| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trend Micro findet JAVA_BLACOLE.SMOWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
04.01.2013, 20:47
| #1 |
 |  Trend Micro findet JAVA_BLACOLE.SMO Hallo! Ursprünglich habe ich mich ja hier angemeldet, da über meinen Mail Account Spam verschickt wurde. Details: http://www.trojaner-board.de/128699-...erschickt.html Das Problem scheint sich aber nach einer Änderung des Passworts erledigt zu haben. Da im Zuge dessen aber ein Trojaner am Notebook meines Vaters gefunden wurde, starte ich hiermit einen neuen Thread mit dem Trojaner als Thema. Passt wohl besser in dieses Unterforum. Gefunden wurde der Trojaner bei einem Scan mit Trend Micro Housecall (Avast hat zuvor nichts gefunden). Dummerweise hat Trend Micro die beiden Dateien gelöscht und ich kann beim besten Willen keine Log-Datei finden. Falls mir jemand sagen kann, wo diese gespeichert wird, poste ich sie gerne nachträglich. Allerdings kann ich einen Screenshot vom Scanergebnis anbieten:  Sicherheitshalber hab ich das System danach noch mit Malwarebytes Anti-Malware, Malwarebytes Anti-Rootkit und Eset gescannt. Ohne Ergebnis. Da in der Beschreibung von Trend Micro "Wird als eine Komponente eines Malware-/Grayware-/Spyware-Pakets übertragen." steht, bin ich etwas unsicher, ob sich nicht noch irgendwo die restlichen Komponenten versteckt haben. Hier auch noch die Logs vom OTL Scan. (Daemontools wurde mit defogger deaktiviert.) OTL.txt: Code:
ATTFilter OTL logfile created on: 01.01.2013 16:02:56 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 3,97 Gb Total Physical Memory | 2,11 Gb Available Physical Memory | 53,16% Memory free 7,93 Gb Paging File | 5,81 Gb Available in Paging File | 73,21% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 286,16 Gb Total Space | 126,44 Gb Free Space | 44,19% Space Free | Partition Type: NTFS Computer Name: ***-VAIO | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files (x86)\Opera\opera.exe (Opera Software) PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software) PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.) PRC - C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.) PRC - C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc.) PRC - C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe () PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) PRC - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe (Sony Corporation) PRC - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation) PRC - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation) PRC - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe (Sony Corporation) PRC - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation) PRC - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation) PRC - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation) PRC - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation) PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation) PRC - C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) PRC - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.) ========== Modules (No Company Name) ========== MOD - C:\Programme\TortoiseSVN\bin\libsasl32.dll () ========== Services (SafeList) ========== SRV:64bit: - (postgresql-x64-9.2) -- C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe (PostgreSQL Global Development Group) SRV:64bit: - (yksvc) -- C:\Windows\SysNative\yk62x64.dll (Marvell) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (SQLSERVERAGENT) -- c:\Programme\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE (Microsoft Corporation) SRV - (MSSQLSERVER) -- c:\Programme\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) SRV - (SQLWriter) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) SRV - (VMware NAT Service) -- C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.) SRV - (VMnetDHCP) -- C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.) SRV - (VMAuthdService) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc.) SRV - (VUAgent) -- C:\Programme\Sony\VAIO Update Common\VUAgent.exe (Sony Corporation) SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (VMUSBArbService) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe (VMware, Inc.) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (DirMngr) -- C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe () SRV - (FLEXnet Licensing Service 64) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (VSNService) -- C:\Programme\Sony\VAIO Smart Network\VSNService.exe (Sony Corporation) SRV - (VAIO Event Service) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV - (SOHPlMgr) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe (Sony Corporation) SRV - (SOHDms) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation) SRV - (SOHDs) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation) SRV - (SOHDBSvr) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe (Sony Corporation) SRV - (SOHCImp) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation) SRV - (Vcsw) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation) SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation) SRV - (VzCdbSvc) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation) SRV - (VCFw) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation) SRV - (VAIO Power Management) -- C:\Programme\Sony\VAIO Power Management\SPMService.exe (Sony Corporation) SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (VcmINSMgr) -- C:\Programme\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe (Sony Corporation) SRV - (VcmIAlzMgr) -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation) SRV - (Roxio Upnp Server 10) -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe (Sonic Solutions) SRV - (Roxio UPnP Renderer 10) -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe (Sonic Solutions) SRV - (VcmXmlIfHelper) -- C:\Programme\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe (Sony Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) SRV - (uCamMonitor) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.) ========== Driver Services (SafeList) ========== DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software) DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software) DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software) DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software) DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software) DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation) DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software) DRV:64bit: - (npf) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (RsFx0200) -- C:\Windows\SysNative\drivers\RsFx0200.sys (Microsoft Corporation) DRV:64bit: - (vmx86) -- C:\Windows\SysNative\drivers\vmx86.sys (VMware, Inc.) DRV:64bit: - (vmkbd) -- C:\Windows\SysNative\drivers\VMkbd.sys (VMware, Inc.) DRV:64bit: - (VMnetuserif) -- C:\Windows\SysNative\drivers\vmnetuserif.sys (VMware, Inc.) DRV:64bit: - (VMnetBridge) -- C:\Windows\SysNative\drivers\vmnetbridge.sys (VMware, Inc.) DRV:64bit: - (VMnetAdapter) -- C:\Windows\SysNative\drivers\vmnetadapter.sys (VMware, Inc.) DRV:64bit: - (hcmon) -- C:\Windows\SysNative\drivers\hcmon.sys (VMware, Inc.) DRV:64bit: - (vmusb) -- C:\Windows\SysNative\drivers\vmusb.sys (VMware, Inc.) DRV:64bit: - (vmci) -- C:\Windows\SysNative\drivers\vmci.sys (VMware, Inc.) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.) DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys () DRV:64bit: - (NETw5s64) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation) DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.) DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.) DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.) DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (risdsnpe) -- C:\Windows\SysNative\drivers\risdsne64.sys (REDC) DRV:64bit: - (rimspci) -- C:\Windows\SysNative\drivers\rimssne64.sys (REDC) DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (SFEP) -- C:\Windows\SysNative\drivers\SFEP.sys (Sony Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\NETw5v64.sys (Intel Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (ArcSoftKsUFilter) -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia) DRV:64bit: - (adfs) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SVEA&bmod=EU01 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=SVEA&bmod=EU01 IE - HKCU\..\SearchScopes,DefaultScope = {D9550975-C80C-4962-A18D-AE8F81BC821C} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\..\SearchScopes\{712C74F7-C3F1-40D8-B2AC-C7B887C3EAB7}: "URL" = hxxp://services.zinio.com/search?s={selection}&rf=sonyslices IE - HKCU\..\SearchScopes\{D9550975-C80C-4962-A18D-AE8F81BC821C}: "URL" = hxxp://www.google.de/search?hl=de&q={searchTerms}&rlz=1I7SVEA_deAT358 IE - HKCU\..\SearchScopes\{EE3A1D69-8AB8-4B63-AA29-25931167F3BC}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-16609-0/4?satitle={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.aon.at;<local> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 10.0.0.1:3128 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: colorchecker%40colorcheckerniquelao.net:1.1.02 FF - prefs.js..extensions.enabledAddons: validator%40totalvalidator.com:7.4.0 FF - prefs.js..extensions.enabledAddons: %7Bc45c406e-ab73-11d8-be73-000a95be3b12%7D:1.2.2 FF - prefs.js..extensions.enabledAddons: %7Be968fc70-8f95-4ab9-9e79-304de2a71ee1%7D:0.7.3 FF - prefs.js..extensions.enabledAddons: %7Bea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99%7D:0.3.8.1 FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:7.0.1474 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\ [2011.12.27 15:31:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.11.02 10:33:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.26 21:13:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.26 21:13:14 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.10.28 11:52:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2012.12.28 15:54:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\c05fe9f0.default\extensions [2012.12.28 15:54:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\c05fe9f0.default\extensions\trash [2011.12.01 15:04:44 | 000,080,889 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\c05fe9f0.default\extensions\colorchecker@colorcheckerniquelao.net.xpi [2012.12.28 15:54:43 | 002,151,598 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\c05fe9f0.default\extensions\firebug@software.joehewitt.com.xpi [2012.05.20 16:01:06 | 000,083,408 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\c05fe9f0.default\extensions\validator@totalvalidator.com.xpi [2012.10.03 20:19:19 | 001,268,546 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\c05fe9f0.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2012.10.29 12:26:13 | 000,042,336 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\c05fe9f0.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi [2012.05.20 16:14:02 | 000,041,372 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\c05fe9f0.default\extensions\{ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99}.xpi [2012.12.07 16:26:19 | 002,042,908 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\c05fe9f0.default\extensions\trash\firebug@software.joehewitt.com.xpi [2012.12.26 21:13:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.11.02 10:33:03 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF [2012.12.26 21:13:14 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.10.21 22:06:04 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.10.21 22:06:04 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.10.21 22:06:04 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.10.21 22:06:04 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.10.21 22:06:04 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.10.21 22:06:04 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.07.26 08:08:19 | 000,001,386 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe File not found O4 - HKCU..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe File not found O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Value error.) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 10.10.2) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab (Solitaire Showdown Class) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{281F3844-8182-43BE-AF01-8632CF7475C6}: DhcpNameServer = 10.0.0.138 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.01.01 16:01:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.01.01 15:49:08 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{C9B9F429-4217-4DFE-A178-4B245FC81475} [2012.12.29 10:29:57 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{303C2C32-3E28-48D9-9377-A69921B75CE9} [2012.12.28 15:56:56 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.12.28 15:13:36 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2012.12.28 15:13:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.12.28 15:13:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.12.28 15:13:30 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.12.28 15:13:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.12.28 08:44:35 | 000,016,200 | ---- | C] (McAfee, Inc.) -- C:\Windows\stinger.sys [2012.12.28 08:44:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\stinger [2012.12.28 08:32:47 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{AB33D5A4-CAA5-4276-B65E-D8B16A2ED332} [2012.12.27 22:01:42 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{0C9BF4AF-FC0E-4B4A-B5C2-8EEC05E577D1} [2012.12.27 09:28:33 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{89765780-27D2-4E2A-A4BA-16F7DA2E93AA} [2012.12.26 21:13:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.12.26 20:11:14 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{F9E9FA90-16A0-4302-83C7-EEC1C3BBF6A5} [2012.12.25 12:36:24 | 000,000,000 | ---D | C] -- C:\JavaDriver [2012.12.25 10:33:52 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{33EA076A-2BD6-4632-9F14-753900191C61} [2012.12.24 10:24:19 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{DAA558EA-A706-4AB3-BBC5-A04477C6BB49} [2012.12.23 10:11:28 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{91C7D7A2-EF93-4F21-85DD-E8BD2B8E8BEE} [2012.12.22 09:36:53 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{AF312AD8-6C42-4736-ADE5-CA293C334C1D} [2012.12.21 10:57:50 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{1DE77072-BACB-4624-B6F0-880C76E2ECC4} [2012.12.20 22:57:24 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{F7172A53-2755-4819-A181-B52460282388} [2012.12.19 23:24:28 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{6F9EA7CA-4B18-4195-9DFE-58B5445CBEC0} [2012.12.19 11:23:53 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{E1201A38-BA8B-4CAB-9993-6019837F16E7} [2012.12.18 23:22:46 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{AF5CCBF1-2F1D-4AFE-9951-26C4FA1A1219} [2012.12.18 11:22:02 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{A751656F-2306-41A2-8CD2-0F538FA33C92} [2012.12.17 17:55:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{F55A3E9A-C296-4274-BB28-9B2D0A29E274} [2012.12.14 10:07:07 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{639BE218-4A98-4F8C-A1B1-67C9CE7FC091} [2012.12.13 09:42:07 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{BCDF6FAB-6E0F-4433-9D70-E41A6979332B} [2012.12.12 21:13:14 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{C3A223BD-3AAB-4DE6-AA44-A58ED19DF53A} [2012.12.12 09:12:40 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{6CA5AD2A-AB12-4678-912E-F29CDC5F5228} [2012.12.11 16:46:41 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{D108392F-652F-44DB-8D93-33AFADCA94A0} [2012.12.10 20:40:47 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{706BE1F8-90EE-45F8-A812-3F91ED0C05B8} [2012.12.09 09:51:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{B18C7236-5287-442A-8D16-58DC5C9E92B3} [2012.12.07 08:54:51 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{13DFD510-C070-4DC4-88C2-4259B258A8EB} [2012.12.06 10:31:25 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{C5B835B5-72D5-4168-9725-2A631A2E6209} [2012.12.05 22:29:01 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{FC309650-B85D-4048-A05E-5B4518F9C0A6} [2012.12.05 10:28:32 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{3777B6F6-4315-4E00-B4BA-F661934A43C5} [2012.12.04 20:31:25 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{9134DD93-D34F-454A-B918-AC277C80C653} [2012.12.04 12:01:19 | 000,000,000 | ---D | C] -- C:\Users\***\.VirtualBox [2012.12.04 12:00:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox [2012.12.04 11:59:53 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle [2012.12.04 08:30:53 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{63E363B8-9737-45BD-AD4E-D52BA4C8BED3} [2012.12.03 12:07:01 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{463487C9-E5F4-4970-8194-CA3B04E2E259} [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.01.01 16:05:25 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.01 16:05:25 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.01 16:01:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.01.01 15:57:19 | 000,000,021 | ---- | M] () -- C:\Windows\S.dirmngr [2013.01.01 15:57:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.01 15:56:24 | 3195,297,792 | -HS- | M] () -- C:\hiberfil.sys [2013.01.01 15:55:19 | 000,000,020 | ---- | M] () -- C:\Users\***\defogger_reenable [2013.01.01 15:54:12 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe [2012.12.28 14:41:11 | 008,045,285 | ---- | M] () -- C:\Users\***\AppData\Local\census.cache [2012.12.28 14:26:55 | 000,115,774 | ---- | M] () -- C:\Users\***\AppData\Local\ars.cache [2012.12.28 08:44:35 | 000,016,200 | ---- | M] (McAfee, Inc.) -- C:\Windows\stinger.sys [2012.12.27 17:28:53 | 000,000,600 | ---- | M] () -- C:\Users\***\AppData\Local\PUTTY.RND [2012.12.27 16:52:40 | 1128,267,776 | ---- | M] () -- C:\Users\***\Desktop\htsdebian-disk1.vmdk [2012.12.27 15:53:59 | 000,000,600 | ---- | M] () -- C:\Users\***\AppData\Roaming\winscp.rnd [2012.12.27 10:59:09 | 000,001,053 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.12.22 09:34:17 | 003,093,232 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.12.20 15:52:13 | 001,888,830 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.12.20 15:52:13 | 000,806,606 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.12.20 15:52:13 | 000,742,056 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.12.20 15:52:13 | 000,183,960 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.12.20 15:52:13 | 000,156,660 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.12.04 11:25:02 | 422,028,249 | ---- | M] () -- C:\Users\***\Desktop\Archive.zip [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.01.01 15:57:19 | 000,000,021 | ---- | C] () -- C:\Windows\S.dirmngr [2013.01.01 15:55:19 | 000,000,020 | ---- | C] () -- C:\Users\***\defogger_reenable [2013.01.01 15:54:12 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe [2012.12.28 15:57:57 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2012.12.20 10:44:18 | 1128,267,776 | ---- | C] () -- C:\Users\***\Desktop\htsdebian-disk1.vmdk [2012.12.04 11:46:12 | 422,028,249 | ---- | C] () -- C:\Users\***\Desktop\Archive.zip [2012.11.25 14:48:05 | 000,000,725 | ---- | C] () -- C:\Users\***\AppData\Local\recently-used.xbel [2012.10.10 21:52:16 | 000,000,045 | ---- | C] () -- C:\Users\***\.gitconfig [2012.09.26 20:57:14 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2012.09.26 20:57:14 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2012.09.26 20:57:14 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2012.09.26 20:57:14 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2012.06.14 02:57:26 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll [2012.05.29 20:48:59 | 000,001,897 | ---- | C] () -- C:\Users\***\.TransferManager.db [2012.03.02 14:34:36 | 008,045,285 | ---- | C] () -- C:\Users\***\AppData\Local\census.cache [2012.03.02 14:33:58 | 000,115,774 | ---- | C] () -- C:\Users\***\AppData\Local\ars.cache [2012.02.29 16:31:21 | 000,000,600 | ---- | C] () -- C:\Users\***\AppData\Local\PUTTY.RND [2012.02.28 14:43:44 | 000,000,600 | ---- | C] () -- C:\Users\***\AppData\Roaming\winscp.rnd [2011.10.05 21:08:23 | 001,866,724 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.09.08 10:00:37 | 000,007,606 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg [2010.08.10 11:07:43 | 000,000,036 | ---- | C] () -- C:\Users\***\AppData\Local\housecall.guid.cache [2010.07.28 17:37:52 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.12.17 21:51:20 | 000,000,221 | ---- | C] () -- C:\ProgramData\MusicStation.xml [2009.12.17 21:43:45 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Roaming\wklnhst.dat ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2009.12.25 14:11:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Atari [2012.10.29 11:05:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Claws-mail [2012.09.17 10:23:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite [2011.07.18 13:05:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DisneyInteractiveStudios [2013.01.01 15:59:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox [2012.10.10 13:34:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\enchant [2012.10.29 13:48:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gnupg [2012.10.29 10:40:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0 [2012.11.23 17:05:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IBM [2012.11.22 09:46:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Little Inferno [2011.10.12 09:04:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAXON [2012.09.20 14:55:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\NetBeans [2011.12.27 15:32:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia [2010.03.18 14:42:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org [2011.09.01 08:53:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera [2011.12.27 15:32:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite [2012.12.01 17:01:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\postgresql [2012.09.23 16:17:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Rational [2012.11.13 23:15:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung [2010.04.27 16:16:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SporeCreatureCreator [2010.03.16 08:36:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Subversion [2009.12.17 21:44:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Template [2011.11.30 18:15:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TotalValidatorTool [2011.10.14 16:00:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software [2011.07.18 13:07:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ubisoft [2012.11.25 14:46:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Wireshark ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 01.01.2013 16:02:56 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
3,97 Gb Total Physical Memory | 2,11 Gb Available Physical Memory | 53,16% Memory free
7,93 Gb Paging File | 5,81 Gb Available in Paging File | 73,21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286,16 Gb Total Space | 126,44 Gb Free Space | 44,19% Space Free | Partition Type: NTFS
Computer Name: ***-VAIO | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\opera.exe" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\opera.exe" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\opera.exe" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\opera.exe" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D9E6E34-B54C-4CFF-B1B7-38AE1B757871}" = rport=137 | protocol=17 | dir=out | app=system |
"{17654F28-C977-481E-BAF0-87D912A6277E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2231460B-0898-4AF4-9498-C3B2F631FCC1}" = rport=138 | protocol=17 | dir=out | app=system |
"{242B8F78-CDCC-4FCD-AA9C-F158339B8216}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{29ACF49F-8EEC-4A29-81A0-7A5463C2623C}" = lport=10243 | protocol=6 | dir=in | app=system |
"{32DC8152-2BF0-4E82-AFAD-49357D48DD75}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{4A5B257C-4AF2-416E-8782-990B3B454AB5}" = rport=445 | protocol=6 | dir=out | app=system |
"{4E393D1B-0458-4129-88B8-8B6ED6A2CAD7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4F82A3A2-FDF3-4F73-9AE0-C1159F204C0E}" = lport=445 | protocol=6 | dir=in | app=system |
"{631F64B3-3E62-4094-9955-84958B972AF3}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{70364A47-F265-41D7-9F9F-19DB01A6E99B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{72EDB91F-8F34-4969-ACB4-5D9DB00134EA}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{770E11D4-D59E-4F6B-88C7-6EF3D46A3400}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{84D76069-4D54-4908-87E7-B433B0F2B412}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{877320E4-5737-4275-84C8-82385ED8C9F1}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{8D8D25BC-AA00-457D-B3B9-CB6B56E48235}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{8DD0A7DB-F975-4823-9206-D1BAB442A1C8}" = lport=138 | protocol=17 | dir=in | app=system |
