| |
| |||||||
Log-Analyse und Auswertung: TR/PSW.Zbot.AM987Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
15.04.2013, 13:43
| #1 |
 |  TR/PSW.Zbot.AM987 Hallo liebe Helfer, ich bin froh, dass ich hier kompetente Hilfe bekomme. Seit Dezember bei der Onlinebanking habe ich bemerkt (durch ein Fenster das alle meine TANs verlangte, angeblich von der Bank) dass mein Laptop infiziert ist. Meine Bank hat mein Account deaktiviert bis ich mein PC wieder sauber kriege. Avira hat 4 mal TR/Agent.fqv und 1mal TR/Sirefef.AH im Dezember gefunden und am 12.04.2013 noch TR/PSW.Zbot.AM.987 in Quarantäne gesperrt. Durch Suche in Google bin auf Ihre Seite aufmerksam geworden und alle Schritten gemacht und 3 Dateien erstellt. Mein Sony Laptop mit: Windows 7 Home Premium Service Pack 1 Prozessor Intel(R)Core (TM)i5-2430M CPU2,40 GHz RAM 4,00 GB Systemtyp 64 Bit habe mir im Januar(2012) gekauft. die 3 Deteien sind OTL logfile created on: 15.04.2013 12:35:29 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\paria\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16540) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,98 Gb Total Physical Memory | 2,58 Gb Available Physical Memory | 64,71% Memory free 7,96 Gb Paging File | 6,30 Gb Available in Paging File | 79,12% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 582,18 Gb Total Space | 527,71 Gb Free Space | 90,64% Space Free | Partition Type: NTFS Computer Name: ZUHAUSE | User Name: paria | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.04.15 12:33:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\paria\Desktop\OTL.exe PRC - [2013.03.20 11:33:19 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013.03.20 11:33:01 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2013.03.20 11:33:00 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.12 05:09:42 | 000,380,224 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011.04.29 17:20:18 | 000,146,592 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe PRC - [2011.03.05 16:42:36 | 000,180,928 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe PRC - [2011.03.05 16:42:36 | 000,064,704 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe PRC - [2011.02.25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE PRC - [2011.02.23 14:05:04 | 000,105,024 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe PRC - [2011.02.15 11:47:02 | 002,757,312 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe PRC - [2011.02.14 14:23:50 | 000,044,736 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Care\VCService.exe PRC - [2011.02.01 13:20:48 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2011.02.01 13:20:46 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2011.01.29 06:36:18 | 000,081,016 | ---- | M] (Sony of America Corporation) -- C:\Programme\Sony\VAIO Care\listener.exe PRC - [2010.11.27 00:55:42 | 000,648,032 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe PRC - [2010.11.27 00:55:42 | 000,398,176 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe PRC - [2010.09.13 18:32:32 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010.09.13 18:32:30 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe ========== Modules (No Company Name) ========== MOD - [2013.02.14 23:06:45 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll MOD - [2013.01.10 10:01:10 | 000,475,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\ceda881f46083cfb6356ed39e6bf9dcb\IAStorUtil.ni.dll MOD - [2013.01.10 10:01:10 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\85a17526c326bfb377b5c2124dce39f2\IAStorCommon.ni.dll MOD - [2013.01.10 09:58:33 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll MOD - [2013.01.10 09:58:04 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013.01.10 09:57:50 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll MOD - [2013.01.10 09:57:45 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013.01.10 09:57:43 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll MOD - [2013.01.10 09:57:41 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013.01.10 09:57:36 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2011.08.08 21:56:47 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ========== Services (SafeList) ========== SRV:64bit: - [2011.01.29 06:36:18 | 000,259,192 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector) SRV - [2013.03.20 11:33:19 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.03.20 11:33:01 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.10.26 10:44:28 | 001,286,784 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Sony\VAIO Update\VUAgent.exe -- (VUAgent) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.12 05:09:42 | 000,380,224 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.03.12 06:07:58 | 002,429,544 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R) SRV - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011.05.19 19:15:44 | 000,549,616 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr) SRV - [2011.04.29 17:20:18 | 000,146,592 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent) SRV - [2011.04.29 17:19:22 | 000,091,296 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc) SRV - [2011.03.05 16:42:36 | 000,064,704 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service) SRV - [2011.03.01 21:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011.02.28 10:29:18 | 000,852,160 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VAIO Smart Network\VSNService.exe -- (VSNService) SRV - [2011.02.25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort) SRV - [2011.02.23 14:05:04 | 000,105,024 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor) SRV - [2011.02.21 12:55:08 | 000,113,824 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp) SRV - [2011.02.21 12:55:08 | 000,067,232 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs) SRV - [2011.02.18 22:15:06 | 000,099,104 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper) SRV - [2011.02.18 22:02:08 | 000,385,336 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr) SRV - [2011.02.14 14:23:50 | 000,044,736 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Sony\VAIO Care\VCService.exe -- (VCService) SRV - [2011.02.01 13:20:48 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2011.02.01 13:20:46 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2011.01.20 12:27:18 | 000,286,936 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe -- (SpfService) SRV - [2011.01.20 12:16:26 | 000,887,000 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw) SRV - [2010.11.27 00:55:42 | 000,398,176 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider) SRV - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.09.21 14:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.09.13 18:32:32 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2010.03.18 23:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.03.20 11:33:25 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2013.03.20 11:33:25 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2013.03.20 11:33:25 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.09.19 11:02:08 | 000,102,368 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) DRV:64bit: - [2012.09.19 11:02:06 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) DRV:64bit: - [2012.06.11 10:37:16 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2012.03.12 06:08:08 | 000,340,072 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.10.01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011.10.01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011.10.01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011.10.01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011.09.20 17:23:40 | 000,317,776 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService) DRV:64bit: - [2011.06.21 02:03:42 | 002,753,536 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2011.04.29 17:19:36 | 000,288,416 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter) DRV:64bit: - [2011.04.29 17:19:36 | 000,283,296 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP) DRV:64bit: - [2011.04.29 17:19:36 | 000,166,048 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP) DRV:64bit: - [2011.04.29 17:19:36 | 000,109,216 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt) DRV:64bit: - [2011.04.29 17:19:36 | 000,059,040 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT) DRV:64bit: - [2011.04.29 17:19:36 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort) DRV:64bit: - [2011.04.29 17:19:36 | 000,029,344 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS) DRV:64bit: - [2011.04.29 17:19:34 | 000,259,232 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP) DRV:64bit: - [2011.04.29 17:19:34 | 000,051,872 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AthDfu.sys -- (ATHDFU) DRV:64bit: - [2011.03.29 08:51:30 | 000,425,064 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.03.29 05:57:20 | 001,581,184 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.02.22 17:27:05 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 05:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.10.19 16:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010.04.26 22:20:29 | 000,012,032 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.26 14:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://vaioportal.sony.eu IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://sony.msn.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{54B275E7-1B3C-4B4E-9D81-367542B08FE7}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-16609-27/4?mpre=hxxp://shop.ebay.de/?oemInLn=ieSrch-Q311&_nkw={searchTerms} IE - HKCU\..\SearchScopes\{96ACF1B7-D058-4071-8F60-26B0AE0E01CA}: "URL" = hxxp://services.zinio.com/search?s={searchTerms}&rf=sonyslices IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\paria\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.) O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations) O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications) O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation) O4 - HKCU..\Run: [Facebook Update] C:\Users\paria\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BEDC0DC1-FF1C-44C7-B73C-115852BDE5A4}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.15 12:33:46 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\paria\Desktop\OTL.exe [2013.04.15 12:30:44 | 000,000,000 | R--D | C] -- C:\Users\paria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices [2013.04.15 10:52:03 | 000,000,000 | ---D | C] -- C:\Users\paria\AppData\Local\{E0A292D2-599B-46BA-8D1A-3801B4EB57A0} [2013.04.13 10:44:48 | 000,000,000 | ---D | C] -- C:\Users\paria\AppData\Local\{6D3D4626-849F-4C9B-9779-0B6F78A77995} [2013.04.12 09:19:06 | 000,000,000 | ---D | C] -- C:\Users\paria\AppData\Local\MigWiz [2013.03.27 16:03:59 | 000,000,000 | ---D | C] -- C:\Users\paria\AppData\Local\{01643614-4490-4649-9795-53C02C69F256} [2013.03.24 13:52:54 | 000,000,000 | ---D | C] -- C:\Users\paria\AppData\Local\Microsoft Games [2013.03.24 12:58:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2013.03.21 01:25:18 | 000,000,000 | ---D | C] -- C:\Users\paria\AppData\Local\{F4995AB7-BB13-4410-9788-2AFF497F6DDD} [2013.03.20 11:33:44 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.03.20 11:33:44 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.03.20 11:33:43 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.04.15 12:37:38 | 000,020,720 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.15 12:37:38 | 000,020,720 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.15 12:35:39 | 001,614,036 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.04.15 12:35:39 | 000,697,322 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.04.15 12:35:39 | 000,652,600 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.04.15 12:35:39 | 000,148,328 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.04.15 12:35:39 | 000,121,274 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.04.15 12:33:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\paria\Desktop\OTL.exe [2013.04.15 12:30:16 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.04.15 12:30:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.15 12:29:58 | 3206,959,104 | -HS- | M] () -- C:\hiberfil.sys [2013.04.15 12:27:48 | 000,000,000 | ---- | M] () -- C:\Users\paria\defogger_reenable [2013.04.15 12:25:13 | 000,050,477 | ---- | M] () -- C:\Users\paria\Desktop\Defogger.exe [2013.04.15 11:58:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.04.14 22:37:00 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-301847239-349234148-2088765594-1000UA.job [2013.04.14 22:29:44 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-301847239-349234148-2088765594-1000Core.job [2013.04.12 08:04:02 | 000,301,536 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.04.12 07:50:17 | 000,000,118 | ---- | M] () -- C:\Windows\SysNative\MRT.INI [2013.03.27 15:08:23 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2013.03.27 15:08:23 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2013.03.20 11:33:25 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.03.20 11:33:25 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.03.20 11:33:25 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.04.15 12:27:48 | 000,000,000 | ---- | C] () -- C:\Users\paria\defogger_reenable [2013.04.15 12:25:13 | 000,050,477 | ---- | C] () -- C:\Users\paria\Desktop\Defogger.exe [2013.03.27 15:08:23 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2013.03.27 15:08:23 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2012.04.24 13:17:03 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 "ThreadingModel" = Both "" = C:\$Recycle.Bin\S-1-5-21-301847239-349234148-2088765594-1000\$942c2e51b3bbc6f705b6bf0c907a6523\n. [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.10.12 21:09:21 | 000,000,000 | ---D | M] -- C:\Users\paria\AppData\Roaming\Doteil [2013.04.12 08:06:26 | 000,000,000 | ---D | M] -- C:\Users\paria\AppData\Roaming\Evopjo [2012.09.21 21:18:34 | 000,000,000 | ---D | M] -- C:\Users\paria\AppData\Roaming\Fox Dgital Copy [2012.09.29 16:38:52 | 000,000,000 | ---D | M] -- C:\Users\paria\AppData\Roaming\Opzy [2013.03.20 12:15:31 | 000,000,000 | ---D | M] -- C:\Users\paria\AppData\Roaming\SoftGrid Client [2012.02.12 20:25:40 | 000,000,000 | ---D | M] -- C:\Users\paria\AppData\Roaming\TP [2012.03.26 22:45:50 | 000,000,000 | ---D | M] -- C:\Users\paria\AppData\Roaming\Windows Live Writer [2012.10.13 19:26:45 | 000,000,000 | ---D | M] -- C:\Users\paria\AppData\Roaming\Zeywep ========== Purity Check ========== nächste : OTL Extras logfile created on: 15.04.2013 12:35:29 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\paria\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16540) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,98 Gb Total Physical Memory | 2,58 Gb Available Physical Memory | 64,71% Memory free 7,96 Gb Paging File | 6,30 Gb Available in Paging File | 79,12% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 582,18 Gb Total Space | 527,71 Gb Free Space | 90,64% Space Free | Partition Type: NTFS Computer Name: ZUHAUSE | User Name: paria | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{2EEAAE20-0887-4E3E-9ECB-4F6CFCDBD55D}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | "{30D61AB0-BC55-49CD-A5C6-D3EFF2EE0E23}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{E1BB82E0-88C7-4766-8A5E-410B4F59BD7B}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{1DBF2150-EF18-4ECA-B4A2-3D3406FFF159}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{6C33257B-4C56-42A5-BD71-7B153F3C628B}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{7336D68A-A5EF-485A-B261-22FB68E4E99D}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{A4066340-B066-443C-8F18-3E35F3267DBF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{CF554707-825D-4DC7-A6F2-65D5148793E1}" = dir=in | app=c:\users\paria\appdata\local\facebook\video\skype\facebookvideocalling.exe | "TCP Query User{395ECCEC-7AD1-472D-9B02-6E62F84B4B1E}C:\users\paria\appdata\roaming\zeywep\etmod.exe" = protocol=6 | dir=in | app=c:\users\paria\appdata\roaming\zeywep\etmod.exe | "TCP Query User{535EE812-B110-4725-BE5A-FD8AC8CFE3E3}C:\users\paria\appdata\roaming\evopjo\fygeo.exe" = protocol=6 | dir=in | app=c:\users\paria\appdata\roaming\evopjo\fygeo.exe | "TCP Query User{ECE2E975-1015-4196-8ED7-DB20207F9686}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "UDP Query User{0DFFA166-278F-4762-BE9F-705F86AB54FF}C:\users\paria\appdata\roaming\evopjo\fygeo.exe" = protocol=17 | dir=in | app=c:\users\paria\appdata\roaming\evopjo\fygeo.exe | "UDP Query User{D3F1C98A-31E4-42D1-8631-79AE930B8631}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "UDP Query User{D8BC2BA4-BE04-480B-9804-984BD8A5365D}C:\users\paria\appdata\roaming\zeywep\etmod.exe" = protocol=17 | dir=in | app=c:\users\paria\appdata\roaming\zeywep\etmod.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{115B60D5-BBDB-490E-AF2E-064D37A3CE01}" = Media Gallery "{133D3F07-D558-46CE-80E8-F4D75DBBAD63}" = PMB VAIO Edition Plug-in "{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources "{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources "{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources "{22AB5CFD-B3DB-414E-9F99-4D024CCF1DA6}" = Windows Live Remote Client Resources "{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64) "{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources "{26A24AE4-039D-4CA4-87B4-2F86416022FF}" = Java(TM) 6 Update 22 (64-bit) "{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources "{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources "{312395BC-7CC2-434C-A660-30250276A926}" = SSLx64 "{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources "{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources "{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources "{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources "{4EFA8109-732B-4026-9F0C-B70ECF3F9293}" = Windows Live Remote Service Resources "{4F31AC31-0A28-4F5A-8416-513972DA1F79}" = Sony Corporation "{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}" = Windows Live Remote Service Resources "{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources "{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources "{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources "{5F44A3A1-5D24-4708-8776-66B42B174C64}" = Windows Live Remote Client Resources "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources "{61407251-7F7D-4303-810D-226A04D5CFF3}" = Windows Live Remote Service Resources "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources "{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources "{6B7DE186-374B-4873-AEC1-7464DA337DD6}" = VU5x64 "{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources "{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources "{75C95C84-264F-4CC7-8A7E-346444E6C7C1}" = VAIO Improvement Validation "{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources "{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources "{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{99E6C2F3-59B2-4308-B1CD-4928B55B7E30}" = VGClientX64 "{9E9C960F-7F47-46D5-A95D-950B354DE2B8}" = Windows Live Remote Service Resources "{9F672527-2BE4-47AB-B061-C057BDE30B30}" = Windows Live Remote Client Resources "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO "{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 269.73 "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 269.73 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 269.73 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0507 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.24.0 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources "{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources "{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector "{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources "{D55EAC07-7207-44BD-B524-0F063F327743}" = VIx64 "{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources "{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{ED421F97-E1C3-4E78-9F54-A53888215D58}" = Windows Live Remote Client Resources "{F1DC5C16-9B1F-467B-85E3-CB48C27AC50D}" = VESx64 "{F2611404-06BF-4E67-A5B7-8DB2FFC1CBF6}" = VSNx64 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit "CNXT_AUDIO_HDA" = Conexant HD Audio "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh "{00B03993-F5A1-47B1-9C54-EC8FBDDDE17E}" = VAIO Care "{0125DB4D-98A0-4DBF-B68A-23BF08FFA6A3}" = Windows Live Messenger "{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh "{046885A1-B4AE-4459-A0D1-8C93706698D6}" = "{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack "{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common "{07441A52-E208-478A-92B7-5C337CA8C131}" = VAIO - Remote Play mit PlayStation®3 "{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}" = VAIO Smart Network "{08D7BC86-7358-464C-8AD0-0D84B5F0A0C9}" = Remote Keyboard "{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack "{09B7C7EB-3140-4B5E-842F-9C79A7137139}" = Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger "{0A9256E0-C924-46DE-921B-F6C4548A1C64}" = Windows Live Messenger "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack "{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti "{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live "{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail "{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh "{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh "{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer "{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar "{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker "{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources "{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common "{17835B63-8308-427F-8CF5-D76E0D5FE457}" = Windows Live Essentials "{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima "{1B0545C4-620F-4661-A369-C4D113F24932}" = Windows Live Writer Resources "{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack "{2303F9E7-6293-4A85-BC21-CA226FAD5CE4}" = Windows Live Mail "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{241E7104-937A-4366-AD57-8FDDDB003939}" = Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi "{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack "{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail "{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer "{260E3D78-94E6-47EC-8E29-46301572BB1E}" = Control ActiveX Windows Live Mesh pentru conexiuni la distanță "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22 "{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources "{270380EB-8812-42E1-8289-53700DB840D2}" = PMB VAIO Edition Plug-in "{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials "{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger "{2BA5FD10-653F-4CAF-9CCD-F685082A1DC1}" = Windows Live Writer "{2C09B3BC-47CF-49B7-8EC6-7F12C72D252F}" = NVIDIA PhysX "{2C7E8AA1-9C03-4606-BF34-5D99D07964DA}" = Windows Live Messenger "{2C8FBAB0-4564-47B8-AC4B-9C7401B94BF2}" = Основи Windows Live "{2D3E034E-F76B-410A-A169-55755D2637BB}" = Windows Live Mesh "{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources "{303143DD-1F6D-4BC5-9342-FFC2E19B2DBD}" = Windows Live Messenger "{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live "{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in "{34C4F5AF-D757-4E6A-ABCA-65AB5A50A1A8}" = Windows Live Messenger "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}" = VAIO Care "{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common "{376D59B1-42D9-4FA2-B6CC-E346B6BE14F5}" = ActiveX-kontroll för fjärranslutningar för Windows Live Mesh "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{39BDD209-5704-480C-9F4A-B69D0370DDBB}" = Windows Live Messenger "{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh "{3A26D9BD-0F73-432D-B522-2BA18138F7EF}" = VAIO Improvement "{3A94F54D-A8A4-4B82-B346-92B4D56A2708}" = VESx86 "{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer "{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh "{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack "{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer "{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery "{4444F27C-B1A8-464E-9486-4C37BAB39A09}" = Фотогалерия на Windows Live "{458F399F-62AC-4747-99F5-499BBF073D29}" = Windows Live Writer Resources "{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR "{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials "{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer "{4C378B16-46B7-4DA1-A2CE-2EE676F74680}" = Windows Live UX Platform Language Pack "{4CF6F287-5121-483C-A5A2-07BDE19D8B4E}" = Windows Live Meshin etäyhteyksien ActiveX-komponentti "{50300123-F8FC-4B50-B449-E847D04F1BA2}" = Windows Live Messenger "{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack "{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack "{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources "{547C9EB4-4CA6-402F-9D1B-8BD30DC71E44}" = VAIO Sample Contents "{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance "{57220148-3B2B-412A-A2E0-82B9DF423696}" = Windows Live Mesh ActiveX-objekt til fjernforbindelser "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool "{5A92468F-3ED8-4F96-A9E1-4F176C80EC29}" = VAIO Quick Web Access "{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri "{5D2E7BD7-4B6F-4086-BA8A-E88484750624}" = Windows Live Writer Resources "{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = VAIO-Support für Übertragungen "{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack "{5FA51AAF-23FE-42F4-A724-D79F85F41D4B}" = Remote Play with PlayStation 3 "{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger "{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker "{61438020-DDD4-42FA-99A2-50225441980A}" = ArcSoft Magic-i Visual Effects 2 "{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources "{63C43435-F428-42BA-8E7B-5848749D9262}" = SSLx86 "{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail "{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker "{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live "{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials "{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{66081CDD-C1FE-415F-BB3A-F2622BA27461}" = PMB VAIO Edition Guide "{6756D5CA-3E31-4308-9BF0-79DFD1AF196E}" = Елемент керування Windows Live Mesh ActiveX для віддалених підключень "{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6986737B-F286-40D1-87AF-938339DCF6AB}" = Windows Live Messenger "{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources "{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack "{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger "{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh "{6AC57EEF-2733-4DE6-81BB-E78ACB964C22}" = Windows Live Photo Common "{6D30E864-46AE-435B-8230-8B5D42B4AE37}" = Windows Live Messenger "{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker "{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}" = Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz "{6EE9F44A-B8C7-4CDB-B2A9-441AF2AE315A}" = Windows Live Messenger "{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker "{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common "{70991E0A-1108-437E-BA7D-085702C670C0}" = "{70EED410-697B-4193-A2CB-2F790F82B420}" = VAIO Data Restore Tool "{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer "{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh "{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center "{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár "{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources "{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}" = Windows Live Movie Maker "{7396FB15-9AB4-4B78-BDD8-24A9C15D2C65}" = VAIO - Remote-Tastatur "{73D8886A-D416-4687-B609-0D3836BA410C}" = VAIO Event Service "{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common "{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker "{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh "{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack "{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live "{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common "{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live "{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common "{7AF8E500-B349-4A77-8265-9854E9A47925}" = Windows Live Movie Maker "{7C80D30A-AC02-4E3F-B95D-29F0E4FF937B}" = VAIO Easy Connect "{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources "{7D0DE76C-874E-4BDE-A204-F4240160693E}" = Windows Live Photo Common "{7D916FA5-DAE9-4A25-B089-655C70EAF607}" = Atheros WiFi Driver Installation "{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer "{7F6021AE-E688-4D03-843A-C2260482BA0D}" = Windows Live Messenger "{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources "{80651674-74AA-4155-AF2D-1339E628D187}" = Windows Live Movie Maker "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger "{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh "{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials "{82803FF3-563F-414F-A403-8D4C167D4120}" = Windows Live Mail "{82F09B1C-F602-4552-9C40-5BD5F8EAF750}" = "{8356CB97-A48F-44CB-837A-A12838DC4669}" = PMB VAIO Edition Plug-in "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh "{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common "{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common "{855DDD3C-131E-42A8-BCBD-F9581F80CACB}" = "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger "{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery "{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu "{8B583EF5-FA7B-4AE2-9008-51B7FD505886}" = VGClientX86 "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch "{91BD94FE-ADCA-49CC-BE96-97D4BBC36FAF}" = Windows Live Mesh "{92280FD3-A119-41E6-A740-A62DBA4DFB53}" = Windows Live UX Platform Language Pack "{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer "{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B088046-8A01-4355-99DD-8530C022F682}" = VCCx86 "{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D12A8B5-9D41-4465-BF11-70719EB0CD02}" = VU5x86 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail "{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}" = VAIO Update "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A7C30414-2382-4086-B0D6-01A88ABA21C3}" = VAIO Gate "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources "{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X MUI "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh "{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail "{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common "{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}" = Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych "{B0AD205F-60D0-4084-AFB8-34D9A706D9A8}" = Windows Live Essentials "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B3BA4D1C-23EF-4859-9C11-1B2CCB7FADBB}" = ActiveX контрола на Windows Live Mesh за отдалечени връзки "{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials "{B6190387-0036-4BEB-8D74-A0AFC5F14706}" = Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená připojení "{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live "{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB "{B7546697-2A80-4256-A24B-1C33163F535B}" = VAIO Gate Default "{B8991D99-88FD-41F2-8C32-DB70278D5C30}" = VWSTx86 "{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287 "{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}" = Элемент управления Windows Live Mesh ActiveX для удаленных подключений "{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common "{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi "{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker "{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh "{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live "{C08D5964-C42F-48EE-A893-2396F9562A7C}" = Windows Live Mesh "{C115A674-A398-49E5-9C6E-C0A541D3EA10}" = Фотоколекція Windows Live "{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader "{C1C9D199-B4DD-4895-92DD-9A726A2FE341}" = Windows Live Writer "{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C2FD7DB5-FE30-49B6-8A2F-C5652E053C31}" = Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia "{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen "{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}" = VAIO-Handbuch "{C72E35E5-C5C6-4328-AD9A-BBCCC816A2E6}" = VAIO Hardware Diagnostics "{C793AD32-2BB8-4CC4-ABD3-A1469C21593C}" = ArcSoft WebCam Companion 4 "{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail "{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common "{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live "{CB66242D-12B1-4494-82D2-6F53A7E024A3}" = Galerie foto Windows Live "{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker "{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker "{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common "{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery "{D07B1FDA-876B-4914-9E9A-309732B6D44F}" = Windows Live Mail "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D17C2A58-E0EA-4DD7-A2D6-C448FD25B6F6}" = VIx86 "{D2D23D08-D10E-43D6-883C-78E0B2AC9CC6}" = VU5x86 "{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D57A002F-2B34-4E7B-A58B-0A4FBDA2E93F}" = Windows Live Messenger "{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail "{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack "{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer "{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker "{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker "{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer "{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas "{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer "{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack "{E6725026-A650-449C-897B-D6B7A5EEA058}" = Adobe Flash Player 10 Plugin "{E7688C7D-DE09-4D43-9785-534EDE9BC18E}" = Windows Live Messenger "{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live "{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer "{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials "{F28C98E9-BAC1-41FF-81F2-8885925CCB48}" = Windows Live Writer "{F4BEA6C1-AAC3-4810-AAEA-588E26E0F237}" = Windows Live UX Platform Language Pack "{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις "{F694D1F7-1F12-4550-9B7A-C871273ABAD5}" = Windows Live Messenger "{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail "{FA870BF1-44A1-4B7D-93E1-C101369AF0C1}" = VAIO - Media Gallery "{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker "{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie "{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials "{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials "{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker "Adobe AIR" = Adobe AIR "Avira AntiVir Desktop" = Avira Free Antivirus "InstallShield_{270380EB-8812-42E1-8289-53700DB840D2}" = VAIO - PMB VAIO Edition Plug-in "InstallShield_{66081CDD-C1FE-415F-BB3A-F2622BA27461}" = VAIO - PMB VAIO Edition Guide "InstallShield_{7C80D30A-AC02-4E3F-B95D-29F0E4FF937B}" = VAIO Easy Connect "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Office14.Click2Run" = Microsoft Office Klick-und-Los 2010 "splashtop" = VAIO Quick Web Access "TMM60" = TeLL me More "VAIO Help and Support" = "VAIO Hero Screensaver - Summer 2011 Screensaver" = VAIO Hero Screensaver - Summer 2011 Screensaver "WinLiveSuite" = Windows Live Essentials ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 03.01.2013 02:13:50 | Computer Name = Zuhause | Source = CVHSVC | ID = 100 Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar. Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt. Error - 05.01.2013 16:50:06 | Computer Name = Zuhause | Source = CVHSVC | ID = 100 Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar. Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt. Error - 06.01.2013 11:20:01 | Computer Name = Zuhause | Source = Microsoft-Windows-RestartManager | ID = 10007 Description = Die Anwendung oder der Dienst "VUAgent" konnte nicht neu gestartet werden. Error - 07.01.2013 04:47:53 | Computer Name = Zuhause | Source = CVHSVC | ID = 100 Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar. Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt. Error - 07.01.2013 12:03:26 | Computer Name = Zuhause | Source = SampleCollector | ID = 131331 Description = init_sstates_file:CreateFile:Prev_SState: Failed with error 0x20: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. Error - 10.01.2013 03:19:59 | Computer Name = Zuhause | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: VAIO Gate.exe, Version: 2.4.2.2200, Zeitstempel: 0x4f425c29 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec4aa8e Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000071bc ID des fehlerhaften Prozesses: 0xe2c Startzeit der fehlerhaften Anwendung: 0x01cde08317e701b6 Pfad der fehlerhaften Anwendung: C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 23e94c42-5af6-11e2-bd11-9439e5a8b582 Error - 10.01.2013 03:52:24 | Computer Name = Zuhause | Source = WinMgmt | ID = 10 Description = Error - 10.01.2013 10:37:20 | Computer Name = Zuhause | Source = Application Hang | ID = 1002 Description = Programm iexplore.exe, Version 9.0.8112.16457 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1054 Startzeit: 01cdef078454e78e Endzeit: 47 Anwendungspfad: C:\Program Files (x86)\Internet Explorer\iexplore.exe Berichts-ID: Error - 11.01.2013 03:08:04 | Computer Name = Zuhause | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16457, Zeitstempel: 0x50a2f9e3 Name des fehlerhaften Moduls: Flash11e.ocx, Version: 11.1.102.55, Zeitstempel: 0x4eaf89fc Ausnahmecode: 0xc0000005 Fehleroffset: 0x00154ff6 ID des fehlerhaften Prozesses: 0x128c Startzeit der fehlerhaften Anwendung: 0x01cdef0785c37b78 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\Flash11e.ocx Berichtskennung: a4295bef-5bbd-11e2-91bb-9439e5a8b582 Error - 12.01.2013 04:24:14 | Computer Name = Zuhause | Source = CVHSVC | ID = 100 Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: [ System Events ] Error - 05.11.2012 07:24:09 | Computer Name = Zuhause | Source = Service Control Manager | ID = 7000 Description = Der Dienst "NVIDIA Driver Helper Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 18.11.2012 07:40:35 | Computer Name = Zuhause | Source = volsnap | ID = 393283 Description = Die Schattenkopie des erstellten Volumes "C:" konnte nicht installiert werden. Error - 18.11.2012 07:54:38 | Computer Name = Zuhause | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800f0902 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte Systeme (KB2761226) Error - 18.11.2012 08:11:34 | Computer Name = Zuhause | Source = ACPI | ID = 327693 Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen Situationen zur Folge haben, dass der Computer fehlerhaft läuft. Error - 18.11.2012 08:12:20 | Computer Name = Zuhause | Source = Service Control Manager | ID = 7000 Description = Der Dienst "NVIDIA Driver Helper Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 18.11.2012 19:00:07 | Computer Name = Zuhause | Source = Service Control Manager | ID = 7034 Description = Dienst "VAIO Care Performance Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 02.12.2012 09:10:33 | Computer Name = Zuhause | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst AntiVirService erreicht. Error - 03.12.2012 13:59:09 | Computer Name = Zuhause | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?03.?12.?2012 um 13:27:07 unerwartet heruntergefahren. Error - 17.01.2013 14:21:05 | Computer Name = Zuhause | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?17.?01.?2013 um 19:17:57 unerwartet heruntergefahren. Error - 01.02.2013 19:15:05 | Computer Name = Zuhause | Source = DCOM | ID = 10010 Description = < End of report > und GMER GMER 2.1.19163 - hxxp://www.gmer.net Rootkit scan 2013-04-15 13:30:26 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.JEDO 596,17GB Running: gmer_2.1.19163.exe; Driver: C:\Users\paria\AppData\Local\Temp\pwddypow.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2416] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e11465 2 bytes [E1, 75] .text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2416] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e114bb 2 bytes [E1, 75] .text ... * 2 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3128] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e11465 2 bytes [E1, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3128] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e114bb 2 bytes [E1, 75] .text ... * 2 .text C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[4008] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e11465 2 bytes [E1, 75] .text C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[4008] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e114bb 2 bytes [E1, 75] .text ... * 2 .text C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[4008] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35 000000006a0e11a8 2 bytes [0E, 6A] .text C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[4008] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21 000000006a0e13a8 2 bytes [0E, 6A] .text C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[4008] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21 000000006a0e1422 2 bytes [0E, 6A] .text C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[4008] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19 000000006a0e1498 2 bytes [0E, 6A] .text C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[4008] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 195 0000000069f01b41 2 bytes [F0, 69] .text C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[4008] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 362 0000000069f01be8 2 bytes [F0, 69] .text C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[4008] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 418 0000000069f01c20 2 bytes [F0, 69] .text C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[4008] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 596 0000000069f01cd2 2 bytes [F0, 69] .text C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe[4008] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 628 0000000069f01cf2 2 bytes [F0, 69] .text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[4648] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e11465 2 bytes [E1, 75] .text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[4648] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e114bb 2 bytes [E1, 75] .text ... * 2 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\9439e5a8b582 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ccaf78b999be Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\9439e5a8b582 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ccaf78b999be (not active ControlSet) ---- EOF - GMER 2.1 ---- < End of report > ich muss noch sagen das am Ende des erfolgreichen GMER Scan hatte ich einen blauen Bildschirm mit einer Fehlermeldung dass ich überhaupt nicht mehr machen konnte. Mit Power habe Laptop zwangsmäßig runterfahren lassen. jetzt weiß ich nicht mehr was ich noch machen soll. Ob mein Laptop noch infiziert ist oder nicht. Ich wäre dankbar wenn ihr mir hilft. LG Zaria |
|
15.04.2013, 16:05
| #2 |
| /// TB-Ausbilder   | TR/PSW.Zbot.AM987 Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Du bist seit Dezember infiziert und schaust erst heute vorbei?  Ich mach es kurz: Ja, du bist noch infiziert.   Lesestoff: Rootkit-Warnung Dein Computer wurde mit einem besonderen Schädling infiziert, der sich vor herkömmlichen Virenscannern und dem Betriebssystem selbst verstecken kann. Zusätzlich hat so ein Schädling meist auch Backdoor-Funktionalität, reißt also ganz bewußt Löcher durch alle Schutzmaßnahmen, damit er weiteren Schadcode nachladen oder die Daten, die er so sammelt, an die "bösen Jungs" weiterleiten kann. Was heißt das jetzt für dich?
