASH C:\Windows\system32\DRIVERS\o2flash.exe
19:50:59.0255 8560 O2FLASH - ok
19:50:59.0255 8560 [ 6172DB160FC566CF24307941C0E94D8E ] O2MDFRDR C:\Windows\system32\drivers\O2MDFw7x64.sys
19:50:59.0271 8560 O2MDFRDR - ok
19:50:59.0271 8560 [ 8ED738ABA394BBF6D7802698BE453112 ] O2MDRRDR C:\Windows\system32\DRIVERS\O2MDRw7x64.sys
19:50:59.0271 8560 O2MDRRDR - ok
19:50:59.0286 8560 [ 4635935FC972C582632BF45C26BFCB0E ] O2SDIOAssist c:\Windows\SysWOW64\srvany.exe
19:50:59.0286 8560 O2SDIOAssist - ok
19:50:59.0286 8560 [ A9C1E6B7C134FAD124338B7944FA996D ] O2SDJRDR C:\Windows\system32\DRIVERS\o2sdjw7x64.sys
19:50:59.0286 8560 O2SDJRDR - ok
19:50:59.0286 8560 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:50:59.0302 8560 odserv - ok
19:50:59.0302 8560 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:50:59.0302 8560 ohci1394 - ok
19:50:59.0302 8560 [ 3825F59AE3277880D04A620CCA8CF3EA ] OpenVPNService C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe
19:50:59.0302 8560 OpenVPNService - ok
19:50:59.0302 8560 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:50:59.0302 8560 ose - ok
19:50:59.0318 8560 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:50:59.0318 8560 p2pimsvc - ok
19:50:59.0318 8560 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
19:50:59.0318 8560 p2psvc - ok
19:50:59.0333 8560 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
19:50:59.0333 8560 Parport - ok
19:50:59.0333 8560 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:50:59.0333 8560 partmgr - ok
19:50:59.0333 8560 [ 363B3F857ABEE85767E01E3044C539CD ] PBADRV C:\Windows\system32\DRIVERS\PBADRV.sys
19:50:59.0333 8560 PBADRV - ok
19:50:59.0349 8560 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
19:50:59.0349 8560 PcaSvc - ok
19:50:59.0349 8560 [ BC0018C2D29F655188A0ED3FA94FDB24 ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
19:50:59.0349 8560 pccsmcfd - ok
19:50:59.0349 8560 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
19:50:59.0349 8560 pci - ok
19:50:59.0349 8560 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
19:50:59.0349 8560 pciide - ok
19:50:59.0364 8560 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
19:50:59.0364 8560 pcmcia - ok
19:50:59.0364 8560 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
19:50:59.0364 8560 pcw - ok
19:50:59.0364 8560 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:50:59.0380 8560 PEAUTH - ok
19:50:59.0396 8560 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
19:50:59.0396 8560 PeerDistSvc - ok
19:50:59.0396 8560 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
19:50:59.0396 8560 PerfHost - ok
19:50:59.0411 8560 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
19:50:59.0427 8560 pla - ok
19:50:59.0427 8560 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:50:59.0442 8560 PlugPlay - ok
19:50:59.0442 8560 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:50:59.0442 8560 PNRPAutoReg - ok
19:50:59.0442 8560 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:50:59.0442 8560 PNRPsvc - ok
19:50:59.0458 8560 [ 4F0878FD62D5F7444C5F1C4C66D9D293 ] Point64 C:\Windows\system32\DRIVERS\point64.sys
19:50:59.0458 8560 Point64 - ok
19:50:59.0458 8560 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:50:59.0458 8560 PolicyAgent - ok
19:50:59.0474 8560 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
19:50:59.0474 8560 Power - ok
19:50:59.0474 8560 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:50:59.0474 8560 PptpMiniport - ok
19:50:59.0474 8560 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
19:50:59.0474 8560 Processor - ok
19:50:59.0474 8560 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
19:50:59.0489 8560 ProfSvc - ok
19:50:59.0489 8560 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:50:59.0489 8560 ProtectedStorage - ok
19:50:59.0489 8560 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:50:59.0489 8560 Psched - ok
19:50:59.0505 8560 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
19:50:59.0520 8560 ql2300 - ok
19:50:59.0520 8560 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
19:50:59.0520 8560 ql40xx - ok
19:50:59.0520 8560 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
19:50:59.0520 8560 QWAVE - ok
19:50:59.0520 8560 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:50:59.0536 8560 QWAVEdrv - ok
19:50:59.0536 8560 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:50:59.0536 8560 RasAcd - ok
19:50:59.0536 8560 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:50:59.0536 8560 RasAgileVpn - ok
19:50:59.0536 8560 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
19:50:59.0536 8560 RasAuto - ok
19:50:59.0536 8560 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:50:59.0552 8560 Rasl2tp - ok
19:50:59.0552 8560 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
19:50:59.0552 8560 RasMan - ok
19:50:59.0552 8560 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:50:59.0552 8560 RasPppoe - ok
19:50:59.0567 8560 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:50:59.0567 8560 RasSstp - ok
19:50:59.0567 8560 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:50:59.0567 8560 rdbss - ok
19:50:59.0567 8560 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
19:50:59.0567 8560 rdpbus - ok
19:50:59.0567 8560 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:50:59.0567 8560 RDPCDD - ok
19:50:59.0583 8560 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
19:50:59.0583 8560 RDPDR - ok
19:50:59.0583 8560 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:50:59.0583 8560 RDPENCDD - ok
19:50:59.0583 8560 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:50:59.0583 8560 RDPREFMP - ok
19:50:59.0598 8560 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
19:50:59.0598 8560 RdpVideoMiniport - ok
19:50:59.0598 8560 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:50:59.0598 8560 RDPWD - ok
19:50:59.0598 8560 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:50:59.0598 8560 rdyboost - ok
19:50:59.0614 8560 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:50:59.0614 8560 RemoteAccess - ok
19:50:59.0614 8560 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:50:59.0614 8560 RemoteRegistry - ok
19:50:59.0614 8560 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
19:50:59.0614 8560 RFCOMM - ok
19:50:59.0630 8560 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:50:59.0630 8560 RpcEptMapper - ok
19:50:59.0630 8560 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
19:50:59.0630 8560 RpcLocator - ok
19:50:59.0630 8560 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
19:50:59.0630 8560 RpcSs - ok
19:50:59.0645 8560 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:50:59.0645 8560 rspndr - ok
19:50:59.0645 8560 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
19:50:59.0645 8560 s3cap - ok
19:50:59.0645 8560 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
19:50:59.0645 8560 SamSs - ok
19:50:59.0661 8560 [ A0540477B5283DD06642A184756C63FF ] SAVAdminService C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
19:50:59.0661 8560 SAVAdminService - ok
19:50:59.0676 8560 [ 2192AE4D310ADB821B38595150F5A384 ] SAVOnAccess C:\Windows\system32\DRIVERS\savonaccess.sys
19:50:59.0676 8560 SAVOnAccess - ok
19:50:59.0676 8560 [ B8A272D4E91EFB366E16BEA0FA42D7EE ] SAVService C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
19:50:59.0676 8560 SAVService - ok
19:50:59.0676 8560 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:50:59.0676 8560 sbp2port - ok
19:50:59.0692 8560 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:50:59.0692 8560 SCardSvr - ok
19:50:59.0692 8560 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:50:59.0692 8560 scfilter - ok
19:50:59.0708 8560 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
19:50:59.0708 8560 Schedule - ok
19:50:59.0708 8560 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
19:50:59.0708 8560 SCPolicySvc - ok
19:50:59.0723 8560 [ 7D67AEABEB597C602EDB5B3AE316E96A ] sdcfilter C:\Windows\system32\DRIVERS\sdcfilter.sys
19:50:59.0723 8560 sdcfilter - ok
19:50:59.0723 8560 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:50:59.0723 8560 SDRSVC - ok
19:50:59.0723 8560 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:50:59.0723 8560 secdrv - ok
19:50:59.0723 8560 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
19:50:59.0723 8560 seclogon - ok
19:50:59.0754 8560 [ F3D951071C624137430FE65A67541EF9 ] SecureStorageService C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe
19:50:59.0770 8560 SecureStorageService - ok
19:50:59.0770 8560 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
19:50:59.0770 8560 SENS - ok
19:50:59.0770 8560 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:50:59.0770 8560 SensrSvc - ok
19:50:59.0786 8560 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
19:50:59.0786 8560 Serenum - ok
19:50:59.0786 8560 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
19:50:59.0786 8560 Serial - ok
19:50:59.0786 8560 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
19:50:59.0786 8560 sermouse - ok
19:50:59.0801 8560 [ C15B813F2FDB44F87F23312472C6E790 ] ServiceLayer C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
19:50:59.0801 8560 ServiceLayer - ok
19:50:59.0801 8560 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
19:50:59.0801 8560 SessionEnv - ok
19:50:59.0817 8560 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:50:59.0817 8560 sffdisk - ok
19:50:59.0817 8560 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:50:59.0817 8560 sffp_mmc - ok
19:50:59.0817 8560 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:50:59.0817 8560 sffp_sd - ok
19:50:59.0817 8560 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
19:50:59.0817 8560 sfloppy - ok
19:50:59.0832 8560 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:50:59.0832 8560 SharedAccess - ok
19:50:59.0832 8560 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:50:59.0832 8560 ShellHWDetection - ok
19:50:59.0848 8560 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
19:50:59.0848 8560 SiSRaid2 - ok
19:50:59.0848 8560 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
19:50:59.0848 8560 SiSRaid4 - ok
19:50:59.0848 8560 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
19:50:59.0848 8560 SkypeUpdate - ok
19:50:59.0848 8560 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:50:59.0864 8560 Smb - ok
19:50:59.0864 8560 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:50:59.0864 8560 SNMPTRAP - ok
19:50:59.0864 8560 [ 3068CF091B4334B998380E9C877F5549 ] Sophos Agent C:\Program Files (x86)\Sophos\Remote Management System\ManagementAgentNT.exe
19:50:59.0879 8560 Sophos Agent - ok
19:50:59.0879 8560 [ 8A12AB5DE877B8F97D5EE70E16A5C9B2 ] Sophos AutoUpdate Service C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
19:50:59.0879 8560 Sophos AutoUpdate Service - ok
19:50:59.0879 8560 [ 1C3D8A4B93A97E3C46B3D01F6F321DC4 ] Sophos Message Router C:\Program Files (x86)\Sophos\Remote Management System\RouterNT.exe
19:50:59.0895 8560 Sophos Message Router - ok
19:50:59.0895 8560 [ BD03374253F79CE7A716A870DC85BD84 ] Sophos Web Control Service C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
19:50:59.0895 8560 Sophos Web Control Service - ok
19:50:59.0895 8560 [ 69FBE35A8165ADBC313AA7F64B868CA1 ] SophosBootDriver C:\Windows\system32\DRIVERS\SophosBootDriver.sys
19:50:59.0910 8560 SophosBootDriver - ok
19:50:59.0910 8560 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
19:50:59.0910 8560 spldr - ok
19:50:59.0910 8560 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
19:50:59.0910 8560 Spooler - ok
19:50:59.0973 8560 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
19:50:59.0988 8560 sppsvc - ok
19:50:59.0988 8560 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:50:59.0988 8560 sppuinotify - ok
19:50:59.0988 8560 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
19:50:59.0988 8560 srv - ok
19:51:00.0004 8560 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:51:00.0004 8560 srv2 - ok
19:51:00.0004 8560 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:51:00.0004 8560 srvnet - ok
19:51:00.0020 8560 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:51:00.0020 8560 SSDPSRV - ok
19:51:00.0020 8560 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:51:00.0020 8560 SstpSvc - ok
19:51:00.0020 8560 [ B2D8B364A831427A5741F6C408FA8AE3 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
19:51:00.0020 8560 STacSV - ok
19:51:00.0035 8560 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
19:51:00.0035 8560 stexstor - ok
19:51:00.0035 8560 [ EF5ACDE92BA3F691BBFEF781CB063501 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
19:51:00.0035 8560 STHDA - ok
19:51:00.0051 8560 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
19:51:00.0051 8560 stisvc - ok
19:51:00.0051 8560 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
19:51:00.0051 8560 storvsc - ok
19:51:00.0051 8560 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
19:51:00.0066 8560 swenum - ok
19:51:00.0082 8560 [ ED5C98B3642744BA819002B983E9D2DF ] swi_service C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
