Trojaner-Board
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Internet ist seit Wochen sehr langsam - Mcafee Virenscanner Abo wurde nicht verlängert (https://www.trojaner-board.de/136841-internet-seit-wochen-sehr-langsam-mcafee-virenscanner-abo-wurde-verlaengert.html)

rambo123 18.06.2013 22:48
Internet ist seit Wochen sehr langsam - Mcafee Virenscanner Abo wurde nicht verlängert
 
Ich hoffe, dass mir jemand weiterhelfen kann, da ich mich mit solchen Sachen kaum auskenne.
Ich bin mir ziemlich sicher, dass ich mir einen Virus oder Trojaner eingefangen habe, aber was kann ich tun, damit mein Laptop wieder normal funktioniert ?

aharonov 18.06.2013 22:51
Hallo,

Zitat:
aber was kann ich tun, damit mein Laptop wieder normal funktioniert ?
Dafür müssen wir zuerst einmal wissen, was überhaupt drauf ist..
Wenn du deinen Rechner nach Malware untersuchen lassen willst, dann arbeite bitte diese Anleitung ab und poste die entsprechenden Logfiles.

rambo123 18.06.2013 23:58
Code:
OTL logfile created on: 19.06.2013 00:24:02 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\*****\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,60 Gb Total Physical Memory | 1,50 Gb Available Physical Memory | 41,67% Memory free
14,41 Gb Paging File | 2,67 Gb Available in Paging File | 18,50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 449,84 Gb Total Space | 372,27 Gb Free Space | 82,76% Space Free | Partition Type: NTFS
 