Solltest du dich für eine Bereinigung entschieden haben, beginnen wir folgendermaßen: Schritt 1 Scan mit Combofix
Schritt 2 Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Bitte poste mit deiner nächsten Antwort
|
|
15.04.2013, 21:48
| #3 |
| | TR/PSW.Zbot.AM987 Hallo lieber Helfer,
__________________ich weiß es nicht, ob Sie meine Post schon bekommen haben, aber zur Sicherheit sende ich hier nochmal. Combofix Logfile: Code:
ATTFilter ComboFix 13-04-15.01 - paria 15.04.2013 20:54:38.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4078.2618 [GMT 2:00]
ausgeführt von:: c:\users\paria\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\paria\AppData\Roaming\Opzy
c:\users\paria\AppData\Roaming\Opzy\uqese.zon
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-03-15 bis 2013-04-15 ))))))))))))))))))))))))))))))
.
.
2013-04-15 18:58 . 2013-04-15 18:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-15 18:54 . 2013-04-15 18:54 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BCB1A8C4-6639-4110-91C0-13D5E11CB369}\offreg.dll
2013-04-12 07:19 . 2013-04-12 07:20 -------- dc----w- c:\users\paria\AppData\Local\MigWiz
2013-04-12 05:54 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BCB1A8C4-6639-4110-91C0-13D5E11CB369}\mpengine.dll
2013-04-11 08:54 . 2013-02-15 06:06 3717632 ----a-w- c:\windows\system32\mstscax.dll
2013-03-27 13:06 . 2013-03-27 13:06 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-03-24 11:52 . 2013-03-24 18:15 -------- d-----w- c:\users\paria\AppData\Local\Microsoft Games
2013-03-21 07:55 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-03-20 09:33 . 2013-03-20 09:33 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-03-20 09:33 . 2013-03-20 09:33 130016 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-03-20 09:33 . 2013-03-20 09:33 100712 ----a-w- c:\windows\system32\drivers\avgntflt.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-12 05:48 . 2012-01-13 20:48 72702784 ----a-w- c:\windows\system32\MRT.exe
2013-03-11 23:10 . 2010-11-21 03:27 282744 ------w- c:\windows\system32\MpSigStub.exe
2013-02-12 05:45 . 2013-03-14 07:27 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-14 07:27 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-14 07:27 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-14 07:27 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-14 07:27 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-14 07:27 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"Facebook Update"="c:\users\paria\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-11-01 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-09-13 283160]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2011-02-15 2757312]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-26 648032]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-03-20 345312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\System32\Drivers\AthDfu.sys [2011-04-29 51872]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-09-19 102368]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [2009-06-10 281088]
R3 SOHCImp;VAIO Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2011-02-21 113824]
R3 SOHDs;VAIO Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2011-02-21 67232]
R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-01-20 286936]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-09-19 203104]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-01-20 887000]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-05-19 549616]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-02-18 385336]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-02-18 99104]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-03-20 28600]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2013-03-20 86752]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-04-29 146592]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-04-29 91296]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-13 13336]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-03-12 2429544]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-26 398176]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-01-29 259192]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-12 380224]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2011-02-23 105024]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2011-02-28 852160]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-04-29 36000]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-04-29 259232]
S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [2011-04-29 109216]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\drivers\btath_bus.sys [2011-04-29 29344]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\drivers\btath_hcrp.sys [2011-04-29 166048]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-04-29 59040]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\drivers\btath_rcp.sys [2011-04-29 283296]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-04-29 288416]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2012-03-12 340072]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-03-29 425064]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2010-04-26 12032]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-02-14 44736]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update\VUAgent.exe [2012-10-26 1286784]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-04-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-301847239-349234148-2088765594-1000Core.job
- c:\users\paria\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-11-01 18:32]
.
2013-04-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-301847239-349234148-2088765594-1000UA.job
- c:\users\paria\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-11-01 18:32]
.
2013-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-11 19:59]
.
2013-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-11 19:59]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2011-03-29 518784]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-04-29 790688]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-04-29 657568]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-Apoint - c:\program files (x86)\Apoint\Apoint.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-04-15 20:59:55
ComboFix-quarantined-files.txt 2013-04-15 18:59
.
Vor Suchlauf: 17 Verzeichnis(se), 566.026.792.960 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 566.835.003.392 Bytes frei
.
- - End Of File - - E8A5BACFD01C62F0405257501C03CF72
erste Scanergebnis von mbar Malwarebytes Anti-Rootkit BETA 1.05.0.1001 Malwarebytes : Free Anti-Malware download Database version: v2013.04.15.09 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16540 paria :: ZUHAUSE [administrator] 15.04.2013 21:38:23 mbar-log-2013-04-15 (21-38-23).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 29923 Time elapsed: 14 minute(s), 49 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 3 c:\$Recycle.Bin\S-1-5-21-301847239-349234148-2088765594-1000\$942c2e51b3bbc6f705b6bf0c907a6523\U (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\S-1-5-21-301847239-349234148-2088765594-1000\$942c2e51b3bbc6f705b6bf0c907a6523\L (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\S-1-5-21-301847239-349234148-2088765594-1000\$942c2e51b3bbc6f705b6bf0c907a6523 (Trojan.Siredef.C) -> Delete on reboot. Files Detected: 1 c:\$Recycle.Bin\S-1-5-21-301847239-349234148-2088765594-1000\$942c2e51b3bbc6f705b6bf0c907a6523\@ (Trojan.Siredef.C) -> Delete on reboot. (end) Malwarebytes Anti-Rootkit BETA 1.05.0.1001 Malwarebytes : Free Anti-Malware download Database version: v2013.04.15.09 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16540 paria :: ZUHAUSE [administrator] 15.04.2013 22:00:51 mbar-log-2013-04-15 (22-00-51).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 29913 Time elapsed: 18 minute(s), 15 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Ich bedanke mich vielmals. Jetzt habe ein Problem und zwar wenn ich eine neue Registerkarte öffne, ist nun weiß und es öffnet sich nicht richtig. LG PS: Antivirus Avira hat schon im Dezember wie vorher beschrieben 5 TR.*** erwischt und ich dachte das warst dann. Danach Kamm es nochmal am 12.04.2013 noch einmal TR/PSW.** . Daher komme ich jetzt auf eure Seite und ich bin sehr dankbar für Ihre Unterstützung. |
|
16.04.2013, 09:24
| #4 |
| /// TB-Ausbilder | TR/PSW.Zbot.AM987 Servus, sieht schon besser aus. So geht es weiter:
Code:
ATTFilter C:\Users\paria\AppData\Roaming\Doteil\*.* /S
C:\Users\paria\AppData\Roaming\Opzy\*.* /S
C:\Users\paria\AppData\Roaming\Evopjo\*.* /S
C:\Users\paria\AppData\Roaming\Zeywep\*.* /S
|
|
16.04.2013, 12:27
| #5 |
| | TR/PSW.Zbot.AM987 Ich habe 3 mal versucht ganze auf einmal oder auch in zwei Teile zu senden, es hat aber nicht geklappt. Logs als Archiv an den Beitrag anhängen, könnte ich auch nicht, weil es öffnet nur eine blanke Seite.  Allerdings das Problem mit dem Öffnen der neue Registerkarte besteht noch. Ich könnte nicht mal Facebook und Yahoo öffnen. Was muss ich machen? Wie soll ich beide Logs schicken???? LG Zaria |
|
16.04.2013, 16:07
| #6 |
| /// TB-Ausbilder | TR/PSW.Zbot.AM987 Servus, teile die Logdateien von OTL jeweils in mehrere Einzelstücke auf und poste sie hier. Das sollte klappen. |
|
16.04.2013, 17:06
| #7 |
| | TR/PSW.Zbot.AM987 Hi, OTL logfile created on: 16.04.2013 13:00:42 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\paria\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16540) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,98 Gb Total Physical Memory | 2,52 Gb Available Physical Memory | 63,33% Memory free 7,96 Gb Paging File | 6,22 Gb Available in Paging File | 78,08% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 582,18 Gb Total Space | 527,55 Gb Free Space | 90,62% Space Free | Partition Type: NTFS Computer Name: ZUHAUSE | User Name: paria | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 180 Days ========== Processes (SafeList) ========== PRC - [2013.04.15 12:33:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\paria\Desktop\OTL.exe PRC - [2013.03.20 11:33:19 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013.03.20 11:33:01 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2013.03.20 11:33:00 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.12 05:09:42 | 000,380,224 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011.04.29 17:20:18 | 000,146,592 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe PRC - [2011.03.05 16:42:36 | 000,180,928 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe PRC - [2011.03.05 16:42:36 | 000,064,704 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe PRC - [2011.02.25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE PRC - [2011.02.23 14:05:04 | 000,105,024 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe PRC - [2011.02.15 11:47:02 | 002,757,312 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe PRC - [2011.02.14 14:23:50 | 000,044,736 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Care\VCService.exe PRC - [2011.02.01 13:20:48 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2011.02.01 13:20:46 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2011.01.29 06:36:18 | 000,081,016 | ---- | M] (Sony of America Corporation) -- C:\Programme\Sony\VAIO Care\listener.exe PRC - [2010.11.27 00:55:42 | 000,648,032 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe PRC - [2010.11.27 00:55:42 | 000,398,176 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe PRC - [2010.09.13 18:32:32 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010.09.13 18:32:30 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe ========== Modules (No Company Name) ========== MOD - [2013.02.14 23:06:45 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll MOD - [2013.01.10 10:01:10 | 000,475,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\ceda881f46083cfb6356ed39e6bf9dcb\IAStorUtil.ni.dll MOD - [2013.01.10 10:01:10 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\85a17526c326bfb377b5c2124dce39f2\IAStorCommon.ni.dll MOD - [2013.01.10 09:58:33 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll MOD - [2013.01.10 09:58:04 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013.01.10 09:57:50 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll MOD - [2013.01.10 09:57:45 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013.01.10 09:57:43 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll MOD - [2013.01.10 09:57:41 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013.01.10 09:57:36 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2011.08.08 21:56:47 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ========== Services (SafeList) ========== SRV:64bit: - [2011.01.29 06:36:18 | 000,259,192 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector) SRV - [2013.03.20 11:33:19 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.03.20 11:33:01 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.10.26 10:44:28 | 001,286,784 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Sony\VAIO Update\VUAgent.exe -- (VUAgent) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.12 05:09:42 | 000,380,224 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.03.12 06:07:58 | 002,429,544 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R) SRV - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011.05.19 19:15:44 | 000,549,616 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr) SRV - [2011.04.29 17:20:18 | 000,146,592 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent) SRV - [2011.04.29 17:19:22 | 000,091,296 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc) SRV - [2011.03.05 16:42:36 | 000,064,704 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service) SRV - [2011.03.01 21:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011.02.28 10:29:18 | 000,852,160 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VAIO Smart Network\VSNService.exe -- (VSNService) SRV - [2011.02.25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort) SRV - [2011.02.23 14:05:04 | 000,105,024 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor) SRV - [2011.02.21 12:55:08 | 000,113,824 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp) SRV - [2011.02.21 12:55:08 | 000,067,232 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs) SRV - [2011.02.18 22:15:06 | 000,099,104 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper) SRV - [2011.02.18 22:02:08 | 000,385,336 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr) SRV - [2011.02.14 14:23:50 | 000,044,736 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Sony\VAIO Care\VCService.exe -- (VCService) SRV - [2011.02.01 13:20:48 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2011.02.01 13:20:46 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2011.01.20 12:27:18 | 000,286,936 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe -- (SpfService) SRV - [2011.01.20 12:16:26 | 000,887,000 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw) SRV - [2010.11.27 00:55:42 | 000,398,176 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider) SRV - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.09.21 14:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.09.13 18:32:32 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2010.03.18 23:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.03.20 11:33:25 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2013.03.20 11:33:25 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2013.03.20 11:33:25 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.09.19 11:02:08 | 000,102,368 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) DRV:64bit: - [2012.09.19 11:02:06 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) DRV:64bit: - [2012.06.11 10:37:16 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2012.03.12 06:08:08 | 000,340,072 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.10.01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011.10.01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011.10.01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011.10.01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011.09.20 17:23:40 | 000,317,776 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService) DRV:64bit: - [2011.06.21 02:03:42 | 002,753,536 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2011.04.29 17:19:36 | 000,288,416 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter) DRV:64bit: - [2011.04.29 17:19:36 | 000,283,296 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP) DRV:64bit: - [2011.04.29 17:19:36 | 000,166,048 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP) DRV:64bit: - [2011.04.29 17:19:36 | 000,109,216 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt) DRV:64bit: - [2011.04.29 17:19:36 | 000,059,040 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT) DRV:64bit: - [2011.04.29 17:19:36 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort) DRV:64bit: - [2011.04.29 17:19:36 | 000,029,344 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS) DRV:64bit: - [2011.04.29 17:19:34 | 000,259,232 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP) DRV:64bit: - [2011.04.29 17:19:34 | 000,051,872 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AthDfu.sys -- (ATHDFU) DRV:64bit: - [2011.03.29 08:51:30 | 000,425,064 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.03.29 05:57:20 | 001,581,184 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.02.22 17:27:05 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 05:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.10.19 16:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010.04.26 22:20:29 | 000,012,032 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.26 14:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login. IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login. IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login. IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login. IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Sign In IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login. IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Sign In IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login. IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-21-301847239-349234148-2088765594-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login. [binary data] IE - HKU\S-1-5-21-301847239-349234148-2088765594-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm IE - HKU\S-1-5-21-301847239-349234148-2088765594-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Sign In IE - HKU\S-1-5-21-301847239-349234148-2088765594-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKU\S-1-5-21-301847239-349234148-2088765594-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-21-301847239-349234148-2088765594-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-301847239-349234148-2088765594-1000\..