| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Sophos meldet im Speicher: Troj/ZbotMem-BWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
23.11.2012, 11:14
| #1 | ||
| |  Sophos meldet im Speicher: Troj/ZbotMem-B Hallo, nachdem ich mein Sophos Antivirus auf Version 10.0 upgedatet habe, habe ich einen Scan gestartet. Dabei ist gleich nach wenigen Sekunden im Speicher der Troj/ZbotMem-B gefunden worden. Bereinigen usw. kann ich nicht, muss manuell geschehen. Deshalb bin ich hier. Habe bereits Malwarebytes Anti-Malware 1.65.1.1000 installiert und einen vollständigen Suchlauf gestartet, hat aber nichts gefunden. Zitat:
PS: obwohl Internet Explorer im Zitat drin steht, benutze ich den nicht. Bei mir sind gerade Google Chrome 23.0.1271.64 m und Mozilla Nightly 19.0a1 aktiv (ich weiß, es ist eine alpha-Version, wollte diese allerdings ausprobieren). defogger: Zitat:
OTL Logfile: Code:
ATTFilter OTL logfile created on: 23.11.2012 11:23:16 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = d:\benutzer\DailyDose\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,88 Gb Total Physical Memory | 4,94 Gb Available Physical Memory | 62,65% Memory free 15,77 Gb Paging File | 13,08 Gb Available in Paging File | 82,95% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 59,95 Gb Total Space | 20,35 Gb Free Space | 33,95% Space Free | Partition Type: NTFS Drive D: | 58,52 Gb Total Space | 47,02 Gb Free Space | 80,35% Space Free | Partition Type: NTFS Computer Name: P1275 | User Name: DailyDose | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found -- PRC - [2012.11.23 11:21:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- d:\benutzer\DailyDose\Desktop\OTL.exe PRC - [2012.11.19 13:18:41 | 000,900,160 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe PRC - [2012.11.19 13:17:52 | 000,232,512 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe PRC - [2012.11.19 13:05:30 | 000,357,400 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe PRC - [2012.11.19 13:04:20 | 000,216,640 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe PRC - [2012.11.19 13:00:47 | 002,869,824 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe PRC - [2012.11.19 12:55:56 | 000,139,840 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe PRC - [2012.11.19 12:13:50 | 000,818,240 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Remote Management System\RouterNT.exe PRC - [2012.11.19 12:13:05 | 000,289,856 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Remote Management System\ManagementAgentNT.exe PRC - [2012.11.04 21:04:03 | 000,142,336 | ---- | M] () -- C:\Program Files (x86)\salesforce.com\Chatter Desktop\Chatter Desktop.exe PRC - [2012.08.26 18:30:27 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe PRC - [2012.08.21 10:35:02 | 000,200,704 | ---- | M] () -- d:\benutzer\DailyDose\AppData\Roaming\Aqoqlo\nyuq.exe PRC - [2012.04.22 12:51:04 | 000,720,936 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe PRC - [2012.04.22 12:50:32 | 000,148,520 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe PRC - [2012.03.21 11:16:48 | 001,296,384 | ---- | M] () -- C:\Program Files (x86)\OpenVPN\bin\openvpn-gui-20111130174916.exe PRC - [2011.02.23 22:19:22 | 000,371,200 | ---- | M] (shbox.de) -- C:\Program Files (x86)\FreePDF_XP\fpassist.exe PRC - [2011.02.23 19:29:44 | 000,586,280 | R--- | M] (Ericsson AB) -- C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe PRC - [2010.12.04 00:20:18 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010.12.04 00:20:16 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010.11.29 18:10:32 | 000,210,896 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe PRC - [2010.08.14 02:25:08 | 000,223,848 | ---- | M] (O2Micro.) -- c:\Windows\SysWOW64\SDIOAssist.exe PRC - [2010.03.23 12:22:46 | 001,549,088 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\vpngui.exe PRC - [2010.03.23 12:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe PRC - [2003.04.19 03:06:26 | 000,008,192 | ---- | M] () -- c:\Windows\SysWOW64\srvany.exe ========== Modules (No Company Name) ========== MOD - [2012.11.14 08:58:29 | 004,775,040 | ---- | M] () -- C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\WebKit.dll MOD - [2012.11.04 21:04:03 | 000,142,336 | ---- | M] () -- C:\Program Files (x86)\salesforce.com\Chatter Desktop\Chatter Desktop.exe MOD - [2012.08.21 10:35:02 | 000,200,704 | ---- | M] () -- d:\benutzer\DailyDose\AppData\Roaming\Aqoqlo\nyuq.exe MOD - [2012.05.30 19:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012.05.30 19:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2012.03.21 11:16:48 | 001,296,384 | ---- | M] () -- C:\Program Files (x86)\OpenVPN\bin\openvpn-gui-20111130174916.exe MOD - [2010.03.23 12:26:48 | 000,201,512 | ---- | M] () -- C:\Program Files (x86)\Cisco Systems\VPN Client\vpnapi.dll MOD - [2005.09.21 02:57:56 | 004,325,376 | ---- | M] () -- C:\Program Files (x86)\Cisco Systems\VPN Client\qt-mt335.dll ========== Services (SafeList) ========== SRV:64bit: - [2011.01.15 20:00:02 | 000,048,128 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc) SRV:64bit: - [2010.09.22 06:05:24 | 000,165,032 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel(R) SRV:64bit: - [2010.02.11 02:50:50 | 000,072,296 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\SysNative\drivers\o2flash.exe -- (O2FLASH) SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.11.19 13:17:52 | 000,232,512 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service) SRV - [2012.11.19 13:14:57 | 002,009,664 | ---- | M] (Sophos Limited) [Auto | Stopped] -- C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe -- (swi_update_64) SRV - [2012.11.19 13:05:30 | 000,357,400 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe -- (Sophos Web Control Service) SRV - [2012.11.19 13:04:20 | 000,216,640 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService) SRV - [2012.11.19 13:00:47 | 002,869,824 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe -- (swi_service) SRV - [2012.11.19 12:55:56 | 000,139,840 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService) SRV - [2012.11.19 12:13:50 | 000,818,240 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Remote Management System\RouterNT.exe -- (Sophos Message Router) SRV - [2012.11.19 12:13:05 | 000,289,856 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Remote Management System\ManagementAgentNT.exe -- (Sophos Agent) SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.04.22 12:51:04 | 000,720,936 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2011.04.26 10:21:06 | 000,014,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService) SRV - [2011.03.04 22:13:20 | 003,427,696 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Programme\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe -- (TdmService) SRV - [2011.02.23 19:29:44 | 000,586,280 | R--- | M] (Ericsson AB) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe -- (WMCoreService) SRV - [2011.02.08 07:41:16 | 000,956,192 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2011.01.25 10:57:18 | 000,296,448 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\IDT\WDM\stacsv64.exe -- (STacSV) SRV - [2011.01.20 17:33:20 | 000,517,488 | ---- | M] (Dell Inc.) [Auto | Running] -- c:\Programme\Dell\Dell System Manager\DCPSysMgrSvc.exe -- (dcpsysmgrsvc) SRV - [2010.12.04 00:20:18 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010.12.04 00:20:16 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010.11.29 18:10:32 | 000,210,896 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service) SRV - [2010.11.03 22:48:42 | 002,117,120 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Programme\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService) SRV - [2010.10.28 20:05:50 | 000,036,768 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Programme\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe -- (Credential Vault Host Storage) SRV - [2010.10.28 20:05:48 | 001,035,680 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Programme\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe -- (Credential Vault Host Control Service) SRV - [2010.09.23 00:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.09.21 20:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.07.13 20:02:32 | 001,629,696 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe) SRV - [2010.03.23 12:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.03.03 11:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\IDT\WDM\AESTSr64.exe -- (AESTFilters) SRV - [2003.04.19 03:06:26 | 000,008,192 | ---- | M] () [Auto | Running] -- c:\Windows\SysWOW64\srvany.exe -- (O2SDIOAssist) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.11.19 13:12:45 | 000,036,640 | ---- | M] (Sophos Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdcfilter.sys -- (sdcfilter) DRV:64bit: - [2012.11.19 13:01:07 | 000,144,672 | ---- | M] (Sophos Limited) [File_System | System | Running] -- C:\Windows\SysNative\drivers\savonaccess.sys -- (SAVOnAccess) DRV:64bit: - [2012.06.20 10:14:18 | 000,025,608 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\SophosBootDriver.sys -- (SophosBootDriver) DRV:64bit: - [2012.04.25 11:11:36 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.04.22 12:51:38 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.08.01 14:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:64bit: - [2011.07.20 16:37:56 | 000,342,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) DRV:64bit: - [2011.06.23 19:44:07 | 000,349,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL) DRV:64bit: - [2011.06.23 19:44:07 | 000,138,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2011.06.23 19:44:07 | 000,107,560 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2011.06.23 19:44:07 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2011.06.23 19:44:07 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2011.04.26 10:21:06 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901) DRV:64bit: - [2011.03.28 19:37:28 | 012,256,544 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011.03.23 22:51:32 | 000,083,560 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2sdjw7x64.sys -- (O2SDJRDR) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.02.08 19:13:50 | 000,276,520 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WwanUsbMp64.sys -- (WwanUsbServ) DRV:64bit: - [2011.01.25 10:57:18 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2011.01.15 20:00:00 | 000,022,592 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY) DRV:64bit: - [2011.01.15 19:59:54 | 004,719,680 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2011.01.06 05:47:12 | 000,343,160 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService) DRV:64bit: - [2011.01.03 23:19:56 | 000,074,984 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\O2MDRw7x64.sys -- (O2MDRRDR) DRV:64bit: - [2011.01.03 21:04:44 | 000,072,808 | ---- | M] (O2Micro ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\o2mdfw7x64.sys -- (O2MDFRDR) DRV:64bit: - [2010.12.02 01:02:16 | 000,101,416 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\d554gps64.sys -- (d554gps) DRV:64bit: - [2010.11.21 04:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 04:23:48 | 000,168,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc60.sys -- (netvsc) DRV:64bit: - [2010.11.21 04:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub) DRV:64bit: - [2010.11.21 04:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc) DRV:64bit: - [2010.11.21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010.11.21 04:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt) DRV:64bit: - [2010.11.21 04:23:48 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusVideoM.sys -- (SynthVid) DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.11.19 19:39:28 | 000,061,992 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\d554scard.sys -- (d554scard) DRV:64bit: - [2010.11.06 03:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.11.01 01:43:10 | 000,472,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Mbm3Mdm.sys -- (Mbm3Mdm) DRV:64bit: - [2010.11.01 01:43:10 | 000,419,912 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Mbm3DevMt.sys -- (Mbm3DevMt) DRV:64bit: - [2010.11.01 01:43:10 | 000,411,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Mbm3CBus.sys -- (Mbm3CBus) DRV:64bit: - [2010.11.01 01:43:10 | 000,019,528 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Mbm3mdfl.sys -- (Mbm3mdfl) DRV:64bit: - [2010.10.20 01:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010.10.15 10:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2010.09.02 08:18:46 | 000,021,504 | ---- | M] (Shrew Soft Inc) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\vfilter.sys -- (vflt) DRV:64bit: - [2010.09.02 08:18:46 | 000,017,408 | ---- | M] (Shrew Soft Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\virtualnet.sys -- (vnet) DRV:64bit: - [2010.08.24 23:46:02 | 000,038,440 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cvusbdrv.sys -- (cvusbdrv) DRV:64bit: - [2010.03.23 12:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV:64bit: - [2010.02.24 04:25:30 | 000,030,248 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wwussf64.sys -- (ecnssndisfltr) DRV:64bit: - [2010.02.24 04:25:30 | 000,026,664 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wwuss64.sys -- (ecnssndis) DRV:64bit: - [2010.02.08 07:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA) DRV:64bit: - [2009.09.16 22:08:48 | 000,172,960 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2008.11.16 17:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE) DRV:64bit: - [2008.06.04 19:14:00 | 000,032,240 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PBADRV.SYS -- (PBADRV) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de IE - HKCU\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0a1 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( ) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: d:\benutzer\DailyDose\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: d:\benutzer\DailyDose\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Nightly 19.0a1\extensions\\Components: C:\PROGRAM FILES\NIGHTLY\COMPONENTS [2012.11.15 09:18:45 | 000,000,000 | ---D | M] 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Nightly 19.0a1\extensions\\Plugins: C:\PROGRAM FILES\NIGHTLY\PLUGINS FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Optimization Client\addon\ FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.08.26 18:30:32 | 000,000,000 | ---D | M] [2012.11.15 09:18:52 | 000,000,000 | ---D | M] (No name found) -- d:\benutzer\DailyDose\AppData\Roaming\mozilla\Extensions [2012.11.15 09:15:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.06.20 04:39:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.08.26 18:30:30 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll [2012.06.28 16:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}, CHR - homepage: hxxp://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = d:\benutzer\DailyDose\AppData\Local\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = d:\benutzer\DailyDose\AppData\Local\Google\Chrome\Application\23.0.1271.64\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = d:\benutzer\DailyDose\AppData\Local\Google\Chrome\Application\23.0.1271.64\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL CHR - plugin: Java Deployment Toolkit 7.0.50.5 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll CHR - plugin: Google Update (Enabled) = d:\benutzer\DailyDose\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - Extension: Angry Birds = d:\benutzer\DailyDose\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\ CHR - Extension: 3DTin = d:\benutzer\DailyDose\AppData\Local\Google\Chrome\User Data\Default\Extensions\algoakekcdmbbikdjgjdahbfihboglmi\1.1_0\ CHR - Extension: YouTube = d:\benutzer\DailyDose\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google-Suche = d:\benutzer\DailyDose\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: YouTube to mp3 (YouTube para mp3) = d:\benutzer\DailyDose\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjbocjlkojbicepeolmlkpjihlmkdebn\1.0_0\ CHR - Extension: RealPlayer HTML5Video Downloader Extension = d:\benutzer\DailyDose\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\ CHR - Extension: YouTube Downloader: MP3 / HD Video Download = d:\benutzer\DailyDose\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkkeahicimadnjhdamcladhobabaafbg\13.0_0\ CHR - Extension: Youtube MP3 + Video Downloader = d:\benutzer\DailyDose\AppData\Local\Google\Chrome\User Data\Default\Extensions\magnmielaieppaikfanmmcikphdbkkki\1.3.13.0_0\ CHR - Extension: Youtube MP3 + Video Downloader | 1-Click Download = d:\benutzer\DailyDose\AppData\Local\Google\Chrome\User Data\Default\Extensions\mndodlfhmlpbndlojoinhgibacnpgajk\1.0.15.1_0\ CHR - Extension: Google Mail = d:\benutzer\DailyDose\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe (Sophos Limited) O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKCU..\Run: [] File not found O4 - HKCU..\Run: [Efubriiqz] d:\benutzer\DailyDose\AppData\Roaming\Aqoqlo\nyuq.exe () O4 - HKCU..\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe (Nokia) O4 - HKCU..\Run: [Video Performer63615.exe] "d:\benutzer\DailyDose\AppData\Local\Temp\Video Performer63615.exe" /XML="d:\benutzer\DailyDose\AppData\Local\Temp\90FE.tmp" /STP=0:2 File not found O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: d:\benutzer\DailyDose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Chatter Desktop.lnk = C:\Program Files (x86)\salesforce.com\Chatter Desktop\Chatter Desktop.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\New Windows present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogonScripts = 0 O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - d:\benutzer\DailyDose\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - d:\benutzer\DailyDose\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000014 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000016 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000028 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000029 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc) O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15:64bit: - ..Trusted Domains: solution.local ([]http in Trusted sites) O15 - HKCU\..Trusted Domains: solution.local ([]http in Trusted sites) O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 10.5.1) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.7.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.11.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = solution.local O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0C404084-3182-48FB-AE83-645E3B00FEC0}: DhcpNameServer = 192.168.11.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\saphtmlp - No CLSID value found O18:64bit: - Protocol\Handler\sapr3 - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll (SAP, Walldorf) O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll (SAP, Walldorf) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL) - C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL (Sophos Limited) O20 - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Limited) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20:64bit: - Winlogon\Notify\spba: DllName - (C:\Program Files\Common Files\SPBA\homefus2.dll) - C:\Programme\Common Files\SPBA\homefus2.dll (UPEK Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O30:64bit: - LSA: Authentication Packages - (wvauth) - C:\Windows\SysNative\wvauth.dll (Wave Systems Corp.) O30 - LSA: Authentication Packages - (wvauth) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012.11.19 14:05:34 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.11.23 11:21:28 | 000,602,112 | ---- | C] (OldTimer Tools) -- d:\benutzer\DailyDose\Desktop\OTL.exe [2012.11.23 10:37:00 | 000,000,000 | ---D | C] -- d:\benutzer\DailyDose\AppData\Roaming\Malwarebytes [2012.11.23 10:36:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.11.23 10:36:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.11.23 10:36:45 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.11.23 10:36:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.11.19 15:44:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2012.11.19 15:44:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2012.11.19 15:44:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2012.11.19 15:37:09 | 000,000,000 | ---D | C] -- d:\benutzer\DailyDose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos [2012.11.19 14:05:24 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group [2012.11.19 14:05:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard [2012.11.19 13:52:59 | 000,000,000 | ---D | C] -- d:\benutzer\DailyDose\AppData\Roaming\SpeedyPC Software [2012.11.19 13:52:59 | 000,000,000 | ---D | C] -- d:\benutzer\DailyDose\AppData\Roaming\DriverCure [2012.11.19 13:52:52 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software [2012.11.19 13:26:36 | 000,037,400 | ---- | C] (Sophos Limited) -- C:\Windows\SysNative\SophosBootTasks.exe [2012.11.19 13:26:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Cisco Systems [2012.11.19 13:26:10 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.11.19 13:12:44 | 000,036,640 | ---- | C] (Sophos Limited) -- C:\Windows\SysNative\drivers\sdcfilter.sys [2012.11.19 13:01:05 | 000,144,672 | ---- | C] (Sophos Limited) -- C:\Windows\SysNative\drivers\savonaccess.sys [2012.11.19 12:56:48 | 000,183,024 | ---- | C] (Sophos Plc) -- C:\Windows\SysNative\sdccoinstaller.dll [2012.11.19 12:35:36 | 000,000,000 | ---D | C] -- C:\fixupdate [2012.11.19 12:04:03 | 000,212,032 | ---- | C] (Sophos Limited) -- d:\benutzer\DailyDose\Desktop\FixIssues.exe [2012.11.17 23:57:39 | 000,000,000 | ---D | C] -- d:\benutzer\DailyDose\Desktop\Auto-Fotos [2012.11.15 09:18:47 | 000,000,000 | ---D | C] -- d:\benutzer\DailyDose\AppData\Roaming\Mozilla [2012.11.15 09:18:44 | 000,000,000 | ---D | C] -- C:\Program Files\Nightly [2012.11.13 21:49:43 | 000,000,000 | ---D | C] -- d:\benutzer\DailyDose\AppData\Local\Sophos [2012.11.13 21:35:07 | 000,000,000 | ---D | C] -- d:\benutzer\DailyDose\AppData\Roaming\Lyhu [2012.11.13 21:35:07 | 000,000,000 | ---D | C] -- d:\benutzer\DailyDose\AppData\Roaming\Eswat [2012.11.13 21:35:07 | 000,000,000 | ---D | C] -- d:\benutzer\DailyDose\AppData\Roaming\Aqoqlo [2012.11.12 20:38:14 | 000,000,000 | ---D | C] -- d:\benutzer\DailyDose\Documents\ScreenCam [2012.11.12 20:37:26 | 000,000,000 | ---D | C] -- C:\ProgramData\SFlash [2012.11.12 20:37:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ScreenCam [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.11.23 11:21:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- d:\benutzer\DailyDose\Desktop\OTL.exe [2012.11.23 11:20:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.11.23 11:19:15 | 000,000,000 | ---- | M] () -- d:\benutzer\DailyDose\defogger_reenable [2012.11.23 11:18:52 | 000,050,477 | ---- | M] () -- d:\benutzer\DailyDose\Desktop\Defogger.exe [2012.11.23 10:40:00 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1766616536-2676184462-1655401747-6430UA.job [2012.11.23 09:40:00 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1766616536-2676184462-1655401747-6430Core.job [2012.11.23 09:20:00 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.11.23 09:05:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.22 16:11:49 | 000,171,297 | ---- | M] () -- d:\benutzer\DailyDose\Desktop\audia6.pdf [2012.11.19 15:44:54 | 000,001,128 | ---- | M] () -- d:\benutzer\DailyDose\Desktop\Spybot - Search & Destroy.lnk [2012.11.19 15:37:09 | 000,003,177 | ---- | M] () -- d:\benutzer\DailyDose\Desktop\Sophos Virus Removal Tool.lnk [2012.11.19 14:05:34 | 000,000,000 | ---- | M] () -- C:\autoexec.bat [2012.11.19 13:12:45 | 000,036,640 | ---- | M] (Sophos Limited) -- C:\Windows\SysNative\drivers\sdcfilter.sys [2012.11.19 13:01:07 | 000,144,672 | ---- | M] (Sophos Limited) -- C:\Windows\SysNative\drivers\savonaccess.sys [2012.11.19 13:00:03 | 000,037,400 | ---- | M] (Sophos Limited) -- C:\Windows\SysNative\SophosBootTasks.exe [2012.11.19 12:56:50 | 000,183,024 | ---- | M] (Sophos Plc) -- C:\Windows\SysNative\sdccoinstaller.dll [2012.11.19 12:27:08 | 000,226,186 | ---- | M] () -- C:\FixUpdate.vbs [2012.11.19 12:04:03 | 000,212,032 | ---- | M] (Sophos Limited) -- d:\benutzer\DailyDose\Desktop\FixIssues.exe [2012.11.15 20:02:19 | 001,621,244 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.11.15 20:02:19 | 000,700,418 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.11.15 20:02:19 | 000,655,090 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.11.15 20:02:19 | 000,149,182 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.11.15 20:02:19 | 000,121,962 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.11.15 08:59:30 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.15 08:59:30 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.15 08:53:46 | 000,001,006 | ---- | M] () -- d:\benutzer\DailyDose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Chatter Desktop.lnk [2012.11.15 08:52:08 | 2053,816,319 | -HS- | M] () -- C:\hiberfil.sys [2012.11.12 19:56:13 | 000,085,465 | ---- | M] () -- d:\benutzer\DailyDose\Desktop\Liniennetz_Tag.pdf [2012.11.07 14:35:43 | 000,035,945 | ---- | M] () -- d:\benutzer\DailyDose\Desktop\Clipboard02.png [2012.11.07 14:34:05 | 000,230,129 | ---- | M] () -- d:\benutzer\DailyDose\Desktop\milesAndMore_antrag.pdf [2012.11.07 13:24:35 | 000,041,825 | ---- | M] () -- d:\benutzer\DailyDose\Desktop\NetWeaverGesamt.gif [2012.11.03 12:33:59 | 000,053,528 | ---- | M] () -- d:\benutzer\DailyDose\Desktop\standort_heilbronn_wohlgelegen.jpg [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.11.23 11:20:47 | 000,050,477 | ---- | C] () -- d:\benutzer\DailyDose\Desktop\Defogger.exe [2012.11.23 11:19:15 | 000,000,000 | ---- | C] () -- d:\benutzer\DailyDose\defogger_reenable [2012.11.19 14:05:34 | 000,000,000 | ---- | C] () -- C:\autoexec.bat [2012.11.15 09:18:45 | 000,000,876 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nightly.lnk [2012.11.12 19:56:12 | 000,085,465 | ---- | C] () -- d:\benutzer\DailyDose\Desktop\Liniennetz_Tag.pdf [2012.11.07 14:35:43 | 000,035,945 | ---- | C] () -- d:\benutzer\DailyDose\Desktop\Clipboard02.png [2012.11.07 14:34:05 | 000,230,129 | ---- | C] () -- d:\benutzer\DailyDose\Desktop\milesAndMore_antrag.pdf [2012.11.07 13:24:35 | 000,041,825 | ---- | C] () -- d:\benutzer\DailyDose\Desktop\NetWeaverGesamt.gif [2012.11.03 12:33:59 | 000,053,528 | ---- | C] () -- d:\benutzer\DailyDose\Desktop\standort_heilbronn_wohlgelegen.jpg [2012.09.19 20:47:15 | 000,120,620 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat [2012.09.18 13:45:40 | 000,000,035 | ---- | C] () -- d:\benutzer\DailyDose\.sapmc [2012.08.14 18:07:39 | 000,001,473 | ---- | C] () -- d:\benutzer\DailyDose\AppData\Local\recently-used.xbel [2012.07.01 15:53:24 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI [2012.06.20 09:55:19 | 000,008,180 | RHS- | C] () -- d:\benutzer\DailyDose\ntuser.pol [2012.06.20 09:51:42 | 000,002,208 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2011.06.29 08:35:00 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011.06.29 08:30:57 | 000,095,744 | ---- | C] () -- C:\Windows\SysWow64\h5rtf32.dll [2011.06.29 08:30:57 | 000,051,200 | ---- | C] () -- C:\Windows\SysWow64\h5tool32.dll [2011.06.29 08:30:56 | 001,064,960 | ---- | C] () -- C:\Windows\SysWow64\h5krnl32.dll [2011.06.29 08:30:56 | 000,188,928 | ---- | C] () -- C:\Windows\SysWow64\h5icon32.dll [2011.06.29 08:30:56 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\h5menu32.dll [2011.06.23 21:31:44 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011.06.23 21:31:44 | 000,207,376 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011.06.23 21:31:43 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2011.06.23 19:51:09 | 000,080,368 | ---- | C] () -- C:\Windows\SysWow64\pbadrvdll.dll [2011.06.23 19:48:48 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\instsrv.exe [2011.06.23 19:48:48 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe [2011.06.23 19:46:22 | 000,030,028 | R--- | C] () -- C:\Windows\ConnectionProfiles.dat [2011.02.11 19:06:36 | 001,599,138 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.11.13 21:35:07 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Roaming\Aqoqlo [2012.11.19 13:52:59 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Roaming\DriverCure [2012.07.14 19:53:18 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Roaming\DVDVideoSoft [2012.07.14 19:53:08 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Roaming\DVDVideoSoftIEHelpers [2012.11.13 21:35:07 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Roaming\Eswat [2012.09.07 13:50:44 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Roaming\ICQ [2012.11.23 11:22:37 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Roaming\Lyhu [2012.07.31 21:06:08 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Roaming\Nokia [2012.10.07 18:48:57 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Roaming\Notepad++ [2012.07.31 20:49:48 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Roaming\PC Suite [2012.11.13 22:07:51 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Roaming\Samsung [2012.06.20 10:09:50 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Roaming\SAP [2012.06.22 07:33:57 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Roaming\sfdc-desktop.0E7F0072024938CDBA99B20C38B5F315254C2A5B.1 [2012.11.19 13:52:59 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Roaming\SpeedyPC Software ========== Purity Check ========== < End of report > Extras: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 23.11.2012 11:23:16 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = d:\benutzer\DailyDose\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,88 Gb Total Physical Memory | 4,94 Gb Available Physical Memory | 62,65% Memory free
15,77 Gb Paging File | 13,08 Gb Available in Paging File | 82,95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 59,95 Gb Total Space | 20,35 Gb Free Space | 33,95% Space Free | Partition Type: NTFS
Drive D: | 58,52 Gb Total Space | 47,02 Gb Free Space | 80,35% Space Free | Partition Type: NTFS
Computer Name: P1275 | User Name: DailyDose | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"" =
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{051C9F50-9EDD-4DF6-BB6D-A3B50BC8B6E5}" = lport=137 | protocol=17 | dir=in | app=system |
"{06811611-4E17-4813-974E-5A47E0D38100}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{218446C7-1E29-42FE-B51E-96D307EA9EAA}" = lport=138 | protocol=17 | dir=in | app=system |
"{30CDD2E9-B083-473E-A0EE-ACB3D1806A4A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{41C2473A-DD86-4CFB-AEFB-547B38610D1A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4FA6C55D-AE73-4942-9C7D-69F97394B300}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{503555BB-543E-4322-BB97-A0F1F2398CCB}" = lport=445 | protocol=6 | dir=in | app=system |
"{6F6BBB5C-9127-4311-B8D1-D72E156B21AB}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{76BF1C4B-CD18-447C-9337-ED2840211FDF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{97877BB8-E89C-421B-B686-184FF90283CB}" = lport=139 | protocol=6 | dir=in | app=system |
"{AD16DD12-8082-47B3-8228-59464BCE2A23}" = rport=138 | protocol=17 | dir=out | app=system |
