|
Überwachung, Datenschutz und Spam: Spam über GMX Konto verschicktWindows 7 Fragen zu Verschlüsselung, Spam, Datenschutz & co. sind hier erwünscht. Hier geht es um Abwehr von Keyloggern oder aderen Spionagesoftware wie Spyware und Adware. Themen zum "Trojaner entfernen" oder "Malware Probleme" dürfen hier nur diskutiert werden. Benötigst du Hilfe beim Trojaner entfernen oder weil du dir einen Virus eingefangen hast, erstelle ein Thema in den oberen Bereinigungsforen. |
27.12.2012, 22:43 | #1 |
| Spam über GMX Konto verschickt Hallo! Ich bin neu hier und hab mich wegen einem kleinen Spamproblem hier angemeldet. Ein paar meiner Kontakte haben mir berichtet, dass sie heute Spammails von meinem GMX Konto erhalten haben. Diese scheinen im Ordner Gesendet allerdings nicht auf. Wichtig dabei ist, dass die Mails an meine Kontakte am GMX Server verschickt wurden. Die waren nicht lokal in Outlook gespeichert. Die Nachricht hat keinen Betreff und beinhaltet nur einen einzigen Link ohne irgendwelchen Text: hxxp://blackbodycondress.com/wp-content/themes/copyblogger/newsinfo.php?willing208.php Hab ein wenig im Internet geforscht und rausgefunden, dass sie Seite wohl eher ungefährlich ist und einem nur diese Tropfen andrehen will. Mir ist natürlich klar, dass ich damit kein Einzelfall bin und es das alles schon öfter gab. Allerdings gehts mir jetzt darum, herauszufinden ob ich eher irgendeinen Virus/Trojaner am PC hab oder doch eher mein Konto gehackt wurde. Das Passwort hab ich sicherheitshalber natürlich schon geändert und nebenbei läuft jetzt mal der Virenscanner (Avast). Angeblich kann man solche Dinge ja aus dem Header lesen. Allerdings denke ich mal, dass Profis da doch etwas mehr rauslesen können als ich. Vielen Dank schonmal für eure Hilfe! Header: Von: xxx <xxx@gmx.at> Datum: 27. Dezember 2012 17:48:20 MEZ An: xxx <xxx@bweb.at>, xxx <xxx@gmail.com>, xxx@gmx.at Delivered-To: xxx@gmail.com Received: by 10.220.152.17 with SMTP id e17csp459409vcw; Thu, 27 Dec 2012 08:48:25 -0800 (PST) Received: from mout.gmx.net (mout.gmx.net. [212.227.15.19]) by mx.google.com with ESMTP id bf7si45804309wjb.45.2012.12.27.08.48.22; Thu, 27 Dec 2012 08:48:23 -0800 (PST) Received: from mailout-de.gmx.net ([10.1.76.27]) by mrigmx.server.lan (mrigmx001) with ESMTP (Nemesis) id 0Ly8b5-1T145o3xH3-015XRv for <xxx@gmail.com>; Thu, 27 Dec 2012 17:48:21 +0100 Received: (qmail 12537 invoked by uid 0); 27 Dec 2012 16:48:21 -0000 Received: from 79.114.167.33 by www061.gmx.net with HTTP; Thu, 27 Dec 2012 17:48:20 +0100 (CET) X-Received: by 10.180.87.73 with SMTP id v9mr40499864wiz.26.1356626903728; Thu, 27 Dec 2012 08:48:23 -0800 (PST) Return-Path: <xxx@gmx.at> Received-Spf: pass (google.com: domain of xxx@gmx.at designates 212.227.15.19 as permitted sender) client-ip=212.227.15.19; Authentication-Results: mx.google.com; spf=pass (google.com: domain of xxx@gmx.at designates 212.227.15.19 as permitted sender) smtp.mail=xxx@gmx.at Content-Type: text/plain; charset="utf-8" Message-Id: <20121227164820.96000@gmx.net> Mime-Version: 1.0 X-Authenticated: #35865355 X-Flags: 0001 X-Mailer: WWW-Mail 6100 (Global Message Exchange) X-Priority: 3 X-Provags-Id: V01U2FsdGVkX19bwDNZw2RbNGmQDuD54kEq9lF/lBRY7f1Zj3Wyke h6HRyVKLAYRtA4u5Zjtrskpbh7RRr74R0QYw== Content-Transfer-Encoding: 8bit X-Gmx-Uid: gx6ucOREeSEqSWogSHYhHEB+IGRvb0DD Geändert von Light91 (27.12.2012 um 22:54 Uhr) |
27.12.2012, 23:20 | #2 |
/// Mr. Schatten | Spam über GMX Konto verschickt Ein "gehacktes" Online-Konto widerspräche nicht unbedingt einem Backdoor, Keylogger o.ä.
__________________Schließlich kann man ein Konto auch hacken, in dem man eben zum Beispiel per Keylogger, Backdoor oder wie auch immer die Kontodaten aus deinem Computer abgreift und dann von Rumänien aus benutzt (wobei der rumänische Computer ebenfalls selber "gehackt" sein könnte, ferngesteuert sein könnte - was jetzt für dich und deinen Fall eher belanglos sein dürfte).
__________________ |
28.12.2012, 12:34 | #3 |
| Spam über GMX Konto verschickt Da hast du natürlich recht. Ich hab jetzt mal zur Sicherheit drei verschiedene Malware Scanner drüber laufen lassen (Avast, Trendmicro und McAfee). Kein einziger hat irgendwas gefunden. Kann natürlich auch sein, dass ich mich mal über einen PC an der Uni angemeldet hab.