19:51:00.0098 8560 swi_service - ok
19:51:00.0113 8560 [ C9CEDA9CA43A533942ACDEEB0AAF72F0 ] swi_update_64 C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe
19:51:00.0129 8560 swi_update_64 - ok
19:51:00.0144 8560 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
19:51:00.0144 8560 swprv - ok
19:51:00.0144 8560 [ C3A39C4079305480972D29C44B868C78 ] Synth3dVsc C:\Windows\system32\drivers\Synth3dVsc.sys
19:51:00.0144 8560 Synth3dVsc - ok
19:51:00.0144 8560 [ 4CDD7DF58730D23BA9CB5829A6E2ECEA ] SynthVid C:\Windows\system32\DRIVERS\VMBusVideoM.sys
19:51:00.0144 8560 SynthVid - ok
19:51:00.0160 8560 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
19:51:00.0176 8560 SysMain - ok
19:51:00.0176 8560 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:51:00.0176 8560 TabletInputService - ok
19:51:00.0176 8560 [ F0B9D3ED88E56D3CD713DFF21E42AAF0 ] tap0901 C:\Windows\system32\DRIVERS\tap0901.sys
19:51:00.0191 8560 tap0901 - ok
19:51:00.0191 8560 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
19:51:00.0191 8560 TapiSrv - ok
19:51:00.0191 8560 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
19:51:00.0191 8560 TBS - ok
19:51:00.0207 8560 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:51:00.0222 8560 Tcpip - ok
19:51:00.0238 8560 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:51:00.0254 8560 TCPIP6 - ok
19:51:00.0254 8560 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:51:00.0254 8560 tcpipreg - ok
19:51:00.0269 8560 [ E42D560E2163480E7B586B14ABEB3386 ] tcsd_win32.exe C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
19:51:00.0285 8560 tcsd_win32.exe - ok
19:51:00.0316 8560 [ E76A51F32FA99BE0DE3B8071C9C82E8C ] TdmService C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
19:51:00.0316 8560 TdmService - ok
19:51:00.0332 8560 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:51:00.0332 8560 TDPIPE - ok
19:51:00.0332 8560 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:51:00.0332 8560 TDTCP - ok
19:51:00.0332 8560 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:51:00.0332 8560 tdx - ok
19:51:00.0332 8560 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
19:51:00.0332 8560 TermDD - ok
19:51:00.0347 8560 [ 2B5BDFF688EC9871D7EC5837833374E9 ] terminpt C:\Windows\system32\drivers\terminpt.sys
19:51:00.0347 8560 terminpt - ok
19:51:00.0347 8560 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
19:51:00.0347 8560 TermService - ok
19:51:00.0363 8560 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
19:51:00.0363 8560 Themes - ok
19:51:00.0363 8560 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
19:51:00.0363 8560 THREADORDER - ok
19:51:00.0363 8560 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
19:51:00.0363 8560 TrkWks - ok
19:51:00.0378 8560 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:51:00.0378 8560 TrustedInstaller - ok
19:51:00.0378 8560 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:51:00.0378 8560 tssecsrv - ok
19:51:00.0378 8560 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
19:51:00.0378 8560 TsUsbFlt - ok
19:51:00.0378 8560 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
19:51:00.0378 8560 TsUsbGD - ok
19:51:00.0394 8560 [ E1748D04AE40118B62BC18AC86032192 ] tsusbhub C:\Windows\system32\drivers\tsusbhub.sys
19:51:00.0394 8560 tsusbhub - ok
19:51:00.0394 8560 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:51:00.0394 8560 tunnel - ok
19:51:00.0394 8560 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
19:51:00.0394 8560 uagp35 - ok
19:51:00.0410 8560 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:51:00.0410 8560 udfs - ok
19:51:00.0410 8560 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:51:00.0410 8560 UI0Detect - ok
19:51:00.0410 8560 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:51:00.0410 8560 uliagpkx - ok
19:51:00.0410 8560 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
19:51:00.0425 8560 umbus - ok
19:51:00.0425 8560 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
19:51:00.0425 8560 UmPass - ok
19:51:00.0425 8560 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
19:51:00.0425 8560 UmRdpService - ok
19:51:00.0456 8560 [ 07AE0C9F64C4D83ABAA816EE23548D6D ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
19:51:00.0472 8560 UNS - ok
19:51:00.0472 8560 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
19:51:00.0472 8560 upnphost - ok
19:51:00.0472 8560 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
19:51:00.0472 8560 USBAAPL64 - ok
19:51:00.0488 8560 [ 19AD7990C0B67E48DAC5B26F99628223 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:51:00.0488 8560 usbccgp - ok
19:51:00.0488 8560 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:51:00.0488 8560 usbcir - ok
19:51:00.0488 8560 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
19:51:00.0488 8560 usbehci - ok
19:51:00.0488 8560 [ 8B892002D7B79312821169A14317AB86 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:51:00.0503 8560 usbhub - ok
19:51:00.0503 8560 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
19:51:00.0503 8560 usbohci - ok
19:51:00.0503 8560 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
19:51:00.0503 8560 usbprint - ok
19:51:00.0503 8560 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:51:00.0503 8560 USBSTOR - ok
19:51:00.0519 8560 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
19:51:00.0519 8560 usbuhci - ok
19:51:00.0519 8560 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
19:51:00.0519 8560 usbvideo - ok
19:51:00.0519 8560 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
19:51:00.0519 8560 UxSms - ok
19:51:00.0519 8560 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
19:51:00.0519 8560 VaultSvc - ok
19:51:00.0534 8560 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
19:51:00.0534 8560 vdrvroot - ok
19:51:00.0534 8560 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
19:51:00.0534 8560 vds - ok
19:51:00.0534 8560 [ 00C7DF4F50962BA218AB60D32869100B ] vflt C:\Windows\system32\DRIVERS\vfilter.sys
19:51:00.0550 8560 vflt - ok
19:51:00.0550 8560 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:51:00.0550 8560 vga - ok
19:51:00.0550 8560 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
19:51:00.0550 8560 VgaSave - ok
19:51:00.0550 8560 VGPU - ok
19:51:00.0550 8560 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
19:51:00.0566 8560 vhdmp - ok
19:51:00.0566 8560 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
19:51:00.0566 8560 viaide - ok
19:51:00.0566 8560 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
19:51:00.0566 8560 VMBusHID - ok
19:51:00.0566 8560 [ A99CA064AD11266FE7067A79BF78BBB5 ] vnet C:\Windows\system32\DRIVERS\virtualnet.sys
19:51:00.0566 8560 vnet - ok
19:51:00.0566 8560 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:51:00.0566 8560 volmgr - ok
19:51:00.0581 8560 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:51:00.0581 8560 volmgrx - ok
19:51:00.0581 8560 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:51:00.0581 8560 volsnap - ok
19:51:00.0597 8560 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
19:51:00.0597 8560 vsmraid - ok
19:51:00.0612 8560 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
19:51:00.0612 8560 VSS - ok
19:51:00.0612 8560 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
19:51:00.0612 8560 vwifibus - ok
19:51:00.0628 8560 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
19:51:00.0628 8560 vwififlt - ok
19:51:00.0628 8560 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
19:51:00.0628 8560 W32Time - ok
19:51:00.0628 8560 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
19:51:00.0644 8560 WacomPen - ok
19:51:00.0644 8560 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:51:00.0644 8560 WANARP - ok
19:51:00.0644 8560 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:51:00.0644 8560 Wanarpv6 - ok
19:51:00.0659 8560 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
19:51:00.0659 8560 wbengine - ok
19:51:00.0675 8560 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:51:00.0675 8560 WbioSrvc - ok
19:51:00.0675 8560 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:51:00.0675 8560 wcncsvc - ok
19:51:00.0690 8560 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:51:00.0690 8560 WcsPlugInService - ok
19:51:00.0690 8560 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
19:51:00.0690 8560 Wd - ok
19:51:00.0690 8560 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:51:00.0706 8560 Wdf01000 - ok
19:51:00.0706 8560 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:51:00.0706 8560 WdiServiceHost - ok
19:51:00.0706 8560 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:51:00.0706 8560 WdiSystemHost - ok
19:51:00.0706 8560 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
19:51:00.0722 8560 WebClient - ok
19:51:00.0722 8560 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:51:00.0722 8560 Wecsvc - ok
19:51:00.0722 8560 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:51:00.0722 8560 wercplsupport - ok
19:51:00.0722 8560 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
19:51:00.0737 8560 WerSvc - ok
19:51:00.0737 8560 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:51:00.0737 8560 WfpLwf - ok
19:51:00.0737 8560 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:51:00.0737 8560 WIMMount - ok
19:51:00.0737 8560 WinDefend - ok
19:51:00.0737 8560 WinHttpAutoProxySvc - ok
19:51:00.0753 8560 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:51:00.0753 8560 Winmgmt - ok
19:51:00.0768 8560 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
19:51:00.0784 8560 WinRM - ok
19:51:00.0784 8560 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.sys
19:51:00.0784 8560 WinUsb - ok
19:51:00.0800 8560 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
19:51:00.0800 8560 Wlansvc - ok
19:51:00.0800 8560 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
19:51:00.0800 8560 wlcrasvc - ok
19:51:00.0831 8560 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:51:00.0846 8560 wlidsvc - ok
19:51:00.0846 8560 [ 55DBB16FDC57808615323389241FDC99 ] wltrysvc C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
19:51:00.0846 8560 wltrysvc - ok
19:51:00.0846 8560 WMCoreService - ok
19:51:00.0846 8560 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
19:51:00.0846 8560 WmiAcpi - ok
19:51:00.0862 8560 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:51:00.0862 8560 wmiApSrv - ok
19:51:00.0862 8560 WMPNetworkSvc - ok
19:51:00.0862 8560 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:51:00.0862 8560 WPCSvc - ok
19:51:00.0862 8560 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:51:00.0862 8560 WPDBusEnum - ok
19:51:00.0878 8560 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:51:00.0878 8560 ws2ifsl - ok
19:51:00.0878 8560 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
19:51:00.0878 8560 wscsvc - ok
19:51:00.0878 8560 WSearch - ok
19:51:00.0909 8560 [ 9DF12EDBC698B0BC353B3EF84861E430 ] wuauserv C:\Windows\system32\wuaueng.dll
19:51:00.0909 8560 wuauserv - ok
19:51:00.0909 8560 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:51:00.0924 8560 WudfPf - ok
19:51:00.0924 8560 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:51:00.0924 8560 WUDFRd - ok
19:51:00.0924 8560 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:51:00.0924 8560 wudfsvc - ok
19:51:00.0924 8560 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
19:51:00.0940 8560 WwanSvc - ok
19:51:00.0940 8560 [ DDA7CD9F319AA76385F24BB2BD320044 ] WwanUsbServ C:\Windows\system32\DRIVERS\WwanUsbMp64.sys
19:51:00.0940 8560 WwanUsbServ - ok
19:51:00.0956 8560 ================ Scan global ===============================
19:51:00.0956 8560 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:51:00.0956 8560 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
19:51:00.0971 8560 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
19:51:00.0971 8560 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:51:00.0971 8560 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:51:00.0971 8560 [Global] - ok
19:51:00.0971 8560 ================ Scan MBR ==================================
19:51:00.0987 8560 [ CB934311BBECE27BDA7580C74EA38717 ] \Device\Harddisk0\DR0
19:51:01.0127 8560 \Device\Harddisk0\DR0 - ok
19:51:01.0127 8560 ================ Scan VBR ==================================
19:51:01.0127 8560 [ 3350578F41415F2BAAFC5C37FB8685F5 ] \Device\Harddisk0\DR0\Partition1
19:51:01.0127 8560 \Device\Harddisk0\DR0\Partition1 - ok
19:51:01.0127 8560 [ F7AC6783A5C33F734CAB4BCE59287F88 ] \Device\Harddisk0\DR0\Partition2
19:51:01.0127 8560 \Device\Harddisk0\DR0\Partition2 - ok
19:51:01.0127 8560 [ DBAB5BEC731B8F7D9BDED2AC42169CB1 ] \Device\Harddisk0\DR0\Partition3
19:51:01.0127 8560 \Device\Harddisk0\DR0\Partition3 - ok
19:51:01.0127 8560 ============================================================
19:51:01.0127 8560 Scan finished
19:51:01.0127 8560 ============================================================
19:51:01.0143 1592 Detected object count: 0
19:51:01.0143 1592 Actual detected object count: 0
__________________

