| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Troj/ZbotMem-B bei Scan entdeckt, nach Sophos Meldung HIPS/RegMod-014 - Was tun?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
15.08.2012, 11:49
| #1 |
| |  Troj/ZbotMem-B bei Scan entdeckt, nach Sophos Meldung HIPS/RegMod-014 - Was tun? Guten Tag, ich habe nicht viel Erfahrung mit Trojanern, etc. Beim Surfen durchs Internet und Arbeiten am Laptop kam die Meldung: HIPS/RegMod-014 von "Sophos Endpoint Security and Control" an der Taskleiste was angeblich auf "Verdächtiges Verhalten und verdächtige Dateien" (Sophos.com, 2012) - ein Wegklicken war nicht möglich, darum habe ich mit Sophos einen Scan durchgeführt und dieses hat den Troj/ZbotMem-B in die Quarantäne verbannt, wo er auch noch verweilt. Wie kann ich diesen Trojaner eleminieren? Es eilt nämlich :-( Bachelorarbeit und so -.- [Sophos.com, 2012: hxxp://www.sophos.com/de-de/threat-center/threat-analyses/suspicious-behavior-and-files/HIPS~RegMod-014.aspx] Wie in der Anleitung gefordert: Win 7 - 64 bit Version - kein GMER 1) Defogger: keine Fehlermeldung, keine Aufforderung zum Neustart 2) OTL Logs 2.1. OTL TXT OTL Logfile: Code:
ATTFilter OTL logfile created on: 8/15/2012 12:10:40 PM - Run 1 OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Thomas\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.86 Gb Total Physical Memory | 2.72 Gb Available Physical Memory | 70.28% Memory free 7.73 Gb Paging File | 5.73 Gb Available in Paging File | 74.15% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 93.92 Gb Total Space | 18.59 Gb Free Space | 19.79% Space Free | Partition Type: NTFS Drive D: | 100.00 Gb Total Space | 76.13 Gb Free Space | 76.13% Space Free | Partition Type: NTFS Drive F: | 100.00 Gb Total Space | 96.66 Gb Free Space | 96.66% Space Free | Partition Type: NTFS Drive G: | 152.27 Gb Total Space | 9.63 Gb Free Space | 6.32% Space Free | Partition Type: NTFS Computer Name: THOMAS-PC | User Name: Thomas | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/08/15 12:07:10 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Thomas\Desktop\OTL.exe PRC - [2012/08/08 15:27:42 | 000,900,160 | ---- | M] (Sophos Limited) -- D:\Sophos Antivir\Sophos\AutoUpdate\ALMon.exe PRC - [2012/08/08 15:27:41 | 000,232,512 | ---- | M] (Sophos Limited) -- D:\Sophos Antivir\Sophos\AutoUpdate\ALsvc.exe PRC - [2012/08/08 15:27:31 | 002,863,168 | ---- | M] (Sophos Limited) -- D:\Sophos Antivir\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe PRC - [2012/08/08 15:27:29 | 000,216,640 | ---- | M] (Sophos Limited) -- D:\Sophos Antivir\Sophos\Sophos Anti-Virus\SAVAdminService.exe PRC - [2012/07/09 13:30:23 | 000,139,840 | ---- | M] (Sophos Limited) -- D:\Sophos Antivir\Sophos\Sophos Anti-Virus\SavService.exe PRC - [2012/05/15 12:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012/05/15 12:48:00 | 001,024,320 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe PRC - [2012/05/09 18:52:36 | 000,357,400 | ---- | M] (Sophos Limited) -- D:\Sophos Antivir\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe PRC - [2011/12/20 15:52:04 | 002,783,312 | ---- | M] (Samsung Electronics) -- C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe PRC - [2011/09/04 12:45:26 | 003,398,736 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe PRC - [2011/08/10 20:39:54 | 003,077,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe PRC - [2010/11/19 11:39:39 | 000,314,369 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Oxuco\ikacc.exe PRC - [2010/08/19 10:22:36 | 000,775,336 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe PRC - [2010/08/11 09:34:40 | 004,384,560 | ---- | M] (SEC) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe PRC - [2010/08/09 11:22:24 | 000,862,064 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe PRC - [2010/07/21 14:46:30 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe PRC - [2010/06/08 05:15:42 | 000,618,496 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe PRC - [2010/02/24 21:14:26 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe PRC - [2010/02/10 16:29:52 | 000,719,360 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe PRC - [2010/02/04 00:19:52 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010/02/04 00:19:48 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2009/11/02 07:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe PRC - [2009/07/20 05:00:00 | 000,077,824 | ---- | M] () -- D:\Logitech MX Anywhere\SetPoint\x86\SetPoint32.exe PRC - [2009/07/06 07:22:04 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe PRC - [2009/01/30 13:41:45 | 000,503,808 | ---- | M] () -- C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe PRC - [1998/08/23 09:03:08 | 000,516,608 | ---- | M] (Fred's Software) -- C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Printkey.exe ========== Modules (No Company Name) ========== MOD - [2011/08/10 20:39:54 | 003,077,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe MOD - [2010/07/05 12:42:58 | 000,203,776 | ---- | M] () -- C:\Program Files (x86)\Samsung\Movie Color Enhancer\WinCRT.dll MOD - [2010/06/08 05:15:42 | 000,618,496 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe MOD - [2010/05/07 