Computer Name: **** | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\*****\Downloads\OTL (1).exe (OldTimer Tools)
PRC - C:\Users\*****\AppData\Roaming\KB00262145.exe ()
PRC - C:\Users\*****\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Users\*****\AppData\Roaming\Yontoo\YontooDesktop.exe (Yontoo LLC)
PRC - C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe (Microsoft)
PRC - C:\Programme\IB Updater\ExtensionUpdaterService.exe ()
PRC - C:\Windows\SysWOW64\jmdp\stij.exe ()
PRC - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\agcp.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Common Files\Umbrella\Umbrella.exe (Iminent)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\MDCrashReportTool.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Iminent\Iminent.Messengers.exe (Iminent)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros)
PRC - c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MMLoadDrv.exe (Advanced Micro Devices, Inc.)
PRC - c:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Sony Corporation)
PRC - C:\Programme\Sony\VAIO Care\VCService.exe (Sony Corporation)
PRC - C:\Programme\Sony\VAIO Care\listener.exe (Sony of America Corporation)
PRC - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
PRC - C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe (Microsoft Corporation)
PRC - C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\*****\AppData\Roaming\Yontoo\dat\Desktop.OS.Plugin.dll ()
MOD - C:\Users\*****\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.225\pepflashplayer.dll ()
MOD - C:\Users\*****\AppData\Roaming\KB00262145.exe ()
MOD - C:\Users\*****\AppData\Roaming\Yontoo\dat\sqlite3.DLL ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\libegl.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\ffmpegsumo.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\6ff6bd832b03b5d6ea275ba9bee2d3ef\System.IdentityModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\be692307d47b83000bba8bb6b484aff0\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\019ed4a55ecc7d1f5b933c27970dce9b\System.Runtime.DurableInstancing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\2609614ca03927f7a99418c74844059b\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f878765b06a1d56b04f4bd23a9c60985\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\233661f3a2b632e9553915c8639637d0\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\2f9e0112e10f9e70d3430d0be9863976\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\153143f74d840484b510d8cf5187796b\System.Windows.Forms.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\12630df9abc4ebf7ff67de989b8e8123\System.Configuration.Install.ni.dll ()
MOD - C:\Windows\SysWOW64\jmdp\stij.exe ()
MOD - C:\Windows\SysWOW64\jmdp\lmrn.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\ef7642a4f2724135d445e2ea36582e78\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll ()
MOD - C:\Windows\SysWOW64\jmdp\sqlite3.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (IBUpdaterService) -- C:\Windows\SysNative\dmwu.exe ()
SRV:64bit: - (mfevtp) -- C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.)
SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV:64bit: - (MSK80Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McOobeSv) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McAfee SiteAdvisor Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AMD FUEL Service) -- c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (SampleCollector) -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe (Sony Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (IB Updater) -- C:\Programme\IB Updater\ExtensionUpdaterService.exe ()
SRV - (SProtection) -- C:\Program Files (x86)\Common Files\Umbrella\Umbrella.exe (Iminent)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (McODS) -- C:\Programme\McAfee\virusscan\mcods.exe (McAfee, Inc.)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (VAIO Event Service) -- C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe (Sony Corporation)
SRV - (ZAtheros Bt&Wlan Coex Agent) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros)
SRV - (AtherosSvc) -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe (Atheros Commnucations)
SRV - (VSNService) -- C:\Programme\Sony\VAIO Smart Network\VSNService.exe (Sony Corporation)
SRV - (DCDhcpService) -- C:\Programme\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe (Atheros Communication Inc.)
SRV - (IconMan_R) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.)
SRV - (PMBDeviceInfoProvider) -- c:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe (Sony Corporation)
SRV - (VCService) -- C:\Programme\Sony\VAIO Care\VCService.exe (Sony Corporation)
SRV - (VUAgent) -- C:\Programme\Sony\VAIO Update Common\VUAgent.exe (Sony Corporation)
SRV - (VAIO Power Management) -- C:\Programme\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)
SRV - (SOHDs) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation)
SRV - (SOHCImp) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation)
SRV - (VCFw) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
SRV - (VcmINSMgr) -- C:\Programme\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe (Sony Corporation)
SRV - (VcmIAlzMgr) -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
SRV - (SpfService) -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe (Sony Corporation)
SRV - (VcmXmlIfHelper) -- C:\Programme\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe (Sony Corporation)
SRV - (MOBK649backup) -- C:\Program Files (x86)\McAfee Online Backup\MOBK649backup.exe (McAfee, Inc.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (uCamMonitor) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
SRV - (McAWFwk) -- c:\Programme\McAfee\MSC\McAWFwk.exe (McAfee, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose64) -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.)
DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.)
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (HipShieldK) -- C:\Windows\SysNative\drivers\HipShieldK.sys (McAfee, Inc.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (amdxhc) -- C:\Windows\SysNative\drivers\amdxhc.sys (Advanced Micro Devices, INC.)
DRV:64bit: - (amdhub30) -- C:\Windows\SysNative\drivers\amdhub30.sys (Advanced Micro Devices, INC.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (SmbDrv) -- C:\Windows\SysNative\drivers\Smb_driver.sys (Synaptics Incorporated)
DRV:64bit: - (lehidmini) -- C:\Windows\SysNative\drivers\leath_hid.sys (Atheros)
DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros)
DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\drivers\btath_rcp.sys (Atheros)
DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\drivers\btath_lwflt.sys (Atheros)
DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\drivers\btath_hcrp.sys (Atheros)
DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\drivers\btath_flt.sys (Atheros)
DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\drivers\btath_bus.sys (Atheros)
DRV:64bit: - (btath_avdt) -- C:\Windows\SysNative\drivers\btath_avdt.sys (Atheros)
DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\drivers\btath_a2dp.sys (Atheros)
DRV:64bit: - (ATHDFU) -- C:\Windows\SysNative\drivers\AthDfu.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices)
DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices)
DRV:64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\drivers\RtsPStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (SFEP) -- C:\Windows\SysNative\drivers\SFEP.sys (Sony Corporation)
DRV:64bit: - (MOBK649Filter) -- C:\Windows\SysNative\drivers\MOBK649.sys (Mozy, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (e1yexpress) -- C:\Windows\SysNative\drivers\e1y60x64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (ArcSoftKsUFilter) -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
DRV:64bit: - (KMWDFILTER) -- C:\Windows\SysNative\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3754061674-2540918322-2663123439-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://vaioportal.sony.eu
IE - HKU\S-1-5-21-3754061674-2540918322-2663123439-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://sony.msn.com [binary data]
IE - HKU\S-1-5-21-3754061674-2540918322-2663123439-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://sony.msn.com [binary data]
IE - HKU\S-1-5-21-3754061674-2540918322-2663123439-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://mystart.incredibar.com/mb201?a=6PQWmVIlnT&i=26
IE - HKU\S-1-5-21-3754061674-2540918322-2663123439-1002\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-3754061674-2540918322-2663123439-1002\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
IE - HKU\S-1-5-21-3754061674-2540918322-2663123439-1002\..\SearchScopes\{CFAE870E-EB2E-4455-96C0-4CE78E858158}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-16609-27/4?mpre=hxxp://shop.ebay.de/?oemInLn=ieSrch-Q212&_nkw={searchTerms}
IE - HKU\S-1-5-21-3754061674-2540918322-2663123439-1002\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb201/?search={searchTerms}&loc=IB_DS&a=6PQWmVIlnT&i=26
IE - HKU\S-1-5-21-3754061674-2540918322-2663123439-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3754061674-2540918322-2663123439-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Funmoods"
FF - prefs.js..browser.search.selectedEngine: "Funmoods"
FF - prefs.js..browser.startup.homepage: "hxxp://searchfunmoods.com/?f=1&a=nv2&cd=2XzuyEtN2Y1L1Qzu0AyCyE0B0FyD0C0FtB0B0F0FzytCtDtCtN0D0Tzu0CyEyBzztN1L2XzutBtFtBtFtCtFyDyByBtN1L1Czu1G2XtB&cr=1288961602&ir="
FF - prefs.js..extensions.enabledAddons: %7B5ebdca98-43b3-45bb-87e0-716029fb42ab%7D:6.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\*****\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX [2013.03.06 13:00:04 | 000,000,000 | ---D | M]
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\PROGRAM FILES\IB UPDATER\FIREFOX [2013.03.06 13:00:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012.12.18 20:01:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2013.01.31 12:59:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\IB Updater\Firefox [2013.03.06 13:00:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\Program Files\IB Updater\Firefox [2013.03.06 13:00:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.14 18:14:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2012.12.19 11:07:52 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.14 18:14:06 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013.03.28 10:16:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Extensions
[2013.05.12 15:49:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\zzchadsu.default\extensions
[2013.04.23 00:28:59 | 000,000,000 | ---D | M] ("Nuova scheda") -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\zzchadsu.default\extensions\{5ebdca98-43b3-45bb-87e0-716029fb42ab}
[2013.05.12 15:49:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\zzchadsu.default\extensions\staged
[2013.04.29 16:18:07 | 000,224,945 | ---- | M] () (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\zzchadsu.default\extensions\gophoto@gophoto.it.xpi
[2013.04.17 15:50:46 | 000,201,930 | ---- | M] () (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\zzchadsu.default\extensions\hdvc@hdvc.com.xpi
[2013.05.12 15:49:18 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\zzchadsu.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.04.26 20:17:45 | 000,002,351 | ---- | M] () -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\zzchadsu.default\searchplugins\Funmoods.xml
[2013.04.12 07:43:43 | 000,002,120 | ---- | M] () -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\zzchadsu.default\searchplugins\MyStart Search.xml
[2013.04.14 18:13:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
File not found (No name found) -- C:\USERS\ESRA KüCüKVARUZAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZZCHADSU.DEFAULT\EXTENSIONS\{5EBDCA98-43B3-45BB-87E0-716029FB42AB}
[2013.04.14 18:14:06 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013.03.07 17:45:15 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.03.07 17:45:15 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.03.07 17:45:15 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.03.07 17:45:15 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.03.07 17:45:15 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.03.07 17:45:15 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\pdf.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Esra K\u00FCc\u00FCkvaruzan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\McChPlg.dll
CHR - plugin: Java Deployment Toolkit 7.0.10.8 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 7 U1 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Enabled) = c:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - plugin: Media Go Detector (Enabled) = C:\Program Files (x86)\Sony\Media Go\npmediago.dll
CHR - plugin: PlayStation(R)Network Downloader Check Plug-in (Enabled) = C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_222.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
CHR - Extension: TelevisionFanatic = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\agaihojkldnbljibbboiphnefbpnpohg\4.94.1.37999_0\
CHR - Extension: Google Drive = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: IB Updater = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.557_0\
CHR - Extension: SiteAdvisor = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.60.126.1_0\
CHR - Extension: Iminent = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\6.21.4.1_0\
CHR - Extension: SweetIM for Facebook = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.2.0.0_0\
CHR - Extension: HDvid Codec = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpkbnefaikfaeadgidhpoanckoiaheli\2.0_0\
CHR - Extension: Yontoo = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.3_0\
CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\
CHR - Extension: GoPhoto.it = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk\1.5_0\
CHR - Extension: Google Mail = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: TelevisionFanatic = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\agaihojkldnbljibbboiphnefbpnpohg\4.94.1.37999_0\