Alt 23.11.2012, 20:02   #4
ryder
/// TB-Ausbilder
 
Sophos meldet im Speicher: Troj/ZbotMem-B - Standard

Sophos meldet im Speicher: Troj/ZbotMem-B



CODE und nicht QUOTE Tags bitte.
Zitat:
Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Dann bitte jetzt Combofix ausführen:

Scan mit Combofix
Zitat:
WARNUNG:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
Digitale Freibeuter gegen Malware!
Keine Hilfe per PM!

Alt 24.11.2012, 00:25   #5
DailyDose
 
Sophos meldet im Speicher: Troj/ZbotMem-B - Standard

Sophos meldet im Speicher: Troj/ZbotMem-B



ComboFix:
[CODE]
Combofix Logfile:
Code:
ATTFilter
ComboFix 12-11-23.02 - *** 24.11.2012   1:08.1.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.8073.5362 [GMT 1:00]
ausgeführt von:: d:\benutzer\***\Desktop\ComboFix.exe
AV: Sophos Anti-Virus *Disabled/Updated* {65FBD860-96D8-75EF-C7ED-7BE27E6C498A}
SP: Sophos Anti-Virus *Disabled/Updated* {DE9A3984-B0E2-7A61-FD5D-409005EB0337}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
c:\windows\security\Database\tmp.edb
c:\windows\SysWow64\instsrv.exe
d:\benutzer\***\AppData\Roaming\Aqoqlo
d:\benutzer\***\AppData\Roaming\Aqoqlo\nyuq.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-10-24 bis 2012-11-24  ))))))))))))))))))))))))))))))
.
.
2012-11-24 00:11 . 2012-11-24 00:11	--------	d-----w-	d:\benutzer\Default\AppData\Local\temp
2012-11-23 18:33 . 2012-11-23 18:33	--------	d-----w-	c:\windows\ERUNT
2012-11-23 18:33 . 2012-11-23 18:33	--------	d-----w-	C:\JRT
2012-11-23 11:44 . 2012-11-08 17:24	9125352	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{EB365840-F82A-4C63-92AF-6077F2DCD4F6}\mpengine.dll
2012-11-23 09:37 . 2012-11-23 09:37	--------	d-----w-	d:\benutzer\***\AppData\Roaming\Malwarebytes
2012-11-23 09:36 . 2012-11-23 09:36	--------	d-----w-	c:\programdata\Malwarebytes
2012-11-23 09:36 . 2012-11-23 09:36	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-11-23 09:36 . 2012-09-29 18:54	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-11-19 14:44 . 2012-11-24 00:04	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2012-11-19 14:44 . 2012-11-24 00:04	--------	d-----w-	c:\program files (x86)\Spybot - Search & Destroy
2012-11-19 14:37 . 2012-11-19 14:37	73728	----a-r-	d:\benutzer\***\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-11-19 14:37 . 2012-11-19 14:37	73728	----a-r-	d:\benutzer\***\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-11-19 14:37 . 2012-11-19 14:37	73728	----a-r-	d:\benutzer\***\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2012-11-19 13:05 . 2012-11-19 13:05	--------	d-----w-	c:\program files\Enigma Software Group
2012-11-19 13:05 . 2012-11-19 13:07	--------	d-----w-	c:\windows\83B952C7F8F34CA3B4C533C85B24E478.TMP
2012-11-19 13:05 . 2012-11-19 13:05	--------	d-----w-	c:\program files (x86)\Common Files\Wise Installation Wizard
2012-11-19 12:52 . 2012-11-19 12:52	--------	d-----w-	d:\benutzer\***\AppData\Roaming\DriverCure
2012-11-19 12:26 . 2012-11-19 12:26	--------	d-----w-	c:\program files (x86)\Common Files\Cisco Systems
2012-11-19 12:26 . 2012-11-19 12:00	37400	----a-w-	c:\windows\system32\SophosBootTasks.exe
2012-11-19 12:12 . 2012-11-19 12:12	36640	----a-w-	c:\windows\system32\drivers\sdcfilter.sys
2012-11-19 12:01 . 2012-11-19 12:01	144672	----a-w-	c:\windows\system32\drivers\savonaccess.sys
2012-11-19 11:56 . 2012-11-19 11:56	183024	----a-w-	c:\windows\system32\sdccoinstaller.dll
2012-11-19 11:35 . 2012-11-19 11:41	--------	d-----w-	C:\fixupdate
2012-11-15 08:18 . 2012-11-23 12:45	--------	d-----w-	c:\program files\Nightly
2012-11-13 20:49 . 2012-11-13 20:49	--------	d-----w-	d:\benutzer\***\AppData\Local\Sophos
2012-11-13 20:35 . 2012-11-23 13:12	--------	d-----w-	d:\benutzer\***\AppData\Roaming\Lyhu
2012-11-13 20:35 . 2012-11-13 20:35	--------	d-----w-	d:\benutzer\***\AppData\Roaming\Eswat
2012-11-12 19:37 . 2012-11-13 12:14	--------	d-----w-	c:\programdata\SFlash
2012-11-12 19:37 . 2012-11-13 21:08	--------	d-----w-	c:\program files (x86)\ScreenCam
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-19 11:27 . 2012-10-02 08:31	226186	----a-w-	C:\FixUpdate.vbs
2012-11-14 07:58 . 2012-06-20 09:03	697272	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-14 07:58 . 2011-06-28 13:03	73656	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-03 19:59 . 2012-09-03 19:59	95208	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-03 19:59 . 2012-06-20 03:39	821736	----a-w-	c:\windows\SysWow64\npdeployJava1.dll
2012-09-03 19:59 . 2011-06-23 18:43	746984	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-08-26 17:30 . 2010-09-20 12:51	499712	----a-w-	c:\windows\SysWow64\msvcp71.dll
2012-08-26 17:30 . 2006-10-20 20:23	348160	----a-w-	c:\windows\SysWow64\msvcr71.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"NokiaSuite.exe"="c:\program files (x86)\Nokia\Nokia Suite\NokiaSuite.exe" [2012-05-16 1084840]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"FreePDF Assistant"="c:\program files (x86)\FreePDF_XP\fpassist.exe" [2011-02-23 371200]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"Sophos AutoUpdate Monitor"="c:\program files (x86)\Sophos\AutoUpdate\almon.exe" [2012-11-19 900160]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-08-26 296096]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Chatter Desktop.lnk - c:\program files (x86)\salesforce.com\Chatter Desktop\Chatter Desktop.exe [2012-11-4 142336]
.
d:\benutzer\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Chatter Desktop.lnk - c:\program files (x86)\salesforce.com\Chatter Desktop\Chatter Desktop.exe [2012-11-4 142336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLogonScripts"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~2\Sophos\SOPHOS~1\sophos_detoured.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1766616536-2676184462-1655401747-6430\Scripts\Logon\0\0]
"Script"=\\***.local\NETLOGON\workstations.bat
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001
.
R1 vflt;Shrew Soft Lightweight Filter;c:\windows\system32\DRIVERS\vfilter.sys [2010-09-02 21504]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 swi_update_64;Sophos Web Intelligence Update;c:\programdata\Sophos\Web Intelligence\swi_update_64.exe [2012-11-19 2009664]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-03 2656280]
R3 d554gps;Dell Wireless  HSPA Mini-Card GPS Port;c:\windows\system32\DRIVERS\d554gps64.sys [2010-12-02 101416]
R3 d554scard;Dell Wireless  HSPA Mini-Card USIM Port;c:\windows\system32\DRIVERS\d554scard.sys [2010-11-19 61992]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 ecnssndis; Mobile Broadband Driver;c:\windows\system32\Drivers\wwuss64.sys [2010-02-24 26664]
R3 ecnssndisfltr; Mobile Broadband Driver Filter;c:\windows\system32\Drivers\wwussf64.sys [2010-02-24 30248]
R3 Mbm3CBus;Dell Wireless 5550 HSPA+ Mini-Card Device (WDM);c:\windows\system32\DRIVERS\Mbm3CBus.sys [2010-11-01 411208]
R3 Mbm3DevMt;Dell Wireless  HSPA Mini-Card Device Management Driver (WDM);c:\windows\system32\DRIVERS\Mbm3DevMt.sys [2010-11-01 419912]
R3 Mbm3mdfl;Dell Wireless  HSPA Mini-Card Modem Filter;c:\windows\system32\DRIVERS\Mbm3mdfl.sys [2010-11-01 19528]
R3 Mbm3Mdm;Dell Wireless  HSPA Mini-Card Modem Driver;c:\windows\system32\DRIVERS\Mbm3Mdm.sys [2010-11-01 472648]
R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys [2010-11-21 168448]
R3 O2MDFRDR;O2MDFRDR;c:\windows\system32\drivers\O2MDFw7x64.sys [2011-01-03 72808]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
R3 sdcfilter;sdcfilter;c:\windows\system32\DRIVERS\sdcfilter.sys [2012-11-19 36640]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-21 88960]
R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys [2010-11-21 22528]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 vnet;Shrew Soft Virtual Adapter;c:\windows\system32\DRIVERS\virtualnet.sys [2010-09-02 17408]
R3 WwanUsbServ;Mobile Broadband Driver;c:\windows\system32\DRIVERS\WwanUsbMp64.sys [2011-02-08 276520]
R4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys [2012-06-20 25608]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 SAVOnAccess;SAVOnAccess;c:\windows\system32\DRIVERS\savonaccess.sys [2012-11-19 144672]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2010-10-28 1035680]
S2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2010-10-28 36768]
S2 dcpsysmgrsvc;Dell System Manager Service;c:\program files\Dell\Dell System Manager\DCPSysMgrSvc.exe [2011-01-20 517488]
S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2010-09-22 165032]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2010-11-29 210896]
S2 O2SDIOAssist;O2SDIOAssist;c:\windows\SysWOW64\srvany.exe [2003-04-19 8192]
S2 SAVAdminService;Sophos Anti-Virus Statusreporter;c:\program files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2012-11-19 216640]
S2 SAVService;Sophos Anti-Virus;c:\program files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [2012-11-19 139840]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
S2 Sophos Web Control Service;Sophos Web Control Service;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [2012-11-19 357400]
S2 swi_service;Sophos Web Intelligence Service;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2012-11-19 2869824]
S2 WMCoreService;Mobile Broadband Service;c:\program files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe servicemode [x]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2011-06-23 349736]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-06-23 39464]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-09-16 172960]
S3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys [2010-08-24 38440]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 O2MDRRDR;O2MDRRDR;c:\windows\system32\DRIVERS\O2MDRw7x64.sys [2011-01-03 74984]
S3 O2SDJRDR;O2SDJRDR;c:\windows\system32\DRIVERS\o2sdjw7x64.sys [2011-03-23 83560]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-03 21:10]
.
2012-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-03 21:10]
.
2012-11-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1766616536-2676184462-1655401747-6430Core.job
- d:\benutzer\***\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-20 17:43]
.
2012-11-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1766616536-2676184462-1655401747-6430UA.job
- d:\benutzer\***\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-20 17:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2011-03-04 21:12	139128	----a-w-	c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2011-03-04 21:12	139128	----a-w-	c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-01-05 592240]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~2\Sophos\SOPHOS~1\sophos_detoured_x64.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Free YouTube to MP3 Converter - d:\benutzer\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - c:\program files (x86)\ICQ7M\ICQ.exe
LSP: c:\programdata\Sophos\Web Intelligence\swi_ifslsp.dll
Trusted Zone: ***.local
TCP: DhcpNameServer = 192.168.11.1
FF - ProfilePath - d:\benutzer\***\AppData\Roaming\Mozilla\Firefox\Profiles\exsvstcb.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-Efubriiqz - d:\benutzer\***\AppData\Roaming\Aqoqlo\nyuq.exe
Toolbar-Locked - (no file)
AddRemove-Free YouTube to MP3 Converter_is1 - c:\program files (x86)\Common Files\DVDVideoSoft\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Sophos Message Router]
"ImagePath"="\"c:\program files (x86)\Sophos\Remote Management System\RouterNT.exe\" -service -name Router -ORBListenEndpoints iiop://:8193/ssl_port=8194"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\DRIVERS\o2flash.exe
c:\windows\sysWOW64\SDIOAssist.exe
c:\program files (x86)\Sophos\Remote Management System\ManagementAgentNT.exe
c:\program files (x86)\Sophos\AutoUpdate\ALsvc.exe
c:\program files (x86)\Sophos\Remote Management System\RouterNT.exe
c:\program files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-11-24  01:14:59 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-11-24 00:14
.
Vor Suchlauf: 14 Verzeichnis(se), 21.731.639.296 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 21.299.142.656 Bytes frei
.
- - End Of File - - 64295FFD6A6040AEAB97A6BD72EC3984
         
--- --- ---


Alt 24.11.2012, 09:14   #6
ryder
/// TB-Ausbilder
 
Sophos meldet im Speicher: Troj/ZbotMem-B - Standard

Sophos meldet im Speicher: Troj/ZbotMem-B



Okay.