"{C5EE2ABE-E641-49D1-BDDB-E3DC52E24C43}" = rport=137 | protocol=17 | dir=out | app=system |
"{C7BE1FE4-1A46-4896-9442-4DF37F67784A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{D6F44192-5580-47C4-B2F6-BAC5F59544BD}" = rport=139 | protocol=6 | dir=out | app=system |
"{E527BBB1-C6C4-4CBA-96F0-9C3B0AD99D45}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{F9C5D6C4-EA18-4CD9-A82F-7D9548DBFC3E}" = rport=445 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04149250-B4E5-4C9E-8FFC-53AD7E8507BA}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{05905DA8-5E9C-401C-9C31-27204EABDCE4}" = dir=in | app=c:\program files (x86)\samsung\allshare\allshare.exe |
"{0AFAB201-1A43-4021-BBBB-8F5332A22E5E}" = dir=in | app=c:\program files (x86)\samsung\allshare\allsharedms\allsharedms.exe |
"{17DEABE2-6A2A-4890-BCA0-B401F481B2CA}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{37B8E21F-1D71-4714-A104-1FCAE6FE37D5}" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"{4B0B3ABB-0B9C-448F-B491-06E89E8D7965}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{4C6011F2-DE9F-4B06-BD51-17D48F0522DC}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{4DBB64EC-28E2-4E83-953A-46A56D9C597F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{5EDC1386-4C48-43F7-80A1-675802B09BD5}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe |
"{75A85B26-CFA5-4531-90B0-E7E9328500A5}" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"{800BAECD-D0F9-4456-8DE2-C91D43C823A6}" = dir=in | app=c:\program files (x86)\samsung\allshare\allshareagent.exe |
"{864E1CF7-AE6A-4F47-B968-947CD4067DB5}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe |
"{8971D633-8EF2-4681-8530-07DA31BC37D3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A3C52D44-B49C-424A-A3AB-D96E628EB047}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe |
"{A60A2B87-0D32-43BF-AA65-357B79512C8F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A96893EA-6D4F-4BAF-96AA-E080F40C7830}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{AADE7A65-E549-4F7A-875B-5DE653706428}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe |
"{B10A8CD9-94F7-46C6-807D-C048D937BD2D}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe |
"{B8602F01-7B14-4EAE-BD74-21BC3E20B1F9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BDDBB28C-57B5-4738-93DA-E05CA1947230}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{D8BCFC13-5FC1-4739-A4E2-A92E02AEC117}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{E01B6FCF-963C-4FC4-8052-5503E007E56C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E0A72312-9A08-4DAF-84C5-7EC7D428F5B8}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe |
"{E2284230-8E92-4E23-813E-3E42F9848542}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{F73EDF71-B8E7-413A-8B58-57C69A53A9EC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"TCP Query User{0B7DDD35-EAF2-40E3-AB1F-27274B7948C7}D:\nwds 7.3\eclipse\sapnetweaverdeveloperstudio.exe" = protocol=6 | dir=in | app=d:\nwds 7.3\eclipse\sapnetweaverdeveloperstudio.exe |
"TCP Query User{32D4C93E-48D5-4014-8A76-BA94B3B5AF32}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"TCP Query User{33F8A5F9-CB90-4E36-8895-DCBA96547F84}C:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"TCP Query User{513919BE-36FC-40D2-8F3B-68EB0FAB0AE7}D:\benutzer\DailyDose\appdata\roaming\aqoqlo\nyuq.exe" = protocol=6 | dir=in | app=d:\benutzer\DailyDose\appdata\roaming\aqoqlo\nyuq.exe |
"TCP Query User{CC64E60B-8725-4E86-BCAF-F7A4A462B67B}D:\nwds 7.3\eclipse\sapnetweaverdeveloperstudio.exe" = protocol=6 | dir=in | app=d:\nwds 7.3\eclipse\sapnetweaverdeveloperstudio.exe |
"TCP Query User{D260B910-D709-4897-82F0-F447BECA5F0C}C:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"UDP Query User{1C35AA58-82F4-46E5-9E87-28CF2F6A489C}D:\nwds 7.3\eclipse\sapnetweaverdeveloperstudio.exe" = protocol=17 | dir=in | app=d:\nwds 7.3\eclipse\sapnetweaverdeveloperstudio.exe |
"UDP Query User{36B3B263-D059-4B99-A1F5-F845A9F299CE}C:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"UDP Query User{3772CC24-27E4-4CDE-AD20-16803E62898A}D:\nwds 7.3\eclipse\sapnetweaverdeveloperstudio.exe" = protocol=17 | dir=in | app=d:\nwds 7.3\eclipse\sapnetweaverdeveloperstudio.exe |
"UDP Query User{37C15551-215E-4337-93EA-718E2357EC39}C:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"UDP Query User{60673E00-2D3D-4395-B664-871E3499AFBE}D:\benutzer\DailyDose\appdata\roaming\aqoqlo\nyuq.exe" = protocol=17 | dir=in | app=d:\benutzer\DailyDose\appdata\roaming\aqoqlo\nyuq.exe |
"UDP Query User{6141B2A0-2DAF-4833-89AF-916E62EB3BEC}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software Installer
"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"{1111706F-666A-4037-7777-211648764D10}" = JavaFX 2.1.1 (64-bit)
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{2222706F-666A-4037-7777-211648764D10}" = JavaFX 2.1.1 SDK (64-bit)
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java(TM) 6 Update 24 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java(TM) 7 Update 5 (64-bit)
"{2EECD5EF-5095-467C-B80C-4AB3096EFD60}" = SPBA 5.9
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
"{3DCDFCDB-4D96-4CF0-9BB3-C91DAE9073F3}" = PC-CCID
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{4E60E212-3177-4B16-BCB3-616CCC52357D}" = Upek Touchchip Fingerprint Reader
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{64A3A4F4-B792-11D6-A78A-00B0D0170000}" = Java(TM) SE Development Kit 7 (64-bit)
"{64A3A4F4-B792-11D6-A78A-00B0D0170050}" = Java SE Development Kit 7 Update 5 (64-bit)
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6AC87FB3-ACFC-4416-890C-8976D5A9B371}" = Trusted Drive Manager
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7206B668-FEE0-455B-BB1F-9B5A2E0EC94A}" = Custom
"{75E0B85A-085F-4BA3-B2BF-1995AFD8024D}" = NTRU TCG Software Stack
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A6B4FE2-7CC4-4DAC-BC68-D9E170B758FD}" = Dell ControlVault Host Components Installer 64 bit
"{8C9B6B1F-0A8E-402A-A60C-110BBB38D67E}" = Intel(R) Network Connections 15.7.176.1
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{91CE5F03-3A2A-4268-935A-04944F058AE9}" = Gemalto
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DAED4FC-2B0E-4F3F-8141-F2ABF02CCFCB}" = BioAPI Framework
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Data Protection | Access
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"{F52ABC1D-5EA4-4FDD-8E5F-CA31428570C0}" = Wave Infrastructure Installer
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F839C6BD-E92E-48FA-9CE6-7BFAF94F7096}" = DellAccess
"{FDF509ED-9624-4FDE-9BAA-9566C186AB96}" = Dell System Manager
"9512AA21B791B05A54E27065C45BBC417AB282DF" = Windows-Treiberpaket - Dell Inc. PBADRV System (09/11/2009 1.0.1.6)
"DW WLAN Card Utility" = DW WLAN Card Utility
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"GIMP-2_is1" = GIMP 2.8.0
"GPL Ghostscript 9.05" = GPL Ghostscript
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Nightly 19.0a1 (x64 en-US)" = Nightly 19.0a1 (x64 en-US)
"PROSetDX" = Intel(R) Network Connections 15.7.176.1
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{013FA6FF-9BDA-4FFF-A4E6-B7EA5C6505CF}" = WoLoSoft CopyPath
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BA13348-6283-69B1-FC00-77C8FB034FD5}" = Chatter Desktop
"{0CB3B7EE-52C7-4136-AF40-605567D90318}" = O2Micro Flash Memory Card Windows Driver
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{23EEC842-57ED-4055-A056-9D4185DFB1AA}" = Dell Mobile Broadband Manager
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2C43790E-8470-1027-82D3-DF319F3C410F}" = Intel(R) Identity Protection Technology 1.0.71.0
"{32A3A4F4-B792-11D6-A78A-00B0D0160310}" = Java(TM) SE Development Kit 6 Update 31
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E4E65EE-C456-45AC-B5AD-C62C3A325BD0}" = Dell Data Protection | Access | Drivers
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}" = ICQ7M
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7964AE02-9127-42C0-A917-2CE4CD4EFE3B}" = Nokia Suite
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841CBDD5-4BB5-403E-AEE3-2FADC3890BE8}" = Dell Data Protection | Access | Middleware
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_SMALLBUSINESS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_SMALLBUSINESS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_SMALLBUSINESS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_SMALLBUSINESS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_SMALLBUSINESS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_SMALLBUSINESS_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_SMALLBUSINESS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_SMALLBUSINESS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_SMALLBUSINESS_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_SMALLBUSINESS_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_SMALLBUSINESS_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_SMALLBUSINESS_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00CA-0000-0000-0000000FF1CE}" = Microsoft Office Small Business 2007
"{90120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-004E-0407-0000-0000000FF1CE}" = Microsoft Outlook Connector für soziale Netzerker 32-Bit
"{95140000-007C-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Facebook 32-bit
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}" = Sophos Anti-Virus
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9D583F01-A973-4B04-90BD-FB7886779090}" = Dell Wireless HSPA Mini-Card Drivers
"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7D91856-258D-4C87-8041-B170851CE432}" = Dell Data Protection | Access
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B829E117-D072-41EA-9606-9826A38D34C1}" = Sophos Virus Removal Tool
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA5B2BDC-F654-4A88-A669-4D34BC7846A1}" = PC Connectivity Solution
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FED1005D-CBC8-45D5-A288-FFC7BB304121}" = Sophos Remote Management System
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"Dell Webcam Central" = Dell Webcam Central
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.26.706
"FreePDF_XP" = FreePDF (Remove only)
"InstallShield_{0CB3B7EE-52C7-4136-AF40-605567D90318}" = O2Micro Flash Memory Card Windows Driver
"IrfanView" = IrfanView (remove only)
"LinkedIn Outlook Connector" = LinkedIn Outlook Connector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Nokia Suite" = Nokia Suite
"Notepad++" = Notepad++
"OpenVPN" = OpenVPN 2.2.0
"RealPlayer 15.0" = RealPlayer
"SAPBI" = SAP Business Explorer
"SAPGUI710" = SAP GUI for Windows 7.20
"sfdc-desktop.0E7F0072024938CDBA99B20C38B5F315254C2A5B.1" = Chatter Desktop
"SMALLBUSINESS" = Microsoft Office Small Business 2007
"SopCast" = SopCast 3.5.0
"VLC media player" = VLC media player 2.0.2
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"XING Connector" = XING Connector 1.2
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 13.11.2012 13:56:47 | Computer Name = P1275.solution.local | Source = Bonjour Service | ID = 100
Description = 204: ERROR: read_msg errno 0 (Der Vorgang wurde erfolgreich beendet.)
Error - 13.11.2012 14:02:16 | Computer Name = P1275.solution.local | Source = Sophos Message Router | ID = 8005
Description = DNS Lookup schlug bei Auflösung folgender Adressen fehl: sv076,sv076.solution.local.%3
Error - 13.11.2012 16:18:03 | Computer Name = P1275.solution.local | Source = Sophos Message Router | ID = 8006
Description = Die Netzwerkidentität (Interoperable Object Reference oder IOR) des
lokalen Computers ist ungültig.%3
Error - 13.11.2012 16:24:54 | Computer Name = P1275.solution.local | Source = Sophos Message Router | ID = 8006
Description = Die Netzwerkidentität (Interoperable Object Reference oder IOR) des
lokalen Computers ist ungültig.%3
Error - 13.11.2012 16:35:41 | Computer Name = P1275.solution.local | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 16.0.2.4680 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 428 Startzeit:
01cdc1de528b48c7 Endzeit: 37 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID:
ad0c37e0-2dd1-11e2-bfde-08edb9dc23cc
Error - 13.11.2012 16:36:06 | Computer Name = P1275.solution.local | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 16.0.2.4680 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 36c4 Startzeit:
01cdc1de73fed949 Endzeit: 7 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID:
bd0cd3bc-2dd1-11e2-bfde-08edb9dc23cc
Error - 13.11.2012 16:40:46 | Computer Name = P1275.solution.local | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: chrome.exe, Version: 22.0.1229.94,
Zeitstempel: 0x507531a4 Name des fehlerhaften Moduls: chrome.dll, Version: 22.0.1229.94,
Zeitstempel: 0x50753154 Ausnahmecode: 0x80000003 Fehleroffset: 0x00557c64 ID des fehlerhaften
Prozesses: 0x3be8 Startzeit der fehlerhaften Anwendung: 0x01cdc1de7c3fdaaa Pfad der
fehlerhaften Anwendung: d:\benutzer\DailyDose\AppData\Local\Google\Chrome\Application\chrome.exe
Pfad
des fehlerhaften Moduls: d:\benutzer\DailyDose\AppData\Local\Google\Chrome\Application\22.0.1229.94\chrome.dll
Berichtskennung:
6659c66f-2dd2-11e2-bfde-08edb9dc23cc
Error - 13.11.2012 16:42:54 | Computer Name = P1275.solution.local | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: chrome.exe, Version: 22.0.1229.94,
Zeitstempel: 0x507531a4 Name des fehlerhaften Moduls: chrome.exe, Version: 22.0.1229.94,
Zeitstempel: 0x507531a4 Ausnahmecode: 0x80000003 Fehleroffset: 0x00013b30 ID des fehlerhaften
Prozesses: 0x3c10 Startzeit der fehlerhaften Anwendung: 0x01cdc1df2b2fc17e Pfad der
fehlerhaften Anwendung: d:\benutzer\DailyDose\AppData\Local\Google\Chrome\Application\chrome.exe
Pfad
des fehlerhaften Moduls: d:\benutzer\DailyDose\AppData\Local\Google\Chrome\Application\chrome.exe
Berichtskennung:
b29f4685-2dd2-11e2-bfde-08edb9dc23cc
Error - 13.11.2012 16:47:22 | Computer Name = P1275.solution.local | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: chrome.exe, Version: 22.0.1229.94,
Zeitstempel: 0x507531a4 Name des fehlerhaften Moduls: RPCRT4.dll, Version: 6.1.7601.17514,
Zeitstempel: 0x4ce7ba59 Ausnahmecode: 0xc0020043 Fehleroffset: 0x0005cd99 ID des fehlerhaften
Prozesses: 0x960 Startzeit der fehlerhaften Anwendung: 0x01cdc1df940bf14e Pfad der
fehlerhaften Anwendung: d:\benutzer\DailyDose\AppData\Local\Google\Chrome\Application\chrome.exe
Pfad
des fehlerhaften Moduls: C:\Windows\syswow64\RPCRT4.dll Berichtskennung: 525da4af-2dd3-11e2-bfde-08edb9dc23cc
Error - 13.11.2012 16:51:46 | Computer Name = P1275.solution.local | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: chrome.exe, Version: 22.0.1229.94,
Zeitstempel: 0x507531a4 Name des fehlerhaften Moduls: RPCRT4.dll, Version: 6.1.7601.17514,
Zeitstempel: 0x4ce7ba59 Ausnahmecode: 0xc0020043 Fehleroffset: 0x0005cd99 ID des fehlerhaften
Prozesses: 0x4840 Startzeit der fehlerhaften Anwendung: 0x01cdc1e0a27bf5d7 Pfad der
fehlerhaften Anwendung: d:\benutzer\DailyDose\AppData\Local\Google\Chrome\Application\chrome.exe
Pfad
des fehlerhaften Moduls: C:\Windows\syswow64\RPCRT4.dll Berichtskennung: efb92ab8-2dd3-11e2-bfde-08edb9dc23cc
[ Broadcom Wireless LAN Events ]
Error - 26.07.2012 07:54:49 | Computer Name = P1275.solution.local | Source = WLAN-Tray | ID = 0
Description = 13:54:49, Thu, Jul 26, 12 Error - Unable to set enhanced country code
[ System Events ]
Error - 13.11.2012 09:53:31 | Computer Name = P1275.solution.local | Source = Microsoft-Windows-GroupPolicy | ID = 1054
Description = Fehler beim Verarbeiten der Gruppenrichtlinie. Der Name eines Domänencontrollers
konnte nicht abgerufen werden. Dies kann auf einen Fehler bei der Namensauflösung
zurückzuführen sein. Überprüfen Sie, ob DNS (Domain Name System) konfiguriert ist
und richtig ausgeführt wird.