"{97FFB25D-85F8-4770-BE41-B281421B74A2}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{98CE7685-0050-447A-BB13-3D29C0683D64}" = lport=139 | protocol=6 | dir=in | app=system |
"{9A7C83F9-3FCD-4145-8328-F975294442E5}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{A12FC105-751F-4428-BA96-59223DAE3414}" = lport=137 | protocol=17 | dir=in | app=system |
"{A8FA3C20-3321-4CBF-AFD2-70ADD4DF61B8}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{ABE0F5A9-EBCB-47D9-9C35-F1F42E35EA2B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B2EA1BC1-9B16-4773-B6BF-E1CC8A3B4E3D}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{B6A5B75E-B63B-413A-91FF-1894DBBDD7DF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B9029103-832D-428A-8BB5-B2A58D22FDC1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C9A0C11C-6AE1-49D2-936A-0E535A67286A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CD842334-CCDB-4082-AAD5-FB8CA24A7134}" = rport=139 | protocol=6 | dir=out | app=system |
"{D0228C10-566C-46E8-8898-211A98BCE299}" = rport=10243 | protocol=6 | dir=out | app=system |
"{D0B30397-BC22-4632-A730-88CA549C2B33}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DDB4B07A-040F-4FDD-99C8-1E10FB10FE52}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DF6AD845-4E21-4D7F-8D7F-930DB8D7084A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{E1892623-1016-4A67-817D-09B4785F5F83}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{EF4C263C-3DF9-46B4-8A33-F93E752F0DC2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F5453B0B-3B68-46D7-807B-821D84E7A380}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{F9993E3C-599A-4970-A7A7-222C711AA693}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{FBCE5ACF-BFEB-4AA5-B04A-B2A2C87B998B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FCD6A943-52A6-464E-9FAB-A4685BB218AC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{064669A9-A861-4BD9-8357-655EFB614384}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{0CFDC29D-0430-4E74-840B-8AD5DB82DF3D}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{0DE95D78-8769-461A-9578-C47769F5FA57}" = protocol=6 | dir=in | app=c:\program files\java\jdk1.7.0_07\bin\java.exe |
"{17B4C0E7-BF7F-4761-8633-F0B35DD592A5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{18171265-A4A3-4D0B-BD5F-1A8EF3FE17CD}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{18863D3E-2891-40BA-9530-ED1697C8CCFA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1EBBC886-6616-44E5-AC39-F232D0B31B86}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{22D8A8A8-B9EF-41E7-8248-89D94A45B3A5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{22FE5605-9C73-4B21-AAAF-2D696273FF3B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2FAF4E1E-908D-472D-B8CA-F113A0445FF1}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\demo\tom clancy's h.a.w.x\hawx.exe |
"{33F7F8B0-70A1-4A97-AC5F-AE0B190C31A2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{342AD4DE-7722-4C7F-A26E-E24CF4938713}" = protocol=17 | dir=in | app=c:\program files\java\jdk1.7.0_07\jre\bin\java.exe |
"{38B35607-93D2-40B5-84D1-B231C7376BFD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{38CA7048-05D2-4055-BD0B-76A6A9EDE9BF}" = protocol=6 | dir=in | app=c:\users\***\ibm\sdp\jdk\jre\bin\javaw.exe |
"{3B94D4F9-3EBB-4E9F-8968-72E1E33EF474}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3C2FFE4E-52FD-44B6-A76D-E1D7A990392C}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{3D6702AC-6596-406E-9C78-DF6CDDEC5CD9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{52BBADC8-D488-4A44-93C4-53E81DFE13C9}" = protocol=6 | dir=in | app=h:\xampp\apache\bin\httpd.exe |
"{53635603-0D5F-4E92-9DE1-A1617B3D9E0B}" = protocol=17 | dir=in | app=c:\program files\netbeans 7.2\bin\netbeans64.exe |
"{5578733C-A197-4540-AF01-4702880C9E78}" = protocol=6 | dir=in | app=c:\program files\java\jdk1.7.0_07\jre\bin\java.exe |
"{55FB2D80-58C3-4378-9281-BE675010A150}" = protocol=17 | dir=in | app=h:\xampp\apache\bin\httpd.exe |
"{57D8E1BD-904A-464D-8997-5B4FE4475727}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{585F1361-025A-4F8F-BA0E-A8722E7F4F06}" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"{5911BAC6-8399-4C73-B6C6-032CAC3A9E6E}" = protocol=6 | dir=in | app=c:\program files\netbeans 7.2\bin\netbeans64.exe |
"{5FB1EA73-124D-4091-85EA-76BE619A1152}" = dir=in | app=c:\program files (x86)\common files\sony shared\sohlib\sohcimp.exe |
"{605FA395-48FC-47FB-828A-6059797F8E3C}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{6CEC6255-6700-4BEC-B863-C7A5F583A98B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{746E08D6-208C-4950-A4A5-BC2F2C257DAC}" = protocol=17 | dir=in | app=c:\program files\java\jdk1.7.0_07\bin\java.exe |
"{74FB0D9F-A8CD-4830-A507-3430AC994448}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{75E43065-82E7-414F-A264-5D0E162B08ED}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7C6179E7-3BE3-4C04-A734-89D93209F862}" = protocol=17 | dir=in | app=c:\users\***\ibm\sdp\jdk\jre\bin\javaw.exe |
"{7F8A9714-7642-450E-925B-F476CFB4A183}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{852EF1FD-7E84-4C54-9507-68BCD1A51985}" = protocol=6 | dir=out | app=system |
"{856C5E47-C96A-4ABA-B179-91984F65649D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{856C82F2-C5B7-40EA-AE38-98B7D6B541EC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{88AD9329-DD0D-4C17-AD1E-3A9EAB297623}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\demo\tom clancy's h.a.w.x\hawx_dx10.exe |
"{8D136EC8-0F7A-45C5-9BDF-7144AE96372C}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{913E38B5-0680-4595-9A26-F85D2F312497}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{93D52D80-7A2A-4847-B004-87D7AA236BD3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A9365AB1-B62C-4F9F-89C1-931446A0FA59}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{B06075B3-F8CD-4C0B-88CC-83F3A5CED3A5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{B1259281-65BA-4E01-97E5-4B6E17349BD2}" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"{B5800214-2698-4316-977C-08B449AD5F76}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\demo\tom clancy's h.a.w.x\hawx.exe |
"{BEC1DDE5-285E-4610-8EF6-D844066A7E82}" = dir=in | app=c:\program files (x86)\common files\sony shared\sohlib\sohds.exe |
"{C6046E07-A06F-4DE5-A07D-8137E859E58F}" = dir=in | app=c:\program files (x86)\common files\sony shared\sohlib\sohdms.exe |
"{C9414FC9-87A4-4041-89D9-DB8156DBD2CB}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{C9C99680-BA4F-4F5E-AA03-0D4ACA13736D}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\demo\tom clancy's h.a.w.x\hawx_dx10.exe |
"{D30F97C5-9E25-4B32-8372-43B74CA14E9B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{D7934776-357E-4D8B-AD42-07321AAB5AF7}" = dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe |
"{DF9D2522-2DBD-42B0-8A69-2B87F50D68D6}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{E288D159-9A18-4B99-9B69-CA627304431E}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{E2CBAE18-DB28-4A92-9927-6EF4399A4FE8}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{E3E9AED3-8D94-4F3E-BA99-4E8AF20CC5D6}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E4B8C225-6ECC-457D-8864-243097289F2E}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{E5F0074A-8343-4AB1-A428-804A75147DCA}" = dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe |
"{E84E1B9E-D2F7-4DF5-9379-5D6A79B46DA4}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{ED5B87C8-C30D-49C0-8373-2DF840EEAA47}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{EF90D00D-5729-4CB7-9432-488A6071399E}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{F650C0A1-0B38-41F4-B60B-D5579F0B14C1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F71DF4AD-67E1-4914-8719-A3F99D6C7A9E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F925B0BC-0208-4DC8-BAAD-5322348051BD}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{FBB011B5-E47F-487D-892A-093B5FD1424E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"TCP Query User{3301BEA7-4F46-4269-81E0-DF7F262E00AE}C:\program files\java\jdk1.7.0_07\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jdk1.7.0_07\bin\java.exe |
"TCP Query User{51B0D354-19C2-478A-848A-319599C79FAE}C:\users\***\ibm\sdp\jdk\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\users\***\ibm\sdp\jdk\jre\bin\javaw.exe |
"TCP Query User{56DA2019-FD82-4994-B399-A1DA2428B243}H:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=h:\xampp\apache\bin\httpd.exe |
"TCP Query User{7AC95FBC-87F3-4B56-AFD5-115C61B37C2A}C:\program files (x86)\trackmania united\tmunited.exe" = protocol=6 | dir=in | app=c:\program files (x86)\trackmania united\tmunited.exe |
"TCP Query User{856ECFF7-8882-4567-8CEB-7FBD359000CB}C:\program files\java\jdk1.7.0_07\jre\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jdk1.7.0_07\jre\bin\java.exe |
"TCP Query User{958273A1-13B8-4E09-A3BA-F93805008543}C:\program files\netbeans 7.2\bin\netbeans64.exe" = protocol=6 | dir=in | app=c:\program files\netbeans 7.2\bin\netbeans64.exe |
"TCP Query User{9710B6E7-D610-416F-AA11-8D2566B2CAF2}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"TCP Query User{AC1D7E2F-F329-4062-8AB4-713D0AA69F36}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"TCP Query User{BDAF9002-0EA1-4637-986F-28BAD3D77B69}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{DBCB627A-5B59-4C1E-9162-62B1B9D9B6F9}C:\udk\udk-2010-06\binaries\win64\udk.exe" = protocol=6 | dir=in | app=c:\udk\udk-2010-06\binaries\win64\udk.exe |
"TCP Query User{DCCABE97-26EB-45C4-BE59-5233AFEC558F}C:\users\***\appdata\local\temp\cprogram files (x86)opera\operaupgrader.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\local\temp\cprogram files (x86)opera\operaupgrader.exe |
"UDP Query User{3EB21573-6A22-43D3-89C8-B0664FBBC074}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"UDP Query User{3F737161-EC72-4695-9046-D73CB2A4DF6B}C:\users\***\appdata\local\temp\cprogram files (x86)opera\operaupgrader.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\local\temp\cprogram files (x86)opera\operaupgrader.exe |
"UDP Query User{4D1405F2-156D-4982-AE61-9D439379CDD5}C:\program files\java\jdk1.7.0_07\jre\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jdk1.7.0_07\jre\bin\java.exe |
"UDP Query User{57E18B03-BA84-4EBB-A2BB-1AE4739BD1CA}C:\udk\udk-2010-06\binaries\win64\udk.exe" = protocol=17 | dir=in | app=c:\udk\udk-2010-06\binaries\win64\udk.exe |
"UDP Query User{581892EF-EE78-4F35-A2EA-0C76508BCB7F}C:\users\***\ibm\sdp\jdk\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\users\***\ibm\sdp\jdk\jre\bin\javaw.exe |
"UDP Query User{63BA694B-689E-4767-9D20-CDFE85FE9044}C:\program files\netbeans 7.2\bin\netbeans64.exe" = protocol=17 | dir=in | app=c:\program files\netbeans 7.2\bin\netbeans64.exe |
"UDP Query User{70DE3724-27CD-42AC-B4A5-7C6E83AE359B}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{9C3E1F6D-F729-4F6A-A6C2-9D5806C6493C}H:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=h:\xampp\apache\bin\httpd.exe |
"UDP Query User{BEDD04C7-D718-4427-93C7-42995C63CE19}C:\program files (x86)\trackmania united\tmunited.exe" = protocol=17 | dir=in | app=c:\program files (x86)\trackmania united\tmunited.exe |
"UDP Query User{C588D8C3-765E-4031-8898-FCEB336FFD23}C:\program files\java\jdk1.7.0_07\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jdk1.7.0_07\bin\java.exe |
"UDP Query User{FF127051-77B5-4540-80DA-7C15E32C46D9}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{11D25EF7-85FC-4B58-8278-485939C8637F}" = VAIO Update Merge Module x64
"{13C9CD03-A5FE-4F50-AC8A-17B77C38CC52}" = Microsoft SQL Server 2012 Transact-SQL ScriptDom
"{18B2A97C-92C3-4AC7-BE72-F823E0BC895B}" = SQL Server 2012 Database Engine Services
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{202AAF1F-69AA-442A-B59F-6B54B1AD07C6}" = SQL Server 2012 Common Files
"{26A24AE4-039D-4CA4-87B4-2F86417010FF}" = Java 7 Update 10 (64-bit)
"{26F35006-0545-4F78-90D8-C2FDF0028692}" = SQL Server 2012 Database Engine Services
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{2DF4C5DD-7417-301D-935D-939D3B7B5997}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{2EC53A73-C6E6-4BD2-ACC2-0CD078D5F2CC}" = Microsoft SQL Server 2012-Setup (Deutsch)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{46261E1C-5E0D-484E-8CCC-7F770375FBA2}" = VU5x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4FF5C7C9-86CC-41ED-B93B-0B51AB4FED24}" = VmciSockets
"{53952792-BF16-300E-ADF2-E7E4367E00CF}" = Visual Studio 2010 Prerequisites - English
"{53CDFF43-1CE7-444B-AEBE-A5FB7B82511D}" = SQL Server 2012 Common Files
"{54FF8FAB-DE27-4187-82F1-EBAE6AEE869A}" = SQL Server 2012 Database Engine Shared
"{55FABD1D-8BE6-4A1A-958D-52B15F1DFEF0}" = Microsoft SQL Server 2012 Transact-SQL Compiler Service
"{5D762D74-E92F-4E95-9255-D85312617E4D}" = TortoiseSVN 1.7.9.23248 (64 bit)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0170070}" = Java SE Development Kit 7 Update 7 (64-bit)
"{64A5D39C-95CD-4B8B-B2FA-6C713133B57F}" = Microsoft-System-CLR-Typen für SQL Server 2012 (x64)
"{6AF73222-EE90-434C-AE7E-B96F70A68D89}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup
"{7647B46D-D4E6-43A5-AC9D-0BAA28C63271}" = Microsoft VSS Writer für SQL Server 2012
"{7C3AC18F-F19B-4082-8D13-7D603848E06C}" = VAIO Update Merge Module x64
"{7E587F58-50BE-3557-89F6-14D99CB5FB2A}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{867DE0DC-A93F-41EA-9654-A212514FA946}" = Oracle VM VirtualBox 4.2.4
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8E4BA1E5-54E8-41F0-919B-CD875B83CFCE}" = Microsoft SQL Server 2012 Native Client
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{A0F05048-7653-4FCD-9F3A-C740E4052ACE}" = Microsoft SQL Server 2012 RsFx Driver
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{A7037EB2-F953-4B12-B843-195F4D988DA1}" = SQL Server 2012 Management Studio
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{AC3539BE-6ACD-3078-B521-0AC2884720F3}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BCA26999-EC22-3007-BB79-638913079C9A}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
"{BED1EA3D-592D-4305-9D1F-20F03726EFC1}" = Sql Server Customer Experience Improvement Program
"{C214301F-F5D7-36D9-B3A2-1467C5586495}" = Microsoft Help Viewer 1.1 Language Pack - DEU
"{C3EAE456-7E7A-451F-80EF-F34C7A13C558}" = Microsoft SQL Server Compact 3.5 SP2 x64 DEU
"{CCAFF072-4DDB-4846-963D-15F02A8E9472}" = Intel(R) PROSet/Wireless WiFi-Software
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{D4DF6EA6-4B7A-42B4-9C56-D8BC7D087F7A}" = SQL Server 2012 Database Engine Shared
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{E5748D30-7E6D-3A8E-BFE6-C1D02C6DDABB}" = Microsoft Help Viewer 1.1
"{E743BA71-5955-420B-AA52-67508054AD66}" = VAIO Update Merge Module x64
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F9FDAEBA-9BFE-4FDD-BDEB-482A3F5316C8}" = SQL Server 2012 Management Studio
"72A50F48CC5601190B9C4E74D81161693133E7F7" = Windows-Treiberpaket - Nokia Modem (02/25/2011 7.01.0.9)
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"E0AC723A3DE3A04256288CADBBB011B112AED454" = Windows-Treiberpaket - Nokia Modem (02/25/2011 4.7)
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"MAXONB6EC381C" = CINEMA 4D 11.514
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1
"Microsoft Help Viewer 1.1 Language Pack - DEU" = Microsoft Help Viewer 1.1 Language Pack - DEU
"Microsoft SQL Server 11" = Microsoft SQL Server 2012 (64-Bit)
"Microsoft SQL Server SQLServer2012" = Microsoft SQL Server 2012 (64-Bit)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU
"nbi-nb-base-7.2.0.0.201207171143" = NetBeans IDE 7.2
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"PostgreSQL 9.2" = PostgreSQL 9.2
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{01C79EF3-DE84-4B56-B638-8BEA0D507506}" = Microsoft XNA Game Studio 4.0 (XnaLiveProxy)
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{0666E46E-A860-4353-BE6D-13AA72FABB57}" = Microsoft XNA Game Studio Platform Tools
"{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}" = VAIO Smart Network
"{08C84CC6-E7FD-4B2D-BBF9-B02CC90EE031}" = Microsoft XNA Game Studio 4.0 (Shared Components)
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0A5F02E5-1A52-4F85-892C-A35227641C75}" = VAIO Content Metadata Intelligent Analyzing Manager
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0E77269E-DC0F-46DC-946C-8E95CB1455AC}" = Media Gallery
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1A4C9497-7D4B-466D-8D3A-FE0D925386DC}" = SQL Server-Browser für SQL Server 2012
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2018C019-30D9-4240-8C01-0865C10DCF5A}" = Unterstützung für VAIO-Präsentation
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = Einstellungen für VAIO-Inhaltsüberwachung
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{2BE51320-174A-44EC-8041-50E35E091283}" = VAIO Content Metadata Intelligent Analyzing Manager
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x86
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3B1168DE-1F8C-471C-AC49-0CA52F096170}" = VAIO Content Metadata Intelligent Network Service Manager
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3F4EB5FE-B5BE-4069-A5A8-6D9262E1B379}" = Microsoft XNA Game Studio 4.0 Documentation
"{41313863-5170-4D7E-AD60-3CDF4DEBA81F}" = Nokia PC Suite
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{46F8CF66-AB83-38A7-99B2-A5BE507EE472}" = Microsoft Visual C++ 2010 Express - ENU
"{48E91AD2-2A80-4E70-98E6-450A189F6048}" = VAIO Movie Story
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA68A73-DB9C-439D-9481-981C82BD008B}" = Nokia Connectivity Cable Driver
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"{51CFD8DC-5C66-42ec-9598-72E28FD62ED5}" = MusicStation
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy Media Creator 10 LJ
"{547C9EB4-4CA6-402F-9D1B-8BD30DC71E44}" = VAIO Sample Contents
"{57AABF73-E17F-4212-A103-13A9794F0869}" = VAIO Content Metadata XML Interface Library
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic
"{5973B12E-5FC1-4EF6-B63B-49C1C4AF2AAA}" = Microsoft SQL Server 2008 R2 Management Objects
"{59F24743-2EA1-3A45-B8C2-6E0E1E078FA8}" = Microsoft Visual C# 2010 Express - ENU
"{5AB7D739-1735-3A9E-BE73-C43507CB4E6F}" = Microsoft Visual Studio 2010 Service Pack 1
"{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update
"{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
"{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = VAIO-Support für Übertragungen
"{5EE6E987-1B79-4A93-832B-27472C7D1579}" = WPF Toolkit February 2010 (Version 3.5.50211.1)
"{5F2D882B-A663-4EB5-9851-48CC6C75FD2D}" = VAIO Content Metadata Intelligent Network Service Manager
"{5F5867F0-2D23-4338-A206-01A76C823924}" = VAIO Energie Verwaltung
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc
"{68BD57D3-D606-411E-A7E0-3EB6EA5660F6}" = Microsoft XNA Game Studio 4.0 (Redists)
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{70991E0A-1108-437E-BA7D-085702C670C0}" =
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{7395DD51-0D1A-47A7-9993-742073ECF4CE}" = VAIO Content Metadata Manager Settings
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{73BE04D9-BA0E-4BAF-9C9D-677278BDB3DC}" = Microsoft XNA Game Studio 4.0 (ARP entry)
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A512C74-7780-43A1-93DA-29C23D0DF374}" = VAIO Content Metadata XML Interface Library
"{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects 2
"{7E8DE539-B044-48B3-BC76-4F0A089ABE2F}" = VAIO Content Metadata Intelligent Analyzing Manager
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{860E3C5D-BE36-49FE-BCFA-1A09B90D6F49}" = VAIO Content Metadata Manager Settings
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C496FBF-DB4A-468D-A3A1-15E127382218}" = Microsoft XNA Game Studio 4.0 (Visual Studio)
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}" = VAIO Media plus
"{8EB8E60B-315D-44EB-A896-10D88602EE46}" = Adobe Setup
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3
"{9238E8A4-BEBA-43A3-B926-769BDBF194C5}" = VAIO Media plus Opening Movie
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{931FE23C-BB40-4C7A-A594-DB35908D8E83}" = VAIO Quick Web Access
"{949419DF-F4AF-4693-B60A-522B24F233C6}" = VAIO Content Metadata XML Interface Library
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" =
"{987AE03F-234A-3623-BD28-6B31FD1D3AB3}" = Microsoft Visual Studio 2010 Shell (Isolated) - DEU
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D912275-85FD-45F6-9AF3-388A0F8AADB2}" = VAIO Content Metadata Intelligent Network Service Manager
"{9E39EA0D-38CD-4739-9E28-DEA4A1155522}" = Sony Home Network Library
"{A282A232-780C-45E2-A5E5-9B61D74DCC6E}" = Microsoft SQL Server System CLR Types
"{A568DFBD-4A04-484E-86BB-165AA6C53E2B}" = VAIO Content Monitoring Settings
"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Funktion Einstellungen
"{A7C30414-2382-4086-B0D6-01A88ABA21C3}" = VAIO Gate
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C0482AA0-9CDF-49B4-9B39-551FD1A7A7E6}" = VAIO Movie Story 1.5 Upgrade
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Music Transfer
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF0F8D1B-5FB9-468D-BD88-E6239906D2B7}" = Click to Disc
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D03D02D8-AB64-4785-A48E-5AA8B0FB8C14}" = Sony Home Network Library
"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
"{D2D23D08-D10E-43D6-883C-78E0B2AC9CC6}" = VU5x86
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{D8AE7D4E-BA8B-4F7B-BF50-8D2F090034F0}" = VAIO Content Metadata Intelligent Analyzing Manager
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{DD88F979-FA58-41AC-980C-A6E1A82B61D9}" = Media Gallery
"{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}" = ArcSoft WebCam Companion 3
"{DF95F1EE-9ECA-45C1-B02B-F56DDB8A3E83}" = PC Connectivity Solution
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E452E727-86B8-4233-8CC3-41FD817AFAFF}" = VMware Player
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{EA926717-CE5A-4CB4-AB21-9E6E9565A458}" = RCT3 Soaked
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1432614-6183-49E6-98E8-674485463CFE}" = VAIO Original Function Settings
"{F2C6E9F1-8F35-42A0-A9CA-E6C94D92A86C}" = Microsoft Report Viewer 2012-Laufzeit
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FB77DB0C-6951-47B6-9D80-A0FDBEE0334C}" =
"{FBBF5D9C-1989-4933-AE4E-19EE368385B4}" = VAIO Entertainment Platform
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_5aab5a491a3a52ae624fd639f6aaa95" = Adobe After Effects CS4 Third Party Content
"Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
"avast" = avast! Free Antivirus
"EAX Unified" = EAX Unified
"ENTERPRISE" = Microsoft Office Enterprise 2007
"GPG4Win" = Gpg4win (2.1.0)
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"MarketingTools" = VAIO Marketing Tools
"MFU Module" =
"Microsoft Visual C# 2010 Express - ENU" = Microsoft Visual C# 2010 Express - ENU
"Microsoft Visual C++ 2010 Express - ENU" = Microsoft Visual C++ 2010 Express - ENU
"Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nmap" = Nmap 6.01
"Nokia PC Suite" = Nokia PC Suite
"OpenAL" = OpenAL
"Opera 12.12.1707" = Opera 12.12
"splashtop" = VAIO Quick Web Access
"SystemRequirementsLab" = System Requirements Lab
"VAIO Help and Support" =
"VLC media player" = VLC media player 1.0.5
"VMware_Player" = VMware Player
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"winscp3_is1" = WinSCP 4.3.7
"Wireshark" = Wireshark 1.8.3 (64-bit)
"XNA Game Studio 4.0" = Microsoft XNA Game Studio 4.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"MiKTeX 2.8" = MiKTeX 2.8
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 27.09.2011 11:36:22 | Computer Name = ***-VAIO | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
(Fehlercode = 0x80042019)
Error - 28.09.2011 11:01:39 | Computer Name = ***-VAIO | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
(Fehlercode = 0x80042019)
Error - 29.09.2011 14:37:35 | Computer Name = ***-VAIO | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
(Fehlercode = 0x80042019)
Error - 30.09.2011 03:44:25 | Computer Name = ***-VAIO | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
(Fehlercode = 0x80042019)
Error - 30.09.2011 16:05:59 | Computer Name = ***-VAIO | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksdb.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 30.09.2011 16:05:59 | Computer Name = ***-VAIO | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksCal.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 30.09.2011 16:05:59 | Computer Name = ***-VAIO | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 30.09.2011 16:05:59 | Computer Name = ***-VAIO | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 01.10.2011 04:12:43 | Computer Name = ***-VAIO | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
(Fehlercode = 0x80042019)
Error - 02.10.2011 02:52:27 | Computer Name = ***-VAIO | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
(Fehlercode = 0x80042019)
[ System Events ]
Error - 27.12.2012 17:00:48 | Computer Name = ***-VAIO | Source = Service Control Manager | ID = 7000
Description = Der Dienst "VAIO Power Management" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 28.12.2012 03:31:08 | Computer Name = ***-VAIO | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Roxio Upnp Server 10 erreicht.