Zitat:
Lesestoff:
******
Du hast deinen Namen unkenntlich gemacht. Dies macht es auch gleichzeitig schwerer für mich deine Logfiles auszuwerten und dir ein Fixskript zu schreiben. Mache deinen Namen bitte nur dann unkenntlich, wenn es unbedingt nötig ist. Entscheidest du dich dennoch dazu mußt du jedesmal die *** wieder gegen den Benutzernamen austauschen.
Schritt 1:
Deinstalliere Spybot

Schritt 2:
Customscan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
  • Stelle folgendes ein:
    • Haken bei "Alle Benutzer scannen" und "Inklusive 64bit Scans"
    • Ausgabe: Minimal
    • Benutze SafeList in jedem Feld.
    • Haken bei "Benutze Hersteller-Whitelist"
    • Dateien erstellt und verändert innerhalb Datei-Alter
    • Haken bei LOP Prüfung und Purity Prüfung
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:
ATTFilter
activex
netsvcs
msconfig
drivers32
safebootminimal
safebootnetwork
%SYSTEMDRIVE%\*.
%SYSTEMDRIVE%\*.*
%PROGRAMFILES%\*.*
%PROGRAMFILES(X86)%\*.*
%appdata%\*. 
%appdata%\*.* 
%localappdata%\*. 
%localappdata%\*.*
%allusersprofile%\*. 
%allusersprofile%\*.*
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Scan Button.
  • Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread (möglichst in CODE-Tags)

__________________
--> Sophos meldet im Speicher: Troj/ZbotMem-B

Alt 24.11.2012, 09:43   #7
DailyDose
 
Sophos meldet im Speicher: Troj/ZbotMem-B - Standard

Sophos meldet im Speicher: Troj/ZbotMem-B



Hallo ryder,

1. Spybot war bereits deinstalliert, nur der Ordner in Programme(x86) war noch vorhanden.

2. OTL:
Code:
ATTFilter
OTL logfile created on: 24.11.2012 10:32:53 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = d:\benutzer\DailyDose\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,88 Gb Total Physical Memory | 5,89 Gb Available Physical Memory | 74,70% Memory free
15,77 Gb Paging File | 13,61 Gb Available in Paging File | 86,30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 59,95 Gb Total Space | 19,88 Gb Free Space | 33,16% Space Free | Partition Type: NTFS
Drive D: | 58,52 Gb Total Space | 48,18 Gb Free Space | 82,33% Space Free | Partition Type: NTFS
 
Computer Name: P1275 | User Name: DailyDose | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC -  File not found
PRC - d:\benutzer\DailyDose\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe (Sophos Limited)
PRC - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
PRC - C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe (Nokia)
PRC - C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe (Ericsson AB)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation)
PRC - c:\Windows\SysWOW64\SDIOAssist.exe (O2Micro.)
PRC - C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - c:\Windows\SysWOW64\srvany.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (wltrysvc) -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE (Dell Inc.)
SRV:64bit: - (Intel(R) -- C:\Windows\SysNative\IPROSetMonitor.exe (Intel Corporation)
SRV:64bit: - (O2FLASH) -- C:\Windows\SysNative\drivers\o2flash.exe (O2Micro International)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (Sophos AutoUpdate Service) -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe (Sophos Limited)
SRV - (swi_update_64) -- C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe (Sophos Limited)
SRV - (Sophos Web Control Service) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe (Sophos Limited)
SRV - (SAVAdminService) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Limited)
SRV - (swi_service) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe (Sophos Limited)
SRV - (SAVService) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Limited)
SRV - (Sophos Message Router) -- C:\Program Files (x86)\Sophos\Remote Management System\RouterNT.exe (Sophos Limited)
SRV - (Sophos Agent) -- C:\Program Files (x86)\Sophos\Remote Management System\ManagementAgentNT.exe (Sophos Limited)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (OpenVPNService) -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe ()
SRV - (TdmService) -- C:\Programme\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe (Wave Systems Corp.)
SRV - (WMCoreService) -- C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe (Ericsson AB)
SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (STacSV) -- C:\Programme\IDT\WDM\stacsv64.exe (IDT, Inc.)
SRV - (dcpsysmgrsvc) -- c:\Programme\Dell\Dell System Manager\DCPSysMgrSvc.exe (Dell Inc.)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation)
SRV - (SecureStorageService) -- C:\Programme\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe (Wave Systems Corp.)
SRV - (Credential Vault Host Storage) -- C:\Programme\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe (Broadcom Corporation)
SRV - (Credential Vault Host Control Service) -- C:\Programme\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe (Broadcom Corporation)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (tcsd_win32.exe) -- C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe ()
SRV - (CVPND) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AESTFilters) -- C:\Programme\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (O2SDIOAssist) -- c:\Windows\SysWOW64\srvany.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (sdcfilter) -- C:\Windows\SysNative\drivers\sdcfilter.sys (Sophos Limited)
DRV:64bit: - (SAVOnAccess) -- C:\Windows\SysNative\drivers\savonaccess.sys (Sophos Limited)
DRV:64bit: - (SophosBootDriver) -- C:\Windows\SysNative\drivers\SophosBootDriver.sys (Sophos Plc)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (e1cexpress) -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation)
DRV:64bit: - (BTWAMPFL) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (O2SDJRDR) -- C:\Windows\SysNative\drivers\o2sdjw7x64.sys (O2Micro )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (WwanUsbServ) -- C:\Windows\SysNative\drivers\WwanUsbMp64.sys (Ericsson AB)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (BCM42RLY) -- C:\Windows\SysNative\drivers\bcm42rly.sys (Broadcom Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (O2MDRRDR) -- C:\Windows\SysNative\drivers\O2MDRw7x64.sys (O2Micro )
DRV:64bit: - (O2MDFRDR) -- C:\Windows\SysNative\drivers\o2mdfw7x64.sys (O2Micro )
DRV:64bit: - (d554gps) -- C:\Windows\SysNative\drivers\d554gps64.sys (Ericsson AB)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (netvsc) -- C:\Windows\SysNative\drivers\netvsc60.sys (Microsoft Corporation)
DRV:64bit: - (tsusbhub) -- C:\Windows\SysNative\drivers\tsusbhub.sys (Microsoft Corporation)
DRV:64bit: - (Synth3dVsc) -- C:\Windows\SysNative\drivers\Synth3dVsc.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (SynthVid) -- C:\Windows\SysNative\drivers\VMBusVideoM.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (d554scard) -- C:\Windows\SysNative\drivers\d554scard.sys (Ericsson AB)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (Mbm3Mdm) -- C:\Windows\SysNative\drivers\Mbm3Mdm.sys (MCCI Corporation)
DRV:64bit: - (Mbm3DevMt) -- C:\Windows\SysNative\drivers\Mbm3DevMt.sys (MCCI Corporation)
DRV:64bit: - (Mbm3CBus) -- C:\Windows\SysNative\drivers\Mbm3CBus.sys (MCCI Corporation)
DRV:64bit: - (Mbm3mdfl) -- C:\Windows\SysNative\drivers\Mbm3mdfl.sys (MCCI Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (vflt) -- C:\Windows\SysNative\drivers\vfilter.sys (Shrew Soft Inc)
DRV:64bit: - (vnet) -- C:\Windows\SysNative\drivers\virtualnet.sys (Shrew Soft Inc)
DRV:64bit: - (cvusbdrv) -- C:\Windows\SysNative\drivers\cvusbdrv.sys (Broadcom Corporation)
DRV:64bit: - (CVPNDRVA) -- C:\Windows\SysNative\drivers\CVPNDRVA.sys ()
DRV:64bit: - (ecnssndisfltr) -- C:\Windows\SysNative\drivers\wwussf64.sys (Ericsson AB)
DRV:64bit: - (ecnssndis) -- C:\Windows\SysNative\drivers\wwuss64.sys (Ericsson AB)
DRV:64bit: - (CVirtA) -- C:\Windows\SysNative\drivers\CVirtA64.sys (Cisco Systems, Inc.)
DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (DNE) -- C:\Windows\SysNative\drivers\dne64x.sys (Deterministic Networks, Inc.)
DRV:64bit: - (PBADRV) -- C:\Windows\SysNative\drivers\PBADRV.SYS (Dell Inc)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1766616536-2676184462-1655401747-6430\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de
IE - HKU\S-1-5-21-1766616536-2676184462-1655401747-6430\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
IE - HKU\S-1-5-21-1766616536-2676184462-1655401747-6430\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1766616536-2676184462-1655401747-6430\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0a1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: d:\benutzer\DailyDose\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: d:\benutzer\DailyDose\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Nightly 19.0a1\extensions\\Components: C:\PROGRAM FILES\NIGHTLY\COMPONENTS [2012.11.15 09:18:45 | 000,000,000 | ---D | M]
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Nightly 19.0a1\extensions\\Plugins: C:\PROGRAM FILES\NIGHTLY\PLUGINS
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Optimization Client\addon\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.08.26 18:30:32 | 000,000,000 | ---D | M]
 