Error - 13.11.2012 11:20:13 | Computer Name = P1275.solution.local | Source = Microsoft-Windows-GroupPolicy | ID = 1054
Description = Fehler beim Verarbeiten der Gruppenrichtlinie. Der Name eines Domänencontrollers
konnte nicht abgerufen werden. Dies kann auf einen Fehler bei der Namensauflösung
zurückzuführen sein. Überprüfen Sie, ob DNS (Domain Name System) konfiguriert ist
und richtig ausgeführt wird.
Error - 13.11.2012 13:22:10 | Computer Name = P1275.solution.local | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender
Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann
eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn
die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde
und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere
Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.
Error - 13.11.2012 13:57:22 | Computer Name = P1275.solution.local | Source = NETLOGON | ID = 5719
Description = Der Computer konnte eine sichere Sitzung mit einem Domänencontroller
in der Domäne solution aufgrund der folgenden Ursache nicht einrichten: %%1311
Dies
kann zu Authentifizierungsproblemen führen. Stellen Sie sicher, dass der Computer
mit dem Netzwerk verbunden ist. Wenden Sie sich an den Domänenadministrator, wenn
das Problem weiterhin besteht. ZUSÄTZLICHE INFORMATIONEN Wenn dieser Computer ein
Domänencontroller der bestimmten Domäne ist, wird eine sichere Sitzung zum primären
Domänencontrolleremulator
in der bestimmten Domäne eingerichtet. Andernfalls richtet dieser Computer eine
sichere Sitzung zu einem beliebigen Domänencontroller in der bestimmten Domäne ein.
Error - 13.11.2012 14:56:52 | Computer Name = P1275.solution.local | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender
Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann
eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn
die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde
und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere
Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.
Error - 13.11.2012 15:21:45 | Computer Name = P1275.solution.local | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender
Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann
eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn
die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde
und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere
Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.
Error - 14.11.2012 03:51:22 | Computer Name = P1275.solution.local | Source = NETLOGON | ID = 5719
Description = Der Computer konnte eine sichere Sitzung mit einem Domänencontroller
in der Domäne solution aufgrund der folgenden Ursache nicht einrichten: %%1311
Dies
kann zu Authentifizierungsproblemen führen. Stellen Sie sicher, dass der Computer
mit dem Netzwerk verbunden ist. Wenden Sie sich an den Domänenadministrator, wenn
das Problem weiterhin besteht. ZUSÄTZLICHE INFORMATIONEN Wenn dieser Computer ein
Domänencontroller der bestimmten Domäne ist, wird eine sichere Sitzung zum primären
Domänencontrolleremulator
in der bestimmten Domäne eingerichtet. Andernfalls richtet dieser Computer eine
sichere Sitzung zu einem beliebigen Domänencontroller in der bestimmten Domäne ein.
Error - 14.11.2012 03:54:56 | Computer Name = P1275.solution.local | Source = NETLOGON | ID = 5719
Description = Der Computer konnte eine sichere Sitzung mit einem Domänencontroller
in der Domäne solution aufgrund der folgenden Ursache nicht einrichten: %%1311
Dies
kann zu Authentifizierungsproblemen führen. Stellen Sie sicher, dass der Computer
mit dem Netzwerk verbunden ist. Wenden Sie sich an den Domänenadministrator, wenn
das Problem weiterhin besteht. ZUSÄTZLICHE INFORMATIONEN Wenn dieser Computer ein
Domänencontroller der bestimmten Domäne ist, wird eine sichere Sitzung zum primären
Domänencontrolleremulator
in der bestimmten Domäne eingerichtet. Andernfalls richtet dieser Computer eine
sichere Sitzung zu einem beliebigen Domänencontroller in der bestimmten Domäne ein.
Error - 14.11.2012 03:54:56 | Computer Name = P1275.solution.local | Source = Service Control Manager | ID = 7001
Description = Der Dienst "NTRU TSS v1.2.1.34 TCS" ist vom Dienst "TPM-Basisdienste"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%0
Error - 14.11.2012 03:55:00 | Computer Name = P1275.solution.local | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Sophos AutoUpdate Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%5
< End of report >
Geändert von DailyDose (23.11.2012 um 11:37 Uhr) |
|
23.11.2012, 18:24
| #2 | |
| /// TB-Ausbilder  | Sophos meldet im Speicher: Troj/ZbotMem-B Ich werde dir bei deinem Problem helfen. Eine Bereinigung ist mitunter mit viel Arbeit für Dich (und mich) verbunden. Bevor es los geht, habe ich etwas Lesestoff für dich. Schritt 1: Adware entfernen mit JRT Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.  Bitte lade Junkware Removal Tool auf Deinen Desktop.
Schritt 2: Scan mit aswMBR Schritt 3: Scan mit dem TDSS-Killer Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen.
__________________ |
|
23.11.2012, 19:56
| #3 | |||
| | Sophos meldet im Speicher: Troj/ZbotMem-B Hallo ryder,
__________________erstmal vielen Dank, dass du dich um mein Problem kümmerst. JRT-Log: Zitat:
Zitat:
Zitat:
|
|
23.11.2012, 21:02
| #4 | |||
| /// TB-Ausbilder | Sophos meldet im Speicher: Troj/ZbotMem-B CODE und nicht QUOTE Tags bitte.
Dann bitte jetzt Combofix ausführen: Scan mit Combofix
__________________  Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
24.11.2012, 01:25
| #5 |
| | Sophos meldet im Speicher: Troj/ZbotMem-B ComboFix: [CODE] Combofix Logfile: Code:
ATTFilter ComboFix 12-11-23.02 - *** 24.11.2012 1:08.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.8073.5362 [GMT 1:00]
ausgeführt von:: d:\benutzer\***\Desktop\ComboFix.exe
AV: Sophos Anti-Virus *Disabled/Updated* {65FBD860-96D8-75EF-C7ED-7BE27E6C498A}
SP: Sophos Anti-Virus *Disabled/Updated* {DE9A3984-B0E2-7A61-FD5D-409005EB0337}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
c:\windows\security\Database\tmp.edb
c:\windows\SysWow64\instsrv.exe
d:\benutzer\***\AppData\Roaming\Aqoqlo
d:\benutzer\***\AppData\Roaming\Aqoqlo\nyuq.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-10-24 bis 2012-11-24 ))))))))))))))))))))))))))))))
.
.
2012-11-24 00:11 . 2012-11-24 00:11 -------- d-----w- d:\benutzer\Default\AppData\Local\temp
2012-11-23 18:33 . 2012-11-23 18:33 -------- d-----w- c:\windows\ERUNT
2012-11-23 18:33 . 2012-11-23 18:33 -------- d-----w- C:\JRT
2012-11-23 11:44 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EB365840-F82A-4C63-92AF-6077F2DCD4F6}\mpengine.dll
2012-11-23 09:37 . 2012-11-23 09:37 -------- d-----w- d:\benutzer\***\AppData\Roaming\Malwarebytes
2012-11-23 09:36 . 2012-11-23 09:36 -------- d-----w- c:\programdata\Malwarebytes
2012-11-23 09:36 . 2012-11-23 09:36 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-11-23 09:36 . 2012-09-29 18:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-19 14:44 . 2012-11-24 00:04 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-11-19 14:44 . 2012-11-24 00:04 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-11-19 14:37 . 2012-11-19 14:37 73728 ----a-r- d:\benutzer\***\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-11-19 14:37 . 2012-11-19 14:37 73728 ----a-r- d:\benutzer\***\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-11-19 14:37 . 2012-11-19 14:37 73728 ----a-r- d:\benutzer\***\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2012-11-19 13:05 . 2012-11-19 13:05 -------- d-----w- c:\program files\Enigma Software Group
2012-11-19 13:05 . 2012-11-19 13:07 -------- d-----w- c:\windows\83B952C7F8F34CA3B4C533C85B24E478.TMP
2012-11-19 13:05 . 2012-11-19 13:05 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-11-19 12:52 . 2012-11-19 12:52 -------- d-----w- d:\benutzer\***\AppData\Roaming\DriverCure
2012-11-19 12:26 . 2012-11-19 12:26 -------- d-----w- c:\program files (x86)\Common Files\Cisco Systems
2012-11-19 12:26 . 2012-11-19 12:00 37400 ----a-w- c:\windows\system32\SophosBootTasks.exe
2012-11-19 12:12 . 2012-11-19 12:12 36640 ----a-w- c:\windows\system32\drivers\sdcfilter.sys
2012-11-19 12:01 . 2012-11-19 12:01 144672 ----a-w- c:\windows\system32\drivers\savonaccess.sys
2012-11-19 11:56 . 2012-11-19 11:56 183024 ----a-w- c:\windows\system32\sdccoinstaller.dll
2012-11-19 11:35 . 2012-11-19 11:41 -------- d-----w- C:\fixupdate
2012-11-15 08:18 . 2012-11-23 12:45 -------- d-----w- c:\program files\Nightly
2012-11-13 20:49 . 2012-11-13 20:49 -------- d-----w- d:\benutzer\***\AppData\Local\Sophos
2012-11-13 20:35 . 2012-11-23 13:12 -------- d-----w- d:\benutzer\***\AppData\Roaming\Lyhu
2012-11-13 20:35 . 2012-11-13 20:35 -------- d-----w- d:\benutzer\***\AppData\Roaming\Eswat
2012-11-12 19:37 . 2012-11-13 12:14 -------- d-----w- c:\programdata\SFlash
2012-11-12 19:37 . 2012-11-13 21:08 -------- d-----w- c:\program files (x86)\ScreenCam
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-19 11:27 . 2012-10-02 08:31 226186 ----a-w- C:\FixUpdate.vbs
2012-11-14 07:58 . 2012-06-20 09:03 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-14 07:58 . 2011-06-28 13:03 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-03 19:59 . 2012-09-03 19:59 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-03 19:59 . 2012-06-20 03:39 821736 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-09-03 19:59 . 2011-06-23 18:43 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-26 17:30 . 2010-09-20 12:51 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-08-26 17:30 . 2006-10-20 20:23 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"NokiaSuite.exe"="c:\program files (x86)\Nokia\Nokia Suite\NokiaSuite.exe" [2012-05-16 1084840]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"FreePDF Assistant"="c:\program files (x86)\FreePDF_XP\fpassist.exe" [2011-02-23 371200]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"Sophos AutoUpdate Monitor"="c:\program files (x86)\Sophos\AutoUpdate\almon.exe" [2012-11-19 900160]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-08-26 296096]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Chatter Desktop.lnk - c:\program files (x86)\salesforce.com\Chatter Desktop\Chatter Desktop.exe [2012-11-4 142336]
.
d:\benutzer\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Chatter Desktop.lnk - c:\program files (x86)\salesforce.com\Chatter Desktop\Chatter Desktop.exe [2012-11-4 142336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLogonScripts"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~2\Sophos\SOPHOS~1\sophos_detoured.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1766616536-2676184462-1655401747-6430\Scripts\Logon\0\0]
"Script"=\\***.local\NETLOGON\workstations.bat
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001
.
R1 vflt;Shrew Soft Lightweight Filter;c:\windows\system32\DRIVERS\vfilter.sys [2010-09-02 21504]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 swi_update_64;Sophos Web Intelligence Update;c:\programdata\Sophos\Web Intelligence\swi_update_64.exe [2012-11-19 2009664]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-03 2656280]
R3 d554gps;Dell Wireless HSPA Mini-Card GPS Port;c:\windows\system32\DRIVERS\d554gps64.sys [2010-12-02 101416]
R3 d554scard;Dell Wireless HSPA Mini-Card USIM Port;c:\windows\system32\DRIVERS\d554scard.sys [2010-11-19 61992]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 ecnssndis; Mobile Broadband Driver;c:\windows\system32\Drivers\wwuss64.sys [2010-02-24 26664]
R3 ecnssndisfltr; Mobile Broadband Driver Filter;c:\windows\system32\Drivers\wwussf64.sys [2010-02-24 30248]
R3 Mbm3CBus;Dell Wireless 5550 HSPA+ Mini-Card Device (WDM);c:\windows\system32\DRIVERS\Mbm3CBus.sys [2010-11-01 411208]
R3 Mbm3DevMt;Dell Wireless HSPA Mini-Card Device Management Driver (WDM);c:\windows\system32\DRIVERS\Mbm3DevMt.sys [2010-11-01 419912]
R3 Mbm3mdfl;Dell Wireless HSPA Mini-Card Modem Filter;c:\windows\system32\DRIVERS\Mbm3mdfl.sys [2010-11-01 19528]
R3 Mbm3Mdm;Dell Wireless HSPA Mini-Card Modem Driver;c:\windows\system32\DRIVERS\Mbm3Mdm.sys [2010-11-01 472648]
R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys [2010-11-21 168448]
R3 O2MDFRDR;O2MDFRDR;c:\windows\system32\drivers\O2MDFw7x64.sys [2011-01-03 72808]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
R3 sdcfilter;sdcfilter;c:\windows\system32\DRIVERS\sdcfilter.sys [2012-11-19 36640]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-21 88960]
R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys [2010-11-21 22528]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 vnet;Shrew Soft Virtual Adapter;c:\windows\system32\DRIVERS\virtualnet.sys [2010-09-02 17408]
R3 WwanUsbServ;Mobile Broadband Driver;c:\windows\system32\DRIVERS\WwanUsbMp64.sys [2011-02-08 276520]
R4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys [2012-06-20 25608]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 SAVOnAccess;SAVOnAccess;c:\windows\system32\DRIVERS\savonaccess.sys [2012-11-19 144672]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2010-10-28 1035680]
S2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2010-10-28 36768]
S2 dcpsysmgrsvc;Dell System Manager Service;c:\program files\Dell\Dell System Manager\DCPSysMgrSvc.exe [2011-01-20 517488]
S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2010-09-22 165032]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2010-11-29 210896]
S2 O2SDIOAssist;O2SDIOAssist;c:\windows\SysWOW64\srvany.exe [2003-04-19 8192]
S2 SAVAdminService;Sophos Anti-Virus Statusreporter;c:\program files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2012-11-19 216640]
S2 SAVService;Sophos Anti-Virus;c:\program files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [2012-11-19 139840]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
S2 Sophos Web Control Service;Sophos Web Control Service;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [2012-11-19 357400]
S2 swi_service;Sophos Web Intelligence Service;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2012-11-19 2869824]
S2 WMCoreService;Mobile Broadband Service;c:\program files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe servicemode [x]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2011-06-23 349736]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-06-23 39464]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-09-16 172960]
S3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys [2010-08-24 38440]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 O2MDRRDR;O2MDRRDR;c:\windows\system32\DRIVERS\O2MDRw7x64.sys [2011-01-03 74984]
S3 O2SDJRDR;O2SDJRDR;c:\windows\system32\DRIVERS\o2sdjw7x64.sys [2011-03-23 83560]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-03 21:10]
.
