| |
| |||||||
Log-Analyse und Auswertung: Alle Dateien versteckt - Befall mit "trojan.fasagent" und "PUM.Hijack.StartMenu"Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
11.06.2012, 17:55
| #1 |
 |  Alle Dateien versteckt - Befall mit "trojan.fasagent" und "PUM.Hijack.StartMenu" Hallo! Ich bin auf dieses Forum gestoßen, da ich mir gestern einen Trojaner eingefangen habe. Habe bereits viele Foren durchforstet und hoffe, dass ich bei euch Hilfe bekomme. Folgendes Problem: Gestern öffnete sich die Datei "realtek_AC97" und wollte meine Zustimmung als Admin. Ich habe natürlich nicht zugestimmt. Das Fenster öffnete sich aber direkt nach meinem Schließen erneut und plötzlich ging das Chaos los: Error-Meldungen, Hardware-Fehlermeldungen - ich weiß leider nicht mehr alles auswendig. Ohne mein Zutun startete der PC neu (habe wireless gleich aus gemacht) und direkt nach dem Anmelden öffnete sich "data_recovery", was ich aber sofort stoppte, in der Angst es sei ein Virus. Trotz Windows-Logo war mir das zu unsicher. Mein Desktop wurde schwarz, komplett leer bis auf die Symbole Papierkorb, Internet und Computer - wenn ich auf "Start" klicke ist alles komplett leer, das C-Laufwerk ebenfalls. Es öffneten sich in Sekunden massig Fenster mit ein und derselben Fehlermeldung, ich habe bei allen auf "cancel" geklickt. Dies hat sich dann ca. 3x wiederholt, zwischendurch konnte ich für ein paar Minuten Malwarebytes drüberlaufen lassen, den Trojaner finden und in Quarantäne verschieben - dann war der PC auch schon wieder aus. Habe danach in den abgesicherten Modus gewechselt. Wie schon erwähnt habe ich bereits Malwarebytes drüberlaufen lassen (kompletter Scan), dabei wurden 3x "trojan.fasagent" und 2x "PUM.Hijack.StartMenu" gefunden. Leider hab ich das Scan-Protokoll nicht gespeichert und die 5 infizierten Dateien bereits aus der Quarantäneliste entfernt. Ich hoffe nur, dass das kein Fehler war und mir trotzdem jemand weiterhelfen kann... Als nächstes habe ich, wie hier im Forum empfohlen, den ESET Online Scanner verwendet, der weitere 3 Probleme aufgezeigt hat. Da empfohlen wurde bei "refund found threats" keinen Haken zu setzen, habe ich dies auch nicht getan. Das Ergebnis hab ich dann als Bild festgehalten, da ich mir nicht sicher war ob man was mit dieser Logdatei anfangen kann!? (Oder habe ich etwas falsch gemacht?) Ich hänge beides an. Als absoluter Computerlaie bin ich sehr froh, dass ich mittlerweile weiß, dass die Dateien nicht verloren, sondern nur versteckt sind und ich habe auch schon testweise Ordner wieder sichtbar gemacht. Allerdings muss ich natürlich sichergehen, dass alle Schädlinge von meinem Laptop entfernt sind, erst dann kann ich wieder aufatmen! Tausend Dank schon mal an denjenigen, der sich die Mühe macht mir zu helfen!!!  Habe mir auch OTL runtergeladen und den Scan gemacht:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 11.06.2012 17:43:14 - Run 1
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\mc\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,07 Gb Available Physical Memory | 35,79% Memory free
6,19 Gb Paging File | 4,02 Gb Available in Paging File | 64,92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221,67 Gb Total Space | 40,65 Gb Free Space | 18,34% Space Free | Partition Type: NTFS
Computer Name: MC-PC | User Name: mc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistApplianMP] -- "C:\Program Files\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithApplianMP] -- "C:\Program Files\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1761F956-E6BA-4116-9083-488932E63EC5}" = lport=137 | protocol=17 | dir=in | app=system |
"{3B90ECF1-8298-4243-8F0D-E65C071077A2}" = lport=51000 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{4C3C08B3-CFB1-45F2-A093-7D7373D424F4}" = lport=445 | protocol=6 | dir=in | app=system |
"{71CBF9FC-BDA1-4CCE-BB11-9091F2B2D87B}" = rport=138 | protocol=17 | dir=out | app=system |
"{7E08DE09-E457-4662-9BD9-4C66D0BC86DD}" = rport=137 | protocol=17 | dir=out | app=system |
"{8689166D-180F-4A30-9DB0-F5DB3AD1E123}" = lport=138 | protocol=17 | dir=in | app=system |
"{94A4FF1B-372F-45D3-BA79-74B505A224A8}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{9BA1E26E-872C-4BB0-A87A-960E4598B8CD}" = rport=139 | protocol=6 | dir=out | app=system |
"{AFBC1C0E-33C5-44E3-8E0B-8AA86CFEF50C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B519BBA9-DECD-4407-93B3-CC05CBBCC02C}" = rport=445 | protocol=6 | dir=out | app=system |
"{B55656A4-931D-4145-9A59-70FA1F89B524}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{BA17942E-12F3-4153-AA77-6FFA36B1B167}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{BFF3B81D-1B08-4449-98A7-46FB6CB441F2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{CC3FA29B-C405-4B2B-84E0-416802DFCDB5}" = lport=139 | protocol=6 | dir=in | app=system |
"{E456EDE2-CAC1-4340-BC21-8A946E8AA443}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{F37EEAE7-DA8F-497A-9615-6E07ED9F8A41}" = lport=51001 | protocol=6 | dir=in | name=adobe version cue cs4 server |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02337E85-E1D4-43CF-9E5C-89FAB4690CD7}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{027D9138-5BF2-4F01-8854-DB6BCD871E62}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{066C05F2-FC33-4846-A8CD-1405D7D4C26F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{091EF9D1-9FDE-490E-8819-D0C8788E6A96}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0A90B39B-C84A-42A3-A8C6-0F6A4694A898}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{0B6E696D-868C-40C0-8671-9A48B5005FF9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0BD4C115-AB9E-4303-8E45-342E64413A1A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0C5D2394-8924-41B9-8A6F-B2FFDDABEB15}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0DD0374B-116D-41E6-9D30-F9D7086ECB0A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{10F7D976-C490-4008-BBC6-B71F403628AA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{14B5972A-E04C-4829-A5F5-385930230E09}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{15A5C43C-44FA-4937-83BD-3CBF03EAFCF6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{177BD224-5087-40A2-BDB4-429BB325481B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{1B6F8B83-7AE7-4087-96AF-14478B69CABE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1BD8480D-C502-4D6D-89A3-CE4554411FF8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1C716B9D-F281-4230-956A-B5D06E4357E5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{226511F6-6373-495B-9EF3-F0F77CD0EAED}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{233BB4FF-F6C4-4F31-B45F-FC3EB3E652A0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{26EB29C6-50F4-4069-A11D-8B75DCA19EFD}" = dir=in | app=c:\users\mc\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{27588B78-2646-437F-B532-0FB2B946579B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2A11D828-261C-46F8-8C6E-7151C43F7DCD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2B611690-B002-4A69-BF67-51377E114D05}" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"{2F11A139-D9FE-42C1-999A-2EF1C5A1EC1A}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe |
"{2FF6C347-C8A2-47D6-A09B-34B15D8E703F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{316A59A5-6D94-401C-911B-B23D47538118}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3586879C-194C-4815-ADF7-8072EBB9A5B3}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3E8EC0BD-9603-48C5-937B-46999B082943}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3FD19A8D-B230-4E25-B113-84E0312D1FB0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{40DB305C-A405-4DB8-A98F-A481302C1938}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{420818D4-CB76-4B48-ABE7-8489C120A2D8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4343A8D9-4855-40FB-948F-B5BE1908D0FF}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{44014A9B-58BA-4688-A2DB-4ACBA0D3CD97}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{47F05510-F2A8-48D1-9D67-B9807BE62996}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{516F28A1-8366-4F16-A0B4-8877B2C9A0A7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{53959474-CD55-45DC-A49E-5B78AD906F28}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{584519E0-A051-417B-8A82-036E2697D00C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5E568CAC-F86D-4957-A036-EBC6151910F1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{6138917F-67E3-4E70-97ED-D0648BB7492B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{62239022-9CE0-4A48-9C34-B00814DC2C67}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |
"{62990C1F-A6F5-42BF-9380-75482F43BF65}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{648DBB2F-022C-4429-A275-6707904DECBA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{659A58D6-3202-4235-A4F4-A6C8D361C41C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{659D04E6-E717-4582-8E9F-32DC084F0F29}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{65EADE7C-2B1F-4337-A275-5D6FD82296C1}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{67E0EF5B-DEE8-4887-AF64-2A00A62AC380}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6A457E67-F097-4F2B-960B-76D3414DC907}" = protocol=6 | dir=in | app=c:\users\mc\appdata\roaming\dropbox\bin\dropbox.exe |
"{6B24878D-0117-48FB-BF53-5573EC8B0D3F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6F033B96-8FAE-42E3-A952-3A8382847154}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{6FE14C12-7F0C-46F6-9BF5-C835D5D6422C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{711B7E29-F8DB-4C4E-ABE2-14DF88EE79D7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7584CF03-1609-4F7A-AD9E-1DFF2DF32129}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{78406A40-2E36-48E3-BEFB-0A320290B66C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7905501E-F55C-423D-9AA4-1E87DA260E2B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{79360B19-052B-4C74-9833-F27A17C37A49}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe |
"{7D023F94-6D92-4831-B4D2-280088840022}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{804E9340-9130-4932-A101-FA1768C363EC}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{80EEF737-FC11-47ED-A3B7-A047B4E10189}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe |
"{8457C3E3-750D-4179-8E8A-6D35F8406270}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{848250FC-AA63-441B-BAD8-F0D3B69B9870}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{8627DE6B-85D6-427F-8EEC-E2EF1427544D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8BD46282-7AD5-41BB-8748-7AAA25CAC0A8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{8DFA1374-C80F-4C1B-B656-2BD69C385FEF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{955D0650-B496-42DE-8092-26C278663095}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{96B41203-0DD2-46A7-8D35-7B8DC214F0D5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{96D95C90-02F4-4876-9EEB-D51AAAD80C41}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{99FB6BDD-D76F-4DBD-B513-DF49554E247D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9B7E82FC-B317-4C93-8D86-6B5C42DC5EFE}" = protocol=6 | dir=in | app=c:\program files\google\google talk\googletalk.exe |
"{9C636E5A-B0B3-495B-9CA7-7F046DC5189E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9E4F1880-16BA-49B8-81C5-A21D30A48BD9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9F1DC365-1964-4761-83EA-3B2DE5BB9E5E}" = protocol=17 | dir=in | app=c:\users\mc\appdata\roaming\dropbox\bin\dropbox.exe |
"{A26EAE68-5BEA-4EB6-9B98-56D1EA42B0E4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A289EE51-4B9D-4816-87AE-B8BB8EA0AA3B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A2D686DC-68D9-4C28-AD68-A56ED38D1440}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{ACD61E54-53F4-4BB7-94EB-6A7679B0983A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AE3FFABA-CFEC-4E1F-AF1C-3E55A7E0D09F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B1E38E6A-3522-4FEC-85FD-3DDBB8C6763C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B323A888-F7DE-4D4E-85BF-2B0D37802F31}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B4DF2CD0-FF57-47DF-B00F-ADD5F361D5EA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BB754DCE-578B-49E6-B7B4-E4778C6C7310}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{BD0EEDB1-736D-4247-9A05-CDBFDA2FA0E8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BF01FC21-73BE-4DDD-9C6E-BFF210F3EB46}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C02F8D15-A724-460A-83A6-07A5AAE7E70A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C0F7094A-0D9E-419B-B6AD-4551BE9EF3A4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C1179CBD-2651-4BC4-A877-4221F87C19D0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C684F43A-AE49-4ED9-AB02-D965B05BCAEE}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe |
"{DA922811-D85C-4357-A20E-6DEDBD8FD52D}" = protocol=17 | dir=in | app=c:\program files\google\google talk\googletalk.exe |
"{DF4B40DA-56F7-4BB2-B10E-0C685257710C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E174DDAC-722E-4462-818C-B3A1B4F052BB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E8D9FF68-2043-44AF-82F5-0339F963CA5C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F24DB7B0-9096-4D3F-8ABC-2FA2D5A3E7B4}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{F32D319C-A4CD-4D4A-8EFF-F6F8ADB995DC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F549DF55-78EF-42AB-B50D-6EDBB6FA49F7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F70BFBF9-9477-4D3C-9918-C2B5E03C1454}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |
"{F90A2363-7397-41B5-AE49-C248CDB31EE8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FA7716F6-1683-4815-9A59-F05579876F6C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{FB93830D-9421-4FFF-B21D-FABE07678843}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FDD2D203-EC31-426E-AA81-702D02B5BE02}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{2DD87E9C-8C9E-4D68-A038-1A50EADA87FB}C:\program files\myphoneexplorer2\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files\myphoneexplorer2\myphoneexplorer.exe |
"TCP Query User{54B864DE-BDD9-4DFE-B1B9-F3891E1C920E}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{6C3590BF-BD98-4733-95EB-154EE19E4CE3}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{708334D8-2489-4840-8032-563D3B800E26}C:\program files\map&guide\map&guide base\bin\mgbase.exe" = protocol=6 | dir=in | app=c:\program files\map&guide\map&guide base\bin\mgbase.exe |
"TCP Query User{7C2F1A56-E482-491C-8CD6-4A8B34CEC332}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{8296D31C-F463-4929-9DCA-38250D56CFC2}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{982143ED-7AE9-46AF-BF8F-8BC81EFAB6C9}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{CE018111-BD8C-45D3-9910-58E3AFCAD6B6}C:\users\mc\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\mc\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{E2C4B350-0596-4137-ACEA-E2440651023E}C:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"TCP Query User{FFF908E4-1360-47F9-AD64-EB9EF7A9BC6F}C:\program files\myphoneexplorer2\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files\myphoneexplorer2\myphoneexplorer.exe |
"UDP Query User{0AEDFDB3-D3F4-4474-BA24-CBD599A59BF8}C:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"UDP Query User{1FB6F7EB-3B75-4168-AF89-8961100F062E}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{4F6BCD17-1723-4016-9B90-ECE72BE62CED}C:\program files\myphoneexplorer2\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files\myphoneexplorer2\myphoneexplorer.exe |
"UDP Query User{5E609DA9-0F7F-4292-A276-BF7CC5F7FAFD}C:\users\mc\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\mc\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{6A5E8D14-08E1-4CE2-A476-69E7849F1CD4}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{893A5B32-214C-48CE-9129-398957E61F5A}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{A5D27D68-CB22-4F22-9562-6239DC077216}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{CFC74CC0-D0F8-43FB-8387-79DF1BCF2F04}C:\program files\myphoneexplorer2\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files\myphoneexplorer2\myphoneexplorer.exe |
"UDP Query User{D4724282-2CE8-41BE-AB52-C216FEC04638}C:\program files\map&guide\map&guide base\bin\mgbase.exe" = protocol=17 | dir=in | app=c:\program files\map&guide\map&guide base\bin\mgbase.exe |
"UDP Query User{D966CAAB-D641-4607-9904-7DC916ADBCFE}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{018F8F57-B46B-B9B9-C452-DE8F5618434F}" = Catalyst Control Center Graphics Full Existing
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{07C93E59-2DE3-1565-28A9-8C848B26D0F5}" = CCC Help German
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0A6F9244-8C79-1296-3A43-097F67EB666A}" = Catalyst Control Center Localization Dutch
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP510" = Canon MP510
"{1316AEF2-E086-46C7-B1FB-8C9A39A2ABF9}" = VAIO Media plus
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}" = VAIO Launcher
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1790FDA2-938F-C886-8988-1ECB74E45517}" = Catalyst Control Center Localization Norwegian
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1C815731-19F3-0770-8776-D78D6BEBC291}" = Catalyst Control Center Localization Hungarian
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1EC06E70-BE43-DAAA-A217-E5C98869B1F8}" = Catalyst Control Center Localization Greek
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{2018C019-30D9-4240-8C01-0865C10DCF5A}" = Unterstützung für VAIO-Präsentation
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD BD for VAIO
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting
"{252E50FD-F27C-C8DD-C9E2-D2845A2DC399}" = ATI Catalyst Install Manager
"{25BA8D5A-228A-7192-6FA1-890D9F1C679F}" = CCC Help Korean
"{25BEC3AB-5CD4-481D-9143-215C1BBB189E}" = Sony Ericsson PC Suite
"{26921B2E-3E62-47F9-A514-1FC4A83BD738}" = Intel(R) PROSet/Wireless WiFi-Software
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 4.010.00
"{303F7619-4E67-450F-985A-A2DF51B30AC8}" = Adobe Setup
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{363611D9-1106-41F2-B74E-BD8481C41219}" = Click to Disc
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3B311FB9-5B6A-328C-D7AE-2445D639D886}" = CCC Help Norwegian
"{3B659FAD-E772-44A3-B7E7-560FF084669F}" = VAIO Smart Network
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D333C7C-102B-F474-9524-72AAA3F292B8}" = Catalyst Control Center Localization Danish
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{4415B0E6-B266-49C3-B501-FFEF76C3D71B}" = Google Advertising Cookie Opt-out
"{4529BC6B-16AE-6829-4946-36C33DBF8DD1}" = Catalyst Control Center Localization French
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{46D7A7FB-305B-F77D-60F8-8FAE1C432374}" = Catalyst Control Center InstallProxy
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"{4EA55D20-27FB-45D7-8726-147E8A5F6C62}" = VAIO MusicBox
"{4EBFAB00-674D-27E3-91B0-3BAA73FC6FA6}" = Bamboo Dock
"{51B833D8-66B0-4E72-92B9-4E4977EF37F2}" = WD Drive Manager (x86)
"{527EB2A4-BF51-B1B6-3F09-2032A861548E}" = Catalyst Control Center Graphics Light
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy Media Creator 10 LJ
"{55C0F7C1-8B6D-CBBD-2B88-EE7261A87254}" = CCC Help Greek
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic
"{5C318BD3-BA72-43E4-9D16-A18210B4A5A5}" = Media Go
"{5C5EE8F2-0B38-4C13-AE4E-A87A237FE718}" =
"{5F5867F0-2D23-4338-A206-01A76C823924}" = VAIO Energie Verwaltung
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{629FD96D-5877-0832-2D31-0EFE781F870D}" = CCC Help Portuguese
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{652C5DED-9B9F-93D0-5E94-931B8C38EF0E}" = Catalyst Control Center Localization Thai
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc
"{6A54CB6A-59D1-6A3A-08F3-E34ECF8905A9}" = Catalyst Control Center Graphics Previews Vista
"{6AA6EEA5-BF09-932B-AC25-0E9CCA4B709A}" = CCC Help Danish
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6C4EF0CA-A9DD-96CF-B722-CCDEB589DD26}" = Catalyst Control Center Localization Chinese Traditional
"{6C50525A-2D77-4C22-B058-9AA2F27ACFF2}" = VAIO Content Metadata Intelligent Analyzing Manager
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{711D43D7-24FE-A2B7-CC52-A48BCAAF3926}" = Catalyst Control Center Graphics Previews Common
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{73496381-83C9-7BE6-6EB6-4CF97C00E5FD}" = CCC Help Polish
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{79BBD55C-9FF6-D496-8AE6-E2EC2829F974}" = Catalyst Control Center Localization Czech
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7CC28423-465C-F4B9-9379-343DF715BE62}" = CCC Help Swedish
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{7E823DA5-43A2-46E8-A75E-5A2A0FDE81A1}" = VAIO Content Metadata Manager Setting
"{7E910FDA-CBBE-4451-8728-235E6A4DE162}" = Sony Ericsson Media Manager 1.1
"{7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2 Trial
"{80828DF5-270E-F8E6-6274-55ACA4C7E229}" = Catalyst Control Center Localization Japanese
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83CDA18E-0BF3-4ACA-872C-B4CDABF2360E}" = VAIO Update 4
"{84037798-D63A-F5CA-9FB2-829B362BF712}" = CCC Help Finnish
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{8470A1D9-536E-C7C1-AE2D-24B739B1665A}" = Catalyst Control Center Localization Russian
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{882683C6-8B60-5CBC-38A8-55ED185FD975}" = CCC Help Turkish
"{8843C5E1-51E5-DFA6-1AD8-757C8DCA7E37}" = CCC Help Russian
"{88C596E4-6882-8E76-EBEF-AB739F5A3B69}" = Catalyst Control Center Localization Italian
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BD60AEF-3F9D-47AE-B80A-FB7FFCE335A0}" = VAIO Movie Story
"{8C467DE1-6E04-0888-B281-172909C96F37}" = Skins
"{8C7FB08D-7A84-22E0-F553-F6B827023E17}" = CCC Help Chinese Traditional
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{925936AC-9C9A-4897-874B-60961AAB6D52}" = Disc2Phone
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{93F32124-BB54-C599-CF55-E1E57565BCE3}" = CCC Help Czech
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{96C951BB-47C8-8497-78F0-7D8D328B58E3}" = Catalyst Control Center Localization Portuguese
"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" =
"{98FC7A64-774B-49B5-B046-4B4EBC053FA9}" = VAIO MusicBox Sample Music
"{9973498D-EA29-4A68-BE0B-C88D6E03E928}" = ArcSoft WebCam Companion 2
"{99D8CD4E-A5D2-A9DF-A152-B28EB5A71F85}" = Catalyst Control Center Localization German
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C1C8A04-F8CA-4472-A92D-4288CE32DE86}" = SonicStage Mastering Studio Plugins
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{A552C4EA-D41E-4C61-A0FB-C0E05440F7D7}" = VAIO Entertainment Platform
"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Function Setting
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939F952-1C7E-CBF8-EE77-CFBD9C6A4ECC}" = ccc-core-static
"{AA75988E-9EC1-EECE-CE00-D5D935974528}" = CCC Help Dutch
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_946" = Adobe Acrobat 9.4.6 - CPSID_83708
"{ACB5FD4A-6C58-972C-180C-9677C037E71D}" = Catalyst Control Center Localization Chinese Standard
"{ADBDB038-FF77-C672-04A1-7A0E67E8C73C}" = Catalyst Control Center Core Implementation
"{ADECE95F-585D-8B33-BF50-53C2BDA1E241}" = Catalyst Control Center Localization Korean
"{AE0FBCB5-3193-4583-C6CB-AA96F307EA70}" = ccc-utility
"{AFF10119-F154-4888-77F3-B149DE987976}" = Catalyst Control Center Localization Polish
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B513C7B0-024A-498F-B0F5-00C67E2440A9}" = VAIO Content Metadata Intelligent Analyzing Manager
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7C03E84-AF46-42F4-809D-D4127D9086D0}" = VAIO Edit Components 6.4
"{B9A81070-616D-4E93-BE02-CEE651343204}" = WD Anywhere Backup
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BACD22AE-5B6B-4F23-B506-3FCFF13AC137}" = VAIO Media plus
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BC7E2C06-D255-4300-AA12-33AB54D009AC}" = Adobe Creative Suite 4 Design Standard
"{C1083DBC-C541-4E8C-91EA-D92397AB9A2C}" = OpenMG Secure Module 5.1.00
"{C1E693A4-B1D5-4DCD-B68D-2087835B7184}" = ScanSoft OmniPage SE 4.0
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C60BA916-9E44-4DA4-B11A-9E27B7624EF5}" = Sony Ericsson Drivers
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{C767EE67-9AA4-1CBF-8FD4-87F52CBB041D}" = CCC Help Italian
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{C8E57F8C-64FE-28D7-0F65-7BE87AF49745}" = Catalyst Control Center Graphics Full New
"{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}" = Sony Ericsson Device Data
"{C93F4E7C-1B31-449B-A304-EF277CF55E39}" = Catalyst Control Center - Branding
"{CAE07D54-A400-DAF9-912B-306DD941B61C}" = Catalyst Control Center Localization Finnish
"{CB6CF566-E06F-2556-55EF-EE149FC6EE7F}" = CCC Help French
"{CB8A8696-93EC-414E-A752-850AB133F68A}" = VAIO Content Metadata XML Interface Library
"{CC4BBCBA-89F6-47C3-9B0F-5CE5BB1C316C}" = WEB.DE Toolbar MSVC100 CRT x86
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Music Transfer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D035FBF6-FDEF-487D-89CA-6F9DD07B783F}" = Dolby Control Center
"{D355ECA7-DBF5-F22E-4E1A-BF69CFC5CED8}" = CCC Help Japanese
"{D44DF260-2D5A-3277-97D6-C97D1A806CF5}" = CCC Help Thai
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{D6BF6477-8369-489F-8DE6-3731F4B88560}" = Sony Ericsson PC Suite
"{D7019E24-BF07-3690-18C7-3D0DE87D09AB}" = CCC Help Chinese Standard
"{D7FFE7EB-1A15-864C-B335-E768BF623B84}" = Catalyst Control Center Localization Swedish
"{DE1F799A-0A02-FF3B-8786-195E91D0DE94}" = CCC Help Spanish
"{DF7DB916-90E5-40F2-9010-B8125EB5FD6F}" = SonicStage Mastering Studio Audio Filter
"{E31010F6-DE18-0E9F-E028-FC709306C6F1}" = Catalyst Control Center Localization Turkish
"{E464702F-5433-46EC-8F65-159276C0A54F}" = WIDCOMM Bluetooth Software 6.2.0.4100
"{E5BD6683-301D-B224-FB7C-320299CD51F9}" = CCC Help Hungarian
"{E9730C7A-E5DA-8222-45FE-2D71E810BE46}" = Catalyst Control Center Localization Spanish
"{EA39F1F5-D4A1-C02A-0865-7F6A95A33A56}" = CCC Help English
"{EC37A846-53AC-4DA7-98FA-76A4E74AA900}" = Benutzerdefinierte Voreinstellungen für SonicStage Mastering Studio Audio Filter
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{EE59BBF9-415C-45DB-8C4B-EE43CF635FEA}" = VAIO Content Metadata XML Interface Library
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" =
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FD72E69E-CF34-4071-BFD6-FD081A365E2C}" = VAIO Content Metadata Intelligent Analyzing Manager
"{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home
"{FE697886-F392-4E0D-A0C0-47587BF60992}" = VAIO Content Metadata Manager Setting
"{FECA6067-869C-4F32-9F6E-574E1496CE44}" = Memeo AutoSync
"1&1 Mail & Media GmbH 1und1InternetExplorerAddon" = WEB.DE Internet Explorer Addon
"1&1 Mail & Media GmbH 1und1Softwareaktualisierung" = WEB.DE Softwareaktualisierung
"1&1 Mail & Media GmbH Toolbar FF" = WEB.DE Toolbar für Mozilla Firefox
"1&1 Mail & Media GmbH Toolbar IE8" = WEB.DE Toolbar für Internet Explorer
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe InDesign CS2 - {7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2 Trial
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_1e3ba55b33b1e8227645fb9c82acca3" = Adobe Creative Suite 4 Design Standard
"Applian FLV and Media Player" = Applian FLV and Media Player 3.1.1.12
"AuralogComponentsUninstall9.exe" = AuralogComponentsUninstall9
"Avira AntiVir Desktop" = Avira Free Antivirus
"Bamboo Dock" = Bamboo Dock 3.3
"Canon MP510 Benutzerregistrierung" = Canon MP510 Benutzerregistrierung
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DivX Setup" = DivX-Setup
"dt icon module" =
"DVDx_is1" = DVDx
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"FileZilla" = FileZilla (remove only)
"FLV Player" = FLV Player 2.0 (build 25)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free Audio Dub_is1" = Free Audio Dub version 1.7.7
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 4.2.15
"Free YouTube Download_is1" = Free YouTube Download 2.9
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"gtfirstboot Setting Request" =
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD BD for VAIO
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"InstallShield_{C1083DBC-C541-4E8C-91EA-D92397AB9A2C}" = OpenMG Secure Module 5.1.00
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"MarketingTools" = VAIO Marketing Tools
"McAfee Security Scan" = McAfee Security Scan Plus
"MFU Module" =
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator 3.0" = Canon MP Navigator 3.0
"MPE" = MyPhoneExplorer
"Pamela" = Pamela Basic 4.0
"Pen Tablet Driver" = Bamboo
"Picasa 3" = Picasa 3
"ProInst" = Intel PROSet Wireless
"RealPlayer 12.0" = RealPlayer
"Uninstall_is1" = Uninstall 1.0.0.1
"Update Service" = Sony Ericsson Update Service
"VAIO Help and Support" =
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1" = Bamboo Dock
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.43-4
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"InstallShield_{B9A81070-616D-4E93-BE02-CEE651343204}" = WD Anywhere Backup
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 20.04.2011 20:34:01 | Computer Name = mc-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =
Error - 20.04.2011 20:51:24 | Computer Name = mc-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =
Error - 20.04.2011 21:00:06 | Computer Name = mc-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =
Error - 20.04.2011 21:00:06 | Computer Name = mc-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =
Error - 20.04.2011 21:12:38 | Computer Name = mc-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =
Error - 20.04.2011 21:12:40 | Computer Name = mc-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =
Error - 20.04.2011 21:13:10 | Computer Name = mc-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =
Error - 20.04.2011 21:13:13 | Computer Name = mc-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =
Error - 21.04.2011 05:53:05 | Computer Name = mc-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung MemeoBackup.exe, Version 2.0.0.0, Zeitstempel
0x46b24a7d, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18327, Zeitstempel 0x4cb73436,
Ausnahmecode 0xc0000374, Fehleroffset 0x000b06fc, Prozess-ID 0x15c8, Anwendungsstartzeit
01cbffb30aaab34e.