[2012.11.15 09:18:52 | 000,000,000 | ---D | M] (No name found) -- d:\benutzer\DailyDose\AppData\Roaming\mozilla\Extensions
[2012.11.15 09:15:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.06.20 04:39:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.08.26 18:30:30 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
[2012.06.28 16:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = d:\benutzer\DailyDose\AppData\Local\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = d:\benutzer\DailyDose\AppData\Local\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = d:\benutzer\DailyDose\AppData\Local\Google\Chrome\Application\23.0.1271.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Java Deployment Toolkit 7.0.50.5 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll
CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Google Update (Enabled) = d:\benutzer\DailyDose\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: Angry Birds = d:\benutzer\DailyDose\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: 3DTin = d:\benutzer\DailyDose\AppData\Local\Google\Chrome\User Data\Default\Extensions\algoakekcdmbbikdjgjdahbfihboglmi\1.1_0\
CHR - Extension: YouTube = d:\benutzer\DailyDose\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google-Suche = d:\benutzer\DailyDose\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: YouTube to mp3 (YouTube para mp3) = d:\benutzer\DailyDose\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjbocjlkojbicepeolmlkpjihlmkdebn\1.0_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = d:\benutzer\DailyDose\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: YouTube Downloader: MP3 / HD Video Download = d:\benutzer\DailyDose\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkkeahicimadnjhdamcladhobabaafbg\13.0_0\
CHR - Extension: Youtube MP3 + Video Downloader = d:\benutzer\DailyDose\AppData\Local\Google\Chrome\User Data\Default\Extensions\magnmielaieppaikfanmmcikphdbkkki\1.3.13.0_0\
CHR - Extension: Youtube MP3 + Video Downloader | 1-Click Download = d:\benutzer\DailyDose\AppData\Local\Google\Chrome\User Data\Default\Extensions\mndodlfhmlpbndlojoinhgibacnpgajk\1.0.15.1_0\
CHR - Extension: Google Mail = d:\benutzer\DailyDose\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2012.11.24 01:13:27 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe (Sophos Limited)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-1766616536-2676184462-1655401747-6430..\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
O4 - Startup: d:\benutzer\DailyDose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Chatter Desktop.lnk = C:\Program Files (x86)\salesforce.com\Chatter Desktop\Chatter Desktop.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\New Windows present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\New Windows present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\New Windows present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\New Windows present
O7 - HKU\S-1-5-21-1766616536-2676184462-1655401747-6430\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1766616536-2676184462-1655401747-6430\Software\Policies\Microsoft\Internet Explorer\New Windows present
O7 - HKU\S-1-5-21-1766616536-2676184462-1655401747-6430\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1766616536-2676184462-1655401747-6430\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1766616536-2676184462-1655401747-6430\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogonScripts = 0
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - d:\benutzer\DailyDose\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - d:\benutzer\DailyDose\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O13 - gopher Prefix: missing
O15:64bit: - ..Trusted Domains: DailyDoseDomain.local ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1766616536-2676184462-1655401747-6430\..Trusted Domains: DailyDoseDomain.local ([]http in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 10.5.1)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.11.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = DailyDoseDomain.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0C404084-3182-48FB-AE83-645E3B00FEC0}: DhcpNameServer = 192.168.11.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\saphtmlp - No CLSID value found
O18:64bit: - Protocol\Handler\sapr3 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll (SAP, Walldorf)
O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll (SAP, Walldorf)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\sophos_detoured_x64.dll) - C:\PROGRA~2\Sophos\SOPHOS~1\sophos_detoured_x64.dll (Sophos Limited)
O20 - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\sophos_detoured.dll) - C:\PROGRA~2\Sophos\SOPHOS~1\sophos_detoured.dll (Sophos Limited)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\spba: DllName - (C:\Program Files\Common Files\SPBA\homefus2.dll) - C:\Programme\Common Files\SPBA\homefus2.dll (UPEK Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.11.19 14:05:34 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe - (Broadcom Corporation.)
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Dell System Manager.lnk - C:\Programme\Dell\Dell System Manager\DCPSysMgr.exe - (Dell Inc.)
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Bing Bar - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: Broadcom Wireless Manager UI - hkey= - key= - C:\Programme\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)
MsConfig:64bit - StartUpReg: Dell Webcam Central - hkey= - key= - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
MsConfig:64bit - StartUpReg: FreeFallProtection - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: HotKeysCmds - hkey= - key= - C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
MsConfig:64bit - StartUpReg: IgfxTray - hkey= - key= - C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
MsConfig:64bit - StartUpReg: IMSS - hkey= - key= - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
MsConfig:64bit - StartUpReg: Microsoft Default Manager - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: MobileConnect - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: Persistence - hkey= - key= - C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - StartUpReg: SysTrayApp - hkey= - key= - C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SAVService - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Limited)
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SAVService - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Limited)
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.24 01:15:08 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.11.24 01:13:28 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012.11.24 01:07:32 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.11.24 01:07:32 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.11.24 01:07:32 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.11.24 01:07:30 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012.11.24 01:07:20 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.11.24 01:07:14 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.11.24 01:03:23 | 005,005,971 | R--- | C] (Swearware) -- d:\benutzer\DailyDose\Desktop\ComboFix.exe
[2012.11.23 19:50:08 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- d:\benutzer\DailyDose\Desktop\tdsskiller.exe
[2012.11.23 19:40:20 | 004,732,416 | ---- | C] (AVAST Software) -- d:\benutzer\DailyDose\Desktop\aswMBR.exe
[2012.11.23 19:33:35 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2012.11.23 19:33:21 | 000,000,000 | ---D | C] -- C:\JRT
[2012.11.23 11:21:28 | 000,602,112 | ---- | C] (OldTimer Tools) -- d:\benutzer\DailyDose\Desktop\OTL.exe
[2012.11.23 10:37:00 | 000,000,000 | ---D | C] -- d:\benutzer\DailyDose\AppData\Roaming\Malwarebytes
[2012.11.23 10:36:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.11.23 10:36:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.11.23 10:36:45 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.11.23 10:36:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.11.19 15:44:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012.11.19 15:37:09 | 000,000,000 | ---D | C] -- d:\benutzer\DailyDose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
[2012.11.19 14:05:24 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012.11.19 14:05:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012.11.19 13:52:59 | 000,000,000 | ---D | C] -- d:\benutzer\DailyDose\AppData\Roaming\DriverCure
[2012.11.19 13:26:36 | 000,037,400 | ---- | C] (Sophos Limited) -- C:\Windows\SysNative\SophosBootTasks.exe
[2012.11.19 13:26:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Cisco Systems
[2012.11.19 13:26:10 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012.11.19 13:12:44 | 000,036,640 | ---- | C] (Sophos Limited) -- C:\Windows\SysNative\drivers\sdcfilter.sys
[2012.11.19 13:01:05 | 000,144,672 | ---- | C] (Sophos Limited) -- C:\Windows\SysNative\drivers\savonaccess.sys
[2012.11.19 12:56:48 | 000,183,024 | ---- | C] (Sophos Plc) -- C:\Windows\SysNative\sdccoinstaller.dll
[2012.11.19 12:35:36 | 000,000,000 | ---D | C] -- C:\fixupdate
[2012.11.19 12:04:03 | 000,212,032 | ---- | C] (Sophos Limited) -- d:\benutzer\DailyDose\Desktop\FixIssues.exe
[2012.11.17 23:57:39 | 000,000,000 | ---D | C] -- d:\benutzer\DailyDose\Desktop\Auto-Fotos
[2012.11.15 09:18:47 | 000,000,000 | ---D | C] -- d:\benutzer\DailyDose\AppData\Roaming\Mozilla
[2012.11.15 09:18:44 | 000,000,000 | ---D | C] -- C:\Program Files\Nightly
[2012.11.13 21:49:43 | 000,000,000 | ---D | C] -- d:\benutzer\DailyDose\AppData\Local\Sophos
[2012.11.13 21:35:07 | 000,000,000 | ---D | C] -- d:\benutzer\DailyDose\AppData\Roaming\Lyhu
[2012.11.13 21:35:07 | 000,000,000 | ---D | C] -- d:\benutzer\DailyDose\AppData\Roaming\Eswat
[2012.11.12 20:38:14 | 000,000,000 | ---D | C] -- d:\benutzer\DailyDose\Documents\ScreenCam
[2012.11.12 20:37:26 | 000,000,000 | ---D | C] -- C:\ProgramData\SFlash
[2012.11.12 20:37:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ScreenCam
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.24 10:33:06 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.24 10:24:38 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1766616536-2676184462-1655401747-6430UA.job
[2012.11.24 10:24:38 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.24 10:24:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.24 10:24:34 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1766616536-2676184462-1655401747-6430Core.job
[2012.11.24 01:25:20 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.24 01:25:20 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.24 01:23:25 | 001,621,244 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.11.24 01:23:25 | 000,700,418 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.11.24 01:23:25 | 000,655,090 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.11.24 01:23:25 | 000,149,182 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.11.24 01:23:25 | 000,121,962 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.24 01:19:06 | 000,001,006 | ---- | M] () -- d:\benutzer\DailyDose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Chatter Desktop.lnk
[2012.11.24 01:17:59 | 2053,816,319 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.24 01:13:27 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.11.24 01:03:55 | 005,005,971 | R--- | M] (Swearware) -- d:\benutzer\DailyDose\Desktop\ComboFix.exe
[2012.11.23 19:50:15 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- d:\benutzer\DailyDose\Desktop\tdsskiller.exe
[2012.11.23 19:48:33 | 000,000,512 | ---- | M] () -- d:\benutzer\DailyDose\Desktop\MBR.dat
[2012.11.23 19:40:50 | 004,732,416 | ---- | M] (AVAST Software) -- d:\benutzer\DailyDose\Desktop\aswMBR.exe
[2012.11.23 19:32:42 | 000,897,867 | ---- | M] () -- d:\benutzer\DailyDose\Desktop\JRT.exe
[2012.11.23 11:21:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- d:\benutzer\DailyDose\Desktop\OTL.exe
[2012.11.23 11:19:15 | 000,000,000 | ---- | M] () -- d:\benutzer\DailyDose\defogger_reenable
[2012.11.23 11:18:52 | 000,050,477 | ---- | M] () -- d:\benutzer\DailyDose\Desktop\Defogger.exe
[2012.11.22 16:11:49 | 000,171,297 | ---- | M] () -- d:\benutzer\DailyDose\Desktop\audia6.pdf
[2012.11.19 15:37:09 | 000,003,177 | ---- | M] () -- d:\benutzer\DailyDose\Desktop\Sophos Virus Removal Tool.lnk
[2012.11.19 14:05:34 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2012.11.19 13:12:45 | 000,036,640 | ---- | M] (Sophos Limited) -- C:\Windows\SysNative\drivers\sdcfilter.sys
[2012.11.19 13:01:07 | 000,144,672 | ---- | M] (Sophos Limited) -- C:\Windows\SysNative\drivers\savonaccess.sys
[2012.11.19 13:00:03 | 000,037,400 | ---- | M] (Sophos Limited) -- C:\Windows\SysNative\SophosBootTasks.exe
[2012.11.19 12:56:50 | 000,183,024 | ---- | M] (Sophos Plc) -- C:\Windows\SysNative\sdccoinstaller.dll
[2012.11.19 12:27:08 | 000,226,186 | ---- | M] () -- C:\FixUpdate.vbs
[2012.11.19 12:04:03 | 000,212,032 | ---- | M] (Sophos Limited) -- d:\benutzer\DailyDose\Desktop\FixIssues.exe
[2012.11.13 18:33:42 | 000,312,497 | ---- | M] () -- d:\benutzer\DailyDose\Desktop\Kunden - Scenario.pdf
[2012.11.13 18:30:17 | 002,476,440 | ---- | M] () -- d:\benutzer\DailyDose\Desktop\DailyDoseDomain_BPM.pdf
[2012.11.12 19:56:13 | 000,085,465 | ---- | M] () -- d:\benutzer\DailyDose\Desktop\Liniennetz_Tag.pdf
[2012.11.07 14:35:43 | 000,035,945 | ---- | M] () -- d:\benutzer\DailyDose\Desktop\Clipboard02.png
[2012.11.07 14:34:05 | 000,230,129 | ---- | M] () -- d:\benutzer\DailyDose\Desktop\milesAndMore_antrag.pdf
[2012.11.07 13:24:35 | 000,041,825 | ---- | M] () -- d:\benutzer\DailyDose\Desktop\NetWeaverGesamt.gif
[2012.11.03 12:33:59 | 000,053,528 | ---- | M] () -- d:\benutzer\DailyDose\Desktop\standort_heilbronn_wohlgelegen.jpg
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.11.24 01:07:32 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.11.24 01:07:32 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.11.24 01:07:32 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.11.24 01:07:32 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.11.24 01:07:32 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.11.23 19:48:33 | 000,000,512 | ---- | C] () -- d:\benutzer\DailyDose\Desktop\MBR.dat
[2012.11.23 19:32:34 | 000,897,867 | ---- | C] () -- d:\benutzer\DailyDose\Desktop\JRT.exe
[2012.11.23 11:20:47 | 000,050,477 | ---- | C] () -- d:\benutzer\DailyDose\Desktop\Defogger.exe
[2012.11.23 11:19:15 | 000,000,000 | ---- | C] () -- d:\benutzer\DailyDose\defogger_reenable
[2012.11.22 16:11:49 | 000,171,297 | ---- | C] () -- d:\benutzer\DailyDose\Desktop\audia6.pdf
[2012.11.19 15:37:09 | 000,003,177 | ---- | C] () -- d:\benutzer\DailyDose\Desktop\Sophos Virus Removal Tool.lnk
[2012.11.19 14:05:34 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2012.11.15 09:18:45 | 000,000,876 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nightly.lnk
[2012.11.13 18:33:41 | 000,312,497 | ---- | C] () -- d:\benutzer\DailyDose\Desktop\Kunden - Scenario.pdf
[2012.11.13 18:30:13 | 002,476,440 | ---- | C] () -- d:\benutzer\DailyDose\Desktop\DailyDoseDomain_BPM.pdf
[2012.11.12 19:56:12 | 000,085,465 | ---- | C] () -- d:\benutzer\DailyDose\Desktop\Liniennetz_Tag.pdf
[2012.11.07 14:35:43 | 000,035,945 | ---- | C] () -- d:\benutzer\DailyDose\Desktop\Clipboard02.png
[2012.11.07 14:34:05 | 000,230,129 | ---- | C] () -- d:\benutzer\DailyDose\Desktop\milesAndMore_antrag.pdf
[2012.11.07 13:24:35 | 000,041,825 | ---- | C] () -- d:\benutzer\DailyDose\Desktop\NetWeaverGesamt.gif
[2012.11.03 12:33:59 | 000,053,528 | ---- | C] () -- d:\benutzer\DailyDose\Desktop\standort_heilbronn_wohlgelegen.jpg
[2012.09.19 20:47:15 | 000,120,620 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012.09.18 13:45:40 | 000,000,035 | ---- | C] () -- d:\benutzer\DailyDose\.sapmc
[2012.08.14 18:07:39 | 000,001,473 | ---- | C] () -- d:\benutzer\DailyDose\AppData\Local\recently-used.xbel
[2012.07.01 15:53:24 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2012.06.20 09:55:19 | 000,008,180 | RHS- | C] () -- d:\benutzer\DailyDose\ntuser.pol
[2012.06.20 09:51:42 | 000,002,208 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.06.29 08:35:00 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.06.29 08:30:57 | 000,095,744 | ---- | C] () -- C:\Windows\SysWow64\h5rtf32.dll
[2011.06.29 08:30:57 | 000,051,200 | ---- | C] () -- C:\Windows\SysWow64\h5tool32.dll
[2011.06.29 08:30:56 | 001,064,960 | ---- | C] () -- C:\Windows\SysWow64\h5krnl32.dll
[2011.06.29 08:30:56 | 000,188,928 | ---- | C] () -- C:\Windows\SysWow64\h5icon32.dll
[2011.06.29 08:30:56 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\h5menu32.dll
[2011.06.23 21:31:44 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.06.23 21:31:44 | 000,207,376 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.06.23 21:31:43 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.06.23 19:51:09 | 000,080,368 | ---- | C] () -- C:\Windows\SysWow64\pbadrvdll.dll
[2011.06.23 19:48:48 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2011.06.23 19:46:22 | 000,030,028 | R--- | C] () -- C:\Windows\ConnectionProfiles.dat
[2011.02.11 19:06:36 | 001,599,138 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.11.19 13:52:59 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Roaming\DriverCure
[2012.11.13 21:35:07 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Roaming\Eswat
[2012.09.07 13:50:44 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Roaming\ICQ
[2012.11.23 14:12:22 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Roaming\Lyhu
[2012.07.31 21:06:08 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Roaming\Nokia
[2012.10.07 18:48:57 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Roaming\Notepad++
[2012.07.31 20:49:48 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Roaming\PC Suite
[2012.11.13 22:07:51 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Roaming\Samsung
[2012.06.20 10:09:50 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Roaming\SAP
[2012.06.22 07:33:57 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Roaming\sfdc-desktop.0E7F0072024938CDBA99B20C38B5F315254C2A5B.1
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.11.24 01:13:28 | 000,000,000 | ---D | M] -- C:\$RECYCLE.BIN
[2012.10.13 16:02:14 | 000,000,000 | ---D | M] -- C:\AllShare
[2012.11.24 01:15:09 | 000,000,000 | ---D | M] -- C:\ComboFix
[2012.11.24 01:12:22 | 000,000,000 | ---D | M] -- C:\Config.Msi
[2011.06.28 14:12:06 | 000,000,000 | ---D | M] -- C:\dell
[2012.10.08 17:31:12 | 000,000,000 | ---D | M] -- C:\DevelopmentServer
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011.06.28 11:42:27 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2012.10.13 16:02:31 | 000,000,000 | ---D | M] -- C:\Download
[2011.06.23 21:32:02 | 000,000,000 | ---D | M] -- C:\Drivers
[2012.11.19 12:41:26 | 000,000,000 | ---D | M] -- C:\fixupdate
[2011.06.23 12:38:41 | 000,000,000 | ---D | M] -- C:\Intel
[2012.11.23 19:33:21 | 000,000,000 | ---D | M] -- C:\JRT
[2011.06.29 08:16:57 | 000,000,000 | R--D | M] -- C:\MSOCache
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.11.23 13:45:04 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.11.24 10:27:19 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012.11.24 01:12:22 | 000,000,000 | ---D | M] -- C:\ProgramData
[2011.06.28 11:42:27 | 000,000,000 | -HSD | M] -- C:\Programme
[2012.11.24 01:15:09 | 000,000,000 | ---D | M] -- C:\Qoobox
[2012.11.24 10:34:56 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.06.28 11:47:16 | 000,000,000 | R--D | M] -- C:\Users
[2012.11.24 01:15:08 | 000,000,000 | ---D | M] -- C:\Windows
 