\SearchScopes\{54B275E7-1B3C-4B4E-9D81-367542B08FE7}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-16609-27/4?mpre=hxxp://shop.ebay.de/?oemInLn=ieSrch-Q311&_nkw={searchTerms} IE - HKU\S-1-5-21-301847239-349234148-2088765594-1000\..\SearchScopes\{96ACF1B7-D058-4071-8F60-26B0AE0E01CA}: "URL" = hxxp://services.zinio.com/search?s={searchTerms}&rf=sonyslices IE - HKU\S-1-5-21-301847239-349234148-2088765594-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-301847239-349234148-2088765594-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\paria\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) O1 HOSTS File: ([2013.04.15 20:58:31 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.) O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations) O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications) O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation) O4 - HKU\S-1-5-21-301847239-349234148-2088765594-1000..\Run: [Facebook Update] C:\Users\paria\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKU\S-1-5-21-301847239-349234148-2088765594-1000..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-301847239-349234148-2088765594-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-301847239-349234148-2088765594-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BEDC0DC1-FF1C-44C7-B73C-115852BDE5A4}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation) O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corp.) O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation) O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation) O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corp.) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 180 Days ========== [2013.04.16 12:57:36 | 000,000,000 | ---D | C] -- C:\Users\paria\Desktop\logfile [2013.04.16 11:54:42 | 000,000,000 | R--D | C] -- C:\Users\paria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices [2013.04.15 21:20:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.04.15 21:15:46 | 000,000,000 | ---D | C] -- C:\Users\paria\Desktop\mbar-1.05.0.1001 [2013.04.15 20:59:56 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.04.15 20:53:14 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.04.15 20:53:14 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.04.15 20:53:14 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.04.15 20:53:11 | 000,000,000 | ---D | C] -- C:\ComboFix [2013.04.15 20:53:09 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.04.15 20:52:48 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.04.15 20:43:35 | 005,054,270 | R--- | C] (Swearware) -- C:\Users\paria\Desktop\ComboFix.exe [2013.04.15 13:54:22 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2013.04.15 12:33:46 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\paria\Desktop\OTL.exe [2013.04.15 10:52:03 | 000,000,000 | ---D | C] -- C:\Users\paria\AppData\Local\{E0A292D2-599B-46BA-8D1A-3801B4EB57A0} [2013.04.13 10:44:48 | 000,000,000 | ---D | C] -- C:\Users\paria\AppData\Local\{6D3D4626-849F-4C9B-9779-0B6F78A77995} [2013.04.12 09:19:06 | 000,000,000 | ---D | C] -- C:\Users\paria\AppData\Local\MigWiz [2013.04.12 07:47:21 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.04.12 07:47:20 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.04.12 07:47:20 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013.04.12 07:47:20 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013.04.12 07:47:20 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013.04.12 07:47:20 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013.04.12 07:47:20 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013.04.12 07:47:20 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013.04.12 07:47:20 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013.04.12 07:47:20 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013.04.12 07:47:20 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013.04.12 07:47:19 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.04.12 07:47:18 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.04.12 07:47:18 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.04.12 07:47:17 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.04.11 10:54:53 | 003,717,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll [2013.04.11 10:54:53 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll [2013.04.11 10:54:52 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll [2013.04.11 10:54:52 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll [2013.04.11 10:54:52 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll [2013.04.11 10:54:52 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll [2013.04.11 10:54:33 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013.04.11 10:54:28 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013.04.11 10:54:26 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013.04.11 10:54:24 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe [2013.04.11 10:54:24 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll [2013.04.11 10:54:24 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll [2013.03.27 16:03:59 | 000,000,000 | ---D | C] -- C:\Users\paria\AppData\Local\{01643614-4490-4649-9795-53C02C69F256} [2013.03.27 15:08:24 | 001,054,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe [2013.03.27 15:08:24 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll [2013.03.27 15:08:24 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll [2013.03.27 15:08:24 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll [2013.03.27 15:08:24 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2013.03.27 15:08:24 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe [2013.03.27 15:08:24 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe [2013.03.27 15:08:24 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.03.27 15:08:24 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2013.03.27 15:08:24 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2013.03.27 15:08:24 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll [2013.03.27 15:08:24 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2013.03.27 15:08:24 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.03.27 15:08:24 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe [2013.03.27 15:08:24 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll [2013.03.27 15:08:24 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll [2013.03.27 15:08:24 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2013.03.27 15:08:23 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.03.27 15:08:23 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.03.27 15:08:23 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat [2013.03.27 15:08:23 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat [2013.03.27 15:08:23 | 000,905,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll [2013.03.27 15:08:23 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2013.03.27 15:08:23 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2013.03.27 15:08:23 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.03.27 15:08:23 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2013.03.27 15:08:23 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2013.03.27 15:08:23 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2013.03.27 15:08:23 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2013.03.27 15:08:23 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.03.27 15:08:23 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.03.27 15:08:23 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll [2013.03.27 15:08:23 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2013.03.27 15:08:23 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.03.27 15:08:23 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe [2013.03.27 15:08:23 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2013.03.27 15:08:23 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe [2013.03.27 15:08:23 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2013.03.27 15:08:23 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll [2013.03.27 15:08:23 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll [2013.03.27 15:08:23 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.03.27 15:08:23 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll [2013.03.27 15:08:23 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll [2013.03.27 15:08:23 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll [2013.03.27 15:08:23 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx [2013.03.27 15:08:23 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll [2013.03.27 15:08:23 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2013.03.27 15:08:23 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2013.03.27 15:08:23 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe [2013.03.27 15:08:23 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2013.03.27 15:08:22 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe [2013.03.27 15:08:22 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx [2013.03.27 15:08:22 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll [2013.03.27 15:06:50 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll [2013.03.27 15:06:50 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll [2013.03.27 15:06:50 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll [2013.03.27 15:06:50 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll [2013.03.27 15:06:50 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll [2013.03.27 15:06:50 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll [2013.03.27 15:06:50 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2013.03.27 15:06:50 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll [2013.03.27 15:06:50 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll [2013.03.27 15:06:50 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll [2013.03.27 15:06:50 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll [2013.03.27 15:06:50 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll [2013.03.27 15:06:50 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll [2013.03.27 15:06:50 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll [2013.03.27 15:06:50 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll [2013.03.27 15:06:50 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll [2013.03.27 15:06:50 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll [2013.03.27 15:06:50 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll [2013.03.27 15:06:50 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll [2013.03.27 15:06:50 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll [2013.03.27 15:06:50 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll [2013.03.27 15:06:50 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.03.27 15:06:50 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.03.27 15:06:50 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.03.27 15:06:50 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.03.27 15:06:50 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.03.27 15:06:50 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.03.27 15:06:50 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.03.27 15:06:50 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.03.27 15:06:50 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll [2013.03.27 15:06:50 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll [2013.03.27 15:06:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.03.27 15:06:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.03.27 15:06:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll [2013.03.27 15:06:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll [2013.03.27 15:06:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.03.27 15:06:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.03.27 15:06:50 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.03.27 15:06:50 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.03.27 15:06:49 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll [2013.03.27 15:06:49 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll [2013.03.24 13:52:54 | 000,000,000 | ---D | C] -- C:\Users\paria\AppData\Local\Microsoft Games [2013.03.24 12:58:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2013.03.21 09:55:03 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys [2013.03.21 01:25:18 | 000,000,000 | ---D | C] -- C:\Users\paria\AppData\Local\{F4995AB7-BB13-4410-9788-2AFF497F6DDD} [2013.03.20 11:33:44 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.03.20 11:33:44 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.03.20 11:33:43 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.03.15 22:37:21 | 000,000,000 | ---D | C] -- C:\Users\paria\AppData\Local\{C75C6C21-AB57-448A-8892-4E092DE5C0EA} [2013.03.15 10:38:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2013.03.15 10:37:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2013.03.15 10:37:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2013.02.16 16:03:41 | 000,000,000 | ---D | C] -- C:\Users\paria\AppData\Local\{29EFFD44-DE1A-4131-965D-E2D9069231B6} [2013.02.15 12:03:04 | 000,000,000 | ---D | C] -- C:\Users\paria\AppData\Local\{85E6A982-FF41-4CD2-94CF-2D2F3974BABF} [2013.02.14 23:06:30 | 000,000,000 | ---D | C] -- C:\Users\paria\AppData\Local\{C830104A-F3C0-4F75-A1C5-B5B38B991ADF} [2013.02.13 11:59:12 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2013.02.13 11:59:12 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013.02.13 11:59:12 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013.02.13 11:59:12 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013.02.13 11:59:12 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013.02.13 11:59:11 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013.02.13 11:59:10 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS [2013.02.03 12:37:37 | 000,000,000 | ---D | C] -- C:\Users\paria\AppData\Local\{B1819108-0FFC-4DDC-AB6F-FB8DFA3DF9C1} [2013.02.01 20:27:28 | 000,000,000 | ---D | C] -- C:\Users\paria\AppData\Local\{8FF5A631-6CA2-4A72-B3E0-CE4422716BD4} [2013.01.29 16:30:24 | 000,000,000 | ---D | C] -- C:\Programs [2013.01.29 16:26:41 | 000,000,000 | ---D | C] -- C:\Users\paria\BWINCOMPokerDir [2013.01.17 20:22:13 | 000,000,000 | ---D | C] -- C:\Users\paria\AppData\Local\{16F460D2-0DD2-49E1-8013-26284F3B1A3C} [2013.01.10 09:53:47 | 000,000,000 | ---D | C] -- C:\Users\paria\AppData\Local\{78330D9A-9C08-4349-84C1-04303EFA079B} [2013.01.09 18:29:12 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2013.01.09 18:29:12 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll [2013.01.09 18:28:43 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2013.01.09 18:28:36 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll [2013.01.09 18:28:21 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs [2013.01.09 18:28:21 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs [2013.01.09 18:28:21 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs [2013.01.09 18:28:21 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs [2013.01.09 18:28:21 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs [2013.01.09 18:28:21 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs [2013.01.09 18:28:21 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs [2013.01.09 18:28:21 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs [2013.01.09 18:28:21 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs [2013.01.09 18:28:21 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs [2013.01.09 18:28:21 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs [2013.01.09 18:28:21 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs [2013.01.09 18:28:21 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs [2013.01.09 18:28:21 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs [2013.01.09 18:28:21 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs [2013.01.09 18:28:21 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs [2013.01.09 18:28:21 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs [2013.01.09 18:28:20 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll [2013.01.09 18:28:20 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll [2013.01.09 18:28:20 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll [2013.01.09 18:28:20 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll [2013.01.09 18:28:20 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs [2013.01.09 18:28:20 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs [2013.01.09 18:28:20 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs [2013.01.09 18:28:19 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs [2013.01.09 18:28:19 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs [2013.01.09 18:28:18 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs [2013.01.09 18:28:18 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs [2013.01.09 18:28:18 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs [2013.01.09 18:28:18 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs [2013.01.09 18:28:18 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs [2013.01.09 18:28:18 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs [2013.01.09 18:28:01 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe [2013.01.09 18:27:49 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2013.01.09 18:27:45 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2013.01.09 18:27:44 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2013.01.09 18:27:44 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2013.01.09 18:27:44 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2013.01.09 18:27:44 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2013.01.09 18:27:44 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2013.01.09 18:27:44 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2013.01.09 18:27:44 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2013.01.09 18:27:44 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2013.01.09 18:27:44 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2013.01.09 18:27:44 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2013.01.09 18:27:44 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2013.01.09 