16:22:18 | 001,636,864 | ---- | M] () -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll MOD - [2009/11/02 07:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll MOD - [2009/11/02 07:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll MOD - [2009/07/20 05:00:00 | 000,077,824 | ---- | M] () -- D:\Logitech MX Anywhere\SetPoint\x86\SetPoint32.exe MOD - [2009/01/30 13:41:45 | 000,503,808 | ---- | M] () -- C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe MOD - [2008/06/26 04:46:07 | 001,384,520 | ---- | M] () -- C:\Windows\twain_32\Samsung\CLX3170\SSOle.dll MOD - [2008/06/26 04:45:14 | 000,367,104 | ---- | M] () -- C:\Windows\twain_32\Samsung\CLX3170\NetModule.dll MOD - [2008/06/26 04:45:06 | 000,155,648 | ---- | M] () -- C:\Windows\twain_32\Samsung\CLX3170\IMFilter.dll MOD - [2006/08/12 05:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010/08/09 21:04:12 | 000,166,704 | ---- | M] (Samsung Electronics CO., LTD.) [On_Demand | Stopped] -- C:\Windows\SysNative\SUPDSvc.exe -- (Samsung UPD Service) SRV:64bit: - [2010/07/21 14:46:28 | 000,951,584 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV:64bit: - [2010/04/16 17:07:42 | 000,134,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) SRV:64bit: - [2009/07/20 13:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2012/08/15 00:04:07 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/08/08 15:27:41 | 000,232,512 | ---- | M] (Sophos Limited) [Auto | Running] -- D:\Sophos Antivir\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service) SRV - [2012/08/08 15:27:31 | 002,863,168 | ---- | M] (Sophos Limited) [Auto | Running] -- D:\Sophos Antivir\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe -- (swi_service) SRV - [2012/08/08 15:27:29 | 000,216,640 | ---- | M] (Sophos Limited) [Auto | Running] -- D:\Sophos Antivir\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService) SRV - [2012/08/08 15:27:25 | 002,009,152 | ---- | M] (Sophos Limited) [Auto | Stopped] -- C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe -- (swi_update_64) SRV - [2012/07/20 22:48:21 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/07/09 13:30:23 | 000,139,840 | ---- | M] (Sophos Limited) [Auto | Running] -- D:\Sophos Antivir\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService) SRV - [2012/05/15 12:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012/05/09 18:52:36 | 000,357,400 | ---- | M] (Sophos Limited) [Auto | Running] -- D:\Sophos Antivir\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe -- (Sophos Web Control Service) SRV - [2010/12/08 15:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/02/04 00:19:52 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010/02/04 00:19:48 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2006/11/10 19:18:02 | 000,774,144 | ---- | M] (Nero AG) [On_Demand | Stopped] -- D:\Nero Bruning\Nero 7\Nero BackItUp\NBService.exe -- (NBService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/05/09 18:52:34 | 000,144,672 | ---- | M] (Sophos Limited) [File_System | System | Running] -- C:\Windows\SysNative\drivers\savonaccess.sys -- (SAVOnAccess) DRV:64bit: - [2012/04/18 19:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/12/28 22:41:52 | 000,207,656 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2011/12/08 12:46:59 | 000,036,640 | ---- | M] (Sophos Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdcfilter.sys -- (sdcfilter) DRV:64bit: - [2011/07/05 12:55:30 | 004,745,280 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/10/08 16:52:38 | 000,144,784 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp) DRV:64bit: - [2010/07/20 08:26:42 | 000,102,952 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2010/07/20 08:26:38 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2010/07/20 08:26:34 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2010/07/14 01:25:38 | 000,344,616 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl) DRV:64bit: - [2010/07/08 10:28:46 | 000,401,696 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2010/06/14 20:42:32 | 000,025,608 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\SophosBootDriver.sys -- (SophosBootDriver) DRV:64bit: - [2010/04/28 09:57:50 | 000,061,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2010/04/27 19:30:52 | 000,184,968 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010/04/27 19:29:54 | 000,083,080 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2010/04/27 09:57:04 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010/04/16 17:07:28 | 000,013,832 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB) DRV:64bit: - [2010/03/02 09:37:40 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2010/02/27 02:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2009/09/17 22:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009/06/17 18:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2009/06/17 18:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2009/06/17 18:54:14 | 000,013,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd) DRV:64bit: - [2009/06/17 18:54:06 | 000,074,256 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb) DRV:64bit: - [2009/06/10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009/06/10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/28 08:38:04 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI) DRV:64bit: - [2009/04/29 17:28:30 | 000,030,208 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER) DRV:64bit: - [2008/08/28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd) DRV:64bit: - [2007/10/22 08:58:43 | 000,011,576 | R--- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.sys -- (SSPORT) DRV:64bit: - [2007/10/22 08:55:45 | 000,054,072 | R--- | M] (Samsung Electronics) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\DgivEcp.sys -- (DgiVecp) DRV - [2010/10/06 12:33:56 | 000,015,144 | ---- | M] (Windows (R) 2003 DDK 3790 provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\rtport.sys -- (rtport) DRV - [2010/02/24 04:14:22 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/09/08 11:21:37] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl -- ({B154377D-700F-42cc-9474-23858FBDF4BD}) DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung.msn.com IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.zfn.uni-bremen.de:3128 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.99 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..network.proxy.http: "proxy.zfn.uni-bremen.de" FF - prefs.js..network.proxy.http_port: 3128 FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: D:\Amazon Alben Download-Tool\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/20 22:48:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/05/22 09:39:52 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/20 22:48:22 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/05/22 09:39:52 | 000,000,000 | ---D | M] [2011/06/03 00:53:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\Extensions [2011/06/03 00:53:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2012/05/02 19:31:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\5vai12fs.default\extensions [2011/02/14 11:06:02 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\5vai12fs.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2011/05/07 20:26:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\5vai12fs.default\extensions\nostmp [2012/05/06 09:08:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/07/20 22:48:22 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/04/01 08:15:50 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011/10/31 09:28:45 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011/10/31 09:28:45 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011/10/31 09:28:45 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011/10/31 09:28:45 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011/10/31 09:28:45 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011/10/31 09:28:45 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (W2PBrowser Class) - {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll () O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [3170 Scan2PC] C:\Windows\Twain_32\Samsung\CLX3170\Scan2pc.exe () O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe () O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] D:\Sophos Antivir\Sophos\AutoUpdate\ALMon.exe (Sophos Limited) O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () O4 - HKCU..\Run: [TomTomHOME.exe] "D:\TomTomHome\TomTom HOME 2\TomTomHOMERunner.exe" File not found O4 - Startup: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Thomas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk = D:\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) O4 - Startup: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Printkey.exe (Fred's Software) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8:64bit: - Extra context menu item: SmarThru4 Als HTML speichern - C:\Program Files (x86)\SmarThru 4\WEBCapture.dll1.htm () O8:64bit: - Extra context menu item: SmarThru4 Auswahl erfassen - C:\Program Files (x86)\SmarThru 4\WEBCapture.dll2.htm () O8:64bit: - Extra context menu item: SmarThru4 Capture Selection - C:\Program Files (x86)\SmarThru 4\x64\WEBCapture.dll2.htm () O8:64bit: - Extra context menu item: SmarThru4 Markierten Text speichern - C:\Program Files (x86)\SmarThru 4\WEBCapture.dll.htm () O8:64bit: - Extra context menu item: SmarThru4 Save as HTML - C:\Program Files (x86)\SmarThru 4\x64\WEBCapture.dll1.htm () O8:64bit: - Extra context menu item: SmarThru4 Save Selected Text - C:\Program Files (x86)\SmarThru 4\x64\WEBCapture.dll.htm () O8:64bit: - Extra context menu item: SmarThru4 Web Capture - C:\Program Files (x86)\SmarThru 4\WebCapture.dll () O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: SmarThru4 Als HTML speichern - C:\Program Files (x86)\SmarThru 4\WEBCapture.dll1.htm () O8 - Extra context menu item: SmarThru4 Auswahl erfassen - C:\Program Files (x86)\SmarThru 4\WEBCapture.dll2.htm () O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Program Files (x86)\SmarThru 4\x64\WEBCapture.dll2.htm () O8 - Extra context menu item: SmarThru4 Markierten Text speichern - C:\Program Files (x86)\SmarThru 4\WEBCapture.dll.htm () O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Program Files (x86)\SmarThru 4\x64\WEBCapture.dll1.htm () O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Program Files (x86)\SmarThru 4\x64\WEBCapture.dll.htm () O8 - Extra context menu item: SmarThru4 Web Capture - C:\Program Files (x86)\SmarThru 4\WebCapture.dll () O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Samsung AnyWeb Print - {328ECD19-C167-40eb-A0C7-16FE7634105E} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll () O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F3142175-1106-47E9-9C3F-443F07C1B1FC}: NameServer = 134.102.20.20 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O20:64bit: - AppInit_DLLs: (D:\SOPHOS~1\Sophos\SOPHOS~1\SOPHOS~2.DLL) - D:\Sophos Antivir\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll (Sophos Limited) O20 - AppInit_DLLs: (D:\SOPHOS~1\Sophos\SOPHOS~1\SOPHOS~1.DLL) - D:\Sophos Antivir\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Limited) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/08/15 12:07:05 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Thomas\Desktop\OTL.exe [2012/07/29 18:22:05 | 000,000,000 | ---D | C] -- C:\Users\Thomas\Documents\Amazon MP3 [2012/07/29 18:22:05 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\Amazon [2012/07/29 18:19:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon ========== Files - Modified Within 30 Days ========== [2012/08/15 12:07:10 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Thomas\Desktop\OTL.exe [2012/08/15 12:06:31 | 000,000,000 | ---- | M] () -- C:\Users\Thomas\defogger_reenable [2012/08/15 12:04:45 | 000,050,477 | ---- | M] () -- C:\Users\Thomas\Desktop\Defogger.exe [2012/08/15 12:04:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/08/15 11:01:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/08/15 01:45:50 | 000,245,284 | ---- | M] () -- C:\Users\Thomas\Desktop\wegweiser_zum_einklagen_auf_einen_studienplatz.pdf [2012/08/13 11:48:39 | 001,026,732 | ---- | M] () -- C:\Users\Thomas\Desktop\Bachelorarbeit_inszenierter Terrorismus_Selbstmordattentäter_Andrea Zubke_eingereicht am 06.07.2010.pdf [2012/08/13 11:30:00 | 000,000,532 | ---- | M] () -- C:\Windows\tasks\Gesamtscan.job [2012/08/13 10:00:18 | 000,013,936 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/08/13 10:00:18 | 000,013,936 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/08/13 09:59:56 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/08/13 09:59:56 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012/08/13 09:59:56 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/08/13 09:59:56 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012/08/13 09:59:56 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/08/13 09:52:03 | 4148,592,640 | -HS- | M] () -- C:\hiberfil.sys [2012/07/21 17:03:44 | 001,166,289 | ---- | M] () -- C:\Users\Thomas\Desktop\Meuser_Nagel_1991_Experteninterview.pdf [2012/07/19 15:50:26 | 026,687,115 | ---- | M] () -- C:\Users\Thomas\Desktop\KRYSTAL CLEAR SALTWATER SYSTEM (CS8110 CS8220 ========== Files Created - No Company Name ========== [2012/08/15 12:06:31 | 000,000,000 | ---- | C] () -- C:\Users\Thomas\defogger_reenable [2012/08/15 12:03:53 | 000,050,477 | ---- | C] () -- C:\Users\Thomas\Desktop\Defogger.exe [2012/08/15 01:45:50 | 000,245,284 | ---- | C] () -- C:\Users\Thomas\Desktop\wegweiser_zum_einklagen_auf_einen_studienplatz.pdf [2012/08/13 11:48:32 | 001,026,732 | ---- | C] () -- C:\Users\Thomas\Desktop\Bachelorarbeit_inszenierter Terrorismus_Selbstmordattentäter_Andrea Zubke_eingereicht am 06.07.2010.pdf [2012/07/21 17:03:37 | 001,166,289 | ---- | C] () -- C:\Users\Thomas\Desktop\Meuser_Nagel_1991_Experteninterview.pdf [2012/07/19 15:49:48 | 026,687,115 | ---- | C] () -- C:\Users\Thomas\Desktop\KRYSTAL CLEAR SALTWATER SYSTEM (CS8110 CS8220 [2012/01/27 13:43:18 | 016,893,060 | ---- | C] () -- C:\ProgramData\SamPCFax000008640000 [2011/06/27 12:33:08 | 000,003,584 | ---- | C] () -- C:\Users\Thomas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/02/22 01:11:03 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\clauth2.dll [2011/02/22 01:11:03 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\clauth1.dll [2011/02/22 01:11:03 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\ssprs.dll [2011/02/22 01:11:03 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\serauth2.dll [2011/02/22 01:11:03 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\serauth1.dll [2011/02/22 01:11:03 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\nsprs.dll [2011/02/04 23:34:11 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll [2011/02/04 23:34:11 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll [2011/01/29 04:41:13 | 000,007,602 | ---- | C] () -- C:\Users\Thomas\AppData\Local\Resmon.ResmonCfg [2010/11/28 23:32:39 | 000,010,866 | ---- | C] () -- C:\Users\Thomas\AppData\Roaming\SmarThruOptions.xml [2010/11/28 23:32:27 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\SvcMan.exe [2010/11/28 23:32:16 | 000,172,032 | ---- | C] () -- C:\Windows\SysWow64\SecSNMP.dll [2010/11/28 23:32:06 | 000,000,136 | ---- | C] () -- C:\Windows\Readiris.ini [2010/11/28 23:32:03 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\irisco32.dll [2010/11/28 23:29:52 | 000,110,592 | R--- | C] () -- C:\Windows\Wiainst.exe [2010/11/18 11:23:12 | 000,142,704 | ---- | C] () -- C:\Windows\wiainst64.exe [2010/11/18 11:22:15 | 000,484,656 | ---- | C] () -- C:\Windows\ssndii.exe [2010/11/18 11:21:55 | 000,258,864 | ---- | C] () -- C:\Windows\SUPDRun.exe [2010/09/08 05:12:29 | 000,307,200 | ---- | C] () -- C:\Windows\SetDisplayResolution.exe [2010/09/08 04:39:23 | 000,002,108 | ---- | C] () -- C:\Windows\HotFixList.ini ========== LOP Check ========== [2012/07/29 18:22:05 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Amazon [2012/08/13 09:53:05 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Dropbox [2010/12/01 17:40:52 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Leadertech [2011/08/10 21:25:18 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\LolClient [2012/06/03 09:31:53 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\LolClient2 [2010/11/26 21:25:29 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\OpenOffice.org [2012/08/15 12:11:08 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Oxuco [2011/02/09 19:43:23 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\PC Suite [2010/11/19 20:24:54 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\PlayFirst [2010/12/02 13:49:20 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Samsung [2010/11/28 23:32:41 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\SmarThru4 [2011/06/03 00:53:19 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\TomTom [2011/09/25 10:25:57 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\TS3Client [2011/09/24 15:01:18 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\ts3overlay [2010/11/20 10:27:05 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Vuolfi [2012/08/13 11:30:00 | 000,000,532 | ---- | M] () -- C:\Windows\Tasks\Gesamtscan.job [2012/06/15 10:27:09 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > 2.2. Extras.txt OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 8/15/2012 12:10:40 PM - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Thomas\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.86 Gb Total Physical Memory | 2.72 Gb Available Physical Memory | 70.28% Memory free
7.73 Gb Paging File | 5.73 Gb Available in Paging File | 74.15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 93.92 Gb Total Space | 18.59 Gb Free Space | 19.79% Space Free | Partition Type: NTFS
Drive D: | 100.00 Gb Total Space | 76.13 Gb Free Space | 76.13% Space Free | Partition Type: NTFS
Drive F: | 100.00 Gb Total Space | 96.66 Gb Free Space | 96.66% Space Free | Partition Type: NTFS
Drive G: | 152.27 Gb Total Space | 9.63 Gb Free Space | 6.32% Space Free | Partition Type: NTFS
Computer Name: THOMAS-PC | User Name: Thomas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\VLC media player 1.1.5\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\VLC media player 1.1.5\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\VLC media player 1.1.5\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\VLC media player 1.1.5\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"" =
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01DC820E-9CCC-4868-BF43-6E77EB536F38}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1986242A-AEDC-4825-9B6D-A48C52149DF6}" = lport=10243 | protocol=6 | dir=in | app=system |
"{2D8A3E91-6480-46F9-AF0E-363D4AF0BB27}" = lport=139 | protocol=6 | dir=in | app=system |
"{3BE1D452-1F52-48AE-82C0-106BEBFB25A2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{3E79BF19-A5F5-4DD9-88A3-1519CFF7C036}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{3EBE1CEE-BB68-48B7-803E-B1386F0A82C0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{4BB6DBC5-6038-4D51-A762-9E89A20D928C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{505A7D44-1CBB-46F4-9D91-341107B7A893}" = lport=445 | protocol=6 | dir=in | app=system |
"{612CEA30-37DD-441D-BAA1-695ACC7B1591}" = rport=137 | protocol=17 | dir=out | app=system |
"{62CD863D-A415-4D37-8BDD-C8E13C99B916}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{719E0F4A-179D-4F95-B1E5-2990DBD10EA0}" = rport=138 | protocol=17 | dir=out | app=system |
"{7212D7A3-B41B-4484-96DC-EDA5478E08CB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7D35AEB7-F228-4102-916C-604295D7B997}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9430CCE3-B226-4F9E-94F8-F2FDBE4B6882}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9477F813-481F-4B7B-8C21-C2432EDFC6FC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{ADB5AA39-7EF0-4494-9139-FF675CA11749}" = lport=138 | protocol=17 | dir=in | app=system |
"{B2677ED0-CD8F-4B02-AEF5-8040115CD2D9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B5E7E88D-5495-4A12-8A89-64633C6CEDAC}" = lport=137 | protocol=17 | dir=in | app=system |
"{BBE8A898-854C-43F2-AB1B-D246528B8C5B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C802685E-6A5A-40D3-8475-5BDB069C0B65}" = rport=445 | protocol=6 | dir=out | app=system |
"{E4A518F6-8BF1-4DB9-B5A9-ECDCE013F25A}" = rport=10243 | protocol=6 | dir=out | app=system |
"{EACD772C-AA29-498E-B7F9-DA4ACB15D08F}" = rport=139 | protocol=6 | dir=out | app=system |