__________________Wie gesagt, das Passwort ist geändert und die Scanner finden nichts. Darf ich mich soweit wieder sicher fühlen oder sollte ich noch ein paar andere Dinge testen? Und was sagt mir jetzt eigentlich der Mailheader? |
28.12.2012, 14:56 | #4 |
/// Mr. Schatten | Spam über GMX Konto verschickt sicher ist übertrieben, nicht einmal auf den Weltuntergang ist ja verlass. tendenziell würde ich an deiner Stelle auch noch Malwarebytes Anti-Malware einen Vollscan machen lassen und Malwarebytes Anti-Rootkit (wenn nichts gefunden wird, brauchst du selbstverständlich (hier in diesem Bereich!) keine Logfile posten). Du hättest die (fehlgeschlagenen) Logins überprüfen sollen und du solltest jetzt dies auch noch überprüfen bzw. beobachten. Rumänien
__________________ alle Tipps + Hilfen aller Helfer sind ohne Gewähr + Haftung keine Hilfe via PN hier ist ein Forum, jeder kann profitieren/kontrollieren - niemand ist fehlerfrei tendenzielle Beachtung der Rechtschreibregeln erhöht die Wahrscheinlichkeit einer Antwort - |
28.12.2012, 18:26 | #5 |
| Spam über GMX Konto verschickt Zuerst mal: Vielen Dank für die Hilfe bisher! Fehlgeschlagene Logins sind mir zumindest nicht aufgefallen. Auch die Scanner von Malwarebytes haben auf meinem PC nichts gefunden. ABER: Mein Vater hat heute sein Notebook mal wieder auf Viren überprüft und, siehe da, sogar was gefunden. Und ich hab vor ein paar Wochen tatsächlich mal sein Notebook benutzt. Hatte ich schon wieder total vergessen. Leider hat er Trend Micro benutzt und ich kann beim besten Willen keine Logdatei finden. Deswegen poste ich einfach mal einen Screenshot vom Suchergebnis: Hier noch die Beschreibung der Trend Micro Seite: hxxp://about-threats.trendmicro.com/malware.aspx?language=de&name=JAVA_BLACOLE.SMO Trendmicro hat die beiden Dateien gelöscht. Anschließend hab ich das Notebook nochmal mit den von dir vorgeschlagenen Scannern überprüft. Die haben dann nichts mehr gefunden. Allerdings bin ich jetzt etwas unsicher, da in der Beschreibung steht: Wird als eine Komponente eines Malware-/Grayware-/Spyware-Pakets übertragen. Da frag ich mich ob nicht irgendwo auf dem System auch noch das Komplettpaket dazu liegen müsste... |
01.01.2013, 17:22 | #6 |
| Spam über GMX Konto verschickt Als Nachtrag die Logdateien vom OTL Scan. Daemontools wurde mit defogger deaktiviert. OTL.txt Code:
ATTFilter OTL logfile created on: 01.01.2013 16:02:56 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 3,97 Gb Total Physical Memory | 2,11 Gb Available Physical Memory | 53,16% Memory free 7,93 Gb Paging File | 5,81 Gb Available in Paging File | 73,21% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 286,16 Gb Total Space | 126,44 Gb Free Space | 44,19% Space Free | Partition Type: NTFS Computer Name: ***-VAIO | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files (x86)\Opera\opera.exe (Opera Software) PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software) PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.) PRC - C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.) PRC - C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc.) PRC - C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe () PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) PRC - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe (Sony Corporation) PRC - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation) PRC - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation) PRC - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe (Sony Corporation) PRC - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation) PRC - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation) PRC - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation) PRC - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation) PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation) PRC - C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) PRC - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.) ========== Modules (No Company Name) ========== MOD - C:\Programme\TortoiseSVN\bin\libsasl32.dll () ========== Services (SafeList) ========== SRV:64bit: - (postgresql-x64-9.2) -- C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe (PostgreSQL Global Development Group) SRV:64bit: - (yksvc) -- C:\Windows\SysNative\yk62x64.dll (Marvell) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (SQLSERVERAGENT) -- c:\Programme\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE (Microsoft Corporation) SRV - (MSSQLSERVER) -- c:\Programme\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) SRV - (SQLWriter) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) SRV - (VMware NAT Service) -- C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.) SRV - (VMnetDHCP) -- C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.) SRV - (VMAuthdService) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc.) SRV - (VUAgent) -- C:\Programme\Sony\VAIO Update Common\VUAgent.exe (Sony Corporation) SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (VMUSBArbService) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe (VMware, Inc.) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (DirMngr) -- C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe () SRV - (FLEXnet Licensing Service 64) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (VSNService) -- C:\Programme\Sony\VAIO Smart Network\VSNService.exe (Sony Corporation) SRV - (VAIO Event Service) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV - (SOHPlMgr) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe (Sony Corporation) SRV - (SOHDms) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation) SRV - (SOHDs) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation) SRV - (SOHDBSvr) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe (Sony Corporation) SRV - (SOHCImp) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation) SRV - (Vcsw) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation) SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation) SRV - (VzCdbSvc) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation) SRV - (VCFw) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation) SRV - (VAIO Power Management) -- C:\Programme\Sony\VAIO Power Management\SPMService.exe (Sony Corporation) SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (VcmINSMgr) -- C:\Programme\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe (Sony Corporation) SRV - (VcmIAlzMgr) -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation) SRV - (Roxio Upnp Server 10) -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe (Sonic Solutions) SRV - (Roxio UPnP Renderer 10) -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe (Sonic Solutions) SRV - (VcmXmlIfHelper) -- C:\Programme\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe (Sony Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) SRV - (uCamMonitor) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.) ========== Driver Services (SafeList) ========== DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software) DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software) DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software) DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software) DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software) DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation) DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software) DRV:64bit: - (npf) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (RsFx0200) -- C:\Windows\SysNative\drivers\RsFx0200.sys (Microsoft Corporation) DRV:64bit: - (vmx86) -- C:\Windows\SysNative\drivers\vmx86.sys (VMware, Inc.) DRV:64bit: - (vmkbd) -- C:\Windows\SysNative\drivers\VMkbd.sys (VMware, Inc.) DRV:64bit: - (VMnetuserif) -- C:\Windows\SysNative\drivers\vmnetuserif.sys (VMware, Inc.) DRV:64bit: - (VMnetBridge) -- C:\Windows\SysNative\drivers\vmnetbridge.sys (VMware, Inc.) DRV:64bit: - (VMnetAdapter) -- C:\Windows\SysNative\drivers\vmnetadapter.sys (VMware, Inc.) DRV:64bit: - (hcmon) -- C:\Windows\SysNative\drivers\hcmon.sys (VMware, Inc.) DRV:64bit: - (vmusb) -- C:\Windows\SysNative\drivers\vmusb.sys (VMware, Inc.) DRV:64bit: - (vmci) -- C:\Windows\SysNative\drivers\vmci.sys (VMware, Inc.) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.) DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys () DRV:64bit: - (NETw5s64) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation) DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.) DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.) DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.) DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (risdsnpe) -- C:\Windows\SysNative\drivers\risdsne64.sys (REDC) DRV:64bit: - (rimspci) -- C:\Windows\SysNative\drivers\rimssne64.sys (REDC) DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (SFEP) -- C:\Windows\SysNative\drivers\SFEP.sys (Sony Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\NETw5v64.sys (Intel Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (ArcSoftKsUFilter) -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia) DRV:64bit: - (adfs) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SVEA&bmod=EU01 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=SVEA&bmod=EU01 IE - HKCU\..\SearchScopes,DefaultScope = {D9550975-C80C-4962-A18D-AE8F81BC821C} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\..\SearchScopes\{712C74F7-C3F1-40D8-B2AC-C7B887C3EAB7}: "URL" = hxxp://services.zinio.com/search?s={selection}&rf=sonyslices IE - HKCU\..\SearchScopes\{D9550975-C80C-4962-A18D-AE8F81BC821C}: "URL" = hxxp://www.google.de/search?hl=de&q={searchTerms}&rlz=1I7SVEA_deAT358 IE - HKCU\..\SearchScopes\{EE3A1D69-8AB8-4B63-AA29-25931167F3BC}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-16609-0/4?satitle={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.aon.at;<local> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 10.0.0.1:3128 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: colorchecker%40colorcheckerniquelao.net:1.1.02 FF - prefs.js..extensions.enabledAddons: validator%40totalvalidator.com:7.4.0 FF - prefs.js..extensions.enabledAddons: %7Bc45c406e-ab73-11d8-be73-000a95be3b12%7D:1.2.2 FF - prefs.js..extensions.enabledAddons: %7Be968fc70-8f95-4ab9-9e79-304de2a71ee1%7D:0.7.3 FF - prefs.js..extensions.enabledAddons: %7Bea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99%7D:0.3.8.1 FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:7.0.1474 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\ [2011.12.27 15:31:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.11.02 10:33:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.26 21:13:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.26 21:13:14 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.10.28 11:52:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2012.12.28 15:54:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\c05fe9f0.default\extensions [2012.12.28 15:54:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\c05fe9f0.default\extensions\trash [2011.12.01 15:04:44 | 000,080,889 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\c05fe9f0.default\extensions\colorchecker@colorcheckerniquelao.net.xpi [2012.12.28 15:54:43 | 002,151,598 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\c05fe9f0.default\extensions\firebug@software.joehewitt.com.xpi [2012.05.20 16:01:06 | 000,083,408 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\c05fe9f0.default\extensions\validator@totalvalidator.com.xpi [2012.10.03 20:19:19 | 001,268,546 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\c05fe9f0.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2012.10.29 12:26:13 | 000,042,336 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\c05fe9f0.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi [2012.05.20 16:14:02 | 000,041,372 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\c05fe9f0.default\extensions\{ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99}.xpi [2012.12.07 16:26:19 | 002,042,908 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\c05fe9f0.default\extensions\trash\firebug@software.joehewitt.com.xpi [2012.12.26 21:13:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.11.02 10:33:03 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF [2012.12.26 21:13:14 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.10.21 22:06:04 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.10.21 22:06:04 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.10.21 22:06:04 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.10.21 22:06:04 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.10.21 22:06:04 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.10.21 22:06:04 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.07.26 08:08:19 | 000,001,386 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe File not found O4 - HKCU..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe File not found O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Value error.) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 10.10.2) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab (Solitaire Showdown Class) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{281F3844-8182-43BE-AF01-8632CF7475C6}: DhcpNameServer = 10.0.0.138 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.01.01 16:01:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.01.01 15:49:08 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{C9B9F429-4217-4DFE-A178-4B245FC81475} [2012.12.29 10:29:57 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{303C2C32-3E28-48D9-9377-A69921B75CE9} [2012.12.28 15:56:56 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.12.28 15:13:36 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2012.12.28 15:13:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.12.28 15:13:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.12.28 15:13:30 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.12.28 15:13:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.12.28 08:44:35 | 000,016,200 | ---- | C] (McAfee, Inc.) -- C:\Windows\stinger.sys [2012.12.28 08:44:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\stinger [2012.12.28 08:32:47 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{AB33D5A4-CAA5-4276-B65E-D8B16A2ED332} [2012.12.27 22:01:42 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{0C9BF4AF-FC0E-4B4A-B5C2-8EEC05E577D1} [2012.12.27 09:28:33 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{89765780-27D2-4E2A-A4BA-16F7DA2E93AA} [2012.12.26 21:13:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.12.26 20:11:14 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{F9E9FA90-16A0-4302-83C7-EEC1C3BBF6A5} [2012.12.25 12:36:24 | 000,000,000 | ---D | C] -- C:\JavaDriver [2012.12.25 10:33:52 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{33EA076A-2BD6-4632-9F14-753900191C61} [2012.12.24 10:24:19 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{DAA558EA-A706-4AB3-BBC5-A04477C6BB49} [2012.12.23 10:11:28 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{91C7D7A2-EF93-4F21-85DD-E8BD2B8E8BEE} [2012.12.22 09:36:53 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{AF312AD8-6C42-4736-ADE5-CA293C334C1D} [2012.12.21 10:57:50 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{1DE77072-BACB-4624-B6F0-880C76E2ECC4} [2012.12.20 22:57:24 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{F7172A53-2755-4819-A181-B52460282388} [2012.12.19 23:24:28 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{6F9EA7CA-4B18-4195-9DFE-58B5445CBEC0} [2012.12.19 11:23:53 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{E1201A38-BA8B-4CAB-9993-6019837F16E7} [2012.12.18 23:22:46 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{AF5CCBF1-2F1D-4AFE-9951-26C4FA1A1219} [2012.12.18 11:22:02 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{A751656F-2306-41A2-8CD2-0F538FA33C92} [2012.12.17 17:55:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{F55A3E9A-C296-4274-BB28-9B2D0A29E274} [2012.12.14 10:07:07 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{639BE218-4A98-4F8C-A1B1-67C9CE7FC091} [2012.12.13 09:42:07 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{BCDF6FAB-6E0F-4433-9D70-E41A6979332B} [2012.12.12 