Error - 28.12.2012 03:44:37 | Computer Name = ***-VAIO | Source = Service Control Manager | ID = 7034
Description = Dienst "VAIO Entertainment Database Service" wurde unerwartet beendet.
Dies ist bereits 1 Mal passiert.
Error - 28.12.2012 09:46:44 | Computer Name = ***-VAIO | Source = VDS Basic Provider | ID = 33554433
Description =
Error - 29.12.2012 05:27:42 | Computer Name = ***-VAIO | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Roxio Upnp Server 10 erreicht.
Error - 29.12.2012 10:54:44 | Computer Name = ***-VAIO | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Roxio Upnp Server 10 erreicht.
Error - 29.12.2012 10:56:20 | Computer Name = ***-VAIO | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-1073473535.
Error - 29.12.2012 10:56:20 | Computer Name = ***-VAIO | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
Neustart des Diensts.
Error - 01.01.2013 10:48:10 | Computer Name = ***-VAIO | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Roxio Upnp Server 10 erreicht.
Error - 01.01.2013 10:57:23 | Computer Name = ***-VAIO | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Roxio Upnp Server 10 erreicht.
< End of report >
|
|
04.01.2013, 22:05
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Trend Micro findet JAVA_BLACOLE.SMO Hallo und
__________________ Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. 1. aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button. 2. TDSS-Killer Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ |
|
05.01.2013, 10:20
| #3 |
| | Trend Micro findet JAVA_BLACOLE.SMO Auftrag ausgeführt!
__________________Bevor ich zu den Ergebnissen komme, allerdings ein kurzer Einschub meinerseits. Als ich den Laptop gestartet und mit dem Internet verbunden habe, hat sich Sony Vaio Update mal wieder ungefragt ein Update installiert. Normalerweise nichts Besonderes, ist dieses Mal Avast angesprungen und hat folgendes gemeldet: SVC: VUAgent > C:\Program Files\Sony\VAIO Update | Rootkit: Versteckter Dienst Könnte natürlich auch ein False Positive sein, aber es ist das erste Mal, dass mir Avast sowas meldet. Ich hab mal auf ignorieren geklickt, da ich lieber mal euch Profis danach frage. Jetzt aber zu den eigentlichen Logfiles. Wie du schon voraus gesagt hast, ist aswMBR abgestürzt und ich habs mit AV scan: none neu gestartet. Dann lief es bis zum Ende. aswMBR.txt: Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-05 09:34:11
-----------------------------
09:34:11.725 OS Version: Windows x64 6.1.7601 Service Pack 1
09:34:11.725 Number of processors: 2 586 0x170A
09:34:11.725 ComputerName: ***-VAIO UserName: ***
09:34:12.898 Initialize success
09:34:12.960 AVAST engine defs: 13010401
09:34:39.647 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
09:34:39.647 Disk 0 Vendor: ST932032 0004 Size: 305245MB BusType: 3
09:34:39.647 Disk 1 \Device\Harddisk1\DR1 -> \Device\0000008f
09:34:39.663 Disk 1 Vendor: RICOH 02 Size: 305245MB BusType: 0
09:34:39.663 Disk 2 \Device\Harddisk2\DR2 -> \Device\00000090
09:34:39.678 Disk 2 Vendor: RICOH 02 Size: 305245MB BusType: 0
09:34:39.741 Disk 0 MBR read successfully
09:34:39.756 Disk 0 MBR scan
09:34:39.756 Disk 0 Windows 7 default MBR code
09:34:39.787 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 12112 MB offset 2048
09:34:39.803 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 24807424
09:34:39.819 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 293031 MB offset 25012224
09:34:39.850 Disk 0 scanning C:\Windows\system32\drivers
09:34:53.887 Service scanning
09:35:20.414 Modules scanning
09:35:20.432 Disk 0 trace - called modules:
09:35:20.448 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
09:35:20.464 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80057ad420]
09:35:20.479 3 CLASSPNP.SYS[fffff88000fcb43f] -> nt!IofCallDriver -> [0xfffffa800479ae40]
09:35:20.495 5 ACPI.sys[fffff88000eec7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004799050]
09:35:20.495 Scan finished successfully
09:47:23.682 Disk 0 MBR has been saved successfully to "C:\Users\***\Desktop\MBR.dat"
09:47:23.697 The log file has been saved successfully to "C:\Users\***\Desktop\aswMBR.txt"
TDSS-Killer Log: Code:
ATTFilter 09:53:11.0827 4848 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
09:53:12.0029 4848 ============================================================
09:53:12.0029 4848 Current date / time: 2013/01/05 09:53:12.0029
09:53:12.0029 4848 SystemInfo:
09:53:12.0029 4848
09:53:12.0029 4848 OS Version: 6.1.7601 ServicePack: 1.0
09:53:12.0029 4848 Product type: Workstation
09:53:12.0029 4848 ComputerName: ***-VAIO
09:53:12.0029 4848 UserName: ***
09:53:12.0029 4848 Windows directory: C:\Windows
09:53:12.0029 4848 System windows directory: C:\Windows
09:53:12.0029 4848 Running under WOW64
09:53:12.0029 4848 Processor architecture: Intel x64
09:53:12.0029 4848 Number of processors: 2
09:53:12.0029 4848 Page size: 0x1000
09:53:12.0029 4848 Boot type: Normal boot
09:53:12.0029 4848 ============================================================
09:53:12.0435 4848 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:53:12.0435 4848 ============================================================
09:53:12.0435 4848 \Device\Harddisk0\DR0:
09:53:12.0435 4848 MBR partitions:
09:53:12.0435 4848 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x17A8800, BlocksNum 0x32000
09:53:12.0435 4848 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x17DA800, BlocksNum 0x23C53AB0
09:53:12.0435 4848 ============================================================
09:53:12.0466 4848 C: <-> \Device\Harddisk0\DR0\Partition2
09:53:12.0466 4848 ============================================================
09:53:12.0466 4848 Initialize success
09:53:12.0466 4848 ============================================================
09:55:41.0941 5492 ============================================================
09:55:41.0941 5492 Scan started
09:55:41.0941 5492 Mode: Manual; SigCheck; TDLFS;
09:55:41.0941 5492 ============================================================
09:55:42.0300 5492 ================ Scan system memory ========================
09:55:42.0300 5492 System memory - ok
09:55:42.0300 5492 ================ Scan services =============================
09:55:42.0518 5492 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
09:55:42.0628 5492 1394ohci - ok
09:55:42.0752 5492 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
09:55:43.0189 5492 ACDaemon - ok
09:55:43.0252 5492 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
09:55:43.0298 5492 ACPI - ok
09:55:43.0314 5492 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
09:55:43.0361 5492 AcpiPmi - ok
09:55:43.0408 5492 [ 2F0683FD2DF1D92E891CACA14B45A8C1 ] adfs C:\Windows\system32\drivers\adfs.sys
09:55:43.0439 5492 adfs - ok
09:55:43.0517 5492 [ B1EA9681502EE57F87DB71D726288A5B ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
09:55:43.0548 5492 AdobeARMservice - ok
09:55:43.0626 5492 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
09:55:43.0688 5492 adp94xx - ok
09:55:43.0720 5492 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
09:55:43.0735 5492 adpahci - ok
09:55:43.0766 5492 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
09:55:43.0782 5492 adpu320 - ok
09:55:43.0798 5492 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
09:55:43.0860 5492 AeLookupSvc - ok
09:55:43.0922 5492 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
09:55:43.0985 5492 AFD - ok
09:55:44.0032 5492 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
09:55:44.0047 5492 agp440 - ok
09:55:44.0078 5492 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
09:55:44.0141 5492 ALG - ok
09:55:44.0188 5492 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
09:55:44.0219 5492 aliide - ok
09:55:44.0234 5492 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
09:55:44.0234 5492 amdide - ok
09:55:44.0266 5492 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
09:55:44.0312 5492 AmdK8 - ok
09:55:44.0328 5492 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
09:55:44.0359 5492 AmdPPM - ok
09:55:44.0406 5492 [ 6EC6D772EAE38DC17C14AED9B178D24B ] amdsata C:\Windows\system32\drivers\amdsata.sys
09:55:44.0422 5492 amdsata - ok
09:55:44.0437 5492 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
09:55:44.0453 5492 amdsbs - ok
09:55:44.0468 5492 [ 1142A21DB581A84EA5597B03A26EBAA0 ] amdxata C:\Windows\system32\drivers\amdxata.sys
09:55:44.0484 5492 amdxata - ok
09:55:44.0546 5492 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
09:55:44.0624 5492 AppID - ok
09:55:44.0640 5492 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
09:55:44.0687 5492 AppIDSvc - ok
09:55:44.0718 5492 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
09:55:44.0812 5492 Appinfo - ok
09:55:44.0858 5492 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
09:55:44.0874 5492 arc - ok
09:55:44.0890 5492 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
09:55:44.0905 5492 arcsas - ok
09:55:44.0952 5492 [ C130BC4A51B1382B2BE8E44579EC4C0A ] ArcSoftKsUFilter C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
09:55:44.0968 5492 ArcSoftKsUFilter - ok
09:55:45.0077 5492 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
09:55:45.0108 5492 aspnet_state - ok
09:55:45.0186 5492 [ 4FCAEF0C5BE7629AEB878998E0FE959B ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
09:55:45.0217 5492 aswFsBlk - ok
09:55:45.0295 5492 [ B50CDD87772D6A11CB90924AAD399DF8 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
09:55:45.0326 5492 aswMonFlt - ok
09:55:45.0389 5492 [ 57768C7DB4681F2510F247F82EF31D4F ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
09:55:45.0420 5492 aswRdr - ok
09:55:45.0529 5492 [ E71D826A1F3CE9C9DE3E77F2D02AFFBF ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
09:55:45.0560 5492 aswSnx - ok
09:55:45.0607 5492 [ 538A32E2C99BF073D4CA76C30BEDAA60 ] aswSP C:\Windows\system32\drivers\aswSP.sys
09:55:45.0638 5492 aswSP - ok
09:55:45.0716 5492 [ 6EDC79D73745FD44C41B55B2D13D0B70 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
09:55:45.0748 5492 aswTdi - ok
09:55:45.0779 5492 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
09:55:45.0872 5492 AsyncMac - ok
09:55:45.0919 5492 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
09:55:45.0935 5492 atapi - ok
09:55:45.0982 5492 [ FC0E8778C000291CAF60EB88C011E931 ] atksgt C:\Windows\system32\DRIVERS\atksgt.sys
09:55:45.0997 5492 atksgt - ok
09:55:46.0060 5492 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:55:46.0153 5492 AudioEndpointBuilder - ok
09:55:46.0184 5492 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
09:55:46.0231 5492 AudioSrv - ok
09:55:46.0325 5492 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
09:55:46.0356 5492 avast! Antivirus - ok
09:55:46.0434 5492 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
09:55:46.0481 5492 AxInstSV - ok
09:55:46.0528 5492 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
09:55:46.0590 5492 b06bdrv - ok
09:55:46.0621 5492 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
09:55:46.0668 5492 b57nd60a - ok
09:55:46.0699 5492 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
09:55:46.0730 5492 BDESVC - ok
09:55:46.0762 5492 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
09:55:46.0824 5492 Beep - ok
09:55:46.0902 5492 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
09:55:46.0980 5492 BFE - ok
09:55:47.0011 5492 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
09:55:47.0105 5492 BITS - ok
09:55:47.0136 5492 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
09:55:47.0183 5492 blbdrive - ok
09:55:47.0230 5492 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
09:55:47.0245 5492 bowser - ok
09:55:47.0292 5492 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
09:55:47.0339 5492 BrFiltLo - ok
09:55:47.0354 5492 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
09:55:47.0370 5492 BrFiltUp - ok
09:55:47.0417 5492 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
09:55:47.0464 5492 Browser - ok
09:55:47.0495 5492 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
09:55:47.0542 5492 Brserid - ok
09:55:47.0573 5492 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
09:55:47.0620 5492 BrSerWdm - ok
09:55:47.0666 5492 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
09:55:47.0729 5492 BrUsbMdm - ok
09:55:47.0744 5492 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
09:55:47.0776 5492 BrUsbSer - ok
09:55:47.0838 5492 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
09:55:47.0900 5492 BthEnum - ok
09:55:47.0947 5492 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
09:55:47.0978 5492 BTHMODEM - ok
09:55:48.0010 5492 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
09:55:48.0041 5492 BthPan - ok
09:55:48.0103 5492 [ 64C198198501F7560EE41D8D1EFA7952 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
09:55:48.0166 5492 BTHPORT - ok
09:55:48.0212 5492 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
09:55:48.0290 5492 bthserv - ok
09:55:48.0322 5492 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
09:55:48.0384 5492 BTHUSB - ok
09:55:48.0431 5492 [ 6BCFDC2B5B7F66D484486D4BD4B39A6B ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
09:55:48.0462 5492 btwaudio - ok
09:55:48.0493 5492 [ 82DC8B7C626E526681C1BEBED2BC3FF9 ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
09:55:48.0509 5492 btwavdt - ok
09:55:48.0602 5492 [ D65AA164ACD0F6706DBCFBBCC9731584 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
09:55:48.0649 5492 btwdins - ok
09:55:48.0680 5492 [ 6149301DC3F81D6F9667A3FBAC410975 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
09:55:48.0680 5492 btwl2cap - ok
09:55:48.0696 5492 [ 28E105AD3B79F440BF94780F507BF66A ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
09:55:48.0712 5492 btwrchid - ok
09:55:48.0743 5492 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
09:55:48.0790 5492 cdfs - ok
09:55:48.0852 5492 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
09:55:48.0883 5492 cdrom - ok
09:55:48.0946 5492 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
09:55:48.0992 5492 CertPropSvc - ok
09:55:49.0039 5492 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
09:55:49.0086 5492 circlass - ok
09:55:49.0117 5492 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
09:55:49.0148 5492 CLFS - ok
09:55:49.0195 5492 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:55:49.0211 5492 clr_optimization_v2.0.50727_32 - ok
09:55:49.0242 5492 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
09:55:49.0273 5492 clr_optimization_v2.0.50727_64 - ok
09:55:49.0382 5492 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:55:49.0445 5492 clr_optimization_v4.0.30319_32 - ok
09:55:49.0460 5492 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
09:55:49.0476 5492 clr_optimization_v4.0.30319_64 - ok
09:55:49.0507 5492 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
09:55:49.0507 5492 CmBatt - ok
09:55:49.0554 5492 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
09:55:49.0554 5492 cmdide - ok
09:55:49.0601 5492 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
09:55:49.0679 5492 CNG - ok
09:55:49.0710 5492 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
09:55:49.0726 5492 Compbatt - ok
09:55:49.0772 5492 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
09:55:49.0819 5492 CompositeBus - ok
09:55:49.0850 5492 COMSysApp - ok
09:55:49.0866 5492 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
09:55:49.0866 5492 crcdisk - ok
09:55:49.0928 5492 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
09:55:49.0991 5492 CryptSvc - ok
09:55:50.0038 5492 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
09:55:50.0147 5492 DcomLaunch - ok
09:55:50.0178 5492 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
09:55:50.0225 5492 defragsvc - ok
09:55:50.0272 5492 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
09:55:50.0350 5492 DfsC - ok
09:55:50.0396 5492 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
09:55:50.0506 5492 Dhcp - ok
09:55:50.0646 5492 [ 4F26BB00747D41E7C0FE8EBB2900F862 ] DirMngr C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
09:55:50.0677 5492 DirMngr ( UnsignedFile.Multi.Generic ) - warning
09:55:50.0677 5492 DirMngr - detected UnsignedFile.Multi.Generic (1)
09:55:50.0708 5492 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
09:55:50.0771 5492 discache - ok
09:55:50.0818 5492 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
09:55:50.0833 5492 Disk - ok
09:55:50.0864 5492 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
09:55:50.0927 5492 Dnscache - ok
09:55:50.0958 5492 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
09:55:51.0052 5492 dot3svc - ok
09:55:51.0083 5492 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
09:55:51.0176 5492 DPS - ok
09:55:51.0192 5492 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
09:55:51.0223 5492 drmkaud - ok
09:55:51.0286 5492 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
09:55:51.0332 5492 DXGKrnl - ok
09:55:51.0379 5492 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
09:55:51.0426 5492 EapHost - ok
09:55:51.0551 5492 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
09:55:51.0676 5492 ebdrv - ok
09:55:51.0707 5492 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
09:55:51.0738 5492 EFS - ok
09:55:51.0832 5492 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
09:55:51.0925 5492 ehRecvr - ok
09:55:51.0956 5492 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
09:55:52.0003 5492 ehSched - ok
09:55:52.0066 5492 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
09:55:52.0112 5492 elxstor - ok
09:55:52.0144 5492 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
09:55:52.0175 5492 ErrDev - ok
09:55:52.0222 5492 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
09:55:52.0268 5492 EventSystem - ok
09:55:52.0362 5492 [ 51643EE2712D9212E1E53CA7E8D8EB4A ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
09:55:52.0440 5492 EvtEng - ok
09:55:52.0471 5492 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
09:55:52.0518 5492 exfat - ok
09:55:52.0565 5492 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
09:55:52.0643 5492 fastfat - ok
09:55:52.0721 5492 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
09:55:52.0783 5492 Fax - ok
09:55:52.0814 5492 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
09:55:52.0814 5492 fdc - ok
09:55:52.0861 5492 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
09:55:52.0939 5492 fdPHost - ok
09:55:52.0955 5492 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
09:55:53.0033 5492 FDResPub - ok
09:55:53.0064 5492 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
09:55:53.0080 5492 FileInfo - ok
09:55:53.0080 5492 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
09:55:53.0158 5492 Filetrace - ok
09:55:53.0204 5492 [ 1F63900E2EB00101B9ACA2B7A870704E ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
09:55:53.0251 5492 FLEXnet Licensing Service - ok
09:55:53.0314 5492 [ 1C3FB052A0BB72EDAED90785C34D6EED ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
09:55:53.0376 5492 FLEXnet Licensing Service 64 - ok
09:55:53.0423 5492 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
09:55:53.0454 5492 flpydisk - ok
09:55:53.0485 5492 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
09:55:53.0516 5492 FltMgr - ok
09:55:53.0579 5492 [ B4447F606BB19FD8AD0BAFB59B90F5D9 ] FontCache C:\Windows\system32\FntCache.dll
09:55:53.0688 5492 FontCache - ok
09:55:53.0750 5492 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:55:53.0782 5492 FontCache3.0.0.0 - ok
09:55:53.0844 5492 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
09:55:53.0875 5492 FsDepends - ok
09:55:53.0922 5492 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
09:55:53.0938 5492 Fs_Rec - ok
09:55:53.0984 5492 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
09:55:54.0031 5492 fvevol - ok
09:55:54.0062 5492 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
09:55:54.0062 5492 gagp30kx - ok
09:55:54.0094 5492 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
09:55:54.0172 5492 gpsvc - ok
09:55:54.0218 5492 [ ADB4348DA1345877B04E22203AFC8993 ] hcmon C:\Windows\system32\drivers\hcmon.sys
09:55:54.0234 5492 hcmon - ok
09:55:54.0281 5492 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
09:55:54.0328 5492 hcw85cir - ok
09:55:54.0390 5492 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
09:55:54.0421 5492 HdAudAddService - ok
09:55:54.0452 5492 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
09:55:54.0484 5492 HDAudBus - ok
09:55:54.0515 5492 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
09:55:54.0546 5492 HidBatt - ok
09:55:54.0562 5492 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
09:55:54.0593 5492 HidBth - ok