"{F7E0C1BB-F2CE-4B63-82DA-04257ACA7B2D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F9F0381D-8821-4237-9E1E-A3FF3B1750AB}" = lport=6004 | protocol=17 | dir=in | app=d:\microsoft office\office14\outlook.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0431860C-5BF5-40A0-864B-1427EEB4A9D4}" = protocol=6 | dir=in | app=c:\windows\twain_32\samsung\clx3170\sscan2io.exe |
"{0A241592-09C9-4399-A9CC-1B66A7218691}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
"{1103F8AB-FBDD-4943-B833-445C13A024AF}" = protocol=17 | dir=in | app=d:\spss 19 test\stats.exe |
"{1E94471F-FF43-477C-AF54-D339EC45C763}" = protocol=6 | dir=in | app=d:\spss 19 test\stats.exe |
"{1F784443-4E33-4D94-89C1-9735BC46C2F5}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{20902061-153C-4AD3-89F9-01A4BA20B281}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{219BB4B7-D5AA-4125-8657-AFA51BB41601}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{261F8740-F3E4-4C86-A43D-02F04118D790}" = protocol=6 | dir=in | app=c:\windows\twain_32\samsung\scanmgr.exe |
"{2EAD2170-925B-4CD6-9341-543C7E940F10}" = protocol=6 | dir=in | app=d:\spiele\league of legends\lol replay\lolreplay\lolreplay.exe |
"{39D0F16F-3268-41E8-9D71-8000E3F1F36D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3B45A134-2881-421B-957C-F6F093A4ABDD}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{3C806DB4-E71F-4AED-990C-221B8FB467F0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3D89EF78-BA12-486C-9E7E-EBABB24C3C11}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{3ED51EBB-0D35-4AD4-8349-AC674165EF32}" = protocol=17 | dir=in | app=c:\windows\twain_32\samsung\clx3170\scan2pc.exe |
"{405FD6C3-B6E9-4FF4-8219-6B87B4509FA2}" = protocol=6 | dir=in | app=c:\users\thomas\appdata\roaming\dropbox\bin\dropbox.exe |
"{418EE22E-73AB-47D5-BFD7-3824623F53EF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4775C745-30EE-4F61-A2CE-9E3D09FDAF96}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{495E5FD5-0014-47F6-A8A5-980140AF68B3}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{53AD46E0-02F4-49C1-A9AF-B089816EAFDB}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{587E0373-516F-4B6B-A4B3-F8AC2B607037}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{598AF214-87E5-44D3-B49E-EEE8A304BABF}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung universal scan driver\iccupdater.exe |
"{5D940326-5DF0-4E73-97A9-2B2CC8946833}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5E7F4190-5C69-4D7C-839D-696A30285CB1}" = protocol=17 | dir=in | app=d:\microsoft office\office14\onenote.exe |
"{5F40B9CC-8E08-4B2F-967A-E61C9E194F80}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{645F5D83-25F4-44B7-ABEC-CF1BE66B42E8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6ACA1AC0-D04D-483B-9F68-FDD9A8F22565}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{72E05AAE-A09F-456C-A85D-ABB106BD5975}" = protocol=17 | dir=in | app=c:\windows\twain_32\samsung\scanmgr.exe |
"{7B5F6B7D-E280-4E0C-9BDD-15E697956C6F}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe |
"{7CA24CBE-BBDA-4553-B8F2-D16D205F8743}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{7E29BE0F-9390-4A9B-8470-AFBCB3B24D16}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{90B5257A-DFBF-4DD7-B635-FE8925EE522A}" = protocol=17 | dir=in | app=d:\spss max\jre\bin\javaw.exe |
"{91650CC0-276F-4A9E-9DB3-7478F77DE545}" = protocol=6 | dir=out | app=system |
"{97DAC59B-4AD8-4016-B573-B7E42B3D5C9A}" = protocol=17 | dir=in | app=d:\spss 19 test\jre\bin\javaw.exe |
"{9BD4307F-0030-4481-8FEB-9D3005DF18FD}" = protocol=17 | dir=in | app=c:\windows\system32\supdsvc.exe |
"{9D11DF77-40BE-4DF6-A3CE-70A6D22FEDD5}" = protocol=17 | dir=in | app=d:\spiele\league of legends\lol replay\lolreplay\lolreplay.exe |
"{9DADE8DB-E5F6-41EE-B246-F286A157CF80}" = protocol=6 | dir=in | app=d:\microsoft office\office14\onenote.exe |
"{9E471CB4-D938-49A1-838C-D56BB679329A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A66B96ED-6791-4FC9-A949-CDEC1788E5E7}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung universal scan driver\iccupdater.exe |
"{A6E55F6C-0F1B-49B5-BC11-7E7CE702A5D6}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{ADD42B08-63C6-45E8-9420-E0C50A1E5B57}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{BB8EDD44-96E9-4511-B4E0-0B63B2DC77AC}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{BDB840C8-4392-471B-9FC3-327A09410DE5}" = protocol=17 | dir=in | app=c:\windows\twain_32\samsung\clx3170\sscan2io.exe |
"{C657745E-B834-499E-A5A7-6F901D22DECC}" = protocol=6 | dir=in | app=c:\windows\system32\supdsvc.exe |
"{C68BC42E-D3A4-4CCB-AD14-9C29428FD6D0}" = protocol=6 | dir=in | app=d:\spss max\jre\bin\javaw.exe |
"{C97DF303-AF24-49A3-865B-F77789B10849}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{D38DCA92-E871-4032-A954-8F908C2E1C67}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{D4474B07-4E55-4B78-9503-854723D41D97}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D5133F3E-BEFC-4085-8132-96056F11F741}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung universal scan driver\usdagent.exe |
"{DA82340F-6AF4-4A24-BE16-D7E29038AEBD}" = protocol=6 | dir=in | app=c:\windows\twain_32\samsung\clx3170\scan2pc.exe |
"{DBA2B3D7-AEC5-4078-8161-B43C0280D170}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung universal scan driver\usdagent.exe |