21:13:14 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{C3A223BD-3AAB-4DE6-AA44-A58ED19DF53A} [2012.12.12 09:12:40 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{6CA5AD2A-AB12-4678-912E-F29CDC5F5228} [2012.12.11 16:46:41 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{D108392F-652F-44DB-8D93-33AFADCA94A0} [2012.12.10 20:40:47 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{706BE1F8-90EE-45F8-A812-3F91ED0C05B8} [2012.12.09 09:51:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{B18C7236-5287-442A-8D16-58DC5C9E92B3} [2012.12.07 08:54:51 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{13DFD510-C070-4DC4-88C2-4259B258A8EB} [2012.12.06 10:31:25 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{C5B835B5-72D5-4168-9725-2A631A2E6209} [2012.12.05 22:29:01 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{FC309650-B85D-4048-A05E-5B4518F9C0A6} [2012.12.05 10:28:32 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{3777B6F6-4315-4E00-B4BA-F661934A43C5} [2012.12.04 20:31:25 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{9134DD93-D34F-454A-B918-AC277C80C653} [2012.12.04 12:01:19 | 000,000,000 | ---D | C] -- C:\Users\***\.VirtualBox [2012.12.04 12:00:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox [2012.12.04 11:59:53 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle [2012.12.04 08:30:53 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{63E363B8-9737-45BD-AD4E-D52BA4C8BED3} [2012.12.03 12:07:01 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{463487C9-E5F4-4970-8194-CA3B04E2E259} [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.01.01 16:05:25 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.01 16:05:25 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.01 16:01:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.01.01 15:57:19 | 000,000,021 | ---- | M] () -- C:\Windows\S.dirmngr [2013.01.01 15:57:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.01 15:56:24 | 3195,297,792 | -HS- | M] () -- C:\hiberfil.sys [2013.01.01 15:55:19 | 000,000,020 | ---- | M] () -- C:\Users\***\defogger_reenable [2013.01.01 15:54:12 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe [2012.12.28 14:41:11 | 008,045,285 | ---- | M] () -- C:\Users\***\AppData\Local\census.cache [2012.12.28 14:26:55 | 000,115,774 | ---- | M] () -- C:\Users\***\AppData\Local\ars.cache [2012.12.28 08:44:35 | 000,016,200 | ---- | M] (McAfee, Inc.) -- C:\Windows\stinger.sys [2012.12.27 17:28:53 | 000,000,600 | ---- | M] () -- C:\Users\***\AppData\Local\PUTTY.RND [2012.12.27 16:52:40 | 1128,267,776 | ---- | M] () -- C:\Users\***\Desktop\htsdebian-disk1.vmdk [2012.12.27 15:53:59 | 000,000,600 | ---- | M] () -- C:\Users\***\AppData\Roaming\winscp.rnd [2012.12.27 10:59:09 | 000,001,053 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.12.22 09:34:17 | 003,093,232 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.12.20 15:52:13 | 001,888,830 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.12.20 15:52:13 | 000,806,606 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.12.20 15:52:13 | 000,742,056 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.12.20 15:52:13 | 000,183,960 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.12.20 15:52:13 | 000,156,660 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.12.04 11:25:02 | 422,028,249 | ---- | M] () -- C:\Users\***\Desktop\Archive.zip [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.01.01 15:57:19 | 000,000,021 | ---- | C] () -- C:\Windows\S.dirmngr [2013.01.01 15:55:19 | 000,000,020 | ---- | C] () -- C:\Users\***\defogger_reenable [2013.01.01 15:54:12 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe [2012.12.28 15:57:57 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2012.12.20 10:44:18 | 1128,267,776 | ---- | C] () -- C:\Users\***\Desktop\htsdebian-disk1.vmdk [2012.12.04 11:46:12 | 422,028,249 | ---- | C] () -- C:\Users\***\Desktop\Archive.zip [2012.11.25 14:48:05 | 000,000,725 | ---- | C] () -- C:\Users\***\AppData\Local\recently-used.xbel [2012.10.10 21:52:16 | 000,000,045 | ---- | C] () -- C:\Users\***\.gitconfig [2012.09.26 20:57:14 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2012.09.26 20:57:14 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2012.09.26 20:57:14 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2012.09.26 20:57:14 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2012.06.14 02:57:26 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll [2012.05.29 20:48:59 | 000,001,897 | ---- | C] () -- C:\Users\***\.TransferManager.db [2012.03.02 14:34:36 | 008,045,285 | ---- | C] () -- C:\Users\***\AppData\Local\census.cache [2012.03.02 14:33:58 | 000,115,774 | ---- | C] () -- C:\Users\***\AppData\Local\ars.cache [2012.02.29 16:31:21 | 000,000,600 | ---- | C] () -- C:\Users\***\AppData\Local\PUTTY.RND [2012.02.28 14:43:44 | 000,000,600 | ---- | C] () -- C:\Users\***\AppData\Roaming\winscp.rnd [2011.10.05 21:08:23 | 001,866,724 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.09.08 10:00:37 | 000,007,606 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg [2010.08.10 11:07:43 | 000,000,036 | ---- | C] () -- C:\Users\***\AppData\Local\housecall.guid.cache [2010.07.28 17:37:52 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.12.17 21:51:20 | 000,000,221 | ---- | C] () -- C:\ProgramData\MusicStation.xml [2009.12.17 21:43:45 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Roaming\wklnhst.dat ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2009.12.25 14:11:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Atari [2012.10.29 11:05:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Claws-mail [2012.09.17 10:23:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite [2011.07.18 13:05:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DisneyInteractiveStudios [2013.01.01 15:59:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox [2012.10.10 13:34:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\enchant [2012.10.29 13:48:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gnupg [2012.10.29 10:40:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0 [2012.11.23 17:05:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IBM [2012.11.22 09:46:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Little Inferno [2011.10.12 09:04:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAXON [2012.09.20 14:55:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\NetBeans [2011.12.27 15:32:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia [2010.03.18 14:42:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org [2011.09.01 08:53:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera [2011.12.27 15:32:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite [2012.12.01 17:01:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\postgresql [2012.09.23 16:17:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Rational [2012.11.13 23:15:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung [2010.04.27 16:16:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SporeCreatureCreator [2010.03.16 08:36:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Subversion [2009.12.17 21:44:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Template [2011.11.30 18:15:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TotalValidatorTool [2011.10.14 16:00:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software [2011.07.18 13:07:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ubisoft [2012.11.25 14:46:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Wireshark ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 01.01.2013 16:02:56 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 3,97 Gb Total Physical Memory | 2,11 Gb Available Physical Memory | 53,16% Memory free 7,93 Gb Paging File | 5,81 Gb Available in Paging File | 73,21% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 286,16 Gb Total Space | 126,44 Gb Free Space | 44,19% Space Free | Partition Type: NTFS Computer Name: ***-VAIO | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. http [open] -- "C:\Program