18:27:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2013.01.09 18:27:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2013.01.09 18:27:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2013.01.09 18:27:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2013.01.09 18:27:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2013.01.09 18:27:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.01.09 18:27:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2013.01.09 18:27:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2013.01.09 18:27:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2013.01.09 18:27:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2013.01.09 18:27:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2013.01.09 18:27:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2013.01.09 18:27:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2013.01.09 18:27:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2013.01.09 18:27:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2013.01.09 18:27:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2013.01.09 18:27:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2013.01.09 18:27:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2013.01.09 18:27:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2013.01.09 18:27:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2013.01.09 18:27:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2013.01.09 18:27:43 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2013.01.09 18:27:43 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2013.01.09 18:27:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2013.01.09 18:27:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2013.01.09 18:27:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2013.01.09 18:27:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2013.01.09 18:27:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2013.01.09 18:27:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2013.01.09 18:27:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2013.01.09 18:27:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2013.01.09 18:27:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2013.01.09 18:27:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2013.01.09 18:27:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2013.01.09 18:27:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2013.01.09 18:27:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.01.09 18:27:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2013.01.09 18:27:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2013.01.09 18:27:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2013.01.09 18:27:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2013.01.09 18:27:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2013.01.09 18:27:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2013.01.09 18:27:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2013.01.09 18:27:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2013.01.09 18:27:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2013.01.09 18:27:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2013.01.09 18:27:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2013.01.09 18:27:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2013.01.09 18:27:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2013.01.09 18:27:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2013.01.08 11:15:19 | 000,000,000 | ---D | C] -- C:\Users\paria\AppData\Local\{C257C55E-FAB0-4C3E-BDEB-851BC5E4990B} [2012.12.23 11:00:35 | 000,000,000 | ---D | C] -- C:\Users\paria\AppData\Local\{250803A4-DBB9-4DF0-A1CA-D451E83C3532} [2012.12.22 22:26:00 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2012.12.22 22:26:00 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2012.12.22 22:25:59 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2012.12.22 22:25:58 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2012.12.15 09:46:06 | 000,000,000 | ---D | C] -- C:\Users\paria\Desktop\niki [2012.12.15 08:59:52 | 000,000,000 | ---D | C] -- C:\Users\paria\Desktop\behi uni [2012.12.15 08:49:23 | 000,000,000 | ---D | C] -- C:\Users\paria\Desktop\Marjan [2012.12.15 08:45:46 | 000,000,000 | ---D | C] -- C:\Users\paria\Desktop\maman o baba [2012.12.14 18:50:55 | 000,000,000 | ---D | C] -- C:\Users\paria\Desktop\albumamir [2012.12.14 10:05:22 | 000,000,000 | ---D | C] -- C:\Users\paria\Desktop\B kal [2012.12.13 11:31:31 | 000,000,000 | ---D | C] -- C:\Users\paria\Desktop\IT [2012.12.13 08:00:25 | 000,000,000 | ---D | C] -- C:\Users\paria\AppData\Local\{D612EA39-3D91-4A7F-9068-B8CB2ADF41AF} [2012.12.12 08:16:27 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll [2012.12.12 08:16:27 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll [2012.12.09 11:41:17 | 000,000,000 | ---D | C] -- C:\Users\paria\Desktop\elham [2012.12.05 09:29:24 | 000,000,000 | ---D | C] -- C:\Users\paria\AppData\Local\{6287A6B6-23B8-4A94-9D3C-2D389D6B224A} [2012.12.04 18:53:38 | 000,000,000 | ---D | C] -- C:\Users\paria\AppData\Local\{15D02E6B-6F4D-4F2F-85A4-184385769534} [2012.12.02 15:13:37 | 000,000,000 | ---D | C] -- C:\Users\paria\AppData\Local\{79F95D92-AC8A-4B91-933C-A2EFC532C56A} [2012.11.19 11:55:53 | 000,000,000 | ---D | C] -- C:\Users\paria\AppData\Local\{529B394A-07C2-418F-B1BA-918ED2F8343F} [2012.11.19 07:24:34 | 000,000,000 | ---D | C] -- C:\Users\paria\AppData\Local\{3765D071-5F10-4645-B155-D9873376C82E} [2012.11.19 01:03:57 | 002,753,536 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\athrx.sys [2012.11.19 01:03:57 | 002,753,536 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\athrx.sys [2012.11.19 01:03:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Atheros WiFi Driver Installation [2012.11.19 01:01:43 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Care [2012.11.19 00:56:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation [2012.11.19 00:55:59 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA [2012.11.19 00:54:32 | 001,452,648 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdagenco6420102.dll [2012.11.19 00:54:32 | 000,174,184 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys [2012.11.19 00:54:32 | 000,029,288 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll [2012.11.19 00:54:31 | 020,471,616 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll [2012.11.19 00:54:31 | 018,581,824 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll [2012.11.19 00:54:31 | 015,053,120 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll [2012.11.19 00:54:31 | 013,013,312 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll [2012.11.19 00:54:31 | 006,599,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll [2012.11.19 00:54:31 | 004,938,560 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll [2012.11.19 00:54:31 | 003,183,936 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll [2012.11.19 00:54:31 | 002,956,608 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll [2012.11.19 00:54:31 | 002,873,152 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll [2012.11.19 00:54:31 | 002,581,312 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll [2012.11.19 00:54:31 | 002,211,136 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll [2012.11.19 00:54:31 | 001,654,592 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6420144.dll [2012.11.19 00:54:31 | 001,400,128 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco642063.dll [2012.11.19 00:54:31 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2012.11.19 00:54:31 | 000,059,712 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2012.11.19 00:54:31 | 000,012,992 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvBridge.kmd [2012.11.19 00:53:53 | 009,888,872 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysWow64\RtsPStorIcon.dll [2012.11.19 00:53:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek [2012.11.19 00:40:08 | 000,000,000 | ---D | C] -- C:\Update [2012.11.18 13:50:18 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys [2012.11.18 13:50:18 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll [2012.11.18 13:41:46 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll [2012.11.18 13:41:46 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll [2012.11.18 13:41:42 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll [2012.11.18 13:41:42 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe [2012.11.17 01:54:59 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll [2012.11.17 01:54:59 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll [2012.11.17 01:54:59 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll [2012.11.17 01:54:18 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll [2012.11.17 01:54:18 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll [2012.11.17 01:54:18 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll [2012.11.17 01:54:18 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll [2012.11.17 01:54:18 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll [2012.11.17 01:54:18 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll [2012.11.17 01:54:16 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll [2012.11.17 01:54:16 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll [2012.11.08 12:29:12 | 001,402,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml4.dll [2012.11.05 13:25:01 | 000,000,000 | ---D | C] -- C:\Users\paria\AppData\Local\{E6ACA527-A81F-4E34-A1E4-5D9AE2BBF93C} [2012.11.04 17:31:48 | 000,000,000 | ---D | C] -- C:\Users\paria\AppData\Roaming\Avira [2012.11.04 17:26:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.11.04 17:25:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.11.04 17:25:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2012.11.04 17:24:55 | 000,000,000 | ---D | C] -- C:\Users\paria\AppData\Local\{896AF702-9C1C-4077-B8DB-9B08E90EBD8B} [2012.11.02 11:01:30 | 000,000,000 | ---D | C] -- C:\Users\paria\AppData\Local\{446ECC93-C115-4256-BFE0-2310CC452A49} [2012.11.01 20:32:04 | 000,000,000 | ---D | C] -- C:\Users\paria\AppData\Local\Facebook [2012.11.01 14:22:59 | 000,000,000 | ---D | C] -- C:\Users\paria\AppData\Local\{C43D9982-4966-4197-8D3D-8D81441B6C5C} [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] |
|
16.04.2013, 17:18
| #8 |
| | TR/PSW.Zbot.AM987 ========== Files - Modified Within 180 Days ========== [2013.04.16 12:58:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.04.16 12:01:40 | 000,020,720 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.16 12:01:40 | 000,020,720 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.16 11:58:34 | 001,614,036 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.04.16 11:58:34 | 000,697,322 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.04.16 11:58:34 | 000,652,600 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.04.16 11:58:34 | 000,148,328 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.04.16 11:58:34 | 000,121,274 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.04.16 11:54:23 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.04.16 11:54:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.16 11:54:01 | 3206,959,104 | -HS- | M] () -- C:\hiberfil.sys [2013.04.15 22:37:01 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-301847239-349234148-2088765594-1000UA.job [2013.04.15 20:58:31 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.04.15 20:47:26 | 012,917,756 | ---- | M] () -- C:\Users\paria\Desktop\mbar-1.05.0.1001.zip [2013.04.15 20:43:43 | 005,054,270 | R--- | M] (Swearware) -- C:\Users\paria\Desktop\ComboFix.exe [2013.04.15 19:37:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-301847239-349234148-2088765594-1000Core.job [2013.04.15 13:54:14 | 430,975,093 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.04.15 13:12:05 | 000,377,856 | ---- | M] () -- C:\Users\paria\Desktop\gmer_2.1.19163.exe [2013.04.15 12:33:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\paria\Desktop\OTL.exe [2013.04.15 12:27:48 | 000,000,000 | ---- | M] () -- C:\Users\paria\defogger_reenable [2013.04.15 12:25:13 | 000,050,477 | ---- | M] () -- C:\Users\paria\Desktop\Defogger.exe [2013.04.12 08:04:02 | 000,301,536 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.04.12 07:50:17 | 000,000,118 | ---- | M] () -- C:\Windows\SysNative\MRT.INI [2013.03.27 15:08:24 | 001,054,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe [2013.03.27 15:08:24 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll [2013.03.27 15:08:24 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll [2013.03.27 15:08:24 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll [2013.03.27 15:08:24 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2013.03.27 15:08:24 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe [2013.03.27 15:08:24 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe [2013.03.27 15:08:24 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.03.27 15:08:24 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2013.03.27 15:08:24 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2013.03.27 15:08:24 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll [2013.03.27 15:08:24 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2013.03.27 15:08:24 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.03.27 15:08:24 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe [2013.03.27 15:08:24 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll [2013.03.27 15:08:24 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll [2013.03.27 15:08:24 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2013.03.27 15:08:23 | 001,509,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.03.27 15:08:23 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.03.27 15:08:23 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat [2013.03.27 15:08:23 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat [2013.03.27 15:08:23 | 000,905,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll [2013.03.27 15:08:23 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2013.03.27 15:08:23 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2013.03.27 15:08:23 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.03.27 15:08:23 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2013.03.27 15:08:23 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2013.03.27 15:08:23 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2013.03.27 15:08:23 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2013.03.27 15:08:23 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.03.27 15:08:23 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.03.27 15:08:23 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll [2013.03.27 15:08:23 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2013.03.27 15:08:23 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.03.27 15:08:23 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe [2013.03.27 15:08:23 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2013.03.27 15:08:23 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe [2013.03.27 15:08:23 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2013.03.27 15:08:23 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll [2013.03.27 15:08:23 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll [2013.03.27 15:08:23 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.03.27 15:08:23 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll [2013.03.27 15:08:23 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll [2013.03.27 15:08:23 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll [2013.03.27 15:08:23 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx [2013.03.27 15:08:23 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll [2013.03.27 15:08:23 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2013.03.27 15:08:23 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2013.03.27 15:08:23 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2013.03.27 15:08:23 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2013.03.27 15:08:23 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe [2013.03.27 15:08:23 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2013.03.27 15:08:22 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe [2013.03.27 15:08:22 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx [2013.03.27 15:08:22 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll [2013.03.27 15:06:50 | 003,928,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll [2013.03.27 15:06:50 | 002,776,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll [2013.03.27 15:06:50 | 002,565,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll [2013.03.27 15:06:50 | 002,284,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll [2013.03.27 15:06:50 | 001,887,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll [2013.03.27 15:06:50 | 001,682,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll [2013.03.27 15:06:50 | 001,643,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2013.03.27 15:06:50 | 001,504,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll [2013.03.27 15:06:50 | 001,424,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll [2013.03.27 15:06:50 | 001,238,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll [2013.03.27 15:06:50 | 001,158,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll [2013.03.27 15:06:50 | 000,648,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll [2013.03.27 15:06:50 | 000,522,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll [2013.03.27 15:06:50 | 000,465,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll [2013.03.27 15:06:50 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll [2013.03.27 15:06:50 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll [2013.03.27 15:06:50 | 000,363,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll [2013.03.27 15:06:50 | 000,333,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll [2013.03.27 15:06:50 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll [2013.03.27 15:06:50 | 000,245,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll [2013.03.27 15:06:50 | 000,194,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll [2013.03.27 15:06:50 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.03.27 15:06:50 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.03.27 15:06:50 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.03.27 15:06:50 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.03.27 15:06:50 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.03.27 15:06:50 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.03.27 