"{E23322B4-8ACE-4494-BE80-F5ABAF862DC2}" = protocol=6 | dir=in | app=d:\spss 19 test\jre\bin\javaw.exe |
"{E3A9F1B5-A3F4-40C3-BB27-670BBEDE200B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E7E42A38-FD2C-4C1F-9296-4E2DB80BF95A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F339B3D2-0FA2-4171-9CD6-31F6FE14D023}" = protocol=17 | dir=in | app=c:\users\thomas\appdata\roaming\dropbox\bin\dropbox.exe |
"{F5676337-1CAE-433B-B48B-A1FD26EF71D8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"TCP Query User{86C092C7-31F6-469C-9C3F-F4D644B97DC8}D:\f4\f4\f4.exe" = protocol=6 | dir=in | app=d:\f4\f4\f4.exe |
"TCP Query User{D1868F7D-0ABF-4617-9BA9-9BCC14F821AD}D:\spss max\jre\bin\javaw.exe" = protocol=6 | dir=in | app=d:\spss max\jre\bin\javaw.exe |
"TCP Query User{E1E2F523-7AD3-41C9-85DE-3BB664507846}D:\spss 19 test\stats.exe" = protocol=6 | dir=in | app=d:\spss 19 test\stats.exe |
"TCP Query User{E67013CB-E597-4DD0-A144-BE449129B487}D:\spiele\league of legends\lol replay\lolreplay\lolreplay.exe" = protocol=6 | dir=in | app=d:\spiele\league of legends\lol replay\lolreplay\lolreplay.exe |
"TCP Query User{EEF680BE-1DC7-49F6-B089-90202C4E9926}D:\spss 19 test\jre\bin\javaw.exe" = protocol=6 | dir=in | app=d:\spss 19 test\jre\bin\javaw.exe |
"UDP Query User{78272F8C-82B5-4357-8503-7FB085CB0AA3}D:\spss 19 test\stats.exe" = protocol=17 | dir=in | app=d:\spss 19 test\stats.exe |
"UDP Query User{93D2BC36-A06C-4632-97D5-C69D4B1CAB03}D:\spiele\league of legends\lol replay\lolreplay\lolreplay.exe" = protocol=17 | dir=in | app=d:\spiele\league of legends\lol replay\lolreplay\lolreplay.exe |
"UDP Query User{9463FF4F-F908-4B9F-B9CF-91C93CBAF317}D:\f4\f4\f4.exe" = protocol=17 | dir=in | app=d:\f4\f4\f4.exe |
"UDP Query User{9E9E1E3C-7FC3-4AAD-88F9-D556A0A75270}D:\spss 19 test\jre\bin\javaw.exe" = protocol=17 | dir=in | app=d:\spss 19 test\jre\bin\javaw.exe |
"UDP Query User{D8DD60CB-496C-43C8-9CE1-7D7C92BD9C18}D:\spss max\jre\bin\javaw.exe" = protocol=17 | dir=in | app=d:\spss max\jre\bin\javaw.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{17B77355-3934-4D0E-8FAC-C420482C8E7D}" = Windows Live Family Safety
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{340BE65B-7621-4B0B-B0F9-DBCCD8D70887}" = SRS Premium Sound Control Panel
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Überwachungstool für die Intel® Turbo-Boost-Technik
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.16.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{EAFC065C-0576-4DE9-8FDB-4D943367506E}" = Oracle VM VirtualBox 3.2.10
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Broadcom 802.11 Network Adapter" = Broadcom 802.11 Network Adapter
"Elantech" = ETDWare PS/2-X64 10.7.6.2_WHQL
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{047F20E4-0212-4286-9BF3-58FA54CB5CF7}" = SPSS SmartViewer 15G
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{142D8CA7-2C6F-45A7-83E3-099AAFD99133}" = Samsung Update Plus
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 5
"{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}" = Readiris Pro 10
"{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{1DF9729D-2A51-4CA1-B4CE-2B432D7ABA7C}" = Samsung AnyWeb Print
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2D7D9D86-923A-41A8-919F-437332AB1031}" = Nero 7 Ultra Edition
"{2DDC70C1-C77A-4D08-89D2-9AB648504533}" = Easy Content Share
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{318DBE01-1E6B-4243-84B0-210391FE789A}" = Samsung AnyWeb Print
"{331ECF61-69AF-4F57-AC35-AFED610231C3}" = MultimediaPOP
"{341739C6-79A4-4F7B-A34E-FDAE88749246}" = G*Power 3.1.2
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4216D328-0FE8-48B8-85B8-BD300E6F080F}" = Nokia Connectivity Cable Driver
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A331D24-A9E8-484F-835E-1BA7B139689C}" = EasyBatteryManager
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{556EAB35-CD1F-4E94-83CA-D5C9FA2CDA5B}" = Easy Network Manager
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77F45ECD-FAFC-45A8-8896-CFFB139DAAA3}" = Fast Start
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F6F62F0-7884-4CFB-B86C-597A4A6D9C4D}" = Movie Color Enhancer
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90F1943D-EA4A-4460-B59F-30023F3BA69A}" = SmarThru 4
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}" = ChargeableUSB
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}" = Sophos Anti-Virus
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{C4582EED-A3FB-4358-8F3F-8C994460DF28}" = EasyFileShare
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}" = PC Connectivity Solution
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E308B555-8434-4AF8-B66F-729897C75F93}" = BatteryLifeExtender
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F687E657-F636-44DF-8125-9FEEA2C362F5}" = Samsung Support Center 1.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.15
"FileZilla" = FileZilla (remove only)
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"Marvell Miniport Driver" = Marvell Miniport Driver
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.SingleImage" = Microsoft Office Professional 2010