Files (x86)\Opera\opera.exe" (Opera Software) https [open] -- "C:\Program Files (x86)\Opera\opera.exe" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. http [open] -- "C:\Program Files (x86)\Opera\opera.exe" (Opera Software) https [open] -- "C:\Program Files (x86)\Opera\opera.exe" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0D9E6E34-B54C-4CFF-B1B7-38AE1B757871}" = rport=137 | protocol=17 | dir=out | app=system | "{17654F28-C977-481E-BAF0-87D912A6277E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{2231460B-0898-4AF4-9498-C3B2F631FCC1}" = rport=138 | protocol=17 | dir=out | app=system | "{242B8F78-CDCC-4FCD-AA9C-F158339B8216}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{29ACF49F-8EEC-4A29-81A0-7A5463C2623C}" = lport=10243 | protocol=6 | dir=in | app=system | "{32DC8152-2BF0-4E82-AFAD-49357D48DD75}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{4A5B257C-4AF2-416E-8782-990B3B454AB5}" = rport=445 | protocol=6 | dir=out | app=system | "{4E393D1B-0458-4129-88B8-8B6ED6A2CAD7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{4F82A3A2-FDF3-4F73-9AE0-C1159F204C0E}" = lport=445 | protocol=6 | dir=in | app=system | "{631F64B3-3E62-4094-9955-84958B972AF3}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 | "{70364A47-F265-41D7-9F9F-19DB01A6E99B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{72EDB91F-8F34-4969-ACB4-5D9DB00134EA}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{770E11D4-D59E-4F6B-88C7-6EF3D46A3400}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{84D76069-4D54-4908-87E7-B433B0F2B412}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{877320E4-5737-4275-84C8-82385ED8C9F1}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{8D8D25BC-AA00-457D-B3B9-CB6B56E48235}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{8DD0A7DB-F975-4823-9206-D1BAB442A1C8}" = lport=138 | protocol=17 | dir=in | app=system | "{97FFB25D-85F8-4770-BE41-B281421B74A2}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{98CE7685-0050-447A-BB13-3D29C0683D64}" = lport=139 | protocol=6 | dir=in | app=system | "{9A7C83F9-3FCD-4145-8328-F975294442E5}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{A12FC105-751F-4428-BA96-59223DAE3414}" = lport=137 | protocol=17 | dir=in | app=system | "{A8FA3C20-3321-4CBF-AFD2-70ADD4DF61B8}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{ABE0F5A9-EBCB-47D9-9C35-F1F42E35EA2B}" = lport=2869 | protocol=6 | dir=in | app=system | "{B2EA1BC1-9B16-4773-B6BF-E1CC8A3B4E3D}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | "{B6A5B75E-B63B-413A-91FF-1894DBBDD7DF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{B9029103-832D-428A-8BB5-B2A58D22FDC1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{C9A0C11C-6AE1-49D2-936A-0E535A67286A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{CD842334-CCDB-4082-AAD5-FB8CA24A7134}" = rport=139 | protocol=6 | dir=out | app=system | "{D0228C10-566C-46E8-8898-211A98BCE299}" = rport=10243 | protocol=6 | dir=out | app=system | "{D0B30397-BC22-4632-A730-88CA549C2B33}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{DDB4B07A-040F-4FDD-99C8-1E10FB10FE52}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{DF6AD845-4E21-4D7F-8D7F-930DB8D7084A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | "{E1892623-1016-4A67-817D-09B4785F5F83}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{EF4C263C-3DF9-46B4-8A33-F93E752F0DC2}" = lport=2869 | protocol=6 | dir=in | app=system | "{F5453B0B-3B68-46D7-807B-821D84E7A380}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{F9993E3C-599A-4970-A7A7-222C711AA693}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{FBCE5ACF-BFEB-4AA5-B04A-B2A2C87B998B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{FCD6A943-52A6-464E-9FAB-A4685BB218AC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{064669A9-A861-4BD9-8357-655EFB614384}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | "{0CFDC29D-0430-4E74-840B-8AD5DB82DF3D}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | "{0DE95D78-8769-461A-9578-C47769F5FA57}" = protocol=6 | dir=in | app=c:\program files\java\jdk1.7.0_07\bin\java.exe | "{17B4C0E7-BF7F-4761-8633-F0B35DD592A5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{18171265-A4A3-4D0B-BD5F-1A8EF3FE17CD}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | "{18863D3E-2891-40BA-9530-ED1697C8CCFA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{1EBBC886-6616-44E5-AC39-F232D0B31B86}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{22D8A8A8-B9EF-41E7-8248-89D94A45B3A5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{22FE5605-9C73-4B21-AAAF-2D696273FF3B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{2FAF4E1E-908D-472D-B8CA-F113A0445FF1}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\demo\tom clancy's h.a.w.x\hawx.exe | "{33F7F8B0-70A1-4A97-AC5F-AE0B190C31A2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{342AD4DE-7722-4C7F-A26E-E24CF4938713}" = protocol=17 | dir=in | app=c:\program files\java\jdk1.7.0_07\jre\bin\java.exe | "{38B35607-93D2-40B5-84D1-B231C7376BFD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{38CA7048-05D2-4055-BD0B-76A6A9EDE9BF}" = protocol=6 | dir=in | app=c:\users\***\ibm\sdp\jdk\jre\bin\javaw.exe | "{3B94D4F9-3EBB-4E9F-8968-72E1E33EF474}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{3C2FFE4E-52FD-44B6-A76D-E1D7A990392C}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{3D6702AC-6596-406E-9C78-DF6CDDEC5CD9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{52BBADC8-D488-4A44-93C4-53E81DFE13C9}" = protocol=6 | dir=in | app=h:\xampp\apache\bin\httpd.exe | "{53635603-0D5F-4E92-9DE1-A1617B3D9E0B}" = protocol=17 | dir=in | app=c:\program files\netbeans 7.2\bin\netbeans64.exe | "{5578733C-A197-4540-AF01-4702880C9E78}" = protocol=6 | dir=in | app=c:\program files\java\jdk1.7.0_07\jre\bin\java.exe | "{55FB2D80-58C3-4378-9281-BE675010A150}" = protocol=17 | dir=in | app=h:\xampp\apache\bin\httpd.exe | "{57D8E1BD-904A-464D-8997-5B4FE4475727}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{585F1361-025A-4F8F-BA0E-A8722E7F4F06}" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe | "{5911BAC6-8399-4C73-B6C6-032CAC3A9E6E}" = protocol=6 | dir=in | app=c:\program files\netbeans 7.2\bin\netbeans64.exe | "{5FB1EA73-124D-4091-85EA-76BE619A1152}" = dir=in | app=c:\program files (x86)\common files\sony shared\sohlib\sohcimp.exe | "{605FA395-48FC-47FB-828A-6059797F8E3C}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{6CEC6255-6700-4BEC-B863-C7A5F583A98B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{746E08D6-208C-4950-A4A5-BC2F2C257DAC}" = protocol=17 | dir=in | app=c:\program files\java\jdk1.7.0_07\bin\java.exe | "{74FB0D9F-A8CD-4830-A507-3430AC994448}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | "{75E43065-82E7-414F-A264-5D0E162B08ED}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{7C6179E7-3BE3-4C04-A734-89D93209F862}" = protocol=17 | dir=in | app=c:\users\***\ibm\sdp\jdk\jre\bin\javaw.exe | "{7F8A9714-7642-450E-925B-F476CFB4A183}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{852EF1FD-7E84-4C54-9507-68BCD1A51985}" = protocol=6 | dir=out | app=system | "{856C5E47-C96A-4ABA-B179-91984F65649D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{856C82F2-C5B7-40EA-AE38-98B7D6B541EC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{88AD9329-DD0D-4C17-AD1E-3A9EAB297623}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\demo\tom clancy's h.a.w.x\hawx_dx10.exe | "{8D136EC8-0F7A-45C5-9BDF-7144AE96372C}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{913E38B5-0680-4595-9A26-F85D2F312497}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | "{93D52D80-7A2A-4847-B004-87D7AA236BD3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{A9365AB1-B62C-4F9F-89C1-931446A0FA59}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | "{B06075B3-F8CD-4C0B-88CC-83F3A5CED3A5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{B1259281-65BA-4E01-97E5-4B6E17349BD2}" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe | "{B5800214-2698-4316-977C-08B449AD5F76}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\demo\tom clancy's h.a.w.x\hawx.exe | "{BEC1DDE5-285E-4610-8EF6-D844066A7E82}" = dir=in | app=c:\program files (x86)\common files\sony shared\sohlib\sohds.exe | "{C6046E07-A06F-4DE5-A07D-8137E859E58F}" = dir=in | app=c:\program files (x86)\common files\sony shared\sohlib\sohdms.exe | "{C9414FC9-87A4-4041-89D9-DB8156DBD2CB}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe | "{C9C99680-BA4F-4F5E-AA03-0D4ACA13736D}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\demo\tom clancy's h.a.w.x\hawx_dx10.exe | "{D30F97C5-9E25-4B32-8372-43B74CA14E9B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{D7934776-357E-4D8B-AD42-07321AAB5AF7}" = dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe | "{DF9D2522-2DBD-42B0-8A69-2B87F50D68D6}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{E288D159-9A18-4B99-9B69-CA627304431E}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{E2CBAE18-DB28-4A92-9927-6EF4399A4FE8}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | "{E3E9AED3-8D94-4F3E-BA99-4E8AF20CC5D6}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{E4B8C225-6ECC-457D-8864-243097289F2E}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{E5F0074A-8343-4AB1-A428-804A75147DCA}" = dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe | "{E84E1B9E-D2F7-4DF5-9379-5D6A79B46DA4}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | "{ED5B87C8-C30D-49C0-8373-2DF840EEAA47}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{EF90D00D-5729-4CB7-9432-488A6071399E}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe | "{F650C0A1-0B38-41F4-B60B-D5579F0B14C1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{F71DF4AD-67E1-4914-8719-A3F99D6C7A9E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{F925B0BC-0208-4DC8-BAAD-5322348051BD}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{FBB011B5-E47F-487D-892A-093B5FD1424E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "TCP Query User{3301BEA7-4F46-4269-81E0-DF7F262E00AE}C:\program files\java\jdk1.7.0_07\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jdk1.7.0_07\bin\java.exe | "TCP Query User{51B0D354-19C2-478A-848A-319599C79FAE}C:\users\***\ibm\sdp\jdk\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\users\***\ibm\sdp\jdk\jre\bin\javaw.exe | "TCP Query User{56DA2019-FD82-4994-B399-A1DA2428B243}H:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=h:\xampp\apache\bin\httpd.exe | "TCP Query User{7AC95FBC-87F3-4B56-AFD5-115C61B37C2A}C:\program files (x86)\trackmania united\tmunited.exe" = protocol=6 | dir=in | app=c:\program files (x86)\trackmania united\tmunited.exe | "TCP Query User{856ECFF7-8882-4567-8CEB-7FBD359000CB}C:\program files\java\jdk1.7.0_07\jre\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jdk1.7.0_07\jre\bin\java.exe | "TCP Query User{958273A1-13B8-4E09-A3BA-F93805008543}C:\program files\netbeans 7.2\bin\netbeans64.exe" = protocol=6 | dir=in | app=c:\program files\netbeans 7.2\bin\netbeans64.exe | "TCP Query User{9710B6E7-D610-416F-AA11-8D2566B2CAF2}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe | "TCP Query User{AC1D7E2F-F329-4062-8AB4-713D0AA69F36}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe | "TCP Query User{BDAF9002-0EA1-4637-986F-28BAD3D77B69}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "TCP Query User{DBCB627A-5B59-4C1E-9162-62B1B9D9B6F9}C:\udk\udk-2010-06\binaries\win64\udk.exe" = protocol=6 | dir=in | app=c:\udk\udk-2010-06\binaries\win64\udk.exe | "TCP Query User{DCCABE97-26EB-45C4-BE59-5233AFEC558F}C:\users\***\appdata\local\temp\cprogram files (x86)opera\operaupgrader.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\local\temp\cprogram files (x86)opera\operaupgrader.exe | "UDP Query User{3EB21573-6A22-43D3-89C8-B0664FBBC074}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe | "UDP Query User{3F737161-EC72-4695-9046-D73CB2A4DF6B}C:\users\***\appdata\local\temp\cprogram files (x86)opera\operaupgrader.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\local\temp\cprogram files (x86)opera\operaupgrader.exe | "UDP Query User{4D1405F2-156D-4982-AE61-9D439379CDD5}C:\program files\java\jdk1.7.0_07\jre\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jdk1.7.0_07\jre\bin\java.exe | "UDP Query User{57E18B03-BA84-4EBB-A2BB-1AE4739BD1CA}C:\udk\udk-2010-06\binaries\win64\udk.exe" = protocol=17 | dir=in | app=c:\udk\udk-2010-06\binaries\win64\udk.exe | "UDP Query User{581892EF-EE78-4F35-A2EA-0C76508BCB7F}C:\users\***\ibm\sdp\jdk\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\users\***\ibm\sdp\jdk\jre\bin\javaw.exe | "UDP Query User{63BA694B-689E-4767-9D20-CDFE85FE9044}C:\program files\netbeans 7.2\bin\netbeans64.exe" = protocol=17 | dir=in | app=c:\program files\netbeans 7.2\bin\netbeans64.exe | "UDP Query User{70DE3724-27CD-42AC-B4A5-7C6E83AE359B}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{9C3E1F6D-F729-4F6A-A6C2-9D5806C6493C}H:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=h:\xampp\apache\bin\httpd.exe | "UDP Query User{BEDD04C7-D718-4427-93C7-42995C63CE19}C:\program files (x86)\trackmania united\tmunited.exe" = protocol=17 | dir=in | app=c:\program files (x86)\trackmania united\tmunited.exe | "UDP Query User{C588D8C3-765E-4031-8898-FCEB336FFD23}C:\program files\java\jdk1.7.0_07\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jdk1.7.0_07\bin\java.exe | "UDP Query User{FF127051-77B5-4540-80DA-7C15E32C46D9}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{11D25EF7-85FC-4B58-8278-485939C8637F}" = VAIO Update Merge Module x64 "{13C9CD03-A5FE-4F50-AC8A-17B77C38CC52}" = Microsoft SQL Server 2012 Transact-SQL ScriptDom "{18B2A97C-92C3-4AC7-BE72-F823E0BC895B}" = SQL Server 2012 Database Engine Services "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219 "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{202AAF1F-69AA-442A-B59F-6B54B1AD07C6}" = SQL Server 2012 Common Files "{26A24AE4-039D-4CA4-87B4-2F86417010FF}" = Java 7 Update 10 (64-bit) "{26F35006-0545-4F78-90D8-C2FDF0028692}" = SQL Server 2012 Database Engine Services "{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64 "{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64 "{2DF4C5DD-7417-301D-935D-939D3B7B5997}" = Microsoft Help Viewer 1.0 Language Pack - DEU "{2EC53A73-C6E6-4BD2-ACC2-0CD078D5F2CC}" = Microsoft SQL Server 2012-Setup (Deutsch) "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll "{46261E1C-5E0D-484E-8CCC-7F770375FBA2}" = VU5x64 "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{4FF5C7C9-86CC-41ED-B93B-0B51AB4FED24}" = VmciSockets "{53952792-BF16-300E-ADF2-E7E4367E00CF}" = Visual Studio 2010 Prerequisites - English "{53CDFF43-1CE7-444B-AEBE-A5FB7B82511D}" = SQL Server 2012 Common Files "{54FF8FAB-DE27-4187-82F1-EBAE6AEE869A}" = SQL Server 2012 Database Engine Shared "{55FABD1D-8BE6-4A1A-958D-52B15F1DFEF0}" = Microsoft SQL Server 2012 Transact-SQL Compiler Service "{5D762D74-E92F-4E95-9255-D85312617E4D}" = TortoiseSVN 1.7.9.23248 (64 bit) "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{64A3A4F4-B792-11D6-A78A-00B0D0170070}" = Java SE Development Kit 7 Update 7 (64-bit) "{64A5D39C-95CD-4B8B-B2FA-6C713133B57F}" = Microsoft-System-CLR-Typen für SQL Server 2012 (x64) "{6AF73222-EE90-434C-AE7E-B96F70A68D89}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup "{7647B46D-D4E6-43A5-AC9D-0BAA28C63271}" = Microsoft VSS Writer für SQL Server 2012 "{7C3AC18F-F19B-4082-8D13-7D603848E06C}" = VAIO Update Merge Module x64 "{7E587F58-50BE-3557-89F6-14D99CB5FB2A}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 "{867DE0DC-A93F-41EA-9654-A212514FA946}" = Oracle VM VirtualBox 4.2.4 "{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64 "{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4 "{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4 "{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64 "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{8E4BA1E5-54E8-41F0-919B-CD875B83CFCE}" = Microsoft SQL Server 2012 Native Client "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software "{A0F05048-7653-4FCD-9F3A-C740E4052ACE}" = Microsoft SQL Server 2012 RsFx Driver "{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64 "{A7037EB2-F953-4B12-B843-195F4D988DA1}" = SQL Server 2012 