09:55:54.0608 5492 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
09:55:54.0640 5492 HidIr - ok
09:55:54.0655 5492 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
09:55:54.0718 5492 hidserv - ok
09:55:54.0764 5492 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
09:55:54.0780 5492 HidUsb - ok
09:55:54.0811 5492 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
09:55:54.0905 5492 hkmsvc - ok
09:55:54.0936 5492 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
09:55:55.0014 5492 HomeGroupListener - ok
09:55:55.0061 5492 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
09:55:55.0108 5492 HomeGroupProvider - ok
09:55:55.0170 5492 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
09:55:55.0201 5492 HpSAMD - ok
09:55:55.0232 5492 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
09:55:55.0310 5492 HTTP - ok
09:55:55.0342 5492 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
09:55:55.0342 5492 hwpolicy - ok
09:55:55.0357 5492 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
09:55:55.0373 5492 i8042prt - ok
09:55:55.0451 5492 [ 7548066DF68A8A1A56B043359F915F37 ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
09:55:55.0482 5492 IAANTMON - ok
09:55:55.0513 5492 [ 1D004CB1DA6323B1F55CAEF7F94B61D9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
09:55:55.0513 5492 iaStor - ok
09:55:55.0576 5492 [ 3DF4395A7CF8B7A72A5F4606366B8C2D ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
09:55:55.0622 5492 iaStorV - ok
09:55:55.0685 5492 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
09:55:55.0747 5492 idsvc - ok
09:55:55.0778 5492 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
09:55:55.0794 5492 iirsp - ok
09:55:55.0841 5492 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
09:55:55.0950 5492 IKEEXT - ok
09:55:56.0075 5492 [ 5F35FE198EE7818221414776F8413AB0 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
09:55:56.0122 5492 IntcAzAudAddService - ok
09:55:56.0137 5492 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
09:55:56.0153 5492 intelide - ok
09:55:56.0168 5492 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
09:55:56.0215 5492 intelppm - ok
09:55:56.0246 5492 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
09:55:56.0293 5492 IPBusEnum - ok
09:55:56.0324 5492 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:55:56.0387 5492 IpFilterDriver - ok
09:55:56.0434 5492 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
09:55:56.0543 5492 iphlpsvc - ok
09:55:56.0574 5492 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
09:55:56.0605 5492 IPMIDRV - ok
09:55:56.0621 5492 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
09:55:56.0683 5492 IPNAT - ok
09:55:56.0699 5492 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
09:55:56.0730 5492 IRENUM - ok
09:55:56.0746 5492 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
09:55:56.0761 5492 isapnp - ok
09:55:56.0777 5492 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
09:55:56.0808 5492 iScsiPrt - ok
09:55:56.0824 5492 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
09:55:56.0839 5492 kbdclass - ok
09:55:56.0870 5492 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
09:55:56.0886 5492 kbdhid - ok
09:55:56.0902 5492 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
09:55:56.0917 5492 KeyIso - ok
09:55:56.0964 5492 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
09:55:56.0980 5492 KSecDD - ok
09:55:56.0995 5492 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
09:55:57.0011 5492 KSecPkg - ok
09:55:57.0026 5492 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
09:55:57.0089 5492 ksthunk - ok
09:55:57.0120 5492 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
09:55:57.0182 5492 KtmRm - ok
09:55:57.0245 5492 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
09:55:57.0323 5492 LanmanServer - ok
09:55:57.0354 5492 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:55:57.0448 5492 LanmanWorkstation - ok
09:55:57.0494 5492 [ 156AB2E56DC3CA0B582E3362E07CDED7 ] lirsgt C:\Windows\system32\DRIVERS\lirsgt.sys
09:55:57.0494 5492 lirsgt - ok
09:55:57.0541 5492 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
09:55:57.0619 5492 lltdio - ok
09:55:57.0666 5492 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
09:55:57.0728 5492 lltdsvc - ok
09:55:57.0744 5492 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
09:55:57.0791 5492 lmhosts - ok
09:55:57.0822 5492 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
09:55:57.0838 5492 LSI_FC - ok
09:55:57.0853 5492 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
09:55:57.0869 5492 LSI_SAS - ok
09:55:57.0900 5492 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
09:55:57.0916 5492 LSI_SAS2 - ok
09:55:57.0931 5492 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
09:55:57.0947 5492 LSI_SCSI - ok
09:55:57.0994 5492 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
09:55:58.0072 5492 luafv - ok
09:55:58.0087 5492 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
09:55:58.0134 5492 Mcx2Svc - ok
09:55:58.0150 5492 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
09:55:58.0165 5492 megasas - ok
09:55:58.0181 5492 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
09:55:58.0212 5492 MegaSR - ok
09:55:58.0290 5492 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
09:55:58.0321 5492 Microsoft Office Groove Audit Service - ok
09:55:58.0352 5492 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
09:55:58.0415 5492 MMCSS - ok
09:55:58.0446 5492 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
09:55:58.0493 5492 Modem - ok
09:55:58.0540 5492 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
09:55:58.0586 5492 monitor - ok
09:55:58.0618 5492 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
09:55:58.0649 5492 mouclass - ok
09:55:58.0680 5492 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
09:55:58.0711 5492 mouhid - ok
09:55:58.0758 5492 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
09:55:58.0774 5492 mountmgr - ok
09:55:58.0836 5492 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
09:55:58.0867 5492 MozillaMaintenance - ok
09:55:58.0883 5492 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
09:55:58.0914 5492 mpio - ok
09:55:58.0930 5492 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
09:55:59.0008 5492 mpsdrv - ok
09:55:59.0086 5492 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
09:55:59.0179 5492 MpsSvc - ok
09:55:59.0226 5492 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
09:55:59.0257 5492 MRxDAV - ok
09:55:59.0288 5492 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
09:55:59.0320 5492 mrxsmb - ok
09:55:59.0366 5492 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:55:59.0398 5492 mrxsmb10 - ok
09:55:59.0413 5492 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:55:59.0429 5492 mrxsmb20 - ok
09:55:59.0476 5492 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
09:55:59.0491 5492 msahci - ok
09:55:59.0522 5492 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
09:55:59.0538 5492 msdsm - ok
09:55:59.0554 5492 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
09:55:59.0585 5492 MSDTC - ok
09:55:59.0632 5492 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
09:55:59.0663 5492 Msfs - ok
09:55:59.0710 5492 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
09:55:59.0788 5492 mshidkmdf - ok
09:55:59.0819 5492 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
09:55:59.0834 5492 msisadrv - ok
09:55:59.0881 5492 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
09:55:59.0944 5492 MSiSCSI - ok
09:55:59.0944 5492 msiserver - ok
09:55:59.0975 5492 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
09:56:00.0053 5492 MSKSSRV - ok
09:56:00.0084 5492 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
09:56:00.0146 5492 MSPCLOCK - ok
09:56:00.0162 5492 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
09:56:00.0209 5492 MSPQM - ok
09:56:00.0256 5492 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
09:56:00.0271 5492 MsRPC - ok
09:56:00.0302 5492 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
09:56:00.0318 5492 mssmbios - ok
09:56:00.0427 5492 [ 3AE13C9869B7CE1135BCF21C0AAA68ED ] MSSQLSERVER c:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
09:56:00.0458 5492 MSSQLSERVER - ok
09:56:00.0490 5492 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
09:56:00.0568 5492 MSTEE - ok
09:56:00.0599 5492 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
09:56:00.0614 5492 MTConfig - ok
09:56:00.0630 5492 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
09:56:00.0646 5492 Mup - ok
09:56:00.0692 5492 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
09:56:00.0802 5492 napagent - ok
09:56:00.0848 5492 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
09:56:00.0895 5492 NativeWifiP - ok
09:56:00.0926 5492 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
09:56:00.0989 5492 NDIS - ok
09:56:01.0004 5492 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
09:56:01.0036 5492 NdisCap - ok
09:56:01.0067 5492 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
09:56:01.0114 5492 NdisTapi - ok
09:56:01.0176 5492 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
09:56:01.0254 5492 Ndisuio - ok
09:56:01.0285 5492 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
09:56:01.0363 5492 NdisWan - ok
09:56:01.0394 5492 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
09:56:01.0457 5492 NDProxy - ok
09:56:01.0488 5492 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
09:56:01.0535 5492 NetBIOS - ok
09:56:01.0566 5492 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
09:56:01.0613 5492 NetBT - ok
09:56:01.0644 5492 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
09:56:01.0660 5492 Netlogon - ok
09:56:01.0691 5492 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
09:56:01.0753 5492 Netman - ok
09:56:01.0800 5492 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:56:01.0831 5492 NetMsmqActivator - ok
09:56:01.0831 5492 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:56:01.0847 5492 NetPipeActivator - ok
09:56:01.0862 5492 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
09:56:01.0925 5492 netprofm - ok
09:56:01.0940 5492 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:56:01.0940 5492 NetTcpActivator - ok
09:56:01.0956 5492 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:56:01.0956 5492 NetTcpPortSharing - ok
09:56:02.0174 5492 [ 4D85A450EDEF10C38882182753A49AAE ] NETw5s64 C:\Windows\system32\DRIVERS\NETw5s64.sys
09:56:02.0393 5492 NETw5s64 - ok
09:56:02.0549 5492 [ 705283C02177809CA9FA7CC58A4F1E77 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
09:56:02.0767 5492 netw5v64 - ok
09:56:02.0798 5492 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
09:56:02.0814 5492 nfrd960 - ok
09:56:02.0876 5492 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
09:56:02.0970 5492 NlaSvc - ok
09:56:03.0032 5492 [ 351533ACC2A069B94E80BBFC177E8FDF ] npf C:\Windows\system32\drivers\npf.sys
09:56:03.0064 5492 npf - ok
09:56:03.0095 5492 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
09:56:03.0173 5492 Npfs - ok
09:56:03.0188 5492 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
09:56:03.0251 5492 nsi - ok
09:56:03.0282 5492 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
09:56:03.0329 5492 nsiproxy - ok
09:56:03.0391 5492 [ 05D78AA5CB5F3F5C31160BDB955D0B7C ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
09:56:03.0485 5492 Ntfs - ok
09:56:03.0500 5492 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
09:56:03.0547 5492 Null - ok
09:56:03.0578 5492 [ A842341EF3C702EF8208E610BE0FD1D9 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
09:56:03.0594 5492 NVHDA - ok
09:56:03.0906 5492 [ F6168EDF9794B7A8D6D030CBA5F6BF68 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
09:56:04.0093 5492 nvlddmkm - ok
09:56:04.0124 5492 [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48 ] nvraid C:\Windows\system32\drivers\nvraid.sys
09:56:04.0140 5492 nvraid - ok
09:56:04.0187 5492 [ F7CD50FE7139F07E77DA8AC8033D1832 ] nvstor C:\Windows\system32\drivers\nvstor.sys
09:56:04.0218 5492 nvstor - ok
09:56:04.0265 5492 [ EA94A1F7DA5CF16D28E50511D010CD97 ] nvsvc C:\Windows\system32\nvvsvc.exe
09:56:04.0280 5492 nvsvc - ok
09:56:04.0343 5492 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
09:56:04.0374 5492 nv_agp - ok
09:56:04.0452 5492 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
09:56:04.0499 5492 odserv - ok
09:56:04.0514 5492 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
09:56:04.0530 5492 ohci1394 - ok
09:56:04.0577 5492 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:56:04.0624 5492 ose - ok
09:56:04.0655 5492 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
09:56:04.0686 5492 p2pimsvc - ok
09:56:04.0717 5492 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
09:56:04.0748 5492 p2psvc - ok
09:56:04.0764 5492 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
09:56:04.0780 5492 Parport - ok
09:56:04.0826 5492 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
09:56:04.0842 5492 partmgr - ok
09:56:04.0858 5492 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
09:56:04.0889 5492 PcaSvc - ok
09:56:04.0936 5492 [ BC0018C2D29F655188A0ED3FA94FDB24 ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
09:56:04.0967 5492 pccsmcfd - ok
09:56:05.0014 5492 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
09:56:05.0029 5492 pci - ok
09:56:05.0060 5492 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
09:56:05.0060 5492 pciide - ok
09:56:05.0092 5492 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
09:56:05.0107 5492 pcmcia - ok
09:56:05.0138 5492 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
09:56:05.0154 5492 pcw - ok
09:56:05.0185 5492 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
09:56:05.0248 5492 PEAUTH - ok
09:56:05.0326 5492 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
09:56:05.0388 5492 PerfHost - ok
09:56:05.0450 5492 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
09:56:05.0544 5492 pla - ok
09:56:05.0606 5492 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
09:56:05.0669 5492 PlugPlay - ok
09:56:05.0684 5492 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
09:56:05.0700 5492 PNRPAutoReg - ok
09:56:05.0716 5492 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
09:56:05.0731 5492 PNRPsvc - ok
09:56:05.0778 5492 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
09:56:05.0872 5492 PolicyAgent - ok
09:56:05.0934 5492 postgresql-x64-9.2 - ok
09:56:05.0981 5492 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
09:56:06.0059 5492 Power - ok
09:56:06.0106 5492 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
09:56:06.0184 5492 PptpMiniport - ok
09:56:06.0230 5492 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
09:56:06.0277 5492 Processor - ok
09:56:06.0308 5492 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows\system32\profsvc.dll
09:56:06.0371 5492 ProfSvc - ok
09:56:06.0386 5492 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
09:56:06.0402 5492 ProtectedStorage - ok
09:56:06.0449 5492 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
09:56:06.0527 5492 Psched - ok
09:56:06.0542 5492 [ AED797CCA02783296C68AA10D0CFF8A9 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
09:56:06.0542 5492 PxHlpa64 - ok
09:56:06.0620 5492 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
09:56:06.0730 5492 ql2300 - ok
09:56:06.0745 5492 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
09:56:06.0761 5492 ql40xx - ok
09:56:06.0792 5492 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
09:56:06.0823 5492 QWAVE - ok
09:56:06.0839 5492 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
09:56:06.0870 5492 QWAVEdrv - ok
09:56:06.0886 5492 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
09:56:06.0932 5492 RasAcd - ok
09:56:06.0964 5492 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
09:56:06.0995 5492 RasAgileVpn - ok
09:56:07.0026 5492 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
09:56:07.0073 5492 RasAuto - ok
09:56:07.0120 5492 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
09:56:07.0198 5492 Rasl2tp - ok
09:56:07.0229 5492 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
09:56:07.0276 5492 RasMan - ok
09:56:07.0307 5492 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
09:56:07.0400 5492 RasPppoe - ok
09:56:07.0416 5492 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
09:56:07.0463 5492 RasSstp - ok
09:56:07.0510 5492 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
09:56:07.0588 5492 rdbss - ok
09:56:07.0619 5492 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
09:56:07.0681 5492 rdpbus - ok
09:56:07.0697 5492 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
09:56:07.0744 5492 RDPCDD - ok
09:56:07.0790 5492 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
09:56:07.0837 5492 RDPENCDD - ok
09:56:07.0868 5492 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
09:56:07.0900 5492 RDPREFMP - ok
09:56:07.0931 5492 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
09:56:07.0962 5492 RDPWD - ok
09:56:08.0040 5492 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
09:56:08.0071 5492 rdyboost - ok
09:56:08.0165 5492 [ 3B71B5B91E7DCA93585D5A86C897ADC4 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
09:56:08.0227 5492 RegSrvc - ok
09:56:08.0258 5492 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
09:56:08.0305 5492 RemoteAccess - ok
09:56:08.0336 5492 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
09:56:08.0399 5492 RemoteRegistry - ok
09:56:08.0446 5492 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
09:56:08.0477 5492 RFCOMM - ok
09:56:08.0508 5492 [ 5767961268AA43D9F3FA6D59EC8B7B12 ] rimspci C:\Windows\system32\DRIVERS\rimssne64.sys
09:56:08.0539 5492 rimspci - ok
09:56:08.0555 5492 [ BB6E138AEB351728959DA5E2731D8140 ] risdsnpe C:\Windows\system32\DRIVERS\risdsne64.sys
09:56:08.0570 5492 risdsnpe - ok
09:56:08.0602 5492 [ D02E5A46F77C182CA1964080BCD586F7 ] Roxio UPnP Renderer 10 C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
09:56:08.0648 5492 Roxio UPnP Renderer 10 - ok
09:56:08.0664 5492 [ E5809597278802D09273EE07B5FC56E1 ] Roxio Upnp Server 10 C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe
09:56:08.0695 5492 Roxio Upnp Server 10 - ok
09:56:08.0711 5492 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
09:56:08.0773 5492 RpcEptMapper - ok
09:56:08.0789 5492 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
09:56:08.0836 5492 RpcLocator - ok
09:56:08.0882 5492 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
09:56:08.0945 5492 RpcSs - ok
09:56:08.0992 5492 [ 5AA85332CB1694871B2F0704E0FC9113 ] RsFx0200 C:\Windows\system32\DRIVERS\RsFx0200.sys
09:56:09.0038 5492 RsFx0200 - ok
09:56:09.0085 5492 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
09:56:09.0132 5492 rspndr - ok
09:56:09.0163 5492 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
09:56:09.0210 5492 SamSs - ok
09:56:09.0241 5492 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
09:56:09.0257 5492 sbp2port - ok
09:56:09.0288 5492 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
09:56:09.0350 5492 SCardSvr - ok
09:56:09.0382 5492 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
09:56:09.0460 5492 scfilter - ok
09:56:09.0522 5492 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
09:56:09.0616 5492 Schedule - ok
09:56:09.0662 5492 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
09:56:09.0709 5492 SCPolicySvc - ok
09:56:09.0756 5492 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
09:56:09.0818 5492 sdbus - ok
09:56:09.0850 5492 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
09:56:09.0881 5492 SDRSVC - ok
09:56:09.0912 5492 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
09:56:09.0959 5492 secdrv - ok
09:56:09.0990 5492 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
09:56:10.0037 5492 seclogon - ok
09:56:10.0068 5492 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
09:56:10.0115 5492 SENS - ok
09:56:10.0130 5492 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
09:56:10.0177 5492 SensrSvc - ok
09:56:10.0208 5492 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
09:56:10.0224 5492 Serenum - ok
09:56:10.0255 5492 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
09:56:10.0286 5492 Serial - ok
09:56:10.0318 5492 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
09:56:10.0333 5492 sermouse - ok
09:56:10.0411 5492 [ E802089FEC30A95FDFD218995308F9B3 ] ServiceLayer C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
09:56:10.0474 5492 ServiceLayer - ok
09:56:10.0520 5492 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
09:56:10.0614 5492 SessionEnv - ok
09:56:10.0630 5492 [ 70F9C476B62DE4F2823E918A6C181ADE ] SFEP C:\Windows\system32\DRIVERS\SFEP.sys