2012-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-03 21:10]
.
2012-11-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1766616536-2676184462-1655401747-6430Core.job
- d:\benutzer\***\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-20 17:43]
.
2012-11-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1766616536-2676184462-1655401747-6430UA.job
- d:\benutzer\***\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-20 17:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2011-03-04 21:12 139128 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2011-03-04 21:12 139128 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-01-05 592240]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~2\Sophos\SOPHOS~1\sophos_detoured_x64.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Free YouTube to MP3 Converter - d:\benutzer\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - c:\program files (x86)\ICQ7M\ICQ.exe
LSP: c:\programdata\Sophos\Web Intelligence\swi_ifslsp.dll
Trusted Zone: ***.local
TCP: DhcpNameServer = 192.168.11.1
FF - ProfilePath - d:\benutzer\***\AppData\Roaming\Mozilla\Firefox\Profiles\exsvstcb.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-Efubriiqz - d:\benutzer\***\AppData\Roaming\Aqoqlo\nyuq.exe
Toolbar-Locked - (no file)
AddRemove-Free YouTube to MP3 Converter_is1 - c:\program files (x86)\Common Files\DVDVideoSoft\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Sophos Message Router]
"ImagePath"="\"c:\program files (x86)\Sophos\Remote Management System\RouterNT.exe\" -service -name Router -ORBListenEndpoints iiop://:8193/ssl_port=8194"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\DRIVERS\o2flash.exe
c:\windows\sysWOW64\SDIOAssist.exe
c:\program files (x86)\Sophos\Remote Management System\ManagementAgentNT.exe
c:\program files (x86)\Sophos\AutoUpdate\ALsvc.exe
c:\program files (x86)\Sophos\Remote Management System\RouterNT.exe
c:\program files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-11-24 01:14:59 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-11-24 00:14
.
Vor Suchlauf: 14 Verzeichnis(se), 21.731.639.296 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 21.299.142.656 Bytes frei
.
- - End Of File - - 64295FFD6A6040AEAB97A6BD72EC3984
|
|
24.11.2012, 10:14
| #6 | |
| /// TB-Ausbilder | Sophos meldet im Speicher: Troj/ZbotMem-B Okay. Schritt 1: Deinstalliere Spybot Schritt 2: Customscan mit OTL
__________________ --> Sophos meldet im Speicher: Troj/ZbotMem-B |
|
24.11.2012, 10:43
| #7 |
| | Sophos meldet im Speicher: Troj/ZbotMem-B Hallo ryder, 1. Spybot war bereits deinstalliert, nur der Ordner in Programme(x86) war noch vorhanden. 2. OTL: Code:
ATTFilter OTL logfile created on: 24.11.2012 10:32:53 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = d:\benutzer\DailyDose\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,88 Gb Total Physical Memory | 5,89 Gb Available Physical Memory | 74,70% Memory free 15,77 Gb Paging File | 13,61 Gb Available in Paging File | 86,30% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 59,95 Gb Total Space | 19,88 Gb Free Space | 33,16% Space Free | Partition Type: NTFS Drive D: | 58,52 Gb Total Space | 48,18 Gb Free Space | 82,33% Space Free | Partition Type: NTFS Computer Name: P1275 | User Name: DailyDose | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found PRC - d:\benutzer\DailyDose\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe (Sophos Limited) PRC - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia) PRC - C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe (Nokia) PRC - C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de) PRC - C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe (Ericsson AB) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation) PRC - c:\Windows\SysWOW64\SDIOAssist.exe (O2Micro.) PRC - C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) PRC - c:\Windows\SysWOW64\srvany.exe () ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () ========== Services (SafeList) ========== SRV:64bit: - (wltrysvc) -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE (Dell Inc.) SRV:64bit: - (Intel(R) -- C:\Windows\SysNative\IPROSetMonitor.exe (Intel Corporation) SRV:64bit: - (O2FLASH) -- C:\Windows\SysNative\drivers\o2flash.exe (O2Micro International) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (Sophos AutoUpdate Service) -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe (Sophos Limited) SRV - (swi_update_64) -- C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe (Sophos Limited) SRV - (Sophos Web Control Service) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe (Sophos Limited) SRV - (SAVAdminService) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Limited) SRV - (swi_service) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe (Sophos Limited) SRV - (SAVService) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Limited) SRV - (Sophos Message Router) -- C:\Program Files (x86)\Sophos\Remote Management System\RouterNT.exe (Sophos Limited) SRV - (Sophos Agent) -- C:\Program Files (x86)\Sophos\Remote Management System\ManagementAgentNT.exe (Sophos Limited) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (OpenVPNService) -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe () SRV - (TdmService) -- C:\Programme\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe (Wave Systems Corp.) SRV - (WMCoreService) -- C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe (Ericsson AB) SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (STacSV) -- C:\Programme\IDT\WDM\stacsv64.exe (IDT, Inc.) SRV - (dcpsysmgrsvc) -- c:\Programme\Dell\Dell System Manager\DCPSysMgrSvc.exe (Dell Inc.) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation) SRV - (SecureStorageService) -- C:\Programme\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe (Wave Systems Corp.) SRV - (Credential Vault Host Storage) -- C:\Programme\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe (Broadcom Corporation) SRV - (Credential Vault Host Control Service) -- C:\Programme\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe (Broadcom Corporation) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (tcsd_win32.exe) -- C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe () SRV - (CVPND) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (AESTFilters) -- C:\Programme\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation) SRV - (O2SDIOAssist) -- c:\Windows\SysWOW64\srvany.exe () ========== Driver Services (SafeList) ========== DRV:64bit: - (sdcfilter) -- C:\Windows\SysNative\drivers\sdcfilter.sys (Sophos Limited) DRV:64bit: - (SAVOnAccess) -- C:\Windows\SysNative\drivers\savonaccess.sys (Sophos Limited) DRV:64bit: - (SophosBootDriver) -- C:\Windows\SysNative\drivers\SophosBootDriver.sys (Sophos Plc) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation) DRV:64bit: - (e1cexpress) -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation) DRV:64bit: - (BTWAMPFL) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.) DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.) DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.) DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.) DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.) DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (O2SDJRDR) -- C:\Windows\SysNative\drivers\o2sdjw7x64.sys (O2Micro ) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (WwanUsbServ) -- C:\Windows\SysNative\drivers\WwanUsbMp64.sys (Ericsson AB) DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.) DRV:64bit: - (BCM42RLY) -- C:\Windows\SysNative\drivers\bcm42rly.sys (Broadcom Corporation) DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation) DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV:64bit: - (O2MDRRDR) -- C:\Windows\SysNative\drivers\O2MDRw7x64.sys (O2Micro ) DRV:64bit: - (O2MDFRDR) -- C:\Windows\SysNative\drivers\o2mdfw7x64.sys (O2Micro ) DRV:64bit: - (d554gps) -- C:\Windows\SysNative\drivers\d554gps64.sys (Ericsson AB) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (netvsc) -- C:\Windows\SysNative\drivers\netvsc60.sys (Microsoft Corporation) DRV:64bit: - (tsusbhub) -- C:\Windows\SysNative\drivers\tsusbhub.sys (Microsoft Corporation) DRV:64bit: - (Synth3dVsc) -- C:\Windows\SysNative\drivers\Synth3dVsc.sys (Microsoft Corporation) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation) DRV:64bit: - (SynthVid) -- C:\Windows\SysNative\drivers\VMBusVideoM.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (d554scard) -- C:\Windows\SysNative\drivers\d554scard.sys (Ericsson AB) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (Mbm3Mdm) -- C:\Windows\SysNative\drivers\Mbm3Mdm.sys (MCCI Corporation) DRV:64bit: - (Mbm3DevMt) -- C:\Windows\SysNative\drivers\Mbm3DevMt.sys (MCCI Corporation) DRV:64bit: - (Mbm3CBus) -- C:\Windows\SysNative\drivers\Mbm3CBus.sys (MCCI Corporation) DRV:64bit: - (Mbm3mdfl) -- C:\Windows\SysNative\drivers\Mbm3mdfl.sys (MCCI Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (vflt) -- C:\Windows\SysNative\drivers\vfilter.sys (Shrew Soft Inc) DRV:64bit: - (vnet) -- C:\Windows\SysNative\drivers\virtualnet.sys (Shrew Soft Inc) DRV:64bit: - (cvusbdrv) -- C:\Windows\SysNative\drivers\cvusbdrv.sys (Broadcom Corporation) DRV:64bit: - (CVPNDRVA) -- C:\Windows\SysNative\drivers\CVPNDRVA.sys () DRV:64bit: - (ecnssndisfltr) -- C:\Windows\SysNative\drivers\wwussf64.sys (Ericsson AB) DRV:64bit: - (ecnssndis) -- C:\Windows\SysNative\drivers\wwuss64.sys (Ericsson AB) DRV:64bit: - (CVirtA) -- C:\Windows\SysNative\drivers\CVirtA64.sys (Cisco Systems, Inc.) DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (DNE) -- C:\Windows\SysNative\drivers\dne64x.sys (Deterministic Networks, Inc.) DRV:64bit: - (PBADRV) -- C:\Windows\SysNative\drivers\PBADRV.SYS (Dell Inc) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1766616536-2676184462-1655401747-6430\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de IE - HKU\S-1-5-21-1766616536-2676184462-1655401747-6430\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68} IE - HKU\S-1-5-21-1766616536-2676184462-1655401747-6430\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1766616536-2676184462-1655401747-6430\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0a1 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( ) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: d:\benutzer\DailyDose\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: d:\benutzer\DailyDose\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Nightly 19.0a1\extensions\\Components: C:\PROGRAM FILES\NIGHTLY\COMPONENTS [2012.11.15 09:18:45 | 000,000,000 | ---D | M] 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Nightly 19.0a1\extensions\\Plugins: C:\PROGRAM FILES\NIGHTLY\PLUGINS FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Optimization Client\addon\ FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.08.26 18:30:32 | 000,000,000 | ---D | M] [2012.11.15 09:18:52 | 000,000,000 | ---D | M] (No name found) -- d:\benutzer\DailyDose\AppData\Roaming\mozilla\Extensions [2012.11.15 09:15:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.06.20 04:39:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.08.26 18:30:30 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll [2012.06.28 16:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}, CHR - homepage: hxxp://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = d:\benutzer\DailyDose\AppData\Local\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = d:\benutzer\DailyDose\AppData\Local\Google\Chrome\Application\23.0.1271.64\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = d:\benutzer\DailyDose\AppData\Local\Google\Chrome\Application\23.0.1271.64\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL CHR - plugin: Java Deployment Toolkit 7.0.50.5 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll CHR - plugin: Google Update (Enabled) = d:\benutzer\DailyDose\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - Extension: Angry Birds = d:\benutzer\DailyDose\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\ CHR - Extension: 3DTin = d:\benutzer\DailyDose\AppData\Local\Google\Chrome\User Data\Default\Extensions\algoakekcdmbbikdjgjdahbfihboglmi\1.1_0\ CHR - Extension: YouTube = d:\benutzer\DailyDose\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google-Suche = d:\benutzer\DailyDose\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: YouTube to mp3 (YouTube para mp3) = d:\benutzer\DailyDose\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjbocjlkojbicepeolmlkpjihlmkdebn\1.0_0\ CHR - Extension: RealPlayer HTML5Video Downloader Extension = d:\benutzer\DailyDose\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\ CHR - Extension: YouTube Downloader: MP3 / HD Video Download = d:\benutzer\DailyDose\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkkeahicimadnjhdamcladhobabaafbg\13.0_0\ CHR - Extension: Youtube MP3 + Video Downloader = d:\benutzer\DailyDose\AppData\Local\Google\Chrome\User Data\Default\Extensions\magnmielaieppaikfanmmcikphdbkkki\1.3.13.0_0\ CHR - Extension: Youtube MP3 + Video Downloader | 1-Click Download = d:\benutzer\DailyDose\AppData\Local\Google\Chrome\User Data\Default\Extensions\mndodlfhmlpbndlojoinhgibacnpgajk\1.0.15.1_0\ CHR - Extension: Google Mail = d:\benutzer\DailyDose\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2012.11.24 01:13:27 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe (Sophos Limited) O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKU\S-1-5-21-1766616536-2676184462-1655401747-6430..\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe (Nokia) O4 - Startup: d:\benutzer\DailyDose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Chatter Desktop.lnk = C:\Program Files (x86)\salesforce.com\Chatter Desktop\Chatter Desktop.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\New Windows present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\New Windows present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\New Windows present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\New Windows present O7 - HKU\S-1-5-21-1766616536-2676184462-1655401747-6430\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1766616536-2676184462-1655401747-6430\Software\Policies\Microsoft\Internet Explorer\New Windows present O7 - HKU\S-1-5-21-1766616536-2676184462-1655401747-6430\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1766616536-2676184462-1655401747-6430\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-1766616536-2676184462-1655401747-6430\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogonScripts = 0 O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - d:\benutzer\DailyDose\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - d:\benutzer\DailyDose\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O13 - gopher Prefix: missing O15:64bit: - ..Trusted Domains: DailyDoseDomain.local ([]http in Trusted sites) O15 - HKU\S-1-5-21-1766616536-2676184462-1655401747-6430\..Trusted Domains: DailyDoseDomain.local ([]http in Trusted sites) O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 10.5.1) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.7.