"Samsung CLX-3170 Series" = Samsung CLX-3170 Series
"Samsung Universal Print Driver" = Samsung Universal Print Driver
"Samsung Universal Scan Driver" = Samsung Universal Scan Driver
"SmarThru PC Fax" = SmarThru PC Fax
"SystemRequirementsLab" = System Requirements Lab
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VLC media player" = VLC media player 1.1.5
"WinLiveSuite_Wave3" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 12/12/2011 4:05:52 AM | Computer Name = Thomas-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 12/12/2011 1:57:30 PM | Computer Name = Thomas-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 12/20/2011 8:17:42 AM | Computer Name = Thomas-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 12/21/2011 5:16:33 AM | Computer Name = Thomas-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Scan2Pc.exe, Version: 2.2.0.0, Zeitstempel:
0x4934efaa Name des fehlerhaften Moduls: NetModule.dll, Version: 1.0.0.2, Zeitstempel:
0x484d25be Ausnahmecode: 0xc0000005 Fehleroffset: 0x00028570 ID des fehlerhaften Prozesses:
0x97c Startzeit der fehlerhaften Anwendung: 0x01ccbf005f7db4f1 Pfad der fehlerhaften
Anwendung: C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe Pfad des fehlerhaften
Moduls: C:\Windows\twain_32\Samsung\CLX3170\NetModule.dll Berichtskennung: 7912eb3e-2bb4-11e1-ac71-e2e221555b6e
Error - 12/22/2011 9:10:20 AM | Computer Name = Thomas-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Scan2Pc.exe, Version: 2.2.0.0, Zeitstempel:
0x4934efaa Name des fehlerhaften Moduls: NetModule.dll, Version: 1.0.0.2, Zeitstempel:
0x484d25be Ausnahmecode: 0xc0000005 Fehleroffset: 0x00006c99 ID des fehlerhaften Prozesses:
0x84c Startzeit der fehlerhaften Anwendung: 0x01ccc08bc1a387f4 Pfad der fehlerhaften
Anwendung: C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe Pfad des fehlerhaften
Moduls: C:\Windows\twain_32\Samsung\CLX3170\NetModule.dll Berichtskennung: 4c1cd065-2c9e-11e1-8e0e-001bb1178a58
Error - 12/22/2011 3:04:11 PM | Computer Name = Thomas-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 12/23/2011 8:38:48 PM | Computer Name = Thomas-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Scan2Pc.exe, Version: 2.2.0.0, Zeitstempel:
0x4934efaa Name des fehlerhaften Moduls: NetModule.dll, Version: 1.0.0.2, Zeitstempel:
0x484d25be Ausnahmecode: 0xc0000005 Fehleroffset: 0x00006c99 ID des fehlerhaften Prozesses:
0xc44 Startzeit der fehlerhaften Anwendung: 0x01ccc1d33f69de9f Pfad der fehlerhaften
Anwendung: C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe Pfad des fehlerhaften
Moduls: C:\Windows\twain_32\Samsung\CLX3170\NetModule.dll Berichtskennung: a4016a65-2dc7-11e1-b07b-001bb1178a58
Error - 12/27/2011 9:42:48 AM | Computer Name = Thomas-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Scan2Pc.exe, Version: 2.2.0.0, Zeitstempel:
0x4934efaa Name des fehlerhaften Moduls: NetModule.dll, Version: 1.0.0.2, Zeitstempel:
0x484d25be Ausnahmecode: 0xc0000005 Fehleroffset: 0x00006c99 ID des fehlerhaften Prozesses:
0xbf8 Startzeit der fehlerhaften Anwendung: 0x01ccc319378468ad Pfad der fehlerhaften
Anwendung: C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe Pfad des fehlerhaften
Moduls: C:\Windows\twain_32\Samsung\CLX3170\NetModule.dll Berichtskennung: a996953f-3090-11e1-ad26-001bb1178a58
Error - 12/29/2011 8:43:14 AM | Computer Name = Thomas-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 12/30/2011 4:05:12 PM | Computer Name = Thomas-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
[ System Events ]
Error - 8/12/2012 5:38:32 AM | Computer Name = Thomas-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%20
Error - 8/12/2012 5:39:49 AM | Computer Name = Thomas-PC | Source = DCOM | ID = 10010
Description =
Error - 8/13/2012 3:52:35 AM | Computer Name = Thomas-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%20
Error - 8/13/2012 5:53:30 AM | Computer Name = Thomas-PC | Source = yukonw7 | ID = 458853
Description = Driver status 1
Error - 8/13/2012 5:53:30 AM | Computer Name = Thomas-PC | Source = yukonw7 | ID = 458853
Description = Driver status 1
Error - 8/13/2012 5:53:30 AM | Computer Name = Thomas-PC | Source = yukonw7 | ID = 458853
Description = Driver status 1
Error - 8/14/2012 1:42:29 AM | Computer Name = Thomas-PC | Source = BROWSER | ID = 8032
Description =
Error - 8/14/2012 8:23:12 AM | Computer Name = Thomas-PC | Source = BROWSER | ID = 8032
Description =
Error - 8/14/2012 7:32:40 PM | Computer Name = Thomas-PC | Source = BROWSER | ID = 8032
Description =
Error - 8/15/2012 5:04:12 AM | Computer Name = Thomas-PC | Source = BROWSER | ID = 8032
Description =
< End of report >
Was nun? Geändert von Tom29 (15.08.2012 um 12:28 Uhr) |
| Themen zu Troj/ZbotMem-B bei Scan entdeckt, nach Sophos Meldung HIPS/RegMod-014 - Was tun? |
| 7-zip, antivir, autorun, bho, defender, document, fehlermeldung, firefox, flash player, format, helper, hips/regmod-014, home, install.exe, internet, league of legends, logfile, monitor, mozilla, nicht möglich, nvidia update, pando media booster, plug-in, realtek, registry, rundll, scan, security, software, svchost.exe, teamspeak, thomas, troj/zbotmem-b, trojaner, udp, usb 3.0, virtualbox, visual studio, windows |
Baum-Darstellung