CHR - Extension: Google Drive = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: IB Updater = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.557_0\
CHR - Extension: SiteAdvisor = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.60.126.1_0\
CHR - Extension: Iminent = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\6.21.4.1_0\
CHR - Extension: SweetIM for Facebook = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.2.0.0_0\
CHR - Extension: HDvid Codec = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpkbnefaikfaeadgidhpoanckoiaheli\2.0_0\
CHR - Extension: Yontoo = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.3_0\
CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\
CHR - Extension: GoPhoto.it = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk\1.5_0\
CHR - Extension: Google Mail = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (IB Updater) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\IB Updater\Extension64.dll ()
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\McAfee\systemcore\ScriptSn.20120510062228.dll (McAfee, Inc.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (IB Updater) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\IB Updater\Extension32.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120510062228.dll (McAfee, Inc.)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll (Iminent)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4:64bit: - HKLM..\Run: [McAfeeWrapperApplication] C:\Program Files (x86)\McAfeeMOBK\WrapperTrayIcon.exe (McAfee, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Iminent] C:\Program Files (x86)\Iminent\Iminent.exe (Iminent)
O4 - HKLM..\Run: [IminentMessenger] C:\Program Files (x86)\Iminent\Iminent.Messengers.exe (Iminent)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PMBVolumeWatcher] c:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3754061674-2540918322-2663123439-1002..\Run: [Facebook Update] C:\Users\*****\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-3754061674-2540918322-2663123439-1002..\Run: [KB00262145.exe] C:\Users\*****\AppData\Roaming\KB00262145.exe ()
O4 - HKU\S-1-5-21-3754061674-2540918322-2663123439-1002..\Run: [monlt] C:\Users\*****\AppData\Roaming\monlt.exe ()
O4 - HKU\S-1-5-21-3754061674-2540918322-2663123439-1002..\Run: [SkyDrive] C:\Users\*****\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3754061674-2540918322-2663123439-1002..\Run: [uwoupnhn] C:\Users\*****\AppData\Local\Temp\Alelelelel\mfdfbupnhn.exe (CJSC "Computing Forces")
O4 - HKU\S-1-5-21-3754061674-2540918322-2663123439-1002..\Run: [xybxmkjk] C:\Users\*****\Lhnhnhnhnh\idppbmkjk.exe (Bloodshed Software)
O4 - HKU\S-1-5-21-3754061674-2540918322-2663123439-1002..\Run: [Yontoo Desktop] C:\Users\*****\AppData\Roaming\Yontoo\YontooDesktop.exe (Yontoo LLC)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-3754061674-2540918322-2663123439-1002..\RunOnce: [Uninstall C:\Users\*****\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\*****\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910" File not found
O4 - HKU\S-1-5-21-3754061674-2540918322-2663123439-1002..\RunOnce: [Uninstall C:\Users\*****\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\*****\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64" File not found
O4 - HKU\S-1-5-21-3754061674-2540918322-2663123439-1002..\RunOnce: [Uninstall C:\Users\*****\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\*****\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112" File not found
O4 - HKU\S-1-5-21-3754061674-2540918322-2663123439-1002..\RunOnce: [Uninstall C:\Users\*****\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\*****\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64" File not found
O4 - HKU\S-1-5-21-3754061674-2540918322-2663123439-1002..\RunOnce: [Uninstall C:\Users\*****\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\*****\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314" File not found
O4 - HKU\S-1-5-21-3754061674-2540918322-2663123439-1002..\RunOnce: [Uninstall C:\Users\*****\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\*****\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64" File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\*****\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\*****\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{01A9B807-333C-40A4-980F-BF4E52C9E206}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A68420D3-4D4D-44BC-AF72-0423C75A7E81}: DhcpNameServer = 172.16.16.19
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Programme\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{16723f69-696a-11e2-97ba-844bf5cf2c00}\Shell - "" = AutoRun
O33 - MountPoints2\{16723f69-696a-11e2-97ba-844bf5cf2c00}\Shell\AutoRun\command - "" = E:\ZTE_Handset_USB_Driver.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.18 23:30:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2013.06.18 18:46:59 | 000,000,000 | R--D | C] -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2013.06.18 13:42:36 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Sony
[2013.06.17 23:17:47 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Apple Computer
[2013.06.17 23:17:47 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Apple Computer
[2013.06.17 23:17:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.06.17 23:17:28 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2013.06.17 23:16:29 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.06.17 23:16:27 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.06.17 23:16:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013.06.17 23:16:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2013.06.17 23:16:27 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013.06.17 23:13:59 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Apple
[2013.06.17 23:13:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2013.06.17 23:12:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2013.06.17 23:12:02 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2013.06.17 23:12:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2013.06.17 23:11:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2013.06.17 23:11:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2013.06.17 22:57:36 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CopyTrans Suite
[2013.06.17 22:55:45 | 000,000,000 | ---D | C] -- C:\ProgramData\WindSolutions
[2013.06.16 10:57:33 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.06.16 10:57:33 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.06.16 10:57:33 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.06.16 10:57:32 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.06.16 10:57:32 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.06.16 10:57:32 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.06.16 10:57:32 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.06.16 10:57:32 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.06.16 10:57:32 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.06.16 10:57:30 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.06.16 10:57:29 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.06.16 10:57:29 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.06.16 10:57:28 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.06.16 10:55:55 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.06.16 10:55:54 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.06.13 09:59:57 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013.06.13 09:59:57 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013.06.13 09:59:35 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll
[2013.06.13 09:59:34 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll
[2013.06.13 09:58:53 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013.06.13 09:58:30 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe
[2013.06.13 09:58:30 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe
[2013.06.13 09:58:29 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013.06.13 09:58:28 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2013.06.13 09:58:27 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll
[2013.06.13 09:58:26 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll
[2013.06.13 09:57:37 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013.06.13 09:57:36 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013.06.06 15:38:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.19 00:12:22 | 000,001,132 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.06.19 00:00:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.18 22:29:03 | 000,000,976 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3754061674-2540918322-2663123439-1002UA.job
[2013.06.18 22:22:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.18 19:29:04 | 000,000,954 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3754061674-2540918322-2663123439-1002Core.job
[2013.06.18 18:54:31 | 000,020,720 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.18 18:54:31 | 000,020,720 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.18 18:46:43 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.06.18 18:46:23 | 2901,434,368 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.17 23:17:30 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.06.16 23:25:03 | 000,000,211 | ---- | M] () -- C:\Users\*****\Documents\artikel nummer.rtf
[2013.06.13 09:48:24 | 000,064,000 | ---- | M] () -- C:\Users\*****\AppData\Roaming\KB00262145.exe
[2013.06.13 09:48:24 | 000,000,322 | ---- | M] () -- C:\Users\*****\AppData\Roaming\KB00262145.exe.BAT
[2013.06.12 23:43:06 | 000,000,625 | ---- | M] () -- C:\Users\*****\Documents\Krankheiten2.rtf
[2013.06.12 14:50:18 | 000,084,076 | ---- | M] () -- C:\Users\*****\AppData\Roaming\KB00262145.exe.DAT
[2013.06.12 00:00:37 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.06.12 00:00:37 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.06.10 20:40:54 | 000,168,428 | ---- | M] () -- C:\Windows\SysNative\s000000.dat
[2013.06.10 20:17:37 | 000,000,040 | ---- | M] () -- C:\Windows\SysNative\sstate_prev.sdt
[2013.06.10 20:17:34 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\sstates.sdt
[2013.06.08 16:06:58 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.06.08 13:40:02 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.06.06 15:39:06 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.06.05 11:03:00 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.06.05 11:03:00 | 000,696,870 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.06.05 11:03:00 | 000,652,148 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.06.05 11:03:00 | 000,148,134 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.06.05 11:03:00 | 000,121,080 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.06.02 14:17:29 | 000,000,550 | ---- | M] () -- C:\Users\*****\Documents\Hairfree.rtf
[2013.05.29 15:51:43 | 000,022,678 | ---- | M] () -- C:\Users\*****\Desktop\41ky9nUW2JL._SY445_.jpg
[2013.05.29 15:04:55 | 000,000,209 | ---- | M] () -- C:\Users\*****\Documents\ege.rtf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.06.17 23:17:30 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.06.17 23:13:50 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2013.06.16 23:25:02 | 000,000,211 | ---- | C] () -- C:\Users\*****\Documents\artikel nummer.rtf
[2013.06.11 23:11:40 | 000,000,625 | ---- | C] () -- C:\Users\*****\Documents\Krankheiten2.rtf
[2013.06.10 20:40:54 | 000,168,428 | ---- | C] () -- C:\Windows\SysNative\s000000.dat
[2013.06.10 20:17:34 | 000,000,040 | ---- | C] () -- C:\Windows\SysNative\sstate_prev.sdt
[2013.06.10 20:17:34 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\sstates.sdt
[2013.06.06 15:39:06 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013.06.06 15:39:06 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.06.02 14:17:29 | 000,000,550 | ---- | C] () -- C:\Users\*****\Documents\Hairfree.rtf
[2013.05.29 15:51:43 | 000,022,678 | ---- | C] () -- C:\Users\*****\Desktop\41ky9nUW2JL._SY445_.jpg
[2013.05.29 15:04:54 | 000,000,209 | ---- | C] () -- C:\Users\*****\Documents\ege.rtf
[2013.05.08 10:46:27 | 000,000,322 | ---- | C] () -- C:\Users\*****\AppData\Roaming\KB00262145.exe.BAT
[2013.05.07 16:17:24 | 000,084,076 | ---- | C] () -- C:\Users\*****\AppData\Roaming\KB00262145.exe.DAT
[2013.05.07 16:17:24 | 000,064,000 | ---- | C] () -- C:\Users\*****\AppData\Roaming\KB00262145.exe
[2013.05.01 22:37:40 | 000,021,101 | ---- | C] () -- C:\Users\*****\AppData\Local\recently-used.xbel
[2013.03.04 15:10:05 | 000,004,096 | ---- | C] () -- C:\Users\*****\Januar.jpg
[2012.05.10 07:50:32 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dll
[2012.05.10 06:15:43 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.04.16 06:22:06 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.04.16 06:22:06 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.04.16 06:22:06 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[1601.01.01 02:00:00 | 000,221,184 | ---- | C] () -- C:\Users\*****\AppData\Roaming\monlt.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.01.06 22:39:13 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\(C8-64-C7-CA-EA-7E)
[2013.06.18 20:59:06 | 000,000,000 | -H-D | M] -- C:\Users\*****\AppData\Roaming\8B515B03
[2013.01.08 20:55:35 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\dl_0
[2012.12.22 17:42:01 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\DVDVideoSoft
[2012.12.22 17:41:25 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\DVDVideoSoftIEHelpers
[2013.04.23 00:27:35 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Funmoods
[2013.01.12 13:02:39 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Iminent
[2013.03.25 13:07:11 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\MatchWare
[2013.02.09 21:53:58 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\PhotoScape
[2013.06.18 13:42:36 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Sony
[2013.06.19 00:38:31 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Yontoo
 