< %SYSTEMDRIVE%\*.* >
[2012.11.19 12:33:04 | 000,002,416 | ---- | M] () -- C:\2012-11-19_12-28-11_#P1275#_000-Output.txt
[2012.11.19 12:28:16 | 000,049,762 | ---- | M] () -- C:\2012-11-19_12-28-11_#P1275#_001-FalsePosAll.txt
[2012.11.19 12:28:16 | 000,000,002 | ---- | M] () -- C:\2012-11-19_12-28-11_#P1275#_002-FalsePosMoved.txt
[2012.11.19 12:28:16 | 000,000,002 | ---- | M] () -- C:\2012-11-19_12-28-11_#P1275#_003-ToRestoreMoved.txt
[2012.11.19 12:28:49 | 000,000,002 | ---- | M] () -- C:\2012-11-19_12-28-11_#P1275#_004-FalsePosDeleted.txt
[2012.11.19 12:28:49 | 000,000,002 | ---- | M] () -- C:\2012-11-19_12-28-11_#P1275#_005-ToRestoreDeleted.txt
[2012.11.19 14:05:34 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2012.11.24 01:14:59 | 000,023,111 | ---- | M] () -- C:\ComboFix.txt
[2011.06.28 15:52:51 | 000,037,536 | ---- | M] () -- C:\debug1214.txt
[2011.06.23 21:36:24 | 000,036,249 | RH-- | M] () -- C:\dell.sdr
[2007.11.07 14:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2012.11.19 12:27:08 | 000,226,186 | ---- | M] () -- C:\FixUpdate.vbs
[2012.11.13 22:04:33 | 000,001,321 | ---- | M] () -- C:\freefallprotection.log
[2007.11.07 14:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2012.11.24 01:17:59 | 2053,816,319 | -HS- | M] () -- C:\hiberfil.sys
[2007.11.07 14:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2012.11.24 01:18:03 | 4170,080,255 | -HS- | M] () -- C:\pagefile.sys
[2012.11.23 19:51:36 | 000,149,524 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_23.11.2012_19.50.36_log.txt
[2007.11.07 14:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007.11.07 14:50:40 | 001,927,956 | ---- | M] () -- C:\VC_RED.cab
[2007.11.07 14:53:12 | 000,242,176 | ---- | M] () -- C:\VC_RED.MSI
 
< %PROGRAMFILES%\*.* >
[2009.07.14 05:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
 
< %PROGRAMFILES(X86)%\*.* >
[2009.07.14 05:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
 
< %appdata%\*.  >
[2012.06.22 07:33:52 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Roaming\Adobe
[2012.07.14 20:13:45 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Roaming\Apple Computer
[2012.06.20 20:25:42 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Roaming\Creative
[2012.11.19 13:52:59 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Roaming\DriverCure
[2012.11.13 21:35:07 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Roaming\Eswat
[2012.09.07 13:50:44 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Roaming\ICQ
[2012.06.20 09:55:23 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Roaming\Identities
[2012.11.23 14:12:22 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Roaming\Lyhu
[2012.02.22 11:08:49 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Roaming\Macromedia
[2012.11.23 10:37:00 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Roaming\Malwarebytes
[2010.11.21 08:00:26 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Roaming\Media Center Programs
[2012.11.23 10:13:37 | 000,000,000 | --SD | M] -- d:\benutzer\DailyDose\AppData\Roaming\Microsoft
[2012.11.15 09:18:52 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Roaming\Mozilla
[2012.07.31 21:06:08 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Roaming\Nokia
[2012.10.07 18:48:57 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Roaming\Notepad++
[2012.07.31 20:49:48 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Roaming\PC Suite
[2012.09.22 20:57:36 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Roaming\Real
[2012.11.13 22:07:51 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Roaming\Samsung
[2012.06.20 10:09:50 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Roaming\SAP
[2012.06.22 07:33:57 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Roaming\sfdc-desktop.0E7F0072024938CDBA99B20C38B5F315254C2A5B.1
[2012.11.24 10:31:06 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Roaming\Skype
[2012.11.19 20:28:27 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Roaming\vlc
[2012.08.20 23:59:25 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Roaming\Winamp
 
< %appdata%\*.*  >
 
< %localappdata%\*.  >
[2012.06.22 07:33:52 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Local\Adobe
[2012.06.20 09:55:16 | 000,000,000 | -HSD | M] -- d:\benutzer\DailyDose\AppData\Local\Anwendungsdaten
[2012.07.14 20:12:54 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Local\Apple
[2012.07.14 20:13:26 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Local\Apple Computer
[2012.06.20 20:01:39 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Local\Broadcom
[2012.10.13 15:50:22 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Local\Downloaded Installations
[2012.08.15 09:54:38 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Local\ElevatedDiagnostics
[2012.08.14 18:01:40 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Local\fontconfig
[2012.10.26 14:55:18 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Local\FreePDF_XP
[2012.08.14 18:01:39 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Local\gegl-0.2
[2012.06.20 18:43:53 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Local\Google
[2012.06.20 10:03:06 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Local\Macromedia
[2012.11.13 22:05:23 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Local\Microsoft
[2012.06.20 19:09:57 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Local\Microsoft Games
[2012.06.20 19:00:38 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Local\Microsoft Help
[2012.06.20 09:58:22 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Local\Mozilla
[2012.07.31 20:49:03 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Local\Nokia
[2012.07.31 20:49:13 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Local\NokiaAccount
[2012.06.20 10:09:50 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Local\SAP
[2012.11.13 21:49:43 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Local\Sophos
[2012.11.24 10:32:56 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Local\Temp
[2012.06.20 09:55:16 | 000,000,000 | -HSD | M] -- d:\benutzer\DailyDose\AppData\Local\Temporary Internet Files
[2012.06.20 09:55:16 | 000,000,000 | -HSD | M] -- d:\benutzer\DailyDose\AppData\Local\Verlauf
[2012.06.20 19:47:36 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Local\XING Connector
 
< %localappdata%\*.* >
[2012.10.13 14:29:16 | 000,086,728 | ---- | M] () -- d:\benutzer\DailyDose\AppData\Local\GDIPFONTCACHEV1.DAT
[2012.11.24 01:17:30 | 019,038,996 | -H-- | M] () -- d:\benutzer\DailyDose\AppData\Local\IconCache.db
[2012.08.14 18:07:39 | 000,001,473 | ---- | M] () -- d:\benutzer\DailyDose\AppData\Local\recently-used.xbel
 
< %allusersprofile%\*.  >
[2012.11.14 10:19:17 | 000,000,000 | ---D | M] -- C:\ProgramData\Adobe
[2011.06.28 11:42:27 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2012.07.14 20:12:54 | 000,000,000 | ---D | M] -- C:\ProgramData\Apple
[2012.07.14 20:13:05 | 000,000,000 | ---D | M] -- C:\ProgramData\Apple Computer
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2011.06.23 19:50:39 | 000,000,000 | ---D | M] -- C:\ProgramData\Broadcom
[2012.06.20 20:25:45 | 000,000,000 | ---D | M] -- C:\ProgramData\Creative
[2011.06.23 19:52:02 | 000,000,000 | ---D | M] -- C:\ProgramData\Dell
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2011.06.28 11:42:27 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2011.06.28 11:42:27 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2011.06.28 15:52:22 | 000,000,000 | ---D | M] -- C:\ProgramData\FLEXnet
[2012.02.22 12:22:40 | 000,000,000 | ---D | M] -- C:\ProgramData\FreePDF
[2011.06.23 20:05:59 | 000,000,000 | ---D | M] -- C:\ProgramData\Intel
[2012.11.23 10:36:46 | 000,000,000 | ---D | M] -- C:\ProgramData\Malwarebytes
[2012.11.23 10:13:37 | 000,000,000 | --SD | M] -- C:\ProgramData\Microsoft
[2012.10.13 10:33:29 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft Help
[2012.06.20 09:59:02 | 000,000,000 | ---D | M] -- C:\ProgramData\Mozilla
[2012.07.31 20:48:54 | 000,000,000 | ---D | M] -- C:\ProgramData\Nokia
[2012.07.31 20:48:05 | 000,000,000 | ---D | M] -- C:\ProgramData\NokiaInstallerCache
[2011.06.23 19:49:18 | 000,000,000 | ---D | M] -- C:\ProgramData\NTRU Cryptosystems
[2012.07.31 20:49:27 | 000,000,000 | ---D | M] -- C:\ProgramData\PC Suite
[2012.08.26 18:30:42 | 000,000,000 | ---D | M] -- C:\ProgramData\Real
[2012.11.13 13:14:02 | 000,000,000 | ---D | M] -- C:\ProgramData\SFlash
[2012.08.04 08:45:46 | 000,000,000 | ---D | M] -- C:\ProgramData\Skype
[2012.11.19 15:37:12 | 000,000,000 | ---D | M] -- C:\ProgramData\Sophos
[2012.11.24 01:04:20 | 000,000,000 | ---D | M] -- C:\ProgramData\Spybot - Search & Destroy
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2011.06.28 11:42:27 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2011.06.23 19:44:00 | 000,000,000 | ---D | M] -- C:\ProgramData\Sun
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2012.02.22 10:42:28 | 000,000,000 | ---D | M] -- C:\ProgramData\Vodafone
[2011.06.28 11:42:27 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2011.06.23 19:53:49 | 000,000,000 | ---D | M] -- C:\ProgramData\Wave Systems Corp
[2012.07.14 20:13:13 | 000,000,000 | ---D | M] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
 