09:56:10.0676 5492 SFEP - ok
09:56:10.0723 5492 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
09:56:10.0770 5492 sffdisk - ok
09:56:10.0786 5492 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
09:56:10.0817 5492 sffp_mmc - ok
09:56:10.0848 5492 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
09:56:10.0879 5492 sffp_sd - ok
09:56:10.0910 5492 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
09:56:10.0926 5492 sfloppy - ok
09:56:10.0957 5492 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
09:56:11.0035 5492 SharedAccess - ok
09:56:11.0082 5492 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:56:11.0160 5492 ShellHWDetection - ok
09:56:11.0191 5492 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
09:56:11.0207 5492 SiSRaid2 - ok
09:56:11.0222 5492 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
09:56:11.0238 5492 SiSRaid4 - ok
09:56:11.0300 5492 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
09:56:11.0332 5492 SkypeUpdate - ok
09:56:11.0363 5492 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
09:56:11.0410 5492 Smb - ok
09:56:11.0456 5492 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
09:56:11.0488 5492 SNMPTRAP - ok
09:56:11.0534 5492 [ 98886C88A1CB13D61672AE2C638B7E1C ] SOHCImp C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
09:56:11.0550 5492 SOHCImp - ok
09:56:11.0550 5492 [ 442A13F395546F4564C377296D43B564 ] SOHDBSvr C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe
09:56:11.0566 5492 SOHDBSvr - ok
09:56:11.0581 5492 [ 556681BE668D71DC162391A45422B52C ] SOHDms C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
09:56:11.0597 5492 SOHDms - ok
09:56:11.0612 5492 [ 72B46103E4111439109ACF5882627C24 ] SOHDs C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
09:56:11.0628 5492 SOHDs - ok
09:56:11.0628 5492 [ 725B6E9CD1959271AC993DC035E1606D ] SOHPlMgr C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe
09:56:11.0644 5492 SOHPlMgr - ok
09:56:11.0659 5492 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
09:56:11.0675 5492 spldr - ok
09:56:11.0706 5492 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
09:56:11.0768 5492 Spooler - ok
09:56:11.0878 5492 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
09:56:11.0971 5492 sppsvc - ok
09:56:12.0018 5492 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
09:56:12.0065 5492 sppuinotify - ok
09:56:12.0174 5492 [ 602884696850C86434530790B110E8EB ] sptd C:\Windows\System32\Drivers\sptd.sys
09:56:12.0221 5492 sptd - ok
09:56:12.0314 5492 [ E9254892A2D74E537BAD3092F0F8EE40 ] SQLBrowser c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
09:56:12.0361 5492 SQLBrowser - ok
09:56:12.0486 5492 [ B70FAF0C7C5737AA6973E14B45477730 ] SQLSERVERAGENT c:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE
09:56:12.0548 5492 SQLSERVERAGENT - ok
09:56:12.0626 5492 [ EAD5300C93946B0250A309E2BF2BE4CF ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
09:56:12.0658 5492 SQLWriter - ok
09:56:12.0689 5492 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
09:56:12.0736 5492 srv - ok
09:56:12.0767 5492 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
09:56:12.0845 5492 srv2 - ok
09:56:12.0860 5492 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
09:56:12.0892 5492 srvnet - ok
09:56:12.0938 5492 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
09:56:13.0016 5492 SSDPSRV - ok
09:56:13.0032 5492 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
09:56:13.0079 5492 SstpSvc - ok
09:56:13.0094 5492 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
09:56:13.0110 5492 stexstor - ok
09:56:13.0157 5492 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
09:56:13.0204 5492 stisvc - ok
09:56:13.0235 5492 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
09:56:13.0250 5492 swenum - ok
09:56:13.0282 5492 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
09:56:13.0344 5492 swprv - ok
09:56:13.0391 5492 [ BE7311DA9D6833FA69ED04B744A1C8F8 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
09:56:13.0406 5492 SynTP - ok
09:56:13.0484 5492 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
09:56:13.0625 5492 SysMain - ok
09:56:13.0672 5492 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
09:56:13.0687 5492 TabletInputService - ok
09:56:13.0703 5492 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
09:56:13.0765 5492 TapiSrv - ok
09:56:13.0796 5492 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
09:56:13.0874 5492 TBS - ok
09:56:13.0968 5492 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
09:56:14.0077 5492 Tcpip - ok
09:56:14.0140 5492 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
09:56:14.0171 5492 TCPIP6 - ok
09:56:14.0218 5492 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
09:56:14.0296 5492 tcpipreg - ok
09:56:14.0342 5492 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
09:56:14.0389 5492 TDPIPE - ok
09:56:14.0436 5492 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
09:56:14.0467 5492 TDTCP - ok
09:56:14.0514 5492 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
09:56:14.0576 5492 tdx - ok
09:56:14.0608 5492 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
09:56:14.0623 5492 TermDD - ok
09:56:14.0686 5492 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
09:56:14.0764 5492 TermService - ok
09:56:14.0795 5492 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
09:56:14.0826 5492 Themes - ok
09:56:14.0857 5492 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
09:56:14.0888 5492 THREADORDER - ok
09:56:14.0904 5492 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
09:56:14.0966 5492 TrkWks - ok
09:56:15.0029 5492 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:56:15.0122 5492 TrustedInstaller - ok
09:56:15.0154 5492 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
09:56:15.0232 5492 tssecsrv - ok
09:56:15.0294 5492 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
09:56:15.0325 5492 TsUsbFlt - ok
09:56:15.0388 5492 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
09:56:15.0481 5492 tunnel - ok
09:56:15.0512 5492 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
09:56:15.0528 5492 uagp35 - ok
09:56:15.0575 5492 [ 63F6D08C54D5B3C1B12A6172032055C7 ] uCamMonitor C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
09:56:15.0606 5492 uCamMonitor - ok
09:56:15.0653 5492 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
09:56:15.0715 5492 udfs - ok
09:56:15.0746 5492 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
09:56:15.0778 5492 UI0Detect - ok
09:56:15.0809 5492 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
09:56:15.0824 5492 uliagpkx - ok
09:56:15.0871 5492 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
09:56:15.0934 5492 umbus - ok
09:56:15.0949 5492 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
09:56:15.0965 5492 UmPass - ok
09:56:15.0980 5492 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
09:56:16.0043 5492 upnphost - ok
09:56:16.0058 5492 [ 481DFF26B4DCA8F4CBAC1F7DCE1D6829 ] usbccgp C:\Windows\system32\drivers\usbccgp.sys
09:56:16.0090 5492 usbccgp - ok
09:56:16.0136 5492 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
09:56:16.0152 5492 usbcir - ok
09:56:16.0168 5492 [ 74EE782B1D9C241EFE425565854C661C ] usbehci C:\Windows\system32\drivers\usbehci.sys
09:56:16.0230 5492 usbehci - ok
09:56:16.0261 5492 [ DC96BD9CCB8403251BCF25047573558E ] usbhub C:\Windows\system32\drivers\usbhub.sys
09:56:16.0292 5492 usbhub - ok
09:56:16.0308 5492 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\drivers\usbohci.sys
09:56:16.0324 5492 usbohci - ok
09:56:16.0355 5492 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
09:56:16.0370 5492 usbprint - ok
09:56:16.0402 5492 [ D76510CFA0FC09023077F22C2F979D86 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:56:16.0433 5492 USBSTOR - ok
09:56:16.0464 5492 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
09:56:16.0511 5492 usbuhci - ok
09:56:16.0526 5492 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
09:56:16.0573 5492 usbvideo - ok
09:56:16.0620 5492 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
09:56:16.0698 5492 UxSms - ok
09:56:16.0745 5492 [ 4E7135D6D0127067E4CFEE12259F895D ] VAIO Entertainment TV Device Arbitration Service C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
09:56:16.0760 5492 VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - warning
09:56:16.0760 5492 VAIO Entertainment TV Device Arbitration Service - detected UnsignedFile.Multi.Generic (1)
09:56:16.0838 5492 [ 6B31C9CB94927DBEEB62E15275F4CC54 ] VAIO Event Service C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
09:56:16.0870 5492 VAIO Event Service - ok
09:56:16.0932 5492 [ 2D6605C1F0BBD0F71A4CB3A5B1E07240 ] VAIO Power Management C:\Program Files\Sony\VAIO Power Management\SPMService.exe
09:56:16.0963 5492 VAIO Power Management - ok
09:56:16.0963 5492 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
09:56:16.0979 5492 VaultSvc - ok
09:56:17.0041 5492 [ 72EC34F9999A5A48CFD43F5E6BD779E4 ] VBoxDrv C:\Windows\system32\DRIVERS\VBoxDrv.sys
09:56:17.0072 5492 VBoxDrv - ok
09:56:17.0104 5492 [ A2FE818D7F930C51ADA37C04DBCB015D ] VBoxNetAdp C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
09:56:17.0119 5492 VBoxNetAdp - ok
09:56:17.0135 5492 [ CD37A9264C404E48BCE162D37B117B45 ] VBoxNetFlt C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
09:56:17.0150 5492 VBoxNetFlt - ok
09:56:17.0182 5492 [ F649B3D30C6F40B04BDCCD0D11A43481 ] VBoxUSBMon C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
09:56:17.0197 5492 VBoxUSBMon - ok
09:56:17.0244 5492 [ 06FE5BEDDADB158D84E6DE33CBE19F3E ] VCFw C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
09:56:17.0291 5492 VCFw - ok
09:56:17.0353 5492 [ 34063C0B842E73662067F9B03947C55C ] VcmIAlzMgr C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
09:56:17.0384 5492 VcmIAlzMgr - ok
09:56:17.0416 5492 [ A8F5D1651A324ABC6C308891A1252EE3 ] VcmINSMgr C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
09:56:17.0447 5492 VcmINSMgr - ok
09:56:17.0494 5492 [ DB544B487F360128DC1C383E0A6FCC2F ] VcmXmlIfHelper C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
09:56:17.0525 5492 VcmXmlIfHelper - ok
09:56:17.0540 5492 Vcsw - ok
09:56:17.0603 5492 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
09:56:17.0618 5492 vdrvroot - ok
09:56:17.0665 5492 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
09:56:17.0743 5492 vds - ok
09:56:17.0759 5492 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
09:56:17.0774 5492 vga - ok
09:56:17.0790 5492 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
09:56:17.0837 5492 VgaSave - ok
09:56:17.0868 5492 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
09:56:17.0884 5492 vhdmp - ok
09:56:17.0915 5492 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
09:56:17.0930 5492 viaide - ok
09:56:18.0008 5492 [ 3ACCF0C817A2BB34EFBFB72B57B00252 ] VMAuthdService C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
09:56:18.0024 5492 VMAuthdService ( UnsignedFile.Multi.Generic ) - warning
09:56:18.0024 5492 VMAuthdService - detected UnsignedFile.Multi.Generic (1)
09:56:18.0055 5492 [ 87FC1DD880E8CAC4FAEBB84AF61A87C4 ] vmci C:\Windows\system32\DRIVERS\vmci.sys
09:56:18.0071 5492 vmci - ok
09:56:18.0118 5492 [ ED82D26B5E26542615483B8BED77D826 ] vmkbd C:\Windows\system32\drivers\VMkbd.sys
09:56:18.0133 5492 vmkbd - ok
09:56:18.0164 5492 [ B259C31378BC855AFD1B53F59311C251 ] VMnetAdapter C:\Windows\system32\DRIVERS\vmnetadapter.sys
09:56:18.0180 5492 VMnetAdapter - ok
09:56:18.0196 5492 [ DEC4CE720FFEDA939CF1BA315CFBD993 ] VMnetBridge C:\Windows\system32\DRIVERS\vmnetbridge.sys
09:56:18.0211 5492 VMnetBridge - ok
09:56:18.0227 5492 VMnetDHCP - ok
09:56:18.0227 5492 [ 94DD802DA1A3BBF7402246CB48CFEA83 ] VMnetuserif C:\Windows\system32\drivers\vmnetuserif.sys
09:56:18.0242 5492 VMnetuserif - ok
09:56:18.0320 5492 [ 415B167695C4B5960A13098622EF3D80 ] vmusb C:\Windows\system32\Drivers\vmusb.sys
09:56:18.0336 5492 vmusb - ok
09:56:18.0430 5492 [ 18903CA7936912C337C9D28858880CF2 ] VMUSBArbService C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
09:56:18.0492 5492 VMUSBArbService - ok
09:56:18.0508 5492 VMware NAT Service - ok
09:56:18.0539 5492 [ 06EB22EA8E451654346EA0F9C56DD795 ] vmx86 C:\Windows\system32\drivers\vmx86.sys
09:56:18.0554 5492 vmx86 - ok
09:56:18.0586 5492 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
09:56:18.0617 5492 volmgr - ok
09:56:18.0664 5492 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
09:56:18.0710 5492 volmgrx - ok
09:56:18.0726 5492 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
09:56:18.0742 5492 volsnap - ok
09:56:18.0788 5492 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
09:56:18.0820 5492 vsmraid - ok
09:56:18.0882 5492 [ 047F22BDFDAE6DF6F1E47E747A1237A2 ] VSNService C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
09:56:18.0929 5492 VSNService ( UnsignedFile.Multi.Generic ) - warning
09:56:18.0929 5492 VSNService - detected UnsignedFile.Multi.Generic (1)
09:56:19.0007 5492 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
09:56:19.0132 5492 VSS - ok
09:56:19.0350 5492 [ D2D646D4D686C6996BA1FF96E11BE570 ] VUAgent C:\Program Files\Sony\VAIO Update\VUAgent.exe
09:56:19.0397 5492 VUAgent - ok
09:56:19.0412 5492 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
09:56:19.0475 5492 vwifibus - ok
09:56:19.0522 5492 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
09:56:19.0568 5492 vwififlt - ok
09:56:19.0600 5492 [ D8BEF4AC1EAC809DBDBD441D6CFF6C4C ] VzCdbSvc C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
09:56:19.0600 5492 VzCdbSvc ( UnsignedFile.Multi.Generic ) - warning
09:56:19.0600 5492 VzCdbSvc - detected UnsignedFile.Multi.Generic (1)
09:56:19.0646 5492 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
09:56:19.0693 5492 W32Time - ok
09:56:19.0724 5492 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
09:56:19.0756 5492 WacomPen - ok
09:56:19.0834 5492 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
09:56:19.0912 5492 WANARP - ok
09:56:19.0943 5492 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
09:56:19.0974 5492 Wanarpv6 - ok
09:56:20.0052 5492 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
09:56:20.0130 5492 WatAdminSvc - ok
09:56:20.0208 5492 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
09:56:20.0286 5492 wbengine - ok
09:56:20.0317 5492 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
09:56:20.0348 5492 WbioSrvc - ok
09:56:20.0395 5492 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
09:56:20.0426 5492 wcncsvc - ok
09:56:20.0426 5492 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:56:20.0442 5492 WcsPlugInService - ok
09:56:20.0473 5492 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
09:56:20.0489 5492 Wd - ok
09:56:20.0520 5492 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
09:56:20.0551 5492 Wdf01000 - ok
09:56:20.0567 5492 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
09:56:20.0614 5492 WdiServiceHost - ok
09:56:20.0614 5492 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
09:56:20.0629 5492 WdiSystemHost - ok
09:56:20.0676 5492 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
09:56:20.0738 5492 WebClient - ok
09:56:20.0754 5492 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
09:56:20.0832 5492 Wecsvc - ok
09:56:20.0848 5492 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
09:56:20.0894 5492 wercplsupport - ok
09:56:20.0910 5492 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
09:56:20.0972 5492 WerSvc - ok
09:56:21.0004 5492 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
09:56:21.0050 5492 WfpLwf - ok
09:56:21.0066 5492 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
09:56:21.0066 5492 WIMMount - ok
09:56:21.0082 5492 WinDefend - ok
09:56:21.0097 5492 WinHttpAutoProxySvc - ok
09:56:21.0144 5492 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
09:56:21.0206 5492 Winmgmt - ok
09:56:21.0300 5492 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
09:56:21.0409 5492 WinRM - ok
09:56:21.0456 5492 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
09:56:21.0487 5492 WinUsb - ok
09:56:21.0534 5492 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
09:56:21.0612 5492 Wlansvc - ok
09:56:21.0768 5492 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
09:56:21.0940 5492 wlidsvc - ok
09:56:21.0986 5492 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
09:56:22.0018 5492 WmiAcpi - ok
09:56:22.0049 5492 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
09:56:22.0096 5492 wmiApSrv - ok
09:56:22.0142 5492 WMPNetworkSvc - ok
09:56:22.0158 5492 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
09:56:22.0174 5492 WPCSvc - ok
09:56:22.0220 5492 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
09:56:22.0236 5492 WPDBusEnum - ok
09:56:22.0252 5492 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
09:56:22.0314 5492 ws2ifsl - ok
09:56:22.0330 5492 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
09:56:22.0376 5492 wscsvc - ok
09:56:22.0376 5492 WSearch - ok
09:56:22.0470 5492 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
09:56:22.0564 5492 wuauserv - ok
09:56:22.0610 5492 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
09:56:22.0688 5492 WudfPf - ok
09:56:22.0720 5492 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
09:56:22.0766 5492 WUDFRd - ok
09:56:22.0798 5492 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
09:56:22.0844 5492 wudfsvc - ok
09:56:22.0876 5492 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
09:56:22.0922 5492 WwanSvc - ok
09:56:22.0969 5492 [ AD4617B499F900EBB56B0AFAB627B243 ] yksvc C:\Windows\System32\yk62x64.dll
09:56:23.0016 5492 yksvc - ok
09:56:23.0047 5492 [ 6AFFD75C6807B3DD3AB018E27B88EF95 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
09:56:23.0063 5492 yukonw7 - ok
09:56:23.0110 5492 ================ Scan global ===============================
09:56:23.0141 5492 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
09:56:23.0188 5492 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
09:56:23.0219 5492 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
09:56:23.0234 5492 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
09:56:23.0266 5492 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
09:56:23.0266 5492 [Global] - ok
09:56:23.0266 5492 ================ Scan MBR ==================================
09:56:23.0297 5492 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
09:56:24.0046 5492 \Device\Harddisk0\DR0 - ok
09:56:24.0046 5492 ================ Scan VBR ==================================
09:56:24.0061 5492 [ 9BC0EDB184F5187EB355B37654974D4E ] \Device\Harddisk0\DR0\Partition1
09:56:24.0061 5492 \Device\Harddisk0\DR0\Partition1 - ok
09:56:24.0108 5492 [ 24EA07D16A69568E2C6CB443BD84CCF9 ] \Device\Harddisk0\DR0\Partition2
09:56:24.0108 5492 \Device\Harddisk0\DR0\Partition2 - ok
09:56:24.0108 5492 ============================================================
09:56:24.0108 5492 Scan finished
09:56:24.0108 5492 ============================================================
09:56:24.0139 5572 Detected object count: 5
09:56:24.0139 5572 Actual detected object count: 5
09:58:33.0269 5572 DirMngr ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:33.0269 5572 DirMngr ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:58:33.0269 5572 VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:33.0269 5572 VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:58:33.0285 5572 VMAuthdService ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:33.0285 5572 VMAuthdService ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:58:33.0285 5572 VSNService ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:33.0285 5572 VSNService ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:58:33.0285 5572 VzCdbSvc ( UnsignedFile.Multi.Generic ) - skipped by user
09:58:33.0285 5572 VzCdbSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:58:41.0990 5908 Deinitialize success
|
|
05.01.2013, 15:37
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trend Micro findet JAVA_BLACOLE.SMO Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
06.01.2013, 10:44
| #5 |
| | Trend Micro findet JAVA_BLACOLE.SMO Kleiner Hinweis: Nach dem Scan hat sich der PC neu gestartet. Erst danach wurde das Logfile erstellt. Ich hoffe das ist normal. Hier die Logdatei von Combofix: Code:
ATTFilter ComboFix 13-01-05.01 - *** 06.01.2013 9:55.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.43.1031.18.4063.2452 [GMT 1:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2
c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2\TTLS Manager.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2\Uninstall.lnk
c:\windows\SysWow64\muzapp.exe
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
.