========== Purity Check ==========
 
 

< End of report >



Code:
OTL Extras logfile created on: 19.06.2013 00:24:02 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\*****\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,60 Gb Total Physical Memory | 1,50 Gb Available Physical Memory | 41,67% Memory free
14,41 Gb Paging File | 2,67 Gb Available in Paging File | 18,50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 449,84 Gb Total Space | 372,27 Gb Free Space | 82,76% Space Free | Partition Type: NTFS
 
Computer Name: ***** | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3754061674-2540918322-2663123439-1002\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00FC8C50-282F-4B48-996C-F40D3EB48665}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{1851E79D-7F75-4ECC-A552-C808D8E8A133}" = lport=138 | protocol=17 | dir=in | app=system |
"{1C4BE34C-0ED6-46C9-9B91-97158EB783FC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2B7073F6-DB4F-4A07-965A-E73BA8CCAB99}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{2D3E15BE-397A-485E-860D-DC2A99B3FB81}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{35B45D11-57C4-4D90-93F4-735907AAD239}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{448BDC70-4CE0-4DC9-94CD-924FEE35104A}" = lport=137 | protocol=17 | dir=in | app=system |
"{4BBAC8D7-CAC1-4EE0-8CD7-67F1A3F72C35}" = lport=10243 | protocol=6 | dir=in | app=system |
"{4F143021-503E-4B33-A546-5659F7661A2E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{627A5E4F-B97D-4EF2-90CA-71BD13611184}" = lport=3888 | protocol=17 | dir=in | app=c:\program files (x86)\sony\vaio creations\vaio movie story\vmstory.exe |
"{63654A4E-445B-4DC2-B5DB-0B64DF110E46}" = rport=138 | protocol=17 | dir=out | app=system |
"{65BDDC2C-B04D-47D0-B6ED-19C397279C66}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6D1332EA-757E-4154-B3A5-A611BC8BF1CB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{73F3E484-C1E8-4E84-BB16-B4F083841204}" = lport=3880 | protocol=6 | dir=in | app=c:\program files (x86)\sony\vaio creations\vaio movie story\vmstory.exe |
"{7C09999A-BA9C-4128-8B8A-DE4591882F4D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8090D6D9-301E-444E-9A5D-3B36F9A94FA9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{837C7DA6-BA81-4BF9-8C19-99540AFCD1E7}" = lport=80 | protocol=6 | dir=in | app=c:\program files\sony\vaio smart network\wfda\wifidirectapplication.exe |
"{866E3C05-36B6-488A-9E89-98B7355358EF}" = lport=445 | protocol=6 | dir=in | app=system |
"{88C3E7A1-C4C8-4C0B-B2B3-28B356C083C6}" = lport=139 | protocol=6 | dir=in | app=system |
"{9023D00D-33B7-495D-9E1F-F2C8E3215EF1}" = rport=10243 | protocol=6 | dir=out | app=system |
"{AB7CEE34-C0F1-4E2F-96F7-17474C445771}" = rport=445 | protocol=6 | dir=out | app=system |
"{AE2832F1-2847-4EF4-B164-263795536F5F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B2CEEEC1-0E7E-41A7-B395-A10840134CA2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B3804B2A-70ED-4B19-9C55-3985EB909FA0}" = rport=139 | protocol=6 | dir=out | app=system |
"{CB7A8940-BD24-42FC-A064-90B31E6441B9}" = lport=3888 | protocol=6 | dir=in | app=c:\program files (x86)\sony\vaio creations\vaio movie story\vmstory.exe |
"{DF3B4215-7FDA-4BA7-95AD-905B1F9BDAA5}" = rport=137 | protocol=17 | dir=out | app=system |
"{E4E2F1FA-5DF1-4B95-A59C-9C2A85B472D5}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{F7C8C1C1-0566-4987-94A1-B8B5C2743723}" = lport=53 | protocol=17 | dir=in | app=c:\program files\sony\vaio smart network\wfda\dcdhcpservice.exe |
"{FA30F165-069F-4606-9091-95780B137A54}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{081E22EE-C9A2-4E29-9CD5-777FA023C0BB}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{087B78FE-099E-48DA-850A-341210806DB4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0FA5B52F-7CC2-49B8-ABD1-3A0193C3A88B}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{10A9E9DE-1A65-4798-8CDD-A17110D0EBB4}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{1C4FB62A-A4DD-4BC9-BCF0-FDAD10730ABF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1E5048AC-7F73-4F75-B410-280AAB7AA772}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{375D9D96-3DA3-48A6-908D-45A503759279}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{42419279-EC2D-4834-87A0-39AEDCA98403}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{42B68F88-A3E0-48D2-B5D6-32CBE4072768}" = dir=in | app=c:\program files (x86)\iminent\iminent.messengers.exe |
"{432AF867-F7AE-4A33-A1DA-54FBAB165763}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{47B40895-D6E2-4B6D-AED4-AADDFE41D361}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4A629AE4-9204-4B64-9ECC-2A3924E6BD57}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4ABD3F6D-7CAB-4260-A70D-76919FF272CD}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{4C6F4F3F-7231-4560-9AC7-1B64A8CF2408}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{54DE0F7E-69A6-4064-9BAD-435098922CA7}" = dir=in | app=c:\program files (x86)\iminent\iminent.exe |
"{632374F1-A1DD-4C1E-9019-527BF99D9EEA}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{6329A47F-FF86-4CD2-9564-14A738A646A0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{664B0EDD-957E-4D3C-9D53-F5D088047F19}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{6FCBE958-A8D1-401A-8B37-FE07A244DFA9}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{72B9502A-3A61-4ECE-98B9-5D6D577F4F4D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{79EC4777-C00B-475F-9FB8-73E73EAB2772}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{7C81242F-3629-4129-B74B-D80DEC1C7E6F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{82184A70-7588-4072-BD01-A903E1DECA0C}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{824143F3-4C80-497C-A199-AD9BB8225A56}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{91D48460-A7BE-4F18-BF25-971AD3AAFD7B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{952C26CC-28FA-4A27-AE62-9450DFED1086}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{9B4FE176-51B9-4EED-96B2-F32098C65EBC}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{9E89F4A9-5F35-4DF1-B001-0CB0EA686FC9}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9FC02898-3CD4-4039-B07B-F72F9943CD22}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{A1A7BF79-E2B9-450D-9550-FDE06DCEA594}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{A98F9905-915B-49CF-91F2-521E8F6938C5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{AACC01EE-72B8-42A2-BBC5-8174B56568CA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB2FEEDB-21DB-413B-B22D-CC9FDE448C12}" = protocol=6 | dir=out | app=system |
"{B2494E7E-B579-4FBD-A6B5-D68AAFCC1F7E}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{B3B1D031-0381-478F-B45B-0B10FC28DE6A}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{B4B9BC09-584B-4AB3-B0F9-869BE1A0B334}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{B87EBF86-64C8-4534-BCA6-99F389A4C553}" = dir=in | app=c:\users\*****\appdata\local\microsoft\skydrive\skydrive.exe |
"{B8E52C9D-0507-4C39-A1EB-6351096F69AD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B94A5FE4-02ED-4E63-8C29-8357ACFC014B}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{BDCD8431-1FA5-478E-988C-1EE139D013AB}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{BF997A96-9D64-4EAA-8BC5-5260BE6528EE}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{C66DB19B-C093-4A9F-97AC-ED0095215006}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{CE347BCE-4E11-4648-8F93-531822752A3F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D2E8DE2E-E38F-4B7F-A26C-16888EFEF8DD}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{D720972A-8BDB-41B8-BE21-9C002F17EDDA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{E1CDAAA0-4755-4D6F-BC66-D4E01665DD10}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{E4F36A9B-2026-4335-B8A6-DD5BF03EF0E5}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{E76E9FB2-125C-4156-8F3A-58D2005B8248}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{EF05E650-3782-4D79-86BD-F82DF8BC7A39}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{EF144CCA-25C5-43BD-8CF7-3DA33AADB82D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F7072189-96D4-4D65-84BC-104D9FEA1F19}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FAFF6F54-E5FB-4FA8-8040-89B9BE765D04}" = dir=in | app=c:\users\*****\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{FE08F53D-E84C-46E9-9900-E8E704339CC3}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{FF622E8F-4852-48E5-AA6D-8E3535F83993}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0EB7792D-EFA2-42AB-9A22-F33D9458E974}" = Media Gallery
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Atheros Bluetooth Suite (64)
"{26A24AE4-039D-4CA4-87B4-2F86417001FF}" = Java(TM) 7 Update 1 (64-bit)
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{312395BC-7CC2-434C-A660-30250276A926}" = SSLx64
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = IB Updater 2.0.0.578
"{34EB42BE-F4D3-44C1-B28E-9740115DB72C}" = VAIO - Microsoft Visual C++ 2010 SP1 Runtime 10.0.40219.325
"{46261E1C-5E0D-484E-8CCC-7F770375FBA2}" = VU5x64
"{471F7C0A-CA3A-4F4C-8346-DE36AD5E23D1}" = VAIO Care
"{488B67FC-072B-025B-AEF5-4AA50C378ABF}" = AMD Catalyst Install Manager
"{4F31AC31-0A28-4F5A-8416-513972DA1F79}" = VSSTx64
"{5212FB9D-C7A1-7BF4-9096-3DD48819F21D}" = McAfee Online Backup
"{549AD5FB-F52D-4307-864A-C0008FB35D96}" = VCCx64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75C95C84-264F-4CC7-8A7E-346444E6C7C1}" = VAIO Improvement Validation
"{76FF0F03-B707-4332-B5D1-A56C8303514E}" = iTunes
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{844D051D-4A3A-95EF-032E-3D07FE3A1A2F}" = ccc-utility64
"{8527DB8B-02ED-81A8-817B-4CD2145E208F}" = AMD Media Foundation Decoders
"{886C0C18-F905-49B2-90BA-EFC0FEDF27C6}" = VAIO - PlayMemories Home Plug-in
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 2.04.1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}_Office14.SingleImage_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.SingleImage_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.SingleImage_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-1000-0000000FF1CE}_Office14.SingleImage_{3013A793-10A7-4D1F-B8B4-2FAA82F4D259}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-1000-0000000FF1CE}_Office14.SingleImage_{98782D5D-A9EE-43C6-88AD-B50AD8530E78}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-1000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0043-0407-1000-0000000FF1CE}_Office14.SingleImage_{8DFD91C7-66AE-4E54-9901-5D5F401AD329}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-1000-0000000FF1CE}_Office14.SingleImage_{8299B64F-1537-4081-974C-033EAB8F098E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{D55EAC07-7207-44BD-B524-0F063F327743}" = VIx64
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DBEAA361-F8A4-4298-B41C-9E9DCB9AAB84}" = VPMx64