Management Studio "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 "{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64 "{AC3539BE-6ACD-3078-B521-0AC2884720F3}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{BCA26999-EC22-3007-BB79-638913079C9A}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU "{BED1EA3D-592D-4305-9D1F-20F03726EFC1}" = Sql Server Customer Experience Improvement Program "{C214301F-F5D7-36D9-B3A2-1467C5586495}" = Microsoft Help Viewer 1.1 Language Pack - DEU "{C3EAE456-7E7A-451F-80EF-F34C7A13C558}" = Microsoft SQL Server Compact 3.5 SP2 x64 DEU "{CCAFF072-4DDB-4846-963D-15F02A8E9472}" = Intel(R) PROSet/Wireless WiFi-Software "{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit) "{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU "{D4DF6EA6-4B7A-42B4-9C56-D8BC7D087F7A}" = SQL Server 2012 Database Engine Shared "{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4 "{E5748D30-7E6D-3A8E-BFE6-C1D02C6DDABB}" = Microsoft Help Viewer 1.1 "{E743BA71-5955-420B-AA52-67508054AD66}" = VAIO Update Merge Module x64 "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{F9FDAEBA-9BFE-4FDD-BDEB-482A3F5316C8}" = SQL Server 2012 Management Studio "72A50F48CC5601190B9C4E74D81161693133E7F7" = Windows-Treiberpaket - Nokia Modem (02/25/2011 7.01.0.9) "CCleaner" = CCleaner "Defraggler" = Defraggler "E0AC723A3DE3A04256288CADBBB011B112AED454" = Windows-Treiberpaket - Nokia Modem (02/25/2011 4.7) "FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) "MAXONB6EC381C" = CINEMA 4D 11.514 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack "Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU "Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1 "Microsoft Help Viewer 1.1 Language Pack - DEU" = Microsoft Help Viewer 1.1 Language Pack - DEU "Microsoft SQL Server 11" = Microsoft SQL Server 2012 (64-Bit) "Microsoft SQL Server SQLServer2012" = Microsoft SQL Server 2012 (64-Bit) "Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) "Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU "nbi-nb-base-7.2.0.0.201207171143" = NetBeans IDE 7.2 "NVIDIA Display Control Panel" = NVIDIA Display Control Panel "NVIDIA Drivers" = NVIDIA Drivers "PostgreSQL 9.2" = PostgreSQL 9.2 "ProInst" = Intel PROSet Wireless "SynTPDeinstKey" = Synaptics Pointing Device Driver "WinRAR archiver" = WinRAR [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU "{01C79EF3-DE84-4B56-B638-8BEA0D507506}" = Microsoft XNA Game Studio 4.0 (XnaLiveProxy) "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4 "{0666E46E-A860-4353-BE6D-13AA72FABB57}" = Microsoft XNA Game Studio Platform Tools "{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}" = VAIO Smart Network "{08C84CC6-E7FD-4B2D-BBF9-B02CC90EE031}" = Microsoft XNA Game Studio 4.0 (Shared Components) "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data "{098727E1-775A-4450-B573-3F441F1CA243}" = kuler "{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4 "{0A5F02E5-1A52-4F85-892C-A35227641C75}" = VAIO Content Metadata Intelligent Analyzing Manager "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4 "{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4 "{0E77269E-DC0F-46DC-946C-8E95CB1455AC}" = Media Gallery "{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4 "{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU "{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo "{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4 "{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB "{1A4C9497-7D4B-466D-8D3A-FE0D925386DC}" = SQL Server-Browser für SQL Server 2012 "{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{2018C019-30D9-4240-8C01-0865C10DCF5A}" = Unterstützung für VAIO-Präsentation "{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = Einstellungen für VAIO-Inhaltsüberwachung "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9 "{2BE51320-174A-44EC-8041-50E35E091283}" = VAIO Content Metadata Intelligent Analyzing Manager "{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0 "{2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x86 "{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4 "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4 "{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU "{3B1168DE-1F8C-471C-AC49-0CA52F096170}" = VAIO Content Metadata Intelligent Network Service Manager "{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4 "{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin "{3F4EB5FE-B5BE-4069-A5A8-6D9262E1B379}" = Microsoft XNA Game Studio 4.0 Documentation "{41313863-5170-4D7E-AD60-3CDF4DEBA81F}" = Nokia PC Suite "{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets "{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4 "{46F8CF66-AB83-38A7-99B2-A5BE507EE472}" = Microsoft Visual C++ 2010 Express - ENU "{48E91AD2-2A80-4E70-98E6-450A189F6048}" = VAIO Movie Story "{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4AA68A73-DB9C-439D-9481-981C82BD008B}" = Nokia Connectivity Cable Driver "{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor "{51CFD8DC-5C66-42ec-9598-72E28FD62ED5}" = MusicStation "{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy Media Creator 10 LJ "{547C9EB4-4CA6-402F-9D1B-8BD30DC71E44}" = VAIO Sample Contents "{57AABF73-E17F-4212-A103-13A9794F0869}" = VAIO Content Metadata XML Interface Library "{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool "{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic "{5973B12E-5FC1-4EF6-B63B-49C1C4AF2AAA}" = Microsoft SQL Server 2008 R2 Management Objects "{59F24743-2EA1-3A45-B8C2-6E0E1E078FA8}" = Microsoft Visual C# 2010 Express - ENU "{5AB7D739-1735-3A9E-BE73-C43507CB4E6F}" = Microsoft Visual Studio 2010 Service Pack 1 "{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update "{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 "{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = VAIO-Support für Übertragungen "{5EE6E987-1B79-4A93-832B-27472C7D1579}" = WPF Toolkit February 2010 (Version 3.5.50211.1) "{5F2D882B-A663-4EB5-9851-48CC6C75FD2D}" = VAIO Content Metadata Intelligent Network Service Manager "{5F5867F0-2D23-4338-A206-01A76C823924}" = VAIO Energie Verwaltung "{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support "{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection "{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4 "{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support "{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content "{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc "{68BD57D3-D606-411E-A7E0-3EB6EA5660F6}" = Microsoft XNA Game Studio 4.0 (Redists) "{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform "{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data "{70991E0A-1108-437E-BA7D-085702C670C0}" = "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center "{7395DD51-0D1A-47A7-9993-742073ECF4CE}" = VAIO Content Metadata Manager Settings "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio "{73BE04D9-BA0E-4BAF-9C9D-677278BDB3DC}" = Microsoft XNA Game Studio 4.0 (ARP entry) "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7A512C74-7780-43A1-93DA-29C23D0DF374}" = VAIO Content Metadata XML Interface Library "{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects 2 "{7E8DE539-B044-48B3-BC76-4F0A089ABE2F}" = VAIO Content Metadata Intelligent Analyzing Manager "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4 "{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4 "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4 "{860E3C5D-BE36-49FE-BCFA-1A09B90D6F49}" = VAIO Content Metadata Manager Settings "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C496FBF-DB4A-468D-A3A1-15E127382218}" = Microsoft XNA Game Studio 4.0 (Visual Studio) "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}" = VAIO Media plus "{8EB8E60B-315D-44EB-A896-10D88602EE46}" = Adobe Setup "{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3 "{9238E8A4-BEBA-43A3-B926-769BDBF194C5}" = VAIO Media plus Opening Movie "{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4 "{931FE23C-BB40-4C7A-A594-DB35908D8E83}" = VAIO