Infizierte Kopie von c:\windows\SysWow64\userinit.exe wurde gefunden und desinfiziert
Kopie von - c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe wurde wiederhergestellt
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_npf
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-12-06 bis 2013-01-06 ))))))))))))))))))))))))))))))
.
.
2013-01-05 08:18 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B688190A-0330-478C-87EA-FA7FE3531619}\mpengine.dll
2012-12-28 16:48 . 2012-12-28 16:48 308200 ----a-w- c:\windows\system32\javaws.exe
2012-12-28 16:48 . 2012-12-28 16:48 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2012-12-28 16:48 . 2012-12-28 16:48 188392 ----a-w- c:\windows\system32\javaw.exe
2012-12-28 16:48 . 2012-12-28 16:48 188392 ----a-w- c:\windows\system32\java.exe
2012-12-28 14:13 . 2012-12-28 14:13 -------- d-----w- c:\users\***\AppData\Roaming\Malwarebytes
2012-12-28 14:13 . 2012-12-28 14:13 -------- d-----w- c:\programdata\Malwarebytes
2012-12-28 14:13 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-28 14:13 . 2012-12-28 14:13 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-12-28 07:44 . 2012-12-28 07:44 16200 ----a-w- c:\windows\stinger.sys
2012-12-28 07:44 . 2012-12-28 07:52 -------- d-----w- c:\program files (x86)\stinger
2012-12-25 11:36 . 2012-12-25 11:48 -------- d-----w- C:\JavaDriver
2012-12-21 11:16 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-21 11:16 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-21 11:16 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-21 11:16 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-13 06:33 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-13 06:33 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-12-13 06:31 . 2012-10-04 17:38 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-28 16:48 . 2012-09-20 13:49 959976 ----a-w- c:\windows\system32\deployJava1.dll
2012-12-28 16:48 . 2012-09-20 13:49 1081320 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-12-28 16:45 . 2011-05-30 06:01 404920 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-14 12:08 . 2010-09-06 22:43 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-12-13 06:22 . 2012-04-04 08:05 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-30 22:51 . 2012-03-02 14:33 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2012-03-02 14:33 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2012-03-02 14:33 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2012-03-02 14:33 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-30 22:51 . 2012-03-02 14:33 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2011-07-19 10:03 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 22:50 . 2011-07-19 10:03 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-10-30 22:50 . 2012-03-02 14:33 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-26 18:01 . 2012-12-04 11:00 237400 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2012-10-26 18:00 . 2012-10-26 18:00 131416 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2012-10-26 17:59 . 2012-12-04 11:00 119640 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2012-10-26 17:59 . 2012-10-26 17:59 203608 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
2012-10-26 17:59 . 2012-10-26 17:59 146264 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2012-10-15 16:59 . 2012-03-02 14:33 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-12-22 28538560]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 1079584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-07-01 09:49 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"MarketingTools"=c:\program files (x86)\Sony\Marketing Tools\MarketingTools.exe
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-06-26 362992]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-08-04 35104]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-11-13 1038088]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-05 5435904]
R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-06-26 313840]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2009-06-26 357672]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-06-17 110888]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-18 1255736]
R4 RsFx0200;RsFx0200 Driver;c:\windows\system32\DRIVERS\RsFx0200.sys [2012-02-11 334936]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-02-27 834544]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-05-20 55280]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2011-08-08 116336]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2012-10-26 237400]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2012-10-26 119640]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
S2 DirMngr;DirMngr;c:\program files (x86)\GNU\GnuPG\dirmngr.exe [2011-03-02 224256]
S2 postgresql-x64-9.2;postgresql-x64-9.2 - PostgreSQL Server 9.2;C:/Program Files/PostgreSQL/9.2/bin/pg_ctl.exe runservice -N postgresql-x64-9.2 -D C:/Program Files/PostgreSQL/9.2/data -w [x]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimssne64.sys [2009-07-31 91648]
S2 risdsnpe;risdsnpe;c:\windows\system32\DRIVERS\risdsne64.sys [2009-07-31 75776]
S2 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-07-27 120104]
S2 SOHDBSvr;VAIO Media plus Database Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-07-27 70952]
S2 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-07-27 427304]
S2 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-07-27 75048]
S2 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-07-27 91432]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2009-07-16 411496]
S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-07-22 642920]
S2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-06-26 468264]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-08-29 846448]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2010-08-11 845312]
S2 yksvc;Marvell Yukon Service;c:\windows\System32\svchost.exe [2009-07-14 27136]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]
S3 NETw5s64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2009-06-11 11392]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-10-26 131416]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2012-10-26 146264]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update\VUAgent.exe [2012-10-26 1286784]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-07-31 393216]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-07-19 11106408]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2011-07-19 1833576]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SVEA&bmod=EU01
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = 10.0.0.1:3128
uInternet Settings,ProxyOverride = *.aon.at;<local>
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: %SystemRoot%\system32\vsocklib.dll
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\c05fe9f0.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-KiesTrayAgent - c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-x64-9.2]
"ImagePath"="C:/Program Files/PostgreSQL/9.2/bin/pg_ctl.exe runservice -N \"postgresql-x64-9.2\" -D \"C:/Program Files/PostgreSQL/9.2/data\" -w"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-x64-9.2]
"ImagePath"="C:/Program Files/PostgreSQL/9.2/bin/pg_ctl.exe runservice -N \"postgresql-x64-9.2\" -D \"C:/Program Files/PostgreSQL/9.2/data\" -w"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2364642766-380116471-808518510-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:2e,de,7b,91,27,bf,fd,7d,64,ea,b0,b4,ff,ac,57,30,cc,4c,6b,23,31,
35,9f,fc,03,09,4a,6c,d1,41,fb,29,b3,3c,90,12,d3,cf,50,e6,cd,9e,ab,a3,a6,b7,\
"rkeysecu"=hex:19,72,f9,dd,37,ca,1a,3d,0e,9d,dd,85,c9,f7,6a,48
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10zi_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10zi_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10zi.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10zi.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10zi.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10zi.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgr.exe
c:\windows\SysWOW64\DllHost.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
c:\windows\SysWOW64\vmnat.exe
c:\program files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\VMware\VMware Player\vmware-authd.exe
c:\windows\SysWOW64\vmnetdhcp.exe
c:\program files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-01-06 10:16:17 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-01-06 09:16
.
Vor Suchlauf: 18 Verzeichnis(se), 134.930.001.920 Bytes frei
Nach Suchlauf: 25 Verzeichnis(se), 134.674.997.248 Bytes frei
.
- - End Of File - - 704FE3804F4AAF846475AF272E13ACF1
|
|
06.01.2013, 16:06
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trend Micro findet JAVA_BLACOLE.SMO adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
__________________ --> Trend Micro findet JAVA_BLACOLE.SMO |
|
06.01.2013, 16:31
| #7 |
| | Trend Micro findet JAVA_BLACOLE.SMO AdwCleaner: Code:
ATTFilter # AdwCleaner v2.104 - Datei am 06/01/2013 um 16:27:26 erstellt
# Aktualisiert am 29/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : *** - ***-VAIO
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gefunden : C:\ProgramData\Partner
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.7601.17514
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v17.0.1 (de)
Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\c05fe9f0.default\prefs.js
[OK] Die Datei ist sauber.
-\\ Opera v12.12.1707.0
Datei : C:\Users\***\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [1137 octets] - [06/01/2013 16:27:26]
########## EOF - C:\AdwCleaner[R1].txt - [1197 octets] ##########
|
|
06.01.2013, 16:57
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trend Micro findet JAVA_BLACOLE.SMO adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.01.2013, 18:02
| #9 |
| | Trend Micro findet JAVA_BLACOLE.SMO AdwCleaner: Code:
ATTFilter # AdwCleaner v2.104 - Datei am 06/01/2013 um 17:07:00 erstellt
# Aktualisiert am 29/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : *** - ***-VAIO
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\malware\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\ProgramData\Partner
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.7601.17514
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v17.0.1 (de)
Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\c05fe9f0.default\prefs.js
[OK] Die Datei ist sauber.
-\\ Opera v12.12.1707.0
Datei : C:\Users\***\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [1147 octets] - [06/01/2013 17:07:00]
########## EOF - C:\AdwCleaner[S1].txt - [1207 octets] ##########
Code:
ATTFilter OTL logfile created on: 06.01.2013 17:18:30 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 3,97 Gb Total Physical Memory | 2,23 Gb Available Physical Memory | 56,30% Memory free 7,93 Gb Paging File | 5,89 Gb Available in Paging File | 74,19% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 286,16 Gb Total Space | 125,06 Gb Free Space | 43,70% Space Free | Partition Type: NTFS Computer Name: ***-VAIO | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software) PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.) PRC - C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.) PRC - C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc.) PRC - C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe () PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) PRC - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe (Sony Corporation) PRC - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation) PRC - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation) PRC - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe (Sony Corporation) PRC - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation) PRC - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation) PRC - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation) PRC - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation) PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation) PRC - C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) PRC - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.) ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - (postgresql-x64-9.2) -- C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe (PostgreSQL Global Development Group) SRV:64bit: - (yksvc) -- C:\Windows\SysNative\yk62x64.dll (Marvell) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) SRV - (VUAgent) -- C:\Programme\Sony\VAIO Update\VUAgent.exe (Sony Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (SQLSERVERAGENT) -- c:\Programme\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE (Microsoft Corporation) SRV - (MSSQLSERVER) -- c:\Programme\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) SRV - (SQLWriter) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) SRV - (VMware NAT Service) -- C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.) SRV - (VMnetDHCP) -- C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.) SRV - (VMAuthdService) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc.) SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (VMUSBArbService) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe (VMware, Inc.) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (DirMngr) -- C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe () SRV - (FLEXnet Licensing Service 64) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (VSNService) -- C:\Programme\Sony\VAIO Smart Network\VSNService.exe (Sony Corporation) SRV - (VAIO Event Service) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV - (SOHPlMgr) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe (Sony Corporation) SRV - (SOHDms) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation) SRV - (SOHDs) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation) SRV - (SOHDBSvr) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe (Sony Corporation) SRV - (SOHCImp) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation) SRV - (Vcsw) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation) SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation) SRV - (VzCdbSvc) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation) SRV - (VCFw) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation) SRV - (VAIO Power Management) -- C:\Programme\Sony\VAIO Power Management\SPMService.exe (Sony Corporation) SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (VcmINSMgr) -- C:\Programme\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe (Sony Corporation) SRV - (VcmIAlzMgr) -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation) SRV - (Roxio Upnp Server 10) -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe (Sonic Solutions) SRV - (Roxio UPnP Renderer 10) -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe (Sonic Solutions) SRV - (VcmXmlIfHelper) -- C:\Programme\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe (Sony Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) SRV - (uCamMonitor) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.) ========== Driver Services (SafeList) ========== DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software) DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software) DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software) DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software) DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software) DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation) DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (RsFx0200) -- C:\Windows\SysNative\drivers\RsFx0200.sys (Microsoft Corporation) DRV:64bit: - (vmx86) -- C:\Windows\SysNative\drivers\vmx86.sys (VMware, Inc.) DRV:64bit: - (vmkbd) -- C:\Windows\SysNative\drivers\VMkbd.sys (VMware, Inc.) DRV:64bit: - (VMnetuserif) -- C:\Windows\SysNative\drivers\vmnetuserif.sys (VMware, Inc.) DRV:64bit: - (VMnetBridge) -- C:\Windows\SysNative\drivers\vmnetbridge.sys (VMware, Inc.) DRV:64bit: - (VMnetAdapter) -- C:\Windows\SysNative\drivers\vmnetadapter.sys (VMware, Inc.) DRV:64bit: - (hcmon) -- C:\Windows\SysNative\drivers\hcmon.sys (VMware, Inc.) DRV:64bit: - (vmusb) -- C:\Windows\SysNative\drivers\vmusb.sys (VMware, Inc.) DRV:64bit: - (vmci) -- C:\Windows\SysNative\drivers\vmci.sys (VMware, Inc.) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.) DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys () DRV:64bit: - (NETw5s64) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation) DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.) DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.) DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.) DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (risdsnpe) -- C:\Windows\SysNative\drivers\risdsne64.sys (REDC) DRV:64bit: - (rimspci) -- C:\Windows\SysNative\drivers\rimssne64.sys (REDC) DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (SFEP) -- C:\Windows\SysNative\drivers\SFEP.sys (Sony Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\NETw5v64.sys (Intel Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (ArcSoftKsUFilter) -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia) DRV:64bit: - (adfs) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.aon.at;<local> IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 10.0.0.1:3128 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.aon.at;<local> IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 10.0.0.1:3128 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2364642766-380116471-808518510-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-2364642766-380116471-808518510-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=SVEA&bmod=EU01 IE - HKU\S-1-5-21-2364642766-380116471-808518510-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2364642766-380116471-808518510-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2364642766-380116471-808518510-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-2364642766-380116471-808518510-1000\..\SearchScopes\{712C74F7-C3F1-40D8-B2AC-C7B887C3EAB7}: "URL" = hxxp://services.zinio.com/search?s={selection}&rf=sonyslices IE - HKU\S-1-5-21-2364642766-380116471-808518510-1000\..\SearchScopes\{D9550975-C80C-4962-A18D-AE8F81BC821C}: "URL" = hxxp://www.google.de/search?hl=de&q={searchTerms}&rlz=1I7SVEA_deAT358 IE - HKU\S-1-5-21-2364642766-380116471-808518510-1000\..\SearchScopes\{EE3A1D69-8AB8-4B63-AA29-25931167F3BC}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-16609-0/4?satitle={searchTerms} IE - HKU\S-1-5-21-2364642766-380116471-808518510-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2364642766-380116471-808518510-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.aon.at;<local> IE - HKU\S-1-5-21-2364642766-380116471-808518510-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 10.0.0.1:3128 IE - HKU\S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003\..\SearchScopes,DefaultScope = ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: colorchecker%40colorcheckerniquelao.net:1.1.02 FF - prefs.js..extensions.enabledAddons: validator%40totalvalidator.com:7.4.0 FF - prefs.js..extensions.enabledAddons: %7Bc45c406e-ab73-11d8-be73-000a95be3b12%7D:1.2.2 FF - prefs.js..extensions.enabledAddons: %7Be968fc70-8f95-4ab9-9e79-304de2a71ee1%7D:0.7.3 FF - prefs.js..extensions.enabledAddons: %7Bea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99%7D:0.3.8.1 FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:7.0.1474 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\ [2011.12.27 15:31:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.11.02 10:33:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.26 21:13:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.26 21:13:14 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.10.28 11:52:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2012.12.28 15:54:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\c05fe9f0.default\extensions [2012.12.28 15:54:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\c05fe9f0.default\extensions\trash [2011.12.01 15:04:44 | 000,080,889 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\c05fe9f0.default\extensions\colorchecker@colorcheckerniquelao.net.xpi [2012.12.28 15:54:43 | 002,151,598 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\c05fe9f0.default\extensions\firebug@software.joehewitt.com.xpi [2012.05.20 16:01:06 | 000,083,408 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\c05fe9f0.default\extensions\validator@totalvalidator.com.xpi [2012.10.03 20:19:19 | 001,268,546 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\c05fe9f0.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2012.10.29 12:26:13 | 000,042,336 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\c05fe9f0.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi [2012.05.20 16:14:02 | 000,041,372 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\c05fe9f0.default\extensions\{ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99}.xpi [2012.12.07 16:26:19 | 002,042,908 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\c05fe9f0.default\extensions\trash\firebug@software.joehewitt.com.xpi [2012.12.26 21:13:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.11.02 10:33:03 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF [2012.12.26 21:13:14 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.10.21 22:06:04 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.10.21 22:06:04 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.10.21 22:06:04 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.10.21 22:06:04 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.10.21 22:06:04 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.10.21 22:06:04 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2013.01.06 10:08:36 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKU\S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2364642766-380116471-808518510-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2364642766-380116471-808518510-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.) O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Value error.) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 10.10.2) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab (Solitaire Showdown Class) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{281F3844-8182-43BE-AF01-8632CF7475C6}: DhcpNameServer = 10.0.0.138 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.01.06 17:05:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.01.06 10:08:40 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2013.01.06 09:53:19 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.01.06 09:53:19 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.01.06 09:53:19 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.01.06 09:53:12 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.01.06 09:52:54 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.01.06 09:12:35 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{9E2E222D-CDBF-4754-96F3-D304B88EC7AC} [2013.01.05 18:02:32 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Papierkorb Sicherung [2013.01.05 18:01:40 | 005,019,547 | R--- | C] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe [2013.01.05 17:49:22 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{F76B52C6-A9BA-4401-A768-55FC0D0BB23B} [2013.01.05 09:03:10 | 000,000,000 | ---D | C] -- C:\Config.Msi [2013.01.05 08:59:04 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\malware [2013.01.05 08:55:42 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{D72CA536-9D0A-4A58-949E-53D6253EE8C8} [2013.01.02 10:05:12 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{44BBEA67-33B3-4F74-8422-5E8FC64F72C4} [2013.01.01 15:49:08 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{C9B9F429-4217-4DFE-A178-4B245FC81475} [2012.12.29 10:29:57 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{303C2C32-3E28-48D9-9377-A69921B75CE9} [2012.12.28 17:48:20 | 000,308,200 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2012.12.28 17:48:10 | 000,188,392 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2012.12.28 17:48:10 | 000,188,392 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2012.12.28 17:48:10 | 000,108,008 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll [2012.12.28 15:13:36 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2012.12.28 15:13:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.12.28 15:13:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.12.28 15:13:30 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.12.28 15:13:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.12.28 08:44:35 | 000,016,200 | ---- | C] (McAfee, Inc.) -- C:\Windows\stinger.sys [2012.12.28 08:44:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\stinger [2012.12.28 08:32:47 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{AB33D5A4-CAA5-4276-B65E-D8B16A2ED332} [2012.12.27 22:01:42 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{0C9BF4AF-FC0E-4B4A-B5C2-8EEC05E577D1} [2012.12.27 09:28:33 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{89765780-27D2-4E2A-A4BA-16F7DA2E93AA} [2012.12.26 21:13:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.12.26 20:11:14 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{F9E9FA90-16A0-4302-83C7-EEC1C3BBF6A5} [2012.12.25 12:36:24 | 000,000,000 | ---D | C] -- C:\JavaDriver [2012.12.25 10:33:52 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{33EA076A-2BD6-4632-9F14-753900191C61} [2012.12.24 10:24:19 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{DAA558EA-A706-4AB3-BBC5-A04477C6BB49} [2012.12.23 10:11:28 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{91C7D7A2-EF93-4F21-85DD-E8BD2B8E8BEE} [2012.12.22 09:36:53 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{AF312AD8-6C42-4736-ADE5-CA293C334C1D} [2012.12.21 12:16:03 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2012.12.21 12:16:03 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2012.12.21 12:16:02 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2012.12.21 12:16:01 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2012.12.21 10:57:50 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{1DE77072-BACB-4624-B6F0-880C76E2ECC4} [2012.12.20 22:57:24 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{F7172A53-2755-4819-A181-B52460282388} [2012.12.19 23:24:28 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{6F9EA7CA-4B18-4195-9DFE-58B5445CBEC0} [2012.12.19 11:23:53 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{E1201A38-BA8B-4CAB-9993-6019837F16E7} [2012.12.18 23:22:46 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{AF5CCBF1-2F1D-4AFE-9951-26C4FA1A1219} [2012.12.18 11:22:02 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{A751656F-2306-41A2-8CD2-0F538FA33C92} [2012.12.17 17:55:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{F55A3E9A-C296-4274-BB28-9B2D0A29E274} [2012.12.14 10:07:07 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{639BE218-4A98-4F8C-A1B1-67C9CE7FC091} [2012.12.13 09:42:07 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{BCDF6FAB-6E0F-4433-9D70-E41A6979332B} [2012.12.13 07:32:30 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012.12.13 07:32:29 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.12.13 07:32:29 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.12.13 07:32:28 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.12.13 07:32:28 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.12.13 07:32:27 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.12.13 07:32:27 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.12.13 07:32:12 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2012.12.13 07:32:12 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2012.12.13 07:32:10 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2012.12.13 07:32:09 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2012.12.13 07:32:05 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2012.12.13 07:32:04 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2012.12.13 07:32:04 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2012.12.13 07:32:04 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2012.12.13 07:32:03 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2012.12.13 07:32:03 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2012.12.13 07:32:03 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2012.12.13 07:32:02 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2012.12.13 07:32:01 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2012.12.13 07:32:01 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2012.12.13 07:32:01 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2012.12.13 07:32:01 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2012.12.13 07:32:01 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2012.12.13 07:32:01 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2012.12.13 07:32:01 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2012.12.13 07:32:01 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2012.12.13 07:32:01 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2012.12.13 07:32:01 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2012.12.13 07:32:01 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.12.13 07:32:01 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2012.12.13 07:32:01 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2012.12.13 07:32:01 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2012.12.13 07:32:01 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2012.12.13 07:32:01 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2012.12.13 07:32:01 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2012.12.13 07:32:01 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2012.12.13 07:32:01 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2012.12.13 07:32:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2012.12.13 07:32:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2012.12.13 07:32:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2012.12.13 07:32:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2012.12.13 07:32:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.12.13 07:32:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2012.12.13 07:32:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2012.12.13 07:32:00 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2012.12.13 07:32:00 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2012.12.13 07:32:00 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2012.12.13 07:32:00 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2012.12.13 07:32:00 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2012.12.13 07:32:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2012.12.13 07:32:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2012.12.13 07:32:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2012.12.13 07:31:59 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2012.12.13 07:31:59 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2012.12.13 07:31:59 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2012.12.13 07:31:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2012.12.13 07:31:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2012.12.13 07:31:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2012.12.13 07:31:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2012.12.13 07:31:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2012.12.13 07:31:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2012.12.13 07:31:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2012.12.13 07:31:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2012.12.13 07:31:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2012.12.13 07:31:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2012.12.13 07:31:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2012.12.13 07:31:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2012.12.13 07:31:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2012.12.13 07:31:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2012.12.13 07:31:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2012.12.13 07:31:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2012.12.13 07:31:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2012.12.13 07:31:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2012.12.13 07:31:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2012.12.13 07:31:53 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2012.12.13 07:31:38 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll [2012.12.13 07:31:38 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll [2012.12.12 21:13:14 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{C3A223BD-3AAB-4DE6-AA44-A58ED19DF53A} [2012.12.12 09:12:40 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{6CA5AD2A-AB12-4678-912E-F29CDC5F5228} [2012.12.11 16:46:41 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{D108392F-652F-44DB-8D93-33AFADCA94A0} [2012.12.10 20:40:47 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{706BE1F8-90EE-45F8-A812-3F91ED0C05B8} [2012.12.09 09:51:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{B18C7236-5287-442A-8D16-58DC5C9E92B3} [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.01.06 17:18:56 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.06 17:18:56 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.06 17:09:27 | 000,000,022 | ---- | M] () -- C:\Windows\S.dirmngr [2013.01.06 17:08:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.06 17:08:38 | 3195,297,792 | -HS- | M] () -- C:\hiberfil.sys [2013.01.06 17:05:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.01.06 10:08:36 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.01.05 18:02:03 | 005,019,547 | R--- | M] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe [2013.01.01 15:55:19 | 000,000,020 | ---- | M] () -- C:\Users\***\defogger_reenable [2012.12.28 17:48:06 | 000,108,008 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll [2012.12.28 17:48:04 | 000,308,200 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2012.12.28 17:48:04 | 000,188,392 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2012.12.28 17:48:03 | 000,188,392 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2012.12.28 17:48:02 | 001,081,320 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll [2012.12.28 17:48:02 | 000,959,976 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll [2012.12.28 17:45:01 | 000,404,920 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.12.28 14:41:11 | 008,045,285 | ---- | M] () -- C:\Users\***\AppData\Local\census.cache [2012.12.28 14:26:55 | 000,115,774 | ---- | M] () -- C:\Users\***\AppData\Local\ars.cache [2012.12.28 08:44:35 | 000,016,200 | ---- | M] (McAfee, Inc.) -- C:\Windows\stinger.sys [2012.12.27 17:28:53 | 000,000,600 | ---- | M] () -- C:\Users\***\AppData\Local\PUTTY.RND [2012.12.27 16:52:40 | 1128,267,776 | ---- | M] () -- C:\Users\***\Desktop\htsdebian-disk1.vmdk [2012.12.27 15:53:59 | 000,000,600 | ---- | M] () -- C:\Users\***\AppData\Roaming\winscp.rnd [2012.12.27 10:59:09 | 000,001,053 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.12.22 09:34:17 | 003,093,232 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.12.20 15:52:13 | 001,888,830 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.12.20 15:52:13 | 000,806,606 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.12.20 15:52:13 | 000,742,056 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.12.20 15:52:13 | 000,183,960 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.12.20 15:52:13 | 000,156,660 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.12.16 18:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2012.12.16 15:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2012.12.16 15:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2012.12.16 15:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.12.13 07:22:22 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.01.06 17:09:27 | 000,000,022 | ---- | C] () -- C:\Windows\S.dirmngr [2013.01.06 09:53:19 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.01.06 09:53:19 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.01.06 09:53:19 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.01.06 09:53:19 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.01.06 09:53:19 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.01.05 09:03:20 | 000,001,141 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk [2013.01.01 15:55:19 | 000,000,020 | ---- | C] () -- C:\Users\***\defogger_reenable [2012.12.28 15:57:57 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2012.12.20 10:44:18 | 1128,267,776 | ---- | C] () -- C:\Users\***\Desktop\htsdebian-disk1.vmdk [2012.11.25 14:48:05 | 000,000,725 | ---- | C] () -- C:\Users\***\AppData\Local\recently-used.xbel [2012.10.10 21:52:16 | 000,000,045 | ---- | C] () -- C:\Users\***\.gitconfig [2012.09.26 20:57:14 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2012.09.26 20:57:14 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2012.09.26 20:57:14 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2012.09.26 20:57:14 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2012.05.29 20:48:59 | 000,001,897 | ---- | C] () -- C:\Users\***\.TransferManager.db [2012.03.02 14:34:36 | 008,045,285 | ---- | C] () -- C:\Users\***\AppData\Local\census.cache [2012.03.02 14:33:58 | 000,115,774 | ---- | C] () -- C:\Users\***\AppData\Local\ars.cache [2012.02.29 16:31:21 | 000,000,600 | ---- | C] () -- C:\Users\***\AppData\Local\PUTTY.RND [2012.02.28 14:43:44 | 000,000,600 | ---- | C] () -- C:\Users\***\AppData\Roaming\winscp.rnd [2011.10.05 21:08:23 | 001,866,724 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.09.08 10:00:37 | 000,007,606 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg [2010.08.10 11:07:43 | 000,000,036 | ---- | C] () -- C:\Users\***\AppData\Local\housecall.guid.cache [2010.07.28 17:37:52 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.12.17 21:51:20 | 000,000,221 | ---- | C] () -- C:\ProgramData\MusicStation.xml [2009.12.17 21:43:45 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Roaming\wklnhst.dat ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2009.12.25 14:11:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Atari [2012.10.29 11:05:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Claws-mail [2012.09.17 10:23:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite [2011.07.18 13:05:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DisneyInteractiveStudios [2013.01.06 17:14:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox [2012.10.10 13:34:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\enchant [2012.10.29 13:48:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gnupg [2012.10.29 10:40:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0 [2012.11.23 17:05:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IBM [2012.11.22 09:46:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Little Inferno [2011.10.12 09:04:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAXON [2012.09.20 14:55:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\NetBeans [2011.12.27 15:32:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia [2010.03.18 14:42:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org [2011.09.01 08:53:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera [2011.12.27 15:32:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite [2012.12.01 17:01:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\postgresql [2012.09.23 16:17:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Rational [2012.11.13 23:15:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung [2010.04.27 16:16:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SporeCreatureCreator [2010.03.16 08:36:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Subversion [2009.12.17 21:44:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Template [2011.11.30 18:15:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TotalValidatorTool [2011.10.14 16:00:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software [2011.07.18 13:07:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ubisoft [2012.11.25 14:46:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Wireshark ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 06.01.2013 17:18:30 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
3,97 Gb Total Physical Memory | 2,23 Gb Available Physical Memory | 56,30% Memory free
7,93 Gb Paging File | 5,89 Gb Available in Paging File | 74,19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286,16 Gb Total Space | 125,06 Gb Free Space | 43,70% Space Free | Partition Type: NTFS
Computer Name: ***-VAIO | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Opera\opera.exe" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Opera\opera.exe" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D9E6E34-B54C-4CFF-B1B7-38AE1B757871}" = rport=137 | protocol=17 | dir=out | app=system |
"{17654F28-C977-481E-BAF0-87D912A6277E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2231460B-0898-4AF4-9498-C3B2F631FCC1}" = rport=138 | protocol=17 | dir=out | app=system |
"{242B8F78-CDCC-4FCD-AA9C-F158339B8216}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{29ACF49F-8EEC-4A29-81A0-7A5463C2623C}" = lport=10243 | protocol=6 | dir=in | app=system |
"{32DC8152-2BF0-4E82-AFAD-49357D48DD75}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{4A5B257C-4AF2-416E-8782-990B3B454AB5}" = rport=445 | protocol=6 | dir=out | app=system |
"{4E393D1B-0458-4129-88B8-8B6ED6A2CAD7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4F82A3A2-FDF3-4F73-9AE0-C1159F204C0E}" = lport=445 | protocol=6 | dir=in | app=system |
"{631F64B3-3E62-4094-9955-84958B972AF3}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{70364A47-F265-41D7-9F9F-19DB01A6E99B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{72EDB91F-8F34-4969-ACB4-5D9DB00134EA}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{770E11D4-D59E-4F6B-88C7-6EF3D46A3400}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{84D76069-4D54-4908-87E7-B433B0F2B412}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{877320E4-5737-4275-84C8-82385ED8C9F1}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{8D8D25BC-AA00-457D-B3B9-CB6B56E48235}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{8DD0A7DB-F975-4823-9206-D1BAB442A1C8}" = lport=138 | protocol=17 | dir=in | app=system |
"{97FFB25D-85F8-4770-BE41-B281421B74A2}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{98CE7685-0050-447A-BB13-3D29C0683D64}" = lport=139 | protocol=6 | dir=in | app=system |
"{9A7C83F9-3FCD-4145-8328-F975294442E5}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{A12FC105-751F-4428-BA96-59223DAE3414}" = lport=137 | protocol=17 | dir=in | app=system |
"{A8FA3C20-3321-4CBF-AFD2-70ADD4DF61B8}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{ABE0F5A9-EBCB-47D9-9C35-F1F42E35EA2B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B2EA1BC1-9B16-4773-B6BF-E1CC8A3B4E3D}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{B6A5B75E-B63B-413A-91FF-1894DBBDD7DF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B9029103-832D-428A-8BB5-B2A58D22FDC1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C9A0C11C-6AE1-49D2-936A-0E535A67286A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CD842334-CCDB-4082-AAD5-FB8CA24A7134}" = rport=139 | protocol=6 | dir=out | app=system |
"{D0228C10-566C-46E8-8898-211A98BCE299}" = rport=10243 | protocol=6 | dir=out | app=system |
"{D0B30397-BC22-4632-A730-88CA549C2B33}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DDB4B07A-040F-4FDD-99C8-1E10FB10FE52}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DF6AD845-4E21-4D7F-8D7F-930DB8D7084A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{E1892623-1016-4A67-817D-09B4785F5F83}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{EF4C263C-3DF9-46B4-8A33-F93E752F0DC2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F5453B0B-3B68-46D7-807B-821D84E7A380}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{F9993E3C-599A-4970-A7A7-222C711AA693}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{FBCE5ACF-BFEB-4AA5-B04A-B2A2C87B998B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FCD6A943-52A6-464E-9FAB-A4685BB218AC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{064669A9-A861-4BD9-8357-655EFB614384}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{0CFDC29D-0430-4E74-840B-8AD5DB82DF3D}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{0DE95D78-8769-461A-9578-C47769F5FA57}" = protocol=6 | dir=in | app=c:\program files\java\jdk1.7.0_07\bin\java.exe |
"{17B4C0E7-BF7F-4761-8633-F0B35DD592A5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{18171265-A4A3-4D0B-BD5F-1A8EF3FE17CD}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{18863D3E-2891-40BA-9530-ED1697C8CCFA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1EBBC886-6616-44E5-AC39-F232D0B31B86}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{22D8A8A8-B9EF-41E7-8248-89D94A45B3A5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{22FE5605-9C73-4B21-AAAF-2D696273FF3B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2FAF4E1E-908D-472D-B8CA-F113A0445FF1}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\demo\tom clancy's h.a.w.x\hawx.exe |
"{33F7F8B0-70A1-4A97-AC5F-AE0B190C31A2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{342AD4DE-7722-4C7F-A26E-E24CF4938713}" = protocol=17 | dir=in | app=c:\program files\java\jdk1.7.0_07\jre\bin\java.exe |
"{38B35607-93D2-40B5-84D1-B231C7376BFD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{38CA7048-05D2-4055-BD0B-76A6A9EDE9BF}" = protocol=6 | dir=in | app=c:\users\***\ibm\sdp\jdk\jre\bin\javaw.exe |
"{3B94D4F9-3EBB-4E9F-8968-72E1E33EF474}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3C2FFE4E-52FD-44B6-A76D-E1D7A990392C}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{3D6702AC-6596-406E-9C78-DF6CDDEC5CD9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{52BBADC8-D488-4A44-93C4-53E81DFE13C9}" = protocol=6 | dir=in | app=h:\xampp\apache\bin\httpd.exe |
"{53635603-0D5F-4E92-9DE1-A1617B3D9E0B}" = protocol=17 | dir=in | app=c:\program files\netbeans 7.2\bin\netbeans64.exe |
"{5578733C-A197-4540-AF01-4702880C9E78}" = protocol=6 | dir=in | app=c:\program files\java\jdk1.7.0_07\jre\bin\java.exe |
"{55FB2D80-58C3-4378-9281-BE675010A150}" = protocol=17 | dir=in | app=h:\xampp\apache\bin\httpd.exe |
"{57D8E1BD-904A-464D-8997-5B4FE4475727}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{585F1361-025A-4F8F-BA0E-A8722E7F4F06}" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"{5911BAC6-8399-4C73-B6C6-032CAC3A9E6E}" = protocol=6 | dir=in | app=c:\program files\netbeans 7.2\bin\netbeans64.exe |
"{5FB1EA73-124D-4091-85EA-76BE619A1152}" = dir=in | app=c:\program files (x86)\common files\sony shared\sohlib\sohcimp.exe |
"{605FA395-48FC-47FB-828A-6059797F8E3C}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{6CEC6255-6700-4BEC-B863-C7A5F583A98B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{746E08D6-208C-4950-A4A5-BC2F2C257DAC}" = protocol=17 | dir=in | app=c:\program files\java\jdk1.7.0_07\bin\java.exe |
"{74FB0D9F-A8CD-4830-A507-3430AC994448}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{75E43065-82E7-414F-A264-5D0E162B08ED}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7C6179E7-3BE3-4C04-A734-89D93209F862}" = protocol=17 | dir=in | app=c:\users\***\ibm\sdp\jdk\jre\bin\javaw.exe |
"{7F8A9714-7642-450E-925B-F476CFB4A183}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{852EF1FD-7E84-4C54-9507-68BCD1A51985}" = protocol=6 | dir=out | app=system |
"{856C5E47-C96A-4ABA-B179-91984F65649D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{856C82F2-C5B7-40EA-AE38-98B7D6B541EC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{88AD9329-DD0D-4C17-AD1E-3A9EAB297623}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\demo\tom clancy's h.a.w.x\hawx_dx10.exe |