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.11.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = DailyDoseDomain.local O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0C404084-3182-48FB-AE83-645E3B00FEC0}: DhcpNameServer = 192.168.11.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\saphtmlp - No CLSID value found O18:64bit: - Protocol\Handler\sapr3 - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll (SAP, Walldorf) O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll (SAP, Walldorf) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\sophos_detoured_x64.dll) - C:\PROGRA~2\Sophos\SOPHOS~1\sophos_detoured_x64.dll (Sophos Limited) O20 - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\sophos_detoured.dll) - C:\PROGRA~2\Sophos\SOPHOS~1\sophos_detoured.dll (Sophos Limited) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20:64bit: - Winlogon\Notify\spba: DllName - (C:\Program Files\Common Files\SPBA\homefus2.dll) - C:\Programme\Common Files\SPBA\homefus2.dll (UPEK Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012.11.19 14:05:34 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe - (Broadcom Corporation.) MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Dell System Manager.lnk - C:\Programme\Dell\Dell System Manager\DCPSysMgr.exe - (Dell Inc.) MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: Bing Bar - hkey= - key= - File not found MsConfig:64bit - StartUpReg: Broadcom Wireless Manager UI - hkey= - key= - C:\Programme\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.) MsConfig:64bit - StartUpReg: Dell Webcam Central - hkey= - key= - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd) MsConfig:64bit - StartUpReg: FreeFallProtection - hkey= - key= - File not found MsConfig:64bit - StartUpReg: HotKeysCmds - hkey= - key= - C:\Windows\SysNative\hkcmd.exe (Intel Corporation) MsConfig:64bit - StartUpReg: IgfxTray - hkey= - key= - C:\Windows\SysNative\igfxtray.exe (Intel Corporation) MsConfig:64bit - StartUpReg: IMSS - hkey= - key= - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation) MsConfig:64bit - StartUpReg: Microsoft Default Manager - hkey= - key= - File not found MsConfig:64bit - StartUpReg: MobileConnect - hkey= - key= - File not found MsConfig:64bit - StartUpReg: Persistence - hkey= - key= - C:\Windows\SysNative\igfxpers.exe (Intel Corporation) MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig:64bit - StartUpReg: SysTrayApp - hkey= - key= - C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.) MsConfig:64bit - State: "startup" - Reg Error: Key error. Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SAVService - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Limited) SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SAVService - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Limited) SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.11.24 01:15:08 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012.11.24 01:13:28 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2012.11.24 01:07:32 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.11.24 01:07:32 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.11.24 01:07:32 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.11.24 01:07:30 | 000,000,000 | ---D | C] -- C:\ComboFix [2012.11.24 01:07:20 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.11.24 01:07:14 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.11.24 01:03:23 | 005,005,971 | R--- | C] (Swearware) -- d:\benutzer\DailyDose\Desktop\ComboFix.exe [2012.11.23 19:50:08 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- d:\benutzer\DailyDose\Desktop\tdsskiller.exe [2012.11.23 19:40:20 | 004,732,416 | ---- | C] (AVAST Software) -- d:\benutzer\DailyDose\Desktop\aswMBR.exe [2012.11.23 19:33:35 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2012.11.23 19:33:21 | 000,000,000 | ---D | C] -- C:\JRT [2012.11.23 11:21:28 | 000,602,112 | ---- | C] (OldTimer Tools) -- d:\benutzer\DailyDose\Desktop\OTL.exe [2012.11.23 10:37:00 | 000,000,000 | ---D | C] -- d:\benutzer\DailyDose\AppData\Roaming\Malwarebytes [2012.11.23 10:36:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.11.23 10:36:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.11.23 10:36:45 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.11.23 10:36:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.11.19 15:44:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2012.11.19 15:37:09 | 000,000,000 | ---D | C] -- d:\benutzer\DailyDose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos [2012.11.19 14:05:24 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group [2012.11.19 14:05:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard [2012.11.19 13:52:59 | 000,000,000 | ---D | C] -- d:\benutzer\DailyDose\AppData\Roaming\DriverCure [2012.11.19 13:26:36 | 000,037,400 | ---- | C] (Sophos Limited) -- C:\Windows\SysNative\SophosBootTasks.exe [2012.11.19 13:26:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Cisco Systems [2012.11.19 13:26:10 | 000,000,000 | ---D | C] -- C:\Config.Msi [2012.11.19 13:12:44 | 000,036,640 | ---- | C] (Sophos Limited) -- C:\Windows\SysNative\drivers\sdcfilter.sys [2012.11.19 13:01:05 | 000,144,672 | ---- | C] (Sophos Limited) -- C:\Windows\SysNative\drivers\savonaccess.sys [2012.11.19 12:56:48 | 000,183,024 | ---- | C] (Sophos Plc) -- C:\Windows\SysNative\sdccoinstaller.dll [2012.11.19 12:35:36 | 000,000,000 | ---D | C] -- C:\fixupdate [2012.11.19 12:04:03 | 000,212,032 | ---- | C] (Sophos Limited) -- d:\benutzer\DailyDose\Desktop\FixIssues.exe [2012.11.17 23:57:39 | 000,000,000 | ---D | C] -- d:\benutzer\DailyDose\Desktop\Auto-Fotos [2012.11.15 09:18:47 | 000,000,000 | ---D | C] -- d:\benutzer\DailyDose\AppData\Roaming\Mozilla [2012.11.15 09:18:44 | 000,000,000 | ---D | C] -- C:\Program Files\Nightly [2012.11.13 21:49:43 | 000,000,000 | ---D | C] -- d:\benutzer\DailyDose\AppData\Local\Sophos [2012.11.13 21:35:07 | 000,000,000 | ---D | C] -- d:\benutzer\DailyDose\AppData\Roaming\Lyhu [2012.11.13 21:35:07 | 000,000,000 | ---D | C] -- d:\benutzer\DailyDose\AppData\Roaming\Eswat [2012.11.12 20:38:14 | 000,000,000 | ---D | C] -- d:\benutzer\DailyDose\Documents\ScreenCam [2012.11.12 20:37:26 | 000,000,000 | ---D | C] -- C:\ProgramData\SFlash [2012.11.12 20:37:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ScreenCam [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.11.24 10:33:06 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.11.24 10:24:38 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1766616536-2676184462-1655401747-6430UA.job [2012.11.24 10:24:38 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.11.24 10:24:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.24 10:24:34 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1766616536-2676184462-1655401747-6430Core.job [2012.11.24 01:25:20 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.24 01:25:20 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.24 01:23:25 | 001,621,244 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.11.24 01:23:25 | 000,700,418 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.11.24 01:23:25 | 000,655,090 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.11.24 01:23:25 | 000,149,182 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.11.24 01:23:25 | 000,121,962 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.11.24 01:19:06 | 000,001,006 | ---- | M] () -- d:\benutzer\DailyDose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Chatter Desktop.lnk [2012.11.24 01:17:59 | 2053,816,319 | -HS- | M] () -- C:\hiberfil.sys [2012.11.24 01:13:27 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012.11.24 01:03:55 | 005,005,971 | R--- | M] (Swearware) -- d:\benutzer\DailyDose\Desktop\ComboFix.exe [2012.11.23 19:50:15 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- d:\benutzer\DailyDose\Desktop\tdsskiller.exe [2012.11.23 19:48:33 | 000,000,512 | ---- | M] () -- d:\benutzer\DailyDose\Desktop\MBR.dat [2012.11.23 19:40:50 | 004,732,416 | ---- | M] (AVAST Software) -- d:\benutzer\DailyDose\Desktop\aswMBR.exe [2012.11.23 19:32:42 | 000,897,867 | ---- | M] () -- d:\benutzer\DailyDose\Desktop\JRT.exe [2012.11.23 11:21:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- d:\benutzer\DailyDose\Desktop\OTL.exe [2012.11.23 11:19:15 | 000,000,000 | ---- | M] () -- d:\benutzer\DailyDose\defogger_reenable [2012.11.23 11:18:52 | 000,050,477 | ---- | M] () -- d:\benutzer\DailyDose\Desktop\Defogger.exe [2012.11.22 16:11:49 | 000,171,297 | ---- | M] () -- d:\benutzer\DailyDose\Desktop\audia6.pdf [2012.11.19 15:37:09 | 000,003,177 | ---- | M] () -- d:\benutzer\DailyDose\Desktop\Sophos Virus Removal Tool.lnk [2012.11.19 14:05:34 | 000,000,000 | ---- | M] () -- C:\autoexec.bat [2012.11.19 13:12:45 | 000,036,640 | ---- | M] (Sophos Limited) -- C:\Windows\SysNative\drivers\sdcfilter.sys [2012.11.19 13:01:07 | 000,144,672 | ---- | M] (Sophos Limited) -- C:\Windows\SysNative\drivers\savonaccess.sys [2012.11.19 13:00:03 | 000,037,400 | ---- | M] (Sophos Limited) -- C:\Windows\SysNative\SophosBootTasks.exe [2012.11.19 12:56:50 | 000,183,024 | ---- | M] (Sophos Plc) -- C:\Windows\SysNative\sdccoinstaller.dll [2012.11.19 12:27:08 | 000,226,186 | ---- | M] () -- C:\FixUpdate.vbs [2012.11.19 12:04:03 | 000,212,032 | ---- | M] (Sophos Limited) -- d:\benutzer\DailyDose\Desktop\FixIssues.exe [2012.11.13 18:33:42 | 000,312,497 | ---- | M] () -- d:\benutzer\DailyDose\Desktop\Kunden - Scenario.pdf [2012.11.13 18:30:17 | 002,476,440 | ---- | M] () -- d:\benutzer\DailyDose\Desktop\DailyDoseDomain_BPM.pdf [2012.11.12 19:56:13 | 000,085,465 | ---- | M] () -- d:\benutzer\DailyDose\Desktop\Liniennetz_Tag.pdf [2012.11.07 14:35:43 | 000,035,945 | ---- | M] () -- d:\benutzer\DailyDose\Desktop\Clipboard02.png [2012.11.07 14:34:05 | 000,230,129 | ---- | M] () -- d:\benutzer\DailyDose\Desktop\milesAndMore_antrag.pdf [2012.11.07 13:24:35 | 000,041,825 | ---- | M] () -- d:\benutzer\DailyDose\Desktop\NetWeaverGesamt.gif [2012.11.03 12:33:59 | 000,053,528 | ---- | M] () -- d:\benutzer\DailyDose\Desktop\standort_heilbronn_wohlgelegen.jpg [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.11.24 01:07:32 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.11.24 01:07:32 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.11.24 01:07:32 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.11.24 01:07:32 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.11.24 01:07:32 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.11.23 19:48:33 | 000,000,512 | ---- | C] () -- d:\benutzer\DailyDose\Desktop\MBR.dat [2012.11.23 19:32:34 | 000,897,867 | ---- | C] () -- d:\benutzer\DailyDose\Desktop\JRT.exe [2012.11.23 11:20:47 | 000,050,477 | ---- | C] () -- d:\benutzer\DailyDose\Desktop\Defogger.exe [2012.11.23 11:19:15 | 000,000,000 | ---- | C] () -- d:\benutzer\DailyDose\defogger_reenable [2012.11.22 16:11:49 | 000,171,297 | ---- | C] () -- d:\benutzer\DailyDose\Desktop\audia6.pdf [2012.11.19 15:37:09 | 000,003,177 | ---- | C] () -- d:\benutzer\DailyDose\Desktop\Sophos Virus Removal Tool.lnk [2012.11.19 14:05:34 | 000,000,000 | ---- | C] () -- C:\autoexec.bat [2012.11.15 09:18:45 | 000,000,876 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nightly.lnk [2012.11.13 18:33:41 | 000,312,497 | ---- | C] () -- d:\benutzer\DailyDose\Desktop\Kunden - Scenario.pdf [2012.11.13 18:30:13 | 002,476,440 | ---- | C] () -- d:\benutzer\DailyDose\Desktop\DailyDoseDomain_BPM.pdf [2012.11.12 19:56:12 | 000,085,465 | ---- | C] () -- d:\benutzer\DailyDose\Desktop\Liniennetz_Tag.pdf [2012.11.07 14:35:43 | 000,035,945 | ---- | C] () -- d:\benutzer\DailyDose\Desktop\Clipboard02.png [2012.11.07 14:34:05 | 000,230,129 | ---- | C] () -- d:\benutzer\DailyDose\Desktop\milesAndMore_antrag.pdf [2012.11.07 13:24:35 | 000,041,825 | ---- | C] () -- d:\benutzer\DailyDose\Desktop\NetWeaverGesamt.gif [2012.11.03 12:33:59 | 000,053,528 | ---- | C] () -- d:\benutzer\DailyDose\Desktop\standort_heilbronn_wohlgelegen.jpg [2012.09.19 20:47:15 | 000,120,620 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat [2012.09.18 13:45:40 | 000,000,035 | ---- | C] () -- d:\benutzer\DailyDose\.sapmc [2012.08.14 18:07:39 | 000,001,473 | ---- | C] () -- d:\benutzer\DailyDose\AppData\Local\recently-used.xbel [2012.07.01 15:53:24 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI [2012.06.20 09:55:19 | 000,008,180 | RHS- | C] () -- d:\benutzer\DailyDose\ntuser.pol [2012.06.20 09:51:42 | 000,002,208 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2011.06.29 08:35:00 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011.06.29 08:30:57 | 000,095,744 | ---- | C] () -- C:\Windows\SysWow64\h5rtf32.dll [2011.06.29 08:30:57 | 000,051,200 | ---- | C] () -- C:\Windows\SysWow64\h5tool32.dll [2011.06.29 08:30:56 | 001,064,960 | ---- | C] () -- C:\Windows\SysWow64\h5krnl32.dll [2011.06.29 08:30:56 | 000,188,928 | ---- | C] () -- C:\Windows\SysWow64\h5icon32.dll [2011.06.29 08:30:56 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\h5menu32.dll [2011.06.23 21:31:44 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011.06.23 21:31:44 | 000,207,376 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011.06.23 21:31:43 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2011.06.23 19:51:09 | 000,080,368 | ---- | C] () -- C:\Windows\SysWow64\pbadrvdll.dll [2011.06.23 19:48:48 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe [2011.06.23 19:46:22 | 000,030,028 | R--- | C] () -- C:\Windows\ConnectionProfiles.dat [2011.02.11 19:06:36 | 001,599,138 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.11.19 13:52:59 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Roaming\DriverCure [2012.11.13 21:35:07 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Roaming\Eswat [2012.09.07 13:50:44 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Roaming\ICQ [2012.11.23 14:12:22 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Roaming\Lyhu [2012.07.31 21:06:08 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Roaming\Nokia [2012.10.07 18:48:57 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Roaming\Notepad++ [2012.07.31 20:49:48 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Roaming\PC Suite [2012.11.13 22:07:51 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Roaming\Samsung [2012.06.20 10:09:50 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Roaming\SAP [2012.06.22 07:33:57 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Roaming\sfdc-desktop.0E7F0072024938CDBA99B20C38B5F315254C2A5B.1 ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.11.24 01:13:28 | 000,000,000 | ---D | M] -- C:\$RECYCLE.BIN [2012.10.13 16:02:14 | 000,000,000 | ---D | M] -- C:\AllShare [2012.11.24 01:15:09 | 000,000,000 | ---D | M] -- C:\ComboFix [2012.11.24 01:12:22 | 000,000,000 | ---D | M] -- C:\Config.Msi [2011.06.28 14:12:06 | 000,000,000 | ---D | M] -- C:\dell [2012.10.08 17:31:12 | 000,000,000 | ---D | M] -- C:\DevelopmentServer [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2011.06.28 11:42:27 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2012.10.13 16:02:31 | 000,000,000 | ---D | M] -- C:\Download [2011.06.23 21:32:02 | 000,000,000 | ---D | M] -- C:\Drivers [2012.11.19 12:41:26 | 000,000,000 | ---D | M] -- C:\fixupdate [2011.06.23 12:38:41 | 000,000,000 | ---D | M] -- C:\Intel [2012.11.23 19:33:21 | 000,000,000 | ---D | M] -- C:\JRT [2011.06.29 08:16:57 | 000,000,000 | R--D | M] -- C:\MSOCache [2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.11.23 13:45:04 | 000,000,000 | R--D | M] -- C:\Program Files [2012.11.24 10:27:19 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2012.11.24 01:12:22 | 000,000,000 | ---D | M] -- C:\ProgramData [2011.06.28 11:42:27 | 000,000,000 | -HSD | M] -- C:\Programme [2012.11.24 01:15:09 | 000,000,000 | ---D | M] -- C:\Qoobox [2012.11.24 10:34:56 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.06.28 11:47:16 | 000,000,000 | R--D | M] -- C:\Users [2012.11.24 01:15:08 | 000,000,000 | ---D | M] -- C:\Windows < %SYSTEMDRIVE%\*.