15:06:50 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.03.27 15:06:50 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.03.27 15:06:50 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll [2013.03.27 15:06:50 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll [2013.03.27 15:06:50 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.03.27 15:06:50 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.03.27 15:06:50 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll [2013.03.27 15:06:50 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll [2013.03.27 15:06:50 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.03.27 15:06:50 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.03.27 15:06:50 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.03.27 15:06:50 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.03.27 15:06:49 | 000,221,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll [2013.03.27 15:06:49 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll [2013.03.20 11:33:25 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.03.20 11:33:25 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.03.20 11:33:25 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.03.19 08:04:06 | 005,550,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013.03.19 07:46:56 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll [2013.03.19 07:04:13 | 003,968,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013.03.19 07:04:10 | 003,913,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013.03.19 06:47:50 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll [2013.03.19 05:06:33 | 000,112,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe [2013.02.21 12:29:38 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.02.21 12:29:37 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.02.21 12:29:37 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013.02.21 12:29:37 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013.02.21 12:29:37 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013.02.21 12:15:22 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013.02.21 12:14:21 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.02.21 12:14:09 | 003,958,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.02.21 12:14:08 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.02.21 12:14:05 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.02.21 12:14:05 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013.02.21 12:14:05 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013.02.21 12:14:04 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013.02.19 13:10:53 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013.02.19 12:51:18 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013.02.15 08:08:40 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll [2013.02.15 08:06:11 | 003,717,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll [2013.02.15 08:02:26 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll [2013.02.15 06:37:10 | 003,217,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll [2013.02.15 06:34:10 | 000,131,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll [2013.02.15 05:25:51 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll [2013.02.12 06:12:05 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys [2013.01.10 09:32:00 | 001,591,930 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.01.04 07:46:09 | 000,215,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2013.01.04 06:51:16 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013.01.04 04:47:35 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013.01.04 04:47:34 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013.01.04 04:47:34 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013.01.04 04:47:33 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013.01.03 08:00:42 | 000,288,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS [2012.12.16 19:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2012.12.16 16:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2012.12.16 16:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2012.12.16 16:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2012.12.07 15:20:16 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll [2012.12.07 15:15:31 | 002,746,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll [2012.12.07 14:26:17 | 000,308,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll [2012.12.07 14:20:43 | 002,576,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll [2012.12.07 13:20:04 | 000,030,720 | ---- | M] (Microsoft) -- C:\Windows\SysNative\usk.rs [2012.12.07 13:20:03 | 000,043,520 | ---- | M] (Microsoft) -- C:\Windows\SysNative\csrr.rs [2012.12.07 13:20:03 | 000,023,552 | ---- | M] (Microsoft) -- C:\Windows\SysNative\oflc.rs [2012.12.07 13:20:01 | 000,045,568 | ---- | M] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs [2012.12.07 13:20:01 | 000,044,544 | ---- | M] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs [2012.12.07 13:20:01 | 000,020,480 | ---- | M] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs [2012.12.07 13:20:00 | 000,020,480 | ---- | M] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs [2012.12.07 13:19:59 | 000,020,480 | ---- | M] (Microsoft) -- C:\Windows\SysNative\pegi.rs [2012.12.07 13:19:58 | 000,046,592 | ---- | M] (Microsoft) -- C:\Windows\SysNative\fpb.rs [2012.12.07 13:19:57 | 000,040,960 | ---- | M] (Microsoft) -- C:\Windows\SysNative\cob-au.rs [2012.12.07 13:19:57 | 000,021,504 | ---- | M] (Microsoft) -- C:\Windows\SysNative\grb.rs [2012.12.07 13:19:57 | 000,015,360 | ---- | M] (Microsoft) -- C:\Windows\SysNative\djctq.rs [2012.12.07 13:19:56 | 000,055,296 | ---- | M] (Microsoft) -- C:\Windows\SysNative\cero.rs [2012.12.07 13:19:55 | 000,051,712 | ---- | M] (Microsoft) -- C:\Windows\SysNative\esrb.rs [2012.12.07 12:46:42 | 000,043,520 | ---- | M] (Microsoft) -- C:\Windows\SysWow64\csrr.rs [2012.12.07 12:46:42 | 000,030,720 | ---- | M] (Microsoft) -- C:\Windows\SysWow64\usk.rs [2012.12.07 12:46:41 | 000,045,568 | ---- | M] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs [2012.12.07 12:46:41 | 000,044,544 | ---- | M] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs [2012.12.07 12:46:41 | 000,023,552 | ---- | M] (Microsoft) -- C:\Windows\SysWow64\oflc.rs [2012.12.07 12:46:41 | 000,020,480 | ---- | M] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs [2012.12.07 12:46:40 | 000,020,480 | ---- | M] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs [2012.12.07 12:46:39 | 000,046,592 | ---- | M] (Microsoft) -- C:\Windows\SysWow64\fpb.rs [2012.12.07 12:46:39 | 000,020,480 | ---- | M] (Microsoft) -- C:\Windows\SysWow64\pegi.rs [2012.12.07 12:46:38 | 000,021,504 | ---- | M] (Microsoft) -- C:\Windows\SysWow64\grb.rs [2012.12.07 12:46:37 | 000,040,960 | ---- | M] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs [2012.12.07 12:46:37 | 000,015,360 | ---- | M] (Microsoft) -- C:\Windows\SysWow64\djctq.rs [2012.12.07 12:46:36 | 000,055,296 | ---- | M] (Microsoft) -- C:\Windows\SysWow64\cero.rs [2012.12.07 12:46:36 | 000,051,712 | ---- | M] (Microsoft) -- C:\Windows\SysWow64\esrb.rs [2012.11.30 07:45:35 | 000,362,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2012.11.30 07:45:35 | 000,243,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2012.11.30 07:45:35 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2012.11.30 07:43:12 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2012.11.30 07:41:07 | 001,161,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2012.11.30 07:41:07 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2012.11.30 07:38:45 | 000,006,144 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2012.11.30 07:38:45 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2012.11.30 07:38:45 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2012.11.30 07:38:45 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2012.11.30 07:38:45 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2012.11.30 07:38:45 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.11.30 07:38:45 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2012.11.30 07:38:45 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2012.11.30 07:38:45 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2012.11.30 07:38:45 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2012.11.30 07:38:45 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2012.11.30 07:38:45 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2012.11.30 07:38:45 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2012.11.30 07:38:44 | 000,005,120 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2012.11.30 07:38:44 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2012.11.30 07:38:44 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2012.11.30 07:38:44 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2012.11.30 07:38:44 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2012.11.30 07:38:44 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2012.11.30 07:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2012.11.30 07:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2012.11.30 07:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2012.11.30 07:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2012.11.30 07:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2012.11.30 07:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2012.11.30 07:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2012.11.30 07:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2012.11.30 07:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2012.11.30 06:45:15 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2012.11.30 06:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2012.11.30 06:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2012.11.30 06:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2012.11.30 06:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2012.11.30 06:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2012.11.30 06:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2012.11.30 06:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2012.11.30 06:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2012.11.30 06:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2012.11.30 06:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2012.11.30 06:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2012.11.30 06:45:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2012.11.30 06:45:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.11.30 06:45:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2012.11.30 06:45:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2012.11.30 06:45:14 | 000,005,120 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2012.11.30 06:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2012.11.30 06:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2012.11.30 06:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2012.11.30 06:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2012.11.30 06:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2012.11.30 06:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2012.11.30 06:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2012.11.30 05:23:48 | 000,338,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2012.11.30 04:38:59 | 000,006,144 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2012.11.30 04:38:59 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2012.11.30 04:38:59 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2012.11.30 04:38:59 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2012.11.23 05:13:57 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe [2012.11.22 07:44:23 | 000,800,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll [2012.11.21 14:54:44 | 010,848,641 | ---- | M] () -- C:\Users\paria\Desktop\Attachments_2012_11_21.zip [2012.11.20 07:48:49 | 000,307,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2012.11.09 07:45:32 | 000,750,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2012.11.09 06:43:04 | 000,492,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll [2012.11.08 12:29:12 | 001,402,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml4.dll [2012.11.04 17:26:32 | 000,001,994 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.11.02 07:59:11 | 000,478,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll [2012.11.02 07:11:31 | 000,376,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll [2012.11.01 21:02:39 | 000,001,868 | ---- | M] () -- C:\test.xml [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.04.15 20:53:14 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.04.15 20:53:14 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.04.15 20:53:14 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.04.15 20:53:14 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.04.15 20:53:14 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.04.15 20:47:26 | 012,917,756 | ---- | C] () -- C:\Users\paria\Desktop\mbar-1.05.0.1001.zip [2013.04.15 13:54:14 | 430,975,093 | ---- | C] () -- C:\Windows\MEMORY.DMP [2013.04.15 13:12:04 | 000,377,856 | ---- | C] () -- C:\Users\paria\Desktop\gmer_2.1.19163.exe [2013.04.15 12:27:48 | 000,000,000 | ---- | C] () -- C:\Users\paria\defogger_reenable [2013.04.15 12:25:13 | 000,050,477 | ---- | C] () -- C:\Users\paria\Desktop\Defogger.exe [2013.03.27 15:08:23 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2013.03.27 15:08:23 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2013.02.10 20:46:53 | 002,990,539 | ---- | C] () -- C:\Users\paria\Desktop\m amir.jpg [2013.01.06 17:21:28 | 000,001,141 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk [2012.11.21 14:54:44 | 010,848,641 | ---- | C] () -- C:\Users\paria\Desktop\Attachments_2012_11_21.zip [2012.11.19 01:03:57 | 000,434,654 | ---- | C] () -- C:\Windows\SysNative\netathrx.inf [2012.11.19 01:03:57 | 000,066,623 | ---- | C] () -- C:\Windows\SysNative\athrextx.cat [2012.11.19 01:01:38 | 000,002,017 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Care.lnk [2012.11.18 13:50:20 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012.11.18 13:41:42 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012.11.04 17:26:32 | 000,001,994 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.11.01 20:32:09 | 000,000,928 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-301847239-349234148-2088765594-1000UA.job [2012.11.01 20:32:08 | 000,000,906 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-301847239-349234148-2088765594-1000Core.job [2012.04.24 13:17:03 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Custom Scans ========== < C:\Users\paria\AppData\Roaming\Doteil\*.* /S > [2012.10.12 21:09:21 | 000,001,941 | ---- | M] () -- C:\Users\paria\AppData\Roaming\Doteil\dozay.pyo < C:\Users\paria\AppData\Roaming\Opzy\*.* /S > < C:\Users\paria\AppData\Roaming\Evopjo\*.* /S > < C:\Users\paria\AppData\Roaming\Zeywep\*.* /S > < > < End of report >OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 16.04.2013 13:00:42 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\paria\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,98 Gb Total Physical Memory | 2,52 Gb Available Physical Memory | 63,33% Memory free
7,96 Gb Paging File | 6,22 Gb Available in Paging File | 78,08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 582,18 Gb Total Space | 527,55 Gb Free Space | 90,62% Space Free | Partition Type: NTFS
Computer Name: ZUHAUSE | User Name: paria | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 180 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2EEAAE20-0887-4E3E-9ECB-4F6CFCDBD55D}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{30D61AB0-BC55-49CD-A5C6-D3EFF2EE0E23}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{E1BB82E0-88C7-4766-8A5E-410B4F59BD7B}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1DBF2150-EF18-4ECA-B4A2-3D3406FFF159}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{6C33257B-4C56-42A5-BD71-7B153F3C628B}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{7336D68A-A5EF-485A-B261-22FB68E4E99D}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{A4066340-B066-443C-8F18-3E35F3267DBF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{CF554707-825D-4DC7-A6F2-65D5148793E1}" = dir=in | app=c:\users\paria\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"TCP Query User{395ECCEC-7AD1-472D-9B02-6E62F84B4B1E}C:\users\paria\appdata\roaming\zeywep\etmod.exe" = protocol=6 | dir=in | app=c:\users\paria\appdata\roaming\zeywep\etmod.exe |
"TCP Query User{535EE812-B110-4725-BE5A-FD8AC8CFE3E3}C:\users\paria\appdata\roaming\evopjo\fygeo.exe" = protocol=6 | dir=in | app=c:\users\paria\appdata\roaming\evopjo\fygeo.exe |
"TCP Query User{ECE2E975-1015-4196-8ED7-DB20207F9686}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{0DFFA166-278F-4762-BE9F-705F86AB54FF}C:\users\paria\appdata\roaming\evopjo\fygeo.exe" = protocol=17 | dir=in | app=c:\users\paria\appdata\roaming\evopjo\fygeo.exe |
"UDP Query User{D3F1C98A-31E4-42D1-8631-79AE930B8631}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{D8BC2BA4-BE04-480B-9804-984BD8A5365D}C:\users\paria\appdata\roaming\zeywep\etmod.exe" = protocol=17 | dir=in | app=c:\users\paria\appdata\roaming\zeywep\etmod.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{115B60D5-BBDB-490E-AF2E-064D37A3CE01}" = Media Gallery
"{133D3F07-D558-46CE-80E8-F4D75DBBAD63}" = PMB VAIO Edition Plug-in
"{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources
"{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{22AB5CFD-B3DB-414E-9F99-4D024CCF1DA6}" = Windows Live Remote Client Resources
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{26A24AE4-039D-4CA4-87B4-2F86416022FF}" = Java(TM) 6 Update 22 (64-bit)
"{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{312395BC-7CC2-434C-A660-30250276A926}" = SSLx64
"{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources
"{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources
"{4EFA8109-732B-4026-9F0C-B70ECF3F9293}" = Windows Live Remote Service Resources
"{4F31AC31-0A28-4F5A-8416-513972DA1F79}" = Sony Corporation
"{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}" = Windows Live Remote Service Resources
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5F44A3A1-5D24-4708-8776-66B42B174C64}" = Windows Live Remote Client Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{61407251-7F7D-4303-810D-226A04D5CFF3}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6B7DE186-374B-4873-AEC1-7464DA337DD6}" = VU5x64
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{75C95C84-264F-4CC7-8A7E-346444E6C7C1}" = VAIO Improvement Validation