< %allusersprofile%\*.* >
[2012.06.20 10:44:45 | 000,002,208 | RHS- | M] () -- C:\ProgramData\ntuser.pol

< End of report >
         
Extras:
Code:
ATTFilter
OTL Extras logfile created on: 24.11.2012 10:32:53 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = d:\benutzer\DailyDose\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,88 Gb Total Physical Memory | 5,89 Gb Available Physical Memory | 74,70% Memory free
15,77 Gb Paging File | 13,61 Gb Available in Paging File | 86,30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 59,95 Gb Total Space | 19,88 Gb Free Space | 33,16% Space Free | Partition Type: NTFS
Drive D: | 58,52 Gb Total Space | 48,18 Gb Free Space | 82,33% Space Free | Partition Type: NTFS
 
Computer Name: P1275 | User Name: DailyDose | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"" = 
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{051C9F50-9EDD-4DF6-BB6D-A3B50BC8B6E5}" = lport=137 | protocol=17 | dir=in | app=system | 
"{06811611-4E17-4813-974E-5A47E0D38100}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{218446C7-1E29-42FE-B51E-96D307EA9EAA}" = lport=138 | protocol=17 | dir=in | app=system | 
"{30CDD2E9-B083-473E-A0EE-ACB3D1806A4A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{41C2473A-DD86-4CFB-AEFB-547B38610D1A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{4FA6C55D-AE73-4942-9C7D-69F97394B300}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{503555BB-543E-4322-BB97-A0F1F2398CCB}" = lport=445 | protocol=6 | dir=in | app=system | 
"{6F6BBB5C-9127-4311-B8D1-D72E156B21AB}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{76BF1C4B-CD18-447C-9337-ED2840211FDF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{97877BB8-E89C-421B-B686-184FF90283CB}" = lport=139 | protocol=6 | dir=in | app=system | 
"{AD16DD12-8082-47B3-8228-59464BCE2A23}" = rport=138 | protocol=17 | dir=out | app=system | 
"{C5EE2ABE-E641-49D1-BDDB-E3DC52E24C43}" = rport=137 | protocol=17 | dir=out | app=system | 
"{C7BE1FE4-1A46-4896-9442-4DF37F67784A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{D6F44192-5580-47C4-B2F6-BAC5F59544BD}" = rport=139 | protocol=6 | dir=out | app=system | 
"{E527BBB1-C6C4-4CBA-96F0-9C3B0AD99D45}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{F9C5D6C4-EA18-4CD9-A82F-7D9548DBFC3E}" = rport=445 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04149250-B4E5-4C9E-8FFC-53AD7E8507BA}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{05905DA8-5E9C-401C-9C31-27204EABDCE4}" = dir=in | app=c:\program files (x86)\samsung\allshare\allshare.exe | 
"{0AFAB201-1A43-4021-BBBB-8F5332A22E5E}" = dir=in | app=c:\program files (x86)\samsung\allshare\allsharedms\allsharedms.exe | 
"{17DEABE2-6A2A-4890-BCA0-B401F481B2CA}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{37B8E21F-1D71-4714-A104-1FCAE6FE37D5}" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe | 
"{4B0B3ABB-0B9C-448F-B491-06E89E8D7965}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{4C6011F2-DE9F-4B06-BD51-17D48F0522DC}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{4DBB64EC-28E2-4E83-953A-46A56D9C597F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{5EDC1386-4C48-43F7-80A1-675802B09BD5}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"{75A85B26-CFA5-4531-90B0-E7E9328500A5}" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe | 
"{800BAECD-D0F9-4456-8DE2-C91D43C823A6}" = dir=in | app=c:\program files (x86)\samsung\allshare\allshareagent.exe | 
"{864E1CF7-AE6A-4F47-B968-947CD4067DB5}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe | 
"{8971D633-8EF2-4681-8530-07DA31BC37D3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{A3C52D44-B49C-424A-A3AB-D96E628EB047}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"{A60A2B87-0D32-43BF-AA65-357B79512C8F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{A96893EA-6D4F-4BAF-96AA-E080F40C7830}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{AADE7A65-E549-4F7A-875B-5DE653706428}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"{B10A8CD9-94F7-46C6-807D-C048D937BD2D}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | 
"{B8602F01-7B14-4EAE-BD74-21BC3E20B1F9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{BDDBB28C-57B5-4738-93DA-E05CA1947230}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{D8BCFC13-5FC1-4739-A4E2-A92E02AEC117}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{E01B6FCF-963C-4FC4-8052-5503E007E56C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{E0A72312-9A08-4DAF-84C5-7EC7D428F5B8}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"{E2284230-8E92-4E23-813E-3E42F9848542}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{F73EDF71-B8E7-413A-8B58-57C69A53A9EC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"TCP Query User{0B7DDD35-EAF2-40E3-AB1F-27274B7948C7}D:\nwds 7.3\eclipse\sapnetweaverdeveloperstudio.exe" = protocol=6 | dir=in | app=d:\nwds 7.3\eclipse\sapnetweaverdeveloperstudio.exe | 
"TCP Query User{32D4C93E-48D5-4014-8A76-BA94B3B5AF32}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"TCP Query User{33F8A5F9-CB90-4E36-8895-DCBA96547F84}C:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe | 
"TCP Query User{513919BE-36FC-40D2-8F3B-68EB0FAB0AE7}D:\benutzer\DailyDose\appdata\roaming\aqoqlo\nyuq.exe" = protocol=6 | dir=in | app=d:\benutzer\DailyDose\appdata\roaming\aqoqlo\nyuq.exe | 
"TCP Query User{CC64E60B-8725-4E86-BCAF-F7A4A462B67B}D:\nwds 7.3\eclipse\sapnetweaverdeveloperstudio.exe" = protocol=6 | dir=in | app=d:\nwds 7.3\eclipse\sapnetweaverdeveloperstudio.exe | 
"TCP Query User{D260B910-D709-4897-82F0-F447BECA5F0C}C:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe | 
"UDP Query User{1C35AA58-82F4-46E5-9E87-28CF2F6A489C}D:\nwds 7.3\eclipse\sapnetweaverdeveloperstudio.exe" = protocol=17 | dir=in | app=d:\nwds 7.3\eclipse\sapnetweaverdeveloperstudio.exe | 
"UDP Query User{36B3B263-D059-4B99-A1F5-F845A9F299CE}C:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe | 
"UDP Query User{3772CC24-27E4-4CDE-AD20-16803E62898A}D:\nwds 7.3\eclipse\sapnetweaverdeveloperstudio.exe" = protocol=17 | dir=in | app=d:\nwds 7.3\eclipse\sapnetweaverdeveloperstudio.exe | 
"UDP Query User{37C15551-215E-4337-93EA-718E2357EC39}C:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe | 
"UDP Query User{60673E00-2D3D-4395-B664-871E3499AFBE}D:\benutzer\DailyDose\appdata\roaming\aqoqlo\nyuq.exe" = protocol=17 | dir=in | app=d:\benutzer\DailyDose\appdata\roaming\aqoqlo\nyuq.exe | 
"UDP Query User{6141B2A0-2DAF-4833-89AF-916E62EB3BEC}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software Installer
"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"{1111706F-666A-4037-7777-211648764D10}" = JavaFX 2.1.1 (64-bit)
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{2222706F-666A-4037-7777-211648764D10}" = JavaFX 2.1.1 SDK (64-bit)
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java(TM) 6 Update 24 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java(TM) 7 Update 5 (64-bit)
"{2EECD5EF-5095-467C-B80C-4AB3096EFD60}" = SPBA 5.9
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
"{3DCDFCDB-4D96-4CF0-9BB3-C91DAE9073F3}" = PC-CCID
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{4E60E212-3177-4B16-BCB3-616CCC52357D}" = Upek Touchchip Fingerprint Reader
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{64A3A4F4-B792-11D6-A78A-00B0D0170000}" = Java(TM) SE Development Kit 7 (64-bit)
"{64A3A4F4-B792-11D6-A78A-00B0D0170050}" = Java SE Development Kit 7 Update 5 (64-bit)
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6AC87FB3-ACFC-4416-890C-8976D5A9B371}" = Trusted Drive Manager
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7206B668-FEE0-455B-BB1F-9B5A2E0EC94A}" = Custom
"{75E0B85A-085F-4BA3-B2BF-1995AFD8024D}" = NTRU TCG Software Stack
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A6B4FE2-7CC4-4DAC-BC68-D9E170B758FD}" = Dell ControlVault Host Components Installer 64 bit
"{8C9B6B1F-0A8E-402A-A60C-110BBB38D67E}" = Intel(R) Network Connections 15.7.176.1
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{91CE5F03-3A2A-4268-935A-04944F058AE9}" = Gemalto
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DAED4FC-2B0E-4F3F-8141-F2ABF02CCFCB}" = BioAPI Framework
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Data Protection | Access
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"{F52ABC1D-5EA4-4FDD-8E5F-CA31428570C0}" = Wave Infrastructure Installer
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F839C6BD-E92E-48FA-9CE6-7BFAF94F7096}" = DellAccess
"{FDF509ED-9624-4FDE-9BAA-9566C186AB96}" = Dell System Manager
"9512AA21B791B05A54E27065C45BBC417AB282DF" = Windows-Treiberpaket - Dell Inc. PBADRV System  (09/11/2009 1.0.1.6)
"DW WLAN Card Utility" = DW WLAN Card Utility
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"GIMP-2_is1" = GIMP 2.8.0
"GPL Ghostscript 9.05" = GPL Ghostscript
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Nightly 19.0a1 (x64 en-US)" = Nightly 19.0a1 (x64 en-US)
"PROSetDX" = Intel(R) Network Connections 15.7.176.1
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{013FA6FF-9BDA-4FFF-A4E6-B7EA5C6505CF}" = WoLoSoft CopyPath
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BA13348-6283-69B1-FC00-77C8FB034FD5}" = Chatter Desktop
"{0CB3B7EE-52C7-4136-AF40-605567D90318}" = O2Micro Flash Memory Card Windows Driver
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{23EEC842-57ED-4055-A056-9D4185DFB1AA}" = Dell Mobile Broadband Manager
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2C43790E-8470-1027-82D3-DF319F3C410F}" = Intel(R) Identity Protection Technology 1.0.71.0
"{32A3A4F4-B792-11D6-A78A-00B0D0160310}" = Java(TM) SE Development Kit 6 Update 31
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E4E65EE-C456-45AC-B5AD-C62C3A325BD0}" = Dell Data Protection | Access | Drivers
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}" = ICQ7M
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7964AE02-9127-42C0-A917-2CE4CD4EFE3B}" = Nokia Suite
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841CBDD5-4BB5-403E-AEE3-2FADC3890BE8}" = Dell Data Protection | Access | Middleware
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_SMALLBUSINESS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_SMALLBUSINESS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_SMALLBUSINESS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_SMALLBUSINESS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_SMALLBUSINESS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_SMALLBUSINESS_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_SMALLBUSINESS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_SMALLBUSINESS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_SMALLBUSINESS_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_SMALLBUSINESS_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_SMALLBUSINESS_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_SMALLBUSINESS_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00CA-0000-0000-0000000FF1CE}" = Microsoft Office Small Business 2007
"{90120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-004E-0407-0000-0000000FF1CE}" = Microsoft Outlook Connector für soziale Netzerker 32-Bit
"{95140000-007C-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Facebook 32-bit
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}" = Sophos Anti-Virus
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9D583F01-A973-4B04-90BD-FB7886779090}" = Dell Wireless HSPA Mini-Card Drivers
"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7D91856-258D-4C87-8041-B170851CE432}" = Dell Data Protection | Access
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B829E117-D072-41EA-9606-9826A38D34C1}" = Sophos Virus Removal Tool
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA5B2BDC-F654-4A88-A669-4D34BC7846A1}" = PC Connectivity Solution
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FED1005D-CBC8-45D5-A288-FFC7BB304121}" = Sophos Remote Management System
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"Dell Webcam Central" = Dell Webcam Central
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.26.706
"FreePDF_XP" = FreePDF (Remove only)
"InstallShield_{0CB3B7EE-52C7-4136-AF40-605567D90318}" = O2Micro Flash Memory Card Windows Driver
"IrfanView" = IrfanView (remove only)
"LinkedIn Outlook Connector" = LinkedIn Outlook Connector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Nokia Suite" = Nokia Suite
"Notepad++" = Notepad++
"OpenVPN" = OpenVPN 2.2.0
"RealPlayer 15.0" = RealPlayer
"SAPBI" = SAP Business Explorer
"SAPGUI710" = SAP GUI for Windows 7.20
"sfdc-desktop.0E7F0072024938CDBA99B20C38B5F315254C2A5B.1" = Chatter Desktop
"SMALLBUSINESS" = Microsoft Office Small Business 2007
"SopCast" = SopCast 3.5.0
"VLC media player" = VLC media player 2.0.2
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"XING Connector" = XING Connector 1.2
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1766616536-2676184462-1655401747-6430\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 23.11.2012 15:06:24 | Computer Name = P1275.DailyDoseDomain.local | Source = Sophos Message Router | ID = 8005
Description = DNS Lookup schlug bei Auflösung folgender Adressen fehl: sv076,sv076.DailyDoseDomain.local.%3
 