Error - 23.04.2011 10:36:12 | Computer Name = mc-PC | Source = Application Hang | ID = 1002
Description = Programm realplay.exe, Version 11.0.0.674 arbeitet nicht mehr mit
Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über
das Problem zu suchen. Prozess-ID: 1790 Anfangszeit: 01cc01c38ab76110 Zeitpunkt der
Beendigung: 50
[ OSession Events ]
Error - 21.06.2009 09:48:11 | Computer Name = mc-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.
Error - 21.06.2009 09:48:56 | Computer Name = mc-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.
Error - 15.03.2010 02:23:00 | Computer Name = mc-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 251182
seconds with 420 seconds of active time. This session ended with a crash.
Error - 01.06.2010 11:24:15 | Computer Name = mc-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 598
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 29.03.2009 12:44:06 | Computer Name = mc-PC | Source = DCOM | ID = 10000
Description =
Error - 30.03.2009 13:01:44 | Computer Name = mc-PC | Source = DCOM | ID = 10000
Description =
Error - 31.03.2009 03:04:46 | Computer Name = mc-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 31.03.2009 um 09:03:34 unerwartet heruntergefahren.
Error - 31.03.2009 03:04:59 | Computer Name = mc-PC | Source = HTTP | ID = 15016
Description =
Error - 31.03.2009 03:05:31 | Computer Name = mc-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 31.03.2009 03:07:01 | Computer Name = mc-PC | Source = DCOM | ID = 10000
Description =
Error - 31.03.2009 07:38:47 | Computer Name = mc-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 31.03.2009 um 13:36:24 unerwartet heruntergefahren.
Error - 31.03.2009 07:39:00 | Computer Name = mc-PC | Source = HTTP | ID = 15016
Description =
Error - 31.03.2009 07:39:50 | Computer Name = mc-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 31.03.2009 08:18:47 | Computer Name = mc-PC | Source = DCOM | ID = 10000
Description =
< End of report >
OTL Logfile: Code:
ATTFilter OTL logfile created on: 11.06.2012 17:43:14 - Run 1 OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\mc\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,07 Gb Available Physical Memory | 35,79% Memory free 6,19 Gb Paging File | 4,02 Gb Available in Paging File | 64,92% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 221,67 Gb Total Space | 40,65 Gb Free Space | 18,34% Space Free | Partition Type: NTFS Computer Name: MC-PC | User Name: mc | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\mc\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Programme\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.) PRC - C:\Windows\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe (Adobe Systems, Inc.) PRC - C:\Programme\Bamboo Dock\BambooCore.exe () PRC - C:\Programme\Tablet\Pen\Pen_Tablet.exe (Wacom Technology, Corp.) PRC - C:\Programme\Tablet\Pen\Pen_TouchUser.exe (Wacom Technology, Corp.) PRC - C:\Programme\Tablet\Pen\Pen_TabletUser.exe (Wacom Technology, Corp.) PRC - C:\Programme\Tablet\Pen\Pen_TouchService.exe (Wacom Technology, Corp.) PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson) PRC - C:\Programme\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\PCCompanionInfo.exe () PRC - C:\Programme\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.) PRC - C:\Programme\Windows Media Player\wmplayer.exe (Microsoft Corporation) PRC - C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.) PRC - C:\Windows\System32\ieconfig_1und1_svc.exe (mquadr.at softwareengineering und consulting gmbh) PRC - C:\Programme\Common Files\microsoft shared\ink\TabTip.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) PRC - C:\Programme\Pamela\Pamela.exe (Pamela-Systems) PRC - C:\Programme\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation) PRC - C:\Programme\Sony\VAIO Power Management\SPMService.exe (Sony Corporation) PRC - C:\Programme\Sony\Network Utility\NSUService.exe (Sony Corporation) PRC - C:\Programme\Sony\Network Utility\LANUtil.exe (Sony Corporation) PRC - C:\Windows\RTKAUDIOSERVICE.EXE (Realtek Semiconductor) PRC - C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) PRC - C:\Programme\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation) PRC - C:\Programme\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation) PRC - C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation) PRC - C:\Programme\Sony\VAIO Update 4\VAIOUpdt.exe (Sony Corporation) PRC - C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation) PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) PRC - C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) PRC - C:\Programme\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) PRC - C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.) PRC - C:\Programme\Apoint\ApntEx.exe (Alps Electric Co., Ltd.) PRC - C:\Programme\Apoint\ApMsgFwd.exe (Alps Electric Co., Ltd.) PRC - C:\Programme\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe (WDC) PRC - C:\Programme\Western Digital\WD Drive Manager\WDBtnMgrUI.exe (WDC) PRC - C:\Programme\Common Files\microsoft shared\ink\InputPersonalization.exe (Microsoft Corporation) PRC - C:\Windows\System32\mspaint.exe (Microsoft Corporation) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\75df548d77c2833a48c5da51424c93f1\System.IdentityModel.Selectors.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\32983e3f4c5c20053e6673f37a58a874\System.IdentityModel.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\1619144e1a9eaca847e53b952b21820b\System.Runtime.Serialization.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\521fb04fdfbb0039a34cc91111d11804\SMDiagnostics.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\1dac5ff29f483e19c77b23b00ba533f9\System.ServiceModel.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\ef684a2ee2f7276eec3973a0654d2bd4\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e4d54640bacd18e047a4573cb4611bd3\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5d8696f15e49aedf883dd945806a7049\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll () MOD - C:\Windows\System32\ieconfig_1und1.dll () MOD - C:\Programme\Bamboo Dock\BambooCore.exe () MOD - C:\Programme\Tablet\Pen\libxml2.dll () MOD - C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\MExplorer.dll () MOD - C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\PCCompanionInfo.exe () MOD - C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\TMonitorAPI.dll () MOD - C:\Programme\Google\Google Desktop Search\gzlib.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.ServiceModel.resources\3.0.0.0_de_b77a5c561934e089\System.ServiceModel.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Programme\Adobe\Acrobat 9.0\Acrobat\AcroTray.DEU () MOD - C:\Programme\Pamela\crashrpt.dll () MOD - C:\Programme\Pamela\zlib.dll () MOD - C:\Programme\Pamela\lng.dll () MOD - C:\Windows\assembly\GAC_MSIL\SPMDam\3.1.0.6020__1b3c579b6925895f\SPMDam.dll () MOD - C:\Windows\assembly\GAC_MSIL\SPMCommon\3.1.0.6020__e3c7096ba83f9295\SPMCommon.dll () MOD - C:\Windows\System32\atitmmxx.dll () ========== Win32 Services (SafeList) ========== SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (TabletServicePen) -- C:\Programme\Tablet\Pen\Pen_Tablet.exe (Wacom Technology, Corp.) SRV - (TouchServicePen) -- C:\Programme\Tablet\Pen\Pen_TouchService.exe (Wacom Technology, Corp.) SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.) SRV - (serviceIEConfig) -- C:\Windows\System32\ieconfig_1und1_svc.exe (mquadr.at softwareengineering und consulting gmbh) SRV - (Microsoft Office Groove Audit Service) -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation) SRV - (FLEXnet Licensing Service) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (Adobe Version Cue CS4) -- C:\Programme\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe (Adobe Systems Incorporated) SRV - (VAIO Power Management) -- C:\Programme\Sony\VAIO Power Management\SPMService.exe (Sony Corporation) SRV - (NSUService) -- C:\Programme\Sony\Network Utility\NSUService.exe (Sony Corporation) SRV - (RtkAudioService) -- C:\Windows\RTKAUDIOSERVICE.EXE (Realtek Semiconductor) SRV - (VAIO Event Service) -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) SRV - (VCFw) -- C:\Programme\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation) SRV - (Vcsw) -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation) SRV - (VcmIAlzMgr) -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation) SRV - (VcmXmlIfHelper) -- C:\Programme\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe (Sony Corporation) SRV - (VzCdbSvc) -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation) SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation) SRV - (SOHDms) -- C:\Programme\Sony\VAIO Media plus\SOHDms.exe (Sony Corporation) SRV - (SOHCImp) -- C:\Programme\Sony\VAIO Media plus\SOHCImp.exe (Sony Corporation) SRV - (SOHDs) -- C:\Programme\Sony\VAIO Media plus\SOHDs.exe (Sony Corporation) SRV - (SPTISRV) -- C:\Programme\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation) SRV - (MSCSPTISRV) -- C:\Programme\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation) SRV - (PACSPTISVR) -- C:\Programme\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation) SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV - (WDBtnMgrSvc.exe) -- C:\Programme\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe (WDC) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (AutoSyncService) -- C:\Programme\Memeo\AutoSync\MemeoService.exe (Memeo) SRV - (IviRegMgr) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (wacomvhid) -- system32\DRIVERS\wacomvhid.sys File not found DRV - (UIUSys) -- system32\DRIVERS\UIUSYS.SYS File not found DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications) DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (wacmoumonitor) -- C:\Windows\System32\drivers\wacmoumonitor.sys (Wacom Technology) DRV - (WacomVTHid) -- C:\Windows\System32\drivers\WacomVTHid.sys (Wacom Technology) DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.) DRV - (hwusbfake) -- C:\Windows\System32\drivers\ewusbfake.sys (Huawei Technologies Co., Ltd.) DRV - (WinUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (DMICall) -- C:\Windows\System32\drivers\DMICall.sys (Sony Corporation) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.) DRV - (risdptsk) -- C:\Windows\System32\drivers\risdptsk.sys (REDC) DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation) DRV - (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) -- C:\Windows\System32\drivers\s0016unic.sys (MCCI Corporation) DRV - (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) -- C:\Windows\System32\drivers\s0016nd5.sys (MCCI Corporation) DRV - (s0016mdfl) -- C:\Windows\System32\drivers\s0016mdfl.sys (MCCI Corporation) DRV - (s0016mdm) -- C:\Windows\System32\drivers\s0016mdm.sys (MCCI Corporation) DRV - (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s0016mgmt.sys (MCCI Corporation) DRV - (s0016obex) -- C:\Windows\System32\drivers\s0016obex.sys (MCCI Corporation) DRV - (s0016bus) Sony Ericsson Device 0016 driver (WDM) -- C:\Windows\System32\drivers\s0016bus.sys (MCCI Corporation) DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (SFEP) -- C:\Windows\System32\drivers\SFEP.sys (Sony Corporation) DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (s217unic) Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (WDM) -- C:\Windows\System32\drivers\s217unic.sys (MCCI) DRV - (s217mgmt) Sony Ericsson Device 217 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s217mgmt.sys (MCCI Corporation) DRV - (s217obex) -- C:\Windows\System32\drivers\s217obex.sys (MCCI Corporation) DRV - (s217nd5) Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (NDIS) -- C:\Windows\System32\drivers\s217nd5.sys (MCCI Corporation) DRV - (s217mdm) -- C:\Windows\System32\drivers\s217mdm.sys (MCCI Corporation) DRV - (s217bus) Sony Ericsson Device 217 driver (WDM) -- C:\Windows\System32\drivers\s217bus.sys (MCCI Corporation) DRV - (s217mdfl) -- C:\Windows\System32\drivers\s217mdfl.sys (MCCI Corporation) DRV - (s125mgmt) Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s125mgmt.sys (MCCI Corporation) DRV - (s125obex) -- C:\Windows\System32\drivers\s125obex.sys (MCCI Corporation) DRV - (s125mdm) -- C:\Windows\System32\drivers\s125mdm.sys (MCCI Corporation) DRV - (s125mdfl) -- C:\Windows\System32\drivers\s125mdfl.sys (MCCI Corporation) DRV - (s125bus) Sony Ericsson Device 125 driver (WDM) -- C:\Windows\System32\drivers\s125bus.sys (MCCI Corporation) DRV - (s115mgmt) Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s115mgmt.sys (MCCI Corporation) DRV - (s115obex) -- C:\Windows\System32\drivers\s115obex.sys (MCCI Corporation) DRV - (s115mdm) -- C:\Windows\System32\drivers\s115mdm.sys (MCCI Corporation) DRV - (s115mdfl) -- C:\Windows\System32\drivers\s115mdfl.sys (MCCI Corporation) DRV - (s115bus) Sony Ericsson Device 115 driver (WDM) -- C:\Windows\System32\drivers\s115bus.sys (MCCI Corporation) DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo) DRV - (s716unic) Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM) -- C:\Windows\System32\drivers\s716unic.sys (MCCI Corporation) DRV - (s716obex) -- C:\Windows\System32\drivers\s716obex.sys (MCCI Corporation) DRV - (s716nd5) Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS) -- C:\Windows\System32\drivers\s716nd5.sys (MCCI Corporation) DRV - (s716mdm) -- C:\Windows\System32\drivers\s716mdm.sys (MCCI Corporation) DRV - (s716mgmt) Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s716mgmt.sys (MCCI Corporation) DRV - (s716mdfl) -- C:\Windows\System32\drivers\s716mdfl.sys (MCCI Corporation) DRV - (s716bus) Sony Ericsson Device 716 driver (WDM) -- C:\Windows\System32\drivers\s716bus.sys (MCCI Corporation) DRV - (wacommousefilter) -- C:\Windows\System32\drivers\wacommousefilter.sys (Wacom Technology) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com IE - HKLM\..\SearchScopes,DefaultScope = {19E9452E-77E6-48AA-BBAB-3D81852794D0} IE - HKLM\..\SearchScopes\{19E9452E-77E6-48AA-BBAB-3D81852794D0}: "URL" = hxxp://www.google.de/search?hl=de&q={searchTerms}&meta= IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.web.de/home IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://go.web.de/tab2 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.web.de/tb/ie_startpage IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {19E9452E-77E6-48AA-BBAB-3D81852794D0} IE - HKCU\..\SearchScopes\{19E9452E-77E6-48AA-BBAB-3D81852794D0}: "URL" = IE - HKCU\..\SearchScopes\{40064957-18EB-412d-9146-3F57E8D92EEC}: "URL" = hxxp://go.web.de/br/ie9_search_pic/?su={searchTerms} IE - HKCU\..\SearchScopes\{53FC9A4E-9CB0-4B81-9478-6029599E1608}: "URL" = hxxp://wa.ui-portal.de/webde/webde/s?produkte.browser.link.ebaysuche&s_brand=webde&t_link=ebaysuche&ns_type=clickin&ns_url=hxxp://rover.ebay.com/rover/1/707-52222-30040-5/4?mpre=hxxp://shop.ebay.de/?_sacat=See-All-Categories&_nkw={searchTerms} IE - HKCU\..\SearchScopes\{A44D4BF4-79B7-4933-93FC-8C7BC9F378C1}: "URL" = hxxp://go.web.de/suchbox/ie_amazon/?keywords={searchTerms} IE - HKCU\..\SearchScopes\{D8BEB828-74DA-4CA6-93A8-F7D6F897D385}: "URL" = hxxp://suche.web.de/search/web/?su={searchTerms}&origin=searchplugin IE - HKCU\..\SearchScopes\{DCE59F23-A446-45a5-9459-E68FDC0DE38D}: "URL" = hxxp://go.web.de/br/ie9_search_maps/?su={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/" FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.4.2 FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.7 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145 FF - prefs.js..extensions.enabledItems: toolbar@web.de:1.7.1 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.1 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.2&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll (Sony Media Software and Services Inc) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.) FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.) FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.) FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.1: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\mc\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.12.02 19:31:37 | 000,000,000 | -H-D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.12 17:12:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.05 13:14:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.06.05 13:14:41 | 000,000,000 | ---D | M] [2008.12.17 10:17:40 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\mc\AppData\Roaming\mozilla\Extensions [2012.06.05 13:09:11 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\mc\AppData\Roaming\mozilla\Firefox\Profiles\uuhchzq9.default\extensions [2011.12.24 15:41:06 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\mc\AppData\Roaming\mozilla\Firefox\Profiles\uuhchzq9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.12.24 15:41:17 | 000,000,000 | -H-D | M] ("ICQ Toolbar") -- C:\Users\mc\AppData\Roaming\mozilla\Firefox\Profiles\uuhchzq9.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.05.04 17:09:52 | 000,000,000 | -H-D | M] ("DVDVideoSoft Menu") -- C:\Users\mc\AppData\Roaming\mozilla\Firefox\Profiles\uuhchzq9.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.12.24 15:39:37 | 000,000,000 | -H-D | M] (Adblock Plus) -- C:\Users\mc\AppData\Roaming\mozilla\Firefox\Profiles\uuhchzq9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2011.12.24 15:41:14 | 000,000,000 | -H-D | M] (WEB.DE Toolbar) -- C:\Users\mc\AppData\Roaming\mozilla\Firefox\Profiles\uuhchzq9.default\extensions\toolbar@web.de [2012.06.05 13:09:12 | 000,000,950 | -H-- | M] () -- C:\Users\mc\AppData\Roaming\Mozilla\Firefox\Profiles\uuhchzq9.default\searchplugins\icqplugin-1.xml [2011.12.20 20:35:01 | 000,000,950 | -H-- | M] () -- C:\Users\mc\AppData\Roaming\Mozilla\Firefox\Profiles\uuhchzq9.default\searchplugins\icqplugin-2.xml [2011.12.20 20:35:51 | 000,000,950 | -H-- | M] () -- C:\Users\mc\AppData\Roaming\Mozilla\Firefox\Profiles\uuhchzq9.default\searchplugins\icqplugin-3.xml [2011.12.24 15:41:28 | 000,000,950 | -H-- | M] () -- C:\Users\mc\AppData\Roaming\Mozilla\Firefox\Profiles\uuhchzq9.default\searchplugins\icqplugin-4.xml [2012.06.05 12:59:24 | 000,000,950 | -H-- | M] () -- C:\Users\mc\AppData\Roaming\Mozilla\Firefox\Profiles\uuhchzq9.default\searchplugins\icqplugin-5.xml [2012.06.05 13:16:36 | 000,000,950 | -H-- | M] () -- C:\Users\mc\AppData\Roaming\Mozilla\Firefox\Profiles\uuhchzq9.default\searchplugins\icqplugin-6.xml [2011.12.18 14:29:14 | 000,000,168 | -H-- | M] () -- C:\Users\mc\AppData\Roaming\Mozilla\Firefox\Profiles\uuhchzq9.default\searchplugins\icqplugin.gif [2011.12.18 14:29:14 | 000,000,618 | -H-- | M] () -- C:\Users\mc\AppData\Roaming\Mozilla\Firefox\Profiles\uuhchzq9.default\searchplugins\icqplugin.src [2010.12.28 01:00:08 | 000,000,944 | -H-- | M] () -- C:\Users\mc\AppData\Roaming\Mozilla\Firefox\Profiles\uuhchzq9.default\searchplugins\icqplugin.xml [2012.06.05 13:15:25 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2009.07.16 11:37:53 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2011.10.15 17:40:43 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011.12.12 17:12:39 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5 [2012.06.05 13:14:38 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.06.18 19:16:38 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012.06.05 13:14:31 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.05 13:14:31 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.05 13:14:31 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.06.05 13:14:31 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.05 13:14:31 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.05 13:14:31 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} O1 HOSTS File: ([2012.02.10 15:19:52 | 000,441,283 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 15169 more lines... O2 - BHO: (WEB.DE Konfiguration) - {17166733-40EA-4432-A85C-AE672FF0E236} - C:\ProgramData\1und1InternetExplorerAddon\BHOXML.dll (1&1 Mail & Media GmbH) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Advertising Cookie Opt-out) - {8E425EB4-ADBD-4816-B1E8-49BB9DECF034} - C:\Programme\Google\Advertising Cookie Opt-out\opt_out.dll (Google Inc) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (WEB.DE Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Google BAE\BAE.dll (Your Company Name) O2 - BHO: (WEB.DE Browser Configuration) - {D48FF4B4-E68F-47D1-8E25-81A0F0EEB341} - C:\Windows\System32\ieconfig_1und1.dll () O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (WEB.DE Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (WEB.DE Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Programme\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BambooCore] C:\Programme\Bamboo Dock\BambooCore.exe () O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [WD Drive Manager] C:\Programme\Western Digital\WD Drive Manager\WDBtnMgrUI.exe (WDC) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [NSUFloatingUI] C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation) O4 - HKCU..\Run: [pamela.exe] C:\Program Files\Pamela\pamela.exe (Pamela-Systems) O4 - HKCU..\Run: [Sony Ericsson PC Companion] C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson) O4 - Startup: C:\Users\mc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\mc\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\mc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Free YouTube Download - C:\Users\mc\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\mc\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll () O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll () O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O13 - gopher Prefix: missing O15 - HKLM\..Trusted Domains: 120.105 ([194.94] http in Trusted sites) O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O15 - HKCU\..Trusted Ranges: Range2 ([http] in Vertrauenswürdige Sites) O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab (Microsoft Office Template and Media Control) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab (DLM Control) O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab (CeWe Color AG & Co. OHG Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} hxxp://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control) O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} hxxp://as.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab (IPSUploader4 Control) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.69.100.182 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2CBD709C-B947-41DA-B806-F629716B6F70}: DhcpNameServer = 80.69.100.182 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{989642EC-EEDC-4410-AFA9-1EB2B3B39409}: DhcpNameServer = 139.7.30.126 139.7.30.125 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BFFB8361-4CEE-4516-B144-ED21856A9864}: DhcpNameServer = 139.7.30.126 139.7.30.125 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CCB0A9D0-05AD-4A90-9C7C-06497781FE78}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation) O24 - Desktop WallPaper: C:\Users\mc\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\mc\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{227e8917-ddb0-11df-ba6f-e8ec86ab2a75}\Shell - "" = AutoRun O33 - MountPoints2\{227e8917-ddb0-11df-ba6f-e8ec86ab2a75}\Shell\AutoRun\command - "" = H:\Startme.exe O33 - MountPoints2\{49420ade-0c25-11df-a1d8-00214f4ba1fd}\Shell - "" = AutoRun O33 - MountPoints2\{49420ade-0c25-11df-a1d8-00214f4ba1fd}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{49420ae6-0c25-11df-a1d8-001e101f21c1}\Shell - "" = AutoRun O33 - MountPoints2\{49420ae6-0c25-11df-a1d8-001e101f21c1}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{8c2ec354-0dbb-11df-baba-001e101f3534}\Shell - "" = AutoRun O33 - MountPoints2\{8c2ec354-0dbb-11df-baba-001e101f3534}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{a93c2e66-ecab-11df-bc4c-e69db9e92d93}\Shell - "" = AutoRun O33 - MountPoints2\{a93c2e66-ecab-11df-bc4c-e69db9e92d93}\Shell\AutoRun\command - "" = G:\Startme.exe O33 - MountPoints2\{e7db0ace-057d-11de-8f2f-001dba8b5c03}\Shell - "" = AutoRun O33 - MountPoints2\{e7db0ace-057d-11de-8f2f-001dba8b5c03}\Shell\AutoRun\command - "" = H:\LaunchU3.exe O33 - MountPoints2\G\Shell\AutoRun\command - "" = wd_windows_tools\WDEULA.exe O33 - MountPoints2\H\Shell - "" = AutoRun O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.06.11 14:28:34 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\mc\Desktop\OTL.exe [2012.06.11 11:28:13 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.06.10 21:46:23 | 000,000,000 | -H-D | C] -- C:\Users\mc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Recovery [2012.06.10 13:03:41 | 000,000,000 | ---D | C] -- C:\Users\mc\Desktop\technische zeichnungen [2012.06.05 13:15:37 | 000,000,000 | -H-D | C] -- C:\ProgramData\Mozilla [2012.06.05 13:15:31 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [11 C:\Users\mc\Desktop\*.tmp files -> C:\Users\mc\Desktop\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.06.11 18:02:13 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.06.11 18:02:02 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.06.11 17:58:38 | 000,061,620 | ---- | M] () -- C:\Users\mc\Desktop\ESET Online Scanner.jpg [2012.06.11 17:17:16 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.11 17:17:16 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.11 16:54:02 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4255039938-3766025541-2004309782-1000UA.job [2012.06.11 14:28:36 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\mc\Desktop\OTL.exe [2012.06.11 11:17:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.11 00:02:22 | 000,632,502 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.06.11 00:02:22 | 000,599,150 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.06.11 00:02:22 | 000,127,714 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.06.11 00:02:22 | 000,105,164 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.06.10 23:55:03 | 3218,120,704 | -HS- | M] () -- C:\hiberfil.sys [2012.06.10 23:19:42 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012.06.10 21:55:44 | 000,000,000 | -H-- | M] () -- C:\ProgramData\-7mVIvHaEUJBdTb [2012.06.10 21:55:31 | 000,000,256 | -H-- | M] () -- C:\ProgramData\7mVIvHaEUJBdTb [2012.06.10 21:46:30 | 000,000,128 | -H-- | M] () -- C:\ProgramData\-7mVIvHaEUJBdTbr [2012.06.10 21:46:24 | 000,000,607 | -H-- | M] () -- C:\Users\mc\Desktop\Data_Recovery.lnk [2012.06.10 21:45:44 | 000,250,880 | -H-- | M] () -- C:\ProgramData\7mVIvHaEUJBdTb.exe [2012.06.10 19:54:01 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4255039938-3766025541-2004309782-1000Core.job [2012.06.10 12:42:22 | 000,046,048 | ---- | M] () -- C:\Users\mc\Desktop\these_funny_animals_968_640_13[1].jpg [2012.06.10 12:42:19 | 000,038,196 | ---- | M] () -- C:\Users\mc\Desktop\these_funny_animals_966_640_06[1].jpg [2012.06.09 21:49:37 | 000,038,079 | ---- | M] () -- C:\Users\mc\Desktop\6,h=493_bild.jpg [2012.06.08 13:21:41 | 000,109,530 | ---- | M] () -- C:\Users\mc\Desktop\MissyFront.pdf [2012.06.08 13:21:30 | 000,109,342 | ---- | M] () -- C:\Users\mc\Desktop\MissyBack.pdf [2012.06.08 10:41:36 | 000,514,390 | ---- | M] () -- C:\Users\mc\Desktop\DSC00803.jpg [2012.06.06 13:58:40 | 000,042,470 | ---- | M] () -- C:\Users\mc\Desktop\9007267975192236_37HAI7WK_c.jpg [2012.06.04 13:02:33 | 000,008,188 | -H-- | M] () -- C:\Users\mc\AppData\Local\d3d9caps.dat [2012.06.02 11:41:06 | 000,051,200 | -H-- | M] () -- C:\Users\mc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.05.16 22:40:51 | 002,610,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [11 C:\Users\mc\Desktop\*.tmp files -> C:\Users\mc\Desktop\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.06.11 17:58:37 | 000,061,620 | ---- | C] () -- C:\Users\mc\Desktop\ESET Online Scanner.jpg [2012.06.10 23:55:03 | 3218,120,704 | -HS- | C] () -- C:\hiberfil.sys [2012.06.10 21:46:30 | 000,000,128 | -H-- | C] () -- C:\ProgramData\-7mVIvHaEUJBdTbr [2012.06.10 21:46:30 | 000,000,000 | -H-- | C] () -- C:\ProgramData\-7mVIvHaEUJBdTb [2012.06.10 21:46:24 | 000,000,607 | -H-- | C] () -- C:\Users\mc\Desktop\Data_Recovery.lnk [2012.06.10 21:46:11 | 000,000,256 | -H-- | C] () -- C:\ProgramData\7mVIvHaEUJBdTb [2012.06.10 21:45:44 | 000,250,880 | -H-- | C] () -- C:\ProgramData\7mVIvHaEUJBdTb.exe [2012.06.10 12:42:18 | 000,046,048 | ---- | C] () -- C:\Users\mc\Desktop\these_funny_animals_968_640_13[1].jpg [2012.06.10 12:42:18 | 000,038,196 | ---- | C] () -- C:\Users\mc\Desktop\these_funny_animals_966_640_06[1].jpg [2012.06.09 21:50:20 | 000,038,079 | ---- | C] () -- C:\Users\mc\Desktop\6,h=493_bild.jpg [2012.06.08 17:50:28 | 000,514,390 | ---- | C] () -- C:\Users\mc\Desktop\DSC00803.jpg [2012.06.08 13:21:39 | 000,109,530 | ---- | C] () -- C:\Users\mc\Desktop\MissyFront.pdf [2012.06.08 13:21:27 | 000,109,342 | ---- | C] () -- C:\Users\mc\Desktop\MissyBack.pdf [2012.06.06 13:58:51 | 000,042,470 | ---- | C] () -- C:\Users\mc\Desktop\9007267975192236_37HAI7WK_c.jpg [2012.06.05 13:15:21 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012.02.13 17:37:03 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2011.03.30 02:45:40 | 001,431,120 | ---- | C] () -- C:\Windows\System32\ieconfig_1und1.dll [2011.03.11 00:00:29 | 000,000,021 | ---- | C] () -- C:\Windows\progman.ini [2010.12.07 14:34:27 | 000,000,379 | ---- | C] () -- C:\Windows\System32\Pen_Tablet.dat [2010.11.02 22:42:38 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat ========== Alternate Data Streams ========== @Alternate Data Stream - 229 bytes -> C:\ProgramData\TEMP:8FF81EB0 < End of report > Geändert von shomg (11.06.2012 um 18:20 Uhr) |
|
12.06.2012, 21:37
| #2 |
| |  Alle Dateien versteckt - Befall mit "trojan.fasagent" und "PUM.Hijack.StartMenu" Hallo!