"{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99E6C2F3-59B2-4308-B1CD-4928B55B7E30}" = VGClientX64
"{9E9C960F-7F47-46D5-A95D-950B354DE2B8}" = Windows Live Remote Service Resources
"{9F672527-2BE4-47AB-B061-C057BDE30B30}" = Windows Live Remote Client Resources
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 269.73
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 269.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 269.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0507
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.24.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D55EAC07-7207-44BD-B524-0F063F327743}" = VIx64
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{ED421F97-E1C3-4E78-9F54-A53888215D58}" = Windows Live Remote Client Resources
"{F1DC5C16-9B1F-467B-85E3-CB48C27AC50D}" = VESx64
"{F2611404-06BF-4E67-A5B7-8DB2FFC1CBF6}" = VSNx64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{00B03993-F5A1-47B1-9C54-EC8FBDDDE17E}" = VAIO Care
"{0125DB4D-98A0-4DBF-B68A-23BF08FFA6A3}" = Windows Live Messenger
"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
"{046885A1-B4AE-4459-A0D1-8C93706698D6}" =
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{07441A52-E208-478A-92B7-5C337CA8C131}" = VAIO - Remote Play mit PlayStation®3
"{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}" = VAIO Smart Network
"{08D7BC86-7358-464C-8AD0-0D84B5F0A0C9}" = Remote Keyboard
"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
"{09B7C7EB-3140-4B5E-842F-9C79A7137139}" = Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger
"{0A9256E0-C924-46DE-921B-F6C4548A1C64}" = Windows Live Messenger
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh
"{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh
"{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
"{17835B63-8308-427F-8CF5-D76E0D5FE457}" = Windows Live Essentials
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima
"{1B0545C4-620F-4661-A369-C4D113F24932}" = Windows Live Writer Resources
"{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack
"{2303F9E7-6293-4A85-BC21-CA226FAD5CE4}" = Windows Live Mail
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{241E7104-937A-4366-AD57-8FDDDB003939}" = Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi
"{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
"{260E3D78-94E6-47EC-8E29-46301572BB1E}" = Control ActiveX Windows Live Mesh pentru conexiuni la distanță
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{270380EB-8812-42E1-8289-53700DB840D2}" = PMB VAIO Edition Plug-in
"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger
"{2BA5FD10-653F-4CAF-9CCD-F685082A1DC1}" = Windows Live Writer
"{2C09B3BC-47CF-49B7-8EC6-7F12C72D252F}" = NVIDIA PhysX
"{2C7E8AA1-9C03-4606-BF34-5D99D07964DA}" = Windows Live Messenger
"{2C8FBAB0-4564-47B8-AC4B-9C7401B94BF2}" = Основи Windows Live
"{2D3E034E-F76B-410A-A169-55755D2637BB}" = Windows Live Mesh
"{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
"{303143DD-1F6D-4BC5-9342-FFC2E19B2DBD}" = Windows Live Messenger
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{34C4F5AF-D757-4E6A-ABCA-65AB5A50A1A8}" = Windows Live Messenger
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}" = VAIO Care
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{376D59B1-42D9-4FA2-B6CC-E346B6BE14F5}" = ActiveX-kontroll för fjärranslutningar för Windows Live Mesh
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39BDD209-5704-480C-9F4A-B69D0370DDBB}" = Windows Live Messenger
"{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh
"{3A26D9BD-0F73-432D-B522-2BA18138F7EF}" = VAIO Improvement
"{3A94F54D-A8A4-4B82-B346-92B4D56A2708}" = VESx86
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{4444F27C-B1A8-464E-9486-4C37BAB39A09}" = Фотогалерия на Windows Live
"{458F399F-62AC-4747-99F5-499BBF073D29}" = Windows Live Writer Resources
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4C378B16-46B7-4DA1-A2CE-2EE676F74680}" = Windows Live UX Platform Language Pack
"{4CF6F287-5121-483C-A5A2-07BDE19D8B4E}" = Windows Live Meshin etäyhteyksien ActiveX-komponentti
"{50300123-F8FC-4B50-B449-E847D04F1BA2}" = Windows Live Messenger
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{547C9EB4-4CA6-402F-9D1B-8BD30DC71E44}" = VAIO Sample Contents
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{57220148-3B2B-412A-A2E0-82B9DF423696}" = Windows Live Mesh ActiveX-objekt til fjernforbindelser
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{5A92468F-3ED8-4F96-A9E1-4F176C80EC29}" = VAIO Quick Web Access
"{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
"{5D2E7BD7-4B6F-4086-BA8A-E88484750624}" = Windows Live Writer Resources
"{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = VAIO-Support für Übertragungen
"{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack
"{5FA51AAF-23FE-42F4-A724-D79F85F41D4B}" = Remote Play with PlayStation 3
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{61438020-DDD4-42FA-99A2-50225441980A}" = ArcSoft Magic-i Visual Effects 2
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{63C43435-F428-42BA-8E7B-5848749D9262}" = SSLx86
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials
"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{66081CDD-C1FE-415F-BB3A-F2622BA27461}" = PMB VAIO Edition Guide
"{6756D5CA-3E31-4308-9BF0-79DFD1AF196E}" = Елемент керування Windows Live Mesh ActiveX для віддалених підключень
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6986737B-F286-40D1-87AF-938339DCF6AB}" = Windows Live Messenger
"{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
"{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6AC57EEF-2733-4DE6-81BB-E78ACB964C22}" = Windows Live Photo Common
"{6D30E864-46AE-435B-8230-8B5D42B4AE37}" = Windows Live Messenger
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}" = Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz
"{6EE9F44A-B8C7-4CDB-B2A9-441AF2AE315A}" = Windows Live Messenger
"{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker
"{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common
"{70991E0A-1108-437E-BA7D-085702C670C0}" =
"{70EED410-697B-4193-A2CB-2F790F82B420}" = VAIO Data Restore Tool
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources
"{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}" = Windows Live Movie Maker
"{7396FB15-9AB4-4B78-BDD8-24A9C15D2C65}" = VAIO - Remote-Tastatur
"{73D8886A-D416-4687-B609-0D3836BA410C}" = VAIO Event Service
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
"{7AF8E500-B349-4A77-8265-9854E9A47925}" = Windows Live Movie Maker
"{7C80D30A-AC02-4E3F-B95D-29F0E4FF937B}" = VAIO Easy Connect
"{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources
"{7D0DE76C-874E-4BDE-A204-F4240160693E}" = Windows Live Photo Common
"{7D916FA5-DAE9-4A25-B089-655C70EAF607}" = Atheros WiFi Driver Installation
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7F6021AE-E688-4D03-843A-C2260482BA0D}" = Windows Live Messenger
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{80651674-74AA-4155-AF2D-1339E628D187}" = Windows Live Movie Maker
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{82803FF3-563F-414F-A403-8D4C167D4120}" = Windows Live Mail
"{82F09B1C-F602-4552-9C40-5BD5F8EAF750}" =
"{8356CB97-A48F-44CB-837A-A12838DC4669}" = PMB VAIO Edition Plug-in
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{855DDD3C-131E-42A8-BCBD-F9581F80CACB}" =
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
"{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu
"{8B583EF5-FA7B-4AE2-9008-51B7FD505886}" = VGClientX86
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{91BD94FE-ADCA-49CC-BE96-97D4BBC36FAF}" = Windows Live Mesh
"{92280FD3-A119-41E6-A740-A62DBA4DFB53}" = Windows Live UX Platform Language Pack
"{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B088046-8A01-4355-99DD-8530C022F682}" = VCCx86
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D12A8B5-9D41-4465-BF11-70719EB0CD02}" = VU5x86
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}" = VAIO Update
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7C30414-2382-4086-B0D6-01A88ABA21C3}" = VAIO Gate
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}" = Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych
"{B0AD205F-60D0-4084-AFB8-34D9A706D9A8}" = Windows Live Essentials
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B3BA4D1C-23EF-4859-9C11-1B2CCB7FADBB}" = ActiveX контрола на Windows Live Mesh за отдалечени връзки
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B6190387-0036-4BEB-8D74-A0AFC5F14706}" = Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená připojení
"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B7546697-2A80-4256-A24B-1C33163F535B}" = VAIO Gate Default
"{B8991D99-88FD-41F2-8C32-DB70278D5C30}" = VWSTx86
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}" = Элемент управления Windows Live Mesh ActiveX для удаленных подключений
"{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C08D5964-C42F-48EE-A893-2396F9562A7C}" = Windows Live Mesh
"{C115A674-A398-49E5-9C6E-C0A541D3EA10}" = Фотоколекція Windows Live
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C1C9D199-B4DD-4895-92DD-9A726A2FE341}" = Windows Live Writer
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C2FD7DB5-FE30-49B6-8A2F-C5652E053C31}" = Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}" = VAIO-Handbuch
"{C72E35E5-C5C6-4328-AD9A-BBCCC816A2E6}" = VAIO Hardware Diagnostics
"{C793AD32-2BB8-4CC4-ABD3-A1469C21593C}" = ArcSoft WebCam Companion 4
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB66242D-12B1-4494-82D2-6F53A7E024A3}" = Galerie foto Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
"{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{D07B1FDA-876B-4914-9E9A-309732B6D44F}" = Windows Live Mail
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D17C2A58-E0EA-4DD7-A2D6-C448FD25B6F6}" = VIx86
"{D2D23D08-D10E-43D6-883C-78E0B2AC9CC6}" = VU5x86
"{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D57A002F-2B34-4E7B-A58B-0A4FBDA2E93F}" = Windows Live Messenger
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E6725026-A650-449C-897B-D6B7A5EEA058}" = Adobe Flash Player 10 Plugin
"{E7688C7D-DE09-4D43-9785-534EDE9BC18E}" = Windows Live Messenger
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials
"{F28C98E9-BAC1-41FF-81F2-8885925CCB48}" = Windows Live Writer
"{F4BEA6C1-AAC3-4810-AAEA-588E26E0F237}" = Windows Live UX Platform Language Pack
"{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις
"{F694D1F7-1F12-4550-9B7A-C871273ABAD5}" = Windows Live Messenger
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail
"{FA870BF1-44A1-4B7D-93E1-C101369AF0C1}" = VAIO - Media Gallery
"{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker
"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"Adobe AIR" = Adobe AIR
"Avira AntiVir Desktop" = Avira Free Antivirus
"InstallShield_{270380EB-8812-42E1-8289-53700DB840D2}" = VAIO - PMB VAIO Edition Plug-in
"InstallShield_{66081CDD-C1FE-415F-BB3A-F2622BA27461}" = VAIO - PMB VAIO Edition Guide
"InstallShield_{7C80D30A-AC02-4E3F-B95D-29F0E4FF937B}" = VAIO Easy Connect
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"splashtop" = VAIO Quick Web Access
"TMM60" = TeLL me More
"VAIO Help and Support" =
"VAIO Hero Screensaver - Summer 2011 Screensaver" = VAIO Hero Screensaver - Summer 2011 Screensaver
"WinLiveSuite" = Windows Live Essentials
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 07.01.2013 12:03:26 | Computer Name = Zuhause | Source = SampleCollector | ID = 131331
Description = init_sstates_file:CreateFile:Prev_SState: Failed with error 0x20:
Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess
verwendet wird.
Error - 10.01.2013 03:19:59 | Computer Name = Zuhause | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: VAIO Gate.exe, Version: 2.4.2.2200,
Zeitstempel: 0x4f425c29 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec4aa8e Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000071bc
ID
des fehlerhaften Prozesses: 0xe2c Startzeit der fehlerhaften Anwendung: 0x01cde08317e701b6
Pfad
der fehlerhaften Anwendung: C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe Pfad des
fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 23e94c42-5af6-11e2-bd11-9439e5a8b582
Error - 10.01.2013 03:52:24 | Computer Name = Zuhause | Source = WinMgmt | ID = 10
Description =
Error - 10.01.2013 10:37:20 | Computer Name = Zuhause | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16457 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 1054 Startzeit: 01cdef078454e78e Endzeit: 47 Anwendungspfad:
C:\Program Files (x86)\Internet Explorer\iexplore.exe Berichts-ID:
Error - 11.01.2013 03:08:04 | Computer Name = Zuhause | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16457,
Zeitstempel: 0x50a2f9e3 Name des fehlerhaften Moduls: Flash11e.ocx, Version: 11.1.102.55,
Zeitstempel: 0x4eaf89fc Ausnahmecode: 0xc0000005 Fehleroffset: 0x00154ff6 ID des fehlerhaften
Prozesses: 0x128c Startzeit der fehlerhaften Anwendung: 0x01cdef0785c37b78 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\Flash11e.ocx Berichtskennung:
a4295bef-5bbd-11e2-91bb-9439e5a8b582
Error - 12.01.2013 04:24:14 | Computer Name = Zuhause | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
DownloadLatest Failed:
Error - 13.01.2013 12:55:22 | Computer Name = Zuhause | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.
Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.
Error - 17.01.2013 14:22:40 | Computer Name = Zuhause | Source = WinMgmt | ID = 10
Description =
Error - 29.01.2013 10:20:42 | Computer Name = Zuhause | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.
Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.
Error - 29.01.2013 10:26:44 | Computer Name = Zuhause | Source = Application Error | ID = 1000
Error encountered while reading event logs.
< End of report >
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh "{00B03993-F5A1-47B1-9C54-EC8FBDDDE17E}" = VAIO Care "{0125DB4D-98A0-4DBF-B68A-23BF08FFA6A3}" = Windows Live Messenger "{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh "{046885A1-B4AE-4459-A0D1-8C93706698D6}" = "{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack "{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common "{07441A52-E208-478A-92B7-5C337CA8C131}" = VAIO - Remote Play mit PlayStation®3 "{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}" = VAIO Smart Network "{08D7BC86-7358-464C-8AD0-0D84B5F0A0C9}" = Remote Keyboard "{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack "{09B7C7EB-3140-4B5E-842F-9C79A7137139}" = Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger "{0A9256E0-C924-46DE-921B-F6C4548A1C64}" = Windows Live Messenger "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack "{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti "{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live "{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail "{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh "{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh "{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer "{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar "{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker "{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources "{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common "{17835B63-8308-427F-8CF5-D76E0D5FE457}" = Windows Live Essentials "{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima "{1B0545C4-620F-4661-A369-C4D113F24932}" = Windows Live Writer Resources "{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack "{2303F9E7-6293-4A85-BC21-CA226FAD5CE4}" = Windows Live Mail "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{241E7104-937A-4366-AD57-8FDDDB003939}" = Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi "{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack "{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail "{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer "{260E3D78-94E6-47EC-8E29-46301572BB1E}" = Control ActiveX Windows Live Mesh pentru conexiuni la distanță "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22 "{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources "{270380EB-8812-42E1-8289-53700DB840D2}" = PMB VAIO Edition Plug-in "{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials "{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger "{2BA5FD10-653F-4CAF-9CCD-F685082A1DC1}" = Windows Live Writer "{2C09B3BC-47CF-49B7-8EC6-7F12C72D252F}" = NVIDIA PhysX "{2C7E8AA1-9C03-4606-BF34-5D99D07964DA}" = Windows Live Messenger "{2C8FBAB0-4564-47B8-AC4B-9C7401B94BF2}" = Основи Windows Live "{2D3E034E-F76B-410A-A169-55755D2637BB}" = Windows Live Mesh "{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources "{303143DD-1F6D-4BC5-9342-FFC2E19B2DBD}" = Windows Live Messenger "{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live "{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in "{34C4F5AF-D757-4E6A-ABCA-65AB5A50A1A8}" = Windows Live Messenger "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}" = VAIO Care "{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common "{376D59B1-42D9-4FA2-B6CC-E346B6BE14F5}" = ActiveX-kontroll för fjärranslutningar för Windows Live Mesh "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{39BDD209-5704-480C-9F4A-B69D0370DDBB}" = Windows Live Messenger "{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh "{3A26D9BD-0F73-432D-B522-2BA18138F7EF}" = VAIO Improvement "{3A94F54D-A8A4-4B82-B346-92B4D56A2708}" = VESx86 "{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer "{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh "{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack "{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer "{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery "{4444F27C-B1A8-464E-9486-4C37BAB39A09}" = Фотогалерия на Windows Live "{458F399F-62AC-4747-99F5-499BBF073D29}" = Windows Live Writer Resources "{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR "{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials "{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer "{4C378B16-46B7-4DA1-A2CE-2EE676F74680}" = Windows Live UX Platform Language Pack "{4CF6F287-5121-483C-A5A2-07BDE19D8B4E}" = Windows Live Meshin etäyhteyksien ActiveX-komponentti "{50300123-F8FC-4B50-B449-E847D04F1BA2}" = Windows Live Messenger "{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack "{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack "{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources "{547C9EB4-4CA6-402F-9D1B-8BD30DC71E44}" = VAIO