"{8D136EC8-0F7A-45C5-9BDF-7144AE96372C}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{913E38B5-0680-4595-9A26-F85D2F312497}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{93D52D80-7A2A-4847-B004-87D7AA236BD3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A9365AB1-B62C-4F9F-89C1-931446A0FA59}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{B06075B3-F8CD-4C0B-88CC-83F3A5CED3A5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{B1259281-65BA-4E01-97E5-4B6E17349BD2}" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"{B5800214-2698-4316-977C-08B449AD5F76}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\demo\tom clancy's h.a.w.x\hawx.exe |
"{BEC1DDE5-285E-4610-8EF6-D844066A7E82}" = dir=in | app=c:\program files (x86)\common files\sony shared\sohlib\sohds.exe |
"{C6046E07-A06F-4DE5-A07D-8137E859E58F}" = dir=in | app=c:\program files (x86)\common files\sony shared\sohlib\sohdms.exe |
"{C9414FC9-87A4-4041-89D9-DB8156DBD2CB}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{C9C99680-BA4F-4F5E-AA03-0D4ACA13736D}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\demo\tom clancy's h.a.w.x\hawx_dx10.exe |
"{D30F97C5-9E25-4B32-8372-43B74CA14E9B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{D7934776-357E-4D8B-AD42-07321AAB5AF7}" = dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe |
"{DF9D2522-2DBD-42B0-8A69-2B87F50D68D6}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{E288D159-9A18-4B99-9B69-CA627304431E}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{E2CBAE18-DB28-4A92-9927-6EF4399A4FE8}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{E3E9AED3-8D94-4F3E-BA99-4E8AF20CC5D6}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E4B8C225-6ECC-457D-8864-243097289F2E}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{E5F0074A-8343-4AB1-A428-804A75147DCA}" = dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe |
"{E84E1B9E-D2F7-4DF5-9379-5D6A79B46DA4}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{ED5B87C8-C30D-49C0-8373-2DF840EEAA47}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{EF90D00D-5729-4CB7-9432-488A6071399E}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{F650C0A1-0B38-41F4-B60B-D5579F0B14C1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F71DF4AD-67E1-4914-8719-A3F99D6C7A9E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F925B0BC-0208-4DC8-BAAD-5322348051BD}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{FBB011B5-E47F-487D-892A-093B5FD1424E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"TCP Query User{3301BEA7-4F46-4269-81E0-DF7F262E00AE}C:\program files\java\jdk1.7.0_07\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jdk1.7.0_07\bin\java.exe |
"TCP Query User{51B0D354-19C2-478A-848A-319599C79FAE}C:\users\***\ibm\sdp\jdk\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\users\***\ibm\sdp\jdk\jre\bin\javaw.exe |
"TCP Query User{56DA2019-FD82-4994-B399-A1DA2428B243}H:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=h:\xampp\apache\bin\httpd.exe |
"TCP Query User{7AC95FBC-87F3-4B56-AFD5-115C61B37C2A}C:\program files (x86)\trackmania united\tmunited.exe" = protocol=6 | dir=in | app=c:\program files (x86)\trackmania united\tmunited.exe |
"TCP Query User{856ECFF7-8882-4567-8CEB-7FBD359000CB}C:\program files\java\jdk1.7.0_07\jre\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jdk1.7.0_07\jre\bin\java.exe |
"TCP Query User{958273A1-13B8-4E09-A3BA-F93805008543}C:\program files\netbeans 7.2\bin\netbeans64.exe" = protocol=6 | dir=in | app=c:\program files\netbeans 7.2\bin\netbeans64.exe |
"TCP Query User{9710B6E7-D610-416F-AA11-8D2566B2CAF2}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"TCP Query User{AC1D7E2F-F329-4062-8AB4-713D0AA69F36}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"TCP Query User{BDAF9002-0EA1-4637-986F-28BAD3D77B69}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{DBCB627A-5B59-4C1E-9162-62B1B9D9B6F9}C:\udk\udk-2010-06\binaries\win64\udk.exe" = protocol=6 | dir=in | app=c:\udk\udk-2010-06\binaries\win64\udk.exe |
"TCP Query User{DCCABE97-26EB-45C4-BE59-5233AFEC558F}C:\users\***\appdata\local\temp\cprogram files (x86)opera\operaupgrader.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\local\temp\cprogram files (x86)opera\operaupgrader.exe |
"UDP Query User{3EB21573-6A22-43D3-89C8-B0664FBBC074}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"UDP Query User{3F737161-EC72-4695-9046-D73CB2A4DF6B}C:\users\***\appdata\local\temp\cprogram files (x86)opera\operaupgrader.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\local\temp\cprogram files (x86)opera\operaupgrader.exe |
"UDP Query User{4D1405F2-156D-4982-AE61-9D439379CDD5}C:\program files\java\jdk1.7.0_07\jre\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jdk1.7.0_07\jre\bin\java.exe |
"UDP Query User{57E18B03-BA84-4EBB-A2BB-1AE4739BD1CA}C:\udk\udk-2010-06\binaries\win64\udk.exe" = protocol=17 | dir=in | app=c:\udk\udk-2010-06\binaries\win64\udk.exe |
"UDP Query User{581892EF-EE78-4F35-A2EA-0C76508BCB7F}C:\users\***\ibm\sdp\jdk\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\users\***\ibm\sdp\jdk\jre\bin\javaw.exe |
"UDP Query User{63BA694B-689E-4767-9D20-CDFE85FE9044}C:\program files\netbeans 7.2\bin\netbeans64.exe" = protocol=17 | dir=in | app=c:\program files\netbeans 7.2\bin\netbeans64.exe |
"UDP Query User{70DE3724-27CD-42AC-B4A5-7C6E83AE359B}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{9C3E1F6D-F729-4F6A-A6C2-9D5806C6493C}H:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=h:\xampp\apache\bin\httpd.exe |
"UDP Query User{BEDD04C7-D718-4427-93C7-42995C63CE19}C:\program files (x86)\trackmania united\tmunited.exe" = protocol=17 | dir=in | app=c:\program files (x86)\trackmania united\tmunited.exe |
"UDP Query User{C588D8C3-765E-4031-8898-FCEB336FFD23}C:\program files\java\jdk1.7.0_07\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jdk1.7.0_07\bin\java.exe |
"UDP Query User{FF127051-77B5-4540-80DA-7C15E32C46D9}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{13C9CD03-A5FE-4F50-AC8A-17B77C38CC52}" = Microsoft SQL Server 2012 Transact-SQL ScriptDom
"{18B2A97C-92C3-4AC7-BE72-F823E0BC895B}" = SQL Server 2012 Database Engine Services
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{202AAF1F-69AA-442A-B59F-6B54B1AD07C6}" = SQL Server 2012 Common Files
"{26A24AE4-039D-4CA4-87B4-2F86417010FF}" = Java 7 Update 10 (64-bit)
"{26F35006-0545-4F78-90D8-C2FDF0028692}" = SQL Server 2012 Database Engine Services
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{2DF4C5DD-7417-301D-935D-939D3B7B5997}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{2EC53A73-C6E6-4BD2-ACC2-0CD078D5F2CC}" = Microsoft SQL Server 2012-Setup (Deutsch)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4FF5C7C9-86CC-41ED-B93B-0B51AB4FED24}" = VmciSockets
"{53952792-BF16-300E-ADF2-E7E4367E00CF}" = Visual Studio 2010 Prerequisites - English
"{53CDFF43-1CE7-444B-AEBE-A5FB7B82511D}" = SQL Server 2012 Common Files
"{54FF8FAB-DE27-4187-82F1-EBAE6AEE869A}" = SQL Server 2012 Database Engine Shared
"{55FABD1D-8BE6-4A1A-958D-52B15F1DFEF0}" = Microsoft SQL Server 2012 Transact-SQL Compiler Service
"{5D762D74-E92F-4E95-9255-D85312617E4D}" = TortoiseSVN 1.7.9.23248 (64 bit)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0170070}" = Java SE Development Kit 7 Update 7 (64-bit)
"{64A5D39C-95CD-4B8B-B2FA-6C713133B57F}" = Microsoft-System-CLR-Typen für SQL Server 2012 (x64)
"{6AF73222-EE90-434C-AE7E-B96F70A68D89}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup
"{6B7DE186-374B-4873-AEC1-7464DA337DD6}" = VU5x64
"{7647B46D-D4E6-43A5-AC9D-0BAA28C63271}" = Microsoft VSS Writer für SQL Server 2012
"{7E587F58-50BE-3557-89F6-14D99CB5FB2A}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{867DE0DC-A93F-41EA-9654-A212514FA946}" = Oracle VM VirtualBox 4.2.4
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8E4BA1E5-54E8-41F0-919B-CD875B83CFCE}" = Microsoft SQL Server 2012 Native Client
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{A0F05048-7653-4FCD-9F3A-C740E4052ACE}" = Microsoft SQL Server 2012 RsFx Driver
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{A7037EB2-F953-4B12-B843-195F4D988DA1}" = SQL Server 2012 Management Studio
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{AC3539BE-6ACD-3078-B521-0AC2884720F3}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BCA26999-EC22-3007-BB79-638913079C9A}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
"{BED1EA3D-592D-4305-9D1F-20F03726EFC1}" = Sql Server Customer Experience Improvement Program
"{C214301F-F5D7-36D9-B3A2-1467C5586495}" = Microsoft Help Viewer 1.1 Language Pack - DEU
"{C3EAE456-7E7A-451F-80EF-F34C7A13C558}" = Microsoft SQL Server Compact 3.5 SP2 x64 DEU
"{CCAFF072-4DDB-4846-963D-15F02A8E9472}" = Intel(R) PROSet/Wireless WiFi-Software
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{D4DF6EA6-4B7A-42B4-9C56-D8BC7D087F7A}" = SQL Server 2012 Database Engine Shared
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{E5748D30-7E6D-3A8E-BFE6-C1D02C6DDABB}" = Microsoft Help Viewer 1.1
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F9FDAEBA-9BFE-4FDD-BDEB-482A3F5316C8}" = SQL Server 2012 Management Studio
"72A50F48CC5601190B9C4E74D81161693133E7F7" = Windows-Treiberpaket - Nokia Modem (02/25/2011 7.01.0.9)
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"E0AC723A3DE3A04256288CADBBB011B112AED454" = Windows-Treiberpaket - Nokia Modem (02/25/2011 4.7)
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"MAXONB6EC381C" = CINEMA 4D 11.514
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1
"Microsoft Help Viewer 1.1 Language Pack - DEU" = Microsoft Help Viewer 1.1 Language Pack - DEU
"Microsoft SQL Server 11" = Microsoft SQL Server 2012 (64-Bit)
"Microsoft SQL Server SQLServer2012" = Microsoft SQL Server 2012 (64-Bit)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU
"nbi-nb-base-7.2.0.0.201207171143" = NetBeans IDE 7.2
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"PostgreSQL 9.2" = PostgreSQL 9.2
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{01C79EF3-DE84-4B56-B638-8BEA0D507506}" = Microsoft XNA Game Studio 4.0 (XnaLiveProxy)
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{0666E46E-A860-4353-BE6D-13AA72FABB57}" = Microsoft XNA Game Studio Platform Tools
"{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}" = VAIO Smart Network
"{08C84CC6-E7FD-4B2D-BBF9-B02CC90EE031}" = Microsoft XNA Game Studio 4.0 (Shared Components)
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0A5F02E5-1A52-4F85-892C-A35227641C75}" = VAIO Content Metadata Intelligent Analyzing Manager
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0E77269E-DC0F-46DC-946C-8E95CB1455AC}" = Media Gallery
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1A4C9497-7D4B-466D-8D3A-FE0D925386DC}" = SQL Server-Browser für SQL Server 2012
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2018C019-30D9-4240-8C01-0865C10DCF5A}" = Unterstützung für VAIO-Präsentation
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = Einstellungen für VAIO-Inhaltsüberwachung
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{2BE51320-174A-44EC-8041-50E35E091283}" = VAIO Content Metadata Intelligent Analyzing Manager
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x86
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3B1168DE-1F8C-471C-AC49-0CA52F096170}" = VAIO Content Metadata Intelligent Network Service Manager
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3F4EB5FE-B5BE-4069-A5A8-6D9262E1B379}" = Microsoft XNA Game Studio 4.0 Documentation
"{41313863-5170-4D7E-AD60-3CDF4DEBA81F}" = Nokia PC Suite
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{46F8CF66-AB83-38A7-99B2-A5BE507EE472}" = Microsoft Visual C++ 2010 Express - ENU
"{48E91AD2-2A80-4E70-98E6-450A189F6048}" = VAIO Movie Story
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA68A73-DB9C-439D-9481-981C82BD008B}" = Nokia Connectivity Cable Driver
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"{51CFD8DC-5C66-42ec-9598-72E28FD62ED5}" = MusicStation
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy Media Creator 10 LJ
"{547C9EB4-4CA6-402F-9D1B-8BD30DC71E44}" = VAIO Sample Contents
"{57AABF73-E17F-4212-A103-13A9794F0869}" = VAIO Content Metadata XML Interface Library
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic
"{5973B12E-5FC1-4EF6-B63B-49C1C4AF2AAA}" = Microsoft SQL Server 2008 R2 Management Objects
"{59F24743-2EA1-3A45-B8C2-6E0E1E078FA8}" = Microsoft Visual C# 2010 Express - ENU
"{5AB7D739-1735-3A9E-BE73-C43507CB4E6F}" = Microsoft Visual Studio 2010 Service Pack 1
"{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
"{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = VAIO-Support für Übertragungen
"{5EE6E987-1B79-4A93-832B-27472C7D1579}" = WPF Toolkit February 2010 (Version 3.5.50211.1)
"{5F2D882B-A663-4EB5-9851-48CC6C75FD2D}" = VAIO Content Metadata Intelligent Network Service Manager
"{5F5867F0-2D23-4338-A206-01A76C823924}" = VAIO Energie Verwaltung
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc
"{68BD57D3-D606-411E-A7E0-3EB6EA5660F6}" = Microsoft XNA Game Studio 4.0 (Redists)
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{70991E0A-1108-437E-BA7D-085702C670C0}" =
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{7395DD51-0D1A-47A7-9993-742073ECF4CE}" = VAIO Content Metadata Manager Settings
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{73BE04D9-BA0E-4BAF-9C9D-677278BDB3DC}" = Microsoft XNA Game Studio 4.0 (ARP entry)
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A512C74-7780-43A1-93DA-29C23D0DF374}" = VAIO Content Metadata XML Interface Library
"{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects 2
"{7E8DE539-B044-48B3-BC76-4F0A089ABE2F}" = VAIO Content Metadata Intelligent Analyzing Manager
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{860E3C5D-BE36-49FE-BCFA-1A09B90D6F49}" = VAIO Content Metadata Manager Settings
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C496FBF-DB4A-468D-A3A1-15E127382218}" = Microsoft XNA Game Studio 4.0 (Visual Studio)
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}" = VAIO Media plus
"{8EB8E60B-315D-44EB-A896-10D88602EE46}" = Adobe Setup
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3
"{9238E8A4-BEBA-43A3-B926-769BDBF194C5}" = VAIO Media plus Opening Movie
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{931FE23C-BB40-4C7A-A594-DB35908D8E83}" = VAIO Quick Web Access
"{949419DF-F4AF-4693-B60A-522B24F233C6}" = VAIO Content Metadata XML Interface Library
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" =
"{987AE03F-234A-3623-BD28-6B31FD1D3AB3}" = Microsoft Visual Studio 2010 Shell (Isolated) - DEU
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D12A8B5-9D41-4465-BF11-70719EB0CD02}" = VU5x86
"{9D912275-85FD-45F6-9AF3-388A0F8AADB2}" = VAIO Content Metadata Intelligent Network Service Manager
"{9E39EA0D-38CD-4739-9E28-DEA4A1155522}" = Sony Home Network Library
"{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}" = VAIO Update
"{A282A232-780C-45E2-A5E5-9B61D74DCC6E}" = Microsoft SQL Server System CLR Types
"{A568DFBD-4A04-484E-86BB-165AA6C53E2B}" = VAIO Content Monitoring Settings
"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Funktion Einstellungen
"{A7C30414-2382-4086-B0D6-01A88ABA21C3}" = VAIO Gate
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C0482AA0-9CDF-49B4-9B39-551FD1A7A7E6}" = VAIO Movie Story 1.5 Upgrade
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Music Transfer
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF0F8D1B-5FB9-468D-BD88-E6239906D2B7}" = Click to Disc
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D03D02D8-AB64-4785-A48E-5AA8B0FB8C14}" = Sony Home Network Library
"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
"{D2D23D08-D10E-43D6-883C-78E0B2AC9CC6}" = VU5x86
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{D8AE7D4E-BA8B-4F7B-BF50-8D2F090034F0}" = VAIO Content Metadata Intelligent Analyzing Manager
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{DD88F979-FA58-41AC-980C-A6E1A82B61D9}" = Media Gallery
"{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}" = ArcSoft WebCam Companion 3
"{DF95F1EE-9ECA-45C1-B02B-F56DDB8A3E83}" = PC Connectivity Solution
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E452E727-86B8-4233-8CC3-41FD817AFAFF}" = VMware Player
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{EA926717-CE5A-4CB4-AB21-9E6E9565A458}" = RCT3 Soaked
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1432614-6183-49E6-98E8-674485463CFE}" = VAIO Original Function Settings
"{F2C6E9F1-8F35-42A0-A9CA-E6C94D92A86C}" = Microsoft Report Viewer 2012-Laufzeit
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FB77DB0C-6951-47B6-9D80-A0FDBEE0334C}" =
"{FBBF5D9C-1989-4933-AE4E-19EE368385B4}" = VAIO Entertainment Platform
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_5aab5a491a3a52ae624fd639f6aaa95" = Adobe After Effects CS4 Third Party Content
"Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
"avast" = avast! Free Antivirus
"EAX Unified" = EAX Unified
"ENTERPRISE" = Microsoft Office Enterprise 2007
"GPG4Win" = Gpg4win (2.1.0)
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"MarketingTools" = VAIO Marketing Tools
"MFU Module" =
"Microsoft Visual C# 2010 Express - ENU" = Microsoft Visual C# 2010 Express - ENU
"Microsoft Visual C++ 2010 Express - ENU" = Microsoft Visual C++ 2010 Express - ENU
"Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nmap" = Nmap 6.01
"Nokia PC Suite" = Nokia PC Suite
"OpenAL" = OpenAL
"Opera 12.12.1707" = Opera 12.12
"splashtop" = VAIO Quick Web Access
"SystemRequirementsLab" = System Requirements Lab
"VAIO Help and Support" =
"VLC media player" = VLC media player 1.0.5
"VMware_Player" = VMware Player
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"winscp3_is1" = WinSCP 4.3.7
"Wireshark" = Wireshark 1.8.3 (64-bit)
"XNA Game Studio 4.0" = Microsoft XNA Game Studio 4.0
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2364642766-380116471-808518510-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"MiKTeX 2.8" = MiKTeX 2.8
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 25.09.2011 04:48:16 | Computer Name = ***-VAIO | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
(Fehlercode = 0x80042019)
Error - 26.09.2011 03:28:50 | Computer Name = ***-VAIO | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
(Fehlercode = 0x80042019)
Error - 26.09.2011 13:04:20 | Computer Name = ***-VAIO | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksdb.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 26.09.2011 13:04:20 | Computer Name = ***-VAIO | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksCal.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 26.09.2011 13:04:20 | Computer Name = ***-VAIO | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 26.09.2011 13:04:20 | Computer Name = ***-VAIO | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 27.09.2011 11:36:22 | Computer Name = ***-VAIO | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
(Fehlercode = 0x80042019)
Error - 28.09.2011 11:01:39 | Computer Name = ***-VAIO | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
(Fehlercode = 0x80042019)
Error - 29.09.2011 14:37:35 | Computer Name = ***-VAIO | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
(Fehlercode = 0x80042019)
Error - 30.09.2011 03:44:25 | Computer Name = ***-VAIO | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
(Fehlercode = 0x80042019)
[ System Events ]
Error - 06.01.2013 04:11:56 | Computer Name = ***-VAIO | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Roxio Upnp Server 10 erreicht.
Error - 06.01.2013 04:55:07 | Computer Name = ***-VAIO | Source = Service Control Manager | ID = 7034
Description = Dienst "DirMngr" wurde unerwartet beendet. Dies ist bereits 1 Mal
passiert.
Error - 06.01.2013 04:58:49 | Computer Name = ***-VAIO | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error - 06.01.2013 05:02:00 | Computer Name = ***-VAIO | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 06.01.2013 05:02:44 | Computer Name = ***-VAIO | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error - 06.01.2013 05:02:55 | Computer Name = ***-VAIO | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error - 06.01.2013 05:04:35 | Computer Name = ***-VAIO | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Roxio Upnp Server 10 erreicht.
Error - 06.01.2013 05:29:44 | Computer Name = ***-VAIO | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Roxio Upnp Server 10 erreicht.
Error - 06.01.2013 11:22:43 | Computer Name = ***-VAIO | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Roxio Upnp Server 10 erreicht.
Error - 06.01.2013 12:10:29 | Computer Name = ***-VAIO | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Roxio Upnp Server 10 erreicht.
< End of report >
|
|
07.01.2013, 20:54
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trend Micro findet JAVA_BLACOLE.SMO Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.01.2013, 08:24
| #11 |
| | Trend Micro findet JAVA_BLACOLE.SMO Weder Malwarebytes noch Eset haben was gefunden. Hier noch die beiden Logs. Malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.01.07.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 *** :: ***-VAIO [Administrator] 07.01.2013 21:09:22 mbam-log-2013-01-07 (21-09-22).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 258235 Laufzeit: 4 Minute(n), 16 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6844
# api_version=3.0.2
# EOSSerial=1eb03ec9c04f5c4c909d46e895f25487
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-01-07 11:02:58
# local_time=2013-01-08 12:02:58 (+0100, Mitteleuropäische Zeit)
# country="Austria"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 100 94 5726274 134309650 0 0
# compatibility_mode=5893 16776574 100 94 225867 109229628 0 0
# scanned=317404
# found=0
# cleaned=0
# scan_time=9804
|
|
08.01.2013, 20:02
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trend Micro findet JAVA_BLACOLE.SMO Sieht soweit ok aus Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.01.2013, 20:38
| #13 |
| | Trend Micro findet JAVA_BLACOLE.SMO Ich hab mich die letzten Tage mal etwas mit den Sicherheitseinstellungen des Browsers beschäftigt und hab eine Einstellung gefunden, die nur Cookies zulässt, die tatsächlich von der besuchten Seite stammen. Immerhin werden damit schonmal die Cookies von eingebundenen Werbebannern abgelehnt. Das mit dem Hosts File werd ich mir aber auch nochmal anschauen. Danke für die Info! Sonstige Probleme haben sich zumindest keine bemerkbar gemacht und auch Virenscanner melden keine Funde mehr. Also vielen, vielen Dank für deine Hilfe! Wirklich toll, dass ihr in eurer Freizeit anderen mit solchen Problemen helft.  Eine letzte Bitte hätte ich allerdings noch an dich. Könntest du mir bitte kurz zusammenfassen welche Einträge in den Logdateien relevant waren, welche Malware ich jetzt eigentlich am System hatte und woran du es erkannt hast? Ich hab vor Kurzem mit meinem Informatikstudium begonnen und könnte gerade in dem Bereich noch einiges dazu lernen. |
|
08.01.2013, 20:42
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trend Micro findet JAVA_BLACOLE.SMO Was du drauf hattest siehst du doch in den Logs von TrendMicro und Combofix!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.01.2013, 21:46
| #15 |
| | Trend Micro findet JAVA_BLACOLE.SMO Im Prinzip schon. Mich verwirrt nur etwas, dass alle Scanner was anderes gemeldet haben. Avast hat dieses Java Blacole gefunden und Vaio Update als Rootkit gemeldet. Combofix fand alte SecureW2 Dateien und Wireshark DLLs verdächtig, hat die Vaio Software aber nicht erwähnt. Wie unterscheidet ihr bei sowas dann zwischen False Positive und tatsächlicher Bedrohung?  Du hast auch nach dem Scan mit AdwCleaner geschrieben, dass ich zur Kontrolle einen Scan mit OTL durchführen soll. Lassen sich aus einem OTL Log auch Hinweise über Malware Infektionen finden? Für mich war das immer nur ein Tool um Infos über das System und die installierten Programme zusammenzufassen. |
|
| Themen zu Trend Micro findet JAVA_BLACOLE.SMO |
| adobe, adobe after effects, antivirus, autorun, bho, dateien gelöscht, einstellungen, error, firefox, flash player, format, home, install.exe, log-datei, logfile, office 2007, photoshop, plug-in, problem, realtek, registry, rundll, scan, security, software, spam, svchost.exe, system, third party, udp, visual studio, win64, windows, wrapper |
Linear-Darstellung