* > [2012.11.19 12:33:04 | 000,002,416 | ---- | M] () -- C:\2012-11-19_12-28-11_#P1275#_000-Output.txt [2012.11.19 12:28:16 | 000,049,762 | ---- | M] () -- C:\2012-11-19_12-28-11_#P1275#_001-FalsePosAll.txt [2012.11.19 12:28:16 | 000,000,002 | ---- | M] () -- C:\2012-11-19_12-28-11_#P1275#_002-FalsePosMoved.txt [2012.11.19 12:28:16 | 000,000,002 | ---- | M] () -- C:\2012-11-19_12-28-11_#P1275#_003-ToRestoreMoved.txt [2012.11.19 12:28:49 | 000,000,002 | ---- | M] () -- C:\2012-11-19_12-28-11_#P1275#_004-FalsePosDeleted.txt [2012.11.19 12:28:49 | 000,000,002 | ---- | M] () -- C:\2012-11-19_12-28-11_#P1275#_005-ToRestoreDeleted.txt [2012.11.19 14:05:34 | 000,000,000 | ---- | M] () -- C:\autoexec.bat [2012.11.24 01:14:59 | 000,023,111 | ---- | M] () -- C:\ComboFix.txt [2011.06.28 15:52:51 | 000,037,536 | ---- | M] () -- C:\debug1214.txt [2011.06.23 21:36:24 | 000,036,249 | RH-- | M] () -- C:\dell.sdr [2007.11.07 14:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt [2012.11.19 12:27:08 | 000,226,186 | ---- | M] () -- C:\FixUpdate.vbs [2012.11.13 22:04:33 | 000,001,321 | ---- | M] () -- C:\freefallprotection.log [2007.11.07 14:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini [2012.11.24 01:17:59 | 2053,816,319 | -HS- | M] () -- C:\hiberfil.sys [2007.11.07 14:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini [2012.11.24 01:18:03 | 4170,080,255 | -HS- | M] () -- C:\pagefile.sys [2012.11.23 19:51:36 | 000,149,524 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_23.11.2012_19.50.36_log.txt [2007.11.07 14:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp [2007.11.07 14:50:40 | 001,927,956 | ---- | M] () -- C:\VC_RED.cab [2007.11.07 14:53:12 | 000,242,176 | ---- | M] () -- C:\VC_RED.MSI < %PROGRAMFILES%\*.* > [2009.07.14 05:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini < %PROGRAMFILES(X86)%\*.* > [2009.07.14 05:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini < %appdata%\*. > [2012.06.22 07:33:52 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Roaming\Adobe [2012.07.14 20:13:45 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Roaming\Apple Computer [2012.06.20 20:25:42 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Roaming\Creative [2012.11.19 13:52:59 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Roaming\DriverCure [2012.11.13 21:35:07 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Roaming\Eswat [2012.09.07 13:50:44 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Roaming\ICQ [2012.06.20 09:55:23 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Roaming\Identities [2012.11.23 14:12:22 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Roaming\Lyhu [2012.02.22 11:08:49 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Roaming\Macromedia [2012.11.23 10:37:00 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Roaming\Malwarebytes [2010.11.21 08:00:26 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Roaming\Media Center Programs [2012.11.23 10:13:37 | 000,000,000 | --SD | M] -- d:\benutzer\DailyDose\AppData\Roaming\Microsoft [2012.11.15 09:18:52 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Roaming\Mozilla [2012.07.31 21:06:08 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Roaming\Nokia [2012.10.07 18:48:57 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Roaming\Notepad++ [2012.07.31 20:49:48 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Roaming\PC Suite [2012.09.22 20:57:36 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Roaming\Real [2012.11.13 22:07:51 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Roaming\Samsung [2012.06.20 10:09:50 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Roaming\SAP [2012.06.22 07:33:57 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Roaming\sfdc-desktop.0E7F0072024938CDBA99B20C38B5F315254C2A5B.1 [2012.11.24 10:31:06 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Roaming\Skype [2012.11.19 20:28:27 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Roaming\vlc [2012.08.20 23:59:25 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Roaming\Winamp < %appdata%\*.* > < %localappdata%\*. > [2012.06.22 07:33:52 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Local\Adobe [2012.06.20 09:55:16 | 000,000,000 | -HSD | M] -- d:\benutzer\DailyDose\AppData\Local\Anwendungsdaten [2012.07.14 20:12:54 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Local\Apple [2012.07.14 20:13:26 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Local\Apple Computer [2012.06.20 20:01:39 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Local\Broadcom [2012.10.13 15:50:22 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Local\Downloaded Installations [2012.08.15 09:54:38 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Local\ElevatedDiagnostics [2012.08.14 18:01:40 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Local\fontconfig [2012.10.26 14:55:18 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Local\FreePDF_XP [2012.08.14 18:01:39 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Local\gegl-0.2 [2012.06.20 18:43:53 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Local\Google [2012.06.20 10:03:06 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Local\Macromedia [2012.11.13 22:05:23 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Local\Microsoft [2012.06.20 19:09:57 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Local\Microsoft Games [2012.06.20 19:00:38 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Local\Microsoft Help [2012.06.20 09:58:22 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Local\Mozilla [2012.07.31 20:49:03 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Local\Nokia [2012.07.31 20:49:13 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Local\NokiaAccount [2012.06.20 10:09:50 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Local\SAP [2012.11.13 21:49:43 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Local\Sophos [2012.11.24 10:32:56 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Local\Temp [2012.06.20 09:55:16 | 000,000,000 | -HSD | M] -- d:\benutzer\DailyDose\AppData\Local\Temporary Internet Files [2012.06.20 09:55:16 | 000,000,000 | -HSD | M] -- d:\benutzer\DailyDose\AppData\Local\Verlauf [2012.06.20 19:47:36 | 000,000,000 | ---D | M] -- d:\benutzer\DailyDose\AppData\Local\XING Connector < %localappdata%\*.* > [2012.10.13 14:29:16 | 000,086,728 | ---- | M] () -- d:\benutzer\DailyDose\AppData\Local\GDIPFONTCACHEV1.DAT [2012.11.24 01:17:30 | 019,038,996 | -H-- | M] () -- d:\benutzer\DailyDose\AppData\Local\IconCache.db [2012.08.14 18:07:39 | 000,001,473 | ---- | M] () -- d:\benutzer\DailyDose\AppData\Local\recently-used.xbel < %allusersprofile%\*. > [2012.11.14 10:19:17 | 000,000,000 | ---D | M] -- C:\ProgramData\Adobe [2011.06.28 11:42:27 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten [2012.07.14 20:12:54 | 000,000,000 | ---D | M] -- C:\ProgramData\Apple [2012.07.14 20:13:05 | 000,000,000 | ---D | M] -- C:\ProgramData\Apple Computer [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data [2011.06.23 19:50:39 | 000,000,000 | ---D | M] -- C:\ProgramData\Broadcom [2012.06.20 20:25:45 | 000,000,000 | ---D | M] -- C:\ProgramData\Creative [2011.06.23 19:52:02 | 000,000,000 | ---D | M] -- C:\ProgramData\Dell [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents [2011.06.28 11:42:27 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente [2011.06.28 11:42:27 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites [2011.06.28 15:52:22 | 000,000,000 | ---D | M] -- C:\ProgramData\FLEXnet [2012.02.22 12:22:40 | 000,000,000 | ---D | M] -- C:\ProgramData\FreePDF [2011.06.23 20:05:59 | 000,000,000 | ---D | M] -- C:\ProgramData\Intel [2012.11.23 10:36:46 | 000,000,000 | ---D | M] -- C:\ProgramData\Malwarebytes [2012.11.23 10:13:37 | 000,000,000 | --SD | M] -- C:\ProgramData\Microsoft [2012.10.13 10:33:29 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft Help [2012.06.20 09:59:02 | 000,000,000 | ---D | M] -- C:\ProgramData\Mozilla [2012.07.31 20:48:54 | 000,000,000 | ---D | M] -- C:\ProgramData\Nokia [2012.07.31 20:48:05 | 000,000,000 | ---D | M] -- C:\ProgramData\NokiaInstallerCache [2011.06.23 19:49:18 | 000,000,000 | ---D | M] -- C:\ProgramData\NTRU Cryptosystems [2012.07.31 20:49:27 | 000,000,000 | ---D | M] -- C:\ProgramData\PC Suite [2012.08.26 18:30:42 | 000,000,000 | ---D | M] -- C:\ProgramData\Real [2012.11.13 13:14:02 | 000,000,000 | ---D | M] -- C:\ProgramData\SFlash [2012.08.04 08:45:46 | 000,000,000 | ---D | M] -- C:\ProgramData\Skype [2012.11.19 15:37:12 | 000,000,000 | ---D | M] -- C:\ProgramData\Sophos [2012.11.24 01:04:20 | 000,000,000 | ---D | M] -- C:\ProgramData\Spybot - Search & Destroy [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu [2011.06.28 11:42:27 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü [2011.06.23 19:44:00 | 000,000,000 | ---D | M] -- C:\ProgramData\Sun [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates [2012.02.22 10:42:28 | 000,000,000 | ---D | M] -- C:\ProgramData\Vodafone [2011.06.28 11:42:27 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen [2011.06.23 19:53:49 | 000,000,000 | ---D | M] -- C:\ProgramData\Wave Systems Corp [2012.07.14 20:13:13 | 000,000,000 | ---D | M] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001} < %allusersprofile%\*.* > [2012.06.20 10:44:45 | 000,002,208 | RHS- | M] () -- C:\ProgramData\ntuser.pol < End of report > Code:
ATTFilter OTL Extras logfile created on: 24.11.2012 10:32:53 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = d:\benutzer\DailyDose\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,88 Gb Total Physical Memory | 5,89 Gb Available Physical Memory | 74,70% Memory free
15,77 Gb Paging File | 13,61 Gb Available in Paging File | 86,30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 59,95 Gb Total Space | 19,88 Gb Free Space | 33,16% Space Free | Partition Type: NTFS
Drive D: | 58,52 Gb Total Space | 48,18 Gb Free Space | 82,33% Space Free | Partition Type: NTFS
Computer Name: P1275 | User Name: DailyDose | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"" =
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{051C9F50-9EDD-4DF6-BB6D-A3B50BC8B6E5}" = lport=137 | protocol=17 | dir=in | app=system |
"{06811611-4E17-4813-974E-5A47E0D38100}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{218446C7-1E29-42FE-B51E-96D307EA9EAA}" = lport=138 | protocol=17 | dir=in | app=system |
"{30CDD2E9-B083-473E-A0EE-ACB3D1806A4A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{41C2473A-DD86-4CFB-AEFB-547B38610D1A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4FA6C55D-AE73-4942-9C7D-69F97394B300}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{503555BB-543E-4322-BB97-A0F1F2398CCB}" = lport=445 | protocol=6 | dir=in | app=system |
"{6F6BBB5C-9127-4311-B8D1-D72E156B21AB}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{76BF1C4B-CD18-447C-9337-ED2840211FDF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{97877BB8-E89C-421B-B686-184FF90283CB}" = lport=139 | protocol=6 | dir=in | app=system |
"{AD16DD12-8082-47B3-8228-59464BCE2A23}" = rport=138 | protocol=17 | dir=out | app=system |
"{C5EE2ABE-E641-49D1-BDDB-E3DC52E24C43}" = rport=137 | protocol=17 | dir=out | app=system |
"{C7BE1FE4-1A46-4896-9442-4DF37F67784A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{D6F44192-5580-47C4-B2F6-BAC5F59544BD}" = rport=139 | protocol=6 | dir=out | app=system |
"{E527BBB1-C6C4-4CBA-96F0-9C3B0AD99D45}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{F9C5D6C4-EA18-4CD9-A82F-7D9548DBFC3E}" = rport=445 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04149250-B4E5-4C9E-8FFC-53AD7E8507BA}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{05905DA8-5E9C-401C-9C31-27204EABDCE4}" = dir=in | app=c:\program files (x86)\samsung\allshare\allshare.exe |
"{0AFAB201-1A43-4021-BBBB-8F5332A22E5E}" = dir=in | app=c:\program files (x86)\samsung\allshare\allsharedms\allsharedms.exe |
"{17DEABE2-6A2A-4890-BCA0-B401F481B2CA}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{37B8E21F-1D71-4714-A104-1FCAE6FE37D5}" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"{4B0B3ABB-0B9C-448F-B491-06E89E8D7965}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{4C6011F2-DE9F-4B06-BD51-17D48F0522DC}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{4DBB64EC-28E2-4E83-953A-46A56D9C597F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{5EDC1386-4C48-43F7-80A1-675802B09BD5}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe |
"{75A85B26-CFA5-4531-90B0-E7E9328500A5}" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"{800BAECD-D0F9-4456-8DE2-C91D43C823A6}" = dir=in | app=c:\program files (x86)\samsung\allshare\allshareagent.exe |
"{864E1CF7-AE6A-4F47-B968-947CD4067DB5}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe |
"{8971D633-8EF2-4681-8530-07DA31BC37D3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A3C52D44-B49C-424A-A3AB-D96E628EB047}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe |
"{A60A2B87-0D32-43BF-AA65-357B79512C8F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A96893EA-6D4F-4BAF-96AA-E080F40C7830}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{AADE7A65-E549-4F7A-875B-5DE653706428}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe |
"{B10A8CD9-94F7-46C6-807D-C048D937BD2D}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe |
"{B8602F01-7B14-4EAE-BD74-21BC3E20B1F9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BDDBB28C-57B5-4738-93DA-E05CA1947230}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{D8BCFC13-5FC1-4739-A4E2-A92E02AEC117}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{E01B6FCF-963C-4FC4-8052-5503E007E56C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E0A72312-9A08-4DAF-84C5-7EC7D428F5B8}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe |
"{E2284230-8E92-4E23-813E-3E42F9848542}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{F73EDF71-B8E7-413A-8B58-57C69A53A9EC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"TCP Query User{0B7DDD35-EAF2-40E3-AB1F-27274B7948C7}D:\nwds 7.3\eclipse\sapnetweaverdeveloperstudio.exe" = protocol=6 | dir=in | app=d:\nwds 7.3\eclipse\sapnetweaverdeveloperstudio.exe |
"TCP Query User{32D4C93E-48D5-4014-8A76-BA94B3B5AF32}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"TCP Query User{33F8A5F9-CB90-4E36-8895-DCBA96547F84}C:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"TCP Query User{513919BE-36FC-40D2-8F3B-68EB0FAB0AE7}D:\benutzer\DailyDose\appdata\roaming\aqoqlo\nyuq.exe" = protocol=6 | dir=in | app=d:\benutzer\DailyDose\appdata\roaming\aqoqlo\nyuq.exe |
"TCP Query User{CC64E60B-8725-4E86-BCAF-F7A4A462B67B}D:\nwds 7.3\eclipse\sapnetweaverdeveloperstudio.exe" = protocol=6 | dir=in | app=d:\nwds 7.3\eclipse\sapnetweaverdeveloperstudio.exe |
"TCP Query User{D260B910-D709-4897-82F0-F447BECA5F0C}C:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"UDP Query User{1C35AA58-82F4-46E5-9E87-28CF2F6A489C}D:\nwds 7.3\eclipse\sapnetweaverdeveloperstudio.exe" = protocol=17 | dir=in | app=d:\nwds 7.3\eclipse\sapnetweaverdeveloperstudio.exe |
"UDP Query User{36B3B263-D059-4B99-A1F5-F845A9F299CE}C:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"UDP Query User{3772CC24-27E4-4CDE-AD20-16803E62898A}D:\nwds 7.3\eclipse\sapnetweaverdeveloperstudio.exe" = protocol=17 | dir=in | app=d:\nwds 7.3\eclipse\sapnetweaverdeveloperstudio.exe |
"UDP Query User{37C15551-215E-4337-93EA-718E2357EC39}C:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"UDP Query User{60673E00-2D3D-4395-B664-871E3499AFBE}D:\benutzer\DailyDose\appdata\roaming\aqoqlo\nyuq.exe" = protocol=17 | dir=in | app=d:\benutzer\DailyDose\appdata\roaming\aqoqlo\nyuq.exe |
"UDP Query User{6141B2A0-2DAF-4833-89AF-916E62EB3BEC}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software Installer
"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"{1111706F-666A-4037-7777-211648764D10}" = JavaFX 2.1.1 (64-bit)
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{2222706F-666A-4037-7777-211648764D10}" = JavaFX 2.1.1 SDK (64-bit)
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java(TM) 6 Update 24 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java(TM) 7 Update 5 (64-bit)
"{2EECD5EF-5095-467C-B80C-4AB3096EFD60}" = SPBA 5.9
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
"{3DCDFCDB-4D96-4CF0-9BB3-C91DAE9073F3}" = PC-CCID
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{4E60E212-3177-4B16-BCB3-616CCC52357D}" = Upek Touchchip Fingerprint Reader
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{64A3A4F4-B792-11D6-A78A-00B0D0170000}" = Java(TM) SE Development Kit 7 (64-bit)
"{64A3A4F4-B792-11D6-A78A-00B0D0170050}" = Java SE Development Kit 7 Update 5 (64-bit)
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6AC87FB3-ACFC-4416-890C-8976D5A9B371}" = Trusted Drive Manager
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7206B668-FEE0-455B-BB1F-9B5A2E0EC94A}" = Custom
"{75E0B85A-085F-4BA3-B2BF-1995AFD8024D}" = NTRU TCG Software Stack
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A6B4FE2-7CC4-4DAC-BC68-D9E170B758FD}" = Dell ControlVault Host Components Installer 64 bit
"{8C9B6B1F-0A8E-402A-A60C-110BBB38D67E}" = Intel(R) Network Connections 15.7.176.1
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{91CE5F03-3A2A-4268-935A-04944F058AE9}" = Gemalto
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DAED4FC-2B0E-4F3F-8141-F2ABF02CCFCB}" = BioAPI Framework
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Data Protection | Access
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"{F52ABC1D-5EA4-4FDD-8E5F-CA31428570C0}" = Wave Infrastructure Installer
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F839C6BD-E92E-48FA-9CE6-7BFAF94F7096}" = DellAccess
"{FDF509ED-9624-4FDE-9BAA-9566C186AB96}" = Dell System Manager
"9512AA21B791B05A54E27065C45BBC417AB282DF" = Windows-Treiberpaket - Dell Inc. PBADRV System (09/11/2009 1.0.1.6)
"DW WLAN Card Utility" = DW WLAN Card Utility
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"GIMP-2_is1" = GIMP 2.8.0
"GPL Ghostscript 9.05" = GPL Ghostscript
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Nightly 19.0a1 (x64 en-US)" = Nightly 19.0a1 (x64 en-US)
"PROSetDX" = Intel(R) Network Connections 15.7.176.1
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{013FA6FF-9BDA-4FFF-A4E6-B7EA5C6505CF}" = WoLoSoft CopyPath
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BA13348-6283-69B1-FC00-77C8FB034FD5}" = Chatter Desktop
"{0CB3B7EE-52C7-4136-AF40-605567D90318}" = O2Micro Flash Memory Card Windows Driver
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{23EEC842-57ED-4055-A056-9D4185DFB1AA}" = Dell Mobile Broadband Manager
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2C43790E-8470-1027-82D3-DF319F3C410F}" = Intel(R) Identity Protection Technology 1.0.71.0
"{32A3A4F4-B792-11D6-A78A-00B0D0160310}" = Java(TM) SE Development Kit 6 Update 31
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E4E65EE-C456-45AC-B5AD-C62C3A325BD0}" = Dell Data Protection | Access | Drivers
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}" = ICQ7M
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7964AE02-9127-42C0-A917-2CE4CD4EFE3B}" = Nokia Suite
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841CBDD5-4BB5-403E-AEE3-2FADC3890BE8}" = Dell Data Protection | Access | Middleware
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_SMALLBUSINESS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_SMALLBUSINESS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_SMALLBUSINESS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_SMALLBUSINESS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_SMALLBUSINESS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_SMALLBUSINESS_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_SMALLBUSINESS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_SMALLBUSINESS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_SMALLBUSINESS_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_SMALLBUSINESS_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_SMALLBUSINESS_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_SMALLBUSINESS_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00CA-0000-0000-0000000FF1CE}" = Microsoft Office Small Business 2007
"{90120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-004E-0407-0000-0000000FF1CE}" = Microsoft Outlook Connector für soziale Netzerker 32-Bit
"{95140000-007C-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Facebook 32-bit
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}" = Sophos Anti-Virus
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9D583F01-A973-4B04-90BD-FB7886779090}" = Dell Wireless HSPA Mini-Card Drivers
"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7D91856-258D-4C87-8041-B170851CE432}" = Dell Data Protection | Access
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B829E117-D072-41EA-9606-9826A38D34C1}" = Sophos Virus Removal Tool
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA5B2BDC-F654-4A88-A669-4D34BC7846A1}" = PC Connectivity Solution
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FED1005D-CBC8-45D5-A288-FFC7BB304121}" = Sophos Remote Management System
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"Dell Webcam Central" = Dell Webcam Central
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.26.706
"FreePDF_XP" = FreePDF (Remove only)
"InstallShield_{0CB3B7EE-52C7-4136-AF40-605567D90318}" = O2Micro Flash Memory Card Windows Driver
"IrfanView" = IrfanView (remove only)
"LinkedIn Outlook Connector" = LinkedIn Outlook Connector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Nokia Suite" = Nokia Suite
"Notepad++" = Notepad++
"OpenVPN" = OpenVPN 2.2.0
"RealPlayer 15.0" = RealPlayer
"SAPBI" = SAP Business Explorer
"SAPGUI710" = SAP GUI for Windows 7.20
"sfdc-desktop.0E7F0072024938CDBA99B20C38B5F315254C2A5B.1" = Chatter Desktop
"SMALLBUSINESS" = Microsoft Office Small Business 2007
"SopCast" = SopCast 3.5.0
"VLC media player" = VLC media player 2.0.2
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"XING Connector" = XING Connector 1.2
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1766616536-2676184462-1655401747-6430\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 23.11.2012 15:06:24 | Computer Name = P1275.DailyDoseDomain.local | Source = Sophos Message Router | ID = 8005
Description = DNS Lookup schlug bei Auflösung folgender Adressen fehl: sv076,sv076.DailyDoseDomain.local.%3
Error - 23.11.2012 20:14:18 | Computer Name = P1275.DailyDoseDomain.local | Source = WinMgmt | ID = 10
Description =
Error - 23.11.2012 20:19:58 | Computer Name = P1275.DailyDoseDomain.local | Source = WinMgmt | ID = 10
Description =
Error - 23.11.2012 20:23:39 | Computer Name = P1275.DailyDoseDomain.local | Source = Sophos Message Router | ID = 8005
Description = DNS Lookup schlug bei Auflösung folgender Adressen fehl: sv076,sv076.DailyDoseDomain.local.%3
[ Broadcom Wireless LAN Events ]
Error - 26.07.2012 07:54:49 | Computer Name = P1275.DailyDoseDomain.local | Source = WLAN-Tray | ID = 0
Description = 13:54:49, Thu, Jul 26, 12 Error - Unable to set enhanced country code
[ System Events ]
Error - 23.11.2012 20:12:35 | Computer Name = P1275.DailyDoseDomain.local | Source = Service Control Manager | ID = 7001
Description = Der Dienst "NTRU TSS v1.2.1.34 TCS" ist vom Dienst "TPM-Basisdienste"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%0
Error - 23.11.2012 20:12:40 | Computer Name = P1275.DailyDoseDomain.local | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom vflt
Error - 23.11.2012 20:13:03 | Computer Name = P1275.DailyDoseDomain.local | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender
Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann
eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn
die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde
und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere
Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.
Error - 23.11.2012 20:13:25 | Computer Name = P1275.DailyDoseDomain.local | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender
Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann
eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn
die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde
und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere
Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.
Error - 23.11.2012 20:18:13 | Computer Name = P1275.DailyDoseDomain.local | Source = NETLOGON | ID = 5719
Description = Der Computer konnte eine sichere Sitzung mit einem Domänencontroller
in der Domäne DailyDoseDomain aufgrund der folgenden Ursache nicht einrichten: %%1311
Dies
kann zu Authentifizierungsproblemen führen. Stellen Sie sicher, dass der Computer
mit dem Netzwerk verbunden ist. Wenden Sie sich an den Domänenadministrator, wenn
das Problem weiterhin besteht. ZUSÄTZLICHE INFORMATIONEN Wenn dieser Computer ein
Domänencontroller der bestimmten Domäne ist, wird eine sichere Sitzung zum primären
Domänencontrolleremulator
in der bestimmten Domäne eingerichtet. Andernfalls richtet dieser Computer eine
sichere Sitzung zu einem beliebigen Domänencontroller in der bestimmten Domäne ein.
Error - 23.11.2012 20:18:13 | Computer Name = P1275.DailyDoseDomain.local | Source = Service Control Manager | ID = 7001
Description = Der Dienst "NTRU TSS v1.2.1.34 TCS" ist vom Dienst "TPM-Basisdienste"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%0
Error - 23.11.2012 20:18:17 | Computer Name = P1275.DailyDoseDomain.local | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom vflt
Error - 23.11.2012 20:18:40 | Computer Name = P1275.DailyDoseDomain.local | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender
Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann
eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn
die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde
und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere
Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.
Error - 23.11.2012 20:19:05 | Computer Name = P1275.DailyDoseDomain.local | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender
Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann
eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn
die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde
und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere
Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.
Error - 24.11.2012 05:24:45 | Computer Name = P1275.DailyDoseDomain.local | Source = NETLOGON | ID = 5719
Description = Der Computer konnte eine sichere Sitzung mit einem Domänencontroller
in der Domäne DailyDoseDomain aufgrund der folgenden Ursache nicht einrichten: %%1311
Dies
kann zu Authentifizierungsproblemen führen. Stellen Sie sicher, dass der Computer
mit dem Netzwerk verbunden ist. Wenden Sie sich an den Domänenadministrator, wenn
das Problem weiterhin besteht. ZUSÄTZLICHE INFORMATIONEN Wenn dieser Computer ein
Domänencontroller der bestimmten Domäne ist, wird eine sichere Sitzung zum primären
Domänencontrolleremulator
in der bestimmten Domäne eingerichtet. Andernfalls richtet dieser Computer eine
sichere Sitzung zu einem beliebigen Domänencontroller in der bestimmten Domäne ein.
< End of report >
|
|
24.11.2012, 10:52
| #8 |
| /// TB-Ausbilder | Sophos meldet im Speicher: Troj/ZbotMem-B Zwischenfrage: Ist das ein gewerblich genutzter Computer?
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
24.11.2012, 10:55
| #9 |
| | Sophos meldet im Speicher: Troj/ZbotMem-B ja, wird hauptsächlich gewerblich genutzt. Kann aber auch privat genutzt werden. |
|
24.11.2012, 11:17
| #10 | |
| /// TB-Ausbilder | Sophos meldet im Speicher: Troj/ZbotMem-B Für uns gilt: Zitat:
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
27.11.2012, 19:22
| #11 |
| /// TB-Ausbilder | Sophos meldet im Speicher: Troj/ZbotMem-B Fehlende Rückmeldung Dieses Thema wurde aus den Abos gelöscht. Somit bekomm ich keine Benachrichtigung über neue Antworten. PM an mich falls Du denoch weiter machen willst. Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist. Jeder andere bitte hier klicken und einen eigenen Thread erstellen
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
| Themen zu Sophos meldet im Speicher: Troj/ZbotMem-B |
| 7-zip, administrator, anti-malware, antivirus, autostart, bösartige, dateien, enigma, explorer, google, gruppe, install.exe, installiert, malwarebytes, manuell, melde, meldet, minute, monitor.exe, mozilla, nichts, office 2007, performer, plug-in, registrierung, scan, sekunden, service, sophos, speicher, trojaner, version, weiteres, youtube downloader, zbot trojaner, zbotmem-b, zitat |
Textbox.
Linear-Darstellung