Sample Contents "{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance "{57220148-3B2B-412A-A2E0-82B9DF423696}" = Windows Live Mesh ActiveX-objekt til fjernforbindelser "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool "{5A92468F-3ED8-4F96-A9E1-4F176C80EC29}" = VAIO Quick Web Access "{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri "{5D2E7BD7-4B6F-4086-BA8A-E88484750624}" = Windows Live Writer Resources "{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = VAIO-Support für Übertragungen "{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack "{5FA51AAF-23FE-42F4-A724-D79F85F41D4B}" = Remote Play with PlayStation 3 "{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger "{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker "{61438020-DDD4-42FA-99A2-50225441980A}" = ArcSoft Magic-i Visual Effects 2 "{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources "{63C43435-F428-42BA-8E7B-5848749D9262}" = SSLx86 "{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail "{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker "{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live "{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials "{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{66081CDD-C1FE-415F-BB3A-F2622BA27461}" = PMB VAIO Edition Guide "{6756D5CA-3E31-4308-9BF0-79DFD1AF196E}" = Елемент керування Windows Live Mesh ActiveX для віддалених підключень "{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6986737B-F286-40D1-87AF-938339DCF6AB}" = Windows Live Messenger "{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources "{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack "{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger "{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh "{6AC57EEF-2733-4DE6-81BB-E78ACB964C22}" = Windows Live Photo Common "{6D30E864-46AE-435B-8230-8B5D42B4AE37}" = Windows Live Messenger "{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker "{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}" = Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz "{6EE9F44A-B8C7-4CDB-B2A9-441AF2AE315A}" = Windows Live Messenger "{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker "{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common "{70991E0A-1108-437E-BA7D-085702C670C0}" = "{70EED410-697B-4193-A2CB-2F790F82B420}" = VAIO Data Restore Tool "{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer "{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh "{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center "{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár "{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources "{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}" = Windows Live Movie Maker "{7396FB15-9AB4-4B78-BDD8-24A9C15D2C65}" = VAIO - Remote-Tastatur "{73D8886A-D416-4687-B609-0D3836BA410C}" = VAIO Event Service "{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common "{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker "{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh "{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack "{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live "{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common "{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live "{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common "{7AF8E500-B349-4A77-8265-9854E9A47925}" = Windows Live Movie Maker "{7C80D30A-AC02-4E3F-B95D-29F0E4FF937B}" = VAIO Easy Connect "{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources "{7D0DE76C-874E-4BDE-A204-F4240160693E}" = Windows Live Photo Common "{7D916FA5-DAE9-4A25-B089-655C70EAF607}" = Atheros WiFi Driver Installation "{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer "{7F6021AE-E688-4D03-843A-C2260482BA0D}" = Windows Live Messenger "{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources "{80651674-74AA-4155-AF2D-1339E628D187}" = Windows Live Movie Maker "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger "{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh "{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials "{82803FF3-563F-414F-A403-8D4C167D4120}" = Windows Live Mail "{82F09B1C-F602-4552-9C40-5BD5F8EAF750}" = "{8356CB97-A48F-44CB-837A-A12838DC4669}" = PMB VAIO Edition Plug-in "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh "{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common "{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common "{855DDD3C-131E-42A8-BCBD-F9581F80CACB}" = "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger "{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery "{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu "{8B583EF5-FA7B-4AE2-9008-51B7FD505886}" = VGClientX86 "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch "{91BD94FE-ADCA-49CC-BE96-97D4BBC36FAF}" = Windows Live Mesh "{92280FD3-A119-41E6-A740-A62DBA4DFB53}" = Windows Live UX Platform Language Pack "{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer "{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B088046-8A01-4355-99DD-8530C022F682}" = VCCx86 "{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D12A8B5-9D41-4465-BF11-70719EB0CD02}" = VU5x86 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail "{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}" = VAIO Update "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A7C30414-2382-4086-B0D6-01A88ABA21C3}" = VAIO Gate "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources "{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X MUI "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh "{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail "{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common "{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}" = Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych "{B0AD205F-60D0-4084-AFB8-34D9A706D9A8}" = Windows Live Essentials "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B3BA4D1C-23EF-4859-9C11-1B2CCB7FADBB}" = ActiveX контрола на Windows Live Mesh за отдалечени връзки "{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials "{B6190387-0036-4BEB-8D74-A0AFC5F14706}" = Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená připojení "{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live "{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB "{B7546697-2A80-4256-A24B-1C33163F535B}" = VAIO Gate Default "{B8991D99-88FD-41F2-8C32-DB70278D5C30}" = VWSTx86 "{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287 "{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}" = Элемент управления Windows Live Mesh ActiveX для удаленных подключений "{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common "{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi "{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker "{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh "{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live "{C08D5964-C42F-48EE-A893-2396F9562A7C}" = Windows Live Mesh "{C115A674-A398-49E5-9C6E-C0A541D3EA10}" = Фотоколекція Windows Live "{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader "{C1C9D199-B4DD-4895-92DD-9A726A2FE341}" = Windows Live Writer "{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C2FD7DB5-FE30-49B6-8A2F-C5652E053C31}" = Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia "{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen "{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}" = VAIO-Handbuch "{C72E35E5-C5C6-4328-AD9A-BBCCC816A2E6}" = VAIO Hardware Diagnostics "{C793AD32-2BB8-4CC4-ABD3-A1469C21593C}" = ArcSoft WebCam Companion 4 "{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail "{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common "{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live "{CB66242D-12B1-4494-82D2-6F53A7E024A3}" = Galerie foto Windows Live "{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker "{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker "{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common "{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery "{D07B1FDA-876B-4914-9E9A-309732B6D44F}" = Windows Live Mail "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D17C2A58-E0EA-4DD7-A2D6-C448FD25B6F6}" = VIx86 "{D2D23D08-D10E-43D6-883C-78E0B2AC9CC6}" = VU5x86 "{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D57A002F-2B34-4E7B-A58B-0A4FBDA2E93F}" = Windows Live Messenger "{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail "{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack "{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer "{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker "{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker "{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer "{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas "{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer "{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack "{E6725026-A650-449C-897B-D6B7A5EEA058}" = Adobe Flash Player 10 Plugin "{E7688C7D-DE09-4D43-9785-534EDE9BC18E}" = Windows Live Messenger "{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live "{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer "{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials "{F28C98E9-BAC1-41FF-81F2-8885925CCB48}" = Windows Live Writer "{F4BEA6C1-AAC3-4810-AAEA-588E26E0F237}" = Windows Live UX Platform Language Pack "{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις "{F694D1F7-1F12-4550-9B7A-C871273ABAD5}" = Windows Live Messenger "{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail "{FA870BF1-44A1-4B7D-93E1-C101369AF0C1}" = VAIO - Media Gallery "{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker "{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie "{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials "{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials "{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker "Adobe AIR" = Adobe AIR "Avira AntiVir Desktop" = Avira Free Antivirus "InstallShield_{270380EB-8812-42E1-8289-53700DB840D2}" = VAIO - PMB VAIO Edition Plug-in "InstallShield_{66081CDD-C1FE-415F-BB3A-F2622BA27461}" = VAIO - PMB VAIO Edition Guide "InstallShield_{7C80D30A-AC02-4E3F-B95D-29F0E4FF937B}" = VAIO Easy Connect "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Office14.Click2Run" = Microsoft Office Klick-und-Los 2010 "splashtop" = VAIO Quick Web Access "TMM60" = TeLL me More "VAIO Help and Support" = "VAIO Hero Screensaver - Summer 2011 Screensaver" = VAIO Hero Screensaver - Summer 2011 Screensaver "WinLiveSuite" = Windows Live Essentials ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 07.01.2013 12:03:26 | Computer Name = Zuhause | Source = SampleCollector | ID = 131331 Description = init_sstates_file:CreateFile:Prev_SState: Failed with error 0x20: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. Error - 10.01.2013 03:19:59 | Computer Name = Zuhause | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: VAIO Gate.exe, Version: 2.4.2.2200, Zeitstempel: 0x4f425c29 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec4aa8e Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000071bc ID des fehlerhaften Prozesses: 0xe2c Startzeit der fehlerhaften Anwendung: 0x01cde08317e701b6 Pfad der fehlerhaften Anwendung: C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 23e94c42-5af6-11e2-bd11-9439e5a8b582 Error - 10.01.2013 03:52:24 | Computer Name = Zuhause | Source = WinMgmt | ID = 10 Description = Error - 10.01.2013 10:37:20 | Computer Name = Zuhause | Source = Application Hang | ID = 1002 Description = Programm iexplore.exe, Version 9.0.8112.16457 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1054 Startzeit: 01cdef078454e78e Endzeit: 47 Anwendungspfad: C:\Program Files (x86)\Internet Explorer\iexplore.exe Berichts-ID: Error - 11.01.2013 03:08:04 | Computer Name = Zuhause | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16457, Zeitstempel: 0x50a2f9e3 Name des fehlerhaften Moduls: Flash11e.ocx, Version: 11.1.102.55, Zeitstempel: 0x4eaf89fc Ausnahmecode: 0xc0000005 Fehleroffset: 0x00154ff6 ID des fehlerhaften Prozesses: 0x128c Startzeit der fehlerhaften Anwendung: 0x01cdef0785c37b78 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\Flash11e.ocx Berichtskennung: a4295bef-5bbd-11e2-91bb-9439e5a8b582 Error - 12.01.2013 04:24:14 | Computer Name = Zuhause | Source = CVHSVC | ID = 100 Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Error - 13.01.2013 12:55:22 | Computer Name = Zuhause | Source = CVHSVC | ID = 100 Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar. Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt. Error - 17.01.2013 14:22:40 | Computer Name = Zuhause | Source = WinMgmt | ID = 10 Description = Error - 29.01.2013 10:20:42 | Computer Name = Zuhause | Source = CVHSVC | ID = 100 Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar. Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt. Error - 29.01.2013 10:26:44 | Computer Name = Zuhause | Source = Application Error | ID = 1000 Error encountered while reading event logs. < End of report > Hi lieber Matthias, wie sieht das jetzt aus? Ich hatte vorhin kein Problem mit dem Internet gehabt. Ich könnte alle Seiten aufmachen. Es geht aber jetzt nur Trojaner-board und nicht mal mein mail in yahoo und Web.de oder Facebook . Was mache ich nun? Ich warte auf Deine Anweisungen ;-) Danke Gruß Zaria |
|
17.04.2013, 18:07
| #9 |
| /// TB-Ausbilder | TR/PSW.Zbot.AM987 Servus, Wir entfernen ein paar Reste und kontrollieren nochmal alles. Anschließend kümmern wir uns um die Internetverbindung. Hast du das beschriebene Problem nach dem Ausführen der folgenden Schritte immer noch? Schritt 1 Fixen mit OTL
Code:
ATTFilter :files
C:\Users\paria\AppData\Roaming\Doteil
C:\Users\paria\AppData\Roaming\Opzy
C:\Users\paria\AppData\Roaming\Evopjo
C:\Users\paria\AppData\Roaming\Zeywep
:reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"TCP Query User{395ECCEC-7AD1-472D-9B02-6E62F84B4B1E}C:\users\paria\appdata\roaming\zeywep\etmod.exe"=-
"TCP Query User{535EE812-B110-4725-BE5A-FD8AC8CFE3E3}C:\users\paria\appdata\roaming\evopjo\fygeo.exe"=-
"UDP Query User{0DFFA166-278F-4762-BE9F-705F86AB54FF}C:\users\paria\appdata\roaming\evopjo\fygeo.exe"=-
"UDP Query User{D8BC2BA4-BE04-480B-9804-984BD8A5365D}C:\users\paria\appdata\roaming\zeywep\etmod.exe"=-
:Commands
[emptytemp]
Schritt 2 Downloade Dir bitte  Malwarebytes Anti-Malware
Schritt 3 ESET Online Scanner
Schritt 4 Downloade Dir bitte  SecurityCheck und:
Schritt 5 Downloade dir bitte  Farbar Service Scanner
Poste bitte den Inhalt hier. Bitte poste mit deiner nächsten Antwort
|
|
17.04.2013, 21:42
| #10 |
| | TR/PSW.Zbot.AM987 Grüß Dich, All processes killed ========== FILES ========== C:\Users\paria\AppData\Roaming\Doteil folder moved successfully. File\Folder C:\Users\paria\AppData\Roaming\Opzy not found. C:\Users\paria\AppData\Roaming\Evopjo folder moved successfully. C:\Users\paria\AppData\Roaming\Zeywep folder moved successfully. ========== REGISTRY ========== Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{395ECCEC-7AD1-472D-9B02-6E62F84B4B1E}C:\users\paria\appdata\roaming\zeywep\etmod.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{535EE812-B110-4725-BE5A-FD8AC8CFE3E3}C:\users\paria\appdata\roaming\evopjo\fygeo.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{0DFFA166-278F-4762-BE9F-705F86AB54FF}C:\users\paria\appdata\roaming\evopjo\fygeo.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{D8BC2BA4-BE04-480B-9804-984BD8A5365D}C:\users\paria\appdata\roaming\zeywep\etmod.exe deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 56502 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: paria ->Temp folder emptied: 83897 bytes ->Temporary Internet Files folder emptied: 812524006 bytes ->Java cache emptied: 3176200 bytes ->Flash cache emptied: 261932 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 3906 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 164958 bytes RecycleBin emptied: 292294 bytes Total Files Cleaned = 779,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 04172013_222454 Files\Folders moved on Reboot... File move failed. C:\Users\paria\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot. File\Folder C:\Users\paria\AppData\Local\Temp\~DF275B875D7D26465E.TMP not found! File\Folder C:\Users\paria\AppData\Local\Temp\~DF4C92187196B87B29.TMP not found! File\Folder C:\Users\paria\AppData\Local\Temp\~DF65F017E156977C1E.TMP not found! File\Folder C:\Users\paria\AppData\Local\Temp\~DF76647EC2D69C7624.TMP not found! File move failed. C:\Users\paria\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot. PendingFileRenameOperations files... Registry entries deleted on Reboot... LG Zaria Hallo, es ist ärgerlich, dass ich nicht Malwarebytes Anti-Malware 1.75 installieren kann. Download seite öffnet sich blank und bleibt nur in weiß. Nur erste Seite wo Download steht wird aufgemacht und 2. Fenster ist immer leer. Was nun??? :-'( Gruß |
|
18.04.2013, 10:01
| #11 |
| /// TB-Ausbilder | TR/PSW.Zbot.AM987 Servus, download und installiere dir: Internet Explorer 10 für Windows 7 64 Bit Wenn es nicht klappt, lade dir das Installationspaket von einem sauberen Rechner auf einen USB-Stick und von dort auf den Rechner. Berichte, ob nach der Installation der Internet Explorer wieder funktioniert. |
|
20.04.2013, 10:35
| #12 |
| | TR/PSW.Zbot.AM987 Hallo, ich muss einen sauberen Rechner finden, weil es hier nicht geklappt hat.( klick auf dem Link= leere Seite) Eine Frage: Muss ich nicht für IE10 Windows 8 haben, oder geht das auf Windows 7 auch? Danke bis hoffentlich möglichst morgen LG Zaria Geändert von Zaria (20.04.2013 um 10:41 Uhr) |
|
20.04.2013, 11:40
| #13 | |
| /// TB-Ausbilder | TR/PSW.Zbot.AM987Zitat:
Ich warte auf deine Rückmeldung. |
|
20.04.2013, 12:18
| #14 |
| | TR/PSW.Zbot.AM987 Hi lieber Matthias, ich habe schon IE 10 auf dem Laptop und es ist ein Hacken beim automatischen Update(Extras__Info). Es funktioniert immer noch nicht wie vorher ein Sprung von der erste Seite auf neue Seite. Was soll ich jetzt machen??? LG Zaria |
|
20.04.2013, 12:42
| #15 |
| /// TB-Ausbilder | TR/PSW.Zbot.AM987 Servus, Bitte lade dir ZOEK auf deinen Desktop und starte es.
|
|
| Themen zu TR/PSW.Zbot.AM987 |
| antivir, autorun, avira, bildschirm, bingbar, ebanking, firefox, flash player, format, google, home, homepage, iexplore.exe, install.exe, limited.com/facebook, microsoft office starter 2010, ntdll.dll, plug-in, realtek, recycle.bin, registry, security, tr/agent.fqv, tr/psw.zbot.am.987, tr/psw.zbot.am987, tr/sirefef.ah, trojan.siredef.c, updates, windows, wlan |
Textbox.
Linear-Darstellung