"{E743BA71-5955-420B-AA52-67508054AD66}" = VAIO Update Merge Module x64
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{EFB013F9-42A2-854F-3906-08C385F54F71}" = AMD Fuel
"{F2611404-06BF-4E67-A5B7-8DB2FFC1CBF6}" = VSNx64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6822EFD-3F7D-4B35-8845-757A26AEC8E2}" = Windows Live MIME IFilter
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Office14.SingleImage" = Microsoft Office Home and Business 2010
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00476F3E-3C4D-4E02-B8BB-125350157EB9}" = Windows Live Mail
"{03426ED9-9D9C-4F71-B293-BBE6493367A2}" = Windows Live Mail
"{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker
"{03E2EED4-368D-49EA-B1AC-8B615E37E16D}" = Windows Live Messenger
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{046885A1-B4AE-4459-A0D1-8C93706698D6}" =
"{048C8498-C20B-4AF7-9978-7A79E567D74C}" = Photo Common
"{058EDEC8-1873-4B49-9A08-54ADE9CC129B}" = Movie Maker
"{06EED60F-7FFC-43A7-936E-AA4A8BD948B4}" = Windows Live Writer
"{07441A52-E208-478A-92B7-5C337CA8C131}" = VAIO - Remote Play mit PlayStation®3
"{087D261B-73AE-4B8A-8F18-2EE80DD2ED8B}" = Фотоальбом
"{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}" = VAIO Smart Network
"{0AD576A7-EDCE-469E-ADD7-1AC9DB200C6B}" = Windows Live Mail
"{0B783100-6F04-4E2F-B83D-0A9B4EEDE47A}" = Windows Live Writer Resources
"{0BC39E89-506A-4ADA-8924-27AEE2C97618}" = Windows Live Writer
"{0BFF2188-2D8E-4BE2-95D0-B3CCD4C6A0C9}" = Photo Common
"{0D0D2F6B-09C9-C584-F53B-E8956BB9B43E}" = CCC Help English
"{0DF95460-2887-4011-9344-1959CDF18ADC}" = Photo Common
"{0E1BB4B4-00FF-45B1-914B-AB8D8B9862B3}" = Windows Live UX Platform Language Pack
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{0F79CF48-8373-7105-6FE3-D2AE0B26ABE5}" = CCC Help Danish
"{1026DF85-1C0F-4839-888E-EB9D5B73CF46}" = Windows Live Writer
"{115356B4-8E81-43DB-BB2A-19E5ED95FBAF}" = Фотоколекція
"{15F3A6F5-06AE-4332-AE3E-21CD0416827A}" = Windows Live Mail
"{167A1F6A-9BF2-4B24-83DB-C6D659F680EA}" = Media Go
"{17DC7856-35F5-A0E5-27B9-BC6C5BBF7FD4}" = CCC Help Swedish
"{180BAB78-7FFA-10DE-41C4-2F39C2386BEF}" = CCC Help Portuguese
"{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack
"{182D3167-FE80-4DF6-96C2-84AC0ABA20D8}" = Windows Live Writer Resources
"{18EE664A-8121-4023-8E6E-BB2E9AEEC75E}" = Catalyst Control Center - Branding
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19AFD9A4-B584-41C8-91EA-38EB2FC1BD50}" = Windows Live Messenger
"{1A79A578-4277-48AF-98A6-F9E48CF1B6D8}" = Windows Live Writer
"{1C0343CA-C2C3-69DF-34E9-DC6FA7274BB6}" = CCC Help Korean
"{1D6F9A9A-DCF3-45A7-9B14-46DDA778313F}" = Windows Liven sähköposti
"{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar
"{1EA7C505-E6DA-4B85-9432-EBD3C70D510D}" = Windows Live Messenger
"{1F0C818D-4A41-4E40-BAFB-BB940C82A518}" = Fotogalerija
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{207E9B4C-48A9-47CE-BBC8-ACF0B2006351}" = Windows Live Mail
"{21DD6041-7251-40FA-9D06-C5EB30268E0F}" = Qualcomm Atheros Direct Connect
"{23A3E560-069F-4CFC-8F6C-1B526EC735FC}" = Windows Live Writer Resources
"{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack
"{254F7574-53A7-43D1-BC4D-B1E894AEE175}" = Windows Live Writer
"{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
"{262E7632-72F9-4CBE-9461-937F24106EF2}" = Windows Live Essentials
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{27C467F8-F8EF-4f68-BD72-D63632B2096C}" = McAfee Online Backup
"{28B2947F-FC0B-4450-80E3-6DF698E824A6}" = Windows Liven peruspaketti
"{2A078A2B-E2C8-43A3-862C-DC57090AB7C2}" = Movie Maker
"{2AC4C6D7-512D-4B78-A85B-2C16E748AB8E}" = Movie Maker
"{2B068A64-F867-44E9-8827-A795647C8730}" = Фотографии (общедоступная версия)
"{2B919309-7052-45A4-B1C8-5B4894E8648B}" = Windows Live Writer
"{2DBAD634-0032-42E8-8A04-B4CFC5062EB0}" = Iminent
"{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
"{2F41EF61-A066-4EBF-84F8-21C1B317A780}" = VAIO - TrackID™ mit BRAVIA
"{306C7AEF-16C7-428D-93AA-99D4A4090243}" = Movie Maker
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{31846283-C955-4CE1-9297-8670BD0C9A7E}" = Windows Live Messenger
"{31B97E28-3919-41BC-2017-2B880D98E610}" = CCC Help Turkish
"{32AA7594-09A9-437F-9541-5F760509B752}" = Фотогалерия
"{330BBA5F-4A63-4545-900F-8446F205BA52}" = Windows Live Writer Resources
"{3490653F-2789-46A1-B1BF-6BD4CF4131AB}" = FDUx86
"{34C5AD54-3CCD-4935-AB8D-8527058B96F7}" = Windows Live UX Platform Language Pack
"{35CB7C2D-B421-46FC-89CF-3B630628876F}" = Windows Live Writer Resources
"{36BEC461-B58A-414D-993E-E2BDD1F1A14B}" = Movie Maker
"{373EF285-A2DC-44EB-8D79-18918F33CB3A}" = Windows Live Messenger
"{37B0EFE4-12F3-473A-574D-4387BCB8441A}" = CCC Help Hungarian
"{37FDD121-C443-4FD3-A213-2449B397C068}" = Windows Live Messenger
"{38911305-6616-4D26-91DB-AD83B1F2DCF0}" = Windows Live Mail
"{3A26D9BD-0F73-432D-B522-2BA18138F7EF}" = VAIO Improvement
"{3A9ECD64-DE00-4779-A89E-C878513B2B37}" = Windows Live Writer Resources
"{3C3DCD2B-6FC7-41BF-BB80-40A936E1A785}" = Windows Live Writer
"{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie
"{3D4F3F4C-E364-4E46-BFB1-A00BF9777422}" = Windows Live UX Platform Language Pack
"{3FD0036E-236A-4EDD-894D-4374BEE64464}" = Windows Live UX Platform Language Pack
"{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update
"{4279C954-A249-E92D-E9A8-C66A60DCAFC9}" = AMD VISION Engine Control Center
"{42B6C7E0-0DAE-488D-8DAF-838898102F19}" = Windows Live Writer
"{42E09928-C7CD-CAD9-C11F-097258056A61}" = CCC Help Russian
"{446CC8CE-0E90-44F7-ADD0-774B243EF090}" = Galerie de photos
"{45390337-A49F-05D0-F6E6-BD49112E3A57}" = CCC Help Japanese
"{46A648D2-C097-41A3-A517-E709F045B6CD}" = Movie Maker
"{49F068F2-4323-417B-AFC8-1E43F479D46C}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA2A466-8031-403A-8236-5301B4E391FB}" = Windows Live UX Platform Language Pack
"{4AF53C99-315D-4536-873F-029D2D274AE2}" = Photo Common
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{4E55905B-849D-4633-9267-3EC77E24221A}" = Poczta usługi Windows Live
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{5078CEC3-A56F-4080-8CD4-ED7BCBE5686B}" = Photo Common
"{50849B2C-097E-47A5-A076-6F11A939E093}" = Windows Live Mail
"{51449A7F-4820-4757-9236-87A3BE7B6F27}" = Windows Live Writer
"{5156C9BF-1C27-430B-96D8-7129F11699A8}" = VAIO Data Restore Tool
"{51EF51B6-0D9F-4977-8F9D-A1E15017D2B7}" = Windows Live Mail
"{537B16E0-A39F-47CB-9C1E-50978862B108}" = Windows Live UX Platform Language Pack
"{547C9EB4-4CA6-402F-9D1B-8BD30DC71E44}" = VAIO Sample Contents
"{55268806-FC27-4CA2-9CCA-1269FD4831FE}" = Windows Live Writer
"{56232E3D-7EA9-45E0-A371-26CD80510AF7}" = Windows Live UX Platform Language Pack
"{56A4C6B1-31CF-CB4A-C406-22597868766A}" = Catalyst Control Center Profiles Mobile
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{5917D694-AFC3-46BF-8CAB-0DABAF9D6FCB}" = Windows Live UX Platform Language Pack
"{5A30E103-9FA6-4A23-A107-E1F5F174BB62}" = Windows Live Temel Parçalar
"{5BABDA39-61CF-41EE-992D-4054B6649A9B}" = Movie Maker
"{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update
"{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = VAIO-Support für Übertragungen
"{5FE3BC4E-2BD5-4D6B-8BC4-640A42626AAD}" = Почта Windows Live
"{61438020-DDD4-42FA-99A2-50225441980A}" = ArcSoft Magic-i Visual Effects 2
"{6209125A-46C5-4099-96DC-72FD55B07C1C}" = Windows Live Writer Resources
"{62BBCDDC-4979-4E59-9D97-5B8E874C3191}" = Movie Maker
"{62CC9AF4-EDD9-43C8-9856-FFD60362CFA9}" = Windows Live Messenger
"{62F3CFC0-392F-4A47-24F2-52C41E4137E1}" = CCC Help Thai
"{63C43435-F428-42BA-8E7B-5848749D9262}" = SSLx86
"{6466EF6E-700E-470F-94CB-D0050302C84E}" = Remote Keyboard
"{66DB6D91-BF91-480B-933D-7CB8B1E64D74}" = Windows Live Messenger
"{6820112E-8AE8-7BA7-5398-F40DCF979A9A}" = Catalyst Control Center Graphics Previews Common
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{692955F2-DE9F-4078-8FAA-858D6F3A1776}" = VAIO Gesture Control
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6B8F13E2-F02B-445C-9A31-3C0E5D547CBA}" = Photo Common
"{6DA675F3-B549-4BDE-90FA-BEF8C3B87F00}" = Windows Live Mail
"{6E51F114-8713-8685-7AED-7CC5D05AD8BF}" = Catalyst Control Center Localization All
"{6F8F1F8A-CE10-0A04-7C5B-887FF4DEE2D6}" = CCC Help Italian
"{6FD21053-829D-40E7-B04C-CAFB7D5CD025}" = KUx86
"{701FE1BC-834A-4857-AF62-6EBA50CFBC78}" = Movie Maker
"{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail
"{70991E0A-1108-437E-BA7D-085702C670C0}" =
"{70BF63A5-DE6A-417C-AB93-5E31D0DA994E}" = Windows Live Writer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{715F9B21-2817-402A-9BF0-BDA764D21F09}" = Windows Live Essentials
"{7211F448-F865-4D37-B905-24D84E6C3E5E}" = Windows Live Writer Resources
"{73669388-1011-4B57-A90F-8B0415093AB2}" = Windows Live Writer
"{7396FB15-9AB4-4B78-BDD8-24A9C15D2C65}" = VAIO - Remote-Tastatur
"{743FD554-A73F-4FE8-BE7B-C283D16297F9}" = Photo Common
"{751EB657-3F22-4150-8CE4-D79A262F1D92}" = Movie Maker
"{7595CAD2-87D0-4D01-AC02-3FDD3A891BB8}" = Galeria fotografii
"{7607440C-FDCA-4210-9CD9-13D8F0DDAD0C}" = Windows Live Writer Resources
"{773879F5-3A4B-A238-F017-0AB4C423883C}" = CCC Help Chinese Traditional
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{794D971F-7EC1-4F71-A51C-773074CAB8DA}" = Windows Live Writer
"{797DC296-ADC5-4A08-8CBC-AEB0D6F4B249}" = Windows Live Essentials
"{7A83618D-879A-4258-8B5E-5AD8B5F3EDD0}" = Windows Live Writer
"{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
"{7C80D30A-AC02-4E3F-B95D-29F0E4FF937B}" = VAIO Easy Connect
"{7E41F42B-7ED8-4E15-A492-B93B287C027F}" = Windows Live Writer Resources
"{7E5A5CA6-B7D0-406E-A75E-157CAB47EB94}" = VMLx86
"{7E63F102-A9E9-4F4C-8004-BC62974736BF}" = Movie Maker
"{7E9A63B3-8572-4A4B-9F87-3C2A873BBC55}" = Windows Live UX Platform Language Pack
"{803E4FA5-A940-4420-B89D-A8BC2E160247}" =
"{8063EB67-E777-4A56-9C1E-FAD75C2F5EC2}" = Photo Common
"{81450F79-0C75-8261-73B6-182C027EEA0F}" = CCC Help Chinese Standard
"{8146445E-B14D-4CBA-AB9A-728CF166DAC9}" = Windows Live Messenger
"{8176B9CA-F037-49C0-BD77-661B1DDCA6F3}" = Movie Maker
"{82F09B1C-F602-4552-9C40-5BD5F8EAF750}" =
"{83C9377F-5ED1-4AD8-B113-7C876AEAF3AB}" = Windows Live Messenger
"{854A24E3-A0EF-472A-B1D6-A2E9D43D5D8B}" = Windows Live Writer Resources
"{855DDD3C-131E-42A8-BCBD-F9581F80CACB}" =
"{857BC375-BCFB-474E-9BD9-7EBB18EC55E0}" = Windows Live Essentials
"{858B32BD-121C-4AC8-BD87-CE37C51C03E2}" = TrackID(TM) with BRAVIA
"{86C40513-B5A4-476E-9EAB-EC118DCF4502}" = Windows Live Writer
"{87425773-10F4-4858-8CBF-465093FA43DE}" = Windows Live Mail
"{88809C3E-8C92-4454-AEB7-B26166E3D6CD}" = Windows Live UX Platform Language Pack
"{8913AC02-67B8-4B52-91B2-BBA7B9C265B5}" = Windows Live Writer Resources
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8AAEB5A5-A397-46B6-8AF3-B6DC790C4E48}" = Windows Live Messenger
"{8CE152BA-1D16-11E1-867D-984BE15F174E}" = Evernote v. 4.5.2
"{8D813AFF-D91D-4EE0-821F-B901FC2E89FA}" = Windows Live
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8E241C05-52BF-4862-AD1F-AAE465C0075B}" = Windows Live Mail
"{8E31695A-4694-4DC4-8BEF-F8F22520D38D}" = Windows Live Writer
"{8E797841-A110-41FD-B17A-3ABC0641187A}" = VAIO Control Center
"{902C4E0E-89CE-43B9-BCC0-F3A91E987F99}" = Windows Live Writer
"{9038E0C6-9CB9-4380-8FA3-B6B30FA304CF}" = Основи Windows Live
"{9093B0D5-EA59-4C9E-A2E3-CC130138DFCD}" = Fotogaléria
"{90993BD9-C7D9-4C2F-B56C-2F7AFEBD4CD0}" = Windows Live UX Platform Language Pack
"{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95246ACC-67B4-2091-B410-F9D70A60FEDC}" = CCC Help Spanish
"{953AA732-9AFB-49C9-84A4-7F96CA0A08DA}" = SweetPacks bundle uninstaller
"{96361BC7-B7C8-4594-AD89-813C371F4246}" = Windows Live Writer Resources
"{968B8056-7631-4204-9BFB-CF7E0965C31F}" = Windows Live Messenger
"{97C79BEC-43F7-4BD8-A6A7-85C0257E488A}" = Windows Live Writer
"{989889A7-D13D-4DA4-B059-B250784DFABC}" = Photo Common
"{9939B8FF-7D2D-4258-B5B9-B6BA8DD59905}" = Windows Live Mail
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B4D3AFE-8679-4704-AA4C-BAB0E41870EF}" = Windows Live Essentials
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C60D080-84E7-43A5-8ECA-28253D253BD7}" = Windows Live Essentials
"{9D3B7B6C-1493-441C-99B6-26A419354812}" = Windows Live Writer
"{9EDF46F0-2D4E-4C00-B2B6-0660666E9F60}" = Movie Maker
"{9F470E17-4FC3-4091-A508-D5347A16A2B9}" = Fotogalleriet
"{A035950F-15BA-41C0-9D8F-165FC0536012}" = Movie Maker
"{A0C9DF2B-89B5-4483-8983-18A68200F1B4}" = SweetIM for Messenger 3.7
"{A0E4C4A6-1CC7-4442-8CAE-2D825B7BC1C1}" = Windows Live Writer Resources
"{A17946CA-18E5-4CF0-8D55-A56D804718F8}" = Movie Maker
"{A17D2142-6D09-4C3D-AD24-FDF9EF3198C3}" = Windows Live Writer Resources
"{A19A8C25-272A-4CD6-8BA8-3772321A021B}" = Συλλογή φωτογραφιών
"{A1FBD2B3-6768-472D-BA46-C00EACBCE16C}" = Fotogalerie
"{A37F2060-813A-4325-9456-272B10EE75EF}" = Windows Live Essentials
"{A3D995FA-C9A0-4E7D-B430-3F7A6731B4D5}" = Windows Live UX Platform Language Pack
"{A412D7BD-FD86-461D-B385-CD8062F34131}" = Windows Live Messenger
"{A47EA9D4-BB87-415E-9239-28860434E5A0}" = Movie Maker
"{A49A517F-5332-4665-922C-6D9AD31ADD4F}" = VSNx86
"{A58FCEF4-3191-466C-8949-0FFFFFB7631D}" = Windows Live Writer Resources
"{A6852FB1-4C7C-B0E9-88FF-DA81107F58FC}" = CCC Help German
"{A7C30414-2382-4086-B0D6-01A88ABA21C3}" = VAIO Gate
"{A7E73DE5-E5FD-4923-9D88-E09ECD1F3545}" = Podstawowe programy Windows Live
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA82E5EF-70C2-41CB-8432-309078304CBB}" = Photo Common
"{ABAF6F07-0D84-4700-948E-EC5042B9D978}" = Windows Live Mail
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{ADE1F206-1365-4B14-9A24-4B1A7DD58BAC}" = Windows Live UX Platform Language Pack
"{AE364ACC-B9DF-466B-B4EA-AEECD0CD581E}" = Windows Live Messenger
"{AE5F3379-8B81-457E-8E09-7E61D941AFA4}" = VAIO Gate
"{AE8044B5-FCA3-4EBE-AC78-0FB3A6E8DC76}" = Movie Maker
"{B096A0E4-26A1-4E9F-8548-577964B9434B}" = Windows Live Essentials
"{B24BB74E-8359-43AA-985A-8E80C9219C70}" = VSSTx86
"{B2692812-A0D0-E08E-43FF-85199964A9CD}" = CCC Help Polish
"{B306F739-A414-4698-BFAD-0AB23F73D14F}" = Windows Live Messenger
"{B625668D-34AA-462D-AA32-44BFA70F08E7}" = Windows Live Messenger
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B67B2671-2981-466B-BA14-25538AA871DC}" = Windows Live Messenger
"{B693A4C3-B708-4F25-978E-56CA2517914C}" = Windows Live UX Platform Language Pack
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{B7546697-2A80-4256-A24B-1C33163F535B}" = VAIO Gate Default
"{B77D2795-23C0-4DBD-B7B5-CFB542D1FA3F}" = Windows Live Writer Resources
"{B7F31B9C-8775-4500-8E9D-6ABE9AE17CF4}" = Windows Live Essentials
"{B80D3EA9-A252-4AE5-AC51-81729F5C586F}" = Windows Live Mail
"{B8991D99-88FD-41F2-8C32-DB70278D5C30}" = VWSTx86
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BA068968-594F-40BE-8EE8-99119123C991}" = Windows Live UX Platform Language Pack
"{BAD4B8FA-4BDA-4A59-BE64-9741031680C7}" = Movie Maker
"{BCE6E3D7-B565-4E1B-AC77-F780666A35FB}" = VAIO*CPU-Lüfterdiagnose
"{BFA6D5AD-25EA-475F-AD80-ECD408C674AB}" = Movie Maker
"{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C29DB401-182D-2F6F-DF7C-322D7DAC0E3A}" = Catalyst Control Center InstallProxy
"{C2F1EBBF-9AC4-4E0B-A7F4-74C9C7AD4813}" = Galerie foto
"{C32F4F5A-C9FB-427C-9F6F-9DB157611FFF}" = Valokuvavalikoima
"{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}" = Internet Explorer Toolbar 4.6 by SweetPacks
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C4D82144-B2D5-4A0E-A470-16F13EBC5BCB}" = Windows Live Essentials
"{C529D3F4-A492-DA2B-831F-7002E0FDE232}" = CCC Help Greek
"{C595F480-788A-4F8F-8277-1A91F32CA879}" = Windows Live Writer
"{C67BC332-A59A-4D40-977F-664F60AB21D8}" = Photo Common
"{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}" = VAIO-Handbuch
"{C7929038-EDFB-416D-A2C9-CC65416DA0DF}" = Photo Common
"{C793AD32-2BB8-4CC4-ABD3-A1469C21593C}" = ArcSoft WebCam Companion 4
"{C849BEF2-0216-45E5-841B-F0F2F4FDE319}" = MatchWare MindView 5.0
"{C8544A9A-76BE-4F82-811E-979799AE493B}" = VAIO Gesture Control
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{C9D08433-5FDD-43C6-8482-7AFA7D891D98}" = Windows Live UX Platform Language Pack
"{CA5C4498-C7E7-4808-AB41-A2B534A476AF}" = Windows Live Messenger
"{CAEDA0C9-8B41-4D69-B4D6-5AC66AAF44FB}" = Photo Common
"{CD239A50-AD95-4A72-9D5F-D4FBD4B89417}" = Movie Maker
"{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
"{CE44687E-BC21-4B69-B0AE-6BDFD6B5C327}" = Windows Live Messenger
"{CE542E0D-E056-4426-9F98-084C13E18641}" = Windows Live UX Platform Language Pack
"{CEC7CAE9-3C4B-D87D-4C38-513942FB6FBB}" = CCC Help French
"{D04EBB49-C985-4A38-8695-62000861293A}" = Raccolta foto
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D16E0F0C-5D10-45CF-A585-CE3689B5A913}" = Windows Live Writer
"{D17C2A58-E0EA-4DD7-A2D6-C448FD25B6F6}" = VIx86
"{D1952E4A-9F67-4693-A06D-DA8E0FB2B00D}" = Windows Live Essentials
"{D1F5A388-09C9-4998-A793-B15DCDEB3B42}" = Photo Common
"{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer
"{D2D23D08-D10E-43D6-883C-78E0B2AC9CC6}" = VU5x86
"{D4EA8070-20E0-4BAF-BC44-D166C292FEBE}" = Windows Live Writer Resources
"{D56DA747-5FDB-4AD5-9A6A-3481C0ED44BD}" = Remote Play with PlayStation(R)3
"{D824AFCC-3408-4FB2-A6C9-28C660700DD4}" = Photo Common
"{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common
"{DAD85607-2C8E-43D5-B068-4B218F1A7DB8}" = Windows Live Mail
"{DB1A3EA7-0C25-4BEC-A108-176195190369}" = VHD
"{DB7B6508-2AAB-4F26-99D4-74559A2F5E42}" = Fotoğraf Galerisi
"{DDD089CF-A19F-A089-974F-2B98B31D3177}" = CCC Help Dutch
"{DF184496-1CA2-4D07-92E7-0BD251D7DEF0}" = VCCx86
"{DFB0E1FE-B5DE-42D7-97A9-2A69FB530A73}" = Windows Live Messenger
"{E03CD71A-F595-49DF-9ADC-0CFC93B1B211}" = PlayMemories Home
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0E0FB88-D570-463E-A98E-733B7B656867}" = Photo Gallery
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{E18F981B-401C-4D90-BC57-D8903564D558}" = Windows Live UX Platform Language Pack
"{E2087952-5015-4B4C-3C8C-BD68B12BDD45}" = CCC Help Finnish
"{E22E95E7-0A26-4AEC-A907-390C568C5BC1}" = Windows Live Messenger
"{E354D495-5DA4-4CCF-AB39-080F6A4141BE}" = Fotogalleri
"{E50E3DBC-46AA-4827-B2A6-F995D81DF526}" = Fotótár
"{E570053D-8ABC-4938-9E23-C634E08E7490}" = Windows Live Mail
"{E6757A5B-EE7E-4D72-82B7-D1B2991DF55E}" = PYV_x86
"{E682702C-609C-4017-99E7-3129C163955F}" = VAIO - Remote-Tastatur mit PlayStation®3
"{E6A3F960-E593-4DDE-B9F2-66885D973A26}" = Pošta Windows Live
"{E727B31A-8B24-4C1C-934A-69634E0D2C0B}" = Qualcomm Atheros WiFi Driver Installation
"{E800ADC4-F459-42F5-89A2-E754634B010A}" = Windows Live Writer Resources
"{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}" = Update Manager for SweetPacks 1.1
"{EB91007A-0110-42A6-B869-2709955A9B2A}" = Photo Common
"{EC33D375-5164-4374-9061-43F5C6073219}" = Photo Common
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{F09DD76B-D3D3-4558-B5BC-F1EEA6E00162}" = Windows Live UX Platform Language Pack
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1B91012-E6BC-A6A4-A258-103E33371CFC}" = CCC Help Czech
"{F1CA7DAE-F998-499C-8CA5-FC58CA2416EC}" = Windows Live Essentials
"{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger
"{F29C9CFE-350A-42AC-A7C8-04154D5FE8A9}" = Windows Live Writer
"{F54030F3-14B6-432D-9361-78DCB1473920}" = Photo Common
"{F54A07A9-9716-4094-9E79-F5E929679FFF}" = Windows Live Writer Resources
"{F5E338CE-E1C6-4F7D-8300-44DBD05B9F14}" = Galeria de Fotografias
"{F67CA22C-C11F-4573-8406-57F75BA06B51}" = Photo Gallery
"{F7304CCF-B4A0-49C7-88A8-CD3F28FFBF9A}" = Основные компоненты Windows Live
"{FA75723A-BF4A-40A2-BFCB-BBC320C27DC9}" = Windows Live Mail
"{FB77DB0C-6951-47B6-9D80-A0FDBEE0334C}" =
"{FC6C7107-7D72-41A1-A031-3CE751159BAB}" = Photo Gallery
"{FC934905-F82C-EB6B-5940-709482D4910F}" = CCC Help Norwegian
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"{FEFD91C5-A25D-48D9-89DA-0FB7BB8B3EF7}" = Windows Live Writer Resources
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFFA0584-8E3D-4195-8283-CCA3AD73C746}" = Windows Live Messenger
"1ClickDownload" = HDVidCodec
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.37.1212
"funmoods" = Funmoods
"Google Chrome" = Google Chrome
"IMBoosterARP" = Iminent
"InstallShield_{7C80D30A-AC02-4E3F-B95D-29F0E4FF937B}" = VAIO Easy Connect
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSC" = McAfee Internet Security
"PhotoScape" = PhotoScape
"VAIO Help and Support" =
"WildTangent sony Master Uninstall" = WildTangent-Spiele
"WinLiveSuite" = Windows Live Essentials
"WNLT" = IB Updater Service
"WTA-00887a70-8a02-4e1e-b1f6-fd9c96a7446e" = Polar Bowler
"WTA-2a08eb6e-0c43-48f0-b93c-e1ef9fdc9153" = Virtual Villagers 4 - The Tree of Life
"WTA-33fec805-acff-402d-8917-df4e24c503ea" = Jewel Quest Solitaire 2
"WTA-3f1eac48-c555-4cda-bbed-cd43b3ad01e3" = Plants vs. Zombies - Game of the Year
"WTA-4fb5ce8c-1935-4e74-a7e5-de04764be720" = Mahjongg Artifacts
"WTA-58c4f38c-90e2-47f2-b5e6-4a0a657eb29b" = Mystery P.I. - The London Caper
"WTA-bbe53324-52be-47b9-9baa-037e23a988d6" = Mystery of Mortlake Mansion
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3754061674-2540918322-2663123439-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BB108A893815B64BF41C4574C3324FB7371AA244" = Atheros Outlook Addin 2010
"SkyDriveSetup.exe" = Microsoft SkyDrive
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 26.05.2013 15:27:31 | Computer Name = ***** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7601.17567,
 Zeitstempel: 0x4d6727a7  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec49b8f  Ausnahmecode: 0xc0000008  Fehleroffset: 0x000828c5  ID des fehlerhaften
 Prozesses: 0x15f8  Startzeit der fehlerhaften Anwendung: 0x01ce5a3733dc5a8f  Pfad der
 fehlerhaften Anwendung: C:\Windows\SysWOW64\explorer.exe  Pfad des fehlerhaften Moduls:
 C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: 4ea4f658-c63a-11e2-ae6a-844bf5cf2c00
 
Error - 27.05.2013 08:27:39 | Computer Name = ***** | Source = WinMgmt | ID = 10
Description =
 
Error - 27.05.2013 08:28:57 | Computer Name = ***** | Source = VSS | ID = 8194
Description =
 
Error - 27.05.2013 13:31:17 | Computer Name = ***** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec49b8f  Ausnahmecode: 0xc0000374  Fehleroffset: 0x000ce6c3  ID des fehlerhaften
 Prozesses: 0x4c8  Startzeit der fehlerhaften Anwendung: 0x01ce5ad57cb07006  Pfad der
 fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe  Pfad des fehlerhaften Moduls:
 C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: 3c2b72ae-c6f3-11e2-ad35-844bf5cf2c00
 
Error - 28.05.2013 04:49:36 | Computer Name = ***** | Source = WinMgmt | ID = 10
Description =
 
Error - 28.05.2013 04:50:16 | Computer Name = ***** | Source = VSS | ID = 8194
Description =
 
Error - 28.05.2013 06:19:33 | Computer Name = ***** | Source = WinMgmt | ID = 10
Description =
 
Error - 28.05.2013 06:20:16 | Computer Name = ***** | Source = VSS | ID = 8194
Description =
 
Error - 28.05.2013 06:28:36 | Computer Name = ***** | Source = .NET Runtime | ID = 1026
Description =
 
Error - 28.05.2013 06:28:38 | Computer Name = ***** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Iminent.exe, Version: 5.52.31.0,
Zeitstempel: 0x50d190c1  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18015,
 Zeitstempel: 0x50b83c8a  Ausnahmecode: 0xe0434352  Fehleroffset: 0x0000c41f  ID des fehlerhaften
 Prozesses: 0x1268  Startzeit der fehlerhaften Anwendung: 0x01ce5b8cab06c42a  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Iminent\Iminent.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\syswow64\KERNELBASE.dll  Berichtskennung: 5b4836c8-c781-11e2-ac60-844bf5cf2c00
 
[ System Events ]
Error - 23.03.2013 05:49:31 | Computer Name = ***** | Source = bowser | ID = 8003
Description =
 
Error - 23.03.2013 05:52:31 | Computer Name = ***** | Source = bowser | ID = 8003
Description =
 
Error - 23.03.2013 05:55:32 | Computer Name = ***** | Source = bowser | ID = 8003
Description =
 
Error - 23.03.2013 05:58:32 | Computer Name = ***** | Source = bowser | ID = 8003
Description =
 
Error - 23.03.2013 06:01:32 | Computer Name = ***** | Source = bowser | ID = 8003
Description =
 
Error - 23.03.2013 06:04:33 | Computer Name = ***** | Source = bowser | ID = 8003
Description =
 
Error - 23.03.2013 06:07:33 | Computer Name = ***** | Source = bowser | ID = 8003
Description =
 
Error - 23.03.2013 06:10:33 | Computer Name = ***** | Source = bowser | ID = 8003
Description =
 
Error - 23.03.2013 06:40:26 | Computer Name = ***** | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
  cdrom
 
Error - 23.03.2013 06:43:36 | Computer Name = ***** | Source = bowser | ID = 8003
Description =
 
 
< End of report >


gmer kann ich irgendwie nicht hochladen, da es zuviele Zeichen enthält:/ Was könnte ich denn da machen?

aharonov 19.06.2013 01:19
Zitat:
gmer kann ich irgendwie nicht hochladen, da es zuviele Zeichen enthält:/ Was könnte ich denn da machen?
Logfile in ein zip-Archiv packen (Rechtsklick drauf -> Senden an -> zip-komprimierten Ordner) und hier anhängen.

rambo123 19.06.2013 08:27
Ok, ich glaube jetzt hat es funktioniert.

aharonov 19.06.2013 12:42
Hallo rambo123 und :hallo:

Mein Name ist Leo und ich werde dich durch die Bereinigung deines Rechners begleiten.