Error - 23.11.2012 20:14:18 | Computer Name = P1275.DailyDoseDomain.local | Source = WinMgmt | ID = 10
Description = 
 
Error - 23.11.2012 20:19:58 | Computer Name = P1275.DailyDoseDomain.local | Source = WinMgmt | ID = 10
Description = 
 
Error - 23.11.2012 20:23:39 | Computer Name = P1275.DailyDoseDomain.local | Source = Sophos Message Router | ID = 8005
Description = DNS Lookup schlug bei Auflösung folgender Adressen fehl: sv076,sv076.DailyDoseDomain.local.%3
 
[ Broadcom Wireless LAN Events ]
Error - 26.07.2012 07:54:49 | Computer Name = P1275.DailyDoseDomain.local | Source = WLAN-Tray | ID = 0
Description = 13:54:49, Thu, Jul 26, 12 Error - Unable to set enhanced country code

 
[ System Events ]
Error - 23.11.2012 20:12:35 | Computer Name = P1275.DailyDoseDomain.local | Source = Service Control Manager | ID = 7001
Description = Der Dienst "NTRU TSS v1.2.1.34 TCS" ist vom Dienst "TPM-Basisdienste"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%0
 
Error - 23.11.2012 20:12:40 | Computer Name = P1275.DailyDoseDomain.local | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom  vflt
 
Error - 23.11.2012 20:13:03 | Computer Name = P1275.DailyDoseDomain.local | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender 
Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann
 eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn
 die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde 
und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere 
Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.
 
Error - 23.11.2012 20:13:25 | Computer Name = P1275.DailyDoseDomain.local | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender 
Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann
 eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn
 die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde 
und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere 
Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.
 
Error - 23.11.2012 20:18:13 | Computer Name = P1275.DailyDoseDomain.local | Source = NETLOGON | ID = 5719
Description = Der Computer konnte eine sichere Sitzung mit einem  Domänencontroller
 in der Domäne DailyDoseDomain aufgrund der folgenden  Ursache nicht einrichten:   %%1311

Dies
 kann zu Authentifizierungsproblemen führen. Stellen  Sie sicher, dass der Computer
 mit dem Netzwerk verbunden ist.  Wenden Sie sich an den Domänenadministrator, wenn
 das Problem  weiterhin besteht.        ZUSÄTZLICHE INFORMATIONEN    Wenn dieser Computer ein 
Domänencontroller der bestimmten  Domäne ist, wird eine sichere Sitzung zum primären
Domänencontrolleremulator
 in der bestimmten Domäne eingerichtet.  Andernfalls richtet dieser Computer eine 
sichere Sitzung zu  einem beliebigen Domänencontroller in der bestimmten Domäne ein.
 
Error - 23.11.2012 20:18:13 | Computer Name = P1275.DailyDoseDomain.local | Source = Service Control Manager | ID = 7001
Description = Der Dienst "NTRU TSS v1.2.1.34 TCS" ist vom Dienst "TPM-Basisdienste"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%0
 
Error - 23.11.2012 20:18:17 | Computer Name = P1275.DailyDoseDomain.local | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom  vflt
 
Error - 23.11.2012 20:18:40 | Computer Name = P1275.DailyDoseDomain.local | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender 
Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann
 eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn
 die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde 
und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere 
Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.
 
Error - 23.11.2012 20:19:05 | Computer Name = P1275.DailyDoseDomain.local | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender 
Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann
 eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn
 die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde 
und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere 
Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.
 
Error - 24.11.2012 05:24:45 | Computer Name = P1275.DailyDoseDomain.local | Source = NETLOGON | ID = 5719
Description = Der Computer konnte eine sichere Sitzung mit einem  Domänencontroller
 in der Domäne DailyDoseDomain aufgrund der folgenden  Ursache nicht einrichten:   %%1311

Dies
 kann zu Authentifizierungsproblemen führen. Stellen  Sie sicher, dass der Computer
 mit dem Netzwerk verbunden ist.  Wenden Sie sich an den Domänenadministrator, wenn
 das Problem  weiterhin besteht.        ZUSÄTZLICHE INFORMATIONEN    Wenn dieser Computer ein 
Domänencontroller der bestimmten  Domäne ist, wird eine sichere Sitzung zum primären
Domänencontrolleremulator
 in der bestimmten Domäne eingerichtet.  Andernfalls richtet dieser Computer eine 
sichere Sitzung zu  einem beliebigen Domänencontroller in der bestimmten Domäne ein.
 
 
< End of report >
         
Hinweis: Benutzername durch "DailyDose" und Domäne durch "DailyDoseDomain" ersetzt

Alt 24.11.2012, 09:52   #8
ryder
/// TB-Ausbilder
 
Sophos meldet im Speicher: Troj/ZbotMem-B - Standard

Sophos meldet im Speicher: Troj/ZbotMem-B



Zwischenfrage: Ist das ein gewerblich genutzter Computer?
__________________
Digitale Freibeuter gegen Malware!
Keine Hilfe per PM!

Alt 24.11.2012, 09:55   #9
DailyDose
 
Sophos meldet im Speicher: Troj/ZbotMem-B - Standard

Sophos meldet im Speicher: Troj/ZbotMem-B



ja, wird hauptsächlich gewerblich genutzt. Kann aber auch privat genutzt werden.

Alt 24.11.2012, 10:17   #10
ryder
/// TB-Ausbilder
 
Sophos meldet im Speicher: Troj/ZbotMem-B - Standard

Sophos meldet im Speicher: Troj/ZbotMem-B



Für uns gilt:

Zitat:
Grundsätzlich bereinigen wir keine gewerblich genutzen Rechner. Dafür ist die IT Abteilung eurer Firma zuständig.
__________________
Digitale Freibeuter gegen Malware!
Keine Hilfe per PM!

Alt 27.11.2012, 18:22   #11
ryder
/// TB-Ausbilder
 
Sophos meldet im Speicher: Troj/ZbotMem-B - Standard

Sophos meldet im Speicher: Troj/ZbotMem-B



Fehlende Rückmeldung
Dieses Thema wurde aus den Abos gelöscht. Somit bekomm ich keine Benachrichtigung über neue Antworten.
PM an mich falls Du denoch weiter machen willst.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen
__________________
Digitale Freibeuter gegen Malware!
Keine Hilfe per PM!

Antwort

Themen zu Sophos meldet im Speicher: Troj/ZbotMem-B
7-zip, administrator, anti-malware, antivirus, autostart, bösartige, dateien, enigma, explorer, google, gruppe, install.exe, installiert, malwarebytes, manuell, melde, meldet, minute, monitor.exe, mozilla, nichts, office 2007, performer, registrierung, scan, sekunden, service, sophos, speicher, trojaner, version, weiteres, youtube downloader, zbot trojaner, zbotmem-b, zitat



Ähnliche Themen: Sophos meldet im Speicher: Troj/ZbotMem-B


  1. Win 7: Sophos meldet "Troj/Miner-AB"
    Log-Analyse und Auswertung - 30.06.2015 (14)
  2. Troj/ZbotMem-B
    Plagegeister aller Art und deren Bekämpfung - 04.01.2015 (13)
  3. Windows 7: Troj/ZbotMem-B Befall?
    Log-Analyse und Auswertung - 04.01.2015 (17)
  4. Windows 7: Sophos meldet PUA in $Recycle.Bin
    Plagegeister aller Art und deren Bekämpfung - 03.09.2014 (9)
  5. Website meldet Threat von Sophos erkannt!
    Plagegeister aller Art und deren Bekämpfung - 05.02.2014 (17)
  6. Troj/ZbotMem-B fund von Sophos, manuelle Reinigung erforderlich / Windows 7
    Log-Analyse und Auswertung - 15.12.2013 (11)
  7. troj/zbotmem-b in der Sophos Quarantaene und nur manuell zu bereinigen
    Log-Analyse und Auswertung - 28.11.2013 (23)
  8. Sophosmeldung: Troj/ZbotMem-B im Memory
    Log-Analyse und Auswertung - 08.08.2013 (31)
  9. [Sophos] Troj/Zbot-Dhn // C:\User\*Name*\AppData\Roaming\execue.exe
    Plagegeister aller Art und deren Bekämpfung - 17.03.2013 (9)
  10. Troj/ZbotMem-B, Sophos Quarantäne-Manager fordert manuelle Bereinigung
    Log-Analyse und Auswertung - 06.02.2013 (3)
  11. Troj/ZbotMem-B // gefunden mit Sophos
    Plagegeister aller Art und deren Bekämpfung - 28.12.2012 (13)
  12. Habe ich Troj/zbotmem-b vollständig entfernt?
    Plagegeister aller Art und deren Bekämpfung - 07.11.2012 (1)
  13. Troj/ZbotMem-B bei Scan entdeckt, nach Sophos Meldung HIPS/RegMod-014 - Was tun?
    Plagegeister aller Art und deren Bekämpfung - 24.08.2012 (16)
  14. Troj/ExpJS-EG / Troj/ZbotMem-B / Trojan.Phex.THAGen6 - BA-BA-BA-BA-BANKÜBERFALL 2012
    Plagegeister aller Art und deren Bekämpfung - 19.08.2012 (19)
  15. Sophos hat Troj/Java-CN und Mal/Generic-L gefunden
    Log-Analyse und Auswertung - 21.04.2012 (27)
  16. Trojaner Troj/ZbotMem-B Zugriff auf Bankendaten - wie bereinigen?
    Log-Analyse und Auswertung - 10.08.2011 (6)
  17. Troj/Inor-Fam wird von Sophos gemeldet
    Plagegeister aller Art und deren Bekämpfung - 10.03.2011 (1)

Zum Thema Sophos meldet im Speicher: Troj/ZbotMem-B - Hallo, nachdem ich mein Sophos Antivirus auf Version 10.0 upgedatet habe, habe ich einen Scan gestartet. Dabei ist gleich nach wenigen Sekunden im Speicher der Troj/ZbotMem-B gefunden worden. Bereinigen usw. - Sophos meldet im Speicher: Troj/ZbotMem-B...
Archiv
Du betrachtest: Sophos meldet im Speicher: Troj/ZbotMem-B auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.