Quick Web Access "{949419DF-F4AF-4693-B60A-522B24F233C6}" = VAIO Content Metadata XML Interface Library "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4 "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" = "{987AE03F-234A-3623-BD28-6B31FD1D3AB3}" = Microsoft Visual Studio 2010 Shell (Isolated) - DEU "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D912275-85FD-45F6-9AF3-388A0F8AADB2}" = VAIO Content Metadata Intelligent Network Service Manager "{9E39EA0D-38CD-4739-9E28-DEA4A1155522}" = Sony Home Network Library "{A282A232-780C-45E2-A5E5-9B61D74DCC6E}" = Microsoft SQL Server System CLR Types "{A568DFBD-4A04-484E-86BB-165AA6C53E2B}" = VAIO Content Monitoring Settings "{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Funktion Einstellungen "{A7C30414-2382-4086-B0D6-01A88ABA21C3}" = VAIO Gate "{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch "{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9 "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86 "{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4 "{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4 "{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story "{B29AD377-CC12-490A-A480-1452337C618D}" = Connect "{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4 "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy "{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX "{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module "{C0482AA0-9CDF-49B4-9B39-551FD1A7A7E6}" = VAIO Movie Story 1.5 Upgrade "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4 "{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service "{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw "{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Music Transfer "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{CF0F8D1B-5FB9-468D-BD88-E6239906D2B7}" = Click to Disc "{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack "{D03D02D8-AB64-4785-A48E-5AA8B0FB8C14}" = Sony Home Network Library "{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux "{D2D23D08-D10E-43D6-883C-78E0B2AC9CC6}" = VU5x86 "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility "{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents "{D8AE7D4E-BA8B-4F7B-BF50-8D2F090034F0}" = VAIO Content Metadata Intelligent Analyzing Manager "{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime "{DD88F979-FA58-41AC-980C-A6E1A82B61D9}" = Media Gallery "{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}" = ArcSoft WebCam Companion 3 "{DF95F1EE-9ECA-45C1-B02B-F56DDB8A3E83}" = PC Connectivity Solution "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E452E727-86B8-4233-8CC3-41FD817AFAFF}" = VMware Player "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup "{EA926717-CE5A-4CB4-AB21-9E6E9565A458}" = RCT3 Soaked "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F1432614-6183-49E6-98E8-674485463CFE}" = VAIO Original Function Settings "{F2C6E9F1-8F35-42A0-A9CA-E6C94D92A86C}" = Microsoft Report Viewer 2012-Laufzeit "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4 "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FB77DB0C-6951-47B6-9D80-A0FDBEE0334C}" = "{FBBF5D9C-1989-4933-AE4E-19EE368385B4}" = VAIO Entertainment Platform "{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All "{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe_5aab5a491a3a52ae624fd639f6aaa95" = Adobe After Effects CS4 Third Party Content "Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection "avast" = avast! Free Antivirus "EAX Unified" = EAX Unified "ENTERPRISE" = Microsoft Office Enterprise 2007 "GPG4Win" = Gpg4win (2.1.0) "InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100 "MarketingTools" = VAIO Marketing Tools "MFU Module" = "Microsoft Visual C# 2010 Express - ENU" = Microsoft Visual C# 2010 Express - ENU "Microsoft Visual C++ 2010 Express - ENU" = Microsoft Visual C++ 2010 Express - ENU "Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1 "Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Nmap" = Nmap 6.01 "Nokia PC Suite" = Nokia PC Suite "OpenAL" = OpenAL "Opera 12.12.1707" = Opera 12.12 "splashtop" = VAIO Quick Web Access "SystemRequirementsLab" = System Requirements Lab "VAIO Help and Support" = "VLC media player" = VLC media player 1.0.5 "VMware_Player" = VMware Player "WinLiveSuite" = Windows Live Essentials "WinPcapInst" = WinPcap 4.1.2 "winscp3_is1" = WinSCP 4.3.7 "Wireshark" = Wireshark 1.8.3 (64-bit) "XNA Game Studio 4.0" = Microsoft XNA Game Studio 4.0 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox "MiKTeX 2.8" = MiKTeX 2.8 ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 27.09.2011 11:36:22 | Computer Name = ***-VAIO | Source = VzCdbSvc | ID = 7 Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5}) (Fehlercode = 0x80042019) Error - 28.09.2011 11:01:39 | Computer Name = ***-VAIO | Source = VzCdbSvc | ID = 7 Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5}) (Fehlercode = 0x80042019) Error - 29.09.2011 14:37:35 | Computer Name = ***-VAIO | Source = VzCdbSvc | ID = 7 Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5}) (Fehlercode = 0x80042019) Error - 30.09.2011 03:44:25 | Computer Name = ***-VAIO | Source = VzCdbSvc | ID = 7 Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5}) (Fehlercode = 0x80042019) Error - 30.09.2011 16:05:59 | Computer Name = ***-VAIO | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksdb.exe". Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 30.09.2011 16:05:59 | Computer Name = ***-VAIO | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksCal.exe". Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 30.09.2011 16:05:59 | Computer Name = ***-VAIO | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe". Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 30.09.2011 16:05:59 | Computer Name = ***-VAIO | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe". Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 01.10.2011 04:12:43 | Computer Name = ***-VAIO | Source = VzCdbSvc | ID = 7 Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5}) (Fehlercode = 0x80042019) Error - 02.10.2011 02:52:27 | Computer Name = ***-VAIO | Source = VzCdbSvc | ID = 7 Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5}) (Fehlercode = 0x80042019) [ System Events ] Error - 27.12.2012 17:00:48 | Computer Name = ***-VAIO | Source = Service Control Manager | ID = 7000 Description = Der Dienst "VAIO Power Management" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 28.12.2012 03:31:08 | Computer Name = ***-VAIO | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Roxio Upnp Server 10 erreicht. Error - 28.12.2012 03:44:37 | Computer Name = ***-VAIO | Source = Service Control Manager | ID = 7034 Description = Dienst "VAIO Entertainment Database Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 28.12.2012 09:46:44 | Computer Name = ***-VAIO | Source = VDS Basic Provider | ID = 33554433 Description = Error - 29.12.2012 05:27:42 | Computer Name = ***-VAIO | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Roxio Upnp Server 10 erreicht. Error - 29.12.2012 10:54:44 | Computer Name = ***-VAIO | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Roxio Upnp Server 10 erreicht. Error - 29.12.2012 10:56:20 | Computer Name = ***-VAIO | Source = Service Control Manager | ID = 7024 Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073473535. Error - 29.12.2012 10:56:20 | Computer Name = ***-VAIO | Source = Service Control Manager | ID = 7031 Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts. Error - 01.01.2013 10:48:10 | Computer Name = ***-VAIO | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Roxio Upnp Server 10 erreicht. Error - 01.01.2013 10:57:23 | Computer Name = ***-VAIO | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Roxio Upnp Server 10 erreicht. < End of report > |
Themen zu Spam über GMX Konto verschickt |
avast, gefährlich, gehackt, gesendet, geändert, gmx, hilfe!, internet, java_blacole.smo, kleine, lokal, nemesis, neu, ordner, outlook, passwort, qmail, scan, scanner, seite, server, smtp, spam, verschickt, virenscanner, wichtig |