Eins vorneweg: Ich kann dir keine Garantien geben, dass ich alles finden werde. Bei schwerwiegenden Infektionen ist ein Formatieren und Neuinstallieren meist der schnellere und immer der sicherere Weg.
Wenn du dich für eine Bereinigung entscheidest, dann sollten wir gründlich vorgehen. Bleib also dran, bis ich dir eindeutig mitteile, dass wir fertig sind.
Auch wenn die auffälligen Symptome schon früh verschwinden, bedeutet das nicht, dass dein Rechner dann schon sauber und sicher ist.

Hinweise zum Ablauf
  • Du bekommst von mir jeweils eine individuell auf dich abgestimmte schrittweise Anleitung.
    • Lese diese Anweisungen immer zuerst vollständig durch und frag bei Unklarheiten nach, bevor du beginnst.
    • Arbeite die Anleitungen dann sorgfältig und in der angegebenen Reihenfolge ab und poste deine Rückmeldungen und Logfiles erst zum Schluss gesammelt in einer Antwort.
    • Füge den Inhalt der Logfiles wenn immer möglich innerhalb von Code-Tags in deine Antwort ein.
    • Sollten Probleme auftauchen, dann brich an dieser Stelle ab und schildere sie so gut wie möglich.
  • Es ist wichtig für mich, dass sich der Zustand deines Systems nicht plötzlich unvorhersehbar ändert:
    • Lasse keine Scanner oder Tools ohne Aufforderung laufen. Lösche nichts auf eigene Faust.
    • Installiere oder deinstalliere während der Bereinigung keine Software.

Los geht's:

Dieser Rechner ist in der Tat infiziert...


Schritt 1

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.




Bitte poste in deiner nächsten Antwort:
  • Log von Combofix

rambo123 19.06.2013 21:25
Da steht :

Versuche, einen neuen Systemwiederherstellungspunkt zu erstellen.

rambo123 19.06.2013 22:14
Es hat doch geklappt :)

Ich habe es irgendwie nicht geschafft meinen Namen wegzubekommen, aber dafür habe ich es als Zip Datei hochgeladen.

aharonov 19.06.2013 22:38
Jede Menge Schrott ist da drauf.. ;)

Poste mir bitte auch noch das Logfile, welches du unter C:\QooBox\Add-Remove Programs.txt findest.

Zusätzlich:


Combofix-Skript
WARNUNG für die MITLESER:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

  • Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von folgenden Download-Spiegel neu herunter: Link
  • Speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!
  • Drücke die Windows + R Taste --> notepad (hinein schreiben) --> OK
  • Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.

    Wichtig: Ändere bei dir die ***** wieder zurück in deinen Namen, sonst wird das Skript nicht funktionieren!
    Code:
    File::
    c:\users\*****\Lhnhnhnhnh\idppbmkjk.exe
    c:\users\*****\AppData\Roaming\dnsg.exe
    C:\Users\*****\AppData\Roaming\monlt.exe
    c:\users\*****\AppData\Roaming\KB00262145.exe.BAT

    Folder::
    c:\users\*****\Lhnhnhnhnh

    DirLook::
    C:\Users\*****\AppData\Roaming\8B515B03
    C:\Users\*****\AppData\Roaming\dl_0
    C:\Users\*****\AppData\Roaming\(C8-64-C7-CA-EA-7E)
  • Speichere dies als CFScript.txt auf deinem Desktop.
  • Wichtig: Stelle deine Anti Viren Software temporär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
    Danach wieder anstellen nicht vergessen!
  • Schließe alle laufenden Programme damit ComboFix ungehindert arbeiten kann.
  • Ziehe CFScript.txt in die ComboFix.exe wie in diesem Bild:
  • Mache nichts am Computer, bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein. Dies kann dazu führen, dass ComboFix sich aufhängt.
  • Wenn ComboFix fertig ist wird es ein Log erstellen: C:\ComboFix.txt
    Bitte füge es hier als Antwort (in CODE-Tags mit dem #-Button des Editors) ein.

Hinweis:
Suspect:: und Collect::
Falls im Skript diese Anweisungen enthalten sind, sollen Dateien zur Analyse eingeschickt werden. Es erscheint eine Message-Box, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen. Teile mir unbedingt mit, ob der Upload geklappt hat!




Bitte poste in deiner nächsten Antwort:
  • Add-Remove Programs.txt
  • Neue Combofix.txt

rambo123 20.06.2013 10:38
So bitte :)

aharonov 20.06.2013 12:45
Hallo,

jetzt muss mal all dieser Adware-Mist runter. Kein Wunder läuft das Ding so langsam...


Schritt 1
  • Gehe zu Start --> Systemsteuerung und öffne Programme und Funktionen.
  • Suche und deinstalliere dort der Reihe nach folgende Einträge:
    • BrowserDefender
    • DealPly
    • DealPly (remove only)
    • Delta Chrome Toolbar
    • Delta toolbar
    • Funmoods
    • IB Updater Service
    • Iminent
    • Internet Explorer Toolbar 4.6 by SweetPacks
    • Lyrics Finder
    • PC Speed Maximizer v3.1
    • Plus-HD-2.3
    • SweetIM for Messenger 3.7
    • SweetPacks bundle uninstaller
    • Update Manager for SweetPacks 1.1
    • Wajam
  • Schliesse das Fenster wieder und führe einen Neustart durch, wenn das gefordert wurde.



Schritt 2

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).



Schritt 3

Starte bitte die OTL.exe.
  • Setze den Haken bei Scan all Users.
  • Drücke auf den Quick Scan Button.
  • Poste den Inhalt von OTL.txt hier in den Thread.



Bitte poste in deiner nächsten Antwort:
  • Log von AdwCleaner
  • Log von OTL

rambo123 20.06.2013 23:16
Danke für deine Mühe:)

So hier ist das nächste Log.

rambo123 20.06.2013 23:50
und hier das nächste

aharonov 21.06.2013 00:39
Still a long way to go... :)

Ich hab für das Fixskript in Schritt 1 wieder deinen Namen durch ***** ersetzt. Bitte vor Ausführung des Fixes an diesen Stellen wieder den Namen einsetzen.


Schritt 1

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
:OTL
[2013.06.19 21:34:21 | 000,000,000 | -H-D | M] -- C:\Users\*****\AppData\Roaming\8B515B03
[1601.01.01 02:00:00 | 000,244,224 | ---- | C] () -- C:\Users\*****\AppData\Roaming\monat.exe
[2013.06.13 09:48:24 | 000,000,322 | ---- | M] () -- C:\Users\*****\AppData\Roaming\KB00262145.exe.BAT
[2013.06.19 21:54:20 | 000,006,505 | ---- | M] () -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\zzchadsu.default\searchplugins\BrowserDefender.xml
[2013.06.19 21:54:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Speed Maximizer
O20 - AppInit_DLLs: (c:\progra~3\browse~1\261339~1.144\{c16c1~1\browserdefender.dll) -  File not found
O4 - HKU\S-1-5-21-3754061674-2540918322-2663123439-1002..\Run: [xybxmkjk] C:\Users\*****\Lhnhnhnhnh\idppbmkjk.exe (Jetico, Inc.)
O4 - HKU\S-1-5-21-3754061674-2540918322-2663123439-1002..\Run: [monat] C:\Users\*****\AppData\Roaming\monat.exe ()
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\PROGRAM FILES\IB UPDATER\FIREFOX

:files
C:\PROGRAM FILES\IB UPDATER
C:\Users\*****\Lhnhnhnhnh

:commands
[emptytemp]
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread



Schritt 2
  • Öffne Google Chrome.
  • Klicke rechts oben auf Google Chrome anpassen.
  • Wähle Einstellungen.
  • Unter Suche klicke auf Suchmachinen verwalten.
  • Bewege den Mauszeiger auf Google.de und klicke auf den blau hinterlegten Button Als Standard festlegen.
  • Bewege nun den Mauszeiger auf Delta Search und klicke rechts auf das Symbol X.
  • Bestätige mit Ok.
  • Schliesse den Google Chrome.



Schritt 3

Lade SystemLook (von jpshortstuff) herunter und speichere das Tool auf dem Desktop.
  • Doppelklicke auf die SystemLook_x64.exe, um das Tool zu starten.
    Vista und Win7 User: Rechtsklick und "als Administrator starten".
  • Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

    Code:
    :filefind
    *BrowserDefender*
    *DealPly*
    *Delta*
    *Funmoods*
    *IB Updater*
    *Iminent*
    *Lyrics*
    *PlusHD*
    *SweetIM*
    *SweetPacks*
    *Wajam*
    *Yontoo*
    *Babylon*
    *Conduit*
    *DataMngr*

    :folderfind
    *BrowserDefender*
    *DealPly*
    *Delta*
    *Funmoods*
    *IB Updater*
    *Iminent*
    *Lyrics*
    *PlusHD*
    *SweetIM*
    *SweetPacks*
    *Wajam*
    *Yontoo*
    *Babylon*
    *Conduit*
    *DataMngr*

    :regfind
    BrowserDefender
    DealPly
    Delta
    Funmoods
    IB Updater
    Iminent
    Lyrics
    PlusHD
    SweetIM
    SweetPacks
    Wajam
    Yontoo
    Babylon
    Conduit
    DataMngr
  • Klicke nun auf den Button Look, um den Scan zu starten.
  • Wenn der Suchlauf beendet ist, wird sich dein Editor mit den Ergebnissen öffnen. Poste diese in deinen Thread.
  • Das Log-File wird auch auf dem Desktop als SystemLook.txt gespeichert.



Schritt 4

Starte bitte die OTL.exe.
  • Setze den Haken bei Scan all Users.
  • Drücke auf den Quick Scan Button.
  • Poste den Inhalt von OTL.txt hier in den Thread.



Bitte poste in deiner nächsten Antwort:
  • Fixlog von OTL
  • Log von SystemLook
  • Log von OTL

rambo123 22.06.2013 01:03
so bitte:


Alle Zeitangaben in WEZ +1. Es ist jetzt 01:33 Uhr.
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131