__________________Da ich nicht wusste, dass die Logdateien auch gespeichert bleiben wenn man die infizierten Dateien aus der Quarantäne gelöscht hat, werde ich die nun nachträglich einfügen. Ich musste, wie schon erwähnt, mehrere Durchläufe starten, da der PC zwischendurch abstürzte. Ich hoffe sehr, dass mir jemand weiterhelfen kann, trotz des Entfernens der Schädlinge hat sich der Zustand meines PCs nicht verbessert und ich bin durch mein Studium auf das tägliche Arbeiten mit Grafikprogrammen angewiesen...  Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.10.08 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 mc :: MC-PC [Administrator] Schutz: Aktiviert 10.06.2012 21:58:20 mbam-log-2012-06-10 (21-58-20).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 56658 Laufzeit: 13 Minute(n), 47 Sekunde(n) [Abgebrochen] Infizierte Speicherprozesse: 1 C:\ProgramData\aduvSVmcxm.exe (Trojan.Fasagent) -> 1636 -> Löschen bei Neustart. Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|aduvSVmcxm.exe (Trojan.Fasagent) -> Daten: C:\ProgramData\aduvSVmcxm.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\ProgramData\aduvSVmcxm.exe (Trojan.Fasagent) -> Löschen bei Neustart. (Ende) Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.10.08 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 mc :: MC-PC [Administrator] Schutz: Aktiviert 10.06.2012 22:40:08 mbam-log-2012-06-10 (22-40-08).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 244065 Laufzeit: 18 Minute(n), 56 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 2 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt. Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\mc\AppData\Local\Temp\TOqmiIZIvAKfx9.exe.tmp (Trojan.Fasagent) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.10.08 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 mc :: MC-PC [Administrator] Schutz: Aktiviert 11.06.2012 00:05:21 mbam-log-2012-06-11 (00-05-21).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 491942 Laufzeit: 2 Stunde(n), 49 Minute(n), 19 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
14.06.2012, 19:24
| #3 |
| | Alle Dateien versteckt - Befall mit "trojan.fasagent" und "PUM.Hijack.StartMenu" Hallo,
__________________da hier steht, dass man sich nochmal melden soll, wenn nach 3 Tagen keine Antwort gekommen ist, mache ich das hiermit..hoffe nach wie vor, dass mir jemand von euch helfen kann! Danke! |
|
14.06.2012, 22:08
| #4 | |||||
| /// Helfer-Team    | Alle Dateien versteckt - Befall mit "trojan.fasagent" und "PUM.Hijack.StartMenu" Hallo und Herzlich Willkommen!  Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]: Zitat:
Zitat:
Für Vista und Win7: Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen! 1. Zitat:
Zitat:
erneut einen Scan mit OTL:
3. Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:
4. ► berichte in welchem Zustand dein System momentan sich befindet? kurz aber genau... Zitat:
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw grußkira
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
14.06.2012, 23:43
| #5 |
| | Alle Dateien versteckt - Befall mit "trojan.fasagent" und "PUM.Hijack.StartMenu" Vielen Dank, dass du dich gemeldet hast! Ich habe alles nach deinen Anweisungen ausgeführt. 1. Es ist, soweit ich das erkennen kann, alles wieder sichtbar! Bei manchen Programmen wird in der Schnellstartleiste das Icon nicht angezeigt. 2. OTL: Code:
ATTFilter OTL logfile created on: 14.06.2012 23:36:51 - Run 2 OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\mc\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,21 Gb Available Physical Memory | 40,26% Memory free 6,19 Gb Paging File | 4,28 Gb Available in Paging File | 69,19% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 221,67 Gb Total Space | 41,88 Gb Free Space | 18,89% Space Free | Partition Type: NTFS Computer Name: MC-PC | User Name: mc | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.11 14:28:36 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\mc\Desktop\OTL.exe PRC - [2012.05.08 22:04:43 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.08 22:04:38 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.08 22:04:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.08 22:04:38 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.03.03 22:19:06 | 000,307,824 | ---- | M] (Google Inc.) -- C:\Programme\Google\Google Toolbar\GoogleToolbarUser_32.exe PRC - [2011.11.30 01:06:29 | 000,247,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe PRC - [2011.09.28 11:48:17 | 000,646,232 | ---- | M] () -- C:\Programme\Bamboo Dock\BambooCore.exe PRC - [2011.09.08 18:48:34 | 005,554,552 | ---- | M] (Wacom Technology, Corp.) -- C:\Programme\Tablet\Pen\Pen_Tablet.exe PRC - [2011.09.08 18:48:34 | 003,281,272 | ---- | M] (Wacom Technology, Corp.) -- C:\Programme\Tablet\Pen\Pen_TouchUser.exe PRC - [2011.09.08 18:48:34 | 001,485,176 | ---- | M] (Wacom Technology, Corp.) -- C:\Programme\Tablet\Pen\Pen_TabletUser.exe PRC - [2011.09.08 18:48:34 | 000,451,960 | ---- | M] (Wacom Technology, Corp.) -- C:\Programme\Tablet\Pen\Pen_TouchService.exe PRC - [2011.05.25 11:31:23 | 000,748,336 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe PRC - [2011.05.23 09:09:30 | 000,431,616 | ---- | M] (Sony Ericsson) -- C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe PRC - [2010.12.13 14:52:46 | 000,074,960 | ---- | M] () -- C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\PCCompanionInfo.exe PRC - [2010.09.22 18:11:26 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Programme\Adobe\Acrobat 9.0\Acrobat\acrotray.exe PRC - [2009.04.12 10:46:22 | 000,662,416 | ---- | M] (mquadr.at softwareengineering und consulting gmbh) -- C:\Windows\System32\ieconfig_1und1_svc.exe PRC - [2009.04.11 08:28:06 | 000,304,128 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\TabTip.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2009.02.26 18:36:46 | 000,030,040 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe PRC - [2008.12.04 12:53:24 | 006,997,504 | ---- | M] (Pamela-Systems) -- C:\Programme\Pamela\Pamela.exe PRC - [2008.08.06 18:06:44 | 001,771,360 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Power Management\SPMgr.exe PRC - [2008.08.06 18:06:42 | 000,411,488 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Power Management\SPMService.exe PRC - [2008.07.30 16:05:22 | 000,299,008 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\Network Utility\NSUService.exe PRC - [2008.07.30 16:05:22 | 000,262,144 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\Network Utility\LANUtil.exe PRC - [2008.07.18 13:14:24 | 000,104,992 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RTKAUDIOSERVICE.EXE PRC - [2008.07.15 18:04:08 | 000,182,112 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe PRC - [2008.07.15 18:04:08 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Event Service\VESMgrSub.exe PRC - [2008.06.20 08:56:44 | 000,415,744 | ---- | M] (Sony Corporation) -- C:\Programme\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe PRC - [2008.06.11 19:46:10 | 000,866,144 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Update 4\VAIOUpdt.exe PRC - [2008.05.22 14:23:10 | 000,192,512 | ---- | M] (Sony Corporation) -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe PRC - [2008.04.30 19:41:12 | 000,815,104 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe PRC - [2008.04.30 19:10:10 | 000,466,944 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe PRC - [2008.04.03 20:03:38 | 000,317,280 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\ISB Utility\ISBMgr.exe PRC - [2008.02.23 02:38:50 | 000,122,880 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\Apoint\Apoint.exe PRC - [2008.02.23 02:38:50 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\Apoint\ApntEx.exe PRC - [2008.02.23 02:38:49 | 000,050,472 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\Apoint\ApMsgFwd.exe PRC - [2008.01.30 05:52:22 | 000,106,496 | ---- | M] (WDC) -- C:\Programme\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe PRC - [2008.01.30 05:50:26 | 000,438,272 | ---- | M] (WDC) -- C:\Programme\Western Digital\WD Drive Manager\WDBtnMgrUI.exe PRC - [2008.01.21 04:25:32 | 000,198,656 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\InputPersonalization.exe PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe PRC - [2007.01.04 19:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe ========== Modules (No Company Name) ========== MOD - [2012.05.16 23:27:50 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\75df548d77c2833a48c5da51424c93f1\System.IdentityModel.Selectors.ni.dll MOD - [2012.05.16 23:27:46 | 001,070,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\32983e3f4c5c20053e6673f37a58a874\System.IdentityModel.ni.dll MOD - [2012.05.16 23:27:42 | 002,346,496 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\1619144e1a9eaca847e53b952b21820b\System.Runtime.Serialization.ni.dll MOD - [2012.05.16 23:27:35 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\521fb04fdfbb0039a34cc91111d11804\SMDiagnostics.ni.dll MOD - [2012.05.16 23:27:33 | 017,404,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\1dac5ff29f483e19c77b23b00ba533f9\System.ServiceModel.ni.dll MOD - [2012.05.16 23:25:50 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\ef684a2ee2f7276eec3973a0654d2bd4\System.Web.ni.dll MOD - [2012.05.16 23:25:22 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\b6d83a652c94b32fc8f99a6df0acd7f4\System.Transactions.ni.dll MOD - [2012.05.16 23:24:39 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll MOD - [2012.05.16 22:54:49 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll MOD - [2012.05.16 22:53:40 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e4d54640bacd18e047a4573cb4611bd3\System.Windows.Forms.ni.dll MOD - [2012.05.16 22:52:41 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5d8696f15e49aedf883dd945806a7049\System.Drawing.ni.dll MOD - [2012.05.16 22:46:03 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll MOD - [2012.05.16 22:44:28 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll MOD - [2011.12.10 05:00:34 | 001,431,120 | ---- | M] () -- C:\Windows\System32\ieconfig_1und1.dll MOD - [2011.09.28 11:48:17 | 000,646,232 | ---- | M] () -- C:\Programme\Bamboo Dock\BambooCore.exe MOD - [2011.09.08 18:48:36 | 000,962,936 | ---- | M] () -- C:\Programme\Tablet\Pen\libxml2.dll MOD - [2010.12.17 11:33:12 | 000,204,800 | ---- | M] () -- C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\MExplorer.dll MOD - [2010.12.13 14:52:46 | 000,074,960 | ---- | M] () -- C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\PCCompanionInfo.exe MOD - [2010.12.13 10:58:50 | 000,047,616 | ---- | M] () -- C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\TMonitorAPI.dll MOD - [2010.07.28 11:39:19 | 000,034,816 | ---- | M] () -- C:\Programme\Google\Google Desktop Search\gzlib.dll MOD - [2009.12.09 08:54:50 | 000,495,616 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.ServiceModel.resources\3.0.0.0_de_b77a5c561934e089\System.ServiceModel.resources.dll MOD - [2009.03.30 06:42:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.02.27 17:39:29 | 000,019,968 | ---- | M] () -- C:\Programme\Adobe\Acrobat 9.0\Acrobat\AcroTray.DEU MOD - [2008.12.04 12:53:27 | 000,710,656 | ---- | M] () -- C:\Programme\Pamela\crashrpt.dll MOD - [2008.12.04 12:53:27 | 000,053,760 | ---- | M] () -- C:\Programme\Pamela\zlib.dll MOD - [2008.12.04 12:53:25 | 000,856,064 | ---- | M] () -- C:\Programme\Pamela\lng.dll MOD - [2008.08.11 12:52:00 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\SPMDam\3.1.0.6020__1b3c579b6925895f\SPMDam.dll MOD - [2008.08.11 12:51:59 | 000,086,016 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\SPMCommon\3.1.0.6020__e3c7096ba83f9295\SPMCommon.dll MOD - [2008.07.30 02:12:31 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll ========== Win32 Services (SafeList) ========== SRV - [2012.06.05 13:14:37 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.05.08 22:04:43 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.08 22:04:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.01.31 16:09:34 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011.09.08 18:48:34 | 005,554,552 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Programme\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen) SRV - [2011.09.08 18:48:34 | 000,451,960 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Programme\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen) SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2009.04.12 10:46:22 | 000,662,416 | ---- | M] (mquadr.at softwareengineering und consulting gmbh) [Auto | Running] -- C:\Windows\System32\ieconfig_1und1_svc.exe -- (serviceIEConfig) SRV - [2009.02.26 18:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service) SRV - [2009.01.14 01:54:22 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2008.11.04 11:48:10 | 000,288,112 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Programme\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4) SRV - [2008.08.06 18:06:42 | 000,411,488 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management) SRV - [2008.07.30 16:05:22 | 000,299,008 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\Network Utility\NSUService.exe -- (NSUService) SRV - [2008.07.18 13:14:24 | 000,104,992 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Windows\RTKAUDIOSERVICE.EXE -- (RtkAudioService) SRV - [2008.07.15 18:04:08 | 000,182,112 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service) SRV - [2008.06.20 08:56:44 | 000,415,744 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw) SRV - [2008.06.19 08:55:48 | 000,279,848 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw) SRV - [2008.06.11 23:13:24 | 000,337,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr) SRV - [2008.06.11 23:10:48 | 000,083,232 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper) SRV - [2008.05.22 14:23:10 | 000,192,512 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc) SRV - [2008.05.22 14:21:44 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service) SRV - [2008.05.20 19:05:40 | 000,353,568 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Media plus\SOHDms.exe -- (SOHDms) SRV - [2008.05.20 19:05:40 | 000,103,712 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Media plus\SOHCImp.exe -- (SOHCImp) SRV - [2008.05.20 19:05:40 | 000,062,752 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Media plus\SOHDs.exe -- (SOHDs) SRV - [2008.05.20 01:51:34 | 000,077,824 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV) SRV - [2008.05.20 01:49:04 | 000,053,248 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV) SRV - [2008.05.20 01:29:06 | 000,053,248 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR) SRV - [2008.04.30 19:41:12 | 000,815,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2008.04.30 19:10:10 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2008.01.30 05:52:22 | 000,106,496 | ---- | M] (WDC) [Auto | Running] -- C:\Programme\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe -- (WDBtnMgrSvc.exe) SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.07.06 18:28:44 | 000,031,768 | ---- | M] (Memeo) [Disabled | Stopped] -- C:\Programme\Memeo\AutoSync\MemeoService.exe -- (AutoSyncService) SRV - [2007.01.04 19:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wacomvhid.sys -- (wacomvhid) DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2012.05.08 22:04:45 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.08 22:04:45 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011.12.15 16:00:00 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2010.11.12 12:34:19 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc) DRV - [2010.11.12 12:34:19 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.08.28 01:06:32 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wacmoumonitor.sys -- (wacmoumonitor) DRV - [2009.07.09 19:16:24 | 000,013,480 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WacomVTHid.sys -- (WacomVTHid) DRV - [2009.06.29 18:59:02 | 000,112,128 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet) DRV - [2009.06.29 18:59:02 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbfake.sys -- (hwusbfake) DRV - [2009.04.11 06:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB) DRV - [2009.04.09 14:38:26 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2008.07.30 02:12:26 | 003,847,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2008.07.11 16:42:58 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall) DRV - [2008.06.28 02:33:45 | 000,068,608 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2008.06.28 02:11:39 | 000,143,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService) DRV - [2008.06.21 02:03:04 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\risdptsk.sys -- (risdptsk) DRV - [2008.06.07 02:02:55 | 000,131,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr) DRV - [2008.05.16 13:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) DRV - [2008.05.16 13:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) DRV - [2008.05.16 13:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl) DRV - [2008.05.16 13:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm) DRV - [2008.05.16 13:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) DRV - [2008.05.16 13:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016obex.sys -- (s0016obex) DRV - [2008.05.16 13:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM) DRV - [2008.04.28 06:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R) DRV - [2008.03.10 13:01:26 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP) DRV - [2008.02.23 02:38:50 | 000,164,400 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2008.01.25 04:14:25 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2007.11.02 15:22:38 | 000,105,896 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217unic.sys -- (s217unic) Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (WDM) DRV - [2007.11.02 15:22:38 | 000,103,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217mgmt.sys -- (s217mgmt) Sony Ericsson Device 217 USB WMC Device Management Drivers (WDM) DRV - [2007.11.02 15:22:38 | 000,100,008 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217obex.sys -- (s217obex) DRV - [2007.11.02 15:22:38 | 000,024,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217nd5.sys -- (s217nd5) Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (NDIS) DRV - [2007.11.02 15:22:36 | 000,109,992 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217mdm.sys -- (s217mdm) DRV - [2007.11.02 15:22:36 | 000,083,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217bus.sys -- (s217bus) Sony Ericsson Device 217 driver (WDM) DRV - [2007.11.02 15:22:36 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217mdfl.sys -- (s217mdfl) DRV - [2007.04.24 12:33:46 | 000,100,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125mgmt.sys -- (s125mgmt) Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM) DRV - [2007.04.24 12:33:46 | 000,098,696 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125obex.sys -- (s125obex) DRV - [2007.04.24 12:33:44 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125mdm.sys -- (s125mdm) DRV - [2007.04.24 12:33:42 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125mdfl.sys -- (s125mdfl) DRV - [2007.04.24 12:33:34 | 000,083,336 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125bus.sys -- (s125bus) Sony Ericsson Device 125 driver (WDM) DRV - [2007.04.23 16:54:50 | 000,100,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s115mgmt.sys -- (s115mgmt) Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM) DRV - [2007.04.23 16:54:50 | 000,098,568 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s115obex.sys -- (s115obex) DRV - [2007.04.23 16:54:48 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s115mdm.sys -- (s115mdm) DRV - [2007.04.23 16:54:48 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s115mdfl.sys -- (s115mdfl) DRV - [2007.04.23 16:54:46 | 000,083,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s115bus.sys -- (s115bus) Sony Ericsson Device 115 driver (WDM) DRV - [2007.04.17 20:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi) DRV - [2007.04.04 13:43:38 | 000,098,952 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s716unic.sys -- (s716unic) Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM) DRV - [2007.04.04 13:43:36 | 000,098,568 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s716obex.sys -- (s716obex) DRV - [2007.04.04 13:43:36 | 000,023,176 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s716nd5.sys -- (s716nd5) Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS) DRV - [2007.04.04 13:43:34 | 000,108,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s716mdm.sys -- (s716mdm) DRV - [2007.04.04 13:43:34 | 000,100,360 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s716mgmt.sys -- (s716mgmt) Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM) DRV - [2007.04.04 13:43:32 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s716mdfl.sys -- (s716mdfl) DRV - [2007.04.04 13:43:20 | 000,083,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s716bus.sys -- (s716bus) Sony Ericsson Device 716 driver (WDM) DRV - [2007.02.16 21:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com IE - HKLM\..\SearchScopes,DefaultScope = {19E9452E-77E6-48AA-BBAB-3D81852794D0} IE - HKLM\..\SearchScopes\{19E9452E-77E6-48AA-BBAB-3D81852794D0}: "URL" = hxxp://www.google.de/search?hl=de&q={searchTerms}&meta= IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.web.de/home IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://go.web.de/tab2 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.web.de/tb/ie_startpage IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {19E9452E-77E6-48AA-BBAB-3D81852794D0} IE - HKCU\..\SearchScopes\{19E9452E-77E6-48AA-BBAB-3D81852794D0}: "URL" = IE - HKCU\..\SearchScopes\{40064957-18EB-412d-9146-3F57E8D92EEC}: "URL" = hxxp://go.web.de/br/ie9_search_pic/?su={searchTerms} IE - HKCU\..\SearchScopes\{53FC9A4E-9CB0-4B81-9478-6029599E1608}: "URL" = hxxp://wa.ui-portal.de/webde/webde/s?produkte.browser.link.ebaysuche&s_brand=webde&t_link=ebaysuche&ns_type=clickin&ns_url=hxxp://rover.ebay.com/rover/1/707-52222-30040-5/4?mpre=hxxp://shop.ebay.de/?_sacat=See-All-Categories&_nkw={searchTerms} IE - HKCU\..\SearchScopes\{A44D4BF4-79B7-4933-93FC-8C7BC9F378C1}: "URL" = hxxp://go.web.de/suchbox/ie_amazon/?keywords={searchTerms} IE - HKCU\..\SearchScopes\{D8BEB828-74DA-4CA6-93A8-F7D6F897D385}: "URL" = hxxp://suche.web.de/search/web/?su={searchTerms}&origin=searchplugin IE - HKCU\..\SearchScopes\{DCE59F23-A446-45a5-9459-E68FDC0DE38D}: "URL" = hxxp://go.web.de/br/ie9_search_maps/?su={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/" FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.4.2 FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.7 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145 FF - prefs.js..extensions.enabledItems: toolbar@web.de:1.7.1 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.1 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.2&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll (Sony Media Software and Services Inc) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.) FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.) FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.) FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.1: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\mc\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.12.02 19:31:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.12 17:12:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.05 13:14:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.06.05 13:14:41 | 000,000,000 | ---D | M] [2008.12.17 10:17:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mc\AppData\Roaming\mozilla\Extensions [2012.06.05 13:09:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mc\AppData\Roaming\mozilla\Firefox\Profiles\uuhchzq9.default\extensions [2011.12.24 15:41:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\mc\AppData\Roaming\mozilla\Firefox\Profiles\uuhchzq9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.12.24 15:41:17 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\mc\AppData\Roaming\mozilla\Firefox\Profiles\uuhchzq9.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.05.04 17:09:52 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\mc\AppData\Roaming\mozilla\Firefox\Profiles\uuhchzq9.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.12.24 15:39:37 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\mc\AppData\Roaming\mozilla\Firefox\Profiles\uuhchzq9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2011.12.24 15:41:14 | 000,000,000 | ---D | M] (WEB.DE Toolbar) -- C:\Users\mc\AppData\Roaming\mozilla\Firefox\Profiles\uuhchzq9.default\extensions\toolbar@web.de [2012.06.05 13:09:12 | 000,000,950 | ---- | M] () -- C:\Users\mc\AppData\Roaming\Mozilla\Firefox\Profiles\uuhchzq9.default\searchplugins\icqplugin-1.xml [2011.12.20 20:35:01 | 000,000,950 | ---- | M] () -- C:\Users\mc\AppData\Roaming\Mozilla\Firefox\Profiles\uuhchzq9.default\searchplugins\icqplugin-2.xml [2011.12.20 20:35:51 | 000,000,950 | ---- | M] () -- C:\Users\mc\AppData\Roaming\Mozilla\Firefox\Profiles\uuhchzq9.default\searchplugins\icqplugin-3.xml [2011.12.24 15:41:28 | 000,000,950 | ---- | M] () -- C:\Users\mc\AppData\Roaming\Mozilla\Firefox\Profiles\uuhchzq9.default\searchplugins\icqplugin-4.xml [2012.06.05 12:59:24 | 000,000,950 | ---- | M] () -- C:\Users\mc\AppData\Roaming\Mozilla\Firefox\Profiles\uuhchzq9.default\searchplugins\icqplugin-5.xml [2012.06.05 13:16:36 | 000,000,950 | ---- | M] () -- C:\Users\mc\AppData\Roaming\Mozilla\Firefox\Profiles\uuhchzq9.default\searchplugins\icqplugin-6.xml [2011.12.18 14:29:14 | 000,000,168 | ---- | M] () -- C:\Users\mc\AppData\Roaming\Mozilla\Firefox\Profiles\uuhchzq9.default\searchplugins\icqplugin.gif [2011.12.18 14:29:14 | 000,000,618 | ---- | M] () -- C:\Users\mc\AppData\Roaming\Mozilla\Firefox\Profiles\uuhchzq9.default\searchplugins\icqplugin.src [2010.12.28 01:00:08 | 000,000,944 | ---- | M] () -- C:\Users\mc\AppData\Roaming\Mozilla\Firefox\Profiles\uuhchzq9.default\searchplugins\icqplugin.xml [2012.06.05 13:15:25 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2009.07.16 11:37:53 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2011.10.15 17:40:43 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011.12.12 17:12:39 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5 [2012.06.05 13:14:38 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.06.18 19:16:38 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012.06.05 13:14:31 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.05 13:14:31 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.05 13:14:31 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.06.05 13:14:31 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.05 13:14:31 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.05 13:14:31 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} O1 HOSTS File: ([2012.02.10 15:19:52 | 000,441,283 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 15169 more lines... O2 - BHO: (WEB.DE Konfiguration) - {17166733-40EA-4432-A85C-AE672FF0E236} - C:\ProgramData\1und1InternetExplorerAddon\BHOXML.dll (1&1 Mail & Media GmbH) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Advertising Cookie Opt-out) - {8E425EB4-ADBD-4816-B1E8-49BB9DECF034} - C:\Programme\Google\Advertising Cookie Opt-out\opt_out.dll (Google Inc) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (WEB.DE Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Google BAE\BAE.dll (Your Company Name) O2 - BHO: (WEB.DE Browser Configuration) - {D48FF4B4-E68F-47D1-8E25-81A0F0EEB341} - C:\Windows\System32\ieconfig_1und1.dll () O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (WEB.DE Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (WEB.DE Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Programme\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BambooCore] C:\Programme\Bamboo Dock\BambooCore.exe () O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [WD Drive Manager] C:\Programme\Western Digital\WD Drive Manager\WDBtnMgrUI.exe (WDC) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [NSUFloatingUI] C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation) O4 - HKCU..\Run: [pamela.exe] C:\Program Files\Pamela\pamela.exe (Pamela-Systems) O4 - HKCU..\Run: [Sony Ericsson PC Companion] C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson) O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe (Adobe Systems, Inc.) O4 - Startup: C:\Users\mc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\mc\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\mc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Free YouTube Download - C:\Users\mc\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\mc\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll () O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll () O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O13 - gopher Prefix: missing O15 - HKLM\..Trusted Domains: 120.105 ([194.94] http in Trusted sites) O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O15 - HKCU\..Trusted Ranges: Range2 ([http] in Vertrauenswürdige Sites) O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab (Microsoft Office Template and Media Control) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab (DLM Control) O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab (CeWe Color AG & Co. OHG Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} hxxp://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control) O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} hxxp://as.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab (IPSUploader4 Control) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.69.100.182 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2CBD709C-B947-41DA-B806-F629716B6F70}: DhcpNameServer = 80.69.100.182 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{989642EC-EEDC-4410-AFA9-1EB2B3B39409}: DhcpNameServer = 139.7.30.126 139.7.30.125 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BFFB8361-4CEE-4516-B144-ED21856A9864}: DhcpNameServer = 139.7.30.126 139.7.30.125 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CCB0A9D0-05AD-4A90-9C7C-06497781FE78}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation) O24 - Desktop WallPaper: C:\Users\mc\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\mc\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{227e8917-ddb0-11df-ba6f-e8ec86ab2a75}\Shell - "" = AutoRun O33 - MountPoints2\{227e8917-ddb0-11df-ba6f-e8ec86ab2a75}\Shell\AutoRun\command - "" = H:\Startme.exe O33 - MountPoints2\{49420ade-0c25-11df-a1d8-00214f4ba1fd}\Shell - "" = AutoRun O33 - MountPoints2\{49420ade-0c25-11df-a1d8-00214f4ba1fd}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{49420ae6-0c25-11df-a1d8-001e101f21c1}\Shell - "" = AutoRun O33 - MountPoints2\{49420ae6-0c25-11df-a1d8-001e101f21c1}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{8c2ec354-0dbb-11df-baba-001e101f3534}\Shell - "" = AutoRun O33 - MountPoints2\{8c2ec354-0dbb-11df-baba-001e101f3534}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{a93c2e66-ecab-11df-bc4c-e69db9e92d93}\Shell - "" = AutoRun O33 - MountPoints2\{a93c2e66-ecab-11df-bc4c-e69db9e92d93}\Shell\AutoRun\command - "" = G:\Startme.exe O33 - MountPoints2\{e7db0ace-057d-11de-8f2f-001dba8b5c03}\Shell - "" = AutoRun O33 - MountPoints2\{e7db0ace-057d-11de-8f2f-001dba8b5c03}\Shell\AutoRun\command - "" = H:\LaunchU3.exe O33 - MountPoints2\G\Shell\AutoRun\command - "" = wd_windows_tools\WDEULA.exe O33 - MountPoints2\H\Shell - "" = AutoRun O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.06.14 23:31:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus [2012.06.14 23:14:24 | 000,399,264 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\mc\Desktop\unhide.exe [2012.06.14 22:34:43 | 003,862,112 | ---- | C] (Piriform Ltd) -- C:\Users\mc\Desktop\ccsetup319.exe [2012.06.11 14:28:34 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\mc\Desktop\OTL.exe [2012.06.11 11:28:13 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.06.10 21:46:23 | 000,000,000 | ---D | C] -- C:\Users\mc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Recovery [2012.06.10 13:03:41 | 000,000,000 | ---D | C] -- C:\Users\mc\Desktop\technische zeichnungen [2012.06.05 13:15:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012.06.05 13:15:31 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [11 C:\Users\mc\Desktop\*.tmp files -> C:\Users\mc\Desktop\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.06.14 23:14:25 | 000,399,264 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\mc\Desktop\unhide.exe [2012.06.14 23:02:13 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.06.14 22:54:09 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4255039938-3766025541-2004309782-1000UA.job [2012.06.14 22:34:45 | 003,862,112 | ---- | M] (Piriform Ltd) -- C:\Users\mc\Desktop\ccsetup319.exe [2012.06.14 22:08:37 | 000,632,502 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.06.14 22:08:37 | 000,599,150 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.06.14 22:08:37 | 000,127,714 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.06.14 22:08:37 | 000,105,164 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.06.14 22:01:52 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.06.14 22:01:48 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.14 22:01:48 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.14 22:00:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.14 22:00:50 | 3216,044,032 | -HS- | M] () -- C:\hiberfil.sys [2012.06.12 23:37:31 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012.06.11 19:54:02 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4255039938-3766025541-2004309782-1000Core.job [2012.06.11 17:58:38 | 000,061,620 | ---- | M] () -- C:\Users\mc\Desktop\ESET Online Scanner.jpg [2012.06.11 14:28:36 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\mc\Desktop\OTL.exe [2012.06.10 21:55:44 | 000,000,000 | ---- | M] () -- C:\ProgramData\-7mVIvHaEUJBdTb [2012.06.10 21:55:31 | 000,000,256 | ---- | M] () -- C:\ProgramData\7mVIvHaEUJBdTb [2012.06.10 21:46:30 | 000,000,128 | ---- | M] () -- C:\ProgramData\-7mVIvHaEUJBdTbr [2012.06.10 12:42:19 | 000,038,196 | ---- | M] () -- C:\Users\mc\Desktop\these_funny_animals_966_640_06[1].jpg [2012.06.09 21:49:37 | 000,038,079 | ---- | M] () -- C:\Users\mc\Desktop\6,h=493_bild.jpg [2012.06.08 13:21:41 | 000,109,530 | ---- | M] () -- C:\Users\mc\Desktop\MissyFront.pdf [2012.06.08 13:21:30 | 000,109,342 | ---- | M] () -- C:\Users\mc\Desktop\MissyBack.pdf [2012.06.08 10:41:36 | 000,514,390 | ---- | M] () -- C:\Users\mc\Desktop\DSC00803.jpg [2012.06.06 13:58:40 | 000,042,470 | ---- | M] () -- C:\Users\mc\Desktop\9007267975192236_37HAI7WK_c.jpg [2012.06.04 13:02:33 | 000,008,188 | ---- | M] () -- C:\Users\mc\AppData\Local\d3d9caps.dat [2012.06.02 11:41:06 | 000,051,200 | ---- | M] () -- C:\Users\mc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.05.16 22:40:51 | 002,610,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [11 C:\Users\mc\Desktop\*.tmp files -> C:\Users\mc\Desktop\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.06.11 17:58:37 | 000,061,620 | ---- | C] () -- C:\Users\mc\Desktop\ESET Online Scanner.jpg [2012.06.10 23:55:03 | 3216,044,032 | -HS- | C] () -- C:\hiberfil.sys [2012.06.10 21:46:30 | 000,000,128 | ---- | C] () -- C:\ProgramData\-7mVIvHaEUJBdTbr [2012.06.10 21:46:30 | 000,000,000 | ---- | C] () -- C:\ProgramData\-7mVIvHaEUJBdTb [2012.06.10 21:46:11 | 000,000,256 | ---- | C] () -- C:\ProgramData\7mVIvHaEUJBdTb [2012.06.10 12:42:18 | 000,038,196 | ---- | C] () -- C:\Users\mc\Desktop\these_funny_animals_966_640_06[1].jpg [2012.06.09 21:50:20 | 000,038,079 | ---- | C] () -- C:\Users\mc\Desktop\6,h=493_bild.jpg [2012.06.08 17:50:28 | 000,514,390 | ---- | C] () -- C:\Users\mc\Desktop\DSC00803.jpg [2012.06.08 13:21:39 | 000,109,530 | ---- | C] () -- C:\Users\mc\Desktop\MissyFront.pdf [2012.06.08 13:21:27 | 000,109,342 | ---- | C] () -- C:\Users\mc\Desktop\MissyBack.pdf [2012.06.06 13:58:51 | 000,042,470 | ---- | C] () -- C:\Users\mc\Desktop\9007267975192236_37HAI7WK_c.jpg [2012.06.05 13:15:21 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012.02.13 17:37:03 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2011.03.30 02:45:40 | 001,431,120 | ---- | C] () -- C:\Windows\System32\ieconfig_1und1.dll [2011.03.11 00:00:29 | 000,000,021 | ---- | C] () -- C:\Windows\progman.ini [2010.12.07 14:34:27 | 000,000,379 | ---- | C] () -- C:\Windows\System32\Pen_Tablet.dat [2010.11.02 22:42:38 | 000,000,056 | ---- | C] () -- C:\Windows\System32\ezsidmv.dat ========== LOP Check ========== [2011.10.07 14:00:20 | 000,000,000 | ---D | M] -- C:\Users\mc\AppData\Roaming\1&1 Mail & Media GmbH [2008.12.26 14:30:59 | 000,000,000 | ---D | M] -- C:\Users\mc\AppData\Roaming\AD ON Multimedia [2012.05.01 11:53:08 | 000,000,000 | ---D | M] -- C:\Users\mc\AppData\Roaming\Applian FLV and Media Player [2010.01.28 18:04:02 | 000,000,000 | ---D | M] -- C:\Users\mc\AppData\Roaming\Bytemobile [2009.07.26 14:17:55 | 000,000,000 | ---D | M] -- C:\Users\mc\AppData\Roaming\Canon [2009.02.24 02:28:30 | 000,000,000 | ---D | M] -- C:\Users\mc\AppData\Roaming\com.adobe.ExMan [2010.10.25 16:56:26 | 000,000,000 | ---D | M] -- C:\Users\mc\AppData\Roaming\de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1 [2012.06.10 21:52:42 | 000,000,000 | ---D | M] -- C:\Users\mc\AppData\Roaming\Dropbox [2011.02.11 18:11:23 | 000,000,000 | ---D | M] -- C:\Users\mc\AppData\Roaming\DVDVideoSoft [2010.09.22 20:29:29 | 000,000,000 | ---D | M] -- C:\Users\mc\AppData\Roaming\DVDVideoSoftIEHelpers [2011.03.11 00:00:00 | 000,000,000 | ---D | M] -- C:\Users\mc\AppData\Roaming\HaCon [2010.07.23 13:55:14 | 000,000,000 | ---D | M] -- C:\Users\mc\AppData\Roaming\ICQ [2011.05.27 12:30:10 | 000,000,000 | ---D | M] -- C:\Users\mc\AppData\Roaming\IrfanView [2009.02.16 13:14:44 | 000,000,000 | ---D | M] -- C:\Users\mc\AppData\Roaming\Leadertech [2008.12.28 15:32:06 | 000,000,000 | ---D | M] -- C:\Users\mc\AppData\Roaming\Mobile Master [2011.09.12 21:41:35 | 000,000,000 | ---D | M] -- C:\Users\mc\AppData\Roaming\MyPhoneExplorer [2009.03.20 19:13:16 | 000,000,000 | ---D | M] -- C:\Users\mc\AppData\Roaming\Pamela [2009.07.12 21:52:10 | 000,000,000 | ---D | M] -- C:\Users\mc\AppData\Roaming\ScanSoft [2010.11.02 23:16:03 | 000,000,000 | ---D | M] -- C:\Users\mc\AppData\Roaming\Sony [2010.03.07 20:45:00 | 000,000,000 | ---D | M] -- C:\Users\mc\AppData\Roaming\Teleca [2010.01.28 18:04:54 | 000,000,000 | ---D | M] -- C:\Users\mc\AppData\Roaming\Vodafone [2010.01.28 21:13:18 | 000,000,000 | ---D | M] -- C:\Users\mc\AppData\Roaming\Vodafone Mobile Connect [2010.10.01 21:43:39 | 000,000,000 | ---D | M] -- C:\Users\mc\AppData\Roaming\Wacom [2010.10.01 21:43:42 | 000,000,000 | ---D | M] -- C:\Users\mc\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1 [2010.10.01 19:41:39 | 000,000,000 | ---D | M] -- C:\Users\mc\AppData\Roaming\WTouch [2012.06.11 19:54:02 | 000,000,894 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4255039938-3766025541-2004309782-1000Core.job [2012.06.14 22:54:09 | 000,000,916 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4255039938-3766025541-2004309782-1000UA.job [2012.06.12 23:37:33 | 000,032,634 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 229 bytes -> C:\ProgramData\TEMP:8FF81EB0 < End of report > Code:
ATTFilter OTL Extras logfile created on: 14.06.2012 23:36:51 - Run 2
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\mc\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,21 Gb Available Physical Memory | 40,26% Memory free
6,19 Gb Paging File | 4,28 Gb Available in Paging File | 69,19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221,67 Gb Total Space | 41,88 Gb Free Space | 18,89% Space Free | Partition Type: NTFS
Computer Name: MC-PC | User Name: mc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistApplianMP] -- "C:\Program Files\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithApplianMP] -- "C:\Program Files\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1761F956-E6BA-4116-9083-488932E63EC5}" = lport=137 | protocol=17 | dir=in | app=system |
"{3B90ECF1-8298-4243-8F0D-E65C071077A2}" = lport=51000 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{4C3C08B3-CFB1-45F2-A093-7D7373D424F4}" = lport=445 | protocol=6 | dir=in | app=system |
"{71CBF9FC-BDA1-4CCE-BB11-9091F2B2D87B}" = rport=138 | protocol=17 | dir=out | app=system |
"{7E08DE09-E457-4662-9BD9-4C66D0BC86DD}" = rport=137 | protocol=17 | dir=out | app=system |
"{8689166D-180F-4A30-9DB0-F5DB3AD1E123}" = lport=138 | protocol=17 | dir=in | app=system |
"{94A4FF1B-372F-45D3-BA79-74B505A224A8}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{9BA1E26E-872C-4BB0-A87A-960E4598B8CD}" = rport=139 | protocol=6 | dir=out | app=system |
"{AFBC1C0E-33C5-44E3-8E0B-8AA86CFEF50C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B519BBA9-DECD-4407-93B3-CC05CBBCC02C}" = rport=445 | protocol=6 | dir=out | app=system |
"{B55656A4-931D-4145-9A59-70FA1F89B524}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{BA17942E-12F3-4153-AA77-6FFA36B1B167}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{BFF3B81D-1B08-4449-98A7-46FB6CB441F2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{CC3FA29B-C405-4B2B-84E0-416802DFCDB5}" = lport=139 | protocol=6 | dir=in | app=system |
"{E456EDE2-CAC1-4340-BC21-8A946E8AA443}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{F37EEAE7-DA8F-497A-9615-6E07ED9F8A41}" = lport=51001 | protocol=6 | dir=in | name=adobe version cue cs4 server |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02337E85-E1D4-43CF-9E5C-89FAB4690CD7}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{027D9138-5BF2-4F01-8854-DB6BCD871E62}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{066C05F2-FC33-4846-A8CD-1405D7D4C26F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{091EF9D1-9FDE-490E-8819-D0C8788E6A96}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0A90B39B-C84A-42A3-A8C6-0F6A4694A898}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{0B6E696D-868C-40C0-8671-9A48B5005FF9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0BD4C115-AB9E-4303-8E45-342E64413A1A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0C5D2394-8924-41B9-8A6F-B2FFDDABEB15}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0DD0374B-116D-41E6-9D30-F9D7086ECB0A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{10F7D976-C490-4008-BBC6-B71F403628AA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{14B5972A-E04C-4829-A5F5-385930230E09}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{15A5C43C-44FA-4937-83BD-3CBF03EAFCF6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{177BD224-5087-40A2-BDB4-429BB325481B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{1B6F8B83-7AE7-4087-96AF-14478B69CABE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1BD8480D-C502-4D6D-89A3-CE4554411FF8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1C716B9D-F281-4230-956A-B5D06E4357E5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{226511F6-6373-495B-9EF3-F0F77CD0EAED}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{233BB4FF-F6C4-4F31-B45F-FC3EB3E652A0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{26EB29C6-50F4-4069-A11D-8B75DCA19EFD}" = dir=in | app=c:\users\mc\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{27588B78-2646-437F-B532-0FB2B946579B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2A11D828-261C-46F8-8C6E-7151C43F7DCD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2B611690-B002-4A69-BF67-51377E114D05}" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"{2F11A139-D9FE-42C1-999A-2EF1C5A1EC1A}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe |
"{2FF6C347-C8A2-47D6-A09B-34B15D8E703F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{316A59A5-6D94-401C-911B-B23D47538118}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3586879C-194C-4815-ADF7-8072EBB9A5B3}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3E8EC0BD-9603-48C5-937B-46999B082943}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3FD19A8D-B230-4E25-B113-84E0312D1FB0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{40DB305C-A405-4DB8-A98F-A481302C1938}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{420818D4-CB76-4B48-ABE7-8489C120A2D8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4343A8D9-4855-40FB-948F-B5BE1908D0FF}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{44014A9B-58BA-4688-A2DB-4ACBA0D3CD97}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{47F05510-F2A8-48D1-9D67-B9807BE62996}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{516F28A1-8366-4F16-A0B4-8877B2C9A0A7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{53959474-CD55-45DC-A49E-5B78AD906F28}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{584519E0-A051-417B-8A82-036E2697D00C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5E568CAC-F86D-4957-A036-EBC6151910F1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{6138917F-67E3-4E70-97ED-D0648BB7492B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{62239022-9CE0-4A48-9C34-B00814DC2C67}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |
"{62990C1F-A6F5-42BF-9380-75482F43BF65}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{648DBB2F-022C-4429-A275-6707904DECBA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{659A58D6-3202-4235-A4F4-A6C8D361C41C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{659D04E6-E717-4582-8E9F-32DC084F0F29}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{65EADE7C-2B1F-4337-A275-5D6FD82296C1}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{67E0EF5B-DEE8-4887-AF64-2A00A62AC380}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6A457E67-F097-4F2B-960B-76D3414DC907}" = protocol=6 | dir=in | app=c:\users\mc\appdata\roaming\dropbox\bin\dropbox.exe |
"{6B24878D-0117-48FB-BF53-5573EC8B0D3F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6F033B96-8FAE-42E3-A952-3A8382847154}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{6FE14C12-7F0C-46F6-9BF5-C835D5D6422C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{711B7E29-F8DB-4C4E-ABE2-14DF88EE79D7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7584CF03-1609-4F7A-AD9E-1DFF2DF32129}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{78406A40-2E36-48E3-BEFB-0A320290B66C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7905501E-F55C-423D-9AA4-1E87DA260E2B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{79360B19-052B-4C74-9833-F27A17C37A49}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe |
"{7D023F94-6D92-4831-B4D2-280088840022}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{804E9340-9130-4932-A101-FA1768C363EC}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{80EEF737-FC11-47ED-A3B7-A047B4E10189}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe |
"{8457C3E3-750D-4179-8E8A-6D35F8406270}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{848250FC-AA63-441B-BAD8-F0D3B69B9870}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{8627DE6B-85D6-427F-8EEC-E2EF1427544D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8BD46282-7AD5-41BB-8748-7AAA25CAC0A8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{8DFA1374-C80F-4C1B-B656-2BD69C385FEF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{955D0650-B496-42DE-8092-26C278663095}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{96B41203-0DD2-46A7-8D35-7B8DC214F0D5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{96D95C90-02F4-4876-9EEB-D51AAAD80C41}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{99FB6BDD-D76F-4DBD-B513-DF49554E247D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9B7E82FC-B317-4C93-8D86-6B5C42DC5EFE}" = protocol=6 | dir=in | app=c:\program files\google\google talk\googletalk.exe |
"{9C636E5A-B0B3-495B-9CA7-7F046DC5189E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9E4F1880-16BA-49B8-81C5-A21D30A48BD9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9F1DC365-1964-4761-83EA-3B2DE5BB9E5E}" = protocol=17 | dir=in | app=c:\users\mc\appdata\roaming\dropbox\bin\dropbox.exe |
"{A26EAE68-5BEA-4EB6-9B98-56D1EA42B0E4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A289EE51-4B9D-4816-87AE-B8BB8EA0AA3B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A2D686DC-68D9-4C28-AD68-A56ED38D1440}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{ACD61E54-53F4-4BB7-94EB-6A7679B0983A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AE3FFABA-CFEC-4E1F-AF1C-3E55A7E0D09F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B1E38E6A-3522-4FEC-85FD-3DDBB8C6763C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B323A888-F7DE-4D4E-85BF-2B0D37802F31}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B4DF2CD0-FF57-47DF-B00F-ADD5F361D5EA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BB754DCE-578B-49E6-B7B4-E4778C6C7310}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{BD0EEDB1-736D-4247-9A05-CDBFDA2FA0E8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BF01FC21-73BE-4DDD-9C6E-BFF210F3EB46}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C02F8D15-A724-460A-83A6-07A5AAE7E70A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C0F7094A-0D9E-419B-B6AD-4551BE9EF3A4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C1179CBD-2651-4BC4-A877-4221F87C19D0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C684F43A-AE49-4ED9-AB02-D965B05BCAEE}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe |
"{DA922811-D85C-4357-A20E-6DEDBD8FD52D}" = protocol=17 | dir=in | app=c:\program files\google\google talk\googletalk.exe |
"{DF4B40DA-56F7-4BB2-B10E-0C685257710C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E174DDAC-722E-4462-818C-B3A1B4F052BB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E8D9FF68-2043-44AF-82F5-0339F963CA5C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F24DB7B0-9096-4D3F-8ABC-2FA2D5A3E7B4}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{F32D319C-A4CD-4D4A-8EFF-F6F8ADB995DC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F549DF55-78EF-42AB-B50D-6EDBB6FA49F7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F70BFBF9-9477-4D3C-9918-C2B5E03C1454}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |
"{F90A2363-7397-41B5-AE49-C248CDB31EE8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FA7716F6-1683-4815-9A59-F05579876F6C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{FB93830D-9421-4FFF-B21D-FABE07678843}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FDD2D203-EC31-426E-AA81-702D02B5BE02}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{2DD87E9C-8C9E-4D68-A038-1A50EADA87FB}C:\program files\myphoneexplorer2\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files\myphoneexplorer2\myphoneexplorer.exe |
"TCP Query User{54B864DE-BDD9-4DFE-B1B9-F3891E1C920E}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{6C3590BF-BD98-4733-95EB-154EE19E4CE3}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{708334D8-2489-4840-8032-563D3B800E26}C:\program files\map&guide\map&guide base\bin\mgbase.exe" = protocol=6 | dir=in | app=c:\program files\map&guide\map&guide base\bin\mgbase.exe |
"TCP Query User{7C2F1A56-E482-491C-8CD6-4A8B34CEC332}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{8296D31C-F463-4929-9DCA-38250D56CFC2}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{982143ED-7AE9-46AF-BF8F-8BC81EFAB6C9}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{CE018111-BD8C-45D3-9910-58E3AFCAD6B6}C:\users\mc\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\mc\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{E2C4B350-0596-4137-ACEA-E2440651023E}C:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"TCP Query User{FFF908E4-1360-47F9-AD64-EB9EF7A9BC6F}C:\program files\myphoneexplorer2\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files\myphoneexplorer2\myphoneexplorer.exe |
"UDP Query User{0AEDFDB3-D3F4-4474-BA24-CBD599A59BF8}C:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"UDP Query User{1FB6F7EB-3B75-4168-AF89-8961100F062E}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{4F6BCD17-1723-4016-9B90-ECE72BE62CED}C:\program files\myphoneexplorer2\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files\myphoneexplorer2\myphoneexplorer.exe |
"UDP Query User{5E609DA9-0F7F-4292-A276-BF7CC5F7FAFD}C:\users\mc\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\mc\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{6A5E8D14-08E1-4CE2-A476-69E7849F1CD4}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{893A5B32-214C-48CE-9129-398957E61F5A}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{A5D27D68-CB22-4F22-9562-6239DC077216}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{CFC74CC0-D0F8-43FB-8387-79DF1BCF2F04}C:\program files\myphoneexplorer2\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files\myphoneexplorer2\myphoneexplorer.exe |
"UDP Query User{D4724282-2CE8-41BE-AB52-C216FEC04638}C:\program files\map&guide\map&guide base\bin\mgbase.exe" = protocol=17 | dir=in | app=c:\program files\map&guide\map&guide base\bin\mgbase.exe |
"UDP Query User{D966CAAB-D641-4607-9904-7DC916ADBCFE}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{018F8F57-B46B-B9B9-C452-DE8F5618434F}" = Catalyst Control Center Graphics Full Existing
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{07C93E59-2DE3-1565-28A9-8C848B26D0F5}" = CCC Help German
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0A6F9244-8C79-1296-3A43-097F67EB666A}" = Catalyst Control Center Localization Dutch
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP510" = Canon MP510
"{1316AEF2-E086-46C7-B1FB-8C9A39A2ABF9}" = VAIO Media plus
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}" = VAIO Launcher
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1790FDA2-938F-C886-8988-1ECB74E45517}" = Catalyst Control Center Localization Norwegian
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1C815731-19F3-0770-8776-D78D6BEBC291}" = Catalyst Control Center Localization Hungarian
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1EC06E70-BE43-DAAA-A217-E5C98869B1F8}" = Catalyst Control Center Localization Greek
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{2018C019-30D9-4240-8C01-0865C10DCF5A}" = Unterstützung für VAIO-Präsentation
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD BD for VAIO
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting
"{252E50FD-F27C-C8DD-C9E2-D2845A2DC399}" = ATI Catalyst Install Manager
"{25BA8D5A-228A-7192-6FA1-890D9F1C679F}" = CCC Help Korean
"{25BEC3AB-5CD4-481D-9143-215C1BBB189E}" = Sony Ericsson PC Suite
"{26921B2E-3E62-47F9-A514-1FC4A83BD738}" = Intel(R) PROSet/Wireless WiFi-Software
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 4.010.00
"{303F7619-4E67-450F-985A-A2DF51B30AC8}" = Adobe Setup
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{363611D9-1106-41F2-B74E-BD8481C41219}" = Click to Disc
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3B311FB9-5B6A-328C-D7AE-2445D639D886}" = CCC Help Norwegian
"{3B659FAD-E772-44A3-B7E7-560FF084669F}" = VAIO Smart Network
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D333C7C-102B-F474-9524-72AAA3F292B8}" = Catalyst Control Center Localization Danish
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{4415B0E6-B266-49C3-B501-FFEF76C3D71B}" = Google Advertising Cookie Opt-out
"{4529BC6B-16AE-6829-4946-36C33DBF8DD1}" = Catalyst Control Center Localization French
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{46D7A7FB-305B-F77D-60F8-8FAE1C432374}" = Catalyst Control Center InstallProxy
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"{4EA55D20-27FB-45D7-8726-147E8A5F6C62}" = VAIO MusicBox
"{4EBFAB00-674D-27E3-91B0-3BAA73FC6FA6}" = Bamboo Dock
"{51B833D8-66B0-4E72-92B9-4E4977EF37F2}" = WD Drive Manager (x86)
"{527EB2A4-BF51-B1B6-3F09-2032A861548E}" = Catalyst Control Center Graphics Light
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy Media Creator 10 LJ
"{55C0F7C1-8B6D-CBBD-2B88-EE7261A87254}" = CCC Help Greek
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic
"{5C318BD3-BA72-43E4-9D16-A18210B4A5A5}" = Media Go
"{5C5EE8F2-0B38-4C13-AE4E-A87A237FE718}" =
"{5F5867F0-2D23-4338-A206-01A76C823924}" = VAIO Energie Verwaltung
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{629FD96D-5877-0832-2D31-0EFE781F870D}" = CCC Help Portuguese
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{652C5DED-9B9F-93D0-5E94-931B8C38EF0E}" = Catalyst Control Center Localization Thai
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc
"{6A54CB6A-59D1-6A3A-08F3-E34ECF8905A9}" = Catalyst Control Center Graphics Previews Vista
"{6AA6EEA5-BF09-932B-AC25-0E9CCA4B709A}" = CCC Help Danish
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6C4EF0CA-A9DD-96CF-B722-CCDEB589DD26}" = Catalyst Control Center Localization Chinese Traditional
"{6C50525A-2D77-4C22-B058-9AA2F27ACFF2}" = VAIO Content Metadata Intelligent Analyzing Manager
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{711D43D7-24FE-A2B7-CC52-A48BCAAF3926}" = Catalyst Control Center Graphics Previews Common
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{73496381-83C9-7BE6-6EB6-4CF97C00E5FD}" = CCC Help Polish
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{79BBD55C-9FF6-D496-8AE6-E2EC2829F974}" = Catalyst Control Center Localization Czech
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7CC28423-465C-F4B9-9379-343DF715BE62}" = CCC Help Swedish
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{7E823DA5-43A2-46E8-A75E-5A2A0FDE81A1}" = VAIO Content Metadata Manager Setting
"{7E910FDA-CBBE-4451-8728-235E6A4DE162}" = Sony Ericsson Media Manager 1.1
"{7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2 Trial
"{80828DF5-270E-F8E6-6274-55ACA4C7E229}" = Catalyst Control Center Localization Japanese
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83CDA18E-0BF3-4ACA-872C-B4CDABF2360E}" = VAIO Update 4
"{84037798-D63A-F5CA-9FB2-829B362BF712}" = CCC Help Finnish
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{8470A1D9-536E-C7C1-AE2D-24B739B1665A}" = Catalyst Control Center Localization Russian
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{882683C6-8B60-5CBC-38A8-55ED185FD975}" = CCC Help Turkish
"{8843C5E1-51E5-DFA6-1AD8-757C8DCA7E37}" = CCC Help Russian
"{88C596E4-6882-8E76-EBEF-AB739F5A3B69}" = Catalyst Control Center Localization Italian
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BD60AEF-3F9D-47AE-B80A-FB7FFCE335A0}" = VAIO Movie Story
"{8C467DE1-6E04-0888-B281-172909C96F37}" = Skins
"{8C7FB08D-7A84-22E0-F553-F6B827023E17}" = CCC Help Chinese Traditional
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{925936AC-9C9A-4897-874B-60961AAB6D52}" = Disc2Phone
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{93F32124-BB54-C599-CF55-E1E57565BCE3}" = CCC Help Czech
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{96C951BB-47C8-8497-78F0-7D8D328B58E3}" = Catalyst Control Center Localization Portuguese
"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" =
"{98FC7A64-774B-49B5-B046-4B4EBC053FA9}" = VAIO MusicBox Sample Music
"{9973498D-EA29-4A68-BE0B-C88D6E03E928}" = ArcSoft WebCam Companion 2
"{99D8CD4E-A5D2-A9DF-A152-B28EB5A71F85}" = Catalyst Control Center Localization German
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C1C8A04-F8CA-4472-A92D-4288CE32DE86}" = SonicStage Mastering Studio Plugins
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{A552C4EA-D41E-4C61-A0FB-C0E05440F7D7}" = VAIO Entertainment Platform
"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Function Setting
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939F952-1C7E-CBF8-EE77-CFBD9C6A4ECC}" = ccc-core-static
"{AA75988E-9EC1-EECE-CE00-D5D935974528}" = CCC Help Dutch
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_946" = Adobe Acrobat 9.4.6 - CPSID_83708
"{ACB5FD4A-6C58-972C-180C-9677C037E71D}" = Catalyst Control Center Localization Chinese Standard
"{ADBDB038-FF77-C672-04A1-7A0E67E8C73C}" = Catalyst Control Center Core Implementation
"{ADECE95F-585D-8B33-BF50-53C2BDA1E241}" = Catalyst Control Center Localization Korean
"{AE0FBCB5-3193-4583-C6CB-AA96F307EA70}" = ccc-utility
"{AFF10119-F154-4888-77F3-B149DE987976}" = Catalyst Control Center Localization Polish
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B513C7B0-024A-498F-B0F5-00C67E2440A9}" = VAIO Content Metadata Intelligent Analyzing Manager
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7C03E84-AF46-42F4-809D-D4127D9086D0}" = VAIO Edit Components 6.4
"{B9A81070-616D-4E93-BE02-CEE651343204}" = WD Anywhere Backup
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BACD22AE-5B6B-4F23-B506-3FCFF13AC137}" = VAIO Media plus
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BC7E2C06-D255-4300-AA12-33AB54D009AC}" = Adobe Creative Suite 4 Design Standard
"{C1083DBC-C541-4E8C-91EA-D92397AB9A2C}" = OpenMG Secure Module 5.1.00
"{C1E693A4-B1D5-4DCD-B68D-2087835B7184}" = ScanSoft OmniPage SE 4.0
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C60BA916-9E44-4DA4-B11A-9E27B7624EF5}" = Sony Ericsson Drivers
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{C767EE67-9AA4-1CBF-8FD4-87F52CBB041D}" = CCC Help Italian
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{C8E57F8C-64FE-28D7-0F65-7BE87AF49745}" = Catalyst Control Center Graphics Full New
"{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}" = Sony Ericsson Device Data
"{C93F4E7C-1B31-449B-A304-EF277CF55E39}" = Catalyst Control Center - Branding
"{CAE07D54-A400-DAF9-912B-306DD941B61C}" = Catalyst Control Center Localization Finnish
"{CB6CF566-E06F-2556-55EF-EE149FC6EE7F}" = CCC Help French
"{CB8A8696-93EC-414E-A752-850AB133F68A}" = VAIO Content Metadata XML Interface Library
"{CC4BBCBA-89F6-47C3-9B0F-5CE5BB1C316C}" = WEB.DE Toolbar MSVC100 CRT x86
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Music Transfer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D035FBF6-FDEF-487D-89CA-6F9DD07B783F}" = Dolby Control Center
"{D355ECA7-DBF5-F22E-4E1A-BF69CFC5CED8}" = CCC Help Japanese
"{D44DF260-2D5A-3277-97D6-C97D1A806CF5}" = CCC Help Thai
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{D6BF6477-8369-489F-8DE6-3731F4B88560}" = Sony Ericsson PC Suite
"{D7019E24-BF07-3690-18C7-3D0DE87D09AB}" = CCC Help Chinese Standard
"{D7FFE7EB-1A15-864C-B335-E768BF623B84}" = Catalyst Control Center Localization Swedish
"{DE1F799A-0A02-FF3B-8786-195E91D0DE94}" = CCC Help Spanish
"{DF7DB916-90E5-40F2-9010-B8125EB5FD6F}" = SonicStage Mastering Studio Audio Filter
"{E31010F6-DE18-0E9F-E028-FC709306C6F1}" = Catalyst Control Center Localization Turkish
"{E464702F-5433-46EC-8F65-159276C0A54F}" = WIDCOMM Bluetooth Software 6.2.0.4100
"{E5BD6683-301D-B224-FB7C-320299CD51F9}" = CCC Help Hungarian
"{E9730C7A-E5DA-8222-45FE-2D71E810BE46}" = Catalyst Control Center Localization Spanish
"{EA39F1F5-D4A1-C02A-0865-7F6A95A33A56}" = CCC Help English
"{EC37A846-53AC-4DA7-98FA-76A4E74AA900}" = Benutzerdefinierte Voreinstellungen für SonicStage Mastering Studio Audio Filter
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{EE59BBF9-415C-45DB-8C4B-EE43CF635FEA}" = VAIO Content Metadata XML Interface Library
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" =
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FD72E69E-CF34-4071-BFD6-FD081A365E2C}" = VAIO Content Metadata Intelligent Analyzing Manager
"{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home
"{FE697886-F392-4E0D-A0C0-47587BF60992}" = VAIO Content Metadata Manager Setting
"{FECA6067-869C-4F32-9F6E-574E1496CE44}" = Memeo AutoSync
"1&1 Mail & Media GmbH 1und1InternetExplorerAddon" = WEB.DE Internet Explorer Addon
"1&1 Mail & Media GmbH 1und1Softwareaktualisierung" = WEB.DE Softwareaktualisierung
"1&1 Mail & Media GmbH Toolbar FF" = WEB.DE Toolbar für Mozilla Firefox
"1&1 Mail & Media GmbH Toolbar IE8" = WEB.DE Toolbar für Internet Explorer
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe InDesign CS2 - {7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2 Trial
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_1e3ba55b33b1e8227645fb9c82acca3" = Adobe Creative Suite 4 Design Standard
"Applian FLV and Media Player" = Applian FLV and Media Player 3.1.1.12
"AuralogComponentsUninstall9.exe" = AuralogComponentsUninstall9
"Avira AntiVir Desktop" = Avira Free Antivirus
"Bamboo Dock" = Bamboo Dock 3.3
"Canon MP510 Benutzerregistrierung" = Canon MP510 Benutzerregistrierung
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DivX Setup" = DivX-Setup
"dt icon module" =
"DVDx_is1" = DVDx
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"FileZilla" = FileZilla (remove only)
"FLV Player" = FLV Player 2.0 (build 25)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free Audio Dub_is1" = Free Audio Dub version 1.7.7
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 4.2.15
"Free YouTube Download_is1" = Free YouTube Download 2.9
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"gtfirstboot Setting Request" =
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD BD for VAIO
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"InstallShield_{C1083DBC-C541-4E8C-91EA-D92397AB9A2C}" = OpenMG Secure Module 5.1.00
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"MarketingTools" = VAIO Marketing Tools
"MFU Module" =
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator 3.0" = Canon MP Navigator 3.0
"MPE" = MyPhoneExplorer
"Pamela" = Pamela Basic 4.0
"Pen Tablet Driver" = Bamboo
"Picasa 3" = Picasa 3
"ProInst" = Intel PROSet Wireless
"RealPlayer 12.0" = RealPlayer
"Uninstall_is1" = Uninstall 1.0.0.1
"Update Service" = Sony Ericsson Update Service
"VAIO Help and Support" =
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1" = Bamboo Dock
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.43-4
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"InstallShield_{B9A81070-616D-4E93-BE02-CEE651343204}" = WD Anywhere Backup
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 20.04.2011 20:26:44 | Computer Name = mc-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =
Error - 20.04.2011 20:34:01 | Computer Name = mc-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =
Error - 20.04.2011 20:51:24 | Computer Name = mc-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =
Error - 20.04.2011 21:00:06 | Computer Name = mc-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =
Error - 20.04.2011 21:00:06 | Computer Name = mc-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =
Error - 20.04.2011 21:12:38 | Computer Name = mc-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =
Error - 20.04.2011 21:12:40 | Computer Name = mc-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =
Error - 20.04.2011 21:13:10 | Computer Name = mc-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =
Error - 20.04.2011 21:13:13 | Computer Name = mc-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =
Error - 21.04.2011 05:53:05 | Computer Name = mc-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung MemeoBackup.exe, Version 2.0.0.0, Zeitstempel
0x46b24a7d, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18327, Zeitstempel 0x4cb73436,
Ausnahmecode 0xc0000374, Fehleroffset 0x000b06fc, Prozess-ID 0x15c8, Anwendungsstartzeit
01cbffb30aaab34e.
[ OSession Events ]
Error - 21.06.2009 09:48:11 | Computer Name = mc-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.
Error - 21.06.2009 09:48:56 | Computer Name = mc-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.
Error - 15.03.2010 02:23:00 | Computer Name = mc-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 251182
seconds with 420 seconds of active time. This session ended with a crash.
Error - 01.06.2010 11:24:15 | Computer Name = mc-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 598
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 29.03.2009 12:44:06 | Computer Name = mc-PC | Source = DCOM | ID = 10000
Description =
Error - 30.03.2009 13:01:44 | Computer Name = mc-PC | Source = DCOM | ID = 10000
Description =
Error - 31.03.2009 03:04:46 | Computer Name = mc-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 31.03.2009 um 09:03:34 unerwartet heruntergefahren.
Error - 31.03.2009 03:04:59 | Computer Name = mc-PC | Source = HTTP | ID = 15016
Description =
Error - 31.03.2009 03:05:31 | Computer Name = mc-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 31.03.2009 03:07:01 | Computer Name = mc-PC | Source = DCOM | ID = 10000
Description =
Error - 31.03.2009 07:38:47 | Computer Name = mc-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 31.03.2009 um 13:36:24 unerwartet heruntergefahren.
Error - 31.03.2009 07:39:00 | Computer Name = mc-PC | Source = HTTP | ID = 15016
Description =
Error - 31.03.2009 07:39:50 | Computer Name = mc-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 31.03.2009 08:18:47 | Computer Name = mc-PC | Source = DCOM | ID = 10000
Description =
< End of report >
3. CCleaner: Code:
ATTFilter Acrobat.com Adobe Systems Incorporated 25.02.2009 1,70MB 1.2.443 Activation Assistant for the 2007 Microsoft Office suites Microsoft Corporation 01.12.2008 14,0MB Adobe AIR Adobe Systems Inc. 09.02.2011 2.5.1.17730 Adobe Creative Suite 4 Design Standard Adobe Systems Incorporated 25.02.2009 4.0 Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 29.11.2011 11.1.102.55 Adobe Flash Player 11 Plugin Adobe Systems Incorporated 29.11.2011 2,95MB 11.1.102.55 Adobe InDesign CS2 Trial Adobe Systems Incorporated 12.01.2009 190,5MB 004.000.000 Adobe Media Player Adobe Systems Incorporated 13.01.2009 2,95MB 1.1 Adobe Shockwave Player 11.5 Adobe Systems, Inc. 09.11.2009 6,36MB 11.5.2.602 Alps Pointing-device for VAIO 10.08.2008 2,83MB Applian FLV and Media Player 3.1.1.12 Applian Technologies 30.04.2012 56,9MB 3.1.1.12 ArcSoft WebCam Companion 2 ArcSoft 01.12.2008 22,6MB ATI Catalyst Install Manager ATI Technologies, Inc. 25.08.2008 13,7MB 3.0.682.0 AuralogComponentsUninstall9 Auralog 19.11.2011 0,18MB Avanquest update Avanquest Software 27.12.2008 2,33MB 1.18 Avira Free Antivirus Avira 07.05.2012 74,9MB 12.0.0.1125 Bamboo Wacom Technology Corp. 28.11.2011 53,6MB 5.2.5-5 Bamboo Dock 3.3 Wacom Co., Ltd. 30.09.2010 14,6MB 3.3 Benutzerdefinierte Voreinstellungen für SonicStage Mastering Studio Audio Filter Sony Corporation 25.08.2008 56,8MB 2.5 Browser Address Error Redirector 01.12.2008 Canon MP Navigator 3.0 11.07.2009 17,7MB Canon MP510 11.07.2009 Canon MP510 Benutzerregistrierung 11.07.2009 0,50MB Canon Utilities Easy-PhotoPrint 11.07.2009 30,0MB Catalyst Control Center - Branding ATI 25.08.2008 0,42MB 1.00.0000 CCleaner Piriform 22.05.2012 4,71MB 3.19 Click to Disc Sony Corporation 25.08.2008 68,1MB 1.2.00.06190 Click to Disc Editor Sony Corporation 25.08.2008 185,6MB 1.2.00 Compatibility Pack für 2007 Office System Microsoft Corporation 12.05.2012 12.0.6612.1000 Disc2Phone 26.12.2008 7,70MB 1.5.185 DivX Converter DivX, Inc. 01.12.2008 45,1MB 6.5 DivX-Setup DivX, LLC 11.12.2011 3,57MB 2.6.0.34 Dolby Control Center Dolby 10.08.2008 47,0MB 1.2.0702 Dropbox Dropbox, Inc. 11.03.2012 24,2MB 1.2.52 DVDx labDV® 04.12.2008 10,0MB 2.5.1 ESET Online Scanner v3 10.06.2012 129,4MB Facebook Video Calling 1.2.0.159 Skype Limited 20.03.2012 4,77MB 1.2.159 FileZilla (remove only) 04.12.2008 12,5MB FLV Player 2.0 (build 25) Martijn de Visser 08.07.2009 1,95MB 2.0 (build 25) Free Audio CD Burner version 1.4 DVDVideoSoft Limited. 21.09.2010 3,14MB Free Audio Dub version 1.7.7 DVDVideoSoft Limited. 06.12.2010 3,07MB Free Video to MP3 Converter version 4.2.15 DVDVideoSoft Limited. 10.02.2011 3,29MB Free YouTube Download 2.9 DVDVideoSoft Limited. 30.10.2010 3,27MB Free YouTube to MP3 Converter version 3.8 DVDVideoSoft Limited. 21.09.2010 2,36MB Google Advertising Cookie Opt-out Google Inc 29.05.2012 0,28MB 1.0.0.2 Google Chrome Google Inc. 26.05.2011 166,6MB 19.0.1084.56 Google Desktop Google 02.08.2010 6,65MB 5.9.1005.12335 Google Toolbar for Internet Explorer Google Inc. 18.03.2012 10,6MB 7.3.2710.138 HDAUDIO SoftV92 Data Fax Modem with SmartCP 10.08.2008 1,02MB ICQ6.5 ICQ 15.07.2009 47,5MB 6.5 Intel(R) PROSet/Wireless WiFi-Software Intel(R) Corporation 25.08.2008 78,3MB 12.00.0004 IrfanView (remove only) Irfan Skiljan 26.05.2011 1,77MB 4.28 Java(TM) 6 Update 26 Oracle 17.06.2011 97,1MB 6.0.260 Malwarebytes Anti-Malware Version 1.61.0.1400 Malwarebytes Corporation 15.04.2012 11,5MB 1.61.0.1400 Media Go Sony 01.11.2010 106,6MB 1.5.312 Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 21.10.2009 37,0MB Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 28.07.2009 27,8MB Microsoft .NET Framework 4 Client Profile Microsoft Corporation 26.06.2010 120,3MB 4.0.30319 Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 26.06.2010 24,5MB 4.0.30319 Microsoft Office Enterprise 2007 Microsoft Corporation 24.03.2012 633MB 12.0.6612.1000 Microsoft Office File Validation Add-In Microsoft Corporation 03.12.2011 7,95MB 14.0.5130.5003 Microsoft Office PowerPoint Viewer 2007 (German) Microsoft Corporation 12.05.2012 12.0.6612.1000 Microsoft Silverlight Microsoft Corporation 19.05.2012 5.1.10411.0 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 28.07.2009 0,25MB 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 15.06.2011 0,29MB 8.0.61001 Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 28.07.2009 0,19MB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 16.04.2011 0,58MB 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 29.06.2009 0,58MB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 01.11.2010 0,58MB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 15.06.2011 0,58MB 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 18.02.2012 16,5MB 10.0.40219 Microsoft Works Microsoft Corporation 14.04.2012 9.7.0621 Mozilla Firefox 12.0 (x86 de) Mozilla 04.06.2012 43,4MB 12.0 Mozilla Maintenance Service Mozilla 04.06.2012 0,21MB 12.0 MSXML 4.0 SP2 (KB954430) Microsoft Corporation 02.12.2008 1,28MB 4.20.9870.0 MSXML 4.0 SP2 (KB973688) Microsoft Corporation 29.11.2009 1,34MB 4.20.9876.0 Music Transfer Sony Corporation 25.08.2008 40,7MB 1.2.00.17290 MyPhoneExplorer F.J. Wechselberger 18.03.2012 8,91MB 1.8.2 OpenMG Secure Module 5.1.00 Sony Corporation 25.08.2008 5.1.00.05200 Pamela Basic 4.0 03.12.2008 16,1MB 4.0 Picasa 3 Google, Inc. 13.07.2011 96,4MB 3.8 PlayStation(R)Network Downloader Sony Computer Entertainment Inc. 01.11.2010 0,65MB 2.03.00126 PlayStation(R)Store Sony Computer Entertainment Inc. 01.11.2010 3,64MB 3.2.11.09227 QuickTime Apple Inc. 10.04.2009 74,4MB 7.60.92.0 RealPlayer RealNetworks 01.12.2011 117,9MB Realtek High Definition Audio Driver Realtek Semiconductor Corp. 10.08.2008 26,2MB 6.0.1.5653 Roxio Easy Media Creator 10 LJ Roxio 01.12.2008 5,25MB 10.1 ScanSoft OmniPage SE 4.0 Nuance Communications, Inc. 11.07.2009 153,0MB 15.00.0020 Setting Utility Series Sony Corporation 10.08.2008 11,4MB 4.1.00.07300 Skype Click to Call Skype Technologies S.A. 14.10.2011 5,72MB 5.6.8442 Skype™ 5.8 Skype Technologies S.A. 11.02.2012 19,1MB 5.8.154 SonicStage Mastering Studio Audio Filter Sony Corporation 25.08.2008 12,7MB 2.5 SonicStage Mastering Studio Plugins Sony Corporation 25.08.2008 30,2MB 2.5 Sony Ericsson Media Manager 1.1 Sony Ericsson 27.12.2008 62,5MB 1.1.550 Sony Ericsson PC Companion Sony Ericsson 17.06.2011 65,8MB 2.01.192 Sony Ericsson PC Suite 25.12.2008 41,9MB 2.10.46 Sony Ericsson PC Suite 4.010.00 Sony Ericsson 27.12.2008 40,8MB 4.010.00 Sony Ericsson Update Service Sony Ericsson Mobile Communications AB 17.06.2011 227MB 2.11.6.12 Sony Picture Utility Sony Corporation 25.08.2008 229MB 3.2.02.06170 Sony Video Shared Library Sony Corporation 25.08.2008 4,06MB 3.4.00 Uninstall 1.0.0.1 10.02.2011 16,2MB Unterstützung für VAIO-Präsentation Sony Corporation 25.08.2008 3,55MB 1.0.00.04240 VAIO Content Folder Setting Sony Corporation 25.08.2008 6,77MB 2.0.00.17290 VAIO Content Metadata Intelligent Analyzing Manager Sony Corporation 25.08.2008 20,2MB 3.2.00.06115 VAIO Content Metadata Manager Setting Sony Corporation 25.08.2008 3,15MB 3.2.00.06062 VAIO Content Metadata XML Interface Library Sony Corporation 25.08.2008 2,57MB 3.2.00.06112 VAIO Control Center Sony Corporation 10.08.2008 4,65MB 3.1.00.07110 VAIO Data Restore Tool Sony Corporation 25.08.2008 6,50MB 1.0.04.01170 VAIO DVD Menu Data Basic Sony Corporation 25.08.2008 543MB 1.0.00.08130 VAIO Edit Components 6.4 Sony Corporation 25.08.2008 34,2MB 6.4 VAIO Energie Verwaltung Sony Corporation 10.08.2008 6,46MB 3.1.00.08060 VAIO Entertainment Platform Sony Corporation 25.08.2008 4,66MB 3.2.00.06200 VAIO Event Service Sony Corporation 10.08.2008 6,18MB 4.1.00.07150 VAIO Launcher Sony Corporation 25.08.2008 7,50MB 2.1.00.06130 VAIO Marketing Tools Sony Corporation 01.12.2008 0,53MB VAIO Media plus Sony Corporation 25.08.2008 61,8MB 1.1.00.05240 VAIO Movie Story Sony Corporation 25.08.2008 57,3MB 1.3.00.06240 VAIO Movie Story Template Data Sony Corporation 25.08.2008 399MB 1.3.00.06120 VAIO MusicBox Sony Corporation 25.08.2008 64,5MB 2.1.00.06110 VAIO MusicBox Sample Music Sony Corporation 25.08.2008 90,2MB 1.1.00.14140 VAIO Original Function Setting Sony Corporation 25.08.2008 5,30MB 1.4.00.04230 VAIO Smart Network Sony Corporation 25.08.2008 24,5MB 2.1.00.07300 VAIO Update 4 Sony Corporation 25.08.2008 2,45MB 4.0.0.06110 VAIO Wallpaper Contents Sony Corporation 10.08.2008 118,6MB 1.2.00.05200 WD Anywhere Backup Ihr Firmenname 03.12.2008 15,5MB 2.50.2012 WD Diagnostics Western Digital Technologies 03.12.2008 0,81MB 1.09.0002 WD Drive Manager (x86) Western Digital 03.12.2008 3,50MB 2.62 WEB.DE Internet Explorer Addon 1&1 Mail & Media GmbH 21.06.2011 0,49MB 1.0.1.0 WEB.DE Softwareaktualisierung 1&1 Mail & Media GmbH 02.08.2011 1,53MB 2.0.1.9 WEB.DE Toolbar für Internet Explorer 1&1 Mail & Media GmbH 12.12.2011 2,52MB 1.7.0.0 WEB.DE Toolbar für Mozilla Firefox 1&1 Mail & Media GmbH 12.12.2011 2,52MB 1.6.4.0 WebTablet FB Plugin Wacom Technology Corp. 28.11.2011 2.0.0.1 WebTablet IE Plugin Wacom Technology Corp. 28.11.2011 1.1.0.12 WebTablet Netscape Plugin Wacom Technology Corp. 28.11.2011 0,75MB 1.1.0.10 WIDCOMM Bluetooth Software 6.2.0.4100 Broadcom Corporation 10.08.2008 75,1MB 6.2.0.4100 WinDVD BD for VAIO InterVideo Inc. 25.08.2008 102,7MB 8.0-B9.516 WinHTTrack Website Copier 3.43-4 HTTrack 25.04.2009 11,4MB 3.43.4 - Auf meinem Desktop sind Word-, Excel- und .tmp-Dateien aufgetaucht, die entweder aus anderen Ordnern stammen, oder mir völlig unbekannt sind (.tmp-Dateien). Die Beschriftungen sind verfremdet, habe ein Bild angehängt. Was soll ich nun tun? - Keine Suche über die Startleiste möglich. - Start- und Taskleiste hängen sich ständig auf: "Windows Explorer reagiert nicht mehr." - es muss alles geschlossen werden. - Die Datei "data_recovery" wurde heute nach dem 4. Scan als Virus von Avira erkannt und in Quarantäne verschoben. Sind die Infos ausreichend? Danke und LG! |
|
15.06.2012, 07:56
| #6 | ||
| /// Helfer-Team | Alle Dateien versteckt - Befall mit "trojan.fasagent" und "PUM.Hijack.StartMenu" es gibt 2 Möglichkeiten: 1. Fesplatte formatieren Windows neu einrichten, dann ist alles sauber und läuft perfekt 2. Mußt Du herumbasteln solange, bis Du sorglos wieder am Pc arbeiten kannst (Einstellungen, Symbole etc) Ich kann Dir helfen die Malware zu entfernen, aber alle Einstellungen, die durch Malware verändert worden sind mußt Du manuell versuchen wieder auf die Reihe kriegen! Manche Fehler lässt sich allerdings nicht mehr beheben bzw reparieren wie man schön sagt: Auf einem abgestorbenen Apfelbaum werden im Nachhinein keine gesunden Äpfel mehr wachsen! 1. Benötigst diese Müllsammlung hier??: Zitat:
2. die Trusted-Zone Einträge (015) sind von dir also absichtlich zur vertrauenswürdigen Zone zugefügt? Code:
ATTFilter O15 - HKLM\..Trusted Domains: 120.105 ([194.94] http in Trusted sites)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O15 - HKCU\..Trusted Ranges: Range2 ([http] in Vertrauenswürdige Sites)
Windows Defender: Parallel zu ein AV-Programm nicht Empfehlenswert aktiv laufen lassen, weil dadurch können sich in die Quere kommen. Bitte dich ihn so zu deaktivieren: -> Aktivieren und Deaktivieren von Windows Defender Windows Defender komplett deaktivieren Start => Systemsteuerung => Klassische Ansicht => Windows Defender oder Windows Defender starten (C:\Programme\Windows Defender\MSASCui.exe) Extras => Optionen => Automatische Überprüfung => Haken bei "Computer automatisch überprüfen" entfernen. Extras => Optionen => Echtzeitschutz => Haken bei "Echtzeitschutz aktivieren" entfernen. Extras => Optionen => Administrator => Haken bei "Dieses Programm verwenden" entfernen. Start => services.msc ins Suchfeld eingeben. Es öffnet sich das Fenster der Dienste Doppelklick auf den Dienst "Windows Defender" Starttyp auf "Manuell" umstellen. Dienststatus beenden, falls der Dienst noch gestartet ist. ► Nach einem Neustart (falls noch existirt) unter "Start-> ausführen-> "msconfig" (reinschreiben ohne ""-> OK -> Systemstart kontrolliere, ob mitläuft?! - ggf Häckhen rausnehmen ► Unter Dienste: Start -> Ausführen -> "Services.msc" -> (reinschreiben ohne ""-> OK" - "Eigenschaften"-> "Stop" -> Starttyp "Deaktiviert" auswählen 4. Zitat:
Code:
ATTFilter :OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com
IE - HKLM\..\SearchScopes,DefaultScope = {19E9452E-77E6-48AA-BBAB-3D81852794D0}
IE - HKLM\..\SearchScopes\{19E9452E-77E6-48AA-BBAB-3D81852794D0}: "URL" = http://www.google.de/search?hl=de&q={searchTerms}&meta=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.web.de/home
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://go.web.de/tab2 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.web.de/tb/ie_startpage
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {19E9452E-77E6-48AA-BBAB-3D81852794D0}
IE - HKCU\..\SearchScopes\{19E9452E-77E6-48AA-BBAB-3D81852794D0}: "URL" =
IE - HKCU\..\SearchScopes\{40064957-18EB-412d-9146-3F57E8D92EEC}: "URL" = http://go.web.de/br/ie9_search_pic/?su={searchTerms}
IE - HKCU\..\SearchScopes\{53FC9A4E-9CB0-4B81-9478-6029599E1608}: "URL" = http://wa.ui-portal.de/webde/webde/s?produkte.browser.link.ebaysuche&s_brand=webde&t_link=ebaysuche&ns_type=clickin&ns_url=hxxp://rover.ebay.com/rover/1/707-52222-30040-5/4?mpre=hxxp://shop.ebay.de/?_sacat=See-All-Categories&_nkw={searchTerms}
IE - HKCU\..\SearchScopes\{A44D4BF4-79B7-4933-93FC-8C7BC9F378C1}: "URL" = http://go.web.de/suchbox/ie_amazon/?keywords={searchTerms}
IE - HKCU\..\SearchScopes\{D8BEB828-74DA-4CA6-93A8-F7D6F897D385}: "URL" = http://suche.web.de/search/web/?su={searchTerms}&origin=searchplugin
IE - HKCU\..\SearchScopes\{DCE59F23-A446-45a5-9459-E68FDC0DE38D}: "URL" = http://go.web.de/br/ie9_search_maps/?su={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.4.2
FF - prefs.js..extensions.enabledItems: toolbar@web.de:1.7.1
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.2&q="
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
[2011.12.24 15:41:14 | 000,000,000 | ---D | M] (WEB.DE Toolbar) -- C:\Users\mc\AppData\Roaming\mozilla\Firefox\Profiles\uuhchzq9.default\extensions\toolbar@web.de
[2011.12.20 20:35:01 | 000,000,950 | ---- | M] () -- C:\Users\mc\AppData\Roaming\Mozilla\Firefox\Profiles\uuhchzq9.default\searchplugins\icqplugin-2.xml
[2011.12.20 20:35:51 | 000,000,950 | ---- | M] () -- C:\Users\mc\AppData\Roaming\Mozilla\Firefox\Profiles\uuhchzq9.default\searchplugins\icqplugin-3.xml
[2011.12.24 15:41:28 | 000,000,950 | ---- | M] () -- C:\Users\mc\AppData\Roaming\Mozilla\Firefox\Profiles\uuhchzq9.default\searchplugins\icqplugin-4.xml
[2012.06.05 12:59:24 | 000,000,950 | ---- | M] () -- C:\Users\mc\AppData\Roaming\Mozilla\Firefox\Profiles\uuhchzq9.default\searchplugins\icqplugin-5.xml
[2012.06.05 13:16:36 | 000,000,950 | ---- | M] () -- C:\Users\mc\AppData\Roaming\Mozilla\Firefox\Profiles\uuhchzq9.default\searchplugins\icqplugin-6.xml
[2010.12.28 01:00:08 | 000,000,944 | ---- | M] () -- C:\Users\mc\AppData\Roaming\Mozilla\Firefox\Profiles\uuhchzq9.default\searchplugins\icqplugin.xml
[2009.07.16 11:37:53 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.06.05 13:14:31 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.05 13:14:31 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.05 13:14:31 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.05 13:14:31 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.05 13:14:31 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O2 - BHO: (WEB.DE Konfiguration) - {17166733-40EA-4432-A85C-AE672FF0E236} - C:\ProgramData\1und1InternetExplorerAddon\BHOXML.dll (1&1 Mail & Media GmbH)
O2 - BHO: (Advertising Cookie Opt-out) - {8E425EB4-ADBD-4816-B1E8-49BB9DECF034} - C:\Programme\Google\Advertising Cookie Opt-out\opt_out.dll (Google Inc)
O2 - BHO: (WEB.DE Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Google BAE\BAE.dll (Your Company Name)
O2 - BHO: (WEB.DE Browser Configuration) - {D48FF4B4-E68F-47D1-8E25-81A0F0EEB341} - C:\Windows\System32\ieconfig_1und1.dll ()
O3 - HKLM\..\Toolbar: (WEB.DE Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKCU\..\Toolbar\WebBrowser: (WEB.DE Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O4 - HKLM..\Run: [] File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{227e8917-ddb0-11df-ba6f-e8ec86ab2a75}\Shell - "" = AutoRun
O33 - MountPoints2\{227e8917-ddb0-11df-ba6f-e8ec86ab2a75}\Shell\AutoRun\command - "" = H:\Startme.exe
O33 - MountPoints2\{49420ade-0c25-11df-a1d8-00214f4ba1fd}\Shell - "" = AutoRun
O33 - MountPoints2\{49420ade-0c25-11df-a1d8-00214f4ba1fd}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{49420ae6-0c25-11df-a1d8-001e101f21c1}\Shell - "" = AutoRun
O33 - MountPoints2\{49420ae6-0c25-11df-a1d8-001e101f21c1}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{8c2ec354-0dbb-11df-baba-001e101f3534}\Shell - "" = AutoRun
O33 - MountPoints2\{8c2ec354-0dbb-11df-baba-001e101f3534}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{a93c2e66-ecab-11df-bc4c-e69db9e92d93}\Shell - "" = AutoRun
O33 - MountPoints2\{a93c2e66-ecab-11df-bc4c-e69db9e92d93}\Shell\AutoRun\command - "" = G:\Startme.exe
O33 - MountPoints2\{e7db0ace-057d-11de-8f2f-001dba8b5c03}\Shell - "" = AutoRun
O33 - MountPoints2\{e7db0ace-057d-11de-8f2f-001dba8b5c03}\Shell\AutoRun\command - "" = H:\LaunchU3.exe
O33 - MountPoints2\G\Shell\AutoRun\command - "" = wd_windows_tools\WDEULA.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe
[2012.06.14 23:02:13 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.14 22:54:09 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4255039938-3766025541-2004309782-1000UA.job
[2012.06.14 22:01:52 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.11 19:54:02 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4255039938-3766025541-2004309782-1000Core.job
@Alternate Data Stream - 229 bytes -> C:\ProgramData\TEMP:8FF81EB0
:Files
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
C:\ProgramData\-7mVIvHaEUJBdTb
C:\ProgramData\7mVIvHaEUJBdTb
C:\ProgramData\-7mVIvHaEUJBdTbr
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
5. Java aktualisieren- über Systemsteuerung-> Nach Update suchen... oder: Downloade nun die Offline-Version von Java "Empfohlen Version Java(TM) 7 Update 4 " von Oracle und installiere sie. Achte darauf, eventuell angebotene Toolbars nicht mitzuinstallieren, also während der Installation den Haken bei der Toolbar entfernen. 6. Tipps (unabhängig davon ob man den Internet Explorer benutzt oder nicht!): -> Tipps zu Internet Explorer -> Standard Suchmaschine des Explorers ändern -> Wie kann ich den Cache im Internet Explorer leeren? 7. reinige dein System mit CCleaner:
8.
9. Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen. Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung 10. -> Führe dann einen Komplett-Systemcheck mit Eset Online Scanner (NOD32)Kostenlose Online Scanner durch Achtung!: >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<< 11. erneut einen Scan mit OTL:
► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?
__________________ --> Alle Dateien versteckt - Befall mit "trojan.fasagent" und "PUM.Hijack.StartMenu" |
|
16.06.2012, 14:43
| #7 |
| | Alle Dateien versteckt - Befall mit "trojan.fasagent" und "PUM.Hijack.StartMenu" Also ich möchte mich gerne für den 2. Punkt entscheiden und alles tun, was mich vor einer Neuformatierung bewahrt! Es hat leider etwas gedauert alle Punkte abzuarbeiten, hier die Ergebnisse: 1. Die Toolbars habe ich bei web.de direkt runtergeladen und web.de ist anscheinend von 1&1. Die Toolbar benötige ich, mit dem Rest weiß ich nichts anzufangen... 2. Nein, ich weiß nicht einmal was eine vertrauenswürdige Zone ist?! Wie bekomm ich die Dateien da wieder heraus? 3. Den Windows-Defender habe ich deaktiviert. 4. Alles mit OTL gefixt. 5. Java aktualisiert. 7. System mit CCleaner gereinigt. 8. Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 06/15/2012 at 10:44 PM
Application Version : 5.1.1002
Core Rules Database Version : 8743
Trace Rules Database Version: 6555
Scan type : Complete Scan
Total Scan Time : 02:47:10
Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Limited User (Administrator User)
Memory items scanned : 1025
Memory threats detected : 0
Registry items scanned : 37926
Registry threats detected : 0
File items scanned : 69869
File threats detected : 1
Adware.Tracking Cookie
C:\USERS\MC\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZHW2OHP3.txt [ Cookie:mc@ad.zanox.com/ ]
11. Code:
ATTFilter OTL Extras logfile created on: 16.06.2012 13:53:38 - Run 3
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\mc\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,01 Gb Available Physical Memory | 33,78% Memory free
6,19 Gb Paging File | 3,58 Gb Available in Paging File | 57,72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221,67 Gb Total Space | 44,05 Gb Free Space | 19,87% Space Free | Partition Type: NTFS
Drive G: | 1,97 Gb Total Space | 0,66 Gb Free Space | 33,42% Space Free | Partition Type: FAT32
Drive H: | 1,95 Gb Total Space | 1,41 Gb Free Space | 72,07% Space Free | Partition Type: FAT
Drive I: | 7,47 Gb Total Space | 0,53 Gb Free Space | 7,08% Space Free | Partition Type: FAT32
Computer Name: MC-PC | User Name: mc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistApplianMP] -- "C:\Program Files\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithApplianMP] -- "C:\Program Files\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1761F956-E6BA-4116-9083-488932E63EC5}" = lport=137 | protocol=17 | dir=in | app=system |
"{3B90ECF1-8298-4243-8F0D-E65C071077A2}" = lport=51000 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{4C3C08B3-CFB1-45F2-A093-7D7373D424F4}" = lport=445 | protocol=6 | dir=in | app=system |
"{71CBF9FC-BDA1-4CCE-BB11-9091F2B2D87B}" = rport=138 | protocol=17 | dir=out | app=system |
"{7E08DE09-E457-4662-9BD9-4C66D0BC86DD}" = rport=137 | protocol=17 | dir=out | app=system |
"{8689166D-180F-4A30-9DB0-F5DB3AD1E123}" = lport=138 | protocol=17 | dir=in | app=system |
"{94A4FF1B-372F-45D3-BA79-74B505A224A8}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{9BA1E26E-872C-4BB0-A87A-960E4598B8CD}" = rport=139 | protocol=6 | dir=out | app=system |
"{AFBC1C0E-33C5-44E3-8E0B-8AA86CFEF50C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B519BBA9-DECD-4407-93B3-CC05CBBCC02C}" = rport=445 | protocol=6 | dir=out | app=system |
"{B55656A4-931D-4145-9A59-70FA1F89B524}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{BA17942E-12F3-4153-AA77-6FFA36B1B167}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{BFF3B81D-1B08-4449-98A7-46FB6CB441F2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{CC3FA29B-C405-4B2B-84E0-416802DFCDB5}" = lport=139 | protocol=6 | dir=in | app=system |
"{E456EDE2-CAC1-4340-BC21-8A946E8AA443}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{F37EEAE7-DA8F-497A-9615-6E07ED9F8A41}" = lport=51001 | protocol=6 | dir=in | name=adobe version cue cs4 server |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{066C05F2-FC33-4846-A8CD-1405D7D4C26F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{091EF9D1-9FDE-490E-8819-D0C8788E6A96}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0A90B39B-C84A-42A3-A8C6-0F6A4694A898}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{0B6E696D-868C-40C0-8671-9A48B5005FF9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0BD4C115-AB9E-4303-8E45-342E64413A1A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0C5D2394-8924-41B9-8A6F-B2FFDDABEB15}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0DD0374B-116D-41E6-9D30-F9D7086ECB0A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{10F7D976-C490-4008-BBC6-B71F403628AA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{177BD224-5087-40A2-BDB4-429BB325481B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{1B6F8B83-7AE7-4087-96AF-14478B69CABE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1BD8480D-C502-4D6D-89A3-CE4554411FF8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1C716B9D-F281-4230-956A-B5D06E4357E5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{226511F6-6373-495B-9EF3-F0F77CD0EAED}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{233BB4FF-F6C4-4F31-B45F-FC3EB3E652A0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{26EB29C6-50F4-4069-A11D-8B75DCA19EFD}" = dir=in | app=c:\users\mc\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{27588B78-2646-437F-B532-0FB2B946579B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2A11D828-261C-46F8-8C6E-7151C43F7DCD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2B611690-B002-4A69-BF67-51377E114D05}" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"{2F11A139-D9FE-42C1-999A-2EF1C5A1EC1A}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe |
"{2FF6C347-C8A2-47D6-A09B-34B15D8E703F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{316A59A5-6D94-401C-911B-B23D47538118}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3E8EC0BD-9603-48C5-937B-46999B082943}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3FD19A8D-B230-4E25-B113-84E0312D1FB0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{40DB305C-A405-4DB8-A98F-A481302C1938}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{420818D4-CB76-4B48-ABE7-8489C120A2D8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4343A8D9-4855-40FB-948F-B5BE1908D0FF}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{44014A9B-58BA-4688-A2DB-4ACBA0D3CD97}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{47F05510-F2A8-48D1-9D67-B9807BE62996}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{516F28A1-8366-4F16-A0B4-8877B2C9A0A7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{53959474-CD55-45DC-A49E-5B78AD906F28}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{584519E0-A051-417B-8A82-036E2697D00C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5E568CAC-F86D-4957-A036-EBC6151910F1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{6138917F-67E3-4E70-97ED-D0648BB7492B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{62239022-9CE0-4A48-9C34-B00814DC2C67}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |
"{62990C1F-A6F5-42BF-9380-75482F43BF65}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{648DBB2F-022C-4429-A275-6707904DECBA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{659A58D6-3202-4235-A4F4-A6C8D361C41C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{659D04E6-E717-4582-8E9F-32DC084F0F29}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{65EADE7C-2B1F-4337-A275-5D6FD82296C1}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{67E0EF5B-DEE8-4887-AF64-2A00A62AC380}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6A457E67-F097-4F2B-960B-76D3414DC907}" = protocol=6 | dir=in | app=c:\users\mc\appdata\roaming\dropbox\bin\dropbox.exe |
"{6B24878D-0117-48FB-BF53-5573EC8B0D3F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6F033B96-8FAE-42E3-A952-3A8382847154}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{6FE14C12-7F0C-46F6-9BF5-C835D5D6422C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{711B7E29-F8DB-4C4E-ABE2-14DF88EE79D7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7584CF03-1609-4F7A-AD9E-1DFF2DF32129}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{78406A40-2E36-48E3-BEFB-0A320290B66C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7905501E-F55C-423D-9AA4-1E87DA260E2B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{79360B19-052B-4C74-9833-F27A17C37A49}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe |
"{7D023F94-6D92-4831-B4D2-280088840022}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{804E9340-9130-4932-A101-FA1768C363EC}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{80EEF737-FC11-47ED-A3B7-A047B4E10189}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe |
"{8457C3E3-750D-4179-8E8A-6D35F8406270}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{848250FC-AA63-441B-BAD8-F0D3B69B9870}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{8627DE6B-85D6-427F-8EEC-E2EF1427544D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8BD46282-7AD5-41BB-8748-7AAA25CAC0A8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{8DFA1374-C80F-4C1B-B656-2BD69C385FEF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{955D0650-B496-42DE-8092-26C278663095}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{96B41203-0DD2-46A7-8D35-7B8DC214F0D5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{96D95C90-02F4-4876-9EEB-D51AAAD80C41}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{99FB6BDD-D76F-4DBD-B513-DF49554E247D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9C636E5A-B0B3-495B-9CA7-7F046DC5189E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9E4F1880-16BA-49B8-81C5-A21D30A48BD9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9F1DC365-1964-4761-83EA-3B2DE5BB9E5E}" = protocol=17 | dir=in | app=c:\users\mc\appdata\roaming\dropbox\bin\dropbox.exe |
"{A26EAE68-5BEA-4EB6-9B98-56D1EA42B0E4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A289EE51-4B9D-4816-87AE-B8BB8EA0AA3B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A2D686DC-68D9-4C28-AD68-A56ED38D1440}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{ACD61E54-53F4-4BB7-94EB-6A7679B0983A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AE3FFABA-CFEC-4E1F-AF1C-3E55A7E0D09F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B1E38E6A-3522-4FEC-85FD-3DDBB8C6763C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B323A888-F7DE-4D4E-85BF-2B0D37802F31}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B4DF2CD0-FF57-47DF-B00F-ADD5F361D5EA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BB754DCE-578B-49E6-B7B4-E4778C6C7310}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{BD0EEDB1-736D-4247-9A05-CDBFDA2FA0E8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BF01FC21-73BE-4DDD-9C6E-BFF210F3EB46}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C02F8D15-A724-460A-83A6-07A5AAE7E70A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C0F7094A-0D9E-419B-B6AD-4551BE9EF3A4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C1179CBD-2651-4BC4-A877-4221F87C19D0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C684F43A-AE49-4ED9-AB02-D965B05BCAEE}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe |
"{DF4B40DA-56F7-4BB2-B10E-0C685257710C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E174DDAC-722E-4462-818C-B3A1B4F052BB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E8D9FF68-2043-44AF-82F5-0339F963CA5C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F24DB7B0-9096-4D3F-8ABC-2FA2D5A3E7B4}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{F32D319C-A4CD-4D4A-8EFF-F6F8ADB995DC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F549DF55-78EF-42AB-B50D-6EDBB6FA49F7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F70BFBF9-9477-4D3C-9918-C2B5E03C1454}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |
"{F90A2363-7397-41B5-AE49-C248CDB31EE8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FA7716F6-1683-4815-9A59-F05579876F6C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{FB93830D-9421-4FFF-B21D-FABE07678843}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FDD2D203-EC31-426E-AA81-702D02B5BE02}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{2DD87E9C-8C9E-4D68-A038-1A50EADA87FB}C:\program files\myphoneexplorer2\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files\myphoneexplorer2\myphoneexplorer.exe |
"TCP Query User{7C2F1A56-E482-491C-8CD6-4A8B34CEC332}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{8296D31C-F463-4929-9DCA-38250D56CFC2}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{982143ED-7AE9-46AF-BF8F-8BC81EFAB6C9}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{CE018111-BD8C-45D3-9910-58E3AFCAD6B6}C:\users\mc\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\mc\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{E2C4B350-0596-4137-ACEA-E2440651023E}C:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"TCP Query User{FFF908E4-1360-47F9-AD64-EB9EF7A9BC6F}C:\program files\myphoneexplorer2\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files\myphoneexplorer2\myphoneexplorer.exe |
"UDP Query User{0AEDFDB3-D3F4-4474-BA24-CBD599A59BF8}C:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"UDP Query User{1FB6F7EB-3B75-4168-AF89-8961100F062E}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{4F6BCD17-1723-4016-9B90-ECE72BE62CED}C:\program files\myphoneexplorer2\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files\myphoneexplorer2\myphoneexplorer.exe |
"UDP Query User{5E609DA9-0F7F-4292-A276-BF7CC5F7FAFD}C:\users\mc\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\mc\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{893A5B32-214C-48CE-9129-398957E61F5A}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{CFC74CC0-D0F8-43FB-8387-79DF1BCF2F04}C:\program files\myphoneexplorer2\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files\myphoneexplorer2\myphoneexplorer.exe |
"UDP Query User{D966CAAB-D641-4607-9904-7DC916ADBCFE}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{018F8F57-B46B-B9B9-C452-DE8F5618434F}" = Catalyst Control Center Graphics Full Existing
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{07C93E59-2DE3-1565-28A9-8C848B26D0F5}" = CCC Help German
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0A6F9244-8C79-1296-3A43-097F67EB666A}" = Catalyst Control Center Localization Dutch
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP510" = Canon MP510
"{1316AEF2-E086-46C7-B1FB-8C9A39A2ABF9}" = VAIO Media plus
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}" = VAIO Launcher
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1790FDA2-938F-C886-8988-1ECB74E45517}" = Catalyst Control Center Localization Norwegian
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1C815731-19F3-0770-8776-D78D6BEBC291}" = Catalyst Control Center Localization Hungarian
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1EC06E70-BE43-DAAA-A217-E5C98869B1F8}" = Catalyst Control Center Localization Greek
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{2018C019-30D9-4240-8C01-0865C10DCF5A}" = Unterstützung für VAIO-Präsentation
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD BD for VAIO
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting
"{252E50FD-F27C-C8DD-C9E2-D2845A2DC399}" = ATI Catalyst Install Manager
"{25BA8D5A-228A-7192-6FA1-890D9F1C679F}" = CCC Help Korean
"{25BEC3AB-5CD4-481D-9143-215C1BBB189E}" = Sony Ericsson PC Suite
"{26921B2E-3E62-47F9-A514-1FC4A83BD738}" = Intel(R) PROSet/Wireless WiFi-Software
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 4.010.00
"{303F7619-4E67-450F-985A-A2DF51B30AC8}" = Adobe Setup
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{363611D9-1106-41F2-B74E-BD8481C41219}" = Click to Disc
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3B311FB9-5B6A-328C-D7AE-2445D639D886}" = CCC Help Norwegian
"{3B659FAD-E772-44A3-B7E7-560FF084669F}" = VAIO Smart Network
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D333C7C-102B-F474-9524-72AAA3F292B8}" = Catalyst Control Center Localization Danish
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{4415B0E6-B266-49C3-B501-FFEF76C3D71B}" = Google Advertising Cookie Opt-out
"{4529BC6B-16AE-6829-4946-36C33DBF8DD1}" = Catalyst Control Center Localization French
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{46D7A7FB-305B-F77D-60F8-8FAE1C432374}" = Catalyst Control Center InstallProxy
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"{4EA55D20-27FB-45D7-8726-147E8A5F6C62}" = VAIO MusicBox
"{4EBFAB00-674D-27E3-91B0-3BAA73FC6FA6}" = Bamboo Dock
"{51B833D8-66B0-4E72-92B9-4E4977EF37F2}" = WD Drive Manager (x86)
"{527EB2A4-BF51-B1B6-3F09-2032A861548E}" = Catalyst Control Center Graphics Light
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy Media Creator 10 LJ
"{55C0F7C1-8B6D-CBBD-2B88-EE7261A87254}" = CCC Help Greek
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic
"{5C318BD3-BA72-43E4-9D16-A18210B4A5A5}" = Media Go
"{5C5EE8F2-0B38-4C13-AE4E-A87A237FE718}" =
"{5F5867F0-2D23-4338-A206-01A76C823924}" = VAIO Energie Verwaltung
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{629FD96D-5877-0832-2D31-0EFE781F870D}" = CCC Help Portuguese
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{652C5DED-9B9F-93D0-5E94-931B8C38EF0E}" = Catalyst Control Center Localization Thai
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc
"{6A54CB6A-59D1-6A3A-08F3-E34ECF8905A9}" = Catalyst Control Center Graphics Previews Vista
"{6AA6EEA5-BF09-932B-AC25-0E9CCA4B709A}" = CCC Help Danish
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6C4EF0CA-A9DD-96CF-B722-CCDEB589DD26}" = Catalyst Control Center Localization Chinese Traditional
"{6C50525A-2D77-4C22-B058-9AA2F27ACFF2}" = VAIO Content Metadata Intelligent Analyzing Manager
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{711D43D7-24FE-A2B7-CC52-A48BCAAF3926}" = Catalyst Control Center Graphics Previews Common
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{73496381-83C9-7BE6-6EB6-4CF97C00E5FD}" = CCC Help Polish
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{79BBD55C-9FF6-D496-8AE6-E2EC2829F974}" = Catalyst Control Center Localization Czech
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7CC28423-465C-F4B9-9379-343DF715BE62}" = CCC Help Swedish
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{7E823DA5-43A2-46E8-A75E-5A2A0FDE81A1}" = VAIO Content Metadata Manager Setting
"{7E910FDA-CBBE-4451-8728-235E6A4DE162}" = Sony Ericsson Media Manager 1.1
"{7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2 Trial
"{80828DF5-270E-F8E6-6274-55ACA4C7E229}" = Catalyst Control Center Localization Japanese
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83CDA18E-0BF3-4ACA-872C-B4CDABF2360E}" = VAIO Update 4
"{84037798-D63A-F5CA-9FB2-829B362BF712}" = CCC Help Finnish
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{8470A1D9-536E-C7C1-AE2D-24B739B1665A}" = Catalyst Control Center Localization Russian
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{882683C6-8B60-5CBC-38A8-55ED185FD975}" = CCC Help Turkish
"{8843C5E1-51E5-DFA6-1AD8-757C8DCA7E37}" = CCC Help Russian
"{88C596E4-6882-8E76-EBEF-AB739F5A3B69}" = Catalyst Control Center Localization Italian
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BD60AEF-3F9D-47AE-B80A-FB7FFCE335A0}" = VAIO Movie Story
"{8C467DE1-6E04-0888-B281-172909C96F37}" = Skins
"{8C7FB08D-7A84-22E0-F553-F6B827023E17}" = CCC Help Chinese Traditional
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{925936AC-9C9A-4897-874B-60961AAB6D52}" = Disc2Phone
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{93F32124-BB54-C599-CF55-E1E57565BCE3}" = CCC Help Czech
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{96C951BB-47C8-8497-78F0-7D8D328B58E3}" = Catalyst Control Center Localization Portuguese
"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" =
"{98FC7A64-774B-49B5-B046-4B4EBC053FA9}" = VAIO MusicBox Sample Music
"{9973498D-EA29-4A68-BE0B-C88D6E03E928}" = ArcSoft WebCam Companion 2
"{99D8CD4E-A5D2-A9DF-A152-B28EB5A71F85}" = Catalyst Control Center Localization German
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C1C8A04-F8CA-4472-A92D-4288CE32DE86}" = SonicStage Mastering Studio Plugins
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{A552C4EA-D41E-4C61-A0FB-C0E05440F7D7}" = VAIO Entertainment Platform
"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Function Setting
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939F952-1C7E-CBF8-EE77-CFBD9C6A4ECC}" = ccc-core-static
"{AA75988E-9EC1-EECE-CE00-D5D935974528}" = CCC Help Dutch
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_946" = Adobe Acrobat 9.4.6 - CPSID_83708
"{ACB5FD4A-6C58-972C-180C-9677C037E71D}" = Catalyst Control Center Localization Chinese Standard
"{ADBDB038-FF77-C672-04A1-7A0E67E8C73C}" = Catalyst Control Center Core Implementation
"{ADECE95F-585D-8B33-BF50-53C2BDA1E241}" = Catalyst Control Center Localization Korean
"{AE0FBCB5-3193-4583-C6CB-AA96F307EA70}" = ccc-utility
"{AFF10119-F154-4888-77F3-B149DE987976}" = Catalyst Control Center Localization Polish
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B513C7B0-024A-498F-B0F5-00C67E2440A9}" = VAIO Content Metadata Intelligent Analyzing Manager
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7C03E84-AF46-42F4-809D-D4127D9086D0}" = VAIO Edit Components 6.4
"{B9A81070-616D-4E93-BE02-CEE651343204}" = WD Anywhere Backup
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BACD22AE-5B6B-4F23-B506-3FCFF13AC137}" = VAIO Media plus
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BC7E2C06-D255-4300-AA12-33AB54D009AC}" = Adobe Creative Suite 4 Design Standard
"{C1083DBC-C541-4E8C-91EA-D92397AB9A2C}" = OpenMG Secure Module 5.1.00
"{C1E693A4-B1D5-4DCD-B68D-2087835B7184}" = ScanSoft OmniPage SE 4.0
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C60BA916-9E44-4DA4-B11A-9E27B7624EF5}" = Sony Ericsson Drivers
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{C767EE67-9AA4-1CBF-8FD4-87F52CBB041D}" = CCC Help Italian
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{C8E57F8C-64FE-28D7-0F65-7BE87AF49745}" = Catalyst Control Center Graphics Full New
"{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}" = Sony Ericsson Device Data
"{C93F4E7C-1B31-449B-A304-EF277CF55E39}" = Catalyst Control Center - Branding
"{CAE07D54-A400-DAF9-912B-306DD941B61C}" = Catalyst Control Center Localization Finnish
"{CB6CF566-E06F-2556-55EF-EE149FC6EE7F}" = CCC Help French
"{CB8A8696-93EC-414E-A752-850AB133F68A}" = VAIO Content Metadata XML Interface Library
"{CC4BBCBA-89F6-47C3-9B0F-5CE5BB1C316C}" = WEB.DE Toolbar MSVC100 CRT x86
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Music Transfer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D035FBF6-FDEF-487D-89CA-6F9DD07B783F}" = Dolby Control Center
"{D355ECA7-DBF5-F22E-4E1A-BF69CFC5CED8}" = CCC Help Japanese
"{D44DF260-2D5A-3277-97D6-C97D1A806CF5}" = CCC Help Thai
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{D6BF6477-8369-489F-8DE6-3731F4B88560}" = Sony Ericsson PC Suite
"{D7019E24-BF07-3690-18C7-3D0DE87D09AB}" = CCC Help Chinese Standard
"{D7FFE7EB-1A15-864C-B335-E768BF623B84}" = Catalyst Control Center Localization Swedish
"{DE1F799A-0A02-FF3B-8786-195E91D0DE94}" = CCC Help Spanish
"{DF7DB916-90E5-40F2-9010-B8125EB5FD6F}" = SonicStage Mastering Studio Audio Filter
"{E31010F6-DE18-0E9F-E028-FC709306C6F1}" = Catalyst Control Center Localization Turkish
"{E464702F-5433-46EC-8F65-159276C0A54F}" = WIDCOMM Bluetooth Software 6.2.0.4100
"{E5BD6683-301D-B224-FB7C-320299CD51F9}" = CCC Help Hungarian
"{E9730C7A-E5DA-8222-45FE-2D71E810BE46}" = Catalyst Control Center Localization Spanish
"{EA39F1F5-D4A1-C02A-0865-7F6A95A33A56}" = CCC Help English
"{EC37A846-53AC-4DA7-98FA-76A4E74AA900}" = Benutzerdefinierte Voreinstellungen für SonicStage Mastering Studio Audio Filter
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{EE59BBF9-415C-45DB-8C4B-EE43CF635FEA}" = VAIO Content Metadata XML Interface Library
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" =
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FD72E69E-CF34-4071-BFD6-FD081A365E2C}" = VAIO Content Metadata Intelligent Analyzing Manager
"{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home
"{FE697886-F392-4E0D-A0C0-47587BF60992}" = VAIO Content Metadata Manager Setting
"{FECA6067-869C-4F32-9F6E-574E1496CE44}" = Memeo AutoSync
"1&1 Mail & Media GmbH 1und1Softwareaktualisierung" = WEB.DE Softwareaktualisierung
"1&1 Mail & Media GmbH Toolbar FF" = WEB.DE Toolbar für Mozilla Firefox
"1&1 Mail & Media GmbH Toolbar IE8" = WEB.DE Toolbar für Internet Explorer
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe InDesign CS2 - {7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2 Trial
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_1e3ba55b33b1e8227645fb9c82acca3" = Adobe Creative Suite 4 Design Standard
"Applian FLV and Media Player" = Applian FLV and Media Player 3.1.1.12
"AuralogComponentsUninstall9.exe" = AuralogComponentsUninstall9
"Avira AntiVir Desktop" = Avira Free Antivirus
"Bamboo Dock" = Bamboo Dock 3.3
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DivX Setup" = DivX-Setup
"dt icon module" =
"DVDx_is1" = DVDx
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"FileZilla" = FileZilla (remove only)
"FLV Player" = FLV Player 2.0 (build 25)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free Audio Dub_is1" = Free Audio Dub version 1.7.7
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 4.2.15
"Free YouTube Download_is1" = Free YouTube Download 2.9
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"gtfirstboot Setting Request" =
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD BD for VAIO
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"InstallShield_{C1083DBC-C541-4E8C-91EA-D92397AB9A2C}" = OpenMG Secure Module 5.1.00
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"MarketingTools" = VAIO Marketing Tools
"MFU Module" =
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPE" = MyPhoneExplorer
"Pamela" = Pamela Basic 4.0
"Pen Tablet Driver" = Bamboo
"Picasa 3" = Picasa 3
"ProInst" = Intel PROSet Wireless
"RealPlayer 12.0" = RealPlayer
"Uninstall_is1" = Uninstall 1.0.0.1
"Update Service" = Sony Ericsson Update Service
"VAIO Help and Support" =
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1" = Bamboo Dock
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.43-4
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"InstallShield_{B9A81070-616D-4E93-BE02-CEE651343204}" = WD Anywhere Backup
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 06.04.2011 06:23:01 | Computer Name = mc-PC | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
(Fehlercode = 0x80042019)
Error - 07.04.2011 05:40:57 | Computer Name = mc-PC | Source = Avira AntiVir | ID = 4112
Description =
Error - 07.04.2011 14:21:00 | Computer Name = mc-PC | Source = WinMgmt | ID = 10
Description =
Error - 07.04.2011 14:21:28 | Computer Name = mc-PC | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
(Fehlercode = 0x80042019)
Error - 13.04.2011 04:28:09 | Computer Name = mc-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 8.0.6001.19019 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: b28 Anfangszeit: 01cbf5511a55f54a Zeitpunkt
der Beendigung: 0
Error - 13.04.2011 04:40:30 | Computer Name = mc-PC | Source = WinMgmt | ID = 10
Description =
Error - 13.04.2011 04:40:36 | Computer Name = mc-PC | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
(Fehlercode = 0x80042019)
Error - 20.04.2011 18:43:29 | Computer Name = mc-PC | Source = WinMgmt | ID = 10
Description =
Error - 20.04.2011 18:43:43 | Computer Name = mc-PC | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
(Fehlercode = 0x80042019)
Error - 20.04.2011 19:14:51 | Computer Name = mc-PC | Source = WinMgmt | ID = 10
Description =
[ OSession Events ]
Error - 21.06.2009 09:48:11 | Computer Name = mc-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.
Error - 21.06.2009 09:48:56 | Computer Name = mc-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.
Error - 15.03.2010 02:23:00 | Computer Name = mc-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 251182
seconds with 420 seconds of active time. This session ended with a crash.
Error - 01.06.2010 11:24:15 | Computer Name = mc-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 598
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 29.03.2009 12:44:06 | Computer Name = mc-PC | Source = DCOM | ID = 10000
Description =
Error - 30.03.2009 13:01:44 | Computer Name = mc-PC | Source = DCOM | ID = 10000
Description =
Error - 31.03.2009 03:04:46 | Computer Name = mc-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 31.03.2009 um 09:03:34 unerwartet heruntergefahren.
Error - 31.03.2009 03:04:59 | Computer Name = mc-PC | Source = HTTP | ID = 15016
Description =
Error - 31.03.2009 03:05:31 | Computer Name = mc-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 31.03.2009 03:07:01 | Computer Name = mc-PC | Source = DCOM | ID = 10000
Description =
Error - 31.03.2009 07:38:47 | Computer Name = mc-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 31.03.2009 um 13:36:24 unerwartet heruntergefahren.
Error - 31.03.2009 07:39:00 | Computer Name = mc-PC | Source = HTTP | ID = 15016
Description =
Error - 31.03.2009 07:39:50 | Computer Name = mc-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 31.03.2009 08:18:47 | Computer Name = mc-PC | Source = DCOM | ID = 10000
Description =
< End of report >
Code:
ATTFilter OTL logfile created on: 16.06.2012 13:53:38 - Run 3 OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\mc\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,01 Gb Available Physical Memory | 33,78% Memory free 6,19 Gb Paging File | 3,58 Gb Available in Paging File | 57,72% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 221,67 Gb Total Space | 44,05 Gb Free Space | 19,87% Space Free | Partition Type: NTFS Drive G: | 1,97 Gb Total Space | 0,66 Gb Free Space | 33,42% Space Free | Partition Type: FAT32 Drive H: | 1,95 Gb Total Space | 1,41 Gb Free Space | 72,07% Space Free | Partition Type: FAT Drive I: | 7,47 Gb Total Space | 0,53 Gb Free Space | 7,08% Space Free | Partition Type: FAT32 Computer Name: MC-PC | User Name: mc | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.11 18:26:06 | 003,905,408 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe PRC - [2012.06.11 14:28:36 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\mc\Desktop\OTL.exe PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\mc\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012.05.08 22:04:43 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.08 22:04:38 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.08 22:04:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.08 22:04:38 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.03.03 22:19:06 | 000,307,824 | ---- | M] (Google Inc.) -- C:\Programme\Google\Google Toolbar\GoogleToolbarUser_32.exe PRC - [2011.09.28 11:48:17 | 000,646,232 | ---- | M] () -- C:\Programme\Bamboo Dock\BambooCore.exe PRC - [2011.09.08 18:48:34 | 005,554,552 | ---- | M] (Wacom Technology, Corp.) -- C:\Programme\Tablet\Pen\Pen_Tablet.exe PRC - [2011.09.08 18:48:34 | 003,281,272 | ---- | M] (Wacom Technology, Corp.) -- C:\Programme\Tablet\Pen\Pen_TouchUser.exe PRC - [2011.09.08 18:48:34 | 001,485,176 | ---- | M] (Wacom Technology, Corp.) -- C:\Programme\Tablet\Pen\Pen_TabletUser.exe PRC - [2011.09.08 18:48:34 | 000,451,960 | ---- | M] (Wacom Technology, Corp.) -- C:\Programme\Tablet\Pen\Pen_TouchService.exe PRC - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SASCore.exe PRC - [2011.05.25 11:31:23 | 000,748,336 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe PRC - [2011.05.23 09:09:30 | 000,431,616 | ---- | M] (Sony Ericsson) -- C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe PRC - [2010.12.13 14:52:46 | 000,074,960 | ---- | M] () -- C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\PCCompanionInfo.exe PRC - [2010.09.22 18:11:26 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Programme\Adobe\Acrobat 9.0\Acrobat\acrotray.exe PRC - [2009.04.12 10:46:22 | 000,662,416 | ---- | M] (mquadr.at softwareengineering und consulting gmbh) -- C:\Windows\System32\ieconfig_1und1_svc.exe PRC - [2009.04.11 08:28:06 | 000,304,128 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\TabTip.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2009.02.26 18:36:46 | 000,030,040 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe PRC - [2009.02.26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE PRC - [2008.12.04 12:53:24 | 006,997,504 | ---- | M] (Pamela-Systems) -- C:\Programme\Pamela\Pamela.exe PRC - [2008.08.06 18:06:44 | 001,771,360 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Power Management\SPMgr.exe PRC - [2008.08.06 18:06:42 | 000,411,488 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Power Management\SPMService.exe PRC - [2008.07.30 16:05:22 | 000,299,008 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\Network Utility\NSUService.exe PRC - [2008.07.30 16:05:22 | 000,262,144 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\Network Utility\LANUtil.exe PRC - [2008.07.18 13:14:24 | 000,104,992 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RTKAUDIOSERVICE.EXE PRC - [2008.07.15 18:04:08 | 000,182,112 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe PRC - [2008.07.15 18:04:08 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Event Service\VESMgrSub.exe PRC - [2008.06.20 08:56:44 | 000,415,744 | ---- | M] (Sony Corporation) -- C:\Programme\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe PRC - [2008.06.19 08:55:48 | 000,279,848 | ---- | M] (Sony Corporation) -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe PRC - [2008.06.11 19:46:10 | 000,866,144 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Update 4\VAIOUpdt.exe PRC - [2008.05.22 14:23:10 | 000,192,512 | ---- | M] (Sony Corporation) -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe PRC - [2008.04.30 19:41:12 | 000,815,104 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe PRC - [2008.04.30 19:10:10 | 000,466,944 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe PRC - [2008.04.03 20:03:38 | 000,317,280 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\ISB Utility\ISBMgr.exe PRC - [2008.02.23 02:38:50 | 000,122,880 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\Apoint\Apoint.exe PRC - [2008.02.23 02:38:50 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\Apoint\ApntEx.exe PRC - [2008.02.23 02:38:49 | 000,050,472 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\Apoint\ApMsgFwd.exe PRC - [2008.01.30 05:52:22 | 000,106,496 | ---- | M] (WDC) -- C:\Programme\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe PRC - [2008.01.30 05:50:26 | 000,438,272 | ---- | M] (WDC) -- C:\Programme\Western Digital\WD Drive Manager\WDBtnMgrUI.exe PRC - [2008.01.21 04:25:32 | 000,198,656 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\InputPersonalization.exe PRC - [2007.01.04 19:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe ========== Modules (No Company Name) ========== MOD - [2012.06.15 22:52:17 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll MOD - [2012.06.15 22:52:15 | 000,065,024 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll MOD - [2012.06.15 19:19:25 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL MOD - [2012.06.15 19:19:25 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll MOD - [2012.05.16 23:27:50 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\75df548d77c2833a48c5da51424c93f1\System.IdentityModel.Selectors.ni.dll MOD - [2012.05.16 23:27:46 | 001,070,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\32983e3f4c5c20053e6673f37a58a874\System.IdentityModel.ni.dll MOD - [2012.05.16 23:27:42 | 002,346,496 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\1619144e1a9eaca847e53b952b21820b\System.Runtime.Serialization.ni.dll MOD - [2012.05.16 23:27:35 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\521fb04fdfbb0039a34cc91111d11804\SMDiagnostics.ni.dll MOD - [2012.05.16 23:27:33 | 017,404,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\1dac5ff29f483e19c77b23b00ba533f9\System.ServiceModel.ni.dll MOD - [2012.05.16 23:25:50 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\ef684a2ee2f7276eec3973a0654d2bd4\System.Web.ni.dll MOD - [2012.05.16 23:24:39 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll MOD - [2012.05.16 22:54:49 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll MOD - [2012.05.16 22:53:40 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e4d54640bacd18e047a4573cb4611bd3\System.Windows.Forms.ni.dll MOD - [2012.05.16 22:52:41 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5d8696f15e49aedf883dd945806a7049\System.Drawing.ni.dll MOD - [2012.05.16 22:46:03 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll MOD - [2012.05.16 22:44:28 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll MOD - [2011.09.28 11:48:17 | 000,646,232 | ---- | M] () -- C:\Programme\Bamboo Dock\BambooCore.exe MOD - [2011.09.08 18:48:36 | 000,962,936 | ---- | M] () -- C:\Programme\Tablet\Pen\libxml2.dll MOD - [2010.12.17 11:33:12 | 000,204,800 | ---- | M] () -- C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\MExplorer.dll MOD - [2010.12.13 14:52:46 | 000,074,960 | ---- | M] () -- C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\PCCompanionInfo.exe MOD - [2010.12.13 10:58:50 | 000,047,616 | ---- | M] () -- C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\TMonitorAPI.dll MOD - [2010.07.28 11:39:19 | 000,034,816 | ---- | M] () -- C:\Programme\Google\Google Desktop Search\gzlib.dll MOD - [2009.12.09 08:54:50 | 000,495,616 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.ServiceModel.resources\3.0.0.0_de_b77a5c561934e089\System.ServiceModel.resources.dll MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.02.27 17:39:29 | 000,019,968 | ---- | M] () -- C:\Programme\Adobe\Acrobat 9.0\Acrobat\AcroTray.DEU MOD - [2008.12.04 12:53:27 | 000,710,656 | ---- | M] () -- C:\Programme\Pamela\crashrpt.dll MOD - [2008.12.04 12:53:27 | 000,053,760 | ---- | M] () -- C:\Programme\Pamela\zlib.dll MOD - [2008.12.04 12:53:25 | 000,856,064 | ---- | M] () -- C:\Programme\Pamela\lng.dll MOD - [2008.12.04 12:53:25 | 000,643,072 | ---- | M] () -- C:\Programme\Pamela\Plugin\Sound\ACMMP3SoundPlugin.dll MOD - [2008.08.11 12:52:00 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\SPMDam\3.1.0.6020__1b3c579b6925895f\SPMDam.dll MOD - [2008.08.11 12:51:59 | 000,086,016 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\SPMCommon\3.1.0.6020__e3c7096ba83f9295\SPMCommon.dll MOD - [2008.07.30 02:12:31 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll ========== Win32 Services (SafeList) ========== SRV - [2012.06.05 13:14:37 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.05.08 22:04:43 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.08 22:04:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.01.31 16:09:34 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011.09.08 18:48:34 | 005,554,552 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Programme\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen) SRV - [2011.09.08 18:48:34 | 000,451,960 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Programme\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen) SRV - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programme\SUPERAntiSpyware\SASCore.exe -- (!SASCORE) SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2009.04.12 10:46:22 | 000,662,416 | ---- | M] (mquadr.at softwareengineering und consulting gmbh) [Auto | Running] -- C:\Windows\System32\ieconfig_1und1_svc.exe -- (serviceIEConfig) SRV - [2009.02.26 18:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service) SRV - [2009.01.14 01:54:22 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2008.11.04 11:48:10 | 000,288,112 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Programme\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4) SRV - [2008.08.06 18:06:42 | 000,411,488 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management) SRV - [2008.07.30 16:05:22 | 000,299,008 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\Network Utility\NSUService.exe -- (NSUService) SRV - [2008.07.18 13:14:24 | 000,104,992 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Windows\RTKAUDIOSERVICE.EXE -- (RtkAudioService) SRV - [2008.07.15 18:04:08 | 000,182,112 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service) SRV - [2008.06.20 08:56:44 | 000,415,744 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw) SRV - [2008.06.19 08:55:48 | 000,279,848 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw) SRV - [2008.06.11 23:13:24 | 000,337,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr) SRV - [2008.06.11 23:10:48 | 000,083,232 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper) SRV - [2008.05.22 14:23:10 | 000,192,512 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc) SRV - [2008.05.22 14:21:44 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service) SRV - [2008.05.20 19:05:40 | 000,353,568 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Media plus\SOHDms.exe -- (SOHDms) SRV - [2008.05.20 19:05:40 | 000,103,712 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Media plus\SOHCImp.exe -- (SOHCImp) SRV - [2008.05.20 19:05:40 | 000,062,752 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Media plus\SOHDs.exe -- (SOHDs) SRV - [2008.05.20 01:51:34 | 000,077,824 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV) SRV - [2008.05.20 01:49:04 | 000,053,248 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV) SRV - [2008.05.20 01:29:06 | 000,053,248 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR) SRV - [2008.04.30 19:41:12 | 000,815,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2008.04.30 19:10:10 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2008.01.30 05:52:22 | 000,106,496 | ---- | M] (WDC) [Auto | Running] -- C:\Programme\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe -- (WDBtnMgrSvc.exe) SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.07.06 18:28:44 | 000,031,768 | ---- | M] (Memeo) [Disabled | Stopped] -- C:\Programme\Memeo\AutoSync\MemeoService.exe -- (AutoSyncService) SRV - [2007.01.04 19:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wacomvhid.sys -- (wacomvhid) DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2012.05.08 22:04:45 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.08 22:04:45 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011.12.15 16:00:00 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.07.22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV) DRV - [2011.07.12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2010.11.12 12:34:19 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc) DRV - [2010.11.12 12:34:19 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.08.28 01:06:32 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wacmoumonitor.sys -- (wacmoumonitor) DRV - [2009.07.09 19:16:24 | 000,013,480 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WacomVTHid.sys -- (WacomVTHid) DRV - [2009.06.29 18:59:02 | 000,112,128 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet) DRV - [2009.06.29 18:59:02 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbfake.sys -- (hwusbfake) DRV - [2009.04.11 06:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB) DRV - [2009.04.09 14:38:26 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2008.07.30 02:12:26 | 003,847,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2008.07.11 16:42:58 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall) DRV - [2008.06.28 02:33:45 | 000,068,608 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2008.06.28 02:11:39 | 000,143,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService) DRV - [2008.06.21 02:03:04 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\risdptsk.sys -- (risdptsk) DRV - [2008.06.07 02:02:55 | 000,131,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr) DRV - [2008.05.16 13:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) DRV - [2008.05.16 13:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) DRV - [2008.05.16 13:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl) DRV - [2008.05.16 13:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm) DRV - [2008.05.16 13:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) DRV - [2008.05.16 13:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016obex.sys -- (s0016obex) DRV - [2008.05.16 13:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM) DRV - [2008.04.28 06:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R) DRV - [2008.03.10 13:01:26 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP) DRV - [2008.02.23 02:38:50 | 000,164,400 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2008.01.25 04:14:25 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2007.11.02 15:22:38 | 000,105,896 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217unic.sys -- (s217unic) Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (WDM) DRV - [2007.11.02 15:22:38 | 000,103,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217mgmt.sys -- (s217mgmt) Sony Ericsson Device 217 USB WMC Device Management Drivers (WDM) DRV - [2007.11.02 15:22:38 | 000,100,008 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217obex.sys -- (s217obex) DRV - [2007.11.02 15:22:38 | 000,024,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217nd5.sys -- (s217nd5) Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (NDIS) DRV - [2007.11.02 15:22:36 | 000,109,992 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217mdm.sys -- (s217mdm) DRV - [2007.11.02 15:22:36 | 000,083,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217bus.sys -- (s217bus) Sony Ericsson Device 217 driver (WDM) DRV - [2007.11.02 15:22:36 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217mdfl.sys -- (s217mdfl) DRV - [2007.04.24 12:33:46 | 000,100,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125mgmt.sys -- (s125mgmt) Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM) DRV - [2007.04.24 12:33:46 | 000,098,696 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125obex.sys -- (s125obex) DRV - [2007.04.24 12:33:44 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125mdm.sys -- (s125mdm) DRV - [2007.04.24 12:33:42 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125mdfl.sys -- (s125mdfl) DRV - [2007.04.24 12:33:34 | 000,083,336 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125bus.sys -- (s125bus) Sony Ericsson Device 125 driver (WDM) DRV - [2007.04.23 16:54:50 | 000,100,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s115mgmt.sys -- (s115mgmt) Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM) DRV - [2007.04.23 16:54:50 | 000,098,568 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s115obex.sys -- (s115obex) DRV - [2007.04.23 16:54:48 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s115mdm.sys -- (s115mdm) DRV - [2007.04.23 16:54:48 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s115mdfl.sys -- (s115mdfl) DRV - [2007.04.23 16:54:46 | 000,083,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s115bus.sys -- (s115bus) Sony Ericsson Device 115 driver (WDM) DRV - [2007.04.17 20:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi) DRV - [2007.04.04 13:43:38 | 000,098,952 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s716unic.sys -- (s716unic) Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM) DRV - [2007.04.04 13:43:36 | 000,098,568 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s716obex.sys -- (s716obex) DRV - [2007.04.04 13:43:36 | 000,023,176 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s716nd5.sys -- (s716nd5) Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS) DRV - [2007.04.04 13:43:34 | 000,108,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s716mdm.sys -- (s716mdm) DRV - [2007.04.04 13:43:34 | 000,100,360 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s716mgmt.sys -- (s716mgmt) Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM) DRV - [2007.04.04 13:43:32 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s716mdfl.sys -- (s716mdfl) DRV - [2007.04.04 13:43:20 | 000,083,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s716bus.sys -- (s716bus) Sony Ericsson Device 716 driver (WDM) DRV - [2007.02.16 21:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = IE - HKLM\..\SearchScopes,DefaultScope = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.web.de/tb/ie_startpage IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 20 2B 58 3C 15 4B CD 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = IE - HKCU\..\SearchScopes,DefaultScope = {C69BCB98-A432-446B-B386-801C024A295A} IE - HKCU\..\SearchScopes\{C69BCB98-A432-446B-B386-801C024A295A}: "URL" = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie IE - HKCU\..\SearchScopes\{C79D9791-75BC-488F-AE8D-90B5250E3A68}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms} IE - HKCU\..\SearchScopes\{DE168992-EA82-4A01-9158-63DE74B6CFFC}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.selectedEngine: "" FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/" FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.7 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145 FF - prefs.js..extensions.enabledItems: FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.1 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.2&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll (Sony Media Software and Services Inc) FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.) FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.) FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.) FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.1: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\mc\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.12.02 19:31:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.12 17:12:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.05 13:14:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.06.15 18:46:48 | 000,000,000 | ---D | M] [2008.12.17 10:17:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mc\AppData\Roaming\mozilla\Extensions [2012.06.05 13:09:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mc\AppData\Roaming\mozilla\Firefox\Profiles\uuhchzq9.default\extensions [2011.12.24 15:41:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\mc\AppData\Roaming\mozilla\Firefox\Profiles\uuhchzq9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.12.24 15:41:17 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\mc\AppData\Roaming\mozilla\Firefox\Profiles\uuhchzq9.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.05.04 17:09:52 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\mc\AppData\Roaming\mozilla\Firefox\Profiles\uuhchzq9.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.12.24 15:39:37 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\mc\AppData\Roaming\mozilla\Firefox\Profiles\uuhchzq9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2012.06.05 13:09:12 | 000,000,950 | ---- | M] () -- C:\Users\mc\AppData\Roaming\Mozilla\Firefox\Profiles\uuhchzq9.default\searchplugins\icqplugin-1.xml [2011.12.18 14:29:14 | 000,000,168 | ---- | M] () -- C:\Users\mc\AppData\Roaming\Mozilla\Firefox\Profiles\uuhchzq9.default\searchplugins\icqplugin.gif [2011.12.18 14:29:14 | 000,000,618 | ---- | M] () -- C:\Users\mc\AppData\Roaming\Mozilla\Firefox\Profiles\uuhchzq9.default\searchplugins\icqplugin.src [2012.06.15 18:47:12 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.10.15 17:40:43 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.06.15 18:47:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2011.12.12 17:12:39 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5 File not found (No name found) -- C:\USERS\MC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UUHCHZQ9.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE [2012.06.05 13:14:38 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.06.05 13:14:31 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} O1 HOSTS File: ([2012.02.10 15:19:52 | 000,441,283 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 15169 more lines... O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (WEB.DE Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (WEB.DE Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Programme\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BambooCore] C:\Programme\Bamboo Dock\BambooCore.exe () O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [WD Drive Manager] C:\Programme\Western Digital\WD Drive Manager\WDBtnMgrUI.exe (WDC) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [NSUFloatingUI] C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation) O4 - HKCU..\Run: [pamela.exe] C:\Program Files\Pamela\pamela.exe (Pamela-Systems) O4 - HKCU..\Run: [Sony Ericsson PC Companion] C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson) O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - Startup: C:\Users\mc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\mc\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\mc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Free YouTube Download - C:\Users\mc\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\mc\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll () O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll () O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O13 - gopher Prefix: missing O15 - HKLM\..Trusted Domains: 120.105 ([194.94] http in Trusted sites) O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O15 - HKCU\..Trusted Ranges: Range2 ([http] in Vertrauenswürdige Sites) O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab (Microsoft Office Template and Media Control) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab (DLM Control) O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab (CeWe Color AG & Co. OHG Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} hxxp://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control) O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} hxxp://as.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab (IPSUploader4 Control) O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.69.100.182 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2CBD709C-B947-41DA-B806-F629716B6F70}: DhcpNameServer = 80.69.100.182 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{989642EC-EEDC-4410-AFA9-1EB2B3B39409}: DhcpNameServer = 139.7.30.126 139.7.30.125 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BFFB8361-4CEE-4516-B144-ED21856A9864}: DhcpNameServer = 139.7.30.126 139.7.30.125 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CCB0A9D0-05AD-4A90-9C7C-06497781FE78}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation) O24 - Desktop WallPaper: C:\Users\mc\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\mc\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.06.15 19:39:37 | 000,000,000 | ---D | C] -- C:\ProgramData\UUdb [2012.06.15 19:39:29 | 000,000,000 | ---D | C] -- C:\Users\mc\AppData\Roaming\1&1 Mail & Media GmbH [2012.06.15 19:38:07 | 000,000,000 | ---D | C] -- C:\Users\mc\AppData\Local\Deployment [2012.06.15 19:38:07 | 000,000,000 | ---D | C] -- C:\Users\mc\AppData\Local\Apps [2012.06.15 19:18:52 | 000,000,000 | ---D | C] -- C:\Users\mc\AppData\Roaming\SUPERAntiSpyware.com [2012.06.15 19:18:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware [2012.06.15 19:18:27 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2012.06.15 19:18:27 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2012.06.15 18:47:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012.06.15 18:46:48 | 000,476,936 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\npdeployJava1.dll [2012.06.15 18:46:47 | 000,157,448 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2012.06.15 18:46:47 | 000,149,256 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2012.06.15 18:46:47 | 000,149,256 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2012.06.15 14:36:47 | 000,000,000 | ---D | C] -- C:\_OTL [2012.06.15 00:06:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012.06.15 00:06:06 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.06.14 23:14:24 | 000,399,264 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\mc\Desktop\unhide.exe [2012.06.14 22:34:43 | 003,862,112 | ---- | C] (Piriform Ltd) -- C:\Users\mc\Desktop\ccsetup319.exe [2012.06.11 14:28:34 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\mc\Desktop\OTL.exe [2012.06.11 11:28:13 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.06.10 21:46:23 | 000,000,000 | ---D | C] -- C:\Users\mc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Recovery [2012.06.10 13:03:41 | 000,000,000 | ---D | C] -- C:\Users\mc\Desktop\technische zeichnungen [2012.06.05 13:15:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012.06.05 13:15:31 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service ========== Files - Modified Within 30 Days ========== [2012.06.16 13:32:56 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.16 13:32:56 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.16 09:32:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.15 23:16:46 | 000,632,502 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.06.15 23:16:46 | 000,599,150 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.06.15 23:16:46 | 000,127,714 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.06.15 23:16:46 | 000,105,164 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.06.15 22:56:27 | 000,000,983 | ---- | M] () -- C:\Users\mc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.06.15 22:49:16 | 3218,120,704 | -HS- | M] () -- C:\hiberfil.sys [2012.06.15 22:48:26 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012.06.15 19:18:44 | 000,001,800 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2012.06.15 19:02:41 | 000,346,354 | ---- | M] () -- C:\Users\mc\Documents\cc_20120615_190133.reg [2012.06.15 18:46:15 | 000,157,448 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2012.06.15 18:46:15 | 000,149,256 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2012.06.15 18:46:15 | 000,149,256 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2012.06.15 18:46:14 | 000,476,936 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\npdeployJava1.dll [2012.06.15 18:46:13 | 000,472,840 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2012.06.15 00:21:34 | 000,039,675 | ---- | M] () -- C:\Users\mc\Desktop\desktop.jpg [2012.06.14 23:14:25 | 000,399,264 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\mc\Desktop\unhide.exe [2012.06.14 22:34:45 | 003,862,112 | ---- | M] (Piriform Ltd) -- C:\Users\mc\Desktop\ccsetup319.exe [2012.06.11 14:28:36 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\mc\Desktop\OTL.exe [2012.06.09 21:49:37 | 000,038,079 | ---- | M] () -- C:\Users\mc\Desktop\6,h=493_bild.jpg [2012.06.06 13:58:40 | 000,042,470 | ---- | M] () -- C:\Users\mc\Desktop\9007267975192236_37HAI7WK_c.jpg [2012.06.04 13:02:33 | 000,008,188 | ---- | M] () -- C:\Users\mc\AppData\Local\d3d9caps.dat [2012.06.02 11:41:06 | 000,051,200 | ---- | M] () -- C:\Users\mc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== Files Created - No Company Name ========== [2012.06.15 19:18:44 | 000,001,800 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2012.06.15 19:01:41 | 000,346,354 | ---- | C] () -- C:\Users\mc\Documents\cc_20120615_190133.reg [2012.06.15 00:21:33 | 000,039,675 | ---- | C] () -- C:\Users\mc\Desktop\desktop.jpg [2012.06.10 23:55:03 | 3218,120,704 | -HS- | C] () -- C:\hiberfil.sys [2012.06.09 21:50:20 | 000,038,079 | ---- | C] () -- C:\Users\mc\Desktop\6,h=493_bild.jpg [2012.06.06 13:58:51 | 000,042,470 | ---- | C] () -- C:\Users\mc\Desktop\9007267975192236_37HAI7WK_c.jpg [2012.06.05 13:15:21 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012.02.13 17:37:03 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2011.03.11 00:00:29 | 000,000,021 | ---- | C] () -- C:\Windows\progman.ini [2010.12.07 14:34:27 | 000,000,379 | ---- | C] () -- C:\Windows\System32\Pen_Tablet.dat [2010.11.02 22:42:38 | 000,000,056 | ---- | C] () -- C:\Windows\System32\ezsidmv.dat ========== LOP Check ========== [2012.06.15 19:39:29 | 000,000,000 | ---D | M] -- C:\Users\mc\AppData\Roaming\1&1 Mail & Media GmbH [2008.12.26 14:30:59 | 000,000,000 | ---D | M] -- C:\Users\mc\AppData\Roaming\AD ON Multimedia [2012.05.01 11:53:08 | 000,000,000 | ---D | M] -- C:\Users\mc\AppData\Roaming\Applian FLV and Media Player [2010.01.28 18:04:02 | 000,000,000 | ---D | M] -- C:\Users\mc\AppData\Roaming\Bytemobile [2009.07.26 14:17:55 | 000,000,000 | ---D | M] -- C:\Users\mc\AppData\Roaming\Canon [2009.02.24 02:28:30 | 000,000,000 | ---D | M] -- C:\Users\mc\AppData\Roaming\com.adobe.ExMan [2010.10.25 16:56:26 | 000,000,000 | ---D | M] -- C:\Users\mc\AppData\Roaming\de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1 [2012.06.15 22:56:37 | 000,000,000 | ---D | M] -- C:\Users\mc\AppData\Roaming\Dropbox [2011.02.11 18:11:23 | 000,000,000 | ---D | M] -- C:\Users\mc\AppData\Roaming\DVDVideoSoft [2010.09.22 20:29:29 | 000,000,000 | ---D | M] -- C:\Users\mc\AppData\Roaming\DVDVideoSoftIEHelpers [2011.03.11 00:00:00 | 000,000,000 | ---D | M] -- C:\Users\mc\AppData\Roaming\HaCon [2010.07.23 13:55:14 | 000,000,000 | ---D | M] -- C:\Users\mc\AppData\Roaming\ICQ [2011.05.27 12:30:10 | 000,000,000 | ---D | M] -- C:\Users\mc\AppData\Roaming\IrfanView [2009.02.16 13:14:44 | 000,000,000 | ---D | M] -- C:\Users\mc\AppData\Roaming\Leadertech [2008.12.28 15:32:06 | 000,000,000 | ---D | M] -- C:\Users\mc\AppData\Roaming\Mobile Master [2011.09.12 21:41:35 | 000,000,000 | ---D | M] -- C:\Users\mc\AppData\Roaming\MyPhoneExplorer [2009.03.20 19:13:16 | 000,000,000 | ---D | M] -- C:\Users\mc\AppData\Roaming\Pamela [2009.07.12 21:52:10 | 000,000,000 | ---D | M] -- C:\Users\mc\AppData\Roaming\ScanSoft [2010.11.02 23:16:03 | 000,000,000 | ---D | M] -- C:\Users\mc\AppData\Roaming\Sony [2010.03.07 20:45:00 | 000,000,000 | ---D | M] -- C:\Users\mc\AppData\Roaming\Teleca [2010.01.28 18:04:54 | 000,000,000 | ---D | M] -- C:\Users\mc\AppData\Roaming\Vodafone [2010.01.28 21:13:18 | 000,000,000 | ---D | M] -- C:\Users\mc\AppData\Roaming\Vodafone Mobile Connect [2010.10.01 21:43:39 | 000,000,000 | ---D | M] -- C:\Users\mc\AppData\Roaming\Wacom [2010.10.01 21:43:42 | 000,000,000 | ---D | M] -- C:\Users\mc\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1 [2010.10.01 19:41:39 | 000,000,000 | ---D | M] -- C:\Users\mc\AppData\Roaming\WTouch [2012.06.15 22:48:19 | 000,032,634 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > - Suche über die Startleiste ist wieder möglich - Verschwundene Icons sind nach wie vor verschwunden (aber damit kannich leben) - PC reagiert immer noch langsam, aber es hängt sich zum Glück nichts mehr auf Eine Frage: Ich habe mir eine neue externe Festplatte gekauft, um die Daten von meinem PC nach der "Reinigung" dort zu sichern. Wann wird dies möglich sein bzw. würdest du mir dazu oder davon abraten? Habe heute zusätzlich noch Avira laufen lassen, da es als einziges Programm den data_recovery-Virus entdeckt hatte. Folgendes Ergebnis sieht eigentlich gut aus..?! Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Samstag, 16. Juni 2012 16:49
Es wird nach 3840974 Virenstämmen gesucht.
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira AntiVir Personal - Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows Vista (TM) Home Premium
Windowsversion : (Service Pack 2) [6.0.6002]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : MC-PC
Versionsinformationen:
BUILD.DAT : 12.0.0.1125 41829 Bytes 02.05.2012 16:34:00
AVSCAN.EXE : 12.3.0.15 466896 Bytes 08.05.2012 20:04:38
AVSCAN.DLL : 12.3.0.15 66256 Bytes 08.05.2012 20:04:38
LUKE.DLL : 12.3.0.15 68304 Bytes 08.05.2012 20:04:43
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 08.05.2012 20:04:45
AVREG.DLL : 12.3.0.17 232200 Bytes 10.05.2012 20:04:03
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 18:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 23:31:49
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 15:52:04
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 15:52:50
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 17:00:19
VBASE005.VDF : 7.11.29.136 2166272 Bytes 10.05.2012 20:03:50
VBASE006.VDF : 7.11.29.137 2048 Bytes 10.05.2012 20:03:50
VBASE007.VDF : 7.11.29.138 2048 Bytes 10.05.2012 20:03:50
VBASE008.VDF : 7.11.29.139 2048 Bytes 10.05.2012 20:03:50
VBASE009.VDF : 7.11.29.140 2048 Bytes 10.05.2012 20:03:50
VBASE010.VDF : 7.11.29.141 2048 Bytes 10.05.2012 20:03:50
VBASE011.VDF : 7.11.29.142 2048 Bytes 10.05.2012 20:03:50
VBASE012.VDF : 7.11.29.143 2048 Bytes 10.05.2012 20:03:50
VBASE013.VDF : 7.11.29.144 2048 Bytes 10.05.2012 20:03:50
VBASE014.VDF : 7.11.30.3 198144 Bytes 14.05.2012 20:04:05
VBASE015.VDF : 7.11.30.69 186368 Bytes 17.05.2012 20:04:10
VBASE016.VDF : 7.11.30.143 223744 Bytes 21.05.2012 10:33:47
VBASE017.VDF : 7.11.30.207 287744 Bytes 23.05.2012 20:01:12
VBASE018.VDF : 7.11.31.57 188416 Bytes 28.05.2012 20:01:15
VBASE019.VDF : 7.11.31.111 214528 Bytes 30.05.2012 20:26:12
VBASE020.VDF : 7.11.31.151 116736 Bytes 31.05.2012 20:25:56
VBASE021.VDF : 7.11.31.205 134144 Bytes 03.06.2012 11:01:56
VBASE022.VDF : 7.11.32.9 169472 Bytes 05.06.2012 11:02:01
VBASE023.VDF : 7.11.32.85 155648 Bytes 08.06.2012 13:23:37
VBASE024.VDF : 7.11.32.133 127488 Bytes 11.06.2012 20:08:58
VBASE025.VDF : 7.11.32.171 182784 Bytes 12.06.2012 20:08:59
VBASE026.VDF : 7.11.32.251 119296 Bytes 14.06.2012 20:06:36
VBASE027.VDF : 7.11.32.252 2048 Bytes 14.06.2012 20:06:36
VBASE028.VDF : 7.11.32.253 2048 Bytes 14.06.2012 20:06:36
VBASE029.VDF : 7.11.32.254 2048 Bytes 14.06.2012 20:06:36
VBASE030.VDF : 7.11.32.255 2048 Bytes 14.06.2012 20:06:36
VBASE031.VDF : 7.11.33.28 55296 Bytes 15.06.2012 20:06:36
Engineversion : 8.2.10.92
AEVDF.DLL : 8.1.2.8 106867 Bytes 02.06.2012 07:17:50
AESCRIPT.DLL : 8.1.4.26 450939 Bytes 14.06.2012 20:18:23
AESCN.DLL : 8.1.8.2 131444 Bytes 13.02.2012 15:53:21
AESBX.DLL : 8.2.5.12 606578 Bytes 14.06.2012 20:18:31
AERDL.DLL : 8.1.9.15 639348 Bytes 14.12.2011 23:31:02
AEPACK.DLL : 8.2.16.18 807287 Bytes 14.06.2012 20:18:19
AEOFFICE.DLL : 8.1.2.36 201082 Bytes 14.06.2012 20:18:07
AEHEUR.DLL : 8.1.4.46 4923767 Bytes 14.06.2012 20:18:04
AEHELP.DLL : 8.1.21.0 254326 Bytes 10.05.2012 20:03:52
AEGEN.DLL : 8.1.5.30 422261 Bytes 14.06.2012 20:16:08
AEEXP.DLL : 8.1.0.52 82293 Bytes 14.06.2012 20:18:32
AEEMU.DLL : 8.1.3.0 393589 Bytes 14.12.2011 23:30:58
AECORE.DLL : 8.1.25.10 201080 Bytes 31.05.2012 20:25:58
AEBB.DLL : 8.1.1.0 53618 Bytes 14.12.2011 23:30:58
AVWINLL.DLL : 12.3.0.15 27344 Bytes 08.05.2012 20:04:35
AVPREF.DLL : 12.3.0.15 51920 Bytes 08.05.2012 20:04:38
AVREP.DLL : 12.3.0.15 179208 Bytes 08.05.2012 20:04:45
AVARKT.DLL : 12.3.0.15 211408 Bytes 08.05.2012 20:04:37
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 08.05.2012 20:04:37
SQLITE3.DLL : 3.7.0.1 398288 Bytes 08.05.2012 20:04:44
AVSMTP.DLL : 12.3.0.15 63440 Bytes 08.05.2012 20:04:38
NETNT.DLL : 12.3.0.15 17104 Bytes 08.05.2012 20:04:43
RCIMAGE.DLL : 12.3.0.15 4447952 Bytes 08.05.2012 20:04:36
RCTEXT.DLL : 12.3.0.15 98512 Bytes 08.05.2012 20:04:36
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files\avira\antivir desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Beginn des Suchlaufs: Samstag, 16. Juni 2012 16:49
Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD1
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD2
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf nach versteckten Objekten wird begonnen.
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'taskeng.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'wuauclt.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '81' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'mcbuilder.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'InputPersonalization.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'Apntex.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamservice.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'PCCompanionInfo.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'ApMsgFwd.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'ehmsas.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'ONENOTEM.EXE' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dropbox.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'SUPERAntiSpyware.exe' - '83' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'Skype.exe' - '142' Modul(e) wurden durchsucht
Durchsuche Prozess 'GoogleDesktop.exe' - '99' Modul(e) wurden durchsucht
Durchsuche Prozess 'PCCompanion.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'ehtray.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'Pamela.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'LANUtil.exe' - '76' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamgui.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'BambooCore.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'AdobeARM.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'GrooveMonitor.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'acrotray.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'WDBtnMgrUI.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'GoogleDesktop.exe' - '82' Modul(e) wurden durchsucht
Durchsuche Prozess 'ISBMgr.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'Apoint.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'SPMgr.exe' - '90' Modul(e) wurden durchsucht
Durchsuche Prozess 'VAIOUpdt.exe' - '58' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'Pen_Tablet.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '138' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'GoogleUpdate.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'Pen_TabletUser.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'Pen_TouchUser.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'TabTip.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'WISPTIS.EXE' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '81' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'VCSW.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'xaudio.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'WUDFHost.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '9' Modul(e) wurden durchsucht
Durchsuche Prozess 'WDBtnMgrSvc.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'VzCdbSvc.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'VCFw.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'DllHost.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'VESMgrSub.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'DllHost.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'SPMService.exe' - '94' Modul(e) wurden durchsucht
Durchsuche Prozess 'VESMgr.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'Pen_Tablet.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'ieconfig_1und1_svc.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'RegSrvc.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'NSUService.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'iviRegMgr.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'EvtEng.exe' - '85' Modul(e) wurden durchsucht
Durchsuche Prozess 'btwdins.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'SASCORE.EXE' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '88' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLANExt.exe' - '87' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '95' Modul(e) wurden durchsucht
Durchsuche Prozess 'TabTip.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'WISPTIS.EXE' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'Pen_TouchService.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'RtkAudioService.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '82' Modul(e) wurden durchsucht
Durchsuche Prozess 'Ati2evxx.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'SLsvc.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '153' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '110' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'Ati2evxx.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '3749' Dateien ).
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\'
C:\Program Files\ICQ6.5\ConfigFiles\TopSearches.7z
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Program Files\ICQ6.5\ConfigFiles\TopSearchesDe.7z
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Users\mc\Documents\ADBEIDSNCS4_LS4.7z
[WARNUNG] Dieses Archiv wird nicht unterstützt
C:\Users\mc\Documents\indes\ADBEIDSNCS4_LS4.7z
[WARNUNG] Dieses Archiv wird nicht unterstützt
C:\Users\mc\Downloads\avira_free_antivirus_de.exe
[WARNUNG] Die Datei ist kennwortgeschützt
Ende des Suchlaufs: Samstag, 16. Juni 2012 21:39
Benötigte Zeit: 4:50:14 Stunde(n)
Der Suchlauf wurde vollständig durchgeführt.
35544 Verzeichnisse wurden überprüft
939495 Dateien wurden geprüft
0 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
0 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
939495 Dateien ohne Befall
6573 Archive wurden durchsucht
5 Warnungen
0 Hinweise
1079043 Objekte wurden beim Rootkitscan durchsucht
0 Versteckte Objekte wurden gefunden
Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Samstag, 16. Juni 2012 16:49
Es wird nach 3840974 Virenstämmen gesucht.
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira AntiVir Personal - Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows Vista (TM) Home Premium
Windowsversion : (Service Pack 2) [6.0.6002]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : MC-PC
Versionsinformationen:
BUILD.DAT : 12.0.0.1125 41829 Bytes 02.05.2012 16:34:00
AVSCAN.EXE : 12.3.0.15 466896 Bytes 08.05.2012 20:04:38
AVSCAN.DLL : 12.3.0.15 66256 Bytes 08.05.2012 20:04:38
LUKE.DLL : 12.3.0.15 68304 Bytes 08.05.2012 20:04:43
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 08.05.2012 20:04:45
AVREG.DLL : 12.3.0.17 232200 Bytes 10.05.2012 20:04:03
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 18:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 23:31:49
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 15:52:04
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 15:52:50
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 17:00:19
VBASE005.VDF : 7.11.29.136 2166272 Bytes 10.05.2012 20:03:50
VBASE006.VDF : 7.11.29.137 2048 Bytes 10.05.2012 20:03:50
VBASE007.VDF : 7.11.29.138 2048 Bytes 10.05.2012 20:03:50
VBASE008.VDF : 7.11.29.139 2048 Bytes 10.05.2012 20:03:50
VBASE009.VDF : 7.11.29.140 2048 Bytes 10.05.2012 20:03:50
VBASE010.VDF : 7.11.29.141 2048 Bytes 10.05.2012 20:03:50
VBASE011.VDF : 7.11.29.142 2048 Bytes 10.05.2012 20:03:50
VBASE012.VDF : 7.11.29.143 2048 Bytes 10.05.2012 20:03:50
VBASE013.VDF : 7.11.29.144 2048 Bytes 10.05.2012 20:03:50
VBASE014.VDF : 7.11.30.3 198144 Bytes 14.05.2012 20:04:05
VBASE015.VDF : 7.11.30.69 186368 Bytes 17.05.2012 20:04:10
VBASE016.VDF : 7.11.30.143 223744 Bytes 21.05.2012 10:33:47
VBASE017.VDF : 7.11.30.207 287744 Bytes 23.05.2012 20:01:12
VBASE018.VDF : 7.11.31.57 188416 Bytes 28.05.2012 20:01:15
VBASE019.VDF : 7.11.31.111 214528 Bytes 30.05.2012 20:26:12
VBASE020.VDF : 7.11.31.151 116736 Bytes 31.05.2012 20:25:56
VBASE021.VDF : 7.11.31.205 134144 Bytes 03.06.2012 11:01:56
VBASE022.VDF : 7.11.32.9 169472 Bytes 05.06.2012 11:02:01
VBASE023.VDF : 7.11.32.85 155648 Bytes 08.06.2012 13:23:37
VBASE024.VDF : 7.11.32.133 127488 Bytes 11.06.2012 20:08:58
VBASE025.VDF : 7.11.32.171 182784 Bytes 12.06.2012 20:08:59
VBASE026.VDF : 7.11.32.251 119296 Bytes 14.06.2012 20:06:36
VBASE027.VDF : 7.11.32.252 2048 Bytes 14.06.2012 20:06:36
VBASE028.VDF : 7.11.32.253 2048 Bytes 14.06.2012 20:06:36
VBASE029.VDF : 7.11.32.254 2048 Bytes 14.06.2012 20:06:36
VBASE030.VDF : 7.11.32.255 2048 Bytes 14.06.2012 20:06:36
VBASE031.VDF : 7.11.33.28 55296 Bytes 15.06.2012 20:06:36
Engineversion : 8.2.10.92
AEVDF.DLL : 8.1.2.8 106867 Bytes 02.06.2012 07:17:50
AESCRIPT.DLL : 8.1.4.26 450939 Bytes 14.06.2012 20:18:23
AESCN.DLL : 8.1.8.2 131444 Bytes 13.02.2012 15:53:21
AESBX.DLL : 8.2.5.12 606578 Bytes 14.06.2012 20:18:31
AERDL.DLL : 8.1.9.15 639348 Bytes 14.12.2011 23:31:02
AEPACK.DLL : 8.2.16.18 807287 Bytes 14.06.2012 20:18:19
AEOFFICE.DLL : 8.1.2.36 201082 Bytes 14.06.2012 20:18:07
AEHEUR.DLL : 8.1.4.46 4923767 Bytes 14.06.2012 20:18:04
AEHELP.DLL : 8.1.21.0 254326 Bytes 10.05.2012 20:03:52
AEGEN.DLL : 8.1.5.30 422261 Bytes 14.06.2012 20:16:08
AEEXP.DLL : 8.1.0.52 82293 Bytes 14.06.2012 20:18:32
AEEMU.DLL : 8.1.3.0 393589 Bytes 14.12.2011 23:30:58
AECORE.DLL : 8.1.25.10 201080 Bytes 31.05.2012 20:25:58
AEBB.DLL : 8.1.1.0 53618 Bytes 14.12.2011 23:30:58
AVWINLL.DLL : 12.3.0.15 27344 Bytes 08.05.2012 20:04:35
AVPREF.DLL : 12.3.0.15 51920 Bytes 08.05.2012 20:04:38
AVREP.DLL : 12.3.0.15 179208 Bytes 08.05.2012 20:04:45
AVARKT.DLL : 12.3.0.15 211408 Bytes 08.05.2012 20:04:37
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 08.05.2012 20:04:37
SQLITE3.DLL : 3.7.0.1 398288 Bytes 08.05.2012 20:04:44
AVSMTP.DLL : 12.3.0.15 63440 Bytes 08.05.2012 20:04:38
NETNT.DLL : 12.3.0.15 17104 Bytes 08.05.2012 20:04:43
RCIMAGE.DLL : 12.3.0.15 4447952 Bytes 08.05.2012 20:04:36
RCTEXT.DLL : 12.3.0.15 98512 Bytes 08.05.2012 20:04:36
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files\avira\antivir desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Beginn des Suchlaufs: Samstag, 16. Juni 2012 16:49
Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD1
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD2
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf nach versteckten Objekten wird begonnen.
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'taskeng.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'wuauclt.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '81' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'mcbuilder.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'InputPersonalization.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'Apntex.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamservice.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'PCCompanionInfo.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'ApMsgFwd.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'ehmsas.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'ONENOTEM.EXE' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dropbox.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'SUPERAntiSpyware.exe' - '83' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'Skype.exe' - '142' Modul(e) wurden durchsucht
Durchsuche Prozess 'GoogleDesktop.exe' - '99' Modul(e) wurden durchsucht
Durchsuche Prozess 'PCCompanion.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'ehtray.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'Pamela.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'LANUtil.exe' - '76' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamgui.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'BambooCore.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'AdobeARM.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'GrooveMonitor.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'acrotray.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'WDBtnMgrUI.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'GoogleDesktop.exe' - '82' Modul(e) wurden durchsucht
Durchsuche Prozess 'ISBMgr.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'Apoint.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'SPMgr.exe' - '90' Modul(e) wurden durchsucht
Durchsuche Prozess 'VAIOUpdt.exe' - '58' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'Pen_Tablet.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '138' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'GoogleUpdate.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'Pen_TabletUser.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'Pen_TouchUser.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'TabTip.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'WISPTIS.EXE' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '81' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'VCSW.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'xaudio.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'WUDFHost.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '9' Modul(e) wurden durchsucht
Durchsuche Prozess 'WDBtnMgrSvc.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'VzCdbSvc.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'VCFw.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'DllHost.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'VESMgrSub.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'DllHost.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'SPMService.exe' - '94' Modul(e) wurden durchsucht
Durchsuche Prozess 'VESMgr.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'Pen_Tablet.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'ieconfig_1und1_svc.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'RegSrvc.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'NSUService.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'iviRegMgr.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'EvtEng.exe' - '85' Modul(e) wurden durchsucht
Durchsuche Prozess 'btwdins.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'SASCORE.EXE' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '88' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLANExt.exe' - '87' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '95' Modul(e) wurden durchsucht
Durchsuche Prozess 'TabTip.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'WISPTIS.EXE' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'Pen_TouchService.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'RtkAudioService.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '82' Modul(e) wurden durchsucht
Durchsuche Prozess 'Ati2evxx.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'SLsvc.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '153' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '110' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'Ati2evxx.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '3749' Dateien ).
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\'
C:\Program Files\ICQ6.5\ConfigFiles\TopSearches.7z
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Program Files\ICQ6.5\ConfigFiles\TopSearchesDe.7z
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Users\mc\Documents\ADBEIDSNCS4_LS4.7z
[WARNUNG] Dieses Archiv wird nicht unterstützt
C:\Users\mc\Documents\indes\ADBEIDSNCS4_LS4.7z
[WARNUNG] Dieses Archiv wird nicht unterstützt
C:\Users\mc\Downloads\avira_free_antivirus_de.exe
[WARNUNG] Die Datei ist kennwortgeschützt
Ende des Suchlaufs: Samstag, 16. Juni 2012 21:39
Benötigte Zeit: 4:50:14 Stunde(n)
Der Suchlauf wurde vollständig durchgeführt.
35544 Verzeichnisse wurden überprüft
939495 Dateien wurden geprüft
0 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
0 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
939495 Dateien ohne Befall
6573 Archive wurden durchsucht
5 Warnungen
0 Hinweise
1079043 Objekte wurden beim Rootkitscan durchsucht
0 Versteckte Objekte wurden gefunden
Geändert von shomg (16.06.2012 um 14:50 Uhr) |
|
16.06.2012, 21:35
| #8 |
| | Alle Dateien versteckt - Befall mit "trojan.fasagent" und "PUM.Hijack.StartMenu" Sorry, unabsichtliches 3-fach-Posting, mein Internet hat gesponnen, mein Post kann gelöscht werden. Geändert von shomg (16.06.2012 um 22:27 Uhr) |
|
17.06.2012, 06:10
| #9 | |||
| /// Helfer-Team | Alle Dateien versteckt - Befall mit "trojan.fasagent" und "PUM.Hijack.StartMenu"Zitat:
1. SUPERAntiSpyware und Malwarebytes kannst deinstallieren 2. Zitat:
Code:
ATTFilter :OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.web.de/tb/ie_startpage
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\..\SearchScopes,DefaultScope = {C69BCB98-A432-446B-B386-801C024A295A}
IE - HKCU\..\SearchScopes\{C69BCB98-A432-446B-B386-801C024A295A}: "URL" = http://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
IE - HKCU\..\SearchScopes\{C79D9791-75BC-488F-AE8D-90B5250E3A68}: "URL" = http://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{DE168992-EA82-4A01-9158-63DE74B6CFFC}: "URL" =ttsu={searchTerms}
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
3. Lade dir von hier -> TrendMicro™ HijackThis™/Version 2.0.4 herunter Zitat:
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! Geändert von kira (17.06.2012 um 06:15 Uhr) |
|
17.06.2012, 09:25
| #10 |
| | Alle Dateien versteckt - Befall mit "trojan.fasagent" und "PUM.Hijack.StartMenu" Guten Morgen! Auf dem Desktop ist alles wieder vorhanden, es handelt sich, wie oben beschrieben, um ein paar Icons, die in der Schnellstartleiste nicht mit ihrem richtigen Logo angezeigt werden. Ich sehe stattdessen ein weißes Fenster. 1. Habe SUPERAntiSpyware deinstalliert, Malwarebytes würde ich gerne behalten. 2. Mit OTL gefixt Code:
ATTFilter All processes killed
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C69BCB98-A432-446B-B386-801C024A295A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C69BCB98-A432-446B-B386-801C024A295A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C79D9791-75BC-488F-AE8D-90B5250E3A68}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C79D9791-75BC-488F-AE8D-90B5250E3A68}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DE168992-EA82-4A01-9158-63DE74B6CFFC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE168992-EA82-4A01-9158-63DE74B6CFFC}\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\mc\Desktop\cmd.bat deleted successfully.
C:\Users\mc\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Gast
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: mc
->Temp folder emptied: 28314562 bytes
->Temporary Internet Files folder emptied: 37164663 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1084 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 24339994 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 86,00 mb
OTL by OldTimer - Version 3.2.48.0 log created on 06172012_095440
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:21:37, on 17.06.2012 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16446) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Sony\VAIO Power Management\SPMgr.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\Sony\ISB Utility\ISBMgr.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\Bamboo Dock\BambooCore.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Sony\Network Utility\LANUtil.exe C:\Program Files\Pamela\Pamela.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Skype\Phone\Skype.exe C:\Users\mc\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanionInfo.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\rundll32.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: WEB.DE Toolbar BHO - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\WEB.DE Toolbar\IE\uitb.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: WEB.DE Toolbar - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE Toolbar\IE\uitb.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe" O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [BambooCore] C:\Program Files\Bamboo Dock\BambooCore.exe O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [NSUFloatingUI] "C:\Program Files\Sony\Network Utility\LANUtil.exe" O4 - HKCU\..\Run: [pamela.exe] "C:\Program Files\Pamela\pamela.exe" O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [Sony Ericsson PC Companion] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /Background O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user') O4 - Startup: Dropbox.lnk = mc\AppData\Roaming\Dropbox\bin\Dropbox.exe O4 - Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Free YouTube Download - C:\Users\mc\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\mc\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: hxxp://194.94.120.105 (HKLM) O15 - Trusted IP range: hxxp://194.94.120.105 O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - hxxp://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - hxxp://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} (CeWe Color AG & Co. OHG Control) - https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} (IPSUploader4 Control) - hxxp://as.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: webde - {8FAF0273-9CA8-4EFC-9536-1E35E254D5CD} - C:\Program Files\WEB.DE Toolbar\IE\uitb.dll O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (file missing) O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe O23 - Service: Avira Planer (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira Echtzeit Scanner (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: NSUService - Sony Corporation - C:\Program Files\Sony\Network Utility\NSUService.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Windows\RtkAudioService.exe O23 - Service: IEConfig 1und1/WEB.DE/GMX Edition (serviceIEConfig) - Unknown owner - C:\Windows\System32\ieconfig_1und1_svc.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHDms.exe O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHDs.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_Tablet.exe O23 - Service: Wacom Consumer Touch Service (TouchServicePen) - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_TouchService.exe O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 17034 bytes |
|
17.06.2012, 19:20
| #11 |
| /// Helfer-Team | Alle Dateien versteckt - Befall mit "trojan.fasagent" und "PUM.Hijack.StartMenu" 1. kannst deinstallieren: Malwarebytes' Anti-Malware 2. ► Empfehlungen/Vorschläge: Beim Hochfahren von Windows werden einige Programme mit gestartet, die sich (mit oder ohne Zustimmung des Users) im Autostart eingetragen haben Je mehr Programme hier aufgeführt sind, umso langsamer startet Windows. Deshalb kann es sinnvoll sein, Software die man nicht unbedingt immer benötigt, aus dem Autostart zu entfernen.- Bei allem Häkchen weg was nicht starten soll. Die Programme bleiben dabei erhalten, falls man braucht, kann jederzeit manuell gestartet werden! Code:
ATTFilter Du solltest nie deaktivieren :
Grafiktreibers
Firewall
Antivirenprogramm
Sound
► Vista u. Win7: "Start -> Alle Programme-> Zubehör-> Ausführen" .. und gibst Du "msconfig" (ohne "") ein ->OK -> Systemstart-> Häckhen weg An deiner Stelle würde ich aus dem Autostart folgende Programme rausnehmen: (Autostart-Einträge, die Du nicht findest, einfach mit HijackThis fixen: Alle Programme, Browser etc schließen→ HijackTis starten→ "Do a system scan only" anklicken→ Eintrag auswählen→ "Fix checked"klicken→ PC neu aufstarten HijackThis erstellt ein Backup, Falls bei "Fixen" etwas schief geht, kann man unter "View the list of backups"- die Objekte wiederherstellen Code:
ATTFilter O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [BambooCore] C:\Program Files\Bamboo Dock\BambooCore.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [pamela.exe] "C:\Program Files\Pamela\pamela.exe"
O4 - HKCU\..\Run: [Sony Ericsson PC Companion] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /Background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
Für die aufgelisteten Programme gelten zusätzlich, dass man nach Aktualisierung (AfterUpdate) erneut unter Start und Dienste nachkontrollieren ggf erneut deaktivieren muss! 3. poste erneut - nach der vorgenommenen Reinigungsaktion: TrendMicro™ HijackThis™ -Logfile - Keine offenen Fenster, solang bis HijackThis läuft!! ► Rechtsklick auf HijackThis-> "Als administrator ausführen" wählen...(Wista und WIN 7) ► eine bemerkbare Besserung eingetreten?
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
18.06.2012, 11:42
| #12 |
| | Alle Dateien versteckt - Befall mit "trojan.fasagent" und "PUM.Hijack.StartMenu" Ich habe einige Programme, die du mir empfohlen hast, manuell aus dem Autostart genommen. Bevor ich allerdings mit HijackThis etwas fixe, möchte ich gerne wissen was ich von dieser Meldung halten soll, die erscheint wenn ich auf "Scan" klicke und die ich angehängt habe. Kann ich die ignorieren oder was ist zu tun? Desweiteren kommt eine "catalyst control centre"-Fehlermeldung, wenn ich den PC neu gestartet habe...habe ich ebenfalls angehängt.  |
|
21.06.2012, 22:26
| #13 |
| | Alle Dateien versteckt - Befall mit "trojan.fasagent" und "PUM.Hijack.StartMenu" Hallo Kira, würde mich freuen wenn du dich [oder auch jemand anderes falls du noch länger verhindert bist] dazu nochmal äußern könntest, damit die Sache (hoffentlich) abgeschlossen werden kann. Vielen Dank und LG |
|
29.06.2012, 04:46
| #14 | |
| /// Helfer-Team | Alle Dateien versteckt - Befall mit "trojan.fasagent" und "PUM.Hijack.StartMenu" sorry, wegen Urlaub konnte ich nicht früher antworten Zitat:
Rechtsklick auf HijackThis-> "als Administrator ausführen" auswählen
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
29.06.2012, 10:37
| #15 |
| | Alle Dateien versteckt - Befall mit "trojan.fasagent" und "PUM.Hijack.StartMenu" Das habe ich mir fast gedacht!  Die Funktion "als Administrator ausführen" ist bei mir leider nicht möglich?! Siehe Anhang. |
|
| Themen zu Alle Dateien versteckt - Befall mit "trojan.fasagent" und "PUM.Hijack.StartMenu" |
| adblock, alternate, avira, benutzerregistrierung, bho, bonjour, browser, canon, computer, desktop, excel, flash player, google, home, hängen, iexplore.exe, install.exe, intranet, limited.com/facebook, logfile, microsoft office word, mp3, myphoneexplorer, nicht sicher, ntdll.dll, office 2007, picasa, plug-in, problem, programm, realtek, scan, searchscopes, security, security scan, sekunden, server, software, tablet, trojaner, vista